The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes the configuration and verification of IP devices which moves across the Data Center (DC) in Locator Identity Separation Protocol (LISP) enabled network without the need to change it's IP address.
Cisco recommends that you have basic knowledge of LISP.
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
In LISP environment, this device is called Dynamic Endpoint Identifier (EID). LISP multihop mobility supports the subnet extended mode which allows different DCs to have same subnet which in turn allows Virtual Machines (VMs) to keep their assigned IP address when they migrate to another DC.
A First Hop Router (FHR) detects the presence of dynamic EID and informs the same to xTR side gateway via the EID notify message. xTRs registers the dynamic EID in order to map the server and also perform LISP encapsulation and decapsulation function for traffic that passes through LISP domain.
xTRs deployed in different DCs must be connected via the Data Centre Interconnect (DCI) technology like Overlay Transport Virtualization (OTV). In Nexus, OTV multicast mode is supported.
This image is used as a sample topology for the rest of the document.
In the example discussed in this article, the traffic continuously flows from VM (172.16.54.200) to Site-3 (172.16.20.1).
First Hop Router (FHR-1):
!
feature lisp
!
ip lisp etr
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.1.1.1 priority 10 weight 50
database-mapping 172.16.54.0/24 10.2.2.2 priority 10 weight 50
eid-notify 10.10.10.10 key 3 9125d59c18a9b015
map-notify-group 225.1.1.1
!
interface loopback0
ip address 10.1.1.1/32
ip router ospf 1 area 0.0.0.0
!
interface Vlan2
no shutdown
lisp mobility VM
lisp extended-subnet-mode
ip address 172.16.54.3/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no ip arp gratuitous request
hsrp 1
preempt
priority 120
ip 172.16.54.1
!
FHR-2:
!
feature lisp
!
ip lisp etr
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.1.1.1 priority 10 weight 50
database-mapping 172.16.54.0/24 10.2.2.2 priority 10 weight 50
eid-notify 10.10.10.10 key 3 9125d59c18a9b015
map-notify-group 225.1.1.1
!
interface Vlan2
no shutdown
lisp mobility VM
lisp extended-subnet-mode
ip address 172.16.54.2/24
ip ospf passive-interface
ip pim sparse-mode
no ip arp gratuitous request
hsrp 1
preempt
priority 90
ip 172.16.54.1
!
interface loopback0
ip address 10.2.2.2/32
ip router ospf 1 area 0.0.0.0
xTR:
!
feature lisp
!
ip lisp itr-etr
ip lisp database-mapping 172.16.54.0/24 10.10.10.10 priority 10 weight 50
ip lisp itr map-resolver 192.168.1.1
ip lisp etr map-server 192.168.1.1 key 3 9125d59c18a9b015
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.10.10.10 priority 10 weight 50
eid-notify authentication-key 3 9125d59c18a9b015
!
interface loopback0
ip address 10.10.10.10/32
ip router ospf 1 area 0.0.0.0
!
FHR-3:
!
feature lisp
!
ip lisp etr
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.3.3.3 priority 10 weight 50
database-mapping 172.16.54.0/24 10.4.4.4 priority 10 weight 50
eid-notify 10.11.11.11 key 3 9125d59c18a9b015
map-notify-group 225.1.1.1
!
interface Vlan2
no shutdown
lisp mobility VM
lisp extended-subnet-mode
ip address 172.16.54.4/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no ip arp gratuitous request
hsrp 1
preempt
priority 110
ip 172.16.54.1
!
interface loopback0
ip address 10.3.3.3/32
ip router ospf 1 area 0.0.0.0
FHR-4:
!
feature lisp
!
ip lisp etr
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.3.3.3 priority 10 weight 50
database-mapping 172.16.54.0/24 10.4.4.4 priority 10 weight 50
eid-notify 10.11.11.11 key 3 9125d59c18a9b015
map-notify-group 225.1.1.1
!
interface Vlan2
no shutdown
lisp mobility VM
lisp extended-subnet-mode
ip pim sparse-mode
ip ospf passive-interface
ip address 172.16.54.5/24
hsrp 1
preempt
priority 90
ip 172.16.54.1
!
interface loopback0
ip address 10.4.4.4/32
ip router ospf 1 area 0.0.0.0
xTR:
!
interface loopback0
ip address 10.11.11.11/32
ip router ospf 1 area 0.0.0.0
!
feature lisp
!
ip lisp itr-etr
ip lisp database-mapping 172.16.54.0/24 10.11.11.11 priority 10 weight 50
ip lisp itr map-resolver 192.168.1.1
ip lisp etr map-server 192.168.1.1 key 3 9125d59c18a9b015
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.11.11.11 priority 9 weight 50
eid-notify authentication-key 3 9125d59c18a9b015
!
!
router lisp
locator-table default
site 1
authentication-key cisco
eid-prefix 172.16.54.0/24 accept-more-specifics
exit
!
site 2
authentication-key cisco
eid-prefix 172.16.20.0/24 accept-more-specifics
exit
!
ipv4 map-server
ipv4 map-resolver
!
router lisp
database-mapping 172.16.20.0/24 10.20.20.20 priority 10 weight 50
ipv4 itr map-resolver 192.168.1.1
ipv4 itr
ipv4 etr map-server 192.168.1.1 key cisco
ipv4 etr
exit
!
interface Loopback1
ip address 10.20.20.20 255.255.255.255
!
interface Loopback2
ip address 172.16.20.1 255.255.255.0
!
Step 1. VM is booted up.
VM has been powered On and has started to send traffic to a remote site i.e. Site-3. FHR-1 receives this stream and creates a Dynamic-EID:
N7K-358-West-FHR1# show lisp dynamic-eid summary
LISP Dynamic EID Summary for VRF "default"
* = Dyn-EID learned by site-based Map-Notify
! = Dyn-EID learned by routing protocol
^ = Dyn-EID learned by EID-Notify
Dyn-EID Name Dynamic-EID Interface Uptime Last Pending
Packet Ping Count
VM 172.16.54.200 Vlan2 06:50:21 00:12:12 0
N7K-358-West-FHR1# show lisp dynamic-eid detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000003
Locator: 10.1.1.1, priority: 10, weight: 50
Uptime: 06:51:34, state: up, local
Locator: 10.2.2.2, priority: 10, weight: 50
Uptime: 06:50:10, state: up
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: 225.1.1.1
Extended Subnet Mode configured on 1 interfaces
Number of roaming dynamic-EIDs discovered: 3
Last dynamic-EID discovered: 172.16.54.1, 00:00:04 ago
Roaming dynamic-EIDs:
172.16.54.200, Vlan2, uptime: 06:50:31, last activity: 00:12:22
Discovered by: packet reception
Step 2. FHR installs the LISP route.
As seen in Step 1, FHR creates a dynamic EID entry when it receives packets from the VM. It then installs a a/32 route in the Routing Information Base (RIB):
N7K-358-FHR1-West-DC# show ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Vlan2, [240/0], 06:58:08, lisp, dyn-eid
via 172.16.54.200, Vlan2, [250/0], 06:58:45, am
Step 3. FHR notifies all other FHRs about this Dynamic EID.
This FHR sends Map-Notify messages to all other FHRs which includes the ones in the local site as well as in all the remote sites. In our example, FHR-1 sends the Map-Notify with regards to 172.16.54.200 to FHR-2 on the local DC as well as FHR-3 and FHR-4 on the East DC.
But only local site FHR can install the route for that EID in its RIB as shown here:
N7K-358-FHR2-West-DC# show lisp dynamic-eid detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000003
Locator: 10.1.1.1, priority: 10, weight: 50
Uptime: 00:01:04, state: up
Locator: 10.2.2.2, priority: 10, weight: 50
Uptime: 00:01:53, state: up, local
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: 225.1.1.1
Extended Subnet Mode configured on 1 interfaces
Number of roaming dynamic-EIDs discovered: 1
Last dynamic-EID discovered: 172.16.54.200, 00:01:04 ago
Roaming dynamic-EIDs:
172.16.54.200, Vlan2, uptime: 00:01:04, last activity: 00:00:42
Discovered by: site-based Map-Notify
Secure-handoff pending for sources: none
N7K-358-FHR2-West-DC#sh ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Vlan2, [240/0], 00:00:08, lisp, dyn-eid
via 172.16.54.200, Vlan2, [250/0], 00:01:53, am
Step 4. FHR updates this EID to local xTR.
Once when both the sites on FHR knows about the EID, it notifies their local site's xTR about this EID which uses EID-Notify message.
East DC xTR router also installs a null 0 route for this prefix, whereas the West DC xTR adds this prefix in RIB.
N7K-FA8-East_xTR#show ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Null0, [241/0], 00:00:32, lisp, dyn-eid
N7K-358-West_xTR#show lisp dynamic-eid detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000001
Locator: 10.10.10.10, priority: 10, weight: 50
Uptime: 00:02:37, state: up, local
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: none configured
Number of roaming dynamic-EIDs discovered: 1
Last dynamic-EID discovered: 172.16.54.1, 00:00:06 ago
Roaming dynamic-EIDs:
172.16.54.200, (null), uptime: 00:00:28, last activity: 00:00:06
Discovered by: EID-Notify
EID-Notify Locators:
10.1.1.1
10.2.2.2
N7K-358-West_xTR#sh ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.0/24, ubest/mbest: 1/0
via 10.10.13.3, Eth3/2, [110/44], 00:01:00, ospf-1, intra
Local xTR registers EID with MR/MS:
East DC xTR also sends a Map-Register message to the MR/MS and registers this newly discovered EID with them. This is also true for Site-3 router.
MS_MR#show lisp site 172.16.54.200/32
LISP Site Registration Information
Site name: 1
Allowed configured locators: any
Requested EID-prefix:
EID-prefix: 172.16.54.200/32
First registered: 07:11:28
Routing table tag: 0
Origin: Dynamic, more specific of 172.16.54.0/24
Merge active: No
Proxy reply: No
TTL: 00:03:00
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.10.90.1, last registered 00:00:07, no proxy-reply, map-notify
TTL 00:03:00, no merge, hash-function sha1, nonce 0x00000000-0x00000000
state complete, no security-capability
xTR-ID N/A
site-ID N/A
Locator Local State Pri/Wgt Scope
10.10.10.10 yes up 10/50 IPv4 none
MS_MR#sh lisp site 172.16.20.0/24
LISP Site Registration Information
Site name: 2
Allowed configured locators: any
Requested EID-prefix:
EID-prefix: 172.16.20.0/24
First registered: 06:30:48
Routing table tag: 0
Origin: Configuration, accepting more specifics
Merge active: No
Proxy reply: No
TTL: 1d00h
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.10.67.7, last registered 00:00:23, no proxy-reply, map-notify
TTL 1d00h, no merge, hash-function sha1, nonce 0xEE339164-0xC3199AF1
state complete, no security-capability
xTR-ID 0x7C6C7CF6-0x2AE64A0C-0xDCBC62DA-0x79762795
site-ID unspecified
Locator Local State Pri/Wgt Scope
10.20.20.20 yes up 10/50 IPv4 none
Step 5. Verify traffic flow on both Site 1 and Site 3 xTRs:
N7K-358-West_xTR# show ip lisp map-cache
LISP IP Mapping Cache for VRF "default" (iid 0), 3 entries
* = Locator data counters are cumulative across all EID-prefixes
0.0.0.0/1, uptime: 00:13:28, expires: 00:01:31, via map-reply
Negative cache entry, action: forward-native
128.0.0.0/3, uptime: 00:13:28, expires: 00:01:31, via map-reply
Negative cache entry, action: forward-native
172.16.20.0/24, uptime: 00:00:26, expires: 23:59:33, via map-reply, auth
Locator Uptime State Priority/ Data Control MTU
Weight in/out in/out
10.20.20.20 00:00:26 up 10/50 0/0* 0/0 1500
Site 3 LISP Map Cache Entry:
Site-3#show ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries
0.0.0.0/0, uptime: 01:53:04, expires: never, via static send map-request
Negative cache entry, action: send-map-request
172.16.54.200/32, uptime: 01:50:02, expires: 22:09:57, via map-reply, complete
Locator Uptime State Pri/Wgt
10.10.10.10 01:50:02 up 10/50
Step 6. VM moves from West DC to East DC.
These steps are prior to the VM migration between the DC have taken place. Now, VM moves from West DC to East DC without the need to change the IP address. As soon as VM moves from West DC to East DC, FHR-3 at East DC receives the packet from the VM and it adds it's IP address to dynamic EID table. It then sends the map-notify request to all FHR which includes the West DC, and once West DC receives map-notify request, it removes the VM entry from dynamic-EID table which was created when the VM was present in the West DC. xTR at West DC now installs the null 0 route to VM's IP.
Here is the status of Dynamic-EID on FHR-3 at East DC:
N7K-FA8-East_FHR3# sh lisp dynamic-eid detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000003
Locator: 10.3.3.3, priority: 10, weight: 50
Uptime: 02:04:48, state: up, local
Locator: 10.4.4.4, priority: 10, weight: 50
Uptime: 02:03:27, state: up
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: 225.1.1.1
Extended Subnet Mode configured on 1 interfaces
Number of roaming dynamic-EIDs discovered: 1
Last dynamic-EID discovered: 172.16.54.1, 00:00:14 ago
Roaming dynamic-EIDs:
172.16.54.200, Vlan2, uptime: 00:04:28, last activity: 00:03:11
Discovered by: packet reception
N7K-FA8-East_FHR3# sh ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Vlan2, [240/0], 00:05:00, lisp, dyn-eid
via 172.16.54.200, Vlan2, [250/0], 00:05:10, am
So, the West FHR does not have the Dynamic EID for VM i.e.172.16.54.200:
N7K-358-West-FHR1(config)# sh lisp dynamic-eid summary
LISP Dynamic EID Summary for VRF "default"
* = Dyn-EID learned by site-based Map-Notify
! = Dyn-EID learned by routing protocol
^ = Dyn-EID learned by EID-Notify
Dyn-EID Name Dynamic-EID Interface Uptime Last Pending
Packet Ping Count
VM 172.16.54.2 Vlan2 00:33:30 00:00:07 0
Step 7. xTR at West DC adds the null 0 entry in routing table:
N7K-358-West_xTR# sh ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Null0, [241/0], 00:00:05, lisp, dyn-eid
Step 8. East xTR is updated by FHR-3 via EID notify and East xTR then sends a map-register to MS with the migrated VM's prefix:
N7K-FA8-East_xTR(config)# show lisp dynamic-eid Detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000001
Locator: 10.11.11.11, priority: 9, weight: 50
Uptime: 02:19:51, state: up, local
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: none configured
Number of roaming dynamic-EIDs discovered: 1
Last dynamic-EID discovered: 172.16.54.1, 00:00:58 ago
Roaming dynamic-EIDs:
172.16.54.200, (null), uptime: 00:17:50, last activity: 00:00:25
Discovered by: EID-Notify
EID-Notify Locators:
10.3.3.3
10.4.4.4
MS_MR#sh lisp site 172.16.54.200
LISP Site Registration Information
Site name: 1
Allowed configured locators: any
Requested EID-prefix:
EID-prefix: 172.16.54.200/32
First registered: 02:02:24
Routing table tag: 0
Origin: Dynamic, more specific of 172.16.54.0/24
Merge active: No
Proxy reply: No
TTL: 00:03:00
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.11.17.1, last registered 00:00:32, no proxy-reply, map-notify
TTL 00:03:00, no merge, hash-function sha1, nonce 0x00000000-0x00000000
state complete, no security-capability
xTR-ID N/A
site-ID N/A
Locator Local State Pri/Wgt Scope
10.11.11.11 yes up 9/50 IPv4 none
Step 9. Both xTR can update the map-cache entry.
Prior to the VM migration, for Site-3 the RLOC for the VM's IP was West xTR (10.10.10.10). Post-migration of VM to East DC, as soon as West xTR receives traffic from Site-3, it sends the SMR message to the Site-3 router in order to update the new RLOC address of the East xTR (10.11.11.11) as seen here:
Site-3#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries
0.0.0.0/0, uptime: 02:03:23, expires: never, via static send map-request
Negative cache entry, action: send-map-request
172.16.54.200/32, uptime: 02:00:22, expires: 23:57:56, via map-reply, complete
Locator Uptime State Pri/Wgt
10.11.11.11 00:02:03 up 9/50
N7K-FA8-East_xTR(config)# show ip lisp map-cache
LISP IP Mapping Cache for VRF "default" (iid 0), 1 entries
* = Locator data counters are cumulative across all EID-prefixes
172.16.20.0/24, uptime: 00:25:24, expires: 23:34:35, via map-reply, auth
Locator Uptime State Priority/ Data Control MTU
Weight in/out in/out
10.20.20.20 00:25:24 up 10/50 0/0* 0/0 1500
Use this section in order to confirm that your configuration works properly.
Verification is covered in Step 5. in the Order of Operation section.
This section provides information you can use in order to troubleshoot your configuration.
These debugs can be used in order to troubleshoot the LISP in controlled environment.
debug ip lisp mapping control debug lisp mapping register debug lisp smr debug lisp ha debug lisp loc-reach-algorithm receive-probe debug lisp loc-reach-algorithm send-probe debug ip mroute map_notify_addr 32 detail debug ip lisp mapping data