Tuesday, June 26, 2007


mkdir /downloads
wget http://www.qmailrocks.org/downloads/qmailrocks.tar.gz
tar -zxvf qmailrocks.tar.gz
cd /downloads/qmailrocks/scripts/install/
--> /var/qmail
--> users and groups
--> /usr/src/qmail
--> untars qmail and ucspi-tcp in /usr/src/qmail
--> untars daemontools in /package
--> /var/log/qmail
--> creates dir qmail-send qmail-smtpd qmail-pop3d under /var/log/qmail
--> /var/qmail/supervise
--> qmail-smtpd/log qmail-send/log qmail-pop3d/log

cd /downloads/qmailrocks/scripts/util/
--> jumbo patches for qmail


hostname --fqdn
cd /usr/src/qmail/qmail-1.03
make man && make setup check
--> populates /var/qmail
./config-fast linux.box.com
--> populates /var/qmail/control

build ucspi-tcp

cd /usr/src/qmail/ucspi-tcp-0.88/
patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch
output: patching file error.h
make && make setup check

build daemontools.
cd /package/admin/daemontools-0.76/src
patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch
output: patching file error.h
cd /package/admin/daemontools-0.76

svscan /service


cd /downloads/qmailrocks
tar zxvf autorespond-2.0.5.tar.gz
cd autorespond-2.0.5
make && make install


cd /downloads/qmailrocks
tar zxvf vpopmail-5.4.13.tar.gz
cd vpopmail-5.4.13
./configure --enable-logging=p
make && make install-strip


cd /downloads/qmailrocks
tar zxvf vqadmin-2.3.6.tar.gz
cd vqadmin-2.3.6
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html
make && make install-strip

mkdir /var/www/cgi-bin/vqadmin


deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow

vi /var/www/cgi-bin/vqadmin/.htaccess
AuthType Basic
AuthUserFile /var/www/vqadmin.passwd
AuthName vQadmin
require valid-user
satisfy any

htpasswd -c /var/www/vqadmin.passwd admin
chmod 644 /var/www/vqadmin.passwd
chown vpopmail:vchkpw /var/www/cgi-bin/vqadmin/vqadmin.cgi

/home/vpopmail/bin/vadddomain anecho.net


cd /downloads/qmailrocks
tar zxvf maildrop-1.6.3.tar.gz
cd maildrop-1.6.3

./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota

make && make install-strip && make install-man


cd /downloads/qmailrocks
tar zxvf qmailadmin-1.2.9.tar.gz
cd qmailadmin-1.2.9
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html
make && make install-strip
fpostmaster account and password for the domain that you created a while back using Vqadmin

Finalizing Qmail


vi /var/qmail/supervise/qmail-pop3d/run
change "mail.example.com" to linux.box.com

vi /var/qmail/supervise/qmail-smtpd/run
change "mail.example.com" to linux.box.com

qmailctl stop

echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
qmailctl cdb

system aliases
echo mailadm > /var/qmail/alias/.qmail-root
echo mailadm > /var/qmail/alias/.qmail-postmaster
echo mailadm > /var/qmail/alias/.qmail-mailer-daemon
ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
chmod 644 /var/qmail/alias/.qmail*

Disabling Sendmail
service sendmail stop
mv /usr/lib/sendmail /usr/lib/sendmail.old
mv /usr/sbin/sendmail /usr/sbin/sendmail.old
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail

Starting qmail
- checking the installation
you should get "congratulations" message

qmailctl start


Courier-imap along with Courierpassd, Courier-authlib

Courier IMAP authentication with "vchkpw"
Courierpassd is a utility that allows users to change their mailbox passwords remotely.

cd /downloads/qmailrocks/
tar jxvf courier-authlib-0.55.tar.bz2
cd courier-authlib-0.55
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat

make && make check
make install-strip && make install-configure

vi /etc/rc.local
Add the following line:
/usr/local/sbin/authdaemond start

Courier IMAP
cd /downloads/qmailrocks/
tar jxvf courier-imap-4.0.2.tar.bz2
useradd lino
chown -R lino:root courier-imap-4.0.2
cd /downloads/qmailrocks/courier-imap-4.0.2
su lino
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat
make && make check

Now we will exit out of our NON-ROOT USER and go back to being root...
make install-strip && make install-configure

SSL certificate for the IMAP-SSL server

vi /usr/local/etc/imapd.cnf

--> it creates /usr/local/share/imapd.pem

vi /usr/local/etc/imapd

vi /usr/local/etc/imapd-ssl

vi /usr/local/etc/authlib/authdaemonrc
# Comment out this line
# authmodulelist="authuserdb authpam authcustom authvchkpw"
# copy the below line

cp /usr/local/libexec/imapd.rc /etc/rc.d/init.d/imap
cp /usr/local/libexec/imapd-ssl.rc /etc/rc.d/init.d/imaps

Now let's start up Authdaemond, IMAP and IMAPS.

/usr/local/sbin/authdaemond stop
/usr/local/sbin/authdaemond start
/etc/rc.d/init.d/imap stop
/etc/rc.d/init.d/imaps stop
/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start

If you run
# nmap localhost
you should see both 143 and 993 now open and listening.
Now let's test it...

# telnet localhost 143
a login madunix@box.com madunix
a OK LOGIN Ok. (successful login!)
a logout

you can configure a mail client such as Outlook to test both the IMAP and IMAP-SSL connetion to your server.


Note: Courierpassd will require that port 106 be open to at least local traffic (traffic from

# cd /downloads/qmailrocks
# tar zxvf courierpassd-1.1.0-RC1.tar.gz
# cd courierpassd-1.1.0-RC1
# ./configure
# make && make install

We are going to configure Xinetd to run courierpassd.

# cd /etc/xinetd.d
# vi courierpassd
service courierpassd
port = 106
socket_type = stream
protocol = tcp
user = root
server = /usr/local/sbin/courierpassd
server_args = -s imap
wait = no
only_from =
instances = 4
disable = no

# vi /etc/services
courierpassd 106/tcp #for /etc/xinetd.d/courierpassd

# /etc/rc.d/init.d/xinetd restart

# telnet localhost 106
Connected to localhost.
Escape character is '^]'.
200 courierpassd v0.30 hello, who are you?
user madunix@box.com
200 Your password please.
pass madunix
200 Your new password please.
newpass n0uresh
200 Password changed, thank-you.
200 Bye.
Connection closed by foreign host.


--> check whether PHP is installed

# cd /var/www/html
# vi test.php

search for these options:

vi /etc/php.ini
# search for this string
file_uploads = On

# rpm -evv squirrelmail
# cd /downloads/qmailrocks
# tar -jxvf squirrelmail-1.4.8.tar.bz2
# mv squirrelmail-1.4.8 webmail
# mkdir /var/sqattachements
# chown -R apache:apache /var/sqattachements
# cd webmail
# chown -R apache:apache data
# cd config
# ./conf.pl

--> For 2. Server Settings
Command>> 2

1. Domain :
2. Invert Time : false
3. Sendmail or SMTP : SMTP

--> For IMAP settings
Command>> A

4. IMAP Server : localhost
5. IMAP Port : 143
6. Authentication type : login
7. Secure IMAP (TLS) : false
8. Server software : other
9. Delimiter : detect

--> B. Update SMTP Settings
Command>> B

4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : login
8. Secure SMTP (TLS) : false

--> Save data
Command >> S

# mv webmail/ /var/www/html


--> download change_password plugin from squirrelmail.org

# tar -zxvf change_pass-2.7-1.4.x.tar.gz
# cd /var/www/html/webmail/plugins
# cp -r /downloads/qmailrocks/change_pass .
# cd /var/www/html/webmail/config
# ./conf.pl

Choose the option for "plugins".
--> add plugin "change_pass"

Checking/Installing Perl Modules

You will need these Perl Modules to work for Spamassassin and Qmail-Scanner

You will also need these other packages:

How do I know if my server has these perl modules?

Clam Anti Virus
cd /downloads/qmailrocks/
rpm -Uvh clamav-0.87-1.i386.rpm
rpm -Uvh clamav-devel-0.87-1.i386.rpm

# vi /etc/clamd.conf
LogFile /var/log/clamav/clamd.log
"LogTime" - should be uncommmented.
"LogSyslog" - should be uncommented.
#User clamav --> Comment it out, add the below
User qscand
"ScanMail" - should be uncommented.

Now we are going to create the qscand user that ClamAV

# useradd -c "Qmail-Scanner Account" -s /bin/false qscand
# chown -R qscand:qscand /var/log/clamav/
# /etc/init.d/clamd stop
# /etc/init.d/clamd start

--> Update with the latest virus definiations

# touch /var/log/clamav/clam-update.log
# chown -R qscand:qscand /var/log/clamav/
# /usr/bin/freshclam -l /var/log/clamav/clam-update.log

ClamAV update process started at Sun Oct 24 23:36:22 2004
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek)
daily.cvd is up to date (version: 549, sigs: 1583, f-level: 3, builder: ccordes)

--> run update of virus definitions at 1:25 am
# crontab -e
25 1 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log

--. Clam AV quarantines the e-mail in /var/spool/qmailscan/quarantine
--> Clamd runs on port 3310

--> Spamassassin utilizes port 783

# rpm -e spamassassin

# cd /downloads/qmailrocks/perlmods/rpms/
# rpm -Uvh perl-Mail-SpamAssassin-3.0.2-1.i386.rpm

--> Now let's install the Spamassassin RPMs
# cd /downloads/qmailrocks/
# rpm -Uvh spamassassin-3.0.2-1.i386.rpm
# rpm -Uvh --nodeps spamassassin-tools-3.0.2-1.i386.rpm

# groupadd spamd
# useradd -g spamd -s /home/spamd spamd

# vi /etc/sysconfig/spamassassin
SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"

# vi /etc/mail/spamassassin/local.cf
required_hits 5

# /etc/rc.d/init.d/spamassassin start
# ps aux | grep spamd

# chkconfig --level 35 clamd on
# chkconfig --level 35 spamassassin on

qmail-scanner w/qms-analog

. Qms-analog incorporated the widely used qmail-scanner-st patch but it also adds some cool reporting functionality as well which we will utilize later in this installation guide

# cd /downloads/qmailrocks
# tar zxvf qmail-scanner-1.25.tgz
# tar zxvf qms-analog-0.4.2.tar.gz
# cd qms-analog-0.4.2
# make all

# cp qmail-scanner-1.25-st-qms-20050219.patch /downloads/qmailrocks/qmail-scanner-1.25/
# cd /downloads/qmailrocks/qmail-scanner-1.25
# patch -p1 qmail-scanner-1.25-st-qms-20050219.patch

Monday, June 25, 2007

Adding common MS Windows Fonts to 10g Reports server on UNIX OS

Cross-Platform issues when you develop Reports on Windows AS ,
and deploy it on Linux AS.

Backup the files/direcories before your work with it

Modifies the following files:

dummy:PostScript:2:dummy printer for PDF output:default.ppd:
Comment out any font aliases found under the sections [ Global ] , [ Printer:PostScript1 ] and [PDF] e.g.
The order here is important, the plain font alias must be last in the PDF subset list)
[ PDF:Subset ]
Arial..Italic.Bold.. = "arialbi.ttf"
Arial...Bold.. = "arialbd.ttf"
Arial..Italic... = "ariali.ttf"
Arial..... = "arial.ttf"

*DefaultFont: Arial
*%Font Arial: Standard "(001.004)" Standard ROM
*%Font Arial-Italic: Standard "(001.004)" Standard ROM
*%Font Arial-Bold: Standard "(001.004)" Standard ROM
*%Font Arial-BoldItalic: Standard "(001.004)" Standard ROM
*Font Arial: Special "(001.001)" Special ROM
*Font Ariali: Special "(001.001)" Special ROM
*Font Arialbd: Special "(001.001)" Special ROM
*Font Arialbi: Special "(001.001)" Special ROM

*DefaultFont: Arial
*Font Arial: Standard "(001.001)" Standard ROM
*Font Ariali: Standard "(001.001)" Standard ROM
*Font Arialbd: Standard "(001.001)" Standard ROM
*Font Arialbi: Standard "(001.001)" Standard ROM

make sure you define REPORTS_PATH=$REPORTS_PATH:$ORACLE_HOME/guicommon/tk/admin/TTF; export REPORTS_PATH

RW=$ORACLE_HOME/reports; export RW
#REPORTS_PATH=$REPORTS_PATH:$ORACLE_HOME/guicommon/tk/admin/TTF:$ORACLE_HOME/reports/templates:$ORACLE_HOME/reports/samples/demo:$ORACLE_HOME/reports/integ:$ORACLE_HOME/reports/printers:${REPORTS_PATH}; export REPORTS_PATH
#REPORTS_PATH=$ORACLE_HOME/guicommon/tk/admin/TTF; export REPORTS_PATH
REPORTS_PATH=$ORACLE_HOME/reports/templates:$ORACLE_HOME/reports/samples/demo:/home/oracleas/OraHome_1/guicommon/tk/admin/PPD:/home/oracleas/OraHome_1/guicommon/tk/admin/AFM:$REPORTS_PATH:$ORACLE_HOME/guicommon/tk/admin/TTF:$ORACLE_HOME/reports/integ:$ORACLE_HOME/reports/printers:${REPORTS_PATH}; export REPORTS_PATH
REPORTS_CLASSPATH=$ORACLE_HOME/reports/jlib/rwbuilder.jar:$ORACLE_HOME/reports/jlib/rwrun.jar:$ORACLE_HOME/jlib/zrclient.jar:$ORACLE_HOME/j2ee/home/oc4j.jar:$ORACLE_HOME/j2ee/home/lib/ojsp.jar; export REPORTS_CLASSPATH
## Icon variable for Solaris platform
TK_ICON=$ORACLE_HOME/reports/plugins/resource; export TK_ICON
#PRINTER=fontprinter;export PRINTER
TK_PRINTER=dummy ; export TK_PRINTER
TK_PRINT_STATUS='echo %n is valid'; export TK_PRINT_STATUS
DEBUG_SLFIND=/tmp/reports.log export DEBUG_SLFIND
#PRINTER=fontprinter;export PRINTER
REPORTS_PATH=$REPORTS_PATH:$ORACLE_HOME/guicommon/tk/admin/TTF:$ORACLE_HOME/guicommon/tk/admin/TTF;export REPORTS_PATH
#PRINTER=fontprinter;export PRINTER

In the file datap462.ppd Comment the Symbol font by changing

*Font Symbol: Special "(001.001)" Special ROM
*%Font Symbol: Special "(001.001)" Special ROM

in the $ORACLE_HOME/guicommon/tk/admin/AFM Rename file
rename Symbol to Symbol.afm
From the MS Windows machine, ftp (in binary mode) the ttf files for the font styles to the target Unix machine e.g.
Arial fonts
download ttf2pt1 open source tools
use the ttf2pt1 open source tools to convert AFM
/downloads/ttf2pt1-3.4.4/ttf2pt1 -l plane+0x06 arial.ttf
repeat this for all arial types will be used in the form

place the generated AFM files through the ttf files to the AFM folders under Oracle AS /gui.../tk/admin/AFM
/AFM folder should show this
ls -al Ar*
/TTF folder should show this
$ls -al ar*

Monday, May 14, 2007

LAMP (php+mysql+apache)

1.prepare to install

main install file:


php install file:


we can download from this web:



2.Install Apache2

# cd /home/software/
# tar -zvxf httpd-2.2.0.tar.gz
# cd httpd-2.2.0
# mkdir -p /usr/local/apache2
# ./configure --prefix=/usr/local/apache
# ./configure --prefix=/usr/local/apache --enable-modules=so --enable-rewrite
# make; make install
install apache
# vi /usr/local/apache/conf/httpd.conf
#ServerName www.example.com:80

save and exit

# /usr/local/apache/bin/apachectl -k start
start up apahce
# /usr/local/apache/bin/apachectl -k stop
shut down apache?

3.Install mySQL

# cd /home/software/
# tar -zvxf mysql-max-5.0.21-linux-i686-glibc23.tar.gz
# mkdir -p /usr/local/mysql
# cp -r mysql-max-5.0.21-linux-i686-glibc23.tar.gz /usr/local/mysql
# cp /usr/local/mysql/support-files/my-medium.cnf /etc/my.cnf

add mysql user and group
# groupadd mysql
# useradd -g mysql mysql
# chown -R root /usr/local/mysql
# chgrp -R mysql /usr/local/mysql
# chown -R mysql /usr/local/mysql/data
# /usr/local/mysql/scripts/mysql_install_db --user=mysql&
start up mysql server
# /usr/local/mysql/bin/mysqld_safe --user=mysql&
If we can see" Starting mysqld daemon with databases from /usr/local/mysql/data"
It show that we have started mysql server, pressCtrl + C to out
change root password
# /usr/local/mysql/bin/mysqladmin -u root -p password "123456"

4.Install GD

a.install jpeg6
create menu:
# mkdir -p /usr/local/jpeg6
# mkdir -p /usr/local/jpeg6/bin
# mkdir -p /usr/local/jpeg6/lib
# mkdir -p /usr/local/jpeg6/include
# mkdir -p /usr/local/jpeg6/man
# mkdir -p /usr/local/jpeg6/man1
# mkdir -p /usr/local/jpeg6/man/man1

# cd /home/xiutuo/software/
# tar -zvxf jpegsrc.v6b.tar.gz
# cd jpeg-6b
# ./configure --prefix=/usr/local/jpeg6/ --enable-shared --enable-static
# make; make install

b.install libpng
# cd /home/software/
# tar -zvxf libpng-1.2.8.tar.gz
# cd libpng-1.2.8
# cp scripts/makefile.std makefile
# make; make install

c.install freetype
# cd /home/software/
# tar -zvxf freetype-2.1.10.tar.gz
# cd freetype-2.1.10
# mkdir -p /usr/local/freetype
# ./configure --prefix=/usr/local/freetype
# make;make install

d.:install zlib
# cd /home/xiutuo/software/
#tar -zxvf zlib-1.2.3.tar.gz
#cd zlib.1.2.3
# ./configure
# make;make install

e.install GD
# cd /home/software/
# tar -zvxf gd-2.0.33.tar.gz
# mkdir -p /usr/local/gd2
# cd gd-2.0.33
# ./configure --prefix=/usr/local/gd2 --with-jpeg=/usr/local/jpeg6/
# make; make install

f.install Curl
# cd /home/xiutuo/software/
# tar -zxf curl-7.15.0.tar.gz
# mkdir -p /usr/local/curl
# ./configure --prefix=/usr/local/curl
# make; make install

5:install php5,php5 need libxml2 to support!

a.install libxml2
# cd /home/xiutuo/software/
# tar -zxf libxml2-2.6.19.tar.gz
# cd libxml2-2.6.19
# mkdir -p /usr/local/libxml2
# ./configure --prefix=/usr/local/libxml2
# make; make install

b.install libxslt
# cd /home/software/
# tar -zxf libxslt-1.1.15.tar.gz
# mkdir -p /usr/local/libxslt
# cd libxslt-1.1.15
# ./configure --prefix=/usr/local/libxslt --with-libxml-prefix=/usr/local/libxml2
# make; make install

c.install php5
# cd /home/software/
# tar -zvxf php-5.1.2.tar.gz
# mkdir -p /usr/local/php
# cd php-5.05
# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs
--with-curl=/usr/local/curl --enable-ftp
--with-expat-dir=/usr/lib --enable-soap
--with-xsl=/usr/local/libxslt --enable-xslt
# make
# make install
# cp php.ini-dist /usr/local/php/lib/php.ini (never forget)

after "./configure"
This is necessary

make PHP to support GD

--with-curl=/usr/local/curl support CURL

--enable-soap --with-xsl=/usr/local/libxslt --enable-xslt
make PHP to support SOAP

6.config Apache2 to make it support PHP

config httpd.conf to support PHP
# vi /usr/local/apache/conf/httpd.conf
find AddType application/x-gzip .gz .tgz and add this:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

restart apache
# /usr/local/apache/bin/apachectl restart

./configure --prefix=/usr/local/mysql --localstatedir=/usr/local/mysql/data --disable-maintainer-mode --with-mysqld-user=mysql --with-unix-socket-path=/tmp/mysql.sock --without-comment --without-debug --without-bench
./bin/mysqld_safe &

$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());

printf("Host information: %s\n", $mysqli->host_info);

/* close connection */

Sunday, April 15, 2007

AIX 5.3 recommendation

lately I found a very interesting artical from IBM System mag open systems version Aug/Sept 2006 which states IBM are now recommending the following for AIX5.3

The new recommendations are to leave maxclient and maxperm at their default settings of 80, but to still set minperm to something like 5. We also don't change the strict settings. Instead, we alter other parameters as follows:

vmo -p -o minperm%=5
vmo -p -o lru_file_repage=0
vmo -p -o lru_poll_interval=10

Connecting Webserver to Oracle10g

Oracle client:
1. Download the Instant Client from Oracle
2. Be sure to get the basic and the sdk package for Linux (the basic in
RPM format to install the runtime environment and both the basic and sdk
in zip format to be used while compiling)
3. Install the RPM package (rpm -i)
4. Unzip both zips into the same directory
5. cd into the newly created directory (instantclient_10_x) and create a
softlink: libclntsh.so -> libclntsh.so.10.1


1. Install apache2, do not install any PHP packages!
2. Install apache2-devel to get apxs2 (also required: libapr1-devel and
3. Download the PHP source code and unzip it
4. Use configure as shown in FIG A
5. Enter make
6. Add the lib-directory generated by the RPM installed before (e.g
/usr/lib/oracle/ to the LD_LIBRARY_PATH
7. Enter make install
8. Copy the php.ini-recommended file to your apache config directory
(e.g. /etc/apache2)
9. Create the tnsnames.ora
10. cd into your apache config directory
11. (for apache 2) create a new file called php5.conf and copy the
content of FIG D into it
12. Be sure to include this conf in your vhost (e.g. Include
13. Edit the files containing module information (on SuSE 10.1:
/etc/sysconfig/apache2) and add the libphp5.so to the list of modules.
14. Start apache with the script from FIG C
15. Create a PHP page, only containing , save it in
your DocumentRoot and call it via a web browser. It should now display
an OCI8 information section.
16. You can now use the code from FIG E to test your Oracle database


echo Starting Apache apache2ctl start

AddType application/x-httpd-php .php
AddType application/x-httpd-php .phtml
AddType application/x-httpd-php-source .phps

$c = OCILogon('', '',
if($c != null){
echo "YAY!";
} else{
echo "DOH!";

$query = '';

$stid = OCIParse($c, $query); OCIExecute($stid, OCI_DEFAULT); while
($succ = OCIFetchInto($stid, $row)) { foreach ($row as $item) { echo
$item." "; } echo "
n"; }

OCILogoff($c); ?>

MPLS study notes

MPLS: Multi Protocol Label Switching
Packet forwarding is done based on Labels.
Labels are assigned when the packet enters into the network.
Labels are on top of the packet.
MPLS is functioning in frame-mode or cell-mode.
LSPs are unidirectional
Label Header:= Header 4 bytes, Label 20 bits.
Label Header can be used over Ethernet, 802.3, or PPP links
A label switch router (LSR) is a device that forwards based on labels.
An edge LSR labels and removes labels from packets.
LSRs distribute labels to the upstream neighbors
Forwarding tables (FIB) are built based on IP routing tables with no labeling information
MPLS convergence occurs immediately after the routing protocol convergence, based on labels already stored in LIB
LDP and TDP use a similar process to establish a session:
Hello messages are periodically sent on all interfaces enabled for MPLS.
UDP is used for hello messages. It is targeted at "all routers on this subnet" multicast address (
TCP is used to establish the session.
Both TCP and UDP use well-known LDP port number 646 (711 for TDP).
Penultimate hop popping optimizes MPLS performace (one less LFIB lookup).
PHP optimizes MPLS performance by reducing the number of table lookups on the egress router.
PHP is not supported on ATM devices because a label is part of the ATM cell payload and cannot be removed by the ATM switching hardware
Pop or implicit null label uses value 3 when being advertised to a neighbor.
Provider Network (P-Network): The backbone under control of a Service Provider
Customer Network (C-Network):Network under customer control
CE router:Customer Edge router. Part of the C-network and interfaces to a PE router
Site is connected to the VPN backbone through one or more PE/CE links
PE router Provider Edge router. Part of the P-Network and interfaces to CE routers
P router Provider (core) router, without knowledge of VPN
Route-Target 64 bits identifying routers that should receive the route
Route Distinguisher Attributes of each route used to uniquely identify prefixes among VPNs (64 bits) VRF based (not VPN based)
VPN-IPv4 addresses Address including the 64 bits Route Distinguisher and the 32 bits IP address
VRF VPN Routing and Forwarding Instance Routing table and FIB table Populated by routing protocol contexts
VPN-Aware network, A provider backbone where MPLS-VPN is deployed
Intranet VPN: Intranet VPNs connect sites within an organization. Security mechanisms are usually not deployed in an intranet, because all sites belong to the same organization.
Extranet VPN: Extranet VPNs connect different organizations. Extranets usually rely on security mechanisms to ensure the protection of participating individual organizations. Security mechanisms are usually the responsibility of individual participating organizations.
Access VPN: Access VPNs are virtual private dial-up networks (VPDNs) that provide dialup access into a customer network.
PE routers are faced to CE routers and distribute VPN information through MP-BGP to other PE routers
P routers do not run BGP and do not have any VPN knowledge
PE and CE routers exchange routing information through: EBGP, OSPF , RIPv2, Static routing
Site of Origin (SOO): identifies the originating site
Route-target (RT): identifies the set of sites the route has to be advertised to
RTs are attributes that are attached to a VPNv4 BGP route to indicate its VPN membership. The extended BGP communities of a routing update is used to carry the RT of that update, thus identifying which VPN the update belongs to.
RD is configured in the PE for each VRF
The RD is used only to transform nonunique 32-bit customer IP version 4 (IPv4) addresses into unique 96-bit VPNv4 addresses (also called VPN IPv4 addresses).
RD may or may not be related to a site or a VPN
<16bits type>::<32 bit number>Registered AS number
<16bits type>::<16 bit number>Registered IP address
VRF: VPN Routing and Forwarding Instance( VRF Routing Protocol Context, VRF Routing Tables,VRF CEF Forwarding Tables)
One central site has full routing knowledge of all other sites (of same VPN) = Hub-Site
Other sites will send traffic to Hub-Site for any destination = Spoke-Sites

show commands
show ip route vrf ...
show ip protocol vrf
show ip cef
show tag-switching tdp parameters
show tag-switching interface
show mpls interface
show tag-switching tdp discovery
show tag-switching tdp neighbor
show tag-switching tdp neighbor detail
show tag-switching tdp bindings
show tag-switching forwarding-table
show mpls forwarding-table
show ip cef detail

Sample PE Router Configuration
conf t
ip cef
ip vrf Cust
rd 1:100
route-target both 1:100

interface Serial0/0
ip vrf forwarding Cust
ip address

router eigrp 1
address-family ipv4 vrf Cust
redistribute bgp 1 metric 1000 100 255 1 1500
no auto-summary
autonomous-system 101

router bgp 1
no synchronization
no auto-summary
address-family vpnv4
address-family ipv4 vrf Cust
neighbor remote-as 1
neighbor activate
neighbor update-source Loopback0
redistribute eigrp 201

To verify configuration
show ip eigrp vrf Cust neighbors
show ip bgp vpnv4 vrf ...
show ip route eigrp
sh ip vrf route