destination from the remote LFA. When an LDP session goes down and a remote tunnel
is no longer available, OSPF changes all the routes that have been using this backup LDP
tunnel.
NOTE: Currently, Junos OS supports only IPv4 transport LSPs. If you need to
reuse IPv4 transport LSPs for IPv6 IGP networks, add an IPv6 explicit NULL
label to the label stack of the tracking route. The system automatically
converts the IPv4 LSP to an IPv6 LSP.
LDP might be vulnerable by an automatically targeted adjacency, and these threats can
be mitigated using all or some of the following mechanisms:
•
Remote LFAs that are several hops away use extended hello messages to indicate
willingness to establish a targeted LDP session. A remote LFA can reduce the threat
of spoofed extended hello messages by filtering them and accepting only those
originating at sources permitted by an access or filter list.
•
There is a need to authenticate with TCP-MD5 all auto-targeted LDP sessions in the
given IGP/LDP domain using apply groups or LDP global-level authentication.
•
As an added security measure, the repair or remote tunnel endpoint routers should be
assigned from a set of addresses that are not reachable from outside of the routing
domain.
Related
Documentation
Example: Configuring Remote LFA Over LDP Tunnels in OSPF Networks•
• Configuring Remote LFA Backup over LDP Tunnels in an OSPF Network on page 548
• auto-targeted-session
• no-eligible-remote-backup
• remote-backup-calculation
Configuring Remote LFA Backup over LDP Tunnels in an OSPF Network
The primary goal of a remote loop free alternate (LFA) is to increase backup coverage
for OSPF routes and provide protection especially for Layer 1 metro-rings. The existing
LDP implemented for the MPLS tunnel setup can be reused for protection of OSPF
networks and subsequent LDP destinations. The OSPF protocol creates a dynamic LDP
tunnel to reach the remote LFA node from the point of local repair (PLR). The PLR uses
this remote LFA backup path when the primary link fails.
Before you configure remote LFA over LDP tunnels in an OSPF network, you must do the
following:
1. Enable LDP on the loopback interface.
Configure a loopback interface because an LDP targeted adjacency cannot be formed
without a loopback interface. LDP targeted adjacency is essential for determining
remote LFA backup paths.
Copyright © 2017, Juniper Networks, Inc.548
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
