Re: LDP/TDP from srinivas pv on 2009-08-16 (Ccielab archives 08/2009)

From: srinivas pv <vsrinivas.paturi_at_gmail.com>
Date: Sun, 16 Aug 2009 17:31:50 +0530

Yes. Thats correct and thats what I mentioned.

Even if we configure 'mpls ldp neighbor password' for TDP neighbors, this
password setting will not be applicable for TDP neighbors.

Thanks,
Srinivas

On Sat, Aug 15, 2009 at 7:29 PM, Rick Mur <rmur_at_ipexpert.com> wrote:

> TDP doesn't support any authentication (like MD5 in LDP).
> It's true that 'mpls ldp neighbor' covers both LDP and TDP settings, only
> the password setting would be ignored.
>
> It's not possible to secure your TDP neighbor session, so if a task asks
> you to configure an authenticated label distribution protocol you are
> certain of using LDP.
>
> --
> Regards,
>
> Rick Mur
> CCIE2 #21946 (R&S / Service Provider)
> Juniper JNCIA-ER & JNCIA-EX
> MCSA:Messaging, MCSE
> Sr. Support Engineer IPexpert, Inc.
> URL: http://www.IPexpert.com
>
> On 12 aug 2009, at 15:53, Shaughn Smith wrote:
>
> R5 has defaulted to TDP due to you not specifying LDP from what I can see.
>>
>> You can use Mpls ldp neighbor xxxx password to authenticate your LDP/TDP
>> sessions
>>
>> From: Splinter [mailto:splinter330_at_gmail.com]
>> Sent: Wednesday, August 12, 2009 3:44 PM
>> To: srinivas pv
>> Cc: Shaughn Smith; Cisco certification
>> Subject: Re: LDP/TDP
>>
>> here it is...
>>
>> R5:
>>
>> R5#sh tag-switching tdp neighbor
>> Peer TDP Ident: 172.10.59.9:0<http://172.10.59.9:0>; Local TDP Ident
>> 172.10.0.5:0<http://172.10.0.5:0>
>> TCP connection: 172.10.59.9.16722 - 172.10.0.5.711
>> State: Oper; PIEs sent/rcvd: 6/6; ; Downstream
>> Up time: 00:02:28
>> TDP discovery sources:
>> FastEthernet0/1.59, Src IP addr: 172.10.59.9
>> Addresses bound to peer TDP Ident:
>> 172.10.59.9
>>
>> R5#sh tag-switching tdp discovery
>> Local TDP Identifier:
>> 172.10.0.5:0<http://172.10.0.5:0>
>> TDP Discovery Sources:
>> Interfaces:
>> FastEthernet0/1.59: xmit/recv
>> TDP Id: 172.10.59.9:0<http://172.10.59.9:0>
>>
>> R5#sh run int fa0/1.59
>> Building configuration...
>>
>> Current configuration : 196 bytes
>> !
>> interface FastEthernet0/1.59
>> encapsulation dot1Q 59
>> ip address 172.10.59.5 255.255.255.0
>> tag-switching ip
>> end
>>
>> R5#
>>
>> R9:
>>
>> R9#sh mpls ldp neighbor vrf ABC
>> Peer TDP Ident: 172.10.0.5:0<http://172.10.0.5:0>; Local TDP Ident
>> 172.10.59.9:0<http://172.10.59.9:0>
>> TCP connection: 172.10.0.5.711 - 172.10.59.9.16722
>> State: Oper; PIEs sent/rcvd: 0/6; Downstream
>> Up time: 00:02:04
>> TDP discovery sources:
>> FastEthernet0/0.59, Src IP addr: 172.10.59.5
>> Addresses bound to peer TDP Ident:
>> 172.10.59.5 172.10.0.5
>>
>> R9#sh mpls ldp discovery
>> Local LDP Identifier:
>> 10.10.0.9:0<http://10.10.0.9:0>
>> Discovery Sources:
>> Interfaces:
>> FastEthernet0/0.69 (ldp): xmit/recv
>> LDP Id: 10.10.0.6:0<http://10.10.0.6:0>
>> R9#
>>
>> R9#
>> R9#sh run int fa0/0.59
>> Building configuration...
>>
>> Current configuration : 235 bytes
>> !
>> interface FastEthernet0/0.59
>> encapsulation dot1Q 59
>> ip vrf forwarding ABC
>> ip address 172.10.59.9 255.255.255.0
>> mpls label protocol tdp
>> mpls ip
>> end
>>
>> R9#
>>
>> On Wed, Aug 12, 2009 at 3:07 PM, srinivas pv
>> <vsrinivas.paturi_at_gmail.com<mailto:vsrinivas.paturi_at_gmail.com>> wrote:
>> I am also thinking, how ldp/tdp up between ldp and tdp routers?
>> could you give show mpls ldp neighbor outputs on both routers?
>>
>> Thanks,
>> Srinivas
>>
>> On Wed, Aug 12, 2009 at 6:34 PM, Shaughn Smith
>> <Shaughn.Smith_at_mtnbusiness.co.za<mailto:Shaughn.Smith_at_mtnbusiness.co.za>>
>> wrote:
>>
>> If you have LDP on the PE router, and have specified TDP on the CE then I
>> don't think the MPLS LDP/TDP relationship is up.
>>
>> They both need to be the same, or you can run mpls label protocol both.
>>
>> But if the relationship is up then the command mpls ldp neighbor xxxx
>> password
>> will work
>>
>>
>>
>> From: Splinter [mailto:splinter330_at_gmail.com<mailto:splinter330_at_gmail.com
>> >]
>> Sent: Wednesday, August 12, 2009 3:03 PM
>> To: Shaughn Smith
>> Cc: srinivas pv; Cisco certification
>> Subject: Re: LDP/TDP
>>
>>
>>
>> Sorry I did not give enough info...
>>
>> 7200 PE router is running LDP and on the interface connected to the CE
>> 2600
>> TDP router i have
>> "mpls label protocol tdp"
>>
>> my mpls LDP/TDP neighbor is up now i need to runn authentication between
>> these
>> 2 routers. can thise be done? or do i now need to reconfigure my PE router
>> to
>> run TDP.
>>
>> Splinter
>>
>> On Wed, Aug 12, 2009 at 2:52 PM, Shaughn Smith
>> <Shaughn.Smith_at_mtnbusiness.co.za<mailto:Shaughn.Smith_at_mtnbusiness.co.za>>
>> wrote:
>>
>> Mpls LDP neighbor covers both LDP/TDP
>>
>>
>>
>> From: srinivas pv
>> [mailto:vsrinivas.paturi_at_gmail.com<mailto:vsrinivas.paturi_at_gmail.com>]
>> Sent: Wednesday, August 12, 2009 2:49 PM
>> To: Shaughn Smith
>> Cc: Splinter; Cisco certification
>> Subject: Re: LDP/TDP
>>
>>
>>
>> Hi Shaughn,
>>
>> In that case, TDP runs on both.
>> Then I don't think 'mpls ldp nei x.x.x.x password' is applicable to TDP?
>> It is
>> only for LDP. Isn't it?
>>
>> I guess if want to go for authentication, you need to use LDP.
>>
>> Thanks,
>> Srinivas
>>
>> On Wed, Aug 12, 2009 at 5:51 PM, Shaughn Smith
>> <Shaughn.Smith_at_mtnbusiness.co.za<mailto:Shaughn.Smith_at_mtnbusiness.co.za>>
>> wrote:
>>
>> Ah, sorry. Didn't read the e-mail correctly
>>
>> If you are trying to run TDP and LDP it wont work unless you have the
>> keyword
>> "both" enabled on the interfaces.
>>
>> If you have done that then my previous e-mail is correct, you can run mpls
>> ldp
>> neighbor xxxx password
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
>> [mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On Behalf Of
>> srinivas pv
>> Sent: Wednesday, August 12, 2009 2:14 PM
>> To: Splinter
>> Cc: Cisco certification
>> Subject: Re: LDP/TDP
>>
>> Hi,
>>
>> I think, you need to use same label distribution protocol between
>> neighbors.
>> Isn't it?
>> I am not sure, how you can run TDP and LDP between neighbors.
>>
>> You may configure 'mpls label protocol both', but it just supports both
>> protocols.
>>
>> But you can not run LDP and TDP between neighbors.
>>
>> Thanks,
>> Srinivas
>>
>> On Wed, Aug 12, 2009 at 5:24 PM, Splinter
>> <splinter330_at_gmail.com<mailto:splinter330_at_gmail.com>> wrote:
>>
>> Hi,
>>>
>>> i am using a 2600 for my CE router and it is running TDP connected to my
>>> PE
>>> LDP router and
>>> I would like to do LDP/TDP authentication between these routers.
>>>
>>> I am not finding anything related to TDP security or LDP to TDP
>>> authentication.
>>>
>>> Please can you help
>>>
>>>
>>> Regards
>>>
>>> Splinter
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>> NOTE: This e-mail message and all attachments thereto contain confidential
>> information intended for a specific addressee and purpose. If you are not
>> the
>> addressee (a) you may not disclose, copy, distribute or take any action
>> based
>> on the contents hereof; (b) kindly inform the sender immediately and
>> destroy
>> all copies hereof. Any copying, publication or disclosure of this message,
>> or
>> part hereof, in any form whatsoever, without the sender's express written
>> consent, is prohibited. No opinion expressed or implied by the sender
>> necessarily constitutes the opinion of MTN. This message does not
>> constitute a
>> guarantee or proof of the facts mentioned herein. No Employee or
>> intermediary
>> is authorised to conclude a binding agreement on behalf of MTN Group
>> Limited,
>> or any of its subsidiary companies, by e-mail without the express written
>> confirmation by a duly authorised representative of MTN Group Limited.
>>
>>
>>
>>
>>
>> ________________________________
>>
>> NOTE: This e-mail message and all attachments thereto contain confidential
>> information intended for a specific addressee and purpose. If you are not
>> the
>> addressee (a) you may not disclose, copy, distribute or take any action
>> based
>> on the contents hereof; (b) kindly inform the sender immediately and
>> destroy
>> all copies hereof. Any copying, publication or disclosure of this message,
>> or
>> part hereof, in any form whatsoever, without the sender's express written
>> consent, is prohibited. No opinion expressed or implied by the sender
>> necessarily constitutes the opinion of MTN. This message does not
>> constitute a
>> guarantee or proof of the facts mentioned herein. No Employee or
>> intermediary
>> is authorised to conclude a binding agreement on behalf of MTN Group
>> Limited,
>> or any of its subsidiary companies, by e-mail without the express written
>> confirmation by a duly authorised representative of MTN Group Limited.
>>
>>
>>
>> ________________________________
>> NOTE: This e-mail message and all attachments thereto contain confidential
>> information intended for a specific addressee and purpose. If you are not
>> the
>> addressee (a) you may not disclose, copy, distribute or take any action
>> based
>> on the contents hereof; (b) kindly inform the sender immediately and
>> destroy
>> all copies hereof. Any copying, publication or disclosure of this message,
>> or
>> part hereof, in any form whatsoever, without the sender's express written
>> consent, is prohibited. No opinion expressed or implied by the sender
>> necessarily constitutes the opinion of MTN. This message does not
>> constitute a
>> guarantee or proof of the facts mentioned herein. No Employee or
>> intermediary
>> is authorised to conclude a binding agreement on behalf of MTN Group
>> Limited,
>> or any of its subsidiary companies, by e-mail without the express written
>> confirmation by a duly authorised representative of MTN Group Limited.
>>
>>
>>
>> ________________________________
>> NOTE: This e-mail message and all attachments thereto contain confidential
>> information intended for a specific addressee and purpose. If you are not
>> the
>> addressee (a) you may not disclose, copy, distribute or take any action
>> based
>> on the contents hereof; (b) kindly inform the sender immediately and
>> destroy
>> all copies hereof. Any copying, publication or disclosure of this message,
>> or
>> part hereof, in any form whatsoever, without the sender's express written
>> consent, is prohibited. No opinion expressed or implied by the sender
>> necessarily constitutes the opinion of MTN. This message does not
>> constitute a
>> guarantee or proof of the facts mentioned herein. No Employee or
>> intermediary
>> is authorised to conclude a binding agreement on behalf of MTN Group
>> Limited,
>> or any of its subsidiary companies, by e-mail without the express written
>> confirmation by a duly authorised representative of MTN Group Limited.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 16 2009 - 17:31:50 ART

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:56 ART