The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
This chapter includes the following sections:
Information about LISP Instance-ID Support
The LISP Instance ID provides a means of maintaining unique address spaces (or "address space segmentation") in the control and data plane. Instance IDs are numerical tags defined in the LISP canonical address format (LCAF). The Instance ID has been added to LISP to support virtualization.
When multiple organizations inside of a LISP site are using private addresses as Endpoint ID (EID) prefixes, their address spaces must remain segregated due to possible address duplication. An Instance ID in the address encoding can be used to create multiple segmented VPNs inside of a LISP site where you want to keep using EID-prefix-based subnets. The LISP Instance ID is currently supported in LISP ingress tunnel routers and egress tunnel routers (ITRs and ETRs, collectively known as xTRs), map server (MS) and map resolver (MR).
This chapter explains how to configure LISP xTRs with LISP MS and MR to implement virtualization. The content considers different site topologies and includes guidance to both shared and parallel LISP model configurations. It includes conceptual background and practical guidance, and provides multiple configuration examples.
The purpose of network virtualization, as illustrated the following figure, is to create multiple, logically separated topologies across one common physical infrastructure.
When you plan the deployment of a LISP virtualized network environment, you must plan for virtualization at both the device level and the path level.
For path level virtualization: LISP binds virtual routing and forwarding (VRFs) to instance IDs (IIDs). These IIDs are included in the LISP header to provide data plane (traffic flow) separation.
For device level virtualization: Both the EID and the RLOC namespaces can be virtualized. The EID can be virtualized by binding a LISP instance ID to an EID VRF; the RLOC by tying locator addresses and associated mapping services to the specific VRF within which they are reachable.
The LISP Instance-ID Support feature has the following configuration guidelines and restrictions:
Virtualization at the device level uses virtual routing and forwarding (VRF) to create multiple instances of Layer 3 routing tables, as shown in the figure below. VRFs provide segmentation across IP addresses, allowing for overlapped address space and traffic separation. Separate routing, quality of service (QoS), security, and management policies can be applied to each VRF instance. An interior gateway protocol (IGP) or exterior gateway protocol (EGP) routing process is typically enabled within a VRF, just as it would be in the global (default) routing table. LISP binds VRFs to instance IDs for similar purposes.
VRF table separation is maintained across network paths, as shown in the following figure. Single-hop path segmentation (hop by hop) is typically accomplished by using 802.1q VLANs, virtual path identifier/virtual circuit identifier password (VPI/VCI PW), or easy virtual network (EVN). You can also use the Locator ID Separation Protocol (LISP) in multihop mechanisms that include Multiprotocol Label Switching (MPLS) and generic routing encapsulation (GRE) tunnels. LISP binds VRF instances to instance IDs (IIDs), and then these IIDs are included in the LISP header to provide data plane (traffic flow) separation for single or multihop needs.
LISP implements Locator ID separation and thereby creates two namespaces; endpoint ID (EID) and routing locator (RLOC). Either or both of these can be virtualized.
EID virtualization—Enabled by binding a LISP instance ID to an EID virtual routing and forwarding (VRF). Instance IDs are numerical tags defined in the LISP canonical address format (LCAF) draft, and are used to maintain address space segmentation in both the control plane and data plane.
Routing locator (RLOC) virtualization—Tying locator addresses and associated mapping services to the specific VRF within which they are reachable enables RLOC virtualization.
Because LISP can virtualize either or both of these namespaces, two models of operation are defined: the shared model and the parallel model. To understand how these models differ from the non-virtualized model of LISP, review information about the default (non-virtualized) model of LISP before reading about the shared model and the parallel model.
By default, LISP is not virtualized in the EID space or the RLOC space. That is, unless otherwise configured, both EID and RLOC addresses are resolved in the default (global) routing table. See the following figure.
The mapping system must also be reachable through the default table. This default model can be thought of as a single instantiation of the parallel model of LISP virtualization where EID and RLOC addresses are within the same namespace.
A LISP shared model virtualized EID space is created when you bind VRFs associated with an EID space to Instance IDs. A common, shared locator space is used by all virtualized EIDs.
As shown in the figure, EID space is virtualized through its association with VRFs, and these VRFs are tied to LISP Instance IDs to segment the control plane and data plane in LISP. A common, shared locator space, the default (global) table, is used to resolve RLOC addresses for all virtualized EIDs. The mapping system must also be reachable through the common locator space.
You can deploy the LISP shared model virtualization in single or multitenancy configurations. In the shared model single tenancy case, ingress and egress tunnel routers (xTRs) are dedicated to a customer but share infrastructure with other customers. Each customer and all sites associated with an xTR use the same instance ID and are part of a VPN using their own EID namespace. LISP instance IDs segment the LISP data plane and control plane. See the following figure.
In the shared model multitenancy case, a set of xTRs is shared (virtualized) among multiple customers. These customers also share a common infrastructure with other single and multitenant customers. Each customer and all sites associated with it use the same instance ID and are part of a VPN using their own EID namespace. LISP instance IDs segment the LISP data plane and control plane. See the following figure.
When you use the LISP Shared Model, instance IDs must be unique to an EID VRF.
xTR-1# configure terminal xTR-1(config)# vrf context alpha xTR-1(config-vrf)# lisp instance-id 101 xTR-1(config-vrf)# exit xTR-1(config)# vrf context beta xTR-1(config-vrf)# lisp instance-id 101 Instance-ID 101 is already assigned to VRF context alpha
In the example, two EID VRFs are created: alpha and beta. In global configuration mode, a VRF named alpha is specified and associated with the instance ID 101. Next, a VRF named beta is specified and also associated with the instance ID 101. This configuration is not permissible because instance ID 101 is already associated with the VRF context named alpha. That is, you cannot connect the same instance ID to more than one EID VRF.
The LISP parallel model virtualization ties the virtualized EID space associated with VRFs to RLOCs that are associated with the same or different VRFs (see the following figure).
EID space is virtualized through its association with VRFs, and these VRFs are tied to LISP Instance IDs to segment the control plane and data plane in LISP. A common, “shared” locator space, the default (global) table is used to resolve RLOC addresses for all virtualized EIDs. The mapping system must also be reachable through the common locator space as well.
In the figure, virtualized EID space is associated with a VRF (and bound to an Instance ID) that is tied to locator space associated with the same VRF, in this case - Pink/Pink and Blue/Blue. However, this is not required; the EID VRF does not need to match the RLOC VRF. In any case, a mapping system must be reachable through the associated locator space. Multiple parallel instantiations can be defined.
A shared model and parallel model can be combined such that multiple EID VRFs share a common RLOC VRF, and multiple instantiations of this architecture are implemented on the same platform, as shown in the following figure.
You can deploy LISP parallel model virtualization in single or multitenancy configurations. In the parallel model multitenancy case, a set of xTRs is shared (virtualized) among multiple customers, and each customer uses their own private (segmented) core infrastructure and mapping system. All sites associated with the customer use the same instance ID and are part of a VPN using their own EID namespace, as shown in the following figure.
When you use LISP parallel model virtualization, each vrfvrf vrf-name instantiation is considered by a separate process. Instance IDs must be unique only within a vrf instantiation.
xTR-1# configure terminal xTR-1(config)# vrf context alpha xTR-1(config-vrf)# address-family ipv4 unicast xTR-1(config-vrf-af-ipv4)# exit xTR-1(config)# vrf context beta xTR-1(config-vrf)# address-family ipv4 unicast xTR-1(config-vrf-af-ipv4)# exit xTR-1(config-vrf)# exit xTR-1(config)# vrf context gamma xTR-1(config-vrf)# address-family ipv4 unicast xTR-1(config-vrf-af-ipv4)# exit xTR-1(config-vrf)# exit xTR-1(config)# vrf context delta xTR-1(config-vrf)# address-family ipv4 unicast xTR-1(config-vrf-af-ipv4)# exit xTR-1(config-vrf)# exit xTR-1(config)# vrf context alpha xTR-1(config-vrf)# lisp instance-id 101 xTR-1(config-vrf)# exit xTR-1(config)# vrf context gamma xTR-1(config-vrf)# lisp instance-id 101 xTR-1(config-vrf)# exit xTR-1(config)# vrf context beta xTR-1(config-vrf)# lisp instance-id 201 The vrf beta table is not available for use as an EID table (in use by switch lisp 1 EID instance 101 VRF)
In the above example, four VRFs are created: alpha, beta, gamma, and delta, as follows:
In the example, note that under device lisp 2, the code requests a VRF instance named beta. Note that the device is unable to use this VRF instance because it (beta) is already associated with a vrf command within the device lisp 1 instantiation.
You can reuse an instance ID. The EID VRF into which it is decapsulated depends on the vrf instantiation with which it is associated. However, you cannot connect the same EID VRF to more than one VRF.
How to Configure LISP Instance-ID Support
You can perform this task to enable and configure LISP ingress tunnel router/egress tunnel router (ITR/ETR) functionality (also known as xTR) with the LISP map server and map resolver, and thereby implement LISP shared model virtualization. This LISP shared model reference configuration is for a very simple two-site LISP topology, including xTRs and an map server/map resolver (MS/MR).
The following figure shows a basic LISP shared model virtualization solution. Two LISP sites are deployed, each containing two VRFs: PURPLE and GOLD. LISP is used to provide virtualized connectivity between these two sites across a common IPv4 core, while maintaining address separation between the two VRF instances.
In this figure, each LISP site uses a single edge switch that is configured as both an ITR and ETR (xTR), with a single connection to its upstream provider. The RLOC is IPv4, and IPv4 and IPv6 EID prefixes are configured. Each LISP site registers to a map server/map resolver (MS/MR) switch that is located in the network core within the shared RLOC address space.
Note | In this configuration example, because the xTR has IPv4 RLOC connectivity, a default route to the upstream SP is used for all IPv4 packets to support LISP processing. Adding an IPv6 default route to Null0 ensures that all IPv6 packets are handled by LISP processing. (The use of the static route to Null0 is not strictly required, but is a LISP best practice.) |
The components in the figure above are as follows:
The CPE functions as a LISP ITR and ETR (xTR).
Both LISP xTRs have two VRFs: GOLD and PURPLE. Each VRF contains both IPv4 and IPv6 EID-prefixes. A LISP instance ID is used to maintain separation between two VRFs. In this example, the share key is configured "per-site" and not "per-VRF." (Another configuration could configure the shared key per-VPN.)
Each LISP xTR has a single RLOC connection to a shared IPv4 core network.
Mapping system
One map server/map resolver system is shown and is assumed available for the LISP xTR to register to. The MS/MR has an IPv4 RLOC address of 10.0.2.2 within the shared IPv4 core.
The map server site configurations are virtualized using LISP instance IDs to maintain separation between the two VRFs.
Perform the following procedure (once through for each xTR in the LISP site) to enable and configure LISP ITR and ETR (xTR) functionality when using a LISP map server and map resolver for mapping services. The example configurations at the end of this task show the full configuration for two xTRs (xTR1 and xTR2).
Summary StepsBefore you begin, create the VRF instances by using the vrf definition command.
Create the VRFs using the vrf definition command.
You can perform this task to configure and enable standalone LISP map server/map resolver functionality for LISP shared model virtualization. In this procedure, you configure a switch as a standalone map server/map resolver (MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a standalone switch, it has no need for LISP Alternate Logical Topology (ALT) connectivity. All relevant LISP sites must be configured to register with this map server so that this map server has full knowledge of all registered EID prefixes within the (assumed) private LISP system.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
configure terminal
Example: switch# configure terminal |
Enters global configuration mode. | ||
Step 2 |
lisp site site-name
Example: switch(config)# lisp site LEFT |
Specifies a LISP site named LEFT and enters LISP site configuration mode.
| ||
Step 3 |
authentication-key [key-type]
authentication-key
Example: switch(config-lisp-site)# authentication-key 0 Left-key |
Configures the password used to create the SHA-2 HMAC hash for authenticating the map register messages sent by an ETR when registering to the map server.
| ||
Step 4 |
eid-prefix
EID-prefix instance-id
instance-id
Example: switch(config-lisp-site)# eid-prefix 192.168.1.0/24 instance-id 102 |
Configures an EID prefix and instance ID that are allowed in a map register message sent by an ETR when registering to this map server. Repeat this step as necessary to configure additional EID prefixes under this LISP site.
| ||
Step 5 | (optional)
eid-prefix
EID-prefix instance-id
instance-id
Example: switch(config-lisp-site)# eid-prefix 2001:db8:a:b::/64 instance-id 102 |
(optional) Configures an EID prefix and instance ID that are allowed in a map register message sent by an ETR when registering to this map server. This step is repeated here to configure an additional EID prefix under this LISP site.
| ||
Step 6 |
exit
Example: switch(config-lisp-site)# exit |
Exits LISP site configuration mode and returns to global configuration mode. | ||
Step 7 |
ip
lisp map-resolver
ipv6
lisp map-resolver
Example: switch(config)# ip lisp map-resolver switch(config)# ipv6 lisp map-resolver |
Enables LISP map resolver functionality for EIDs in the IPv4 address family and in the IPv6 family.. | ||
Step 8 |
ip
lisp map-server
ipv6
lisp map-server
Example: switch(config)# ip lisp map-server switch(config)# ipv6 lisp map-server |
Enables LISP map server functionality for EIDs in the IPv4 address family and in the IPv6 address family.. | ||
Step 9 |
(optional)
show running-config lisp
Example: switch(config)# show running-config lisp | Displays the LISP configuration on the switch. | ||
Step 10 | (optional)
show [ip |
ipv6]
lisp
Example: switch(config)# show ip lisp vrf TRANS |
The show ip lisp and show ipv6 lisp commands display the operational status of LISP as configured on the switch, as applicable to the IPv4 and IPv6 address families respectively. | ||
Step 11 | (optional)
show [ip |
ipv6]
lisp
map-cache
[vrf vrf-name] Example: switch(config)# show ip lisp map-cache |
The show ip lisp map-cache and show ipv6 lisp map-cache commands display the operational status of the map cache on a switch configured as an ITR or PITR, as applicable to the IPv4 and IPv6 address families respectively. | ||
Step 12 | (optional)
show [ip |
ipv6]
lisp
database [
vrf
vrf-name]
Example: The following example shows IPv6 mapping database information for the VRF named GOLD. switch(config)# show ipv6 lisp database vrf GOLD |
The show ip lisp database and show ipv6 lisp database commands display the operational status of the database mapping on a switch configured as an ETR, as applicable to the IPv4 and IPv6 address families respectively. | ||
Step 13 |
(optional)
show
lisp
site [name
site-name]
Example: switch(config)# show lisp site |
The show lisp site command displays the operational status of LISP sites, as configured on a map server. This command only applies to a switch configured as a map server. | ||
Step 14 |
clear [ip |
ipv6]
lisp
map-cache
[vrf vrf-name]
Example: The first command displays IPv4 mapping cache information for vrf1. The second command clears the mapping cache for vrf1 and displays the updated status. switch(config)# show ip lisp map-cache vrf vrf1 switch(config)# clear ip lisp map-cache vrf vrf1 |
The clear ip lisp map-cache and clear ipv6 lisp map-cache commands remove all IPv4 or IPv6 dynamic LISP map-cache entries stored by the switch, respectively. They also show the operational status of the LISP control plane. This command applies to a LISP switch that maintains a map cache (for example, a switch configured as an ITR or PITR). |
To implement LISP shared model virtualization, you can configure LISP ITR/ETR (xTR) functionality with LISP map server and map resolver. This LISP shared model reference configuration is for a large-scale, multiple-site LISP topology, including xTRs and multiple MS/MRs.
This procedure is for an enterprise that is deploying the LISP Shared Model where EID space is virtualized over a shared, common core network. A subset of the entire network is shown in the following figure. Three sites are shown: a multihomed "Headquarters" (HQ) site, and two remote office sites. The HQ site switches are deployed as xTRs and also as map resolver/map servers. The remote sites switches act as xTRs, and use the MS/MRs at the HQ site for LISP control plane support.
The components in the figure are as follows:
Each customer premises equipment (CPE) switch functions as a LISP ITR and ETR (xTR), as well as a Map-Server/Map-Resolver (MS/MR).
Both LISP xTRs have three VRFs: TRANS (for transactions), SOC (for security operations), and FIN (for financials). Each VRF contains only IPv4 EID-prefixes. No overlapping prefixes are used; segmentation between each VRF by LISP instance-ids makes this possible. Note that in this example, the separate authentication key is configured “per-vrf" and not “per-site", which affects both the xTR and MS configurations.
The HQ LISP Site is multihomed to the shared IPv4 core, but each xTR at the HQ site has a single RLOC.
Each CPE also functions as an MS/MR to which the HQ and Remote LISP sites can register.
The map server site configurations are virtualized using LISP instance IDs to maintain separation between the three VRFs.
Create the VRFs using the vrf definition command.
Command or Action | Purpose | |||||||
---|---|---|---|---|---|---|---|---|
Step 1 |
configure
terminal
Example: switch# configure terminal |
Enters global configuration mode. | ||||||
Step 2 |
lisp site site-name
Example: switch(config)# lisp site TRANS |
Specifies a LISP site named TRANS and enters LISP site configuration mode.
| ||||||
Step 3 |
authentication-key [key-type]
authentication-key
Example: switch(config-lisp-site)# authentication-key 0 Left-key |
Configures the password used to create the SHA-2 HMAC hash for authenticating the map register messages sent by an ETR when registering to the map server.
| ||||||
Step 4 |
eid-prefix
EID-prefix / prefix-length instance-id
instance-id
accept-more-specifics
Example: switch(config-lisp-site)# eid-prefix 10.1.0.0/16 instance-id 1 accept-more-specifics |
| ||||||
Step 5 |
exit
Example: switch(config-lisp-site)# exit |
Exits LISP site configuration mode and returns to LISP configuration mode. | ||||||
Step 6 | Repeat Steps 3 through 5 for each LISP site to be configured. | Repeat steps 3 through 5 for the site SOC and FIN as shown in the configuration example at the end of this procedure. | ||||||
Step 7 |
ip
lisp map-resolver
Example: switch(config)# ip lisp map-resolver |
Enables LISP map resolver functionality for EIDs in the IPv4 address family. | ||||||
Step 8 |
ip
lisp map-server
Example: switch(config)# ip lisp map-server |
Enables LISP map server functionality for EIDs in the IPv4 address family. | ||||||
Step 9 |
vrf
context vrf-name
Example: switch(config)# vrf context vrf1 |
Enters VRF configuration submode. | ||||||
Step 10 |
database-mapping
EID-prefix/prefix-length
locator
priority
priority
weight
weight
Example: switch(config-vrf)# database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 100 |
Configures an EID-to-RLOC mapping relationship and its associated traffic policy for this LISP site. | ||||||
Step 11 | Repeat Step 10 until all EID-to-RLOC mappings within this EID table VRF and instance ID for the LISP site are configured. | |||||||
Step 12 |
ip
lisp etr
map-server
map-server-address
key
key-type
authentication-key
Example: switch(config-vrf)# ip lisp etr map-server 172.16.1.2 key 0 TRANS-key |
Configures a locator address for the LISP map server and an authentication key, which this switch, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system.
| ||||||
Step 13 |
ip
lisp itr
map-resolver
map-resolver-address
Example: switch(config-vrf)# ip lisp itr map-resolver 172.16.1.2 |
Configures a locator address for the LISP map resolver to which this switch will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
| ||||||
Step 14 | Repeat Step 13 to configure another locator address for the LISP map resolver
Example: switch(config-vrf)# ip lisp itr map-resolver 172.16.1.6 |
Configures a locator address for the LISP map resolver to which this switch will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
| ||||||
Step 15 |
ip
lisp itr
Example: switch(config-vrf)# ip lisp itr |
Enables LISP ITR functionality for the IPv4 address family. | ||||||
Step 16 |
ip
lisp etr
Example: switch(config-vrf)# ip lisp etr |
Enables LISP ETR functionality for the IPv4 address family. | ||||||
Step 17 |
ip
lisp locator-vrf
default
Example: switch(config-vrf)# ip lisp locator-vrf BLUE |
Configures a nondefault VRF table to be referenced by any IPv4 locators addresses. | ||||||
Step 18 |
ipv6
lisp locator-vrf
default
Example: switch(config-vrf)# ipv6 lisp locator-vrf default |
Configures a nondefault VRF table to be referenced by any IPv6 locator addresses. | ||||||
Step 19 |
exit
Example: switch(config-vrf)# exit |
Exits VRF configuration mode and returns to global configuration mode. | ||||||
Step 20 | Repeat step 9 to 19 for all VRFs. | |||||||
Step 21 |
ip
route
ipv4-prefix
next-hop
Example: switch(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 |
Configures a default route to the upstream next hop for all IPv4 destinations.
In this configuration example, because the xTR has IPv4 RLOC connectivity, a default route to the upstream SP is used for all IPv4 packets to support LISP processing. | ||||||
Step 22 |
(Optional)
show running-config lisp
Example: switch(config)# show running-config lisp | Displays the LISP configuration on the switch. | ||||||
Step 23 |
(Optional)
show [ip |
ipv6]
lisp
Example: switch(config)# show ip lisp vrf TRANS |
The show ip lisp and show ipv6 lisp commands are useful for quickly verifying the operational status of LISP as configured on the switch, as applicable to the IPv4 and IPv6 address families respectively. | ||||||
Step 24 | (Optional)
show [ip |
ipv6]
lisp
map-cache
[vrf vrf-name] Example: switch(config)# show ip lisp map-cache |
Displays the operational status of the map cache on a switch configured as an ITR or PITR, as applicable to the IPv4 and IPv6 address families. | ||||||
Step 25 | (Optional)
show [ip |
ipv6]
lisp
database [
vrf
vrf-name]
Example: switch(config)# show ipv6 lisp database vrf GOLD |
The show ip lisp database and show ipv6 lisp database commands are useful for quickly verifying the operational status of the database mapping on a switch configured as an ETR, as applicable to the IPv4 and IPv6 address families. This example shows IPv6 mapping database information for a VRF named GOLD. | ||||||
Step 26 | (Optional)
show
lisp
site [name
site-name]
Example: switch(config)# show lisp site |
The show lisp site command verifies the operational status of LISP sites, as configured on a map server. This command only applies to a switch configured as a map server. | ||||||
Step 27 |
(Optional)
clear [ip |
ipv6]
lisp
map-cache
[vrf vrf-name]
Example: switch(config)# show ip lisp map-cache vrf vrf1 switch(config)# clear ip lisp map-cache vrf vrf1 |
The clear ip lisp map-cache and clear ipv6 lisp map-cache commands remove all IPv4 or IPv6 dynamic LISP map-cache entries stored by the switch. They verify the operational status of the LISP control plane. The command applies to a LISP switch that maintains a map cache (for example, a switch configured as an ITR or PITR). The first command in the example displays IPv4 mapping cache information for vrf1. The second command clears the mapping cache for vrf1 and displays the status information after clearing the cache. |
You can perform this task to enable and configure LISP ITR/ETR (xTR) functionality at a remote site to implement LISP shared model virtualization as part of a large-scale, multiple-site LISP topology.
This configuration task is part of a more complex, larger scale LISP virtualization solution. The configuration applies to one of the remote sites shown in the figure below. The remote site switches only act as xTRs, and use the MS/MRs at the HQ site for LISP control plane support.
The components illustrated in the topology shown in the figure above are described below:
Each customer premises equipment (CPE) switch at a remote site functions as a LISP ITR and ETR (xTR).
Each LISP xTR has the same three VRFs as the HQ Site: the TRANS (for transactions), the SOC (for security operations), and the FIN (for financials). Each VRF contains only IPv4 EID-prefixes.
Each remote site LISP xTR has a single RLOC connection to a shared IPv4 core network.
Create the VRFs using the vrf definition command and verify that the Configure a Large-Scale LISP Shared Model Virtualization task has been performed at one or more central (headquarters) sites.
Command or Action | Purpose | |||||
---|---|---|---|---|---|---|
Step 1 |
configure
terminal
Example: Switch# configure terminal |
Enters global configuration mode. | ||||
Step 2 |
vrf
contextvrf-name
Example: Switch(config)# vrf context vrf1 |
Enters VRF configuration submode. | ||||
Step 3 |
database-mapping
EID-prefix/prefix-length
locator
priority
priority
weight
weight
Example: Switch(config-vrf)# database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 100 |
Configures an EID-to-RLOC mapping relationship and its associated traffic policy for this LISP site. | ||||
Step 4 |
ip
lisp etr
map-server
map-server-address
key
key-type
authentication-key
Example: Switch(config-vrf)# ip lisp etr map-server 172.16.1.2 key 0 TRANS-key |
Configures a locator address for the LISP map server and an authentication key for which this switch, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system.
| ||||
Step 5 | Repeat Step 4 to configure another locator address for the same LISP map server.
Example: Switch(config-vrf)# ip lisp etr map-server 172.16.1.6 key 0 TRANS-key |
Configures a locator address for the LISP map server and an authentication key for which this switch, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system. | ||||
Step 6 |
ip
lisp itr
map-resolver
map-resolver-address
Example: Switch(config-vrf)# ip lisp itr map-resolver 172.16.1.2 |
Configures a locator address for the LISP map resolver to which this switch will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
| ||||
Step 7 | Repeat Step 6 to configure another locator address for the LISP map resolver
Example: Switch(config-vrf)# ip lisp itr map-resolver 172.16.1.6 |
Configures a locator address for the LISP map resolver to which this switch will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
| ||||
Step 8 |
ip
lisp itr
Example: Switch(config-vrf)# ip lisp itr |
Enables LISP ITR functionality for the IPv4 address family. | ||||
Step 9 |
ip
lisp etr
Example: Switch(config-vrf)# ip lisp etr |
Enables LISP ETR functionality for the IPv4 address family. | ||||
Step 10 |
ip
lisp locator-vrf
default
Example: Switch(config-vrf)# ip lisp locator-vrf BLUE |
Configures a non-default VRF table to be referenced by any IPv4 locators addresses. | ||||
Step 11 |
ipv6
lisp locator-vrf
default
Example: Switch(config-vrf)# ipv6 lisp locator-vrf default |
Configures a non-default VRF table to be referenced by any IPv6 locator addresses. | ||||
Step 12 |
exit
Example: Switch(config-vrf)# exit |
Exits VRF configuration mode and returns to global configuration mode. | ||||
Step 13 | Repeat Steps 2 to 12 for all VRFs. | |||||
Step 14 |
ip
route
ipv4-prefix
next-hop
Example: Switch(config)# ip route 0.0.0.0 0.0.0.0 172.16.2.1 |
Configures a default route to the upstream next hop for all IPv4 destinations. | ||||
Step 15 |
(Optional)
show running-config lisp
Example: Switch(config)# show running-config lisp | Verifies the LISP configuration on the switch. | ||||
Step 16 |
(Optional)
show [ip |
ipv6]
lisp
Example: Switch(config)# show ip lisp vrf TRANS |
The show ip lisp and show ipv6 lisp commands verify the operational status of LISP as configured on the switch, as applicable to the IPv4 and IPv6 address families, respectively. | ||||
Step 17 |
(Optional)
show [ip |
ipv6]
lisp
map-cache
[vrf vrf-name] Example: Switch(config)# show ip lisp map-cache |
The show ip lisp map-cache and show ipv6 lisp map-cache commands verify the operational status of the map cache on a switch configured as an ITR or PITR, as applicable to the IPv4 and IPv6 address families, respectively. | ||||
Step 18 |
(Optional)
show [ip |
ipv6]
lisp
database [
vrf
vrf-name]
Example: The following example shows IPv6 mapping database information for the VRF named GOLD. Switch(config)# show ipv6 lisp database vrf GOLD |
The show ip lisp database and show ipv6 lisp database commands display the operational status of the database mapping on a switch configured as an ETR, as applicable to the IPv4 and IPv6 address families, respectively. | ||||
Step 19 |
(Optional)
show
lisp
site [name
site-name]
Example: Switch(config)# show lisp site |
The show lisp site command is useful for quickly verifying the operational status of LISP sites, as configured on a map server. This command only applies to a switch configured as a map server. | ||||
Step 20 |
clear [ip |
ipv6]
lisp
map-cache
[vrf vrf-name]
Example: The following commands display IPv4 mapping cache information for vrf1, and clear the mapping cache for vrf1. Clearing also displays the show information after it clears the cache. Switch(config)# show ip lisp map-cache vrf vrf1 Switch(config)# clear ip lisp map-cache vrf vrf1 |
The clear ip lisp map-cache and clear ipv6 lisp map-cache commands remove all IPv4 or IPv6 dynamic LISP map-cache entries stored by the switch. These verify the operational status of the LISP control plane. The command applies to a LISP switch that maintains a map cache (for example, if configured as an ITR or PITR). |
You can perform these tasks to enable and configure LISP ITR/ETR (xTR) functionality and LISP map resolver and map server for LISP parallel model virtualization.
The configuration in the following figure below is for two LISP sites that are connected in parallel mode. Each LISP site uses a single edge switch configured as both an ITR and ETR (xTR), with a single connection to its upstream provider. Note that the upstream connection is VLAN-segmented to maintain RLOC space separation within the core. Two VRFs are defined here: BLUE and GREEN. The IPv4 RLOC space is used in each of these parallel networks. Both IPv4 and IPv6 EID address space is used. The LISP site registers to one map server/map resolver (MS/MR), which is segmented to maintain the parallel model architecture of the core network.
The components illustrated in the topology shown in the figure above are described below.
The customer premises equipment (CPE) functions as a LISP ITR and ETR (xTR).
Both LISP xTRs have two VRFs: GOLD and PURPLE, with each VRF containing both IPv4 and IPv6 EID-prefixes, as shown in the figure above. Note the overlapping prefixes, used for illustration purposes. A LISP instance ID is used to maintain separation between two VRFs. The share key is configured “per-VPN."
Each LISP xTR has a single RLOC connection to a parallel IPv4 core network.
Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITR and ETR (xTR) functionality when using a LISP map-server and map-resolver for mapping services. The example configurations at the end of this task show the full configuration for two xTRs (Left-xTR and Right-xTR).
Create the VRFs using the vrf context command.
Command or Action | Purpose | |||||
---|---|---|---|---|---|---|
Step 1 |
configure
terminal
Example: switch# configure terminal |
Enters global configuration mode. | ||||
Step 2 |
vrf
context vrf-name
Example: switch(config)# vrf context vrf1 |
Enters VRF configuration submode. | ||||
Step 3 |
lisp
instance-id
instance-id
Example: switch(config-vrf)# lisp instance-id 101 |
Configures an association between a VRF and a LISP instance ID. | ||||
Step 4 |
ip lisp database-mapping
EID-prefix/prefix-length
locator
priority
priority
weight
weight
Example: switch(config-vrf)# ip lisp database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1 |
Configures an EID-to-RLOC mapping relationship and its associated traffic policy for this LISP site.
| ||||
Step 5 |
exit
Example: switch(config-vrf)# exit |
Exits VRF configuration submode and returns to global mode. | ||||
Step 6 |
ipv4
itr
map-resolver
map-resolver-address
Example: switch(config)# ip lisp itr map-resolver 10.0.2.2 |
Configures a locator address for the LISP map resolver to which this switch will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
| ||||
Step 7 |
ip
lisp etr
map-server
map-server-address
key
key-type
authentication-key
Example: switch(config)# ip lisp etr map-server 10.0.2.2 key 0 PURPLE-key |
Configures a locator address for the LISP map server and an authentication key for which this switch, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system.
| ||||
Step 8 |
ip
lisp itr
Example: switch(config)# ip lisp itr |
Enables LISP ITR functionality for the IPv4 address family. | ||||
Step 9 |
ip
lisp
etr
Example: switch(config)# ip lisp etr |
Enables LISP ETR functionality for the IPv4 address family. | ||||
Step 10 |
ipv6
lisp itr
map-resolver
map-resolver-address
Example: switch(config)# ipv6 lisp itr map-resolver 10.0.2.2 |
Configures a locator address for the LISP map resolver to which this switch will send map request messages for IPv6 EID-to-RLOC mapping resolutions.
| ||||
Step 11 |
ipv6 lisp
etr
map-server
map-server-address
key
key-type
authentication-key
Example: switch(config)# ipv6 lisp etr map-server 10.0.2.2 key 0 PURPLE-key |
Configures a locator address for the LISP map-server and an authentication key that this switch, acting as an IPv6 LISP ETR, will use to register to the LISP mapping system.
| ||||
Step 12 |
ipv6
itr
Example: switch(config)# ipv6 itr |
Enables LISP ITR functionality for the IPv6 address family. | ||||
Step 13 |
ipv6
etr
Example: switch(config)# ipv6 etr |
Enables LISP ETR functionality for the IPv6 address family. | ||||
Step 14 |
ip
route
vrf
rloc-vrf-name
ipv4-prefix
next-hop
Example: switch(config)# ip route vrf BLUE 0.0.0.0 0.0.0.0 10.0.0.1 |
Configures a default route to the upstream next hop for all IPv4 destinations. All IPv4 EID-sourced packets destined to both LISP and non-LISP sites are forwarded in one of two ways:
Packets are deemed to be a candidate for LISP encapsulation when they are sourced from a LISP EID and the destination matches one of the following entries:
In this configuration example, because the xTR has IPv4 RLOC connectivity, a default route to the upstream SP is used for all IPv4 packets to support LISP processing. | ||||
Step 15 |
ipv6
route
vrf
rloc-vrf-name
ipv6-prefix
next-hop
Example: switch(config)# ipv6 route vrf BLUE ::/0 Null0 |
Configures a default route to the upstream next hop for all IPv6 destinations, reachable within the specified RLOC VRF. All IPv6 EID-sourced packets destined for both LISP and non-LISP sites require LISP support for forwarding in the following two ways:
Packets are deemed to be a candidate for LISP encapsulation when they are sourced from a LISP EID and the destination matches one of the following entries:
In this configuration example, because the xTR has only IPv4 RLOC connectivity, adding an IPv6 default route to Null0 ensures that all IPv6 packets are handled by LISP processing. If the destination is another LISP site, packets are LISP-encapsulated (using IPv4 RLOCs) to the remote site. If the destination is non-LISP, all IPv6 EIDs are LISP-encapsulated to a Proxy ETR (PETR) –assuming one is configured.
| ||||
Step 16 | (Optional)
show running-config lisp
Example: switch(config)# show running-config lisp | Shows the LISP configuration on the switch. | ||||
Step 17 | (Optional)
show [ip |
ipv6]
lisp
Example: switch(config)# show ip lisp vrf TRANS |
The show ip lisp and show ipv6 lisp commands verify the operational status of LISP as configured on the switch, as applicable to the IPv4 and IPv6 address families, respectively. | ||||
Step 18 | (Optional)
show [ip |
ipv6]
lisp
map-cache
[vrf vrf-name] Example: switch(config)# show ip lisp map-cache |
The show ip lisp map-cache and show ipv6 lisp map-cache commands verify the operational status of the map cache on a switch configured as an ITR or Proxy ETR (PETR), as applicable to the IPv4 and IPv6 address families, respectively. | ||||
Step 19 | (Optional)
show [ip |
ipv6]
lisp
database [
vrf
vrf-name]
Example: The following example shows IPv6 mapping database information for the VRF named GOLD. switch(config)# show ipv6 lisp database vrf GOLD |
The show ip lisp database and show ipv6 lisp database commands verify the operational status of the database mapping on a switch configured as an ETR, as applicable to the IPv4 and IPv6 address families, respectively. | ||||
Step 20 | (Optional)
show
lisp
site [name
site-name]
Example: switch(config)# show lisp site |
The show lisp site command verifies the operational status of LISP sites, as configured on a map server. This command only applies to a switch configured as a map server. | ||||
Step 21 |
clear [ip |
ipv6]
lisp
map-cache
[vrf vrf-name]
Example: switch(config)# show ip lisp map-cache vrf vrf1 switch(config)# clear ip lisp map-cache vrf vrf1 |
The clear ip lisp map-cache and clear ipv6 lisp map-cache commands remove all IPv4 or IPv6 dynamic LISP map-cache entries stored by the switch. This verifies the operational status of the LISP control plane. This command applies to a LISP switch that maintains a map cache (for example, if configured as an ITR or PITR). The commands in the example display IPv4 mapping cache information for vrf1, and clear the mapping cache for vrf1 and show information after clearing the cache. |
Perform this task to configure and enable standalone LISP map server/map resolver functionality for LISP parallel model virtualization. In this task, a Cisco switch is configured as a standalone map resolver/map server (MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a stand-alone switch, it has no need for LISP alternate logical topology (ALT) connectivity. All relevant LISP sites must be configured to register with this map server so that this map server has full knowledge of all registered EID prefixes within the (assumed) private LISP system.
One map resolver/map server (MS/MR) system is shown in the figure above and assumed available for the LISP xTR to register to within the proper parallel RLOC space. The MS/MR has an IPv4 RLOC address of 10.0.2.2, within each VLAN/VRF (Green and Blue) providing parallel model RLOX separation in the IPv4 core.
The map server site configurations are virtualized using LISP instance IDs to maintain separation between the two VRFs, PURPLE and GOLD.
Repeat this task for all lisp instantiations and RLOC VRFs.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
configure
terminal
Example: Switch# configure terminal |
Enters global configuration mode. | ||
Step 2 |
lisp site
site-name
Example: Switch(config)# lisp site PURPLE |
Specifies a LISP site named Purple and enters LISP site configuration mode. | ||
Step 3 |
authentication-key [key-type]
authentication-key
Example: Switch(config-lisp-site)# authentication-key 0 Purple-key |
Configures the password used to create the SHA-2 HMAC hash for authenticating the map register messages sent by an ETR when registering to the map server.
| ||
Step 4 |
eid-prefix
EID-prefix instance-id
instance-id
Example: Switch(config-lisp-site)# eid-prefix 192.168.1.0/24 instance-id 101 |
| ||
Step 5 |
eid-prefix
EID-prefix instance-id
instance-id
Example: Switch(config-lisp-site)# eid-prefix 2001:db8:a:b::/64 instance-id 101 |
| ||
Step 6 |
exit
Example: Switch(config-lisp-site)# exit |
Exits LISP site configuration mode and returns to global configuration mode. | ||
Step 7 |
ip
lisp map-resolver
Example: Switch(config)# ip lisp map-resolver |
Enables LISP map resolver functionality for EIDs in the IPv4 address family. | ||
Step 8 |
ip
lisp map-server
Example: Switch(config)# ip lisp map-server |
Enables LISP map server functionality for EIDs in the IPv4 address family. | ||
Step 9 |
ipv6
lisp map-resolver
Example: Switch(config)# ipv6 lisp map-resolver |
Enables LISP map resolver functionality for EIDs in the IPv6 address family. | ||
Step 10 |
ipv6
lisp map-server
Example: Switch(config)# ipv6 lisp map-server |
Enables LISP map server functionality for EIDs in the IPv6 address family. | ||
Step 11 |
ip
route
vrf
rloc-vrf-name
ipv4-prefix
next-hop
Example: Switch(config)# ip route vrf BLUE 0.0.0.0 0.0.0.0 10.0.2.1 |
Configures a default route to the upstream next hop for all IPv4 destinations, reachable within the specified RLOC VRF. | ||
Step 12 |
show running-config lisp
Example: Switch(config)# show running-config lisp | Verifies the LISP configuration on the switch. | ||
Step 13 |
show [ip |
ipv6]
lisp
Example: Switch(config)# show ip lisp vrf TRANS |
The show ip lisp and show ipv6 lisp commands are useful for quickly verifying the operational status of LISP as configured on the switch, as applicable to the IPv4 and IPv6 address families respectively. | ||
Step 14 |
show [ip |
ipv6]
lisp
map-cache
[vrf vrf-name] Example: Switch(config)# show ip lisp map-cache |
The show ip lisp map-cache and show ipv6 lisp map-cache commands are useful for quickly verifying the operational status of the map cache on a switch configured as an ITR or PITR, as applicable to the IPv4 and IPv6 address families respectively. | ||
Step 15 |
show [ip |
ipv6]
lisp
database [
vrf
vrf-name]
Example: The following example shows IPv6 mapping database information for the VRF named GOLD. Switch(config)# show ipv6 lisp database vrf GOLD |
The show ip lisp database and show ipv6 lisp database commands are useful for quickly verifying the operational status of the database mapping on a switch configured as an ETR, as applicable to the IPv4 and IPv6 address families respectively. | ||
Step 16 |
show
lisp
site [name
site-name]
Example: Switch(config)# show lisp site |
The show lisp site command is useful for quickly verifying the operational status of LISP sites, as configured on a map server. This command only applies to a switch configured as a map server. | ||
Step 17 |
clear [ip |
ipv6]
lisp
map-cache
[vrf vrf-name]
Example: The following example displays IPv4 mapping cache information for vrf1, shows the command used to clear the mapping cache for vrf1, and displays the show information after clearing the cache. Switch(config)# show ip lisp map-cache vrf vrf1 Switch(config)# clear ip lisp map-cache vrf vrf1 |
The clear ip lisp map-cache and clear ipv6 lisp map-cache commands remove all IPv4 or IPv6 dynamic LISP map-cache entries stored by the switch. This can be useful for trying to quickly verify the operational status of the LISP control plane. This command applies to a LISP switch that maintains a map cache (for example, if configured as an ITR or PITR). |
Configuration Examples for LISP Instance-ID Support
These examples show the complete configuration for the LISP topology. On the xTRs, the VRFs and EID prefixes are assumed to be attached to VLANs configured on the switches.
This example shows how to configure the left xTR:
vrf context GOLD ipv6 lisp itr ip lisp itr ipv6 lisp etr ip lisp etr ipv6 lisp database-mapping 2001:db8:b:a::/64 10.0.0.2 priority 1 weight 100 ip lisp database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 100 lisp instance-id 102 ipv6 lisp locator-vrf default ip lisp locator-vrf default ipv6 lisp itr map-resolver 10.0.2.2 ip lisp itr map-resolver 10.0.2.2 ipv6 lisp etr map-server 10.0.2.2 key Left-key ip lisp etr map-server 10.0.2.2 key Left-key interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 interface Ethernet1/0.1 encapsulation dot1q 101 vrf forwarding PURPLE ip address 192.168.1.1 255.255.255.0 ipv6 address 2001:DB8:A:A::1/64 interface Ethernet1/0.2 encapsulation dot1q 102 vrf forwarding GOLD ip address 192.168.1.1 255.255.255.0 ipv6 address 2001:DB8:B:A::1/64 vrf context PURPLE ipv6 lisp itr ip lisp itr ipv6 lisp etr ip lisp etr ipv6 lisp database-mapping 2001:db8:a:a::/64 10.0.0.2 priority 1 weight 100 ip lisp database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 100 lisp instance-id 101 ipv6 lisp locator-vrf default ip lisp locator-vrf default ipv6 lisp itr map-resolver 10.0.2.2 ip lisp itr map-resolver 10.0.2.2 ipv6 lisp etr map-server 10.0.2.2 key Left-key ip lisp etr map-server 10.0.2.2 key Left-key
This example shows how to configure the right xTR:
vrf context GOLD ipv6 lisp itr ip lisp itr ipv6 lisp etr ip lisp etr ipv6 lisp database-mapping 2001:db8:b:b::/64 10.0.1.2 priority 1 weight 100 ip lisp database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 100 lisp instance-id 102 ipv6 lisp locator-vrf default ip lisp locator-vrf default ipv6 lisp itr map-resolver 10.0.2.2 ip lisp itr map-resolver 10.0.2.2 ipv6 lisp etr map-server 10.0.2.2 key Right-key ip lisp etr map-server 10.0.2.2 key Right-key interface Ethernet0/0 ip address 10.0.1.2 255.255.255.0 interface Ethernet1/0.1 encapsulation dot1q 101 vrf forwarding PURPLE ip address 192.168.2.1 255.255.255.0 ipv6 address 2001:DB8:A:B::1/64 interface Ethernet1/0.2 encapsulation dot1q 102 vrf forwarding GOLD ip address 192.168.2.1 255.255.255.0 ipv6 address 2001:DB8:B:B::1/64 vrf context PURPLE ipv6 lisp itr ip lisp itr ipv6 lisp etr ip lisp etr ipv6 lisp database-mapping 2001:db8:a:b::/64 10.0.1.2 priority 1 weight 100 ip lisp database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 100 lisp instance-id 101 ipv6 lisp locator-vrf default ip lisp locator-vrf default ipv6 lisp itr map-resolver 10.0.2.2 ip lisp itr map-resolver 10.0.2.2 ipv6 lisp etr map-server 10.0.2.2 key Right-key ip lisp etr map-server 10.0.2.2 key Right-key
This example shows how to configure the LISP map server/map resolver.
hostname MSMR ! interface Ethernet0/0 ip address 10.0.2.2 255.255.255.0 ! router lisp ! site Left authentication-key Left-key eid-prefix instance-id 101 192.168.1.0/24 eid-prefix instance-id 101 2001:DB8:A:A::/64 eid-prefix instance-id 102 192.168.1.0/24 eid-prefix instance-id 102 2001:DB8:B:A::/64 exit ! site Right authentication-key Right-key eid-prefix instance-id 101 192.168.2.0/24 eid-prefix instance-id 101 2001:DB8:A:B::/64 eid-prefix instance-id 102 192.168.2.0/24 eid-prefix instance-id 102 2001:DB8:B:B::/64 exit ! ipv4 map-server ipv4 map-resolver ipv6 map-server ipv6 map-resolver exit ! ip route 0.0.0.0 0.0.0.0 10.0.2.1
The examples show the complete configuration for the HQ-RTR-1 and HQ-RTR-2 (xTR/MS/MR located at the HQ site), and Site2-xTR LISP switches. Both HQ-RTR-1 and HQ-RTR-2 are provided to illustrate the proper method for configuring a LISP multihomed site.
This example shows how to configure HQ-RTR-1 with an xTR, a map server, and a map resolver.
feature lisp interface loopback 0 ip address 172.31.1.11/32 interface ethernet2/1 ip address 172.16.1.6/30 interface Ethernet 2/2 vrf member TRANS ip address 10.1.1.1/24 interface Ethernet 2/3 vrf member SOC ip address 10.2.1.1/24 interface Ethernet 2/4 vrf member FIN ip address 10.3.1.1/24 ip lisp itr ip lisp etr ip lisp map-resolver ip lisp map-server ip lisp database-mapping 172.31.1.11/32 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 172.31.1.11/32 172.16.1.6 priority 1 weight 50 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key DEFAULT-key ip lisp etr map-server 172.16.1.6 key DEFAULT-key vrf context FIN ip lisp itr ip lisp etr ip lisp database-mapping 10.3.1.0/24 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 10.3.1.0/24 172.16.1.6 priority 1 weight 50 lisp instance-id 3 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key FIN-key ip lisp etr map-server 172.16.1.6 key FIN-key ip lisp locator-vrf default vrf context SOC ip lisp itr ip lisp etr ip lisp database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50 lisp instance-id 2 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key SOC-key ip lisp etr map-server 172.16.1.6 key SOC-key ip lisp locator-vrf default vrf context TRANS ip lisp itr ip lisp etr ip lisp database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50 lisp instance-id 1 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key TRANS-key ip lisp etr map-server 172.16.1.6 key TRANS-key ip lisp locator-vrf default lisp site DEFAULT eid-prefix 172.31.1.0/24 accept-more-specifics authentication-key DEFAULT-key lisp site FIN eid-prefix 10.3.0.0/16 accept-more-specifics authentication-key FIN-key lisp site SOC eid-prefix 10.2.0.0/16 instance-id 2 accept-more-specifics authentication-key SOC-key lisp site TRANS eid-prefix 10.1.0.0/16 instance-id 1 accept-more-specifics authentication-key TRANS-key
This example shows how to configure HQ-RTR-2 with an xTR, a map server, and a map resolver.
feature lisp interface loopback 0 ip address 172.31.1.12/32 interface ethernet2/1 ip address 172.16.1.6/30 interface Ethernet 2/2 vrf member TRANS ip address 10.1.1.2/24 interface Ethernet 2/3 vrf member SOC ip address 10.2.1.2/24 interface Ethernet 2/4 vrf member FIN ip address 10.3.1.2/24 ip lisp itr ip lisp etr ip lisp map-resolver ip lisp map-server ip lisp database-mapping 172.31.1.12/32 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 172.31.1.12/32 172.16.1.6 priority 1 weight 50 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key DEFAULT-key ip lisp etr map-server 172.16.1.6 key DEFAULT-key vrf context FIN ip lisp itr ip lisp etr ip lisp database-mapping 10.3.1.0/24 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 10.3.1.0/24 172.16.1.6 priority 1 weight 50 lisp instance-id 3 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key FIN-key ip lisp etr map-server 172.16.1.6 key FIN-key ip lisp locator-vrf default vrf context SOC ip lisp itr ip lisp etr ip lisp database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50 lisp instance-id 2 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key SOC-key ip lisp etr map-server 172.16.1.6 key SOC-key ip lisp locator-vrf default vrf context TRANS ip lisp itr ip lisp etr ip lisp database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50 lisp instance-id 1 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key TRANS-key ip lisp etr map-server 172.16.1.6 key TRANS-key ip lisp locator-vrf default lisp site DEFAULT eid-prefix 172.31.1.0/24 accept-more-specifics authentication-key DEFAULT-key lisp site FIN eid-prefix 10.3.0.0/16 accept-more-specifics authentication-key FIN-key lisp site SOC eid-prefix 10.2.0.0/16 instance-id 2 accept-more-specifics authentication-key SOC-key lisp site TRANS eid-prefix 10.1.0.0/16 instance-id 1 accept-more-specifics authentication-key TRANS-key
This example shows the complete configuration for the remote site switch. Only one remote site configuration is shown.
This example shows how to configure Site 2 with an xTR, using the map server and a map resolver from the HQ site.
feature lisp interface loopback 0 ip address 172.31.1.2/32 interface ethernet2/1 ip address 172.16.2.2/30 interface Ethernet 2/2 vrf member TRANS ip address 10.1.2.1/24 interface Ethernet 2/3 vrf member SOC ip address 10.2.2.1/24 interface Ethernet 2/4 vrf member FIN ip address 10.3.2.1/24 ip lisp itr ip lisp etr ip lisp map-resolver ip lisp map-server ip lisp database-mapping 172.31.1.2/32 172.16.2.2 priority 1 weight 100 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key DEFAULT-key ip lisp etr map-server 172.16.1.6 key DEFAULT-key vrf context FIN ip lisp itr ip lisp etr ip lisp database-mapping 10.3.2.0/24 172.16.2.2 priority 1 weight 100 lisp instance-id 3 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key FIN-key ip lisp etr map-server 172.16.1.6 key FIN-key ip lisp locator-vrf default vrf context SOC ip lisp itr ip lisp etr ip lisp database-mapping 10.2.2.0/24 172.16.2.2 priority 1 weight 100 lisp instance-id 2 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key SOC-key ip lisp etr map-server 172.16.1.6 key SOC-key ip lisp locator-vrf default vrf context TRANS ip lisp itr ip lisp etr ip lisp database-mapping 10.1.2.0/24 172.16.2.2 priority 1 weight 100 lisp instance-id 1 ip lisp itr map-resolver 172.16.1.2 ip lisp itr map-resolver 172.16.1.6 ip lisp etr map-server 172.16.1.2 key TRANS-key ip lisp etr map-server 172.16.1.6 key TRANS-key ip lisp locator-vrf default
These examples show the complete configuration for the LISP topology. On the xTRs, the VRFs and EID prefixes are assumed to be attached to VLANs configured on the switches.
This example shows how to configure the left xTR:
hostname Left-xTR ! ipv6 unicast-routing ! vrf definition PURPLE address-family ipv4 exit address-family ipv6 exit ! vrf definition GOLD address-family ipv4 exit address-family ipv6 exit ! interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 ! interface Ethernet1/0.1 encapsulation dot1q 101 vrf forwarding PURPLE ip address 192.168.1.1 255.255.255.0 ipv6 address 2001:DB8:A:A::1/64 ! interface Ethernet1/0.2 encapsulation dot1q 102 vrf forwarding GOLD ip address 192.168.1.1 255.255.255.0 ipv6 address 2001:DB8:B:A::1/64 ! router lisp eid-table vrf PURPLE instance-id 101 database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1 database-mapping 2001:DB8:A:A::/64 10.0.0.2 priority 1 weight 1 eid-table vrf GOLD instance-id 102 database-mapping 192.168.1.0/24 10.0.0.2 priority 1 weight 1 database-mapping 2001:DB8:B:A::/64 10.0.0.2 priority 1 weight 1 exit ! ipv4 itr map-resolver 10.0.2.2 ipv4 itr ipv4 etr map-server 10.0.2.2 key Left-key ipv4 etr ipv6 itr map-resolver 10.0.2.2 ipv6 itr ipv6 etr map-server 10.0.2.2 key Left-key ipv6 etr exit ! ip route 0.0.0.0 0.0.0.0 10.0.0.1 ipv6 route ::/0 Null0
This example shows how to configure the right xTR:
hostname Right-xTR ! ipv6 unicast-routing ! vrf definition PURPLE address-family ipv4 exit address-family ipv6 exit ! vrf definition GOLD address-family ipv4 exit address-family ipv6 exit ! interface Ethernet0/0 ip address 10.0.1.2 255.255.255.0 ! interface Ethernet1/0.1 encapsulation dot1q 101 vrf forwarding PURPLE ip address 192.168.2.1 255.255.255.0 ipv6 address 2001:DB8:A:B::1/64 ! interface Ethernet1/0.2 encapsulation dot1q 102 vrf forwarding GOLD ip address 192.168.2.1 255.255.255.0 ipv6 address 2001:DB8:B:B::1/64 ! router lisp eid-table vrf PURPLE instance-id 101 database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 1 database-mapping 2001:DB8:A:B::/64 10.0.1.2 priority 1 weight 1 eid-table vrf GOLD instance-id 102 database-mapping 192.168.2.0/24 10.0.1.2 priority 1 weight 1 database-mapping 2001:DB8:B:B::/64 10.0.1.2 priority 1 weight 1 exit ! ipv4 itr map-resolver 10.0.2.2 ipv4 itr ipv4 etr map-server 10.0.2.2 key Right-key ipv4 etr ipv6 itr map-resolver 10.0.2.2 ipv6 itr ipv6 etr map-server 10.0.2.2 key Right-key ipv6 etr exit ! ip route 0.0.0.0 0.0.0.0 10.0.1.1 ipv6 route ::/0 Null0
This example shows how to configure the map server/map resolver:
hostname MSMR ! vrf definition BLUE address-family ipv4 exit ! vrf definition GREEN address-family ipv4 exit ! ipv6 unicast-routing ! interface Ethernet0/0.101 encapsulation dot1Q 101 vrf forwarding BLUE ip address 10.0.0.2 255.255.255.0 ! interface Ethernet0/0.102 encapsulation dot1Q 102 vrf forwarding GREEN ip address 10.0.0.2 255.255.255.0 ! router lisp 1 locator-table vrf BLUE site Purple authentication-key PURPLE-key eid-prefix instance-id 101 192.168.1.0/24 eid-prefix instance-id 101 192.168.2.0/24 eid-prefix instance-id 101 2001:DB8:A:A::/64 eid-prefix instance-id 101 2001:DB8:A:B::/64 ! ipv4 map-server ipv4 map-resolver ipv6 map-server ipv6 map-resolver ! router lisp 2 locator-table vrf GREEN site Gold authentication-key GOLD-key eid-prefix instance-id 102 192.168.1.0/24 eid-prefix instance-id 102 192.168.2.0/24 eid-prefix instance-id 102 2001:DB8:B:A::/64 eid-prefix instance-id 102 2001:DB8:B:B::/64 ! ipv4 map-server ipv4 map-resolver ipv6 map-server ipv6 map-resolver ! ip route vrf GREEN 0.0.0.0 0.0.0.0 10.0.2.1 ip route vrf BLUE 0.0.0.0 0.0.0.0 10.0.2.1
Feature Name |
Releases |
Feature Information |
---|---|---|
Locator/ID Separation Protocol (LISP) Instance ID |
6.2(2) |
This feature is introduced. |