TTL Propagate Disable and Site-ID Qualification

The TTL Propagate Disable feature supports disabling of the TTL (Time-To-Live) propagation for implementing the traceroute tool in a LISP network when RLOC and EID belong to different address-family.

The Site ID Qualification feature supports Endpoint Identifier (EID) prefix registration by multiple LISP sites.

Information About TTL Propagate Disable and Site-ID Qualification

LISP Site

LISP site is a set of routers in an edge network that are under a single technical administration. LISP routers in the edge network are the demarcation points to separate the edge network from the core network.

Map Server (MS)

An MS implements part of the distributed LISP mapping database by accepting registration requests from its client Egress Tunnel Routers (ETRs) and aggregating the successfully registered EID prefixes of ETRs.

Routing Locator (RLOC)

An RLOC is an IPv4 or IPv6 address of an Egress Tunnel Router (ETR).

Traceroute Tool

The traceroute tool is used to discover the routes that packets take when traveling to their destination.

Site ID Qualification

A site is best conceptualized as an authentication domain: A set of ETRs under the same administrative control. The map server authenticates all ETRs in a site using the same shared key. Without the concept of a site, the map server would be required to have prior knowledge of every ETR in the network along with its authentication key. Site managers will not be able to deploy new ETRs without changing the configuration of the map servers. When a site is considered as an authentication domain as opposed to a topological grouping, then it is easy to see that the benefit of site ID qualification resides in the ability of reaching an EID prefix through ETRs under different administrative control.

With Site ID Qualification, the map server can have the same prefix configuration under multiple sites. The name of the feature stems from the requirement that any two sites with at least one prefix in common must be qualified with a unique site IDs.

TTL Propagation

Figure 1. TTL Propagation Mechanism


TTTL Propagation mechanism as shown in the figure is described below:
  • A LISP ITR encapsulates a packet and copies TTL value from inner header to outer header.
  • A LISP ETR decapsulates a packet and copies TTL value from outer header to inner header if the outer header TTL value is smaller than the inner header TTL.

When TTL propagation is enabled the traceroute tool can display all middle hops between an LISP ITR and ETR. However, when RLOC and EID are of different address-family the traceroute output is undesirable.

When the above cross address-family situation exists, LISP does not propagate TTL between inner and outer IPv4 or IPv6 headers. During encapsulation, ITR uses the maximum permissible TTL in the outer header instead of using the TTL value from the inner header.

It is better to make the LISP tunnel between the ITR and ETR appear as a single hop to the client of traceroute. This is done through the disable-ttl-propagate configuration CLI either for a specific eid-table or the entire router lisp tag.


Note


The TTL propagation is turned on automatically.


How to Configure Site ID Qualification

Configuring Site ID Qualification

site A
    conf t
router lisp 
site A
site-id 1
authentication-key key1
eid-prefix 1.2.0.0/16 accept-more-specifics


site B
   conf t
router lisp 
site A
site-id 1
authentication-key key2
eid-prefix 1.2.0.0/16 accept-more-specifics 

Example: Site ID Qualification

When a site ID registration is received, the map server searches for the longest matching configured prefix. If the resulting prefix is less specific than the registration and does not have "accept-more-specifics" keyword, the registration is rejected; otherwise it is authenticated using the key of the site associated with the prefix. In this example "lazy" map server configuration is used so that an ETR can register any prefix with the map server.

Lazy Map Server Configuration:


Note


Setup a new MSMR that has the same lazy configuration for two different sites.


enable
conf t
router lisp
 locator-table default
 site A
  site-id 100
  authentication-key key1
  eid-prefix 0.0.0.0/0 accept-more-specifics
  eid-prefix 2000:AAAA:BBBB::/96 accept-more-specifics
  exit
 !
 site B
  site-id 200
  authentication-key key2
  eid-prefix 0.0.0.0/0 accept-more-specifics
  eid-prefix 10.0.0.0/8 accept-more-specifics
  eid-prefix 21.0.0.0/8 accept-more-specifics
  eid-prefix 2000:BBBB:AAAA::/96 accept-more-specifics
  exit
 ipv4 map-server
 ipv4 map-resolver
 ipv6 map-server
 ipv6 map-resolver
 exit

How to Disable TTL Propagation


Note


The TTL propagation can be disabled for a specific EID-table or an entire router LISP tag.


Disabling TTL Propagation for EID-Table

enable
configure terminal
router lisp
eid-table default instance-id 0
disable-ttl-propagate
end

Disabling TTL Propagation for Router LISP Tag

enable
configure terminal
router lisp
disable-ttl-propagate
end

Verifying TTL Propagate Disable

Perform this task to verify the TTL Propagate Disable feature which is enabled automatically in the LISP network. In this example, a LISP site uses a single edge router that functions as both ITR and ETR (known as an xTR). Routing Locators (RLOCs) are in IPv4. EID prefixes are in both IPv4 and IPv6. The LISP site registers to two map server/map resolver (MSMR) devices in the network core. The topology used in verifying TTL Propagate Disable is as shown in the figure below.

Figure 2. TTL Propagate Disable Topology


The components as shown in the topology are described below:

  • xTR1 and xTR2 are xTRs for 2 LISP sites.
  • Core1 and Core 2 are routing locators (RLOCs) core routers with no LISP configuration.
  • New MSMR is a map-server and map-resolver with reliable map-registration support, whereas Old MSMR does not support reliable map-registration.
  • PxTR1 works as a Proxy Ingress Tunnel Router (PITR) and Proxy Egress Tunnel Router (PETR) between the network with 10.0.0.0/8 prefix and the LISP sites.
  • Only static routing protocols are used in this setup to reduce control traffic.

Note


An IPv6 EID and IPv4 RLOC traceroute output will hide the middle hops between ITR and ETR even when TTL propagation is not disabled.


After disabling TTL propagation, an IPv4 EID over IPv4 RLOC traceroute output appears as below on Host A:

Device# traceroute 192.168.0.22

Type escape sequence to abort.
Tracing the route to 192.168.0.22
VRF info: (vrf in name/id, vrf out name/id)
1 203.0.113.11 1 msec 1 msec 0 msec
2 10.40.40.21 1 msec 1 msec 1 msec
3 192.168.0.22 0 msec 2 msec *

Additional References for TTl Propagate Disable and Site-ID Qualification

Related Documents

Document Title

Location

Cisco IOS commands

Cisco IOS Master Command List, All Releases

LISP commands

Cisco IOS IP Routing: LISP Command Reference

Standards and RFCs

Standard/RFC

Title

RFC 6830

The Locator/ID Separation Protocol (LISP)

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for TTL Propagate Disable and Site-ID Qualification

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for TTL Propagate Disable and Site-ID Qualification

Feature Name

Releases

Feature Information

TTL Propagate Disable and Site-ID Qualification

The TTL Propagate Disable feature supports disabling of the TTL (Time-To-Live) propagation for implementing the traceroute tool in a LISP network when RLOC and EID belong to different address-family.

The Site ID Qualification feature supports Endpoint Identifier (EID) prefix registration by multiple LISP sites.

The following commands were modified: disable-ttl-propagate , eid-prefix , eid-table , router lisp , site-id , traceroute .