LISP Shared Model Virtualization

This guide describes how to configure Locator ID Separation Protocol (LISP) shared model virtualization using IOS XE Software on all LISP-related devices, including the Egress Tunnel Router, Ingress Tunnel Router (ITR), Proxy ETR (PETR), Proxy ITR (PITR), Map Resolver (MR), and Map Server (MS).

LISP implements a new routing architecture that utilizes a "level of indirection" to separate an IP address into two namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system. Splitting EID and RLOC functions yields several advantages including: improved routing system scalability, multihoming with ingress traffic engineering; efficient IPv6 Transition support; high-scale virtualization/multitenancy support; data center/VM-mobility support, including session persistence across mobility events; and seamless mobile node support.

Information About LISP Shared Model Virtualization

Overview of LISP Virtualization

Deploying physical network infrastructure requires both capital investments for hardware, as well as manpower investments for installation and operational management support. When distinct user groups within an organization desire to control their own networks, it rarely makes economic sense for these user groups to deploy and manage separate physical networks. Physical plants are rarely utilized to their fullest, resulting in stranded capacity (bandwidth, processor, memory, etc.). In addition, the power, rack space, and cooling needs to physical plants do not satisfy modern “green” requirements. Network virtualization offers the opportunity to satisfy organizational needs, while efficiently utilizing physical assets.

The purpose of network virtualization, as shown in the figure below, is to create multiple, logically separated topologies across one common physical infrastructure.

Figure 1. LISP Deployment Environment

When considering the deployment of a virtualized network environment, take into account both the device and the path level.

Device Level Virtualization

Virtualization at the device level entails the use of the virtual routing and forwarding (VRF) to create multiple instances of Layer 3 routing tables, as illustrated in the figure below. VRFs provide segmentation across IP addresses, allowing for overlapped address space and traffic separation. Separate routing, QoS, security, and management policies can be applied to each VRF instance. An IGP or EGP routing process is typically enabled within a VFR, just as it would be in the global (default) routing table. As described in detail below, LISP binds VRFs to instance IDs for similar purposes.

Figure 2. Device Level Virtualization

Path Level Virtualization

VRF table separation is maintained across network paths using any number of traditional mechanisms, as illustrated in the figure below. Single-hop path segmentation (hop-by-hop) is typically accomplished by techniques such as 802.1q VLANs, VPI/VCI PW, or EVN. LISP can also be used. Traditional multi-hop mechanisms include MPLS and GRE tunnels. As described in detail below, LISP binds VRFs to instance IDs (IIDs), and then these IIDs are included in the LISP header to provide data plane (traffic flow) separation for single or multihop needs.

Figure 3. Path Level Virtualization

LISP Virtualization at the Device Level

Recalling that LISP implements Locator ID separation and, in so doing, creates two namespaces (EIDs and RLOCs), it is easy to see that LISP virtualization can consider both EID and RLOC namespaces for virtualization. That is, either or both can be virtualized.

  • EID virtualization—Enabled by binding a LISP instance ID to an EID VRF. Instance IDs are numerical tags defined in the LISP canonical address format (LCAF) draft, and are used to maintain address space segmentation in both the control plane and data plane.

  • RLOC virtualization—Tying locator addresses and associated mapping services to the specific VRF within which they are reachable enables RLOC virtualization.

Because LISP considers virtualization of both EID and RLOC namespaces, two models of operation are defined: shared model and parallel model. For completeness, the discussions below begin first with a review of the default (non-virtualized) model of LISP, and then cover the details of shared and parallel models.

Default (Non-Virtualized) LISP Model

By default, LISP is not virtualized in either EID space or RLOC space. That is, unless otherwise configured, both EID and RLOC addresses are resolved in the default (global) routing table. This concept is illustrated in the figure below.

Figure 4. Default (Non-Virtualized) LISP Model (Resolves Both EID and RLOC Addresses in the Default (Global) Routing Table.

As shown in the figure above, both EID and RLOC addresses are resolved in the default table. The mapping system must also be reachable via the default table. This default model can be thought of as a single instantiation of the parallel model of LISP virtualization where EID and RLOC addresses are within the same namespace such as is the case in this default table.

LISP Shared Model Virtualization

LISP shared model virtualized EID space is created by binding VRFs associated with an EID space to Instance IDs. A common, shared locator space is used by all virtualized EIDs. This concept is illustrated in the figure below.

Figure 5. LISP shared model virtualization resolves EIDs within VRFs tied to Instance IDs. RLOC addresses are resolved in a common (shared) address space. The default (global) routing table is shown as the shared space.

As shown in the figure above, EID space is virtualized through its association with VRFs, and these VRFs are tied to LISP Instance IDs to segment the control plane and data plane in LISP. A common, shared locator space, the default (global) table as shown in the figure above, is used to resolve RLOC addresses for all virtualized EIDs. The mapping system must also be reachable via the common locator space.

LISP Shared Model Virtualization Architecture

Architecturally, LISP shared model virtualization can be deployed in single or multitenancy configurations. In the shared model single tenancy case, xTRs are dedicated to a customer but share infrastructure with other customers. Each customer and all sites associated with it use the same instance ID and are part of a VPN using their own EID namespace as shown in the figure below.

Figure 6. In a LISP shared model single tenancy use case, customers use their own xTRs and a shared common core network and mapping system. LISP instance IDs segment the LISP data plane and control plane.

In the shared model multitenancy case, a set of xTRs is shared (virtualized) among multiple customers. These customers also share a common infrastructure with other single and multitenant customers. Each customer and all sites associated with it use the same instance ID and are part of a VPN using their own EID namespace as shown in the figure below.

Figure 7. In a LISP shared model multitenancy use case, customer's use shared xTRs and a shared common core network and mapping system. LISP instance IDs segment the LISP data plane and control plane.

LISP Shared Model Virtualization Implementation Considerations and Caveats

When LISP Shared Model is implemented, several important considerations and caveats are important. Instance IDs must be unique to an EID VRF. Review the example below: 

xTR-1(config)# vrf definition alpha
xTR-1(config-vrf)# address-family ipv4
xTR-1(config-vrf-af)# exit
xTR-1(config)# vrf definition beta
xTR-1(config-vrf)# address-family ipv4
xTR-1(config-vrf-af)# exit
xTR-1(config-vrf)# exit
xTR-1(config)# router lisp 
xTR-1(config-router-lisp)# eid-table vrf alpha instance-id 101
xTR-1(config-router-lisp-eid-table)# exit
xTR-1(config-router-lisp)# eid-table vrf beta instance-id 101
Instance ID 101 is bound to the vrf alpha EID table.

In the above example, two EID VRFs are created: alpha and beta. Under the router lisp command, an EID table VRF named alpha is specified and associated with the instance ID 101. Next, an EID table VRF named beta is specified and also associated with the instance ID 101. As indicated by the router, this is not permissible since instance ID 101 is already associated with the EID VRF named alpha. That is, you cannot connect the same instance-id to more than one EID VRF.

How to Configure LISP Shared Model Virtualization

Configure Simple LISP Shared Model Virtualization

Perform this task to enable and configure LISP ITR/ETR (xTR) functionality with LISP map server and map resolver to implement LISP shared model virtualization. This LISP shared model reference configuration is for a very simple two-site LISP topology, including xTRs and an MS/MR.

The configuration implemented in this task and illustrated in the figure below shows a basic LISP shared model virtualization solution. In this example, two LISP sites are deployed, each containing two VRFs: PURPLE and GOLD. LISP is used to provide virtualized connectivity between these two sites across a common IPv4 core, while maintaining address separation between the two VRFs.

Figure 8. Simple LISP Site with virtualized IPv4 and IPv6 EIDs and a shared IPv4 core

Each LISP Site uses a single edge router configured as both an ITR and ETR (xTR), with a single connection to its upstream provider. The RLOC is IPv4, and IPv4 and IPv6 EID prefixes are configured. Each LISP site registers to a map server/map resolver (MS/MR) device located in the network core within the shared RLOC address space. The topology used in this most basic LISP configuration is shown in the figure above.

The components illustrated in the topology shown in the figure above are described below:

  • LISP site:

    • The CPE functions as a LISP ITR and ETR (xTR).

    • Both LISP xTRs have two VRFs: GOLD and PURPLE, with each VRF containing both IPv4 and IPv6 EID-prefixes, as shown in the figure above. Note the overlapping prefixes, used for illustration purposes. A LISP instance-id is used to maintain separation between two VRFs. Note that in this example, the share key is configured "per-site" and not "per-VRF." (Case 2 illustrates a configuration where the shared key is per-VPN.)

    • Each LISP xTR has a single RLOC connection to a shared IPv4 core network.

  • Mapping system:

    • One map server/map resolver system is shown in the figure above and assumed available for the LISP xTR to register to. The MS/MR has an IPv4 RLOC address of 10.0.2.2, within the shared IPv4 core.

    • The map server site configurations are virtualized using LISP instance-ids to maintain separation between the two VRFs.

Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITR and ETR (xTR) functionality when using a LISP map-server and map-resolver for mapping services. The example configurations at the end of this task show the full configuration for two xTRs (xTR1 and xTR2).

Before you begin

The configuration below assumes that the referenced VRFs were created using the vrf definition command.

SUMMARY STEPS

  1. configure terminal
  2. router lisp
  3. eid-table vrfvrf-name instance-id instance-id
  4. Do one of the following:
    • database-mapping EID-prefix/prefix-length locator priority priority weight weight
    • database-mapping EID-prefix/prefix-length locator priority priority weight weight
  5. Repeat Step 4 until all EID-to-RLOC mappings for the LISP site are configured.
  6. exit
  7. ipv4 itr
  8. ipv4 etr
  9. ipv4 itr map-resolver map-resolver-address
  10. ipv4 etr map-server map-server-address key key-type authentication-key
  11. ipv6 itr
  12. ipv6 etr
  13. ipv6 itr map-resolver map-resolver-address
  14. ipv6 etr map-server map-server-address key key-type authentication-key
  15. exit
  16. ip route ipv4-prefix next-hop
  17. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 2

router lisp

Example:


Router(config)# router lisp

Enters LISP configuration mode (Cisco IOS XE software only).

Step 3

eid-table vrfvrf-name instance-id instance-id

Example:


Router(config-router-lisp)# eid-table vrf GOLD instance-id 102

Configures an association between a VRF table and a LISP instance ID, and enters eid-table configuration submode.

  • In this example, the VRF table GOLD and instance-id 102 are associated together.

Step 4

Do one of the following:

  • database-mapping EID-prefix/prefix-length locator priority priority weight weight
  • database-mapping EID-prefix/prefix-length locator priority priority weight weight

Example:


Router(config-router-lisp-eid-table)# database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 100

Example:


Router(config-router-lisp-eid-table)# database-mapping 192.168.1.0/24 ipv4-interface Ethernet0/0 priority 1 weight 100

Configures an EID-to-RLOC mapping relationship and its associated traffic policy for this LISP site.

  • In the first example, a single IPv4 EID prefix, 192.168.1.0/24, is being associated with the single IPv4 RLOC 10.0.0.2.

  • In the second example, the alternative configuration shows the use of the dynamic interface form of the database-mapping command. This form is useful when the RLOC address is obtained dynamically, such as via DHCP.

Step 5

Repeat Step 4 until all EID-to-RLOC mappings for the LISP site are configured.

Example:


Router(config-router-lisp-eid-table)# database-mapping 2001:db8:b:a::/64 10.0.0.2 priority 1 weight 100

Configures an EID-to-RLOC mapping relationship and its associated traffic policy for this LISP site.

Step 6

exit

Example:


Router(config-router-lisp-eid-table)# exit

Exits eid-table configuration submode and returns to LISP configuration mode.

Step 7

ipv4 itr

Example:


Router(config-router-lisp)# ipv4 itr

Enables LISP ITR functionality for the IPv4 address family.

Step 8

ipv4 etr

Example:


Router(config-router-lisp)# ipv4 etr

Enables LISP ETR functionality for the IPv4 address family.

Step 9

ipv4 itr map-resolver map-resolver-address

Example:


Router(config-router-lisp)# ipv4 itr map-resolver 10.0.2.2

Configures a locator address for the LISP map resolver to which this router will send map request messages for IPv4 EID-to-RLOC mapping resolutions.

  • The locator address of the map resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map resolver is reachable using its IPv4 locator address. (See the LISP Command Reference Guide for more details.)

Note

 

Up to two map resolvers may be configured if multiple map resolvers are available. (See the LISP Command Reference Guide for more details.)

Step 10

ipv4 etr map-server map-server-address key key-type authentication-key

Example:


Router(config-router-lisp)# ipv4 etr map-server 10.0.2.2 key 0 Left-key

Configures a locator address for the LISP map server and an authentication key for which this router, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system.

  • The map server must be configured with EID prefixes and instance IDs matching those configured on this ETR and with an identical authentication key.

Note

 

The locator address of the map server may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map-server is reachable using its IPv4 locator addresses. (See the LISP Command Reference Guide for more details.)

Step 11

ipv6 itr

Example:


Router(config-router-lisp)# ipv6 itr

Enables LISP ITR functionality for the IPv6 address family.

Step 12

ipv6 etr

Example:


Router(config-router-lisp)# ipv6 etr

Enables LISP ETR functionality for the IPv6 address family.

Step 13

ipv6 itr map-resolver map-resolver-address

Example:


Router(config-router-lisp)# ipv6 itr map-resolver 10.0.2.2

Configures a locator address for the LISP map resolver to which this router will send map request messages for IPv6 EID-to-RLOC mapping resolutions.

  • The locator address of the map resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map-resolver is reachable using its IPv4 locator addresses. (See the LISP Command Reference Guide for more details.)

Note

 

Up to two map resolvers may be configured if multiple map resolvers are available. (See the LISP Command Reference Guide for more details.)

Step 14

ipv6 etr map-server map-server-address key key-type authentication-key

Example:


Router(config-router-lisp)# ipv6 etr map-server 10.0.2.2 key 0 Left-key

Configures a locator address for the LISP map-server and an authentication key that this router, acting as an IPv6 LISP ETR, will use to register to the LISP mapping system.

  • The map-server must be configured with EID prefixes and instance IDs matching those configured on this ETR and with an identical authentication key.

Note

 

The locator address of the map-server may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map-server is reachable using its IPv4 locator addresses. (See the LISP Command Reference Guide for more details.)

Step 15

exit

Example:


Router(config-router-lisp)# exit

Exits LISP configuration mode and returns to global configuration mode.

Step 16

ip route ipv4-prefix next-hop

Example:


Router(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.1

Configures a default route to the upstream next hop for all IPv4 destinations.

  • All IPv4 EID-sourced packets destined to both LISP and non-LISP sites are forwarded in one of two ways:
    • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
    • natively forwarded when traffic is LISP-to-non-LISP
  • Packets are deemed to be a candidate for LISP encapsulation when they are sourced from a LISP EID and the destination matches one of the following entries:
    • a current map-cache entry
    • a default route with a legitimate next-hop
    • no route at all
In this configuration example, because the xTR has IPv4 RLOC connectivity, a default route to the upstream SP is used for all IPv4 packets to support LISP processing.

Step 17

exit

Example:


Router(config)# exit

Exits global configuration mode.

Example:

The examples below show the complete configuration for the LISP topology illustrated in the figure shown above the task steps and follows the examples in the steps in this task. On the xTRs, the VRFs and EID prefixes are assumed to be attached to VLANs configured on the devices.

Example configuration for the Left xTR: 


hostname Left-xTR
!
ipv6 unicast-routing
!
vrf definition PURPLE
 address-family ipv4
 exit
 address-family ipv6
 exit
!
vrf definition GOLD
 address-family ipv4
 exit
 address-family ipv6
 exit
!
interface Ethernet0/0
 ip address 10.0.0.2 255.255.255.0
!
interface Ethernet1/0.1
 encapsulation dot1q 101
 vrf forwarding PURPLE
 ip address 192.168.1.1 255.255.255.0
 ipv6 address 2001:DB8:A:A::1/64
!
interface Ethernet1/0.2
 encapsulation dot1q 102
 vrf forwarding GOLD
 ip address 192.168.1.1 255.255.255.0
 ipv6 address 2001:DB8:B:A::1/64
!
router lisp
 eid-table vrf PURPLE instance-id 101
  database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
  database-mapping 2001:DB8:A:A::/64 10.0.0.2 priority 1 weight 1 
 eid-table vrf GOLD instance-id 102
  database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
  database-mapping 2001:DB8:B:A::/64 10.0.0.2 priority 1 weight 1 
 exit
 !
 ipv4 itr map-resolver 10.0.2.2
 ipv4 itr
 ipv4 etr map-server 10.0.2.2 key Left-key
 ipv4 etr
 ipv6 itr map-resolver 10.0.2.2
 ipv6 itr
 ipv6 etr map-server 10.0.2.2 key Left-key
 ipv6 etr
 exit
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!

Example configuration for Right xTR: 


hostname Right-xTR
!
ipv6 unicast-routing
!
vrf definition PURPLE
 address-family ipv4
 exit
 address-family ipv6
 exit
!
vrf definition GOLD
 address-family ipv4
 exit
 address-family ipv6
 exit
!
interface Ethernet0/0
 ip address 10.0.1.2 255.255.255.0
!
interface Ethernet1/0.1
 encapsulation dot1q 101
 vrf forwarding PURPLE
 ip address 192.168.2.1 255.255.255.0
 ipv6 address 2001:DB8:A:B::1/64
!
interface Ethernet1/0.2
 encapsulation dot1q 102
 vrf forwarding GOLD
 ip address 192.168.2.1 255.255.255.0
 ipv6 address 2001:DB8:B:B::1/64
!
router lisp
 eid-table vrf PURPLE instance-id 101
  database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 1
  database-mapping 2001:DB8:A:B::/64 10.0.1.2 priority 1 weight 1 
 eid-table vrf GOLD instance-id 102
  database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 1
  database-mapping 2001:DB8:B:B::/64 10.0.1.2 priority 1 weight 1 
 exit
 !
 ipv4 itr map-resolver 10.0.2.2
 ipv4 itr
 ipv4 etr map-server 10.0.2.2 key Right-key
 ipv4 etr
 ipv6 itr map-resolver 10.0.2.2
 ipv6 itr
 ipv6 etr map-server 10.0.2.2 key Right-key
 ipv6 etr
 exit
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1
!

Configuring a Private LISP Mapping System for LISP Shared Model Virtualization

Perform this task to configure and enable standalone LISP map server/map resolver functionality for LISP shared model virtualization. In this task, a Cisco router is configured as a standalone map server/map resolver (MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a stand-alone device, it has no need for LISP Alternate Logical Topology (ALT) connectivity. All relevant LISP sites must be configured to register with this map server so that this map server has full knowledge of all registered EID Prefixes within the (assumed) private LISP system.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. router lisp
  4. site site-name
  5. authentication-key [key-type] authentication-key
  6. eid-prefix instance-id instance-id EID-prefix
  7. eid-prefix instance-id instance-id EID-prefix
  8. exit
  9. ipv4 map-resolver
  10. ipv4 map-server
  11. ipv6 map-resolver
  12. ipv6 map-server
  13. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

router lisp

Example:

Router(config)# router lisp

Enters LISP configuration mode (IOS only).

Step 4

site site-name

Example:

Router(config-router-lisp)# site Left

Specifies a LISP site named Left and enters LISP site configuration mode.

Note

 

A LISP site name is locally significant to the map server on which it is configured. It has no relevance anywhere else. This name is used solely as an administrative means of associating EID-prefix or prefixes with an authentication key and other site-related mechanisms.

Step 5

authentication-key [key-type] authentication-key

Example:

Router(config-router-lisp-site)# authentication-key 0 Left-key

Configures the password used to create the SHA-2 HMAC hash for authenticating the map register messages sent by an ETR when registering to the map server.

Note

 

The LISP ETR must be configured with an identical authentication key as well as matching EID prefixes and instance IDs.

Step 6

eid-prefix instance-id instance-id EID-prefix

Example:

Router(config-router-lisp-site)# eid-prefix instance-id 102 192.168.1.0/24
Configures an EID prefix and instance ID that are allowed in a map register message sent by an ETR when registering to this map server. Repeat this step as necessary to configure additional EID prefixes under this LISP site.

  • In this example, the IPv4 EID prefix 192.168.1.0/24 and instance ID 102 are associated together. To complete this task, an IPv6 EID prefix is required.

Step 7

eid-prefix instance-id instance-id EID-prefix

Example:

Router(config-router-lisp-site)# eid-prefix instance-id 102 2001:db8:a:b::/64
Configures an EID prefix and instance ID that are allowed in a map register message sent by an ETR when registering to this map server.

  • In this example, the IPv6 EID prefix 2001:db8:a:b::/64 and instance ID 102 are associated together.

Step 8

exit

Example:

Router(config-router-lisp-site)# exit

Exits LISP site configuration mode and returns to LISP configuration mode.

Step 9

ipv4 map-resolver

Example:

Router(config-router-lisp)# ipv4 map-resolver

Enables LISP map resolver functionality for EIDs in the IPv4 address family.

Step 10

ipv4 map-server

Example:

Router(config-router-lisp)# ipv4 map-server

Enables LISP map server functionality for EIDs in the IPv4 address family.

Step 11

ipv6 map-resolver

Example:

Router(config-router-lisp)# ipv6 map-resolver

Enables LISP map resolver functionality for EIDs in the IPv6 address family.

Step 12

ipv6 map-server

Example:

Router(config-router-lisp)# ipv6 map-server

Enables LISP map server functionality for EIDs in the IPv6 address family.

Step 13

end

Example:

Router(config-router-lisp)# end

Exits LISP configuration mode and returns to privileged EXEC mode.

Example:

Example configuration for the map server/map resolver. 


hostname MSMR
!
interface Ethernet0/0
 ip address 10.0.2.2 255.255.255.0
!
 router lisp
  !
  site Left
   authentication-key Left-key
   eid-prefix instance-id 101 192.168.1.0/24
   eid-prefix instance-id 101 2001:DB8:A:A::/64
   eid-prefix instance-id 102 192.168.1.0/24
   eid-prefix instance-id 102 2001:DB8:B:A::/64
   exit
  !
  site Right
   authentication-key Right-key
   eid-prefix instance-id 101 192.168.2.0/24
   eid-prefix instance-id 101 2001:DB8:A:B::/64
   eid-prefix instance-id 102 192.168.2.0/24
   eid-prefix instance-id 102 2001:DB8:B:B::/64
   exit
  !
  ipv4 map-server
  ipv4 map-resolver
  ipv6 map-server
  ipv6 map-resolver  
  exit
 !
 ip route 0.0.0.0 0.0.0.0 10.0.2.1

Configure Large-Scale LISP Shared Model Virtualization

Perform this task to enable and configure LISP ITR/ETR (xTR) functionality with LISP map server and map resolver to implement LISP shared model virtualization. This LISP shared model reference configuration is for a large-scale, multiple-site LISP topology, including xTRs and multiple MS/MRs.

The configuration demonstrated in this task shows a more complex, larger scale LISP virtualization solution. In this task, an enterprise is deploying LISP Shared Model where EID space is virtualized over a shared, common core network. A subset of their entire network is illustrated in Figure 12. In this figure, three sites are shown: a multihomed "Headquarters" (HQ) site, and two remote office sites. The HQ site routers are deployed as xTRs and also as map resolver/map servers. The remote site routers only act as xTRs, and use the MS/MRs at the HQ site for LISP control plane support.

Figure 9. Large Scale LISP Site with Virtualized IPv4 EIDs and a Shared IPv4 Core

The components illustrated in the topology shown in the figure above are described below:

  • LISP site:

    • Each CPE router functions as a LISP ITR and ETR (xTR), as well as a Map-Server/Map-Resolver (MS/MR).

    • Both LISP xTRs have three VRFs: TRANS (for transactions), SOC (for security operations), and FIN (for financials). Each VRF contains only IPv4 EID-prefixes. Note that no overlapping prefixes are used, but segmentation between each VRF by LISP instance-ids makes this possible. Also note that in this example, the separate authentication key is configured “per-vrf�? and not “per-site.�? This affects both the xTR and MS configurations.

    • The HQ LISP Site is multi-homed to the shared IPv4 core, but each xTR at the HQ site has a single RLOC.

    • Each CPE also functions as an MS/MR to which the HQ and Remote LISP sites can register.

    • The map server site configurations are virtualized using LISP instance IDs to maintain separation between the three VRFs.

  • LISP remote sites:

    • Each remote site CPE router functions as a LISP ITR and ETR (xTR).

    • Each LISP xTRs has the same three VRFs as the HQ Site: TRANS, SOC, and FIN. Each VRF contains only IPv4 EID-prefixes.

    • Each remote site LISP xTR has a single RLOC connection to a shared IPv4 core network.

Before you begin

The configuration below assumes that the referenced VRFs were created using the vrf definition command.

SUMMARY STEPS

  1. configure terminal
  2. router lisp
  3. site site-name
  4. authentication-key [key-type] authentication-key
  5. eid-prefix instance-id instance-id EID-prefix/prefix-length accept-more-specifics
  6. exit
  7. Repeat steps 3 through 6 for each LISP site to be configured.
  8. ipv4 map-resolver
  9. ipv4 map-server
  10. eid-table vrfvrf-name instance-id instance-id
  11. database-mapping EID-prefix/prefix-length locator priority priority weight weight
  12. Repeat Step 11 until all EID-to-RLOC mappings within this eid-table vrf and instance ID for the LISP site are configured.
  13. ipv4 etr map-server map-server-address key key-type authentication-key
  14. Repeat Step 13 to configure another locator address for the same LISP map server
  15. exit
  16. ipv4 itr map-resolver map-resolver-address
  17. Repeat Step 16 to configure another locator address for the LISP map resolver
  18. ipv4 itr
  19. ipv4 etr
  20. exit
  21. ip route ipv4-prefix next-hop
  22. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 2

router lisp

Example:


Router(config)# router lisp

Enters LISP configuration mode (IOS XE software only).

Step 3

site site-name

Example:


Router(config-router-lisp)# site TRANS

Specifies a LISP site named TRANS and enters LISP site configuration mode.

Note

 

A LISP site name is locally significant to the map server on which it is configured. It has no relevance anywhere else. This name is used solely as an administrative means of associating EID-prefix or prefixes with an authentication key and other site-related mechanisms.

Step 4

authentication-key [key-type] authentication-key

Example:


Router(config-router-lisp-site)# authentication-key 0 TRANS-key

Configures the password used to create the SHA-2 HMAC hash for authenticating the map register messages sent by an ETR when registering to the map server.

Note

 

The LISP ETR must be configured with an identical authentication key as well as matching EID prefixes and instance IDs.

Step 5

eid-prefix instance-id instance-id EID-prefix/prefix-length accept-more-specifics

Example:


Router(config-router-lisp-site)# eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics
Configures an EID prefix and instance ID that are allowed in a map register message sent by an ETR when registering to this map server. Repeat this step as necessary to configure additional EID prefixes under this LISP site.

  • In the example, EID-prefix 10.1.0.0/16 and instance-id 1 are associated together. The EID-prefix 10.1.0.0/16 is assumed to be an aggregate covering all TRANS EID-prefixes at all LISP Sites. The keyword accept-more-specifics is needed in this case to allow each site to register its more-specific EID-prefix contained within that aggregate. If aggregation is not possible, simply enter all EID-prefixes integrated within instance-id 1.

Step 6

exit

Example:


Router(config-router-lisp-site)# exit

Exits LISP site configuration mode and returns to LISP configuration mode.

Step 7

Repeat steps 3 through 6 for each LISP site to be configured.

In this example, steps 3 through 6 would be repeated for the site SOC and FIN as illustrated in the complete configuration example at the end of this task.

Step 8

ipv4 map-resolver

Example:


Router(config-router-lisp)# ipv4 map-resolver

Enables LISP map resolver functionality for EIDs in the IPv4 address family.

Step 9

ipv4 map-server

Example:


Router(config-router-lisp)# ipv4 map-server

Enables LISP map server functionality for EIDs in the IPv4 address family.

Step 10

eid-table vrfvrf-name instance-id instance-id

Example:


Router(config-router-lisp)# eid-table vrf TRANS instance-id 1

Configures an association between a VRF table and a LISP instance ID, and enters eid-table configuration submode.

  • In this example, the VRF table TRANS and instance-id 1 are associated together.

Step 11

database-mapping EID-prefix/prefix-length locator priority priority weight weight

Example:


Router(config-router-lisp-eid-table)# database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 100

Configures an EID-to-RLOC mapping relationship and its associated traffic policy for this LISP site.

  • In this example, the EID prefix 10.1.1.0/24 within instance-id 1 at this site is associated with the local IPv4 RLOC 172.16.1.2, as well as with the neighbor xTR RLOC 172.6.1.6.

Step 12

Repeat Step 11 until all EID-to-RLOC mappings within this eid-table vrf and instance ID for the LISP site are configured.

Example:


Router(config-router-lisp-eid-table)# database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 100

Configures an EID-to-RLOC mapping relationship and its associated traffic policy for this LISP site.

Step 13

ipv4 etr map-server map-server-address key key-type authentication-key

Example:


Router(config-router-lisp-eid-table)# ipv4 etr map-server 172.16.1.2 key 0 TRANS-key

Configures a locator address for the LISP map server and an authentication key for which this router, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system.

  • In this example, the map server and authentication-key are specified here, within the eid-table subcommand mode, so that the authentication key is associated only with this instance ID, within this VPN.

Note

 

The map server must be configured with EID prefixes and instance-ids matching the one(s) configured on this ETR, as well as an identical authentication key.

Note

 

The locator address of the map server may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map server is reachable using its IPv4 locator addresses. (See the LISP Command Reference Guide for more details.)

Step 14

Repeat Step 13 to configure another locator address for the same LISP map server

Example:


Router(config-router-lisp-eid-table)# ipv4 etr map-server 172.16.1.6 key 0 TRANS-key

Configures a locator address for the LISP map server and an authentication key for which this router, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system.

  • In this example, a redundant map server is configured. (Because the MS is co-located with the xTRs in this case, this command indicates that this xTR is pointing to itself for registration (and its neighbor xTR/MS/MR at the same site).

Step 15

exit

Example:


Router(config-router-lisp-eid-table)# exit

Exits eid-table configuration submode and returns to LISP configuration mode.

Step 16

ipv4 itr map-resolver map-resolver-address

Example:


Router(config-router-lisp)# ipv4 itr map-resolver 172.16.1.2

Configures a locator address for the LISP map resolver to which this router will send map request messages for IPv4 EID-to-RLOC mapping resolutions.

  • In this example, the map resolver is specified within router lisp configuration mode and inherited into all eid-table instances since nothing is related to any single instance ID. In addition, redundant map resolvers are configured. (Because the MR is co-located with the xTRs in this case, this command indicates that this xTR is pointing to itself for mapping resolution (and its neighbor xTR/MS/MR at the same site).

  • The locator address of the map resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map resolver is reachable using its IPv4 locator address. (See the LISP Command Reference Guide for more details.)

Note

 

Up to two map resolvers may be configured if multiple map resolvers are available. (See the LISP Command Reference Guide for more details.)

Step 17

Repeat Step 16 to configure another locator address for the LISP map resolver

Example:


Router(config-router-lisp)# ipv4 itr map-resolver 172.16.1.6

Configures a locator address for the LISP map resolver to which this router will send map request messages for IPv4 EID-to-RLOC mapping resolutions.

  • In this example, a redundant map resolver is configured. (Because the MR is co-located with the xTRs in this case, this command indicates that this xTR is pointing to itself for mapping resolution (and its neighbor xTR/MS/MR at the same site).

  • The locator address of the map resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map resolver is reachable using its IPv4 locator address. (See the LISP Command Reference Guide for more details.)

Note

 

Up to two map resolvers may be configured if multiple map resolvers are available. (See the LISP Command Reference Guide for more details.)

Step 18

ipv4 itr

Example:


Router(config-router-lisp)# ipv4 itr

Enables LISP ITR functionality for the IPv4 address family.

Step 19

ipv4 etr

Example:


Router(config-router-lisp)# ipv4 etr

Enables LISP ETR functionality for the IPv4 address family.

Step 20

exit

Example:


Router(config-router-lisp)# exit

Exits LISP configuration mode and returns to global configuration mode.

Step 21

ip route ipv4-prefix next-hop

Example:


Router(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1

Configures a default route to the upstream next hop for all IPv4 destinations.

  • All IPv4 EID-sourced packets destined to both LISP and non-LISP sites are forwarded in one of two ways:
    • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
    • natively forwarded when traffic is LISP-to-non-LISP
  • Packets are deemed to be a candidate for LISP encapsulation when they are sourced from a LISP EID and the destination matches one of the following entries:
    • a current map-cache entry
    • a default route with a legitimate next-hop
    • no route at all
In this configuration example, because the xTR has IPv4 RLOC connectivity, a default route to the upstream SP is used for all IPv4 packets to support LISP processing.

Step 22

exit

Example:


Router(config)# exit

Exits global configuration mode.

Example:

The examples below show the complete configuration for the HQ-RTR-1 and HQ-RTR-2 (xTR/MS/MR located at the HQ Site), and Site2-xTR LISP devices illustrated in the figure above and in this task. Note that both HQ-RTR-1 and HQ-RTR-2 are provided in order to illustrate the proper method for configuring a LISP multihomed site.

Example configuration for HQ-RTR-1 with an xTR, a map server and a map resolver: 


hostname HQ-RTR-1
!
vrf definition TRANS
 address-family ipv4
 exit
!
vrf definition SOC
address-family ipv4
 exit
!
vrf definition FIN
address-family ipv4
 exit
!
interface Loopback0
 description Management Loopback (in default space)
 ip address 172.31.1.11 255.255.255.255
!
interface GigabitEthernet0/0/0
 description WAN Link to IPv4 Core
 ip address 172.16.1.2 255.255.255.252
 negotiation auto
!
interface GigabitEthernet0/0/1
 vrf forwarding TRANS
 ip address 10.1.1.1 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/0/2
 vrf forwarding SOC
 ip address 10.2.1.1 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/0/3
 vrf forwarding FIN
 ip address 10.3.1.1 255.255.255.0
 negotiation auto
!
router lisp
 eid-table default instance-id 0
  database-mapping 172.31.1.11/32 172.16.1.2 priority 1 weight 50 
  database-mapping 172.31.1.11/32 172.16.1.6 priority 1 weight 50
  ipv4 etr map-server 172.16.1.2 key DEFAULT-key
  ipv4 etr map-server 172.16.1.6 key DEFAULT-key
  exit
 !
 eid-table vrf TRANS instance-id 1
  database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50
  database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50
  ipv4 etr map-server 172.16.1.2 key TRANS-key
  ipv4 etr map-server 172.16.1.6 key TRANS-key
  exit
 !
 eid-table vrf SOC instance-id 2
  database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50
  database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50  
  ipv4 etr map-server 172.16.1.2 key SOC-key
  ipv4 etr map-server 172.16.1.6 key SOC-key
  exit
 !
 eid-table vrf FIN instance-id 3
  database-mapping 10.3.1.0/24 172.16.1.2 priority 1 weight 50
  database-mapping 10.3.1.0/24 172.16.1.6 priority 1 weight 50    
  ipv4 etr map-server 172.16.1.2 key FIN-key
  ipv4 etr map-server 172.16.1.6 key FIN-key
  exit
 !
 site DEFAULT
  authentication-key DEFAULT-key
  eid-prefix 172.31.1.0/24 accept-more-specifics
  exit
 !
 site TRANS
  authentication-key TRANS-key
  eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics
  exit
 !
 site SOC
  authentication-key SOC-key
  eid-prefix instance-id 2 10.2.0.0/16 accept-more-specifics
  exit
 !
 site FIN
  authentication-key FIN-key
  eid-prefix instance-id 3 10.3.0.0/16 accept-more-specifics
  exit
 !
 ipv4 map-server
 ipv4 map-resolver
 ipv4 itr map-resolver 172.16.1.2
 ipv4 itr map-resolver 172.16.1.6
 ipv4 itr
 ipv4 etr
 exit
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1

Example configuration for HQ-RTR-2 with an xTR, a map server and a map resolver: 


hostname HQ-RTR-2
!
vrf definition TRANS
address-family ipv4
 exit
!
vrf definition SOC
address-family ipv4
 exit
!
vrf definition FIN
address-family ipv4
 exit
!
interface Loopback0
 description Management Loopback (in default space)
 ip address 172.31.1.12 255.255.255.255
!
interface GigabitEthernet0/0/0
 description WAN Link to IPv4 Core
 ip address 172.16.1.6 255.255.255.252
 negotiation auto
!
interface GigabitEthernet0/0/1
 vrf forwarding TRANS
 ip address 10.1.1.2 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/0/2
 vrf forwarding SOC
 ip address 10.2.1.2 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/0/3
 vrf forwarding FIN
 ip address 10.3.1.2 255.255.255.0
 negotiation auto
!
router lisp
 eid-table default instance-id 0
  database-mapping 172.31.1.12/32 172.16.1.2 priority 1 weight 50 
  database-mapping 172.31.1.12/32 172.16.1.6 priority 1 weight 50
  ipv4 etr map-server 172.16.1.2 key DEFAULT-key
  ipv4 etr map-server 172.16.1.6 key DEFAULT-key
  exit
 !
 eid-table vrf TRANS instance-id 1
  database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50
  database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50
  ipv4 etr map-server 172.16.1.2 key TRANS-key
  ipv4 etr map-server 172.16.1.6 key TRANS-key
  exit
 !
 eid-table vrf SOC instance-id 2
  database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50
  database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50  
  ipv4 etr map-server 172.16.1.2 key SOC-key
  ipv4 etr map-server 172.16.1.6 key SOC-key
  exit
 !
 eid-table vrf FIN instance-id 3
  database-mapping 10.3.1.0/24 172.16.1.2 priority 1 weight 50
  database-mapping 10.3.1.0/24 172.16.1.6 priority 1 weight 50    
  ipv4 etr map-server 172.16.1.2 key FIN-key
  ipv4 etr map-server 172.16.1.6 key FIN-key
  exit
 !
 site DEFAULT
  authentication-key DEFAULT-key
  eid-prefix 172.31.1.0/24 accept-more-specifics
  exit
 !
 site TRANS
  authentication-key TRANS-key
  eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics
  exit
 !
 site SOC
  authentication-key SOC-key
  eid-prefix instance-id 2 10.2.0.0/16 accept-more-specifics
  exit
 !
 site FIN
  authentication-key FIN-key
  eid-prefix instance-id 3 10.3.0.0/16 accept-more-specifics
  exit
 !
 ipv4 map-server
 ipv4 map-resolver
 ipv4 itr map-resolver 172.16.1.2
 ipv4 itr map-resolver 172.16.1.6
 ipv4 itr
 ipv4 etr
 exit
!
ip route 0.0.0.0 0.0.0.0 172.16.1.5

Configure a Remote Site for Large-Scale LISP Shared Model Virtualization

Perform this task to enable and configure LISP ITR/ETR (xTR) functionality at a remote site to implement LISP shared model virtualization as part of a large-scale, multiple-site LISP topology.

The configuration demonstrated in this task is part of a more complex, larger scale LISP virtualization solution. In this task, the configuration applies to one of the remote sites shown in the figure below. In this task, the remote site routers only act as xTRs, and use the MS/MRs at the HQ site for LISP control plane support.

Figure 10. Large Scale LISP Site with Virtualized IPv4 EIDs and a Shared IPv4 Core

The components illustrated in the topology shown in the figure above are described below:

  • LISP remote sites:

    • Each remote site CPE router functions as a LISP ITR and ETR (xTR).

    • Each LISP xTRs has the same three VRFs as the HQ Site: TRANS, SOC, and FIN. Each VRF contains only IPv4 EID-prefixes.

    • Each remote site LISP xTR has a single RLOC connection to a shared IPv4 core network.

Before you begin

The configuration below assumes that the referenced VRFs were created using the vrf definition command and that the Configure a Large-Scale LISP Shared Model Virtualization task has been performed at one or more central (headquarters) sites.

SUMMARY STEPS

  1. configure terminal
  2. router lisp
  3. eid-table vrfvrf-name instance-id instance-id
  4. database-mapping EID-prefix/prefix-length locator priority priority weight weight
  5. ipv4 etr map-server map-server-address key key-type authentication-key
  6. Repeat Step 13 to configure another locator address for the same LISP map server
  7. exit
  8. ipv4 itr map-resolver map-resolver-address
  9. Repeat Step 16 to configure another locator address for the LISP map resolver
  10. ipv4 itr
  11. ipv4 etr
  12. exit
  13. ip route ipv4-prefix next-hop
  14. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 2

router lisp

Example:

Router(config)# router lisp

Enters LISP configuration mode (IOS XE software only).

Step 3

eid-table vrfvrf-name instance-id instance-id

Example:

Router(config-router-lisp)# eid-table vrf TRANS instance-id 1

Configures an association between a VRF table and a LISP instance ID, and enters eid-table configuration submode.

  • In this example, the VRF table TRANS and instance-id 1 are associated together.

Step 4

database-mapping EID-prefix/prefix-length locator priority priority weight weight

Example:

Router(config-router-lisp-eid-table)# database-mapping 10.1.2.0/24 172.16.2.2 priority 1 weight 100

Configures an EID-to-RLOC mapping relationship and its associated traffic policy for this LISP site.

  • In this example, the EID prefix 10.1.2.0/24 within instance-id 1 at this site is associated with the local IPv4 RLOC 172.16.2.2.

Note

 

Repeat this step until all EID-to-RLOC mappings within this eid-table vrf and instance ID for the LISP site are configured.

Step 5

ipv4 etr map-server map-server-address key key-type authentication-key

Example:

Router(config-router-lisp-eid-table)# ipv4 etr map-server 172.16.1.2 key 0 TRANS-key

Configures a locator address for the LISP map server and an authentication key for which this router, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system.

  • In this example, the map server and authentication-key are specified here, within the eid-table subcommand mode, so that the authentication key is associated only with this instance ID, within this VPN.

Note

 

The map server must be configured with EID prefixes and instance-ids matching the one(s) configured on this ETR, as well as an identical authentication key.

Note

 

The locator address of the map server may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map server is reachable using its IPv4 locator addresses. (See the LISP Command Reference Guide for more details.)

Step 6

Repeat Step 13 to configure another locator address for the same LISP map server

Example:

Router(config-router-lisp-eid-table)# ipv4 etr map-server 172.16.1.6 key 0 TRANS-key

Configures a locator address for the LISP map server and an authentication key for which this router, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system.

  • In this example, a redundant map server is configured. (Because the MS is co-located with the xTRs in this case, this command indicates that this xTR is pointing to itself for registration (and its neighbor xTR/MS/MR at the same site).

Step 7

exit

Example:

Router(config-router-lisp-eid-table)# exit

Exits eid-table configuration submode and returns to LISP configuration mode.

Step 8

ipv4 itr map-resolver map-resolver-address

Example:

Router(config-router-lisp)# ipv4 itr map-resolver 172.16.1.2

Configures a locator address for the LISP map resolver to which this router will send map request messages for IPv4 EID-to-RLOC mapping resolutions.

  • In this example, the map resolver is specified within router lisp configuration mode and inherited into all eid-table instances since nothing is related to any single instance ID. In addition, redundant map resolvers are configured. (Because the MR is co-located with the xTRs in this case, this command indicates that this xTR is pointing to itself for mapping resolution (and its neighbor xTR/MS/MR at the same site).

  • The locator address of the map resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map resolver is reachable using its IPv4 locator address. (See the LISP Command Reference Guide for more details.)

Note

 

Up to two map resolvers may be configured if multiple map resolvers are available. (See the LISP Command Reference Guide for more details.)

Step 9

Repeat Step 16 to configure another locator address for the LISP map resolver

Example:

Router(config-router-lisp)# ipv4 itr map-resolver 172.16.1.6

Configures a locator address for the LISP map resolver to which this router will send map request messages for IPv4 EID-to-RLOC mapping resolutions.

  • In this example, a redundant map resolver is configured. (Because the MR is co-located with the xTRs in this case, this command indicates that this xTR is pointing to itself for mapping resolution (and its neighbor xTR/MS/MR at the same site).

  • The locator address of the map resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map resolver is reachable using its IPv4 locator address. (See the LISP Command Reference Guide for more details.)

Note

 

Up to two map resolvers may be configured if multiple map resolvers are available. (See the LISP Command Reference Guide for more details.)

Step 10

ipv4 itr

Example:

Router(config-router-lisp)# ipv4 itr

Enables LISP ITR functionality for the IPv4 address family.

Step 11

ipv4 etr

Example:

Router(config-router-lisp)# ipv4 etr

Enables LISP ETR functionality for the IPv4 address family.

Step 12

exit

Example:

Router(config-router-lisp)# exit

Exits LISP configuration mode and returns to global configuration mode.

Step 13

ip route ipv4-prefix next-hop

Example:

Router(config)# ip route 0.0.0.0 0.0.0.0 172.16.2.1

Configures a default route to the upstream next hop for all IPv4 destinations.

  • All IPv4 EID-sourced packets destined to both LISP and non-LISP sites are forwarded in one of two ways:
    • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
    • natively forwarded when traffic is LISP-to-non-LISP
  • Packets are deemed to be a candidate for LISP encapsulation when they are sourced from a LISP EID and the destination matches one of the following entries:
    • a current map-cache entry
    • a default route with a legitimate next-hop
    • no route at all
In this configuration example, because the xTR has IPv4 RLOC connectivity, a default route to the upstream SP is used for all IPv4 packets to support LISP processing.

Step 14

exit

Example:

Router(config)# exit

Exits global configuration mode.

Example:

The example below show the complete configuration for the remote site device illustrated in the figure above and in this task. Note that only one remote site configuration is shown here.

Example configuration for Site 2 with an xTR, and using the map server and a map resolver from the HQ site: 


hostname Site2-xTR
!
vrf definition TRANS
address-family ipv4
 exit
!
vrf definition SOC
address-family ipv4
 exit
!
vrf definition FIN
address-family ipv4
 exit
!
interface Loopback0
 description Management Loopback (in default space)
 ip address 172.31.1.2 255.255.255.255
!
interface GigabitEthernet0/0/0
 description WAN Link to IPv4 Core
 ip address 172.16.2.2 255.255.255.252
 negotiation auto
!
interface GigabitEthernet0/0/1
 vrf forwarding TRANS
 ip address 10.1.2.1 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/0/2
 vrf forwarding SOC
 ip address 10.2.2.1 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/0/3
 vrf forwarding FIN
 ip address 10.3.2.1 255.255.255.0
 negotiation auto
!
router lisp
 eid-table default instance-id 0
  database-mapping 172.31.1.2/32 172.16.2.2 priority 1 weight 100 
  ipv4 etr map-server 172.16.1.2 key DEFAULT-key
  ipv4 etr map-server 172.16.1.6 key DEFAULT-key
  exit
 !
 eid-table vrf TRANS instance-id 1
  database-mapping 10.1.2.0/24 172.16.2.2 priority 1 weight 100
  ipv4 etr map-server 172.16.1.2 key TRANS-key
  ipv4 etr map-server 172.16.1.6 key TRANS-key
  exit
 !
 eid-table vrf SOC instance-id 2
  database-mapping 10.2.2.0/24 172.16.2.2 priority 1 weight 100
  ipv4 etr map-server 172.16.1.2 key SOC-key
  ipv4 etr map-server 172.16.1.6 key SOC-key
  exit
 !
 eid-table vrf FIN instance-id 3
  database-mapping 10.3.2.0/24 172.16.2.2 priority 1 weight 100
  ipv4 etr map-server 172.16.1.2 key FIN-key
  ipv4 etr map-server 172.16.1.6 key FIN-key
  exit
 !
 ipv4 itr map-resolver 172.16.1.2
 ipv4 itr map-resolver 172.16.1.6
 ipv4 itr
 ipv4 etr
 exit
!
ip route 0.0.0.0 0.0.0.0 172.16.2.1

Verifying and Troubleshooting LISP Virtualization

After configuring LISP, verifying and troubleshooting LISP configuration and operations may be performed by following the optional steps described below. Note that certain verification and troubleshooting steps may only apply to certain types of LISP devices.

In this task, the topology is shown in the figure below and the configuration is from the “Configure Simple LISP Shared Model Virtualization” task, but the commands are applicable to both LISP shared and parallel model virtualization.

Figure 11. Simple LISP Site with Virtualized IPv4 and IPv6 EIDs and a Shared IPv4 Core

Note

The following examples do not show every available command and every available output display. Refer to the Cisco IOS LISP Command Reference for detailed explanations of each command.

SUMMARY STEPS

  1. enable
  2. show running-config | section router lisp
  3. show [ip | ipv6] lisp
  4. show [ip | ipv6] lisp map-cache
  5. show [ip | ipv6] lisp database [eid-table vrf vrf-name]
  6. show lisp site [name site-name]
  7. lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}
  8. ping {hostname | destination-EID}
  9. clear [ip | ipv6] lisp map-cache

DETAILED STEPS

Step 1

enable

Enables privileged EXEC mode. Enter your password if prompted.

Example:


Router> enable

Step 2

show running-config | section router lisp

The show running-config | section router lisp command is useful for quickly verifying the LISP configuration on the device. This command applies to any Cisco IOS XE LISP device. The following is sample output from the show running-config | section router lisp command when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and a shared IPv4 core:

Example:


Router# show running-config | section router lisp

router lisp
 eid-table vrf PURPLE instance-id 101
  database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
  database-mapping 2001:DB8:A:A::/64 10.0.0.2 priority 1 weight 1 
 eid-table vrf GOLD instance-id 102
  database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1
  database-mapping 2001:DB8:B:A::/64 10.0.0.2 priority 1 weight 1 
 exit
 !
 ipv4 itr map-resolver 10.0.2.2
 ipv4 itr
 ipv4 etr map-server 10.0.2.2 key Left-key
 ipv4 etr
 ipv6 itr map-resolver 10.0.2.2
 ipv6 itr
 ipv6 etr map-server 10.0.2.2 key Left-key
 ipv6 etr
 exit

Step 3

show [ip | ipv6] lisp

The show ip lisp and show ipv6 lisp commands are useful for quickly verifying the operational status of LISP as configured on the device, as applicable to the IPv4 and IPv6 address families respectively. This command applies to any IOS XE LISP device.

Example:

The first example shows a summary of LISP operational status and IPv6 address family information by EID table: 


Router# show ipv6 lisp eid-table summary

Instance count: 2
Key: DB - Local EID Database entry count (@ - RLOC check pending
                                          * - RLOC consistency problem),
     DB no route - Local EID DB entries with no matching RIB route,
     Cache - Remote EID mapping cache size, IID - Instance ID,
     Role - Configured Role

                      Interface    DB  DB no  Cache Incom Cache 
EID VRF name             (.IID)  size  route   size plete  Idle Role
PURPLE                LISP0.101     1      0      1  0.0%  0.0% ITR-ETR
GOLD                  LISP0.102     1      0      1  0.0%  0.0% ITR-ETR

Example:

The second example shows LISP operational status and IPv6 address family information for the VRF named PURPLE: 


Router# show ipv6 lisp eid-table vrf PURPLE

  Instance ID:                      101
  Router-lisp ID:                   0
  Locator table:                    default
  EID table:                        PURPLE
  Ingress Tunnel Router (ITR):      enabled
  Egress Tunnel Router (ETR):       enabled
  Proxy-ITR Router (PITR):          disabled
  Proxy-ETR Router (PETR):          disabled
  Map Server (MS):                  disabled
  Map Resolver (MR):                disabled
  Map-Request source:               2001:DB8:A:A::1
  ITR Map-Resolver(s):              10.0.2.2
  ETR Map-Server(s):                10.0.2.2 (00:00:24)
  ITR use proxy ETR RLOC(s):        none

Example:

The third example shows LISP operational status and IPv6 address family information for the instance ID of 101: 


Router# show ipv6 lisp instance-id 101

  Instance ID:                      101
  Ingress Tunnel Router (ITR):      enabled
  Egress Tunnel Router (ETR):       enabled
  Proxy-ITR Router (PITR):          disabled
  Proxy-ETR Router (PETR):          disabled
  Map Server (MS):                  disabled
  Map Resolver (MR):                disabled
  Map-Request source:               2001:DB8:A:A::1
  ITR Map-Resolver(s):              10.0.2.2
  ETR Map-Server(s):                10.0.2.2 (00:00:11)
  ITR Solicit Map Request (SMR):    accept and process
    Max SMRs per map-cache entry:   8 more specifics
    Multiple SMR suppression time:  60 secs
  ETR accept mapping data:          disabled, verify disabled
  ETR map-cache TTL:                1d00h

Step 4

show [ip | ipv6] lisp map-cache

The show ip lisp map-cache and show ipv6 lisp map-cache commands are useful for quickly verifying the operational status of the map cache on a device configured as an ITR or PITR, as applicable to the IPv4 and IPv6 address families respectively.

Example:

The following example shows IPv6 mapping cache information based on a configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and a shared IPv4 core. This example output assumes that a map-cache entry has been received for another site with the IPv6 EID prefix 2001:db8:b:b::/64. 


Router# show ip lisp map-cache eid-table vrf GOLD 

LISP IPv6 Mapping Cache for EID-table vrf GOLD (IID 102), 2 entries

::/0, uptime: 01:09:52, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
2001:DB8:B:B::/64, uptime: 00:00:10, expires: 23:59:42, via map-reply, complete
  Locator   Uptime    State      Pri/Wgt
  10.0.1.2  00:00:10  up           1/1

Step 5

show [ip | ipv6] lisp database [eid-table vrf vrf-name]

The show ip lisp database and show ipv6 lisp database commands are useful for quickly verifying the operational status of the database mapping on a device configured as an ETR, as applicable to the IPv4 and IPv6 address families respectively.

Example:

The following example shows IPv6 mapping database information for the VRF named GOLD. 


Router# show ipv6 lisp database eid-table vrf GOLD

LISP ETR IPv6 Mapping Database for EID-table vrf GOLD (IID 102), LSBs: 0x1, 1 entries

EID-prefix: 2001:DB8:B:A::/64
  10.0.0.2, priority: 1, weight: 1, state: site-self, reachable

Step 6

show lisp site [name site-name]

The show lisp site command is useful for quickly verifying the operational status of LISP sites, as configured on a map server. This command only applies to a device configured as a map server. The following example output is based on a configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and shows the information for the instance ID of 101.

Example:


Router# show lisp site instance-id 101

LISP Site Registration Information

Site Name      Last      Up   Who Last             Inst     EID Prefix
               Register       Registered           ID       
Left           00:00:36  yes  10.0.0.2             101      192.168.1.0/24
               00:00:43  yes  10.0.0.2             101      2001:DB8:A:A::/64
Right          00:00:31  yes  10.0.1.2             101      192.168.2.0/24
               00:00:02  yes  10.0.1.2             101      2001:DB8:A:B::/64

Example:

This second example shows LISP site information for the IPv6 EID prefix of 2001:db8:a:a:/64 and instance ID of 101. 


Router# show lisp site 2001:db8:a:a:/64 instance-id 101

LISP Site Registration Information

Site name: Left
Allowed configured locators: any
Requested EID-prefix:
  EID-prefix: 2001:DB8:A:A::/64 instance-id 101 
    First registered:     02:41:55
    Routing table tag:    0
    Origin:               Configuration
    Registration errors:  
      Authentication failures:   4
      Allowed locators mismatch: 0
    ETR 10.0.0.2, last registered 00:00:22, no proxy-reply, no map-notify
                  TTL 1d00h
      Locator   Local  State      Pri/Wgt
      10.0.0.2  yes    up           1/1

Step 7

lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}

The LISP Internet Groper (lig) command is useful for testing the LISP control plane. The lig command can be used to query for the indicated destination hostname or EID, or the routers local EID-prefix. This command provides a simple means of testing whether a destination EID exists in the LISP mapping database system, or your site is registered with the mapping database system. This command is applicable for both the IPv4 and IPv6 address families and applies to any IOS XE LISP device that maintains a map cache (for example, if configured as an ITR or PITR). The following example output is based on a configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and shows the information for the instance ID of 101 and the IPv4 EID prefix of 192.168.2.1.

Example:


Router# lig instance-id 101 192.168.2.1

Mapping information for EID 192.168.2.1 from 10.0.1.2 with RTT 12 msecs
192.168.2.0/24, uptime: 00:00:00, expires: 23:59:52, via map-reply, complete
  Locator   Uptime    State      Pri/Wgt
  10.0.1.2  00:00:00  up           1/1

Example:

This second example output shows information about the VRF named PURPLE: 


Router# lig eid-table vrf PURPLE self

Mapping information for EID 192.168.1.0 from 10.0.0.1 with RTT 20 msecs
192.168.1.0/24, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
  Locator   Uptime    State      Pri/Wgt
  10.0.0.1  00:00:00  up, self     1/1

Step 8

ping {hostname | destination-EID}

The ping command is useful for testing basic network connectivity and reachability and/or liveness of a destination EID or RLOC address. When using ping it is important to be aware that because LISP uses an encapsulation, you should always specify a source address; never allow the ping application to assign its own default source address. This is because there are four possible ways to use ping , and without explicitly indicating the source address, the wrong one may be used by the application leading to erroneous results that complicate operational verification or troubleshooting. The four possible uses of ping include:

  • RLOC-to-RLOC—Sends “echo�? packets out natively (no LISP encap) and receive the “echo-reply�? back natively. This can be used to test the underlying network connectivity between locators of various devices, such as xTR to Map-Server or Map-Resolver.

  • EID-to-EID—Sends “echo�? packets out LISP-encaped and receive the “echo-reply�? back LISP-encaped. This can be used to test the LISP data plane (encapsulation) between LISP sites.

  • EID-to-RLOC—Sends “echo�? packets out natively (no LISP encap) and receive the "echo-reply" back LISP-encaped through a PITR mechanism. This can be used to test the PITR infrastructure.

  • RLOC-to-EID - Sends “echo�? packets out LISP-encaped and receive the “echo-reply�? back natively. This can be used to test PETR capabilities.

The ping command is applicable to the IPv4 and IPv6 address families respectively, and can be used on any IOS XE LISP device in some manner. (The ability to do LISP encapsulation, for example, requires the device to be configured as an ITR or PITR.)

The following example output from the ping command is based on a configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes. (Note that ping is not a LISP command and does not know about an EID table or an instance ID. When virtualization is included, output limiters can only be specified by VRF.)

Example:


Router# ping vrf PURPLE 2001:DB8:a:b::1 source 2001:DB8:a:a::1 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 2001:DB8:A:B::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:A::1%PURPLE
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 0/0/1 ms

Example:


Router# ping vrf GOLD

Protocol [ip]: ipv6
Target IPv6 address: 2001:db8:b:b::1
Repeat count [5]: 
Datagram size [100]: 
Timeout in seconds [2]: 
Extended commands? [no]: y
Source address or interface: 2001:db8:b:a::1
.
.
.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:B:B::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:B:A::1%GOLD
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

Step 9

clear [ip | ipv6] lisp map-cache

The clear ip lisp map-cache and clear ipv6 lisp map-cache commands remove all IPv4 or IPv6 dynamic LISP map-cache entries stored by the router. This can be useful trying to quickly verify the operational status of the LISP control plane. This command applies to a LISP device that maintains a map cache (for example, if configured as an ITR or PITR).

Example:

The following example displays IPv4 mapping cache information for instance ID 101, shows the command used to clear the mapping cache for instance ID 101, and displays the show information after clearing the cache. 


Router# show ip lisp map-cache instance-id 101

LISP IPv4 Mapping Cache for EID-table vrf PURPLE (IID 101), 2 entries

0.0.0.0/0, uptime: 00:25:17, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
192.168.2.0/24, uptime: 00:20:13, expires: 23:39:39, via map-reply, complete
  Locator   Uptime    State      Pri/Wgt
  10.0.1.2  00:20:13  up           1/1

Router# clear ip lisp map-cache instance-id 101

Router# show ip lisp map-cache instance-id 101

LISP IPv4 Mapping Cache, 1 entries

0.0.0.0/0, uptime: 00:00:02, expires: never, via static send map-request
  Negative cache entry, action: send-map-request

Configuration Examples for LISP Shared Model Virtualization

Complete configuration examples are available within each task under the “How to Configure LISP Shared Model Virtualization” section.

Additional References

Related Documents

Document Title

Location

Cisco IOS IP Routing: LISP Command Reference

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_lisp/command/ip-lisp-cr-book.html

Enterprise IPv6 Transitions Strategy Using the Locator/ID Separation Protocol

Cisco LISP Software Image Download Page

Cisco IOS LISP0 Virtual Interface, Application Note, Version 1.0

Cisco LISP Software Image Download Page

Cross-Platform Release Notes for Cisco IOS Release 15.2M&T

http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/15_2m_and_t.html

Standards

Standard

Title

IANA Address Family Numbers

http://www.iana.org/assignments/address-family-numbers/address-family-numbers.xml

MIBs

MIB

MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFC

Title

draft-ietf-lisp-22

Locator/ID Separation Protocol (LISP) http://tools.ietf.org/html/draft-ietf-lisp-22

draft-ietf-lisp-ms-16

LISP Map Server http://tools.ietf.org/html/draft-ietf-lisp-ms-16

draft-ietf-lisp-alt-10

LISP Alternative Topology (LISP+ALT) http://tools.ietf.org/html/draft-ietf-lisp-alt-10

draft-ietf-lisp-LCAF-06

LISP Canonical Address Format (LCAF) http://tools.ietf.org/wg/lisp/

draft-ietf-lisp-interworking-06

Interworking LISP with IPv4 and IPv6 http://tools.ietf.org/html/draft-ietf-lisp-interworking-06

draft-ietf-lisp-lig-06

LISP Internet Groper (LIG) http://tools.ietf.org/html/draft-ietf-lisp-lig-06

draft-ietf-lisp-mib-03

LISP MIB http://tools.ietf.org/wg/lisp/draft-ietf-lisp-mib/

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for LISP Shared Model Virtualization

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for LISP Shared Model Virtualization

Feature Name

Releases

Feature Information

LISP Shared Model Virtualization

15.2(2)T

15.1(1)SY1

LISP Shared Model Virtualization feature uses Endpoint Identifier (EID) spaces that are created by binding VRFs associated with an EID space to Instance IDs. A common, “shared” locator space is used by all virtualized EIDs.