Table Of Contents
mpls ldp discovery transport-address
mpls ldp graceful-restart timers forwarding-holding
mpls ldp graceful-restart timers max-recovery
mpls ldp graceful-restart timers neighbor-liveness
mpls ldp logging neighbor-changes
mpls ldp logging password configuration
mpls ldp logging password rollover
mpls ldp neighbor implicit-withdraw
mpls ldp neighbor labels accept
mpls ldp password rollover duration
mpls ldp path-vector maxlength
mpls ldp atm vc-merge
Note Effective with Cisco IOS Release 12.4(20)T, the mpls ldp atm vc-merge command is not available in Cisco IOS software.
To control whether the vc-merge (multipoint-to-point) capability is supported for unicast label virtual circuits (LVCs), use the mpls ldp atm vc-merge command in global configuration mode. To disable this feature, use the no form of this command.
mpls ldp atm vc-merge
no mpls ldp atm vc-merge
Syntax Description
This command has no arguments or keywords.
Defaults
The ATM-VC merge capability is enabled by default if the hardware supports this feature; otherwise, the feature is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use of VC merge helps conserve ATM labels by allowing incoming LSPs from different sources for the same destination to be merged onto a single outgoing VC.
Examples
In the following example, the ATM-VC merge capability is disabled:
Router# no mpls ldp atm vc-mergeRelated Commands
Command Descriptionshow mpls atm-ldp capability
Displays the ATM MPLS capabilities negotiated with LDP neighbors for LC-ATM interfaces.
mpls ldp autoconfig
To enable Label Distribution Protocol (LDP) on interfaces for which an Open Shortest Path First (OSPF) instance or Intermediate System-to-Intermediate System (IS-IS) instance has been defined, use the mpls ldp autoconfig command in router configuration mode. To disable this feature, use the no form of this command.
For OSPF
mpls ldp autoconfig [area area-id]
no mpls ldp autoconfig [area area-id]
For IS-IS
mpls ldp autoconfig [level-1 | level-2]
no mpls ldp autoconfig
Syntax Description
Defaults
LDP is not enabled on interfaces. If an OSPF area or an IS-IS level is not specified, LDP is enabled on all interfaces belonging to the OSPF or IS-IS process.
Command Modes
Router configuration
Command History
Usage Guidelines
•You can specify this command multiple times to enable LDP on different routing areas with interfaces running OSPF.
•If LDP is disabled globally, the mpls ldp autoconfig command fails. LDP must be enabled globally by means of the global mpls ip command first.
•If the mpls ldp autoconfig command is configured, you cannot issue the global no mpls ip command. If you want to disable LDP, you must issue the no mpls ldp autoconfig command first.
•The mpls ldp autoconfig command is supported only with OSPF and IS-IS interior gateway protocols (IGPs).
•The MPLS LDP Autoconfiguration feature supports IS-IS only in Cisco IOS Release 12.0(32)SY.
•For interfaces running IS-IS processes, you can enable Multiprotocol Label Switching (MPLS) for each interface using the router mode command mpls ldp autoconfig or mpls ldp igp autoconfig at the interface level.
•For IS-IS interfaces, the level for which an interface is configured must be compatible with the level for which autoconfiguration is desired.
•For IS-IS interfaces, each application of the configuration command overwrites the earlier configuration. If initial autoconfiguration is enabled for level-1 and a later configuration specifies level-2, LDP is enabled only on IS-IS level-2 interfaces.
Examples
In the following example, MPLS LDP Autoconfiguration is enabled for OSPF area 5:
Router(config-router)# mpls ldp autoconfig area 5
Related Commands
mpls ldp backoff
To configure parameters for the label distribution protocol (LDP) backoff mechanism, use the mpls ldp backoff command in global configuration mode. To disable this feature, use the no form of this command.
mpls ldp backoff initial-backoff maximum-backoff
no mpls ldp backoff initial-backoff maximum-backoff
Syntax Description
Defaults
The initial backoff value is 15 seconds and grows to a maximum value of 120 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
The LDP backoff mechanism prevents two incompatibly configured label switch routers (LSRs) from engaging in an unthrottled sequence of session setup failures. For example, an incompatibility arises when two neighboring routers attempt to perform LC-ATM (label-controlled ATM) but the two are using different ranges of VPI/VCI values for labels.
If a session setup attempt fails due to an incompatibility, each LSR delays its next attempt (that is, backs off), increasing the delay exponentially with each successive failure until the maximum backoff delay is reached.
The default settings correspond to the lowest settings for initial and maximum backoff values defined by the LDP protocol specification. You should change the settings from the default values only if such settings result in undesirable behavior.
Examples
The following command shows how to set the initial backoff delay to 30 seconds and the maximum backoff delay to 240 seconds:
Router(config)# mpls ldp backoff 30 240Related Commands
mpls ldp discovery
To configure the interval between transmission of consecutive Label Distribution Protocol (LDP) discovery hello messages, or the hold time for a discovered LDP neighbor, or the neighbors from which requests for targeted hello messages may be honored, use the mpls ldp discovery command in global configuration mode. To disable this feature, use the no form of this command.
mpls ldp discovery {hello {holdtime | interval} seconds | targeted-hello {holdtime | interval} seconds | accept [from acl]}
no mpls ldp discovery {hello {holdtime | interval} | targeted-hello {holdtime | interval} | accept [from acl]}
Syntax Description
Command Default
None
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The discovery hold time is set to the smaller of the following: the locally proposed hold time or the hold time proposed by the neighbor. The hello interval is selected so that within the hello hold time period at least three hellos messages are sent for a link hello and at least nine hello messages are sent for a targeted hello.
When the discovery hold time elapses for a neighbor discovered on an interface or for a neighbor discovered by means of a targeted hello message, the record associating the neighbor with that interface or the targeted hello message source is discarded. If an LDP session exists with a neighbor, but a discovery record no longer exists for that neighbor, the LDP session is terminated.
Setting the hold time too high causes LDP to be slow in detecting link outages; setting the hold time too low might cause LDP to terminate sessions when a hello message is dropped during traffic bursts on a link.
The exchange of targeted hello messages between two nondirectly connected neighbors (N1 and N2) may occur in the following ways:
•N1 may initiate the transmission of targeted hello messages to N2, and N2 may send targeted hello messages in response. In this situation, N1 is considered to be active and N2 is considered to be passive.
N1 targeted hello messages carry a request that N2 send targeted hello messages in response. To respond, N2 configuration must permit it to respond to N1. The mpls ldp discovery targeted-hello accept command is used to configure whether N1 must respond to requests for targeted hello messages.
•Both N1 and N2 may be configured to initiate the transmission of targeted hello messages to each other. In this situation, both are active.
Both, one, or neither of N1 and N2 may be passive, depending on whether they have been configured to respond to requests for targeted hello messages from the other.
Note Normally, active transmission of targeted hello messages on a router is triggered by some configuration action, such as an mpls ip command on a traffic engineering tunnel interface.
Examples
The following example shows how to set the period of time to 30 seconds for which a neighbor discovered on an interface is remembered, if no hello messages are received:
Router# configure terminalRouter(config)# mpls ldp discovery hello holdtime 30The following example shows how to configure the router to respond to requests for targeted hello messages from neighbors 209.165.200.225 and 209.165.200.234:
Router(config)# ip access standard TRGT-ACCEPTRouter(config-nacl)# permit 209.165.200.225Router(config-nacl)# permit 209.165.200.234Router(config-nacl)# exitRouter(config)# mpls ldp discovery targeted-hello from TRGT-ACCEPTRelated Commands
mpls ldp discovery transport-address
To specify the transport address advertised in the Label Distribution Protocol (LDP) discovery hello messages sent on an interface, use the mpls ldp discovery transport-address command in interface configuration mode. To disable this feature, use the no form of this command.
mpls ldp discovery transport-address {interface | IP-address}
no mpls ldp discovery transport-address
Syntax Description
interface
Specifies that the interface IP address should be advertised as the transport address.
IP-address
IP address advertised as the transport address.
Command Default
The default behavior when this command has not been issued for an interface depends on the interface type.
Unless the interface is a label-controlled ATM (LC-ATM) interface, LDP advertises its LDP router ID as the transport address in LDP discovery hello messages sent from the interface.
If the interface is an LC-ATM interface, no transport address is explicitly advertised in LDP discovery hello messages sent from the interface.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The establishment of an LDP session between two routers requires a session TCP connection by which label advertisements can be exchanged between the routers. To establish the session TCP connection, each router must know the transport address (IP address) of the other router.
The LDP discovery mechanism provides the means for a router to advertise the transport address for its end-of-session TCP connection. When the transport address advertisement is explicit, the transport address appears as part of the contents of discovery hello messages sent to the peer. When the transport address advertisement is implicit, the transport address is not included in the discovery hello messages, and the peer uses the source IP address of received hello messages as the peer transport address.
The mpls ldp discovery transport-address command provides the means to modify the default behavior described in the Command Default section of this document. When the interface keyword is specified, LDP advertises the IP address of the interface in LDP discovery hello messages sent from the interface. When the IP-address argument is specified, LDP advertises the specified IP address in LDP discovery hello messages sent from the interface.
Note When a router has multiple links connecting it to its peer device, the router must advertise the same transport address in the LDP discovery hello messages it sends on all such interfaces.
Examples
The following example shows how to specify the LDP transport address for interface pos2/0 should be the interface IP address; it also shows how to specify the IP address 209.165.200.225 of interface pos3/1 should be the LDP transport address:
Router(config#) interface pos2/0Router(config-if)# mpls ldp discovery transport-address interfaceRouter(config#) interface pos3/1Router(config-if)# mpls ldp discovery transport-address 209.165.200.225Related Commands
Command Descriptionshow mpls ldp discovery
Displays the status of the LDP discovery process.
show mpls ldp neighbor
Displays the status of LDP sessions.
mpls ldp explicit-null
To cause a router to advertise an Explicit Null label in situations where it would normally advertise an Implicit Null label, use the mpls ldp explicit-null command in global configuration mode. To disable this feature, use the no form of this command.
mpls ldp explicit-null [for prefix-acl | to peer-acl | for prefix-acl to peer-acl]
no mpls ldp explicit-null
Syntax Description
Defaults
Implicit Null is advertised for directly connected routes unless the command mpls ldp explicit-null has been executed.
Command Modes
Global configuration
Command History
Usage Guidelines
Normally, LDP advertises an Implicit Null label for directly connected routes. The Implicit Null label causes the previous hop (penultimate) router to do penultimate hop popping. Situations exist where it might be desirable to prevent the penultimate router from performing penultimate hop popping and to force it to replace the incoming label with the Explicit Null label.
When you issue the mpls ldp explicit-null command, Explicit Null is advertised in place of Implicit Null for directly connected prefixes permitted by the prefix-acl argument to peers permitted by the peer-acl argument.
If you do not specify the prefix-acl argument in the command, Explicit Null is advertised in place of Implicit Null for all directly connected prefixes.
If you do not specify the peer-acl argument in the command, Explicit Null is advertised in place of Implicit Null to all peers.
Examples
The following command shows how to cause Explicit Null to be advertised for all directly connected routes to all LDP peers:
Router(config)# mpls ldp explicit-nullThe following command sequence shows how to cause Explicit Null to be advertised for directly connected route 10.5.0.0 to all LDP peers and Implicit Null to be advertised for all other directly connected routes:
Router(config)# ip access-list standard adv-exp-nullRouter(config-std-nacl)# permit 10.5.0.0Router(config-std-nacl)# deny anyRouter(config-std-nacl)# exitRouter(config)# mpls ldp explicit-null for adv-exp-nullRelated Commands
Command Descriptionshow mpls ip binding
Displays specified information about label bindings learned by LDP.
mpls ldp graceful-restart
To enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) Graceful Restart, use the mpls ldp graceful-restart command in global configuration mode. To disable LDP Graceful Restart, use the no form of this command.
mpls ldp graceful-restart
no mpls ldp graceful-restart
Syntax Description
This command has no arguments or keywords.
Command Default
LDP Graceful Restart is not enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
LDP Graceful Restart must be enabled before an LDP session is established.
Using the no form of the command disables the Graceful Restart functionality on all LDP sessions.
Examples
The command in the following example enables LDP Graceful Restart on a router:
Router(config)# mpls ldp graceful-restart
Related Commands
mpls ldp graceful-restart timers forwarding-holding
To specify the amount of time the Multiprotocol Label Switching (MPLS) forwarding state should be preserved after the control plane restarts, use the mpls ldp graceful-restart timers forwarding-holding command in global configuration mode. To revert to the default timer value, use the no form of this command.
mpls ldp graceful-restart timers forwarding-holding secs
no mpls ldp graceful-restart timers forwarding-holding
Syntax Description
Command Default
After the control plane on the Cisco 7500 and Cisco 10000 series router restarts, the MPLS forwarding state is preserved for 600 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
Configuring the local forwarding-holding timer to a value less than the IOS FT Reconnect Timeout of 120 seconds may prevent a Label Distribution Protocol (LDP) session from being established. Configure the forwarding-holding timer to less than 120 seconds only if an LDP neighbor has an FT Reconnect Timeout value of less than 120 seconds.
If the timer expires, all entries that are marked stale are deleted.
Examples
In the following example, the MPLS forwarding state is preserved for 300 seconds after the control plane restarts:
Router(config)# mpls ldp graceful-restart timers forwarding-holding 300
Related Commands
mpls ldp graceful-restart timers max-recovery
To specify the amount of time a router should hold stale label-Forwarding Equivalence Class (FEC) bindings after a Label Distribution Protocol (LDP) session has been reestablished, use the mpls ldp graceful-restart timers max-recovery command in global configuration mode. To revert to the default timer value, use the no form of this command.
mpls ldp graceful-restart timers max-recovery secs
no mpls ldp graceful-restart timers max-recovery
Syntax Description
Command Default
Stale label-FEC bindings are held for 120 seconds after an LDP session has been reestablished.
Command Modes
Global configuration
Command History
Usage Guidelines
After the timer expires, all stale label-FEC bindings learned from the associated LDP session are removed, which results in the removal of any forwarding table entries that are based on those bindings.
Examples
In the following example, the router should hold stale label-FEC bindings after an LDP session has been reestablished for 180 seconds:
Router(config)# mpls ldp graceful-restart timers max-recovery 180
Related Commands
mpls ldp graceful-restart timers neighbor-liveness
To specify the upper bound on the amount of time a router should wait for a Label Distribution Protocol (LDP) session to be reestablished, use the mpls ldp graceful-restart timers neighbor-liveness command in global configuration mode. To revert to the default timer value, use the no form of this command.
mpls ldp graceful-restart timers neighbor-liveness secs
no mpls ldp graceful-restart timers neighbor-liveness
Syntax Description
secs
The amount of time (in seconds) that the router should wait for an LDP session to be reestablished. The default is 120 seconds. The range is 5 to 300 seconds.
Command Default
The default is a maximum of 120 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
The amount of time a router waits for an LDP session to be reestablished is the lesser of the following values:
•The value of the peer's fault tolerant (FT) type length value (TLV) reconnect timeout
•The value of the neighbor liveness timer
If the router cannot reestablish an LDP session with the neighbor in the time allotted, the router deletes the stale label-FEC bindings received from that neighbor.
Examples
The command in the following example sets the amount of time that the router should wait for an LDP session to be reestablished to 30 seconds:
Router(config)# mpls ldp graceful-restart timers neighbor-liveness 30
Related Commands
mpls ldp holdtime
To change the time for which an Label Distribution Protocol (LDP) session is maintained in the absence of LDP messages from the session peer, use the mpls ldp holdtime command in global configuration mode. To disable this command, use the no form of the command.
mpls ldp holdtime seconds
no mpls ldp holdtime seconds
Syntax Description
seconds
Number from 15 to 2147483 that defines the time, in seconds, an LDP session is maintained in the absence of LDP messages from the session peer. The default is 180.
Defaults
The default value for the seconds argument is 180.
Command Modes
Global configuration
Command History
Usage Guidelines
When an LDP session is established between two LSRs, the hold time used for the session is the lower of the values configured on the two LSRs.
Examples
The following example shows how to configure the hold time of LDP sessions for 30 seconds:
Router# mpls ldp holdtime 30Related Commands
Command Descriptionshow mpls ldp parameters
Displays the current LDP parameter.
show mpls atm-ldp bindings
Displays specified entries from the ATM label binding database.
mpls ldp igp autoconfig
To enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) autoconfiguration on an interface that belongs to an Open Shortest Path First (OSPF) area, use the mpls ldp igp autoconfig command in interface configuration mode. To disable MPLS LDP autoconfiguration, use the no form of the command.
mpls ldp igp autoconfig
no mpls ldp igp autoconfig
Syntax Description
This command has no arguments or keywords.
Command Default
This command works with the mpls ldp autoconfig command, which enables LDP on all interfaces that belong to an OSPF area. So, by default, all interfaces are enabled for LDP.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
This command works with the mpls ldp autoconfig command, which enables LDP on all interfaces that belong to an OSPF area. To disable LDP on selected interfaces, use the no mpls ldp igp autoconfig command.
Examples
The following example shows how to disable LDP on interface POS1/0:
Router(config)# interface pos1/0
Router(config-if)# no mpls ldp igp autoconfig
Related Commands
mpls ldp igp sync
To enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP)-Interior Gateway Protocol (IGP) synchronization on an interface that belongs to an Open Shortest Path First (OSPF) process, use the mpls ldp igp sync command in interface configuration mode. To disable MPLS LDP-IGP synchronization, use the no form of the command.
mpls ldp igp sync [delay seconds]
no mpls ldp igp sync [delay]
Syntax Description
delay
(Optional) Sets a delay timer for MPLS LDP-IGP synchronization.
seconds
(Optional) Delay time, in seconds. The range is from 5 to 60 seconds.
Command Default
If MPLS LDP-IGP synchronization is enabled on an OSPF process, MPLS LDP-IGP synchronization is enabled by deffault on all interfaces configured for the process. A delay timer is not set.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
This command works with the mpls ldp sync command, which enables MPLS LDP-IGP synchronization on all interfaces that belong to an OSPF process. To disable MPLS LDP-IGP synchronization on a selected interface, use the no mpls ldp igp sync command in the configuration for that interface.
Use the mpls ldp igp sync delay seconds command to configure a delay time for MPLS LDP and IGP synchronization on an interface-by-interface basis. To remove the delay timer from a specified interface, use the no mpls ldp igp sync delay command. This command sets the delay time to 0 seconds, but leaves MPLS LDP-IGP synchronization enabled.
When LDP is fully established and synchronized, LDP checks the delay timer:
•If you configured a delay time, LDP starts the timer. When the timer expires, LDP checks that synchronization is still valid and notifies the OSPF process.
•If the delay time is not configured, synchronization is disabled or down, or an interface is removed from an IGP process, LDP stops the timer and immediately notifies the OSPF process.
If you configure a new delay time while a timer is running, LDP saves the new delay time but does not reconfigure the running timer.
Examples
The following example shows how to disable MPLS LDP-IGP synchronization on POS interface 1/0:
Router(config)# interface pos1/0
Router(config-if)# no mpls ldp igp sync
The following example shows how to set a delay timer of 45 seconds for MPLS LDP-IGP synchronization on FastEthernet interface 0/0:
Router(config)# interface FastEthernet 0/0Router(config-if)# mpls ldp igp sync delay 45Related Commands
mpls ldp igp sync holddown
To specify how long an Interior Gateway Protocol (IGP) should wait for Label Distribution Protocol (LDP) synchronization to be achieved, use the mpls ldp igp sync holddown command in global configuration mode. To disable the hold-down timer, use the no form of this command.
mpls ldp igp sync holddown milliseconds
no mpls ldp igp sync holddown
Syntax Description
milliseconds
The number of milliseconds an IGP should wait for an LDP session to be established. The valid range of values is 1 to 2147483647.
Command Default
An IGP will wait indefinitely for LDP synchronization to be achieved.
Command Modes
Global configuration
Command History
Usage Guidelines
This command enables you to limit the amount of time an IGP waits for LDP synchronization to be achieved.
Examples
In the following example, the IGP is limited to 10,000 milliseconds (10 seconds):
Router(config)# mpls ldp igp sync holddown 10000
Related Commands
mpls ldp label
To enter MPLS LDP label configuration mode to specify how Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) handles local label allocation, use the mpls ldp label command in global configuration mode. To remove all local label allocation filters configured in MPLS LDP label configuration mode and restore LDP default behavior for local label allocation without a session reset, use the no form of this command.
mpls ldp label
no mpls ldp label
Syntax Description
This command has no arguments or keywords.
Command Default
LDP label configuration mode commands are not available.
Command Modes
Global configuration (config)
Command History
Release Modification12.2(33)SRC
This command was introduced.
12.2(33)SB
This command was integrated into Cisco IOS Release 12.2(33)SB.
Usage Guidelines
After you enter the mpls ldp label command, you can specify a prefix list or host routes to filter prefixes for MPLS LDP local label allocation.
Use the no form of the command to remove prefix filtering for local label allocation and restore the default LDP local allocation behavior without resetting the session.
A maximum of one filter configuration is allowed for the global table.
Examples
The following example shows how to enter MPLS LDP label configuration mode, specify the prefix list named list1 to filter prefixes for MPLS LDP local label allocation, and exit MPLS LDP label configuration mode:
configure terminal!mpls ldp label allocate global prefix-list list1exitThe following examples shows how to remove all local label allocation filters in MPLS LDP label configuration mode and restore LDP default behavior for local label allocation:
configure terminal!no mpls ldp labelRelated Commands
Command Descriptionallocate
Configures local label allocation filters for learned routes for MPLS LDP.
mpls ldp logging neighbor-changes
To generate system error logging (syslog) messages when Label Distribution Protocol (LDP) sessions go down, use the mpls ldp logging neighbor-changes command in global configuration mode. To disable generating syslog messages, use the no form of this command.
mpls ldp logging neighbor-changes
no mpls ldp logging neighbor-changes
Syntax Description
This command has no arguments or keywords.
Defaults
Logging is enabled by default.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the mpls ldp logging neighbor-changes command to generate syslog messages when an LDP session goes down. The command also provides VRF information about the LDP neighbor and the reason for the LDP session going down. Some of the reasons for an LDP session going down are the following:
•An LDP was disabled globally by configuration.
•An LDP was disabled on an interface.
Examples
The following example generates syslog messages when LDP sessions go down:
Router(config)# mpls ldp logging neighbor-changes
The following output shows the log entries when an LDP session with neighbor 192.168.1.100:0 goes down and comes up. The session went down because the discovery hold timer expired. The VRF table identifier for the neighbor is 1.
2d00h: %LDP-5-NBRCHG: LDP Neighbor 192.168.1.100:0 (1) is DOWN (Disc hold timer expired)2d00h: %LDP-5-NBRCHG: LDP Neighbor 192.168.1.100:0 (1) is UPmpls ldp logging password configuration
To enable the display password configuration change events on an MPLS Label Switch Router (LSR), use the mpls ldp logging password configuration command in global configuration mode. To disable the display of password events, use the no form of this command.
mpls ldp logging password configuration [rate-limit num]
no mpls ldp logging password configuration
Syntax Description
Defaults
Logging is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
The logging output displays events when a new password is configured or an existing password has been changed or deleted.
Related Commands
mpls ldp logging password rollover
To enable the display password rollover events on an MPLS Label Switch Router (LSR), use the mpls ldp logging password rollover command in global configuration mode. To disable the display of password events, use the no form of this command.
mpls ldp logging password rollover [rate-limit num]
no mpls ldp logging password rollover
Syntax Description
Defaults
Logging is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
The logging output displays events when a new password is used for authentication or when authentication is disabled.
Related Commands
mpls ldp loop-detection
To enable the label distribution protocol (LDP) optional loop detection mechanism, use the mpls ldp loop-detection command in global configuration mode. To disable this feature, use the no form of this command.
mpls ldp loop-detection
no mpls ldp loop-detection
Syntax Description
This command has no optional keywords or arguments.
Defaults
LDP loop detection is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
The LDP loop detection mechanism is intended for use in networks of devices that do not use time-to-live mechanisms (for example, ATM switches) that cannot fairly allocate device resources among traffic flows.
The LDP loop detection mechanism is used with the Downstream on Demand method of label distribution, supplementing the Downstream on Demand hop count mechanism to detect looping LSPs that might occur during routing transitions.
Examples
The following command sets the LDP loop detection mechanism on:
Router(config)# mpls ldp loop-detectionRelated Commands
Command Descriptionmpls ldp maxhops
Limits the number of hops permitted in an LSP established by the Downstream on Demand method of label distribution.
mpls ldp maxhops
To limit the number of hops permitted in a label switched path (LSP) established by the Downstream on Demand method of label distribution, use the mpls ldp maxhops command in global configuration mode. To disable this feature, use the no form of this command.
mpls ldp maxhops number
no mpls ldp maxhops
Syntax Description
Defaults
The default is 254 hops.
Command Modes
Global configuration
Command History
Usage Guidelines
When an ATM label switch router (LSR) initiates a request for a label binding, it sets the hop count value in the Label Request message to 1. Subsequent ATM-LSRs along the path to the edge of the ATM label switching region increment the hop count before forwarding the Label Request message to the next hop.
When an ATM LSR receives a Label Request message, it does not send a Label Mapping message in response, nor does it propagate the request to the destination next hop if the hop count value in the request equals or exceeds the maxhops value. Instead, the ATM LSR returns an error message that specifies that the maximum allowable hop count has been reached. This threshold is used to prevent forwarding loops in the setting up of label switch paths across an ATM region.
Examples
The following example sets the hop count limit to 10:
Router(config)# mpls ldp maxhops 10Related Commands
mpls ldp neighbor implicit-withdraw
To configure the advertisement of a new label for a Forwarding Equivalence Class (FEC) without the withdrawal of the previously advertised label, use the mpls ldp neighbor implicit-withdraw command in global configuration mode. To disable this option for the specified neighbor, use the no form of this command.
mpls ldp neighbor [vrf vpn-name] ip-addr implicit-withdraw
no mpls ldp neighbor [vrf vpn-name] ip-addr [implicit-withdraw]
Syntax Description
vrf vpn-name
(Optional) VPN routing and forwarding instance for the specified neighbor.
ip-addr
Router ID (IP address) that identifies a neighbor.
Defaults
When the vrf keyword is not specified in this command, the label distribution protocol (LDP) neighbor is configured in the default routing domain.
If this command is not configured, when it is necessary for LDP to change the label it has advertised to a neighbor for some prefix, it will withdraw the previously advertised label before advertising the new label to the neighbor.
For the no form of the command, if the implicit-withdraw keyword is not specified, all configuration information for the specified neighbor reverts to the defaults and the neighbor record is deleted.
Command Modes
Global configuration
Command History
Usage Guidelines
By default, in Cisco IOS Release 12.0(21)ST and later, LDP withdraws the previously advertised label by using a withdraw message before advertising a new label for a FEC. In Cisco IOS releases prior to 12.0(21)ST, LDP did not withdraw a previously advertised label before advertising a new label for a FEC. In those older releases, the new label advertisement served as an implied withdraw and LDP did not send a withdraw message. To cause LDP now to operate as it did in releases before Cisco IOS release 12.0(21)ST—that is, to make LDP now advertise a new label for a FEC without first withdrawing the previously advertised label—use this command's implicit-withdraw keyword.
Router(config)# mpls ldp neighbor 10.10.10.10 implicit-withdrawUsing the implicit-withdraw keyword avoids generating the overhead from an exchange of label withdraw and label release messages.
To disable the implicit-withdraw option, use the no form of the command with the implicit-withdraw keyword. This returns the router to the default, which requires that LDP withdraw the previously advertised label for a FEC before advertising a new label.
Router(config)# no mpls ldp neighbor 10.10.10.10 implicit-withdrawExamples
In the following example, LDP does not send a label-withdraw message to the neighbor whose router ID is 10.10.10.10 when a need exists to change the previously advertised label for a FEC:
Router(config)# mpls ldp neighbor 10.10.10.10 implicit-withdrawRelated Commands
mpls ldp neighbor labels accept
To configure a label switching router (LSR) to filter label distribution protocol (LDP) inbound label bindings from a particular LDP peer, use the mpls ldp neighbor labels accept command in global configuration mode. To disable this feature, use the no form of this command.
mpls ldp neighbor [vrf vpn-name] nbr-address labels accept acl
no mpls ldp neighbor [vrf vpn-name] nbr-address labels accept acl
Syntax Description
Defaults
If the vrf keyword is not specified, the specified LDP neighbor is configured in the default routing domain.
Command Modes
Global configuration
Command History
Usage Guidelines
The specified ACL is used to filter label bindings advertised by the specified neighbor. If the prefix part of the label binding is permitted by the ACL, the router will accept the binding. If the prefix is denied, the router will not accept or store the binding.
This functionality is particularly useful when two different entities manage peer LSRs; that is, the recipient cannot perform filtering by altering the configuration of the sender. This is likely to occur in an Multiprotocol Label Switching (MPLS) virtual private network (VPN) that is using the LDP-based Carrier Supporting Carrier (CSC) feature. In that situation, the backbone carrier may want to restrict the set of label bindings that its provider edge (PE) router may learn from an adjacent customer edge (CE) router that a customer carrier operates.
When inbound label binding filtering is configured, certain configuration changes may require a router to retain bindings that it previously discarded. For example:
•Inbound filtering is disabled.
•An inbound filtering ACL is redefined to be less restrictive.
A router does not maintain a record of the set of bindings it previously discarded. Therefore, it cannot ask its neighbors to readvertise just those bindings. In addition, LDP (as defined by RFC 3036) does not provide a means for a router to signal its neighbors to readvertise all label bindings. Consequently, to relearn label bindings following such configuration changes, you must reset the LDP session or sessions by using the clear mpls ldp neighbor command.
Note The mpls ldp neighbor labels accept command has no effect on an LC-ATM interface. Such an interface behaves as though this command had not been executed. The mpls ldp request-labels ACL command, which is supported for LC-ATM, controls which label bindings are requested (accepted) from neighbors.
Examples
The following example specifies that the LSR accepts inbound label bindings from neighbor 10.19.19.19 in vrf vpn1 for prefixes permitted by the ACL named aclone:
Router(config)# mpls ldp neighbor vrf vpn1 10.19.19.19 label accept acloneRelated Commands
mpls ldp neighbor password
To configure a password for computing message digest algorithm 5 (MD5) checksums for the session TCP connection with the specified neighbor, use the mpls ldp neighbor password command in global configuration mode. To disable this option for the specified neighbor, use the no form of this command.
mpls ldp neighbor [vrf vpn-name] ip-address password password
no mpls ldp neighbor [vrf vpn-name] ip-address [password password]
Syntax Description
Defaults
Unless the TCP MD5 Signature Option is explicitly configured with the password for session TCP connections, the option is not used.
When the vrf name is not specified in this command, the Label Distribution Protocol (LDP) neighbor is configured in the default routing domain.
For the no form of the command, if the password is not specified, all configuration information for the specified neighbor reverts to the defaults and the neighbor record is deleted.Command Modes
Global configuration
Command History
Usage Guidelines
You can invoke authentication between two LDP peers, verifying each segment sent on the TCP connection between the peers. To do so, you must configure authentication on both LDP peers using the same password; otherwise, the peer session is not established.
The authentication capability uses the MD5 algorithm. MD5, an algorithm used in conjunction with SNMP, verifies the integrity of the communication, authenticates the origin of the message, and checks for timeliness.
Invoking the mpls ldp neighbor password command causes the generation and checking of the MD5 digest for every segment sent on the TCP connection.
Configuring a password for an LDP neighbor causes an existing LDP session to be torn down and a new session to be established.
If a router has a password configured for a neighbor, but the neighbor router does not have a password configured, a message such as the following appears on the console while the two routers attempt to establish an LDP session:
%TCP-6-BADAUTH: No MD5 digest from [peer's IP address]:11003 to [local router's IP address]:646Similarly, if the two routers have different passwords configured, a message such as the following appears on the console:
%TCP-6-BADAUTH: Invalid MD5 digest from [peer's IP address]:11004 to [local router's IP address]:646Examples
In the following example, the password (password1) is configured as the password for use with MD5 for the neighbor whose router ID is 139.27.0.15:
Router(config)# mpls ldp neighbor 139.27.0.15 password password1In the following example, the password (password1) is configured as the password for use with MD5 for the LDP neighbor having router ID 4.4.4.4 in the VPN routing and forwarding instance named vpn1:
Router(config)# mpls ldp neighbor vrf vpn1 4.4.4.4 password password1Related Commands
mpls ldp neighbor targeted
To set up a targeted session with a specified neighbor, use the mpls ldp neighbor targeted command in global configuration mode. To disable a targeted session, use the no form of this command.
mpls ldp neighbor [vrf vpn-name] ip-addr targeted [ldp | tdp]
no mpls ldp neighbor [vrf vpn-name] ip-addr [targeted [ldp | tdp]]
Syntax Description
Defaults
When the targeted keyword is not specified, a targeted session is not set up with the neighbor.
For the no form of the command, if the targeted keyword is not specified, all configuration information for the specified neighbor reverts to the defaults and the neighbor record is deleted.Command Modes
Global configuration
Command History
Usage Guidelines
If you do not specify the label protocol for the targeted session, the label protocol specified with the mpls label protocol command is used. If the mpls label protocol command is not configured, then LDP is used for the targeted session.
Use the mpls ldp neighbor targeted command when you need to set up a targeted session and other means of establishing targeted sessions do not apply, such as configuring mpls ip on a traffic engineering (TE) tunnel or configuring Any Transport over MPLS (AToM) virtual circuits (VCs). For example, you would use this command to set up a targeted session between directly connected MPLS label switch routers (LSRs) when MPLS label forwarding convergence time is an issue.
The mpls ldp neighbor targeted command can improve label convergence time for directly connected neighbor LSRs when the links directly connecting them are down. When the links between the neighbor LSRs are up, both the link and targeted Hellos maintain the LDP session. If the links between the neighbor LSRs go down, the targeted Hellos maintain the session, allowing the LSRs to retain labels learned from each other. When a link directly connecting the LSRs comes back up, the LSRs can immediately reinstall labels for forwarding use without having to reestablish their LDP session and exchange labels.
Examples
In the following example, the router sets up a targeted session with the neighbor 10.10.10.10 using TDP as the label protocol:
Router(config)# mpls ldp neighbor 10.10.10.10 targetedIn the following example, the router sets up a targeted session with the neighbor 10.10.10.10 using LDP as the label protocol:
Router(config)# mpls label protocol ldpRouter(config)# mpls ldp neighbor 10.10.10.10 targetedAnother way to set up a targeted session using LDP without changing the default label protocol is as follows:
Router(config)# mpls ldp neighbor 10.10.10.10 targeted ldpRelated Commands
mpls ldp password fallback
To configure a message digest algorithm 5 (MD5) password for Label Distribution Protocol (LDP) sessions with peers, use the mpls ldp password fallback command in global configuration mode. To remove the MD5 password, use the no form of this command.
mpls ldp [vrf vrf-name] password fallback {key-chain keychain-name | [0 | 7] password}
no mpls ldp [vrf vrf-name] password fallback
Syntax Description
Defaults
The MD5 password for LDP is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command specifies the default password for the VRF routing table. The VRF routing table name is specified by the vrf-name argument when you configure the vrf keyword for the command. If you do not include the vrf keyword in the command, the command specifies the default password for the global routing table. The password configured by this command is the password used for sessions between peers, if neither of the following commands applies: the mpls ldp neighbor password command or the mpls ldp password option command.
If you configure a type 7 (encrypted) password, the password is saved in encrypted form.
If you configure a type 0 (clear-text) password, it can be saved in clear-text form or encrypted form, depending on the status of the service password-encryption command:
•If the service password-encryption command is enabled, then the type 0 password is converted and saved in encrypted form.
•If the service password-encryption command is disabled, then the type 0 password is saved in clear-text (nonencrypted) form.
When you enter a show running-config command, if the global service password-encryption command is enabled, a password saved in clear-text form is converted into encrypted form, and displayed and saved in encrypted form.
Examples
The following example shows how to configure an MD5 password for an LDP session with peers in VRF vpn1:
Router> enableRouter#Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.
Router(config)# mpls ldp vrf vpn1 password fallback secureRouter(config)# exitRouter#The password, secure, would be encrypted. It is shown here as you would enter it on the command line.
Related Commands
mpls ldp password option
To configure a message digest algorithm 5 (MD5) password for Label Distribution Protocol (LDP) sessions with neighbors whose LDP router IDs are permitted by a specified access list, use the mpls ldp password option command in global configuration mode. To disable an MD5 password for LDP sessions with neighbors whose LDP router IDs are permitted by a specified access list, use the no form of this command.
mpls ldp [vrf vrf-name] password option number for acl {key-chain keychain-name | [0 | 7] password}
no mpls ldp [vrf vrf-name] password option number
Syntax Description
Defaults
The MD5 password for LDP is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
This command specifies the password argument as the MD5 password for LDP sessions with neighbors whose LDP router IDs are permitted by an access list specified in the acl argument. This password is used if a password is not specified by the mpls ldp neighbor password command.
When a configuration includes multiple mpls ldp password option commands, the number argument defines the order in which the command access lists are evaluated.
A configuration for a VRF can include zero, one, or multiple mpls ldp password option commands.
You can specify the passwords as unencrypted text (type 0) or in encrypted format (type 7). If you configure a type 7 password, the password is saved in encrypted form. If you configure a type 0 password, the password can be saved in unencrypted form or encrypted form, depending on the status of the service password-encryption command:
•If the service password-encryption command is enabled, the type 0 password is converted and saved in encrypted form.
When you enter a show running-config command, if the service password-encryption command is enabled, a password saved in unencrypted form is converted into encrypted form, and is then displayed and saved in encrypted form.
•If the service password-encryption command is disabled, the type 0 password is saved in unencrypted form.
The MD5 password and the generated key chain key are limited to 25 characters. If he password and key are more than 25 characters, the encryption is performed only on the first 25 characters and the remaining characters are truncated.
The following is an example of the message displayed when the MD5 password exceeds 25 characters:
Router(config)# mpls ldp password option 7 for acl1 password123456789123456789123456789% Unencrypted password has been truncated to 25 characters.The following is an example of the message displayed when you configure the key-chain keyword to generate a password:
Router(config)# mpls ldp password option 0 for acl1 key-chain MyKeyChainThe key chain "MyKeyChain" consists of a series of keys, each with an acceptance interval:
Key-chain MyKeyChain:key 1 -- text "first_key"accept lifetime (00:00:00 GMT Jan 1 2010) - (18:58:00 GMT Dec 8 2010)send lifetime (00:00:00 GMT Jan 1 2010) - (18:56:00 GMT Dec 8 2010)key 10 -- text "10_key_ten_begin"accept lifetime (18:52:00 GMT Dec 8 2010) - (960 seconds)send lifetime (18:55:00 GMT Dec 8 2010) - (600 seconds)key 20 -- text "20_key_20_20_20_20_20_20_20_20_20_20_20_20_20_"accept lifetime (19:02:00 GMT Dec 8 2010) - (960 seconds)send lifetime (19:05:00 GMT Dec 8 2010) - (600 seconds)key 30 -- text "30_key_30_30_30_30_30_30_30_30_30_30_30_30_30_"accept lifetime (19:12:00 GMT Dec 8 2010) - (960 seconds)send lifetime (19:15:00 GMT Dec 8 2010) - (600 seconds)key 40 -- text "key_forty_endgame"accept lifetime (19:12:00 GMT Dec 8 2010) - (infinite) [valid now]send lifetime (19:15:00 GMT Dec 8 2010) - (infinite) [valid now]A
[valid now]
key is selected as the current MD5 password. If the selected key exceeds 25 characters, only the first 25 characters are used for the MD5 password. When you configure the mpls ldp password option command with the key-chain keyword, a notification is displayed to remind you that the MD5 password used may be shorter than the key string:% Only first 25 characters of key chain keys can be used for MD5 encryption
Note This notification is displayed every 15 minutes. If it has been less than 15 minutes since you last entered the mpls ldp password option command with the key-chain keyword, this notification is not displayed.
Whenever LDP truncates a key from a key chain for the encrypted LDP session, a notice message of the following format is also logged:
%LDP-5-PWDKEYTRUNC: MD5 digest uses 25 chars of longer transmit/receive key(s) for peer <Routerid>The following is an example of a log created when a key chain key exceeds 25 characters:
*Dec 17 02:45:31.831: %LDP-5-PWDKEYTRUNC: MD5 digest uses 25 chars of longer transmit/receive key(s) for peer 3.3.3.30Examples
The following example shows how to configure an MD5 password for an LDP session with neighbors whose LDP router IDs are permitted by access list 10:
Router> enableRouter# configure terminalRouter(config)# mpls ldp password option 6 for 10 password1Router(config)# exitThe password, called password1 in the above example, is unencrypted.
Related Commands
mpls ldp password required
To specify that Label Distribution Protocol (LDP) must use a password for an attempt to establish a session between LDP peers, use the mpls ldp password required command in global configuration mode. To remove the requirement that a password be used for a session with LDP, use the no form of this command.
mpls ldp [vrf vrf-name] password required [for acl]
no mpls ldp [vrf vrf-name] password required [for acl]
Syntax Description
Defaults
If the vrf keyword is not specified in the command, the command applies to the global routing table.
Command Modes
Global configuration
Command History
Usage Guidelines
This command specifies that LDP must always use a password for an attempt to establish a session. If LDP cannot determine the password to use for an LDP session with a neighbor, an LDP session is not established.
The vrf keyword is available when you have configured a VRF on the LSR. If you specify a vrf-name argument and a VRF with that name is not configured on the LSR, a warning message is displayed and the command is discarded. If you remove a VRF, you also delete the password configured for that VRF.
Each VRF or global routing table can have zero or one mpls ldp password required command.
Examples
The following example shows how to specify that LDP must use a password for an attempt to establish a session between LDP peers:
Router> enableRouter# configure terminalRouter(config)# mpls ldp password requiredRelated Commands
mpls ldp password rollover duration
To configure the duration before the new password takes effect on an MPLS label switch router (LSR), use the mpls ldp password rollover duration command in global configuration mode. To disable duration of a password rollover, use the no form of this command.
mpls ldp [vrf vrf-name] password rollover duration minutes
no mpls ldp [vrf vrf-name] password rollover duration minutes
Syntax Description
Defaults
The MD5 password for LDP is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
A lossless password rollover takes effect after the configured duration when passwords are configured without the use of a key chain.
Examples
The following example shows how to configure the duration before the new password takes effect on an LSR so there is enough time to successfully change all the passwords on all of the routers. In this example, a duration of 10 minutes is configured before the rollover occurs.
mpls ldp password rollover duration 10Related Commands
mpls ldp path-vector maxlength
To set the maximum number of router IDs permitted in a path vector type, length, value (TLV) used to perform path vector loop detection, use the mpls ldp path-vector maxlength command in global configuration mode. To return the path vector maximum length to the default behavior, use the no form of this command.
mpls ldp path-vector maxlength number
no mpls ldp path-vector maxlength
Syntax Description
Command Default
If you do not configure this command, the default path vector maximum length value is whatever value is configured for the mpls ldp maxhops command. If you reconfigure the maximum hops value, the path vector maximum length value automatically changes to the new maximum hops value. If the mpls ldp maxhops command is not configured, the default value is 254.
Command Modes
Global configuration
Command History
Release Modification12.3(19)
This command was introduced.
12.4(8)
This command was integrated into Cisco IOS Release 12.4(8).
12.4(9)T
This command was integrated into Cisco IOS Release 12.4(9)T.
Usage Guidelines
When an ATM label switch router (LSR) initiates a request for a label binding, and path vector loop detection is enabled, the request includes a path vector TLV that contains the router ID of the requesting router. Subsequent ATM LSRs along the path to the edge of the ATM label switching region add their router IDs to the path vector before forwarding the Label Request message to the next hop.
When an ATM LSR receives a Label Request message, it does not send a Label Mapping message in response, nor does it propagate the request to the destination next hop if a loop is detected by the path vector feature. Instead, the ATM LSR returns an error message that specifies that a loop has been detected. A loop is detected if either of the following occurs:
•The path vector length in the request equals or exceeds the configured Path Vector Limit value configured by the mpls ldp path-vector maxlength command.
•The receiving ATM LSR finds its own router ID within the path vector list.
Like the maximum hop count, the path vector limit threshold is used to prevent forwarding loops in the setting up of label switch path (LSPs) across an ATM region.
If you configured the mpls ldp loop-detection command for ATM LSRs that are sending and receiving Label Request and Label Map messages, you might want to inhibit the use of the path vector for loop detection (mpls ldp path-vector maxlength 0 command).
To return the maximum path vector length to its default value, which is whatever value is configured for the mpls ldp maxhops command, use the no form of the mpls lsp path-vector maxlength command.
Examples
The following example shows how to set the maximum path vector length to 100 router IDs:
configure terminalmpls ldp path-vector maxlength 100exitThe following example shows the maximum path vector length set to 254, which is verified by you looking at the output from the show mpls ldp parameters command or the show mpls ldp neighbors detail command:
configure terminalmpls ldp path-vector maxlength 254exitRouter# show mpls ldp parametersProtocol version: 1Downstream label generic region: min label: 16; max label: 100000Session hold time: 180 sec; keep alive interval: 60 secDiscovery hello: holdtime: 15 sec; interval: 5 secDiscovery targeted hello: holdtime: 90 sec; interval: 10 secDownstream on Demand max hop count: 4Downstream on Demand Path Vector Limit: 254 !Verifies maximum path-vector length is 254.!LDP for targeted sessionsLDP initial/maximum backoff: 15/120 secLDP loop detection: onRouter#Router# show mpls ldp neighbor detailPeer LDP Ident: 10.0.3.33:1; Local LDP Ident 10.0.2.93:1TCP connection: 10.0.3.33.53366 - 10.0.2.93.646State: Oper; Msgs sent/rcvd: 132/123; Downstream on demandUp time: 00:24:27; UID: 5; Peer Id 0;LDP discovery sources:Switch1.1; Src IP addr: 10.0.3.33holdtime: 15000 ms, hello interval: 5000 msPeer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estabClients: TC ATMPath Vector Loop Detection Peer/Local: On/OnPath Vector Limit Peer/Local: 4/254 ! Verifies the maximum path-vector length is 254.Router#Related Commands
mpls ldp router-id
To specify a preferred interface for the Label Distribution Protocol (LDP) router ID, use the mpls ldp router-id command in global configuration mode. To disable the interface from being used as the LDP router ID, use the no form of this command.
mpls ldp router-id [vrf vrf-name] interface [force]
no mpls ldp router-id [vrf vrf-name] [interface [force]]
Cisco CMTS Routers
mpls ldp router-id gigabitethernet slot/subslot/port [force]
no mpls ldp router-id gigabitethernet slot/subslot/port [force]
Syntax Description
Command Default
If the mpls ldp router-id command is not executed, the router determines the LDP router ID as follows:
1. The router examines the IP addresses of all operational interfaces.
2. If these IP addresses include loopback interface addresses, the router selects the largest loopback address as the LDP router ID.
3. Otherwise, the router selects the largest IP address pertaining to an operational interface as the LDP router ID.
Command Modes
Global configuration
Command History
Usage Guidelines
The mpls ldp router-id command allows you to use the IP address of an interface as the LDP router ID.
The following steps describe the normal process for determining the LDP router ID:
1. The router considers all the IP addresses of all operational interfaces.
2. If these addresses include loopback interface addresses, the router selects the largest loopback address. Configuring a loopback address helps ensure a stable LDP ID for the router, because the state of loopback addresses does not change. However, configuring a loopback interface and IP address on each router is not required.
The loopback IP address does not become the router ID of the local LDP ID under the following circumstances:
–If the loopback interface has been explicitly shut down.
–If the mpls ldp router-id command specifies that a different interface should be used as the LDP router ID.
If you use a loopback interface, make sure that the IP address for the loopback interface is configured with a /32 network mask. In addition, make sure that the routing protocol in use is configured to advertise the corresponding /32 network.
3. Otherwise, the router selects the largest interface address.
The router might select a router ID that is not usable in certain situations. For example, the router might select an IP address that the routing protocol cannot advertise to a neighboring router.
The router implements the router ID the next time it is necessary to select an LDP router ID. The effect of the command is delayed until the next time it is necessary to select an LDP router ID, which is typically the next time the interface is shut down or the address is deconfigured.
If you use the force keyword with the mpls ldp router-id command, the router ID takes effect more quickly. However, implementing the router ID depends on the current state of the specified interface:
•If the interface is up (operational) and its IP address is not currently the LDP router ID, the LDP router ID is forcibly changed to the IP address of the interface. This forced change in the LDP router ID tears down any existing LDP sessions, releases label bindings learned via the LDP sessions, and interrupts MPLS forwarding activity associated with the bindings.
•If the interface is down, the LDP router ID is forcibly changed to the IP address of the interface when the interface transitions to up. This forced change in the LDP router ID tears down any existing LDP sessions, releases label bindings learned via the LDP sessions, and interrupts MPLS forwarding activity associated with the bindings.
The following behaviors apply to the default VRF as well as to VRFs that you explicitly configure with the vrf vrf-name keyword/argument pair:
•The interface you select as the router ID of the VRF must be associated with the VRF.
•If the interface is no longer associated with the VRF, the mpls ldp router-id command that uses the interface is removed.
•If the selected interface is deleted, the mpls ldp router-id command that uses the interface is removed.
•If you delete a VRF that you configured, the mpls ldp router-id command for the deleted VRF is removed. The default VRF cannot be deleted.
Examples
The following example shows that the POS2/0/0 interface has been specified as the preferred interface for the LDP router ID. The IP address of that interface is used as the LDP router ID.
Router(config)# mpls ldp router-id pos2/0/0The following example shows that the Ethernet 1/0 interface, which is associated with the VRF vpn-1, is the preferred interface. The IP address of the interface is used as the LDP router ID.
Router(config)# mpls ldp router-id vrf vpn-1 eth1/0
Related Commands
mpls ldp session protection
To enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) autoconfiguration for existing LDP sessions or when new sessions are established, use the mpls ldp session protection command in global configuration mode. To disable this feature, use the no form of this command.
mpls ldp session protection [vrf vpn-name] [for acl] [duration {infinite | seconds}]
no mpls ldp session protection [vrf vpn-name] [for acl] [duration {infinite | seconds}]
Syntax Description
Defaults
LDP sessions are not established.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported under the following circumstances:
•With TDP sessions
•With extended access lists
•With LC-ATM routers
If you issue the mpls ldp session protection command without the duration keyword, then session protection is enabled for 86400 seconds (24 hours) meaning that the LDP Targeted Hello Adjacency is retained for 24 hours after a link is lost. This is the default timeout.
If you issue the mpls ldp session protection duration infinite command, then session protection is enabled forever meaning that the LDP Targeted Hello Adjacency is retained forever after a link is lost.
If you issue the mpls ldp session protection duration seconds command, then session protection is enabled for the number of seconds indicated meaning that the LDP Targeted Hello Adjacency is retained for that amount of time. For example, if you issued mpls ldp session protection duration 100, then the LDP Targeted Hello Adjacency is retained for 100 seconds after a link is lost.
Examples
In the following example, MPLS LDP Autoconfiguration is enabled for LDP sessions for peers whose router IDs are listed in access control list rtr4:
Router(config)# mpls ldp session protection for rtr4
Related Commands
Command Descriptionclear mpls ldp neighbor
Forcibly resets an LDP session.
show mpls ldp neighbor
Displays the contents of the LDP.
mpls ldp sync
To enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP)-Interior Gateway Protocol (IGP) synchronization on interfaces for an Open Shortest Path First (OSPF) process or an Intermediate System-to-Intermediate System (IS-IS) process, use the mpls ldp sync command in router configuration mode. To disable this feature, use the no form of this command.
mpls ldp sync
no mpls ldp sync
Syntax Description
This command has no arguments or keywords.
Command Default
MPLS LDP-IGP synchronization is not enabled on interfaces belonging to the OSPF or IS-IS processes.
Command Modes
Router configuration
Command History
Usage Guidelines
If the mpls ldp sync command is configured, you cannot enter the global no mpls ip command. If you want to disable LDP synchronization, you must enter the no mpls ldp igp sync command first.
The mpls ldp sync command is supported with OSPF or IS-IS. Other IGPs are not supported.
Examples
In the following example, MPLS LDP-IGP synchronization is enabled for an OSPF process or an IS-IS process:
Router(config-router)# mpls ldp sync
Related Commands
mpls ldp tcp pak-priority
To give high priority to Label Distribution Protocol (LDP) messages sent by a router locally using Transmission Control Protocol (TCP) connections, use the mpls ldp tcp pak-priority command in global configuration mode. To keep LDP messages at normal priority, use the no form of this command.
mpls ldp tcp pak-priority
no mpls ldp tcp pak-priority
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command allows you to set high priority for LDP messages sent by a router locally using TCP connections.
During heavy network traffic, LDP session keepalive messages can be dropped from the outgoing interface output queue. As a result, keepalives can timeout causing LDP sessions to go down.
First, to avoid session loss due to keepalive timeouts, configure the quality of service (QoS) and differentiated services code point (DSCP) for packets with type of service (ToS) bits set to 6. This configuration guarantees that packets with a ToS bit precedence value of 6 receive a specified percentage of the bandwidth of the designated outgoing links. Second, if you still experience a problem, use the mpls ldp tcp pak-priority command.
Note Previously established LDP sessions are not affected when you issue the mpls ldp tcp pak-priority or the no mpls ldp tcp pak-priority command.
Examples
The following example gives LDP session messages sent by a router high priority locally:
Router(config)# mpls ldp tcp pak-priorityRelated Commands
mpls load-balance per-label
To enable the load balancing for the tag-to-tag traffic, use the mpls load-balance per-label command in global configuration mode. To return to the default settings, use the no form of this command.
mpls load-balance per-label
no mpls load-balance per-label
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
When you enable load balancing for the tag-to-tag traffic, the traffic is balanced based on the incoming label (per prefix) among Multiprotocol Label Switching (MPLS) interfaces. Each MPLS interface supports an equal number of incoming labels.
You can use the show mpls ttfib command to display the incoming label (indicated by an asterisk) that is included in the load balancer.
Examples
This example shows how to enable the load balancing for the tag-to-tag traffic:
Router(config)# mpls load-balance per-labelRouter(config)#This example shows how to disable the load balancing for the tag-to-tag traffic:
Router(config)# no mpls load-balance per-labelRouter(config)#Related Commands
mpls mtu
To set the per-interface Multiprotocol Label Switching (MPLS) maximum transmission unit (MTU) for labeled packets, or to set the maximum MTU on the L3VPN profile, use the mpls mtu command in interface configuration mode or L3VPN encapsulation configuration mode respectively. To restore the MPLS MTU to the default value, use the no form of this command.
Interface Configuration Mode
mpls mtu [override] bytes
no mpls mtu
L3VPN Encapsulation Configuration Mode
mpls mtu max
no mpls mtu max
Syntax Description
Command Default
The default MPLS MTU is the MTU that is configured for the interface.
Command Modes
Interface configuration (config-if)
L3VPN encapsulation configuration (config-l3vpn-encap-ip)Command History
Usage Guidelines
Usage Guidelines for Cisco IOS Release 12.2(25)S
Caution Although you can set the MPLS MTU to a value greater than the interface MTU, you can set the MPLS MTU to less than or equal to the interface MTU to prevent data corruption, dropped packets, and high CPU conditions. A best practice is to set the interface MTU of the core-facing interface to a value greater than either the IP MTU or the interface MTU of the edge-facing interface.
If the interface MTU is less than 1524 bytes, you can set the maximum MPLS MTU to 24 bytes more than the interface MTU. For example, if the interface MTU is set to 1510 bytes, then you can set the maximum MPLS MTU to 1534 bytes (1510 + 24).
If the interface MTU is greater than or equal to 1524 bytes, then you can set the maximum MPLS MTU as high as the interface MTU. For example, if the interface MTU is set to 1600 bytes, then you can set the MPLS MTU to a maximum of 1600 bytes. If you set the MPLS MTU to a value higher than the interface MTU, traffic is dropped.
For interfaces that do not allow you to configure the interface MTU value and for interfaces where the MTU is 1500 bytes, the MPLS MTU range is from 64 to 1524 bytes.
If you upgrade to Cisco IOS Release 12.2(25)S from an earlier release and you have an MPLS MTU setting that does not conform to these guidelines, the system will not accept the MPLS MTU setting. You must reconfigure the MPLS MTU setting to conform to the guidelines.
Usage Guidelines for Cisco IOS Release 12.2(27)SBC, 12.2(33)SRA, 12.4(11)T, 12.2(33)SXH, and Later Releases
In Cisco IOS Release 12.2(27)SBC, 12.2(33)SRA, 12.4(11)T, 12.2(33)SXH, and later releases, you cannot set the MPLS MTU to a value larger than the interface MTU value. This is to prevent conditions such as dropped packets, data corruption, and high CPU rates.
•If you attempt to set the MPLS MTU to a value higher than the interface MTU value, the software displays the following error, which prompts you to set the interface MTU to a higher value before you set the MPLS MTU value:
% Please increase interface mtu to xxxx and then set mpls mtu
•If you have an interface with a default interface MTU value of 1580 or less (such as an Ethernet interface), the mpls mtu command provides the override keyword, which allows you to set the MPLS MTU to a value higher than the interface MTU value. The override keyword is not available for interface types that do not have a default interface MTU value of 1580 or less.
Note The override keyword is supported in 12.2(27)SBC, 12.2(33)SRA, 12.4(11)T, 12.2(33)SXH, and later releases.
•If you have configuration files with MPLS MTU values that are larger than the interface MTU values and you upgrade to Cisco IOS Release 2.2(27)SBC, 12.2(33)SRA, 12.4(11)T, 12.2(33)SXH, or a later release, the software does not change the MPLS MTU value. When you reboot the router, the software accepts whatever values are set for the MPLS MTU and the interface MTU. The following error message is displayed during system initialization:
Setting the mpls mtu to xxxx on interface x/x, which is higher than the interface MTU xxxx. This could lead to packet forwarding problems including packet drops.Set the MPLS MTU values lower than the interface MTU values.
Caution If you do not set the MPLS MTU to a value less than or equal to the interface MTU, data corruption, dropped packets, and high CPU conditions can occur.
•Changing the interface MTU can also modify the IP MTU, Connectionless Network Service (CLNS) MTU, and other MTU values, if they depend on the value of the interface MTU. The Open Shortest Path First (OSPF) routing protocol requires that the IP MTU values match on both ends of the link. Similarly, the Intermediate System-to-Intermediate System (IS-IS) routing protocol requires that the CLNS MTU values match on both ends of the link. If the values on both ends of the link do not match, IS-IS or OSPF cannot complete its initialization.
Usage Guidelines for Cisco IOS XE Release 2.6.0 and Cisco IOS Release 15.1(1)T
•You can set the MPLS MTU value for a GRE tunnel interface to either the default value or the maximum value that is supported by the platform for the interface.
•The mpls mtu max command allows previously dropped packets to pass through the GRE tunnel by fragmentation on the underlying physical interface.
•The MPLS MTU value cannot be greater than the interface MTU value for non-GRE tunnels.
Usage Guidelines for Cisco IOS Release 15.1(2)S
•You can use the mpls mtu max command in L3VPN encapsulation configuration mode to set the the MPLS MTU to the maximum value on L3VPN profiles.
•The no form of this command restores the MPLS MTU to the default value.
General Usage Guidelines
•ATM interfaces cannot accommodate packets that exceed the Segmentation and Reassembly (SAR) buffer size because labels are added to the packet. The bytes argument refers to the number of bytes in the packet before the addition of any labels. If each label is 4 bytes, the maximum value of bytes on an ATM interface is the physical MTU minus 4*x bytes, where x is the number of labels expected in the received packet.
•If a labeled IPv4 packet exceeds the MPLS MTU size for the interface, the Cisco IOS software fragments the packet. If a labeled non-IPv4 packet exceeds the MPLS MTU size, the packet is dropped.
•All devices on a physical medium must have the same MPLS MTU value in order for MPLS to interoperate.
•The MTU for labeled packets on an interface is determined as follows:
–If the mpls mtu bytes command has been used to configure an MPLS MTU, the MTU for labeled packets is the bytes value.
–Otherwise, the MTU for labeled packets is the default MTU for the interface.
•Because labeling a packet makes it large due to the label stack, you may want the MPLS MTU to be larger than the interface MTU or IP MTU in order to prevent the fragmentation of the labeled packets, which would not be fragmented if they were unlabeled. In Cisco IOS Release 12.2(25)S and later releases, the MPLS MTU cannot be larger than the interface MTU.
•Changing the interface MTU value (using the mtu command) can affect the MPLS MTU of the interface. If the MPLS MTU value is the same as the interface MTU value (this is the default value), and you change the interface MTU value, the MPLS MTU value will automatically be set to this new MTU. However, the reverse is not true; changing the MPLS MTU value has no effect on the interface MTU.
Examples
The following example shows how to set the MPLS MTU value:
Router(config-if)# mpls mtu 1520The following example shows the MPLS MTU value for a serial interface:Router (config)# interface Serial4/0Router (config-if)# mtu 1520Router (config-if)# ip unnumbered Loopback0Router (config-if)# mpls mtu 1510Router (config-if)# mpls traffic-eng tunnelsRouter (config-if)# mpls ipRouter (config-if)# serial restart-delay 0Router (config-if)# ip rsvp bandwidth 2000 2000The following example displays the maximum labeled packet size for the Fast Ethernet interface, which is common in an MPLS core carrying MPLS Virtual Private Network (VPN) traffic:
Router (config)# interface Fastethernet0Router (config-if)# mpls mtu override 1508The following example shows how to set the MPLS MTU value to the maximum MTU on L3VPN profiles:Router(config)# l3vpn encapsulation ip profileRouter(config-l3vpn-encap-ip)# mpls mtu maxRelated Commands
Command Descriptionmtu
Sets the MTU size for the interface.
show mpls interfaces detail
Displays detailed information about the interfaces that are configured for label switching.
mpls netflow egress
To enable Multiprotocol Label Switching (MPLS) egress NetFlow accounting on an interface, use the mpls netflow egress command in interface configuration mode. To disable MPLS egress NetFlow accounting, use the no form of this command.
mpls netflow egress
no mpls netflow egress
Syntax Description
This command has no arguments or keywords.
Command Default
This command is disabled.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Use this command to configure the provider edge (PE) to customer edge (CE) interface of a PE router.
Examples
The following example shows how to enable MPLS egress NetFlow accounting on the egress PE interface that connects to the CE interface at the destination Virtual Private Network (VPN) site:
Router(config-if)# mpls netflow egressRelated Commands
mpls oam
To enter MPLS OAM configuration mode for customizing the default behavior of echo packets, use the mpls oam command in global configuration mode. To disable MPLS OAM functionality, use the no format of this command.
mpls oam
no mpls oam
Syntax Description
This command has no arguments or keywords.
Command Default
Customizing the default behavior of echo packets is enabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
After you enter the mpls oam command, you can enter the echo command in MPLS OAM configuration mode to specify the revision number of the echo packet's default values or to send the vendor's extension type, length, values (TLVs) with the echo packet.
Examples
The following example enters MPLS OAM configuration mode for customizing the default behavior of echo packets:
mpls oamRelated Commands
mpls prefix-map
Note Effective with Cisco IOS Release 12.4(20)T, the mpls prefix-map command is not available in Cisco IOS software.
To configure a router to use a specified quality of service (QoS) map when a label destination prefix matches the specified access list, use the mpls prefix-map command in ATM subinterface submode.
mpls prefix-map prefix-map access-list access-list cos-map cos-map
Syntax Description
prefix-map
Unique number for a prefix map.
access-list access list
Unique number for a simple IP access list.
cos-map cos-map
Unique number for a QoS map.
Defaults
No access list is linked to a QoS map.
Command Modes
ATM subinterface submode (config-subif)
Command History
Usage Guidelines
This mpls prefix-map command links an access list to a QoS map when a label distribution prefix matches the specified access list.
Examples
The following example shows how to link an access list to a QoS map:
Router(config-subif)# mpls prefix-map 55 access-list 55 cos-map 55Related Commands
Command Descriptionshow mpls prefix-map
Displays the prefix map used to assign a QoS map to network prefixes that match a standard IP access list.
mpls request-labels for
Note Effective with Cisco IOS Release 12.4(20)T, the mpls request-labels for command is not available in Cisco IOS software.
To restrict the creation of label switched paths (LSPs) through the use of access lists on the label switch controller (LSC) or label edge router (LER), use the mpls request-labels for command in global configuration mode. To restrict the creation of LSPs through the use of access lists on the LSC or LER, use the no form of this command.
mpls request-labels for access-list
no mpls request-labels for
Syntax Description
Defaults
No LSPs are created using access lists on the LCS or LER.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The command includes the following usage guidelines:
•You can specify either an access list number or name.
•When you create an access list, the end of the access list contains an implicit deny statement for everything if it did not find a match before reaching the end.
•If you omit the mask from an IP host address access list specification, 0.0.0.0 is assumed to be the mask.
Examples
The following example shows how to prevent headend label switched controlled virtual circuits (LVCs) from being established from the LSC to all 192.168.x.x destinations. The following commands are added to the LSC configuration:
Router(config)# mpls request-labels for 1Router(config)# access-list 1 deny 192.168.0.0 0.255.255.255Router(config)# access-list 1 permit anyRelated Commands
Command Descriptionaccess list
Creates access lists.
ip access-list
Permits or denies access to IP addresses.
mpls static binding ipv4
To bind a prefix to a local or remote label, use the mpls static binding ipv4 command in global configuration mode. To remove the binding between the prefix and label, use the no form of this command.
mpls static binding ipv4 prefix mask {label | input label | output nexthop {explicit-null | implicit-null | label}}
no mpls static binding ipv4 prefix mask {label | input label | output nexthop {explicit-null | implicit-null | label}}
Syntax Description
Command Default
Prefixes are not bound to local or remote labels.
Command Modes
Global configuration
Command History
Usage Guidelines
The mpls static binding ipv4 command pushes bindings into Label Distribution Protocol (LDP). LDP then needs to match the binding with a route in the Routing Information Base (RIB) or Forwarding Information Base (FIB) before installing forwarding information.
The mpls static binding ipv4 command installs the specified bindings into the LDP Label Information Base (LIB). LDP will install the binding labels for forwarding use if or when the binding prefix or mask matches a known route.
Static label bindings are not supported for local prefixes, which are connected networks, summarized routes, default routes, and supernets. These prefixes use implicit-null or explicit-null as the local label.
If you do not specify the input or output keyword, input (local label) is assumed.
For the no form of the command:
•If you specify the command name without any keywords or arguments, all static bindings are removed.
•Specifying the prefix and mask but no label parameters removes all static bindings for that prefix or mask.
Examples
In the following example, the mpls static binding ipv4 command configures a static prefix and label binding before the label range is reconfigured to define a range for static assignment. The output of the command indicates that the binding has been accepted, but cannot be used for MPLS forwarding until you configure a range of labels for static assignment that includes that label.
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# mpls static binding ipv4 10.0.0.0 255.0.0.0 55% Specified label 55 for 10.0.0.0/8 out of configured% range for static labels. Cannot be used for forwarding until% range is extended.Router(config)# endThe following mpls static binding ipv4 commands configure input and output labels for several prefixes:
Router(config)# mpls static binding ipv4 10.0.0.0 255.0.0.0 55Router(config)# mpls static binding ipv4 10.0.0.0 255.0.0.0 output 10.0.0.66 2607Router(config)# mpls static binding ipv4 10.66.0.0 255.255.0.0 input 17Router(config)# mpls static binding ipv4 10.66.0.0 255.255.0.0 output 10.13.0.8 explicit-nullRouter(config)# endThe following show mpls static binding ipv4 command displays the configured bindings:
Router# show mpls static binding ipv410.0.0.0/8: Incoming label: 55Outgoing labels:10.0.0.66 260710.66.0.0/24: Incoming label: 17Outgoing labels:10.13.0.8 explicit-nullRelated Commands
Command Descriptionshow mpls forwarding-table
Displays labels currently being used for MPLS forwarding.
show mpls label range
Displays statically configured label bindings.