DOCSLIB.ORG

MPLS Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.5.X

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
MPLS Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.5.X MPLS Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.5.x First Published: 2018-08-01 Last Modified: 2019-02-18 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version. Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2019 Cisco Systems, Inc. All rights reserved. CONTENTS PREFACE Preface xix Changes to This Document xix Communications, Services, and Additional Information xix CHAPTER 1 New and Changed MPLS Features 1 New and Changed MPLS Feature Information 1 CHAPTER 2 Implementing MPLS Label Distribution Protocol 3 Prerequisites for Implementing Cisco MPLS LDP 4 Information About Implementing Cisco MPLS LDP 4 Overview of Label Distribution Protocol 4 Label Switched Paths 5 LDP Control Plane 5 Exchanging Label Bindings 5 LDP Forwarding 6 LDP Graceful Restart 7 Control Plane Failure 8 Phases in Graceful Restart 9 Recovery with Graceful-Restart 9 Label Advertisement Control (Outbound Filtering) 11 Label Acceptance Control (Inbound Filtering) 11 Local Label Allocation Control 11 Session Protection 12 IGP Synchronization 13 IGP Auto-configuration 13 LDP Nonstop Routing 14 MPLS Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.5.x iii Contents IP LDP Fast Reroute Loop Free Alternate 14 Downstream on Demand 16 Explicit-Null and Implicit-Null Labels 16 MPLS over IRB 17 MPLS LDP Carrier Supporting Carrier for Multiple VRFs 17 MPLS Carrier Supporting Carrier L3VPN: Introduction 18 Benefits of MPLS LDP CSC 18 Multiple VRF Support 19 Restrictions and Recommendations 20 IPv6 Support in MPLS LDP 21 LDP IPv6 Functionality 21 Restrictions 24 Features Supported in LDP IPv6 25 Implicit IPv4 Disable 28 IPv6 Label Bindings 28 IPv6 Address Bindings 28 Default Transport Address 29 LDP Control Plane: Bindings Advertisement 29 LSP Mapping 29 Label Policies 29 IS-IS 30 Dual-Stack Capability TLV 30 Compliance Check 31 How to Implement MPLS LDP 31 Configuring LDP Discovery Parameters 31 Configure Label Distribution Protocol Targeted Neighbor 33 Configuration Example 33 Running Configuration 33 Configuring LDP Discovery Over a Link 34 Configuring LDP Discovery for Active Targeted Hellos 36 Configuring LDP Discovery for Passive Targeted Hellos 38 Configuring Label Advertisement Control (Outbound Filtering) 40 Setting Up LDP Neighbors 41 Setting Up LDP Forwarding 44 MPLS Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.5.x iv Contents Configuring Global Transport Address 47 Setting Up LDP NSF Using Graceful Restart 48 Configuring Label Acceptance Control (Inbound Filtering) 51 Configuring Local Label Allocation Control 52 Configuring Session Protection 53 Configuring LDP IGP Synchronization: OSPF 54 Disabling LDP IGP Synchronization: OSPF 56 Configuring LDP IGP Synchronization: ISIS 57 Enabling LDP Auto-Configuration for a Specified OSPF Instance 58 Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance 59 Disabling LDP Auto-Configuration 61 Configuring LDP Nonstop Routing 61 Configuring LDP Downstream on Demand mode 64 Setting Up Implicit-Null-Override Label 64 Redistributing MPLS LDP Routes into BGP 65 Enabling MLDP 67 Enabling MLDP Make-Before-Break 68 Enabling MLDP MoFRR 69 Enabling MLDP Recursive FEC 71 Enabling MLDP Static Multipoint to Multipoint LSP 72 Enabling MLDP Static Point to Multipoint LSP 73 Disabling MLDP 75 LDP IPv6 Configuration 76 Enabling LDP IPv6 Native 76 Enabling LDP IPv6 Control Plane 77 Configuring IPv6-only LSR 79 Configuring Global Transport Address for IPV6 83 Disabling Implicit IPv4 85 Configuring IPv4 as Transport Preference 86 Configuring Transport Preference Maximum Wait Time 87 Configuration Examples for Implementing MPLS LDP 88 Configuring LDP with Graceful Restart: Example 88 Configuring LDP Discovery: Example 88 Configuring LDP Link: Example 89 MPLS Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.5.x v Contents Configuring LDP Discovery for Targeted Hellos: Example 89 Configuring Label Advertisement (Outbound Filtering): Example 89 Configuring LDP Neighbors: Example 90 Configuring LDP Forwarding: Example 90 Configuring LDP Nonstop Forwarding with Graceful Restart: Example 91 Configuring Label Acceptance (Inbound Filtering): Example 91 Configuring Local Label Allocation Control: Example 92 Configuring LDP Session Protection: Example 92 Configuring LDP IGP Synchronization—OSPF: Example 92 Configuring LDP IGP Synchronization—ISIS: Example 92 Configuring LDP Auto-Configuration: Example 93 Configure IP LDP Fast Reroute Loop Free Alternate: Examples 93 Verify IP LDP Fast Reroute Loop Free Alternate: Example 95 MPLS LDP CSC for Multiple VRFs Configuration: Examples 97 LDP IPv6 Configuration: Examples 110 Additional References 112 CHAPTER 3 Implementing MPLS Static Labeling 115 Recursive Label Statistics 116 MPLS Top Label Hash for OAM Packets 117 Forwarding Labeled Packets 117 Functional Overview: Top Label Hash 118 Enable MPLS Encapsulation on an Interface 119 Define a Range for Static MPLS Labels 120 Setup a Static LSP 121 Allocate Static MPLS Label to an IP Prefix and Configure a LSP 122 Allocate Static MPLS Label for a Specific VRF 123 Verify MPLS Static Bindings 124 Configuring Top Label Hash 125 Identify and Clear Label Discrepancy 126 Configure Top Label Hash: Example 127 CHAPTER 4 Implementing RSVP for MPLS-TE 129 Prerequisites for Implementing RSVP for MPLS-TE 129 MPLS Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.5.x vi Contents Information About Implementing RSVP for MPLS-TE 130 Overview of RSVP for MPLS-TE 130 LSP Setup 130 High Availability 131 Graceful Restart 131 Graceful Restart: Standard and Interface-Based 132 Graceful Restart: Figure 132 ACL-based Prefix Filtering 134 RSVP MIB 134 Bandwidth Reservation Percentage 134 Information About Implementing RSVP Authentication 135 RSVP Authentication Functions 135 RSVP Authentication Design 135 Global, Interface, and Neighbor Authentication Modes 136 Security Association 137 Key-source Key-chain 138 Guidelines for Window-Size and Out-of-Sequence Messages 139 Caveats for Out-of-Sequence 139 How to Implement RSVP 139 Configuring Traffic Engineering Tunnel Bandwidth 139 Confirming DiffServ-TE Bandwidth 140 Enabling Graceful Restart 141 Configuring ACL-based Prefix Filtering 142 Configuring ACLs for Prefix Filtering 142 Configuring RSVP Packet Dropping 143 Verifying RSVP Configuration 144 Enabling RSVP Traps 147 How to Implement RSVP Authentication 148 Configuring Global Configuration Mode RSVP Authentication 148 Enabling RSVP Authentication Using the Keychain in Global Configuration Mode 148 Configuring a Lifetime for RSVP Authentication in Global Configuration Mode 149 Configuring the Window Size for RSVP Authentication in Global Configuration Mode 149 Configuring
Load more

Recommended publications
  • Programmability Webinar Series with Devnet Session 8: Play with Linux & Python on Networking Devices
    Programmability Webinar Series with DevNet Session 8: Play with Linux & Python on Networking Devices Speaker: Stuart Clark Hostess: Kara Sullivan Jointly presented by DevNet & NetAcad ©8 2018May, Cisco and/or2019 its affiliates. All rights reserved. Cisco Confidential © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Use the Q and A panel to ask questions. • Use the Chat panel to Welcome to the 8th communicate with attendees session of the and panelists. Programmability with • A link to a recording of the session will be sent to all Cisco DevNet registered attendees. webinar series • Please take the feedback survey at the end of the webinar. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 The Webinar Series Date Topic Oct’18 Networking with Programmability is Easy Oct’18 A Network Engineer in the Programmable Age Nov’18 Software Defined Networking and Controllers Jan’19 Adding API Skills to Your Networking Toolbox Feb’19 The New Toolbox of a Networking Engineer Mar’19 Program Networking Devices using their APIs Apr’19 Before, During, and After a Security Attack May’19 Play with Linux & Python on Networking Devices Jun’19 Automate your Network with a Bot All Series Details can be Found @ http://bit.ly/devnet2 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Webinar Series – Raffle & Certificates Raffle We will be raffling off a total of 15 Amazon gift cards in the amount of $25 US dollars at the end of this series.* 10 Amazon gift cards in the amount of $25 US dollars raffled off to everyone who participates in all of the live sessions 5 Amazon gift cards in the amount of $25 US dollars raffled off to everyone who participates in all of the sessions by either attending the live sessions or viewing/downloading the recording (can be a combination of the two in this raffle).
    [Show full text]
  • Cisco Ios Shellcode: All-In-One
    CISCO IOS SHELLCODE: ALL-IN-ONE George Nosenko [email protected] CISCO IOS SHELLCODE: ALL-IN-ONE George Nosenko • Security researcher at Digital Security • Bug Hunter • Exploit Developer CISCO IOS SHELLCODE: ALL-IN-ONE Agenda Part 1: Cisco IOS Reverse Engineering Part 2: Cisco IOS Shellcoding • Main Problem • MoEvaon • Subsystem • Main Problems • Registry • Image-independet Shellcodes • Processes § Disassembling Shellcode • Glue Code / Simple Code / Dead Code § Interrupt-Hijack Shellcode • Command Parser • Tcl Shellcode • Where is libc? § How does it work? • Other § Features • How to debug Cisco IOS § Limitaons • How to debug Cisco IOS XE § How is it made? CISCO IOS SHELLCODE: ALL-IN-ONE Prior works AUacking Network Embedded System Felix ‘FX’ Lindner 2002 The Holy Grail Cisco IOS Shellcode And Exploitaon Techniques Michael Lynn 2005 Cisco IOS Shellcodes Gyan Chawdhary, Varun Uppal 2007 Remote Cisco IOS FTP Exploit Andy Davis 2007 Killing the myth of Cisco IOS rootkits: DIK SebasEan Muniz 2008 Cisco IOS - AUack & Defense. The State of the Art Felix ’FX’ Lindner 2008 Router Exploitaon Felix ’FX’ Lindner 2009 Fuzzing and Debugging Cisco IOS SebasEan Muniz, Alfredo Ortega 2011 Killing the Myth of Cisco IOS Diversity Ang Cui, Jan Kataria, Salvatore J. Stolfo 2011 Research on Cisco IOS Security Mechanisms Xiaoyan Sua 2011 Cisco IOS Rootkits and Malware Jason Nehrboss 2012 SYNful Knock A CISCO IMPLANT Bill Hau, Tony Lee, Josh Homan 2015 CISCO IOS SHELLCODE: ALL-IN-ONE Cisco Diversity Overview Operaon Systems Cisco IOS Cisco IOS XE (based on Linux)
    [Show full text]
  • Cisco IOS Software Reference Guide
    Reference Guide Cisco IOS Software Reference Guide Version 1.0 Last update: July 2016 © 2012-2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 21 Contents Introduction .............................................................................................................................................................. 3 Cisco IOS Software Family ..................................................................................................................................... 3 Cisco IOS Software Family Numbering .................................................................................................................. 4 IOS S Numbering .................................................................................................................................................. 6 IOS XR Numbering ............................................................................................................................................... 8 NX-OS Numbering ................................................................................................................................................ 8 Cisco IOS Software Release Migration .................................................................................................................. 9 IOS T Migration Examples ..................................................................................................................................... 10 IOS S Migration Examples ...................................................................................................................................
    [Show full text]
  • Cisco Switch Audit Checklist
    Cisco Switch Audit Checklist Jonsonian and opponent Tucky contemporises almost unconscionably, though Ephrem tears his pentadactylism restructure. Dipterocarpaceous and self-aware Cheston always Grecize backward and supervenes his locoes. Nucleolated Northrop presage droningly while Damien always scatted his soutanes hybridise barefacedly, he chicaning so longitudinally. Introduction to Network Security Audit Checklist Network Security Audit Checklist. The Operating System recipient for the switches that can the. FDA Computer System & Software Validation What You've. Goose vpn xauth password audit of switch ports are sent as password audit checklist cisco switch fsae operation combined process unneeded packets to go through the use of the created from. In this tutorial are essential commands to drag a Cisco switch effectively. Identifying core router and switch device interfaces with IP addresses. Netwrix Auditor for Network Devices. No 021q Normally connected to a L3 buffer switch network as a Cisco 494. Cisco router or else to tie and reload if the IOS HTTP service is enabled browsing to. Security Hardening Checklist Guide for Cisco Routers. The configuration audits might send the central rsyslog server become a variety of switching investments, how and distribution tier and auditing service engineer team. A step-by-step checklist to secure Cisco Arrow Download Latest CIS Benchmark Free to Everyone For Cisco IOS XE 16 CIS Cisco IOS 16 Benchmark version. The IT Regulatory and Standards Compliance Handbook there to. Site Checklists Oracle Help Center. CIS Cisco IOS 15 Benchmark 401 Checklist Details Checklist Revisions. Network audit when upgrading an existing network for through discussion with managers and network. Cisco Identity Services Engine ISE Data Sheet.
    [Show full text]
  • Containers in Cisco IOS-XE, IOS-XR, and NX-OS: Orchestration and Operation
    Quotes for Praise The world of networking continues to advance, and the emerging possibilities enabled by advancements like Kubernetes and Linux containers make keeping current on best practices a necessity to fully maximize Cisco IOS-XE, IOS-XR, and NX-OS platforms. I find this book to be an exceptionally insightful guide to understanding configuring, acti- vating, orchestrating, and developing operational best practices for containerizing and instantiating applications and network services. I recommend it highly, as it is written by the engineers who have the best real-world experience of designing and troubleshooting these architectures. —Tom Berghoff, Senior Vice President, Customer Experience, Cisco Systems Time-to-value realization for our customers is key to achieving their business outcomes with our solutions. The book that Yogesh and Nagendra have written will allow our customers to maximize their investment by leveraging Cisco solutions in a unique and innovative way. The passion that Yogesh and Nagendra bring to this topic through this book will jump off the page at you. Please enjoy this well-written book, as it will help to ensure that you realize maximum value from the investments you have made in this Cisco solution. —Marc Holloman, Vice President, Customer Experience, Cisco Systems With the introduction of software-defined networking (SDN), we knew that the way we build and operate networks was never going to be the same. For the network to keep up with the speed of business, major changes had to happen at every layer of the enterprise stack. With this book, the reader will get an insider look at the innerworkings of the tech- nologies enabling this change.
    [Show full text]
  • Defeating Cisco Trust Anchor: a Case-Study of Recent Advancements in Direct FPGA Bitstream Manipulation
    Defeating Cisco Trust Anchor: A Case-Study of Recent Advancements in Direct FPGA Bitstream Manipulation Jatin Kataria, Rick Housley, Joseph Pantoga, Ang Cui f j;r; jp;ag@redballoonsecurity:com Red Balloon Security Abstract Such technologies have been rapidly adopted in platforms with homogeneous hardware architectures such as consumer Field-programmable gate arrays (FPGAs) are widely used PCs, servers, and mobile devices. However, they may not meet in real-time, data-intensive, and mission critical system de- the requirements of equipment manufacturers who want a uni- signs. In the space of trusted computing, FPGA-based security fied secure boot implementation across a set of diverse hard- modules have appeared in a number of widely used security ware platforms such as those found in the industrial control or conscious devices. The Cisco Trust Anchor module (TAm) telecommunications industries. Additionally, these companies is one such example that is deployed in a significant num- may want complete ownership over the system to avoid exter- ber of enterprise network switches, routers, and firewalls. We nal dependencies or vendor lock-in. With these requirements, discuss several novel direct FPGA bitstream manipulation FPGAs are an attractive and cost-effective alternative to tradi- techniques that exploit the relative simplicity of input and tional hardware trust anchors. This has been recognized and output pin configuration structures. embraced by FPGA manufacturers such as Microsemi [20], We present an analysis of the efficacy of Cisco TAm and who have developed products to meet this demand. discuss both the high-level architectural flaws of the TAm This paper describes vulnerabilities in the proprietary Cisco as well as implementation specific vulnerabilities in a TAm- Trust Anchor module on the ASR 1001-X router, an FPGA- protected Cisco router.
    [Show full text]