Feedback
Contents
- Configuring Locator/ID Separation Protocol
- Information About Locator/ID Separation Protocol
- LISP Functionality Overview
- LISP Devices Overview
- LISP Site Devices
- LISP Infrastructure
- LISP Internetworking Devices
- Licensing Requirements for LISP
- LISP Guidelines and Limitations
- Default Settings for LISP
- Configuring Locator/ID Separation Protocol
- Enabling the LISP Feature
- Configuring LISP ITR/ETR (xTR) Functionality
- Configuring LISP ITR/ETR (xTR)
- Configuring Optional LISP ITR/ETR (xTR) Functionality
- Configuring LISP-ALT Functionality
- Configuring Required LISP Map-Resolver Functionality
- Configuring LISP Map-Server Functionality
- Configuring Required LISP Map-Server Functionality
- Configuring Optional LISP Map-Server Functionality
- Configuring Required LISP Proxy-ITR Functionality
- Configuring Required LISP Proxy-ETR Functionality
- Additional References
- Related Documents
- Standards
- MIBs
- RFCs
- Feature History for LISP
Configuring Locator/ID Separation Protocol
This chapter describes how to configure the basic Cisco NX-OS Locator/ID Separation Protocol (LISP) functionality on all LISP-related devices, including the Ingress Tunnel Router (ITR), Egress Tunnel Router, Proxy ITR (PITR), Proxy ETR (PETR), Map Resolver (MR), Map Server (MS), and LISP-ALT device.
This chapter contains the following sections:
- Information About Locator/ID Separation Protocol
- LISP Functionality Overview
- LISP Devices Overview
- Licensing Requirements for LISP
- LISP Guidelines and Limitations
- Default Settings for LISP
- Configuring Locator/ID Separation Protocol
- Additional References
- Feature History for LISP
Information About Locator/ID Separation Protocol
LISP is a network architecture and protocol that implements a new semantic for IP addressing by creating two new namespaces: Endpoint Identifiers (EIDs), which are assigned to end hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system. Splitting EID and RLOC functions yields several advantages including improved routing system scalability, multi-homing efficiency, and ingress traffic engineering. LISP end site support is configured on devices such as Cisco routers.
LISP Functionality Overview
In the current Internet routing and addressing architecture, the IP address is used as a single namespace that simultaneously expresses two functions about a device: its identity and how it is attached to the network. One very visible and detrimental result of this single namespace is demonstrated by the rapid growth of the Internet's DFZ (default-free zone) as a consequence of multi-homing, traffic engineering (TE), nonaggregatable address allocations, and business events such as mergers and acquisitions.
LISP changes current IP address semantics by creating two new namespaces: Endpoint Identifiers (EIDs) that are assigned to end-hosts and Routing Locators (RLOCs) that are assigned to devices (primarily routers) that make up the global routing system. These two namespaces offer the following advantages:
- Improved routing system scalability by using topologically-aggregated RLOCs
- Provider-independence for devices numbered out of the EID space
- Low operational expense multi-homing of end-sites with improved traffic engineering
- IPv6 transition functionality
LISP is a simple, incremental, network-based implementation that is deployed primarily in network edge devices. It requires no changes to host stacks, Domain Name Service (DNS), or local network infrastructure, and little to no major changes to existing network infrastructures.
From the outset, Cisco’s philosophy for the development of LISP has been to minimize end-customer changes and deployment complexities.
Figure 1. Cisco NX-OS LISP Deployment Environment. This figure shows a LISP deployment environment. Three essential environments exist in a LISP environment: LISP sites (EID namespace), non-LISP sites (RLOC namespace), and LISP Mapping Service (infrastructure).The LISP EID namespace represents customer end sites as they are defined today. The only difference is that the IP addresses used within these LISP sites are not advertised within the non-LISP, Internet (RLOC namespace). End customer LISP functionality is deployed exclusively on CE routers that function in the LISP roles of Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) device.
NoteThe ITR and ETR are abbreviated as xTR in the figure.
To fully implement LISP with support for Mapping Services and Internet interworking, additional LISP Infrastructure components might be required to be deployed as well. These additional LISP infrastructure components include devices that support the LISP roles of Map-Server (MS), Map-Resolver (MR), Proxy Ingress Tunnel Router (PITR), Proxy Egress Tunnel Router (PETR), and ALT.
LISP Devices Overview
The following devices are found in a full LISP deployment:
LISP Site Devices
The LISP site devices are as follows:
Ingress Tunnel Router (ITR)—This device is deployed as a LISP site edge device. It receives packets from site-facing interfaces (internal hosts) and either LISP encapsulates packets to remote LISP sites or the ITR natively forwards packets to non-LISP sites.
Egress Tunnel Router (ETR)—This device is deployed as a LISP site edge device. It receives packets from core-facing interfaces (the Internet) and either decapsulates LISP packets or delivers them to local EIDs at the site.
NoteCE devices can implement both ITR and ETR functions. This type of CE device is referred to as an xTR. The LISP specification does not require that a device perform both ITR and ETR functions, however.
For both devices, the EID namespace is used inside the sites for end-site addresses for hosts and routers. The EIDs go in DNS records. The EID namespace is not globally routed in the underlying Internet. The RLOC namespace on the other hand is used in the (Internet) core. RLOCs are used as infrastructure addresses for LISP routers and ISP routers and are globally routed in the underlying infrastructure. Hosts do not know about RLOCs, and RLOCs do not know about hosts.
LISP Infrastructure
The LISP infrastructure devices are as follows:
Map-Server (MS)—This device is deployed as a LISP Infrastructure component. It must be configured to permit a LISP site to register to it by specifying for each LISP site the EID prefixes for which registering ETRs are authoritative. An authentication key must match the key that is configured on the ETR. An MS receives Map-Register control packets from ETRs. When the MS is configured with a service interface to the LISP ALT, it injects aggregates for the EID prefixes for registered ETRs into the ALT. The MS also receives Map-Request control packets from the ALT, which it then encapsulates to the registered ETR that is authoritative for the EID prefix being queried.
Map-Resolver (MR)—This device is deployed as a LISP Infrastructure device. It receives Map-Requests encapsulated to it from ITRs. When configured with a service interface to the LISP ALT, it forwards Map-Requests to the ALT. The MR also sends Negative Map-Replies to ITRs in response to queries for non-LISP addresses.
Alternative Topology (ALT)—This is a logical topology and is deployed as part of the LISP Infrastructure to provide scalable EID prefix aggregation. Because the ALT is deployed as a dual-stack (IPv4 and IPv6) Border Gateway Protocol (BGP) over Generic Routing Encapsulation (GRE) tunnels, you can use ALT-only devices with basic router hardware or other off-the-shelf devices that can support BGP and GRE.
LISP Internetworking Devices
The LISP internetworking devices are as follows:
Proxy ITR (PITR)—This device is a LISP infrastructure device that provides connectivity between non-LISP sites and LISP sites. A PITR advertises coarse-aggregate prefixes for the LISP EID namespace into the Internet, which attracts non-LISP traffic destined to LISP sites. The PITR then encapsulates and forwards this traffic to LISP sites. This process not only facilitates LISP/non-LISP internetworking but also allows LISP sites to see LISP ingress traffic engineering benefits from non-LISP traffic.
Proxy ETR (PETR)—This device is a LISP infrastructure device that allows IPv6 LISP sites without native IPv6 RLOC connectivity to reach LISP sites that only have IPv6 RLOC connectivity. In addition, the PETR can also be used to allow LISP sites with Unicast Reverse Path Forwarding (URPF) restrictions to reach non-LISP sites.
LISP Guidelines and Limitations
LISP has the following configuration guidelines and limitations:
- LISP requires the Cisco Nexus 7000 Series 32-Port, 10 Gigabit Ethernet (M1) module (N7K-M132XP-12 or N7K-M132XP-12L), with EPLD version 186.008 or later.
- OTV or any other LAN extension mechanism should filter the HSRP hello messages across the data centers to create an active-active HSRP setup and provide egress path optimization for the data center hosts.
- The HSRP group and the HSRP Virtual IP address in all data centers in the extended LAN should be the same. Keeping the HSRP group number consistent across locations guarantees that the same MAC address is always used for the virtual first hop gateway.
- LISP VM-mobility across subnets requires that the same MAC address is configured across all HSRP groups that will allow dynamic-EIDs to roam. Proxy-arp must also be enabled for the interfaces that have VM-mobility enabled when used across subnets.
- LISP is not supported for F2 Series modules.
Configuring Locator/ID Separation Protocol
Enabling the LISP Feature
SUMMARY STEPS
1. configure terminal
2. feature lisp
DETAILED STEPS
Command or Action Purpose Configuring LISP ITR/ETR (xTR) Functionality
Configuring LISP ITR/ETR (xTR)
SUMMARY STEPSYou can enable and configure a LISP xTR with a LISP Map-Server and Map-Resolver for mapping services for both IPv4 and IPv6 address families.
1. configure terminal
2. {ip | ipv6} lisp itr
3. {ip | ipv6} lisp etr
4. (Optional) {ip | ipv6} lisp itr-etr
5. {ip | ipv6} lisp itr map-resolver map-resolver-address
6. {ip | ipv6} database-mapping EID-prefix/prefixlength locator priority priority weight weight
7. {ip | ipv6} lisp etr map-server map-server-address key key-type authentication-key
8. exit
9. (Optional) show {ip | ipv6} lisp
DETAILED STEPSComplete the optional LISP xTR parameters as needed.
Configuring Optional LISP ITR/ETR (xTR) Functionality
SUMMARY STEPS
1. configure terminal
2. (Optional) {ip | ipv6} lisp etr accept-map-request-mapping [verify]
3. (Optional) {ip | ipv6} lisp ip lisp etr map-cache-ttl time-to-live
4. (Optional) {ip | ipv6} lisp map-cache-limit cache-limit [reserve-list list]
5. (Optional) {ip | ipv6} lisp map-request-source source-address
6. (Optional) {ip | ipv6} lisp path-mtu-discovery {min lower-bound|max upper-bound}
7. (Optional) [no] lisp loc-reach-algorithm {tcp-count | echo-nonce | rloc-probing}
8. exit
9. (Optional) show {ip|ipv6} lisp
DETAILED STEPS
Command or Action Purpose
Step 1 configure terminal
Example:switch# configure terminal switch(config)#Enters global configuration mode.
Step 2 {ip | ipv6} lisp etr accept-map-request-mapping [verify]
Example:switch(config)# ip lisp etr accept-map-request verify
Example:switch(config)# ipv6 lisp etr accept-map-request verify(Optional) Configures the LISP ETR to cache IPv4 or IPv6 mapping data contained in a Map-Request message received from the Map-Server on behalf of a LISP ITR.
The verify keyword allows the mapping data to be cached but not used for forwarding packets until the ETR can send its own Map-Request to one of the locators from the mapping data record and receive a Map-Reply with the same data in response. By default, the router does not cache mapping data contained in a Map-Request message.
Step 3 {ip | ipv6} lisp ip lisp etr map-cache-ttl time-to-live
Example:switch(config)# ip lisp etr map-cache-ttl 720
Example:switch(config)# ipv6 lisp etr map-cache-ttl 720(Optional) Configures the time-to-live (TTL) value, in minutes, inserted into LISP Map-Reply messages sent by this ETR.
Step 4 {ip | ipv6} lisp map-cache-limit cache-limit [reserve-list list]
Example:switch(config)# ip lisp map-cache-limit 2000
Example:switch(config)# ipv6 lisp map-cache-limit 2000(Optional) Configures the maximum number of LISP map-cache entries allowed to be stored. By default, the LISP map-cache limit is 1000 entries.
Step 5 {ip | ipv6} lisp map-request-source source-address
Example:switch(config)# ip lisp map-request-source 172.16.1.1
Example:switch(config)# ipv6 lisp map-request-source 2001:db8:0a::1(Optional) Configures the address to be used as the source address for LISP Map-Request messages. By default, one of the locator addresses configured with the ip lisp database-mapping or ipv6 lisp database-mapping command is used as the default source address for LISP Map-Request messages.
Step 6 {ip | ipv6} lisp path-mtu-discovery {min lower-bound|max upper-bound}
Example:switch(config)# ip lisp path-mtu-discovery min 1200
Example:switch(config)# ipv6 lisp path-mtu-discovery min 1200(Optional) Configures the minimum and maximum MTU settings for the LISP router for path-mtu-discovery. By default, path-mtu-discovery is enabled by the LISP router.
Caution Disabling the use of path-mtu-discovery is not recommended.
Step 7 [no] lisp loc-reach-algorithm {tcp-count | echo-nonce | rloc-probing}
Example:switch(config)# lisp loc-reach-algorithm rloc-probing(Optional) Enables or disables the use of a LISP locator reachability algorithm. Locator reachability algorithms are address-family independent. By default, all locator reachability algorithms are disabled.
Step 8 exit
Example:switch(config)# exit switch#Exits global configuration mode.
Step 9 show {ip|ipv6} lisp
Example:switch# show ip lisp
Example:switch# show ipv6 lisp(Optional) Displays all configured IPv4 or IPv6 LISP configuration parameters.
Related Tasks
Configuring LISP-ALT Functionality
SUMMARY STEPS
1. configure terminal
2. {ip | ipv6} lisp alt-vrf vrf-name
3. exit
4. (Optional) show {ip | ipv6} lisp
DETAILED STEPS
Command or Action Purpose
Step 1 configure terminal
Example:switch# configure terminal switch(config)#Enters global configuration mode.
Step 2 {ip | ipv6} lisp alt-vrf vrf-name
Example:switch(config)# ip lisp alt-vrf lisp
Example:switch(config)# ipv6 lisp alt-vrf lispConfigures LISP to use the LISP-ALT VRF vrf-name.
Step 3 exit
Example:switch(config)# exit switch#Exits global configuration mode.
Step 4 show {ip | ipv6} lisp
Example:switch# show ip lisp
Example:switch# show ipv6 lisp(Optional) Displays all configured IPv4 or IPv6 LISP configuration parameters.
Configuring Required LISP Map-Resolver Functionality
SUMMARY STEPSYou can enable and configure LISP Map-Resolver (MR) functionality for both IPv4 and IPv6 address families.
1. configure terminal
2. {ip | ipv6} lisp map-resolver
3. exit
4. (Optional) show {ip | ipv6} lisp
DETAILED STEPS
Command or Action Purpose
Step 1 configure terminal
Example:switch# configure terminal switch(config)#Enters global configuration mode.
Step 2 {ip | ipv6} lisp map-resolver
Example:switch(config)# ip lisp map-resolver
Example:switch(config)# ipv6 lisp map-resolverEnables LISP Map-Resolver functionality on the device.
Step 3 exit
Example:switch(config)# exit switch#Exits global configuration mode.
Step 4 show {ip | ipv6} lisp
Example:switch# show ip lisp
Example:switch# show ipv6 lisp(Optional) Displays all configured IPv4 or IPv6 LISP configuration parameters.
Related Information
Configuring LISP Map-Server Functionality
Configuring Required LISP Map-Server Functionality
SUMMARY STEPSYou can enable and configure LISP Map-Server (MS) functionality for both IPv4 and IPv6 address families.
1. configure terminal
2. {ip | ipv6} lisp map-server
3. lisp site site-name
4. description description
5. authentication-key key-type password
6. eid-prefix EID-prefix [route-tag tag]
7. end
8. (Optional) show {ip | ipv6} lisp
DETAILED STEPSWhat to Do Next
Command or Action Purpose
Step 1 configure terminal
Example:switch# configure terminal switch(config)#Enters global configuration mode.
Step 2 {ip | ipv6} lisp map-server
Example:switch(config)# ip lisp map-server
Example:switch(config)# ipv6 lisp map-serverEnables LISP Map-Server functionality on the device.
Step 3 lisp site site-name
Example:switch(config)# lisp site Customer1 switch(config-lisp-site)#Creates the site name and enters LISP site configuration mode.
Step 4 description description
Example:switch(config-lisp-site)# description LISP Site Customer1Enters a description for the LISP site being configured.
Step 5 authentication-key key-type password
Example:switch(config-lisp-site)# authentication-key 0 123456789Enters the authentication key type and password for the LISP site being configured.
Note The password must match the one configured on the ETR in order for the ETR to successfully register.
Step 6 eid-prefix EID-prefix [route-tag tag]
Example:switch(config-lisp-site)# eid-prefix 192.168.1.0/24 route-tag 12345
Example:switch(config-lisp-site)# eid-prefix 2001:db8:aa::/48 route-tag 12345Enters the EID-prefix for which the LISP site being configured is authoritative and optionally adds a route-tag.
Step 7 end
Example:switch(config-lisp-site)# end switch#Exits LISP site configuration mode.
Step 8 show {ip | ipv6} lisp
Example:switch# show ip lisp
Example:switch# show ipv6 lisp(Optional) Displays all configured IPv4 or IPv6 LISP configuration parameters.
Complete the optional LISP Map-Server configuration items as needed.
Related Information
Configuring Optional LISP Map-Server Functionality
SUMMARY STEPS
1. configure terminal
2. lisp site site-name
3. (Optional) allowed-locators rloc1 [rloc2 [...]]
4. end
5. (Optional) show {ip | ipv6} lisp
DETAILED STEPS
Command or Action Purpose
Step 1 configure terminal
Example:switch# configure terminal switch(config)#Enters global configuration mode.
Step 2 lisp site site-name
Example:switch(config)# lisp site Customer1 switch(config-lisp-site)#Enters LISP site configuration mode for the indicated site. If the site does not exist, it will be created.
Step 3 allowed-locators rloc1 [rloc2 [...]]
Example:switch(config-lisp-site)# allowed-locators 172.16.8.1 2001:db8:aa::1(Optional) Enters the locators that are to be allowed to be included in the Map-Register message for the LISP site being configured.
Note When the allowed-locators command is configured, all locators listed on the Map-Server within the LISP site configuration must also appear in the Map-Register message sent by the ETR for the Map-Register message to be accepted.
Step 4 end
Example:switch(config-lisp-site)# end switch#Exits LISP site configuration mode.
Step 5 show {ip | ipv6} lisp
Example:switch# show ip lisp
Example:switch# show ipv6 lisp(Optional) Displays all configured IPv4 or IPv6 LISP configuration parameters.
Related Information
Configuring Required LISP Proxy-ITR Functionality
SUMMARY STEPS
1. configure terminal
2. {ip | ipv6} proxy-itr locator [other-address-family-locator]
3. exit
4. (Optional) show {ip | ipv6} lisp
DETAILED STEPS
Command or Action Purpose
Step 1 configure terminal
Example:switch# configure terminal switch(config)#Enters global configuration mode.
Step 2 {ip | ipv6} proxy-itr locator [other-address-family-locator]
Example:switch(config)# ip lisp proxy-itr 172.16.8.1
Example:switch(config)# ipv6 lisp proxy-itr 2001:db8:aa::1Configures LISP Proxy-ITR functionality on the device. The locator address is used as a source address for encapsulating data packets or Map-Request messages. Optionally, you can provide an address for the other address family (for example, IPv6 for the ip proxy-itr command).
Step 3 exit
Example:switch(config)# exit switch#Exits global configuration mode.
Step 4 show {ip | ipv6} lisp
Example:switch# show ip lisp
Example:switch# show ipv6 lisp(Optional) Displays all configured IPv4 or IPv6 LISP configuration parameters.
Related Information
Configuring Required LISP Proxy-ETR Functionality
SUMMARY STEPS
1. configure terminal
2. {ip | ipv6} proxy-etr
3. exit
4. (Optional) show {ip | ipv6} lisp
DETAILED STEPS
Command or Action Purpose
Step 1 configure terminal
Example:switch# configure terminal switch(config)#Enters global configuration mode.
Step 2 {ip | ipv6} proxy-etr
Example:switch(config)# ip lisp proxy-etr
Example:switch(config)# ipv6 lisp proxy-etrConfigures LISP Proxy-ETR functionality.
Step 3 exit
Example:switch(config)# exit switch#Exits global configuration mode.
Step 4 show {ip | ipv6} lisp
Example:switch# show ip lisp
Example:switch# show ipv6 lisp(Optional) Displays all configured IPv4 or IPv6 LISP configuration parameters.
Related Information
Additional References
MIBs
MIB
MIBs Link
None
To locate and download MIBs for selected platforms, Cisco NX-OS software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs
