Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

MPLS ingress LER

Hi,

How to deny packets with labels on a ingress LER?

For example, if a LER receives a labeled packet, may it refuses this packet?

If you have documents, rfc, which refers to this mechanism, I am interested

 

Thx

P.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi,

Hi,

 

If you receive labeled packet on an interface which is not MPLS interface (like PE-CE) or may be with wrong label, packet will be discarded.

http://www.faqs.org/rfcs/rfc4381.html

For security reasons, a PE router should never accept a packet with a
   label from a CE router.

http://www.faqs.org/rfcs/rfc3031.html

 

3.18. Invalid Incoming Labels

   What should an LSR do if it receives a labeled packet with a
   particular incoming label, but has no binding for that label?  It is
   tempting to think that the labels can just be removed, and the packet
   forwarded as an unlabeled IP packet.  However, in some cases, doing
   so could cause a loop.  If the upstream LSR thinks the label is bound
   to an explicit route, and the downstream LSR doesn't think the label
   is bound to anything, and if the hop by hop routing of the unlabeled
   IP packet brings the packet back to the upstream LSR, then a loop is
   formed.

   It is also possible that the label was intended to represent a route
   which cannot be inferred from the IP header.

   Therefore, when a labeled packet is received with an invalid incoming
   label, it MUST be discarded, UNLESS it is determined by some means
   (not within the scope of the current document) that forwarding it
   unlabeled cannot cause any harm.
4 REPLIES
Cisco Employee

Hi, Please explain your

Hi,

 

Please explain your requirement clearly. If a router is advertising label then only it will receive labeled packets. If you don't advertise label then you wont receive traffic. We can control advertising label for particular prefix  with help of command 

 

mpls ldp advertise-labels

 

To control the distribution of locally assigned (incoming) labels by means of label distribution protocol (LDP), use the mpls ldp advertise-labelscommand in global configuration mode. To disable this feature, use the no form of this command.

mpls ldp advertise-labels [ vrf vpn-name ] [ interface interface | for prefix-access-list [ to peer-access-list ] ]

no mpls ldp advertise-labels [ vrf vpn-name ] [ interface interface | for prefix-access-list [ to peer-access-list ] ]

-Akash

Community Member

Thank for your reply. I would

Thank for your reply.

 

I would like to know if an ingress LER can accept labelled packet from a CE.

I know that normally, a CE send an IP packet (unlabelled) and the LER push a tag. But if a CE sends a labelled packet what happen?

 

P.

 

Cisco Employee

Hi,

Hi,

 

If you receive labeled packet on an interface which is not MPLS interface (like PE-CE) or may be with wrong label, packet will be discarded.

http://www.faqs.org/rfcs/rfc4381.html

For security reasons, a PE router should never accept a packet with a
   label from a CE router.

http://www.faqs.org/rfcs/rfc3031.html

 

3.18. Invalid Incoming Labels

   What should an LSR do if it receives a labeled packet with a
   particular incoming label, but has no binding for that label?  It is
   tempting to think that the labels can just be removed, and the packet
   forwarded as an unlabeled IP packet.  However, in some cases, doing
   so could cause a loop.  If the upstream LSR thinks the label is bound
   to an explicit route, and the downstream LSR doesn't think the label
   is bound to anything, and if the hop by hop routing of the unlabeled
   IP packet brings the packet back to the upstream LSR, then a loop is
   formed.

   It is also possible that the label was intended to represent a route
   which cannot be inferred from the IP header.

   Therefore, when a labeled packet is received with an invalid incoming
   label, it MUST be discarded, UNLESS it is determined by some means
   (not within the scope of the current document) that forwarding it
   unlabeled cannot cause any harm.
Community Member

Ok thx you for your answer.

Ok thx you for your answer.

223
Views
0
Helpful
4
Replies
CreatePlease to create content