Locator/ID Separation Protocol (LISP) Virtual Machine (VM) mobility enables IP end points to change locations while keeping their assigned IP addresses. Because LISP separates the location information (RLOCs) from the identity information (EID), devices can change locations dynamically. RLOCs remain associated with the topology and are reachable by traditional routing. EIDs can change locations dynamically and are reachable through different RLOCs, depending on where an EID attaches to the network.
The LISP Tunnel Router (xTR) dynamically detects VM moves based on data plane events. LISP VM Mobility compares the source IP address of the host traffic received at the LISP router against a range of prefixes that are allowed to roam. The IP prefixes of roaming devices within the range of allowed prefixes are referred to as the dynamic EIDs. When a new xTR detects a move, it updates the mappings between EIDs and RLOCs. Traffic is redirected to the new locations without causing any disruption to the underlying routing. When deployed at the first-hop router, LISP VM Mobility provides adaptable and comprehensive first-hop router functionality to service the IP gateway needs of the roaming devices that relocate.
LISP VM Mobility allows any IP addressable device to move and keep the same IP address in the following two scenarios:
VM Mobility with LAN extensions
The device moves to a new location on a subnet that has been extended with Overlay Transport Virtualization (OTV) or another LAN extension mechanism.
A device that moves to another subnet or extended subnet is a roaming device. The IP address of this roaming device is within the dynamic-EID prefix. A LISP xTR configured with LISP VM mobility and dynamic EIDs is a LISP-VM router. The LISP-VM router dynamically determines when a dynamic EID moves on or off one of the directly connected subnets on the LISP-VM router. The IP addresses of the LISP-VM router are the locators (RLOCs) used to encapsulate traffic to and from the dynamic EID. When a dynamic EID roams, the new LISP-VM router needs to detect the newly moved-in VM and process the following updates:
Update the Map Server (MS) with the new locators for the EID.
Update the Ingress Tunnel Routers (ITRs) or Proxy ITRs (PITRs) that have cached the EID.
To detect VM moves, LISP-VM router compares the source address in a received packet with the range of prefixes configured as dynamic EIDs for the interface that the data packet is received on. Once the LISP-VM router detects a move and registers the dynamic EID to the MS, the new LISP-VM router also needs to update the map caches on the other LISP domain ITRs and PITRs.
VM-Mobility with LAN Extensions
LISP VM Mobility supports virtual machine (VM) movement in a network that uses LAN extension mechanisms such as OTV. The LISP-VM router detects the mobile EIDs (VMs) dynamically and updates the LISP mapping system with the new EID-RLOC mapping. LISP can coexist with LAN extensions such as OTV to provide dynamic move detection and updates that are transparent to the host and provide a direct data path to the new location of the mobile VM. The VM move requires no routing reconvergence or DNS updates.
The LISP-VM router detects new VM move events if it receives a data packet from a source that matches the dynamic EID configured for that interface. Once the LISP-VM router detects a dynamic EID, the LISP-VM router triggers an update to the map server with the database mapping details from the dynamic-EID map configuration.
The LISP-VM router continues to register the dynamic EID as long as the source continues to be active. The dynamic-EID registration times out based on server inactivity.
In a network without LAN extension mechanisms, the LISP VM router can detect the dynamic-EIDs (VMs) across subnets with automated move detection and map-cache updates that provide a direct data path to the new location of the mobile VM. Off-subnet connections (connections between the moved VM and other devices that are not on the local subnets) are maintained across the move and require no routing re-convergence or DNS updates.
The LISP-VM router detects a VM move if it receives any data packet that is not from one of its configured subnets and that is within the range of prefixes configured as dynamic EIDs for the receiving interface. The LISP-VM router registers the new dynamic-EID-RLOC mapping to the configured map servers associated with the dynamic EID.
The following table shows the LISP licensing requirements:
This feature requires the Transport Services license. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
LISP Guidelines and Limitations
LISP has the following configuration guidelines and limitations:
LISP requires the Cisco Nexus 7000 Series 32-Port, 10 Gigabit Ethernet (M1) module (N7K-M132XP-12 or N7K-M132XP-12L), with Electronic Programmable Logic Device (EPLD) version 186.008 or later.
Use an Overlay Transport Virtualization (OTV) or another LAN extension mechanism to filter the HSRP hello messages across the data centers to create an active-active HSRP setup and provide egress path optimization for the data center hosts.
Make sure that the HSRP group and the HSRP Virtual IP address in all data centers in the extended LAN are the same. Keeping the HSRP group number consistent across locations guarantees that the same MAC address is always used for the virtual first-hop gateway.
LISP VM mobility across subnets requires that the same MAC address is configured across all HSRP groups that allow dynamic EIDs to roam. You must enable the Proxy Address Resolution Protocol (ARP) for the interfaces that have VM mobility enabled across subnets.
LISP is not supported for F2 Series modules.
Default Settings for LISP
This table lists the default settings for LISP parameters.
You can enable and configure the dynamic-EID roaming functionality for a given EID prefix on a Cisco Nexus 7000 Series device. By default, LISP considers that the mobility event is across the subnet, unless it is configured with the lisp extended-subnet-mode command.
Before You Begin
You must enable the LISP feature.
Ensure that you are in the correct virtual device context (VDC).
Configure a dynamic-EID map to associate with this VLAN interface.
Ensure that you have enabled the VLAN interfaces feature.
Configures a dynamic-EID range, the RLOC mapping relationship, and associated traffic policy for all IPv4 dynamic-EID-prefixes for this LISP site. Because this is configured under the dynamic-eid-map configuration mode, the LISP ETR registers a /32 host prefix to the mapping system when a dynamic-EID is detected in the configured range.
If you assign multiple dynamic-EID-prefix blocks to the site, database mapping is configured for each dynamic-EID prefix block and for each locator by which the EID-prefix block is reachable. Also, the subnet associated to the dynamic-eid prefixes must be more specific than the one used in the global database-mapping configuration and the one used for the switch virtual interfaces (SVIs) where the LISP map is applied.
If the site has multiple locators associated with the same EID-prefix block, use the ip lisp database-mapping command to configure all of the locators for a given EID-prefix block. If a site is multihomed, you must consistently configure all ETRs that belong to the same LISP or data center site by using the ip lisp database-mapping command.
Configures a discovering LISP-VM router to send a Map-Notify message to other LISP-VM routers within the same data center site so that they can also determine the location of the dynamic EID.
In LISP extended subnet mode, a dynamic-EID detection by one xTR needs to be notified to all of the xTRs that belong to the same LISP site. In this case, use the map-notify-group command under the dynamic-EID-map with a multicast group IP address. This address is used to send a map-notify message by the xTR to all other xTRs when a dynamic-EID is detected. The Time To Live (TTL) value for this notification message is set to 1. This multicast group IP address can be any user-defined address other than an address that is already in use in your network. The multicast message is delivered by leveraging the LAN extension connection established between separate data centers.
(Optional) Configures the IP address of the LISP
MS to which this router registers
dynamic-EID-RLOC mappings. When deploying a redundant MS
pair, you can specify both IP addresses.
Use this optional configuration step when you want to register Dynamic-EID-RLOC mapping to a specific MS other than one configured in the global LISP configuration. If you do not configure the MS, LISP uses the MS that is configured in the global configuration.
Exits the configuration mode.
switch(config)# interface Ethernet 2/0
Enters the interface configuration mode.
The interface-name value
is the name of the interface in which the dynamic EIDs
are expected to roam in or out. Switch virtual interfaces (SVIs) are specifically used in this scenario.
switch(config-if)# lisp mobility Roamer-1
Configures the interface that you configured earlier in Step 7 to detect a dynamic EID when a roam event occurs.
The dynamic-eid-map-name can be any case-sensitive, alphanumeric string up to 64 characters.
The interface-name value is the dynamic EID map name that you configured in Step 2.
switch(config-if)# lisp extended-subnet-mode
Configures the interface that you configured in Step 7 to accept and detect dynamic-EID roaming on extended subnets.
Exits the interface configuration mode.
show lisp dynamic-eid [summary]
switch # show lisp dynamic-eid summary
(Optional) Displays the summary of the LISP dynamic EIDs that are detected.
EID-to-RLOC mapping relationship and associated traffic policy for all IPv4 or
IPv6 EID prefix(es) for this LISP site. When deploying LISP for VM Mobility,
the prefix specified here is added only to one specific datacenter location
where the EIDs are deployed initially before they are moved to remote sites.
dynamic-EID range, the RLOC mapping relationship, and associated traffic policy
for all IPv4 dynamic-EID prefixes for this LISP site. Because this is
configured under the dynamic-eid-map configuration mode, the LISP ETR registers
a /32 host prefix to the mapping system when a dynamic-EID is detected in the
assign multiple dynamic-EID-prefix blocks to the site, database mapping is
configured for each dynamic-EID-prefix block and for each locator by which the
EID-prefix block is reachable.
If the site has
multiple locators associated with the same EID-prefix block, use the
database-mapping command to configure all of the
locators for a given EID-prefix block. If a site is multihomed, you must
consistently configure all ETRs that belong to the same LISP or data center
site by using the
database-mapping command. Only the RLOCs of the
xTRs that belong to the same data center site must be specified, which you
specified by using the
command. Do not specify the RLOCs for all the xTRs
that belong to the same LISP site.
discovering LISP-VM router to send a Map-Notify message to other LISP-VM
routers within the same data center site so that they can also determine the
location of the dynamic EID.
If the LISP
dynamic-EID site is multihomed, a dynamic-EID detection by one ETR needs to
notify the second ETR in the same site so that the traffic is handled or load
balanced by both xTRs. In this case, use the
map-notify-group command to configure the
dynamic-EID-map with a multicast group IP address. This address is used to send
a map-notify message from the ETR to all other ETRs that belong to the same
LISP or data center site when a dynamic EID is detected. The Time To Live (TTL)
value for this notification message is set to 1. This multicast group IP
address can be any user-defined address other than an address that is already
in use in your network.
Configures HSRP for this VLAN interface and enters interface HSRP configuration mode. When using LISP-VM Mobility with LAN extensions, we recommend that the same HSRP IDs be used consistently across all sites where the VLANs are extended to guarantee that the same MAC address is used for the HSRP gateway in all sites. If different HSRP IDs are used, then you must manually set the mac-address as described in the following step.
Configures the HSRP virtual MAC address. This address must be identical across all subnets. This command is required when using LISP-VM mobility across subnets, but might not be required when using LISP VM-mobility in conjunction with LAN extensions and if the HSRP ID is kept constant across the different sites.
switch(config-if-hsrp)# ip 10.3.3.1
Configures the HSRP virtual IP address. You must use this command for extended VLANs, and the address must be identical in all sites in the extended VLAN.
show lisp dynamic-eid[summary]
switch(config-if-hsrp)# show lisp dynamic-eid summary