Table Of Contents
Cisco Nexus 7000 Series LISP Commands
ip lisp etr accept-map-request-mapping
ip lisp shortest-eid-prefix-length
ipv6 lisp etr accept-map-request-mapping
ipv6 lisp shortest-eid-prefix-length
show ip lisp translation-cache
show ipv6 lisp translation-cache
Cisco Nexus 7000 Series LISP Commands
This chapter describes the Cisco Nexus 7000 Series NX-OS Locator/ID Separation Protocol (LISP) commands.
allowed-locator
To configure a list of locators that are allowed in a Map-Register message sent by an egress tunnel router (ETR) when registering to the Map Server, use the allowed-locator command. To remove the locators, use the no form of this command.
allowed-locator {rloc1 [rloc2 [rloc3 [rloc4]]]}
Syntax Description
rloc1
IPv4 or IPv6 Routing Locator (RLOC) allowed within the Map-Registration message.
rloc2,rloc3,rloc14
Additional IPv4 or IPv6 RLOCs allowed within the Map-Registration message.
Defaults
None
Command Modes
LISP site configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a LISP ETR registers with a Map Server, it sends a Map-Register message that contains, one or more EID-prefixes and routing locators that the ETR is configured to use. After verifying the authentication data, the Map Server checks the EID-prefixes against those configured on the Map-Server. If they agree, the Map Register is accepted and the ETR registration is completed.
You can constraint the Map Server default behavior so that the ETR can only register using specific routing locators. To enable this functionality, enter the allowed-locator command in LISP site configuration mode. The Map-Register message from the ETR must contain the same locators that are listed in the Map-Server LISP site configuration. If the list in the Map Register does not match the one configured on the Map Server, the Map-Register message is not accepted and the ETR is not registered. You can configure up to four IPv4 or IPv6 routing locators.
Note When you configure allowed locators, an exact match for all locators or a subset of all locators listed on the Map Server within the LISP site configuration must also appear in the Map-Register message sent by the ETR for it to be accepted.
This command does not require a license.
Examples
This example shows how to configure the LISP site named Customer-1 and enter the site command mode. This example also shows the IPv4 address 172.16.1.1 and the IPv6 address 2001:db8:bb::1 are configured as allowable locators for the LISP site Customer-1. When Customer-1 registers with this Map Server, at least one or both of the configured locators must be included in the Map Registration for the site to register.
switch# configuration terminal
switch(config)# lisp site Customer-1
switch(config-lisp-site)# allowed-locator 172.16.1.1 2001:db8:bb::1
Related Commands
Command Descriptionlisp site
Configures a LISP site and enters site configuration mode on a Map Server.
show lisp site
Displays registered LISP sites on a Map Server.
authentication-key
To configure the password used to create the SHA-1 HMAC hash for authenticating the Map-Register message sent by an egress tunnel router (ETR) when registering to the Map-Server, use the authentication-key command. To remove the password, use the no form of this command.
authentication-key key-type password
no authentication-key key-type password
Syntax Description
Defaults
None
Command Modes
LISP site configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Locator/ID Separation Protocol (LISP) ETR registers with a Map-Server, the Map Server must already have been configured with certain LISP site attributes that match the ETR attributes. These attributes include a shared password that is used to create the SHA-1 HMAC hash that the Map Server uses to validate the authentication data in the Map-Register message. On the ETR, this password is configured by using the ip lisp etr map-server and ipv6 lisp etr map-server command.
On the Map Server, the password is configured as part of the lisp site configuration process. To enter the LISP site password, enter the authentication-key command in LISP site configuration mode. You can enter the SHA-1 HMAC password in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter a 3DES-encrypted password, specify a key-type value of 3. To enter a Cisco-encrypted password, specify a key-type value of 7.
Caution Map-Server authentication keys entered in cleartext form automatically are converted to Type 3 (encrypted) form.
Note You must configure the Map Server and ETR with matching passwords for the Map-Registration process to successfully complete. When a LISP site successfully completes the Map-Registration process, its attributes are displayed by using the show lisp site command. If the Map-Registration process is unsuccessful, the site does not be display.
This command does not require a license.
Examples
This example shows how to configure the LISP site named Customer-1, enter the site command mode, and enter the shared password:
switch# configuration terminal
switch(config)# lisp site Customer-1
switch(config-lisp-site)# authentication-key 0 s0m3-s3cr3t-k3y
Related Commands
clear ip lisp data-cache
To clear the LISP IPv4 data-cache, use the clear ip lisp data-cache command.
clear ip lisp data-cache [vrf vrf-name] [EID]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) instance with which to clear the data cache.
EID
(Optional) IPv4 EID to clear from LISP data-cache.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear ip lisp data-cache command removes all IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping in the forwarding data-cache. Data-cache entries are present in two cases only: when the ip lisp itr send-data-probe command entered, after a data-probe is sent, this data-probe is stored in the data cache until a Map-Reply is returned, when you enter the ip lisp etr glean-mapping command, gleaned EID-to-RLOC mapping data is stored in the data cache until the data is verified. When you use the optional vrf keyword, the data-cache is cleared for the specified VRF. When the EID option is used, only the EID-to-RLOC mapping for that entry is cleared.
This command does not require a license.
Examples
This example shows how to clear the LISP IPv4 data cache:
switch# clear ip lisp data-cache
Related Commands
Command Descriptionshow ip lisp data-cache
Displays the LISP IPv4 EID-to-RLOC data-cache mapping on an ITR.
clear ip lisp map-cache
To clear the Locator/ID Separation Protocol (LISP) IPv4 map-cache, use the clear ip lisp map-cache command.
clear ip lisp map-cache [vrf vrf-name] [EID]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear the map cache.
EID
(Optional) IPv4 EID-prefix to clear from LISP map cache.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear ipv lisp map-cache command removes all IPv4 dynamic endpoint identifier to Routing Locator (EID-to-RLOC) map-cache entries in the map cache. When the optional EID-prefix is specified, only the EID-to-RLOC mapping for that entry is cleared. Otherwise, the entire data cache is cleared. When you specify the optional vrf keyword, the data cache is cleared for the specified VRF
This command does not require a license.
Examples
This example shows how to clear the LISP IPv4 map-cache:
switch# clear ip lisp map-cache
switch# show ip lisp map-cache
LISP IP Mapping Cache for VRF "default", 0 entriesThis example shows display all LISP map-cache entries, and then clears the LISP map-cache for an IPv4 EID-prefix:
switch# show ip lisp map-cache
LISP IP Mapping Cache for VRF "default", 2 entries153.16.1.0/24, uptime: 00:00:06, expires: 23:59:53, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out129.250.1.255 00:00:06 up 254/0 0/0 0/0129.250.26.242 00:00:06 up 1/100 0/0 0/0153.16.12.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:04 up 1/100 0/0 0/0switch# clear ip lisp map-cache 153.16.1.0/24
switch# show ip lisp map-cache
LISP IP Mapping Cache for VRF "default", 1 entries153.16.12.0/24, uptime: 00:00:46, expires: 23:59:13, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:46 up 1/100 0/0 2/1switch#Related Commands
Command Descriptionshow ip lisp map-cache
Displays current dynamic and static IPv4 EID-to-RLOC map-cache entries.
clear ip lisp statistics
To clear the Locator/ID Separation Protocol (LISP) ingress tunnel router (ITR) and Egress Tunnel Router (ETR) IPv4 address-family packet count statistics, use the clear ip lisp statistics command.
clear ip lisp statistics [vrf vrf-name]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear the LISP statistics.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
d.
Usage Guidelines
The clear ip lisp statistics command clears all of the LISP ITR and ETR IPv4 address-family packet count statistics. IPv4 address family packet count statistics are maintained for all LISP control plane packets. These packet counters are displayed using the show ip lisp statistics command.
This command does not require a license.
Examples
This example shows how to clear the LISP ITR and ETR IPv4 address-family packet count statistics:
switch# clear ip lisp statistics
switch#Related Commands
clear ipv6 lisp data-cache
To clear the LISP IPv6 data-cache, use the clear ipv6 lisp data-cache command.
clear ipv6 lisp data-cache [vrf vrf-name] [EID]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) instance with which to clear the data cache.
EID
(Optional) IPv6 EID to clear from LISP map cache.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear ipv6 lisp data-cache command removes all IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping in the forwarding data-cache. Data-cache entries are present in two cases only: when the ip lisp itr send-data-probe command entered, after a data-probe is sent, this data-probe is stored in the data cache until a Map-Reply is returned, when you enter the ip lisp etr glean-mapping command, gleaned EID-to-RLOC mapping data is stored in the data cache until the data is verified. When you use the optional vrf keyword, the data-cache is cleared for the specified VRF. When the EID option is used, only the EID-to-RLOC mapping for that entry is cleared.
This command does not require a licens.
Examples
This example shows how to clear the LISP IPv6 data-cache:
switch# clear ipv6 lisp data-cache
Related Commands
Command Descriptionshow ipv6 lisp data-cache
Displays the LISP IPv6 EID-to-RLOC data-cache mapping on an ITR.
clear ipv6 lisp map-cache
To clear the Locator/ID Separation Protocol (LISP) IPv6 map-cache, use the clear ipv6 lisp map-cache command.
clear ipv6 lisp map-cache [vrf vrf-name] [EID]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear the map cache.
EID
(Optional) IPv6 EID-prefix to clear from LISP map cache.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear ipv6 lisp map-cache command removes all IPv6 dynamic endpoint identifier to Routing Locator (EID-to-RLOC) map-cache entries in the map cache. When the optional EID-prefix is specified, only the EID-to-RLOC mapping for that entry is cleared. Otherwise, the entire data cache is cleared. When you specify the optional vrf keyword, the data cache is cleared for the specified VRF
This command does not require a license.
Examples
This example shows how to clear the LISP IPv6 map-cache:
switch# clear ipv6 lisp map-cache
switch# show ipv6 lisp map-cache
LISP IPv6 Mapping Cache for VRF "default", 0 entriesThis example shows how to display all LISP map-cache entries, and then clears the LISP map-cache for an IPv4 EID-prefix:
switch# show ipv6 lisp map-cache
LISP IP Mapping Cache for VRF "default", 2 entries153.16.1.0/24, uptime: 00:00:06, expires: 23:59:53, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out129.250.1.255 00:00:06 up 254/0 0/0 0/0129.250.26.242 00:00:06 up 1/100 0/0 0/0153.16.12.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:04 up 1/100 0/0 0/0switch# show ipv6 lisp map-cache
LISP IPv6 Mapping Cache for VRF "default", 1 entries2610:d0:210f::/48, uptime: 00:00:58, expires: 23:59:01, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 00:00:58 up 0/100 0/0 0/02001:6e0:4:2::2 00:00:58 up 0/100 0/0 0/0switch# clear ipv6 lisp map-cache 2610:d0:210f::/48
switch# show ipv6 lisp map-cache
LISP IPv6 Mapping Cache for VRF "default", 0 entriesswitch#Related Commands
Command Descriptionshow ipv6 lisp map-cache
Displays current dynamic and static IPv6 EID-to-RLOC map-cache entries.
clear ipv6 lisp statistics
To clear the Locator/ID Separation Protocol (LISP) ingress tunnel router (ITR) and Egress Tunnel Router (ETR) IPv4 address-family packet count statistics, use the clear ip lisp statistics command.
clear ipv6 lisp statistics [vrf vrf-name]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear the LISP statistics.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
d.
Usage Guidelines
The clear ipv6 lisp statistics command clears all of the LISP ITR and ETR IPv4 address-family packet count statistics. IPv4 address family packet count statistics are maintained for all LISP control plane packets. These packet counters are displayed using the show ipv6 lisp statistics command.
This command does not require a license.
Examples
This example shows how to clear the LISP ITR and ETR IPv6 address-family packet count statistics:
switch# clear ipv6 lisp statistics
switch#Related Commands
clear lisp dynamic-eid
To clear all dynamically learned dynamic endpoint identifiers (EIDs) that are associated with the configured dynamic-EID policy, use the clear lisp dynamic-eid command.
clear lisp dynamic-eid dynamic-eid-name
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear lisp dynamic-eid command clears all dynamically learned dynamic EIDs that are associated with the configured dynamic-EID policy.
This command does not require a license.
Examples
This example shows how to display all dynamically learned dynamic-EIDs associated with the configured dynamic-EID policy:
switch# show lisp dynamic-eid bc4 detail
LISP Dynamic EID Information for VRF "default"Dynamic-EID name: bc4Database-mapping EID-prefix: 30.1.110.104/32, LSBs: 0x00000001Locator: 90.1.93.1, priority: 1, weight: 10, localRegistering more-specific dynamic-EIDsMap-Server(s): 90.32.32.32Number of roaming dynamic-EIDs discovered: 1Last dynamic-EID discovered: 30.1.110.104, 00:08:06 agoRoaming dynamic-EIDs:30.1.110.104, Ethernet2/5, uptime: 00:08:06, last activity: 0.998355This example shows how to remove all dynamically learned dynamic EIDs that are associated with the configured dynamic-EID policy:switch# clear lisp dynamic-eid bc4
switch#Related Commands
clear lisp proxy-itr
To clear the list of Proxy-ITR (PITR) locators that have been discovered through Map-Requests, use the clear lisp proxy-itr command.
clear lisp proxy-itr [locator] [vrf vrf-name]
Syntax Description
locator
(Optional) IPv4 or IPv6 locator address of the PITR to clear.
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear locator address of the PITR.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
When an xTR receives a Map-Request from a PITR for an endpoint identifier to Routing Locator (EID-to-RLOC) mapping resolution, the locator address of the PITR is saved (separately from the map cache) by an xTR there is a need to send Solicit-Map-Requests (SMRs) to other LISP devices, including PITRs. The number of locators currently cached is eight (8).
The clear lisp proxy-itr command removes all of the PITR locators that have been discovered through Map-Requests. When the locator form is used, only this PITR locator entry is removed. When you enter the vrf keyword, all PITR locators that are associated with this VRF are removed
This command does not require a license.
Examples
This example shows how to clear the list of PITR locators that have been discovered through Map-Requests:
switch# clear lisp proxy-itr
Related Commands
clear lisp site
To clear the registration data for the specified Locator/ID Separation Protocol (LISP) site, use the clear lisp site command.
clear lisp site site-name
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear lisp site command clears the registration data for the specified LISP site. This command can only be used on a LISP Map-Server.
Use the show lisp site command to display the registration status of LISP sites.
This command does not require a license.
Examples
This example shows how to clear the registration data for the specified LISP site:
switch# clear lisp site Customer-1
switch#Related Commands
Command Descriptionshow lisp site
Displays LISP site information. This command is applicable only for the Map-Server.
database-mapping
To configure a IPv4 or IPv6 dynamic-endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy, use the database-mapping command. To remove the configured database mapping, use the no form of this command.
database-mapping dynamic-EID-prefix locator priority priority weight weight
no database-mapping dynamic-EID-prefix locator priority priority weight weight
Syntax Description
Defaults
None
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure a dynamic-EID policy is configured, you must specify the dynamic-EID-to-RLOC mapping relationship and its associated traffic policy to use for each permitted prefix. When a packet is received on an interface on which the lisp mobility command has been applied, the source address of the packet is compared against the EID configured in the database-mapping entry (or entries) of the referenced lisp dynamic-eid dynamic-EID-policy-name that matches the lisp mobility dynamic-EID-policy-name.
When a dynamic-EID match is discovered, the dynamic-EID is registered to the Map Server with a 3-tuple of (locator, priority, weight). You can use multiple database-mapping entry commands to make up the locator-set for a dynamic-EID-prefix. Both the dynamic-EID-prefix and locator can be either an IPv4 or IPv6 address.
Note All database-mapping dynamic-EID subcommands must be consistent on all LISP-VM switches that support the same roaming dynamic-EID.
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy named Roamer-1 and enter the dynamic-EID configuration mode and then configure the IPv4 dynamic-EID prefix with the IPv4 locator and a priority and weight:
switch# configuration terminal
switch(config)# lisp dynamic-eid Roamer-1
switch(config-lisp-dynamic-eid)# database-mapping 172.16.1.1/32 10.1.1.1 priority 1 weight 100
Related Commands
description
To add a description to a Locator/ID Separation Protocol (LISP) site configuration, use the description command. To remove the reference to a LISP site, use the no form of this command.
no lisp site description
no lisp site description
Syntax Description
Defaults
None
Command Modes
LISP site configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
On the Map Server, when you enter the lisp site command, you are placed in the site sub-command mode. In this mode, you can add a description with the referenced LISP site by using the description command. This description displays when you enter the show lisp site command.
This command does not require a license.
Examples
This example shows how to configure the LISP site named Customer-1, enter the site command mode, and add the description string for Customer-1:
switch# configuration terminal
switch(config)# lisp site Customer-1
switch(config-lisp-site)# description Customer-1 Site Information
Related Commands
Command Descriptionlisp site
Configures a LISP site and enters site configuration mode on a Map Server.
show lisp site
Displays registered LISP sites on a Map Server.
eid-prefix
To configure a list of endpoint identifier (EID)-prefixes that are allowed in a Map-Register message sent by an egress tunnel router (ETR) when registering to the Map Server, use the eid-prefix command. To remove the locators, use the no form of this command.
eid-prefix [instance-id iid] {EID-prefix [route-tag tag]} [accept-more-specifics]
no eid-prefix [instance-id iid] {EID-prefix [route-tag tag]} [accept-more-specifics]
Syntax Description
Defaults
None
Command Modes
LISP site configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Release Modification5.0(1.13)
This command was introduced.
5.0(1.13) (August update)
Added the accept-more-specifics keyword.
5.0(3.lisp)
Added the instance-id keyword.
Usage Guidelines
When a LISP ETR registers with a Map Server, it sends a Map-Register message that contains, one or more EID-prefixes that the ETR is configured to be authoritative for. On the ETR, you can configure these EID-prefixes by using the ip lisp database-mapping or ipv6 lisp database-mapping command. You must also configure these same EID-prefixes on the Map Server in order for the ETR to properly register. On the Map Server, these EID-prefixes are configured by using the eid-prefix command.
When you configure the registering xTR to enable a LISP instance ID by using the lisp instance-id command, you must also configure the Map Server to include this same instance ID within the EID-prefix configurations for this LISP site by using the instance-id keyword and iid value as part of the eid-prefix command.
The same EID-prefix(es), and instance ID when applicable, must be configured on the Map Server and the ETR in order for the ETR to be registered, and for these EID-prefixes to be advertised by LISP. After verifying the authentication data, the Map Server compares the EID-prefixes within the Map Register message against those configured on the Map Server for the LISP site. If they agree, the Map Register is accepted and the ETR registration is completed. If the EID-prefixes in the Map Register message do not match those configured on the Map Server, the Map-Register message is not accepted and the ETR is not registered.
Note A Map-Register message sent by an ETR contains all of the EID prefixes that the ETR is authoritative for. All of these EID prefixes must be listed on the Map Server within the lisp site configuration for the Map-Register message sent by the ETR to be accepted. If the list in the Map-Register does not match the one configured on the Map Server, the Map-Register message is not accepted and the ETR is not registered.
When a LISP site successfully completes the Map-Registration process, you can display its attributes by using the show lisp site command. If the Map-Registration process is unsuccessful, the site does not display.
When you use the route-tag keyword, a tag value is associated with the EID-prefix that is being configured. This tag value is useful for simplifying processes that populate the URIB or U6RIB alt-vrf. For example, you can define a route-map policy to match this tag for Border Gateway Protocol (BGP) redistribution of these EID-prefixes into the virtual routing and forwarding (VRF) used by the LISP-ALT.
When you use the accept-more-specifics keyword, any EID-prefix that is more specific then the EID-prefix configured is accepted and tracked. The accept-more-specifics keyword is intended for LISP VM Mobility (dynamic-EID roaming). When a dynamic-EID moves from one LISP-VM switch to another, the registration of the dynamic-EID to a new locator is performed to the Map Server. Using this keyword avoids the need to configure an EID-prefix for each dynamic-EID that is capable of roaming.
This command does not require a license.
Examples
This example shows how to configure the IPv4 EID-prefix 192.168.1.0/24 and the IPv6 EID-prefix 2001:db8:aa::/48, each with the route-tag 123, for the LISP site Customer-1:
switch# configuration terminal
switch(config)# lisp site Customer-1
switch(config-lisp-site)# eid-prefix 192.168.1.0/24 route-tag 123
switch(config-lisp-site)# eid-prefix 2001:db8:aa::/48 route-tag 123
This example shows how to configure the IPv4 EID-prefix 192.168.2.0/24 for the LISP site Roamer-1 and adds the accept-more-specific keyword. In this case, the host-prefix 192.68.2.12/32, could register according to this configuration:
switch# configuration terminal
switch(config)# lisp site Roamer-1
switch(config-lisp-site)# eid-prefix 192.168.2.0/24 accept-more-specifics
This example shows how to configure the IPv4 EID-prefix 192.168.1.0/24 with the instance ID of 123 for the LISP site Customer-2:
switch# configuration terminal
switch(config)# lisp site Customer-2
switch(config-lisp-site)# eid-prefix instance-id 123 192.168.1.0/24 route-tag 123
Related Commands
instance-id
To configure an instance ID to be associated with EID-prefixes configured for this dynamic-EID policy, use the instance-id command. To disable this functionality, use the no form of this command.
instance-id iid
no instance-id iid
Syntax Description
Defaults
None
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Virtualization support is currently available in LISP xTRs and Map Server (MS) or Map Resolver (MRs), including for LISP VM mobility. The instance ID has been added to LISP to support virtualization.
Use this command to configure the instance IDassociated with EID-prefixes configured for this dynamic-EID policy. Entering this command allows ETRs to register multiple overlapping EID-prefixes in a segmented manner by using the instance ID as the distinguisher. Only one instance-id may be configured for each dynamic-EID policy. When an instance-id is configured, this instance ID is included with the EID-prefixes when they are registered with the Map Server. The Map Server must also include the same instance-id within the EID-prefix configurations for this LISP site. Instance IDs are configured on the MS using the eid-prefix command within the lisp site command mode.
Note Virtualization support is not currently available for the LISP ALT, which means that it is also not supported on LISP PITRs.
This command does not require a license.
Examples
This example shows how to configure an instance ID for the dynamic-EID policy Roamer-1:
switch# configuration terminal
switch(config)# lisp dynamic-eid Roamer-1
switch(config-lisp-dynamic-eid)# instance-id 123
Related Commands
Command Descriptioneid-prefix
Enters the LISP Map-Server site configuration mode subcommand for configuring the EID-prefix and associated instance ID for a LISP site.
ip lisp alt-vrf
To configure the virtual routing and forwarding (VRF) instance that the Cisco NX-OS device uses when sending map requests for an IPv4 end point identifier (EID) to Routing Locator mapping directly over the Locator/ID Separation Protocol Alternative Topology (LISP-ALT), use the ip lisp alt-vrf command. To remove the reference to a VRF, use the no form of this command.
ip lisp alt-vrf vrf-name
no ip lisp alt-vrf vrf-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Use the ip lisp alt-vrf command to configure which virtual routing and forwarding (VRF) instance that the LISP device should use for control plane mapping resolution functions.
You must use the ip lisp alt-vrf command for all devices that connect to the ALT to exchange LISP control plane messages for mapping. These devices include LISP Map-Server (MS), Map-Resolver (MR), and Proxy Ingress Tunnel Router (PITR) devices, and directly ALT-connected xTRs.
Follow these guidelines when using this command:
•The LISP ALT does not support virtualization. A Map-Request with an instance-id cannot be forwarded over the LISP ALT. When you configure a LISP device for virtualization, you must not sue the ip lisp alt-vrf command.
•When you configure instance IDs on an MS (see the LISP Site eid-prefix command), you must configure the MS as a standalone because virtualization of the LISP ALT is not supported.
•When you configure a Cisco NX-OS device as a standalone MS or MR without virtualization, you need not use the ip lisp alt-vrf command.
•When you configure a Cisco NX-OS device as a LISP PITR, you can use the ip lisp alt-vrf command if you are using the ALT for EID-to-RLOC mapping resolution. You can configure PITRs to send a Map-Request to a configured Map-Resolver for EID-to-RLOC mapping resolution as an alternative to sending a Map-Request directly over the LISP ALT. When using a PITR in a virtualized LISP deployment, you must configure the PITR to use a Map-Resolver for EID-to-RLOC mapping resolution, not the LISP ALT because the LISP ALT does not support virtualization.
Note When you use the ip lisp alt-vrf command, the referenced VRF must already have been created by using the vrf context command. In addition, the corresponding configurations for connecting the LISP device to the ALT, including the generic routing encapsulation (GRE) tunnel interface(s) and any routing that is associated with the VRF (static or dynamic) you must also have created.
Examples
This example shows how to configure the VRF named lisp and then configure LISP to use this VRF when resolving IPv4 EID-to-RLOC mappings:
switch# configure terminal
switch(config)# vrf context lisp
switch(config-vrf)# exit
switch(config-vrf)# ip lisp alt-vrf lisp
Related Commands
ip lisp database-mapping
To configure an IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy, use the ip lisp database-mapping command. To remove the configured database mapping, use the no form of this command.
ip lisp database-mapping EID-prefix {locator | dynamic} priority priority weight weight
no ip lisp database-mapping EID-prefix {locator | dynamic} priority priority weight weight
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp database-mapping command to configure the LISP database parameters for the specified IPv4 EID-prefix block, including its associated locator, priority and weight. The IPv4 EID-prefix is the LISP IPv4 EID-prefix block that is associated with the site that the Cisco NX-OS Series device registers as being authoritative with a Map-Server. The locator is typically the IPv4 or IPv6 address of a loopback interface but can be the IPv4 or IPv6 address of any interface used as the Routing Locator (RLOC) address for the EID-prefix assigned to the site. Associated with the locator address are a priority and weight used to define traffic policies when multiple RLOCs apply to the same EID-prefix block.
When you configure a Cisco NX-OS Series device is as an egress tunnel router (ETR), these LISP database-mapping parameters are advertised within a Map-Reply message to indicate the ingress traffic preferences of the site for the associated EID-prefix block. An ingress tunnel router (ITR) then selects a source locator (outer header) address for encapsulating packets destined to the EID-prefix based on these advertised parameters.
When a LISP site has multiple locators associated with the same EID-prefix block, you use multiple ip lisp database mapping commands to configure all of the locators for a given EID-prefix block. Each locator may be assigned the same or a different priority value between 0 and 255. When multiple locators are assigned different priority values, the priority value alone is used to determine which locator to prefer. A lower value indicates a more preferable path. A value of 255 indicates that the locator must not be used for unicast traffic forwarding.
When multiple locators have the same priority, they can be used in a load-sharing manner. In this case, for a given priority, the weight given to each locator is used to determine how to load-balance unicast packets between them. Weight is a value between 0 and 100 and represents the percentage of traffic to be load shared to that locator. If you assign a nonzero weight value to any locator for a given EID-prefix block, you must assign all locators with the same priority for that same EID-prefix block with a nonzero weight value and the sum of all weight values must equal 100. If you assign a weight value of zero to any locator for a given EID prefix block, you must assign all locators with the same priority for that same EID-prefix block a weight value of zero. A weight value of zero indicates to an ITR that receives the Map-Reply that it can decide how to load-share traffic destined to that EID-prefix block.
When you assign a LISP site with multiple IPv4 EID-prefixes, the ip lisp database-mapping is configured for each IPv4 EID-prefix assigned to the site and for each locator that has a reachable IPv4 EID-prefix.
When multiple ETRs are used at a LISP site, you must enter the ip lisp database-mapping command on all ETRs for all locators to make an IPv4 EID-prefix block reachable even when the locator is not local to the specific ETR that is being configured.
If the ETR receives its RLOC through a dynamic process such as DHCP, or if it is sited behind Network Address Translation (NAT) device and the routing locator belongs to the private address space that the NAT device translates to a public globally routed address, you might not be able to specify a locator in the ip lisp database-mapping entry. When this is the case, add the dynamic keyword with the ip lisp database-mapping command so that the RLOC for this Cisco NX-OS device will be determined dynamically rather than being statically defined in each ip lisp database-mapping entry.
When an ETR is sited behind NAT, it needs to know the public global locator address; this is address that is required for Map-Register and Map-Reply messages. In this case, you should enter the {ip | ipv6} lisp nat-traversal command. For more information, see the {ip | ipv6} lisp nat-traversal command.
This command does not require a license.
Examples
This example shows how to configure LISP database-mapping entries for a single IPv4 EID-prefix block and two locators associated with the EID-prefix block. Each locator is assigned the same priority (1) and weight (50), indicating that ingress traffic is expected to be load-shared equally across both paths.
switch# configure terminal
switch(config)# ip lisp database-mapping 192.168.1.0/24 10.1.2.1 priority 1 weight 50
switch(config)# ip lisp database-mapping 192.168.1.0/24 10.1.1.1 priority 1 weight 50
Related Commands
ip lisp etr
To configure a Cisco NX-OS device to act as an IPv4 Locator/ID Separation Protocol (LISP) Egress Tunnel Router (ETR), use the ip lisp etr command. To remove LISP ETR functionality, use the no form of this command.
ip lisp etr
no ip lisp etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp etr command to enable the Cisco NX-OS device to perform IPv4 LISP Egress Tunnel Router (ETR) functionality. When you configure a Cisco NX-OS device as an IPv4 ETR, also use ip lisp database-mapping command so that the ETR knows what EID-prefix blocks and corresponding locators are used for the LISP site. In addition, you should configure the ETR to register with a Map-Server by using the ip lisp etr map-server command, or to use static LISP EID-to-RLOC mappings by using the ip lisp map-cache command in order to participate in LISP networking.
When a map-cache entry contains mixed locators (both IPv4 and IPv6 RLOCs) and an ingress tunnel router (ITR) encapsulates using an IPv4 locator, you must configure the ETR that is assigned with the IPv4 locator by using the ip lisp etr command. When an IPv6 locator is used by an ITR, you must configure the ETR that is assigned with the IPv6 locator by using the ipv6 lisp etr command.
Note You can configure an ETR as an ITR. However, the LISP architecture does not require that you do so. When configuring a device as both an ITR and an ETR, use the ip lisp itr-etr command to enable both capabilities.
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP ETR functionality on the Cisco NX-OS device:
switch# configure terminal
switch(config)# ip lisp etr
Related Commands
ip lisp etr accept-map-request-mapping
To configure an Egress Tunnel Router (ETR) to cache IPv4 mapping data contained in a Map-Request message, use the ip lisp etr accept-map-request-mapping command. To remove this functionality, use the no form of this command.
ip lisp etr accept-map-request-mapping [verify]
no ip lisp etr accept-map-request-mapping [verify]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR receives a Map-Request message, this message might contain mapping data for the invoking IPv4 source-EID packet. By default, the ETR ignores mapping data included in Map-Request messages. However, by entering the ip lisp etr accept-map-request-mapping command, the ETR caches the mapping data in its map-cache and immediately uses it to forward packets.
When you use the optional verify keyword, the ETR still caches the mapping data but does not forward packets until the ETR can send its own Map-Request to one of the locators from the mapping data record and receive the same data in a Map-Reply message.
Note For security purposes, we recommend that you use the verify keyword. Unless you deploy the ETR and ITR in a trusted environment, you should use the optional verify keyword. In a trusted environment, if you do not use the optional verify keyword, the new mapping occurs in one-half round-trip-time (RTT) as compared with the normal Map-Request/Map-Reply exchange process.
When you enable and then later disable this command, you must enter the clear ip lisp map-cache command to clear any map-cache entries that are currently in the tentative state. Map-cache entries can remain in the tentative state for up to one minute; therefore, you might want to clear these entries manually when this command is removed.
This command does not require a license.
Examples
This example shows how to configure the ETR to cache IPv4 mapping data included in Map-Request messages and verify its accuracy prior to using this data to forward packets:
switch# configure terminal
switch(config)# ip lisp etr accept-map-request-mapping verify
Related Commands
ip lisp etr glean-mapping
To configure an egress tunnel router (ETR) to add inner header (EID) source address to outer header (RLOC) source address mappings it to its endpoint identifier to Routing Locator (EID-to-RLOC) cache (map-cache), use the ip lisp etr glean-mapping command. To remove this functionality, use the no form of this command.
ip lisp etr glean-mapping [verify]
no ip lisp etr glean-mapping [verify]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR receives Locator/ID Separation Protocol (LISP)-encapsulated packets, the inner header EID source address and outer header RLOC source address should match an entry found in the map cache as determined by the results of a Map-Request/Map-Reply exchange. When a host moves from one ingress tunnel router (ITR) to another ITR, the EID-to-RLOC mapping to change because the new ITR can encapsulate packets to the ETR using a different locator. By entering the ip lisp etr glean-mapping command, the ETR recognizes the new locator information for the moved host's EID and updates the map cache with this information.
The learned EID-to-RLOC map-cache entries are stored with a priority of 1 and a weight of 100.
When you enter the optional verify keyword, the ETR caches the learned EID-to-RLOC mapping data but does not forward packets until the ETR can send its own Map-Request to the originating ITR and receive a Map-Reply. The gleaned locator will then be used. When you specify the verify keyword, the locator is used to forward traffic and all packets are dropped until the Map-Reply is returned.
Note For security purposes, we recommend that you use the verify keyword. Unless you deploy the ETR and ITR in a trusted environment, you should use the optional verify keyword. In a trusted environment, if you do not use the optional verify keyword, the new mapping occurs in one-half round-trip-time (RTT) as compared with the normal Map-Request/Map-Reply exchange process.
This command does not require a license.
Examples
This example shows how to configure the ETR to cache IPv4 mapping data included in Map-Request messages and verify its accuracy prior to using this data to forward packets:
switch# configure terminal
switch(config)# ip lisp etr glean-mapping verify
Related Commands
Command Descriptionip lisp etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Egress Tunnel Router (ETR).
ip lisp etr map-cache-ttl
To configure the Time-to-live (TTL) value inserted into Locator/ID Separation Protocol (LISP) IPv4 Map-Reply messages, use the ip lisp etr map-cache-ttl command. To remove the configured TTL value and return to the default value, use the no form of this command.
ip lisp etr map-cache-ttl time-to-live
no ip lisp etr map-cache-ttl time-to-live
Syntax Description
time-to-live
Value, in minutes, to be inserted in the TTL field in Map-Reply messages. The range is from 60 to 10080.
Defaults
1440
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp etr map-cache-ttl command to change the default value associated with the TTL field in IPv4 Map-Reply messages. Use this command when you want to change the default TTL that remote ITRs cache and use for your site's IPv4 EID prefix. The default value is 1440 minutes (24 hours), the minimum value cannot be less than 60 minutes, and the maximum cannot be greater than 10080 minutes (one week).
This command does not require a license.
Examples
This example shows how to configure the ETR to use a TTL of 120 minutes in its IPv4 Map-Reply messages:
switch# configure terminal
switch(config)# ip lisp etr map-cache-ttl 120
Related Commands
Command Descriptionip list etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Egress Tunnel Router (ETR).
ip lisp etr map-server
To configure the IPv4 or IPv6 locator address of the Locator/ID Separation Protocol (LISP) Map-Server to be used by the egress tunnel router (ETR) when registering for IPv4 EIDs, use the ip lisp etr map-server command. To remove the configured locator address of the LISP Map-Server, use the no form of this command.
ip lisp etr map-server map-server-address {[key key-type authentication-key] | proxy-reply}
no ip lisp etr map-server map-server-address {[key key-type authentication-key] | proxy-reply}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp etr map-server command to configure the IPv4 or IPv6 locator of the Map-Server to which the ETR registers for its IPv4 EID(s). A password used for a SHA-1 HMAC hash that is included in the header of the Map-Register message must also be provided. You can configure the ETR to register with a maximum of two Map-Servers per EID address family. Once the ETR registers with the Map-Server(s), the Map-Server(s) begin to advertise the EID-prefix block(s) and RLOC(s) for the LISP site.
You can enter the SHA-1 HMAC password in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter a 3DES-encrypted password, specify a key-type value of 3. To enter a Cisco-encrypted password, specify a key-type value of 7.
Caution A Map-Server authentication key entered in cleartext form will automatically be converted to Type 3 (encrypted) form.
Note•You must also configure the Map-Server with IPv4 EID prefixes that match the IPv4 EID-prefixes configures on this ETR by using the ip lisp database-mapping command, as well as a password that matches the one provided with the key keyword on this ETR.
•When the ip lisp database-mapping command is entered, the ETR does not need to run the Locator/ID Separation Protocol Alternative Topology (LISP-ALT) for EID-to-RLOC mapping resolution. All commands related to the Alternative Topology-Virtual Routing and Forwarding (VRF) (ALT-VRF) can be removed.
When you use the proxy-reply keyword, the ETR indicates to the Map-Server through a Map-Register message that the Map Server should send Map-Replies on behalf of the site. The Map Server sends non-authoritative Map Replies for all the EID-prefixes in the Map-Register message. On the Map-Server, the show lisp site site-name command indicates whether proxy-reply is enabled or not.
This command does not require a license.
Examples
This example shows how to configure the ETR to register to two Map-Servers, one with the locator 10.1.1.1 and another with the locator 172.16.1.7:
switch# configure terminal
switch(config)# ip lisp etr map-server 10.1.1.1 key 3 1c27564ab12121212
switch(config)# ip lisp etr map-server 172.16.1.7 key 3 1c27564ab12121212
This example shows how to configure the ETR to register to the Map-Server with the locator 10.1.1.1 and to request a Map-Server proxy-reply for the site:
switch# configure terminal
switch(config)# ip lisp etr map-server 10.1.1.1 key 3 1c27564ab12121212
switch(config)# ip lisp etr map-server 10.1.1.1 proxy-reply
Related Commands
ip lisp hardware-forwarding
To enable hardware-forwarding specifically on the Cisco Nexus 7000 Series switch when at least one 32x10GE line card is installed, use the ip lisp hardware-forwarding command. To disable hardware-forwarding functionality, use the no form of this command.
ip lisp hardware-forwarding
no ip lisp hardware-forwarding
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The ip lisp hardware-forwarding command is applicable to the Cisco Nexus 7000 Series switch only. Hardware forwarding for LISP is only supported on the N7K-M132XP-12 line card only. That is, LISP input and output interfaces MUST be on the N7K-M132XP-12 line card.
Caution Disabling hardware forwarding should only be used in diagnostic situations. Configuring the no ip lisp hardware-forwarding command will cause a full map-cache download to the Cisco NX-OS device hardware.
This command does not require a license.
Examples
This example shows how to disables IPv4 LISP hardware forwarding on the Cisco Nexus 7000 Series switch:
switch# configure terminal
switch(config)# no ip lisp hardware-forwarding
switch(config)# exit
ip lisp itr
To configure a Cisco NX-OS device to act as an IPv4 LISP Ingress Tunnel Router (ITR), use the ip lisp itr command. To remove LISP ITR functionality, use the no form of this command.
ip lisp itr
no ip lisp itr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp itr command to enable the Cisco NX-OS device to perform the IPv4 LISP Ingress Tunnel Router (ITR) functionality.
When a Cisco NX-OS device is configured as an ITR, if a packet is received for which no IPv4 destination address prefix match exists in the routing table or which matches a default route (you can configure that the source address of the packet matches an IPv4 EID-prefix block configured by using the ip lisp database-mapping command or ip lisp map-cache command, the packet is a candidate for LISP routing. The ITR looks in the LISP map cache and forwards either the packet, drop the packet, send a Map-Request, or LISP-encapsulates the packet.
If there is no match in the LISP map cache, the ITR might use one of two methods to obtain an IPv4 EID-to-RLOC mapping. When a Map-Resolver is configured when you enter the ip lisp itr map-resolver command, the ITR sends its Map-Request in a LISP Encapsulated Control Message (ECM) to the Map-Resolver. When the ITR is attached to the ALT using the ip lisp alt-vrf command, the ITR sends its Map-Request directly on the alternate LISP topology (LISP-ALT). The ITR caches the IPv4 EID-to-RLOC mapping information returned by the associated Map-Reply in its map-cache. Subsequent packets destined to the same IPv4 EID-prefix block are then LISP-encapsulated according to this IPv4 EID-to-RLOC mapping entry.
Note An ITR can also be configured as an ETR. However, the LISP architecture does not require this requirement.
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP ITR on the Cisco NX-OS device:
switch# configure terminal
switch(config)# ip lisp itr
Related Commands
ip lisp itr map-resolver
To configure the IPv4 or IPv6 locator address of the Locator/ID Separation Protocol (LISP) Map-Resolver to be used by the ingress tunnel router (ITR) ITR or Proxy ITR (PITR) when sending Map-Requests for IPv4 EID-to-RLOC mapping resolution, use the ip lisp itr map-resolver command. To remove the configured locator address of the LISP Map-Resolver, use the no form of this command.
ip lisp itr map-resolver map-resolver-address
no ip lisp itr map-resolver map-resolver-address
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp itr map-resolver command to configure the locator to be used by a LISP ITR or PITR to reach the configured Map-Resolver when sending a map request for IPv4 EID-to-RLOC mapping resolution. Up to two Map-Resolvers can be configured per ITR or PITR within a site for each address-family.
When a LISP ITR or PITR needs to resolve an IPv4 EID-to-RLOC mapping for a destination EID, you can be configure it to send a map request either to a Map Resolver by using the ip lisp itr map-resolver command or directly over the LISP ALT by using the ip lisp alt-vrf command. When a Map Resolver is used, map requests are sent to the Map Resolver with the additional LISP Encapsulated Control Message (ECM) header that includes the Map Resolver RLOC as its destination address. When the ALT is used, map requests are sent directly over the ALT without the additional LISP Encapsulated Control Message (ECM) header, where the destination of the map request is the EID being queried.
Note When you use the ip lisp itr map-resolver command, the ITR or PITR does not run the LISP-ALT. All commands related to the ALT-VRF are ignored (and may be removed).
This command does not require a license.
Examples
This example shows how to configure an ITR to use the Map-Resolver when sending its Map-Request messages:
switch# configure terminal
switch(config)# ip lisp itr map-resolver 10.1.1.1
switch(config)# ip lisp itr map-resolver 2001:db8:0a::1
Related Commands
ip lisp itr send-data-probe
To configure an ingress tunnel router (ITR) or Proxy ITR (PITR) to find an IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping for a packet it needs to encapsulate by sending a Data Probe rather than by sending a Map-Request message, use the ip lisp itr send-data-probe command. To remove this functionality, use the no form of this command.
ip lisp itr send-data-probe
no ip lisp itr send-data-probe
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Locator/ID Separation Protocol (LISP) ITR or PITR gets a map-cache miss and needs to resolve an IPv4 EID-to-RLOC mapping for a destination EID, you can send a Map-Request message either in a LISP Encapsulate Control Message (ECM) to the Map Resolver configured by using the ip lisp itr map-resolver command, or directly over the Locator/ID Separation Protocol Alternative Topology (LISP-ALT) by using the ip lisp alt-vrf command. In either case, the first packet of the flow that caused the map-cache miss is dropped. Once the Map-Reply populates the map cache, subsequent packets to the same destination are forwarded directly by LISP.
Note When you configure an ITR or PITR by using the ip lisp itr send-data-probe command, you must also configure the ITR or PITR to use the LISP-ALT by using the ip lisp alt-vrf command because the data-probe is sent over the LISP-ALT.
Caution We do not recommend that you use the LISP data probe because this mechanism forwards data plane traffic over the LISP-ALT. The LISP-ALT is intended to function solely as a control plane mechanism for LISP and its use subjects it to denial of service attacks.
This command does not require a license.
Examples
This example shows how to configure a LISP ITR to send data probes to determine IPv4 EID-to-RLOC mappings:
switch# configure terminal
switch(config)# ip lisp itr send-data-probe
Related Commands
ip lisp itr-etr
To configure a Cisco NX-OS device to act as both an IPv4 LISP Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR), use the ip lisp itr-etr command. To remove the LISP ITR functionality, use the no form of this command.
ip lisp itr-etr
no ip lisp itr-etr
Syntax Description
This command has no arguments or keywords
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp itr-etr command to enable the Cisco NX-OS device to perform both IPv4 LISP Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) functionality simultaneously, by using a single command.
For usage guidelines for the IPv4 LISP ITR functionality, see the ip lisp itr command.
For usage guidelines for the IPv4 LISP ETR functionality, see the ip lisp etr command.
Note If you use the ip lisp itr-etr command and either of the ip lisp itr or ip lisp etr command have already been configured, they will be automatically removed from the configuration file. When configuring a device as both an ITR and an ETR, use the command ip lisp itr-etr to enable both capabilities.
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP ITR and ETR functionality:
switch# configure terminal
switch(config)# ip lisp itr-etr
Related Commands
ip lisp locator-down
To configure a locator from a locator-set that is associated with an IPv4 endpoint identifier (EID)-prefix database-mapping to be unreachable (down), use the ip lisp locator-down command. To return the locator to be reachable (up), remove the configuration using the no form of this command.
ip lisp locator-down EID-prefix/prefix-length locator
no ip lisp locator-down EID-prefix/prefix-length locator
Syntax Description
EID-prefix/prefix-length
IPv4 EID prefix and length advertised by the Cisco NX-OS device.
locator
IPv4 or IPv6 Routing Locator (RLOC) associated with this EID-prefix.
Defaults
An IPv4 or IPv6 locator associated with a configured IPv4 EID-prefix block is considered reachable (up) unless an IGP routing protocol indicates it is down.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure LISP database parameters on an ITR for specified IPv4 EID-prefix blocks by using the ip lisp database-mapping command or the ip lisp map-cache command, the locators associated with these IPv4 EID-prefix blocks are considered as reachable (up) by default. You can use the ip lisp locator-down command to configure a locator from a locator-set associated with the EID-prefix database mapping to be down.
When you enter the ip lisp locator-down command, the Locator Status Bits (LSB) for the configured locator is cleared when encapsulating packets to remote sites. ETRs at remote sites look for changes in the LSB when decapsulating LISP packets, and when the LSB indicates that a specific locator is down, the ETR refrains from encapsulating packets using this locator to reach the local site.
Note If you enter the ip lisp locator-down command on an ITR to indicate that a locator is unreachable (down) and the LISP site includes multiple ITRs, you must enter the ip lisp locator-down command on all ITRs at the site to ensure that the site consistently tells remote sites that the configured locator is not reachable.
This command does not require a license.
Examples
This example shows how to configure the locator down state for the EID-prefix block:
switch# configure terminal
switch(config)# ip lisp locator-down 192.168.1.0/24 10.1.1.1
Related Commands
ip lisp locator-vrf
To configure a nondefault virtual routing and forwarding (VRF) table to be referenced by any IPv4 locators, use the ip lisp locator-vrf command. To return to using the default routing table for locator address references, use the no form of this command.
ip lisp locator-vrf {vrf-name| default}
no ip lisp locator-vrf {vrf-name| default}
Syntax Description
vrf-name
Name of the VRF instance to be referenced by IPv4 locator addresses.
default
Specifies that the default VRF should be referenced by the IPv4 locator addresses.
Defaults
IPv4 locator addresses are associated with the default (global) routing table.
Command Modes
VRF configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure Locator/ID Separation Protocol (LISP) in a nondefault VRF to keep EID-prefixes in one VRF separate from EID-prefixes in another VRF, and both EID VRFs share the same locator-based core network and same mapping database system infrastructure, these locator addresses must be reachable from the default VRF or a specified common VRF. Use the ip lisp locator-vrf command to specify the VRF to be associated with these locator addresses.
When you enter the ip lisp locator-vrf command, the locator addresses in any subsequent LISP commands are referenced to the specified VRF. For example, the locator addresses in the ip lisp itr map-resolver and ip lisp etr map-server commands refer to the VRF that you configured when you entered the ip lisp locator-vrf command. The map-servers and map-resolvers can also share the configuration from the locator-VRF.
Note When you configure mixed address families (for example, IPv4 EIDs and IPv6 locators or IPv6 EIDs and IPv4 locators), use the ip lisp locator-vrf command.
This command does not require a license.
Examples
In the following example, a LISP xTR is configured with three EID contexts red, blue, and green, and the locator VRF default. Red and blue are both using the RLOC of 10.10.10.1 if you enter the ip lisp locator-vrf default command. In addition, red and blue both inherit the globally defined map-resolver and map-server located at 10.100.1.1 (configured at the end of this example). Both red and blue have an EID prefix of 172.16.0.0/24, but segmentation is maintained due to the unique LISP instance ID for each VRF context. Green context also uses the RLOC of 10.10.10.1 if you enter the ip lisp locator-vrf default command. However, green overrides the inheritance of the globally defined map-resolver and map-server by including the ones configured within the VRF context an located at 10.200.1.1. The locator for this locally defined map resolver or map server remains within the default VRF when you enter the ip lisp locator-vrf default command.
switch# configure terminal
switch(config)# vrf context red
switch(config-vrf)# ip lisp itr-etr
switch(config-vrf)# ip lisp database-mapping 172.16.0.0/24 10.10.10.1 priority 1 weight 1
switch(config-vrf)# lisp instance-id 111
switch(config-vrf)# ip lisp locator-vrf default
switch(config-vrf)# exit
switch(config)# vrf context blue
switch(config-vrf)# ip lisp itr-etr
switch(config-vrf)# ip lisp database-mapping 172.16.0.0/24 10.10.10.1 priority 1 weight 1
switch(config-vrf)# lisp instance-id 222
switch(config-vrf)# ip lisp locator-vrf default
switch(config-vrf)# exit
switch(config)# vrf context green
switch(config-vrf)# ip lisp itr-etr
switch(config-vrf)# ip lisp database-mapping 172.16.3.0/24 10.10.10.1 priority 1 weight 1
switch(config-vrf)# lisp instance-id 444
switch(config-vrf)# ip lisp locator-vrf default
switch(config-vrf)# ip lisp itr map-resolver 10.200.1.1
switch(config-vrf)# ip lisp etr map-server 10.200.1.1 key 3 xxxxxxxxxxx
switch(config-vrf)# exit
switch(config)# ip lisp itr map-resolver 10.100.1.1
switch(config)# ip lisp etr map-server 10.100.1.1 key 3 xxxxxxxxxxx
Related Commands
ip lisp map-cache
To configure a static IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy or to statically configure the packet handling behavior associated with a specified destination IPv4 EID prefix, use the ip lisp map-cache command. To remove the configuration, use the no form of this command.
ip lisp map-cache destination-EID-prefix/prefix-length {locator priority priority weight weight}
no ip lisp map-cache destination-EID-prefix/prefix-length {locator priority priority weight weight}
ip lisp map-cache destination-EID-prefix/prefix-length {drop | map-request | native-forward}
no ip lisp map-cache destination-EID-prefix/prefix-length {drop | map-request | native-forward}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The first use of the ip lisp map-cache command is to configure an ingress tunnel router (ITR) with a static IPv4 EID-to-RLOC mapping relationship and its associated traffic policy. For each entry, you must enter a destination IPv4 EID-prefix block and its associated locator, priority, and weight. The IPv4 EID-prefix/prefix-length is the LISP EID-prefix block at the destination site. The locator is an IPv4 or IPv6 address of the remote site where the IPv4 EID-prefix can be reached. The locator address has a priority and weight that are used to define traffic policies when multiple RLOCs are defined for the same EID-prefix block. You can enter this command up to four times for a given EID-prefix. Static IPv4 EID-to-RLOC mapping entries configured when you enter the ip lisp map-cache command take precedence over dynamic mappings learned through Map-Request/Map-Reply exchanges.
The second, optional use of the ip lisp map-cache command is to statically configure the packet handling behavior associated with a specified destination IPv4 EID-prefix. For each entry, a destination IPv4 EID-prefix block is associated with a configured forwarding behavior. When a packet's destination address matches the EID-prefix, one of the following packet handling options:
•drop—Packets that match the destination IPv4 EID-prefix are dropped. For example, this action may be useful when administrative policies define that packets should be prevented from reaching a site.
•native-forward—Packets that match the destination IPv4 EID-prefix are natively forwarded without LISP encapsulation. Use this action when the destination site is known to always be reachable natively and LISP encapsulation should never be used.
•map-request—Packets that match the destination IPv4 EID-prefix cause a Map-Request to be sent. It is implied that the Map-Reply returned by this request will allow subsequent packets that match this EID-prefix to be Locator/ID Separation Protocol (LISP)-encapsulated. Use this action troubleshooting map-request activities and other diagnostic actions.
This command does not require a license.
Examples
This example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy for the IPv4 EID-prefix block 192.168.1.0/24. In this example, the locator for this EID-prefix block is 10.1.1.1 and the traffic policy for this locator has a priority of 1 and a weight of 100.
switch# configure terminal
switch(config)# ip lisp map-cache 192.168.1.0/24 10.1.1.1 priority 1 weight 100
This example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy for the IPv4 EID-prefix block 192.168.2.0/24 to drop. No traffic is forwarded to this destination as a result.switch# configure terminal
switch(config)# ip lisp map-cache 192.168.2.0/24 drop
Related Commands
ip lisp map-cache-limit
To configure the maximum number of IPv4 Locator/ID Separation Protocol (LISP) map-cache entries allowed to be stored by the Cisco NX-OS device, use the ip lisp map-cache-limit command. To remove the configured map-cache limit, use the no form of this command.
ip lisp map-cache-limit cache-limit [reserve-list list]
no ip lisp map-cache-limit cache-limit [reserve-list list]
Syntax Description
Defaults
1000
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp map-cache-limit command to control the maximum number of IPv4 LISP map-cache entries that are allowed to be stored on the Cisco NX-OS device. An optional reserve-list can be configured to guarantee that the Cisco NX-OS device always stores the referenced IPv4 EID-prefixes.
LISP IPv4 map-cache entries are added in one of two ways - dynamically or statically. Dynamic entries are added when a valid Map-Reply message is returned for a Map-Request message generated in response to a cache-miss lookup. Static entries are added when you enter the ip lisp map-cache command.
Dynamic map-cache entries are always added until the default or configured cache-limit is reached. After the default or configured cache limit is reached, unless the optional reserve list is configured, no further dynamic entries are added and no further Map-Requests are generated in response to cache-miss lookups until a free position is available.
When you do no configure an optional reserve-list keyword, dynamic entries are added on a first-in-first-added basis until the configured map-cache limit is reached. After that time, no new dynamic entries can be added. If the reserve-list keyword is configured but the prefix-list to which it refers is not configured, the results are the same as if the reserve-list keyword was not configured.
When the optional reserve-list keyword is configured, a Map-Request is generated and a new dynamic map-cache entry may be added only for IP v4 EID-prefixes that are permitted by the prefix-list referenced by the reserve-list keyword. In this case, the new entry must be able to replace an existing dynamic entry so that the cache limit is maintained. The deleted dynamic entry will be either a nonreserve idle map-cache entry or non-reserve active map-cache entry. Idle map-cache entries are those entries that have seen no activity in the last 10 minutes. If all current dynamic entries are also permitted by the prefix-list referenced by the reserve-list, no further dynamic entries can be added.
Existing dynamic IPv4 map-cache entries can time-out due to inactivity or can be removed by the using the clear ip lisp map-cache command to create a free position in the map cache.
Static map-cache entries are always added, until the default or configured cache-limit is reached. After the default or configured cache limit is reached, unless the optional reserve-list is configured, no further static entries are added.
When the optional reserve-list keyword is not configured, static entries are added on a first-in-first-added basis until the configured map-cache limit is reached. After that time, no new static entries can be added. If the reserve-list keyword is configured but the prefix-list to which it refers is not configured, the results are the same as if the reserve-list keyword was not configured.
When the optional reserve-list keyword is configured, a static entry that matches the reserve list, a prefix list can be added, but only if it can replace an existing static entry or dynamic entry that does not-match the reserve list prefix list.
Caution W the optional reserve-list keyword is used, once the configured cache limit is reached, if all existing entries also match the prefix list and are not candidates for deletion, no new dynamic or static entries are added, even if a new dynamic or static entry also matches the reserve list prefix list.
Note When the reserve-list command is used, be sure that the prefix-list includes entries that match all expected prefixes in any Map-Reply, including the more-specifics. This can be ensured by appending le 32 to the end of all prefix-list entries for IPv4 prefixes. For example, if you want to match 153.16.0.0/16 and any of the more specifics, you should specify ip prefix-list lisp-list seq 5 permit 153.16.0.0/16 le 32 in order to cover all replies within this range.
This command does not require a license.
Examples
This example shows how to configures a lisp cache limit of 2000 entries and a reserve list that references the IPv4 prefix-list LISP-v4-always:
switch# configure terminal
switch(config)# ip lisp map-cache-limit 2000 reserve-list LISP-v4-always
switch(config)# ip prefix-list LISP-v4-always seq 20 permit 172.16.0.0/16 le 32
Related Commands
Command Descriptionip lisp map-cache
Configures a static IPv4 EID-prefix to locator map-cache entry.
clear ip lisp map-cache
Clears the LISP IPv4 map-cache on the local Cisco NX-OS device.
ip lisp map-request-source
To configure an IPv4 or IPv6 address to be used as the source address for Locator/ID Separation Protocol (LISP) IPv4 Map-Request messages, use the ip lisp map-request-source command. To remove the configured Map-Request source address and return to the default behavior, use the no form of this command.
ip lisp map-request-source source-address
no ip lisp map-request-source source-address
Syntax Description
Defaults
The Cisco NX-OS device uses one of the locator addresses that you configure by using the ipv6 lisp database-mapping command as the default source address for LISP Map-Request messages.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
A locator address that you configured in by using the ip lisp database-mapping command is used as the source address for LISP IPv4 Map-Request messages. There are cases, however, where it may be necessary to configure the specified source address for these Map-Request messages. For example, when the ingress tunnel router (ITR) is behind a Network Address Translation (NAT) device, you might need to specify a source address that matches the NAT configuration to properly allow for return traffic.
When you enter the ip lisp map-request-source command on an ITR, the specified IPv4 or IPv6 locator is used by an ITR as the source address for LISP IPv4 Map-Request messages. When you enter the ip lisp map-request-source command on a Map-Server, this locator is used as the source address in the Encapsulated Control Message that carries a Map-Request to an ETR.
This command does not require a license.
Examples
This example shows how to configure an ITR to use the source IP address 172.16.1.7 in its IPv4 Map-Request messages:
switch# configure terminal
switch(config)# ip lisp map-request-source 172.16.1.7
Related Commands
Command Descriptionip lisp database-mapping
Configures an IPv4 EID-to-RLOC mapping relationship and its associated traffic policy.
ip lisp map-resolver
To configure a Cisco NX-OS device to act as an IPv4 Locator/ID Separation Protocol (LISP) Map-Resolver (MR), use the ip lisp map-resolver command. To remove LISP Map-Resolver functionality, use the no form of this command.
ip lisp map-resolver
no ip lisp map-resolver
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp map-resolver command to enable the Cisco NX-OS device to perform the IPv4 LISP Map-Resolver (MR) functionality. A LISP Map-Resolver is deployed as a LISP Infrastructure component.
A Map-Resolver receives a LISP Encapsulated Control Message (ECM) that contains a Map-Request from a LISP ITR directly over the underlying locator-based network. The Map-Resolver decapsulates this message and forwards it on the LISP-ALT topology, where it is delivered either to an ingress tunnel router (ITR) that is directly connected to the LISP-ALT and that is authoritative for the endpoint identifier (EID) being queried by the Map-Request or to the Map-Server that is injecting EID-prefixes into the LISP-ALT on behalf of the authoritative ETR.
Map-Resolvers also send Negative Map-Replies directly back to an ITR in response to queries for non-LISP addresses.
When deploying a LISP Map-Resolver, follow these guidelines:
•When a Map-Resolver is configured to use the LISP ALT for endpoint identifier to Routing Locator (EID-to-RLOC) mapping resolution, the Map-Resolver configuration must include the ipv4 alt-vrf command.
•When a Map-Resolver is configured concurrently with a Map-Server as a stand-alone system (when it is not connected to any ALT and it has full knowledge of the LISP mapping system for a private LISP deployment), using the ipv4 alt-vrf command is not required.
•When a Map-Resolver supports a LISP deployment that is configured for virtualization, you must concurrently configure the Map-Resolver with a Map-Server and see registrations from all ETRs in the LISP network to properly resolve Map-Requests when instance IDs are used. A Map-Resolver cannot forward a Map-Request with an instance ID over the LISP ALT, as would be the case in a nonvirtualized configuration. The Map-Resolver can only query EID-tables that are maintained by the concurrent Map-Server for EID-to-RLOC mapping resolution in a virtualized LISP deployment.
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP Map-Resolver functionality on the Cisco NX-OS device:
switch# configure terminal
switch(config)# ip lisp map-resolver
Related Commands
Command Descriptionip lisp alt-vrf
Configures which VRF that LISP should use when sending Map Requests for an IPv4 EID-to-RLOC mapping directly over the ALT.
ip lisp map-server
To configure the Cisco NX-OS device to act as an IPv4 Locator/ID Separation Protocol (LISP) Map-Server (MS), use the ip lisp map-server command. To remove the LISP Map-Server functionality, use the no form of this command.
ip lisp map-server
no ip lisp map-server
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp map-server command to enable the Cisco NX-OS device to perform IPv4 LISP Map-Server (MS) functionality. A LISP Map-Server is deployed as a LISP Infrastructure component. LISP site commands are configured on the Map Server for a LISP egress tunnel router (ETR) that registers to it, including an authentication key, which must match the one also configured on the ETR. A Map Server receives Map-Register control packets from ETRs. When you configure the Map Server with a service interface to the LISP-ALT, it injects aggregates for the registered EID prefixes into the LISP-ALT.
The Map-Server also receives Map-Request control packets from the LISP-ALT, which it then forwards as a LISP Encapsulated Control Message (ECM) to the registered ETR that is authoritative for the EID prefix being queried. The ETR returns a Map-Reply message directly back to the ITR.
When deploying a LISP Map-Resolver, follow these guidelines:
•When a Map-Resolver is configured to use the LISP ALT for endpoint identifier to Routing Locator (EID-to-RLOC) mapping resolution, the Map-Resolver configuration must include the ipv4 alt-vrf command.
•When a Map-Resolver is configured concurrently with a Map-Server as a stand-alone system (when it is not connected to any ALT and it has full knowledge of the LISP mapping system for a private LISP deployment), using the ipv4 alt-vrf command is not required.
•When a Map-Resolver supports a LISP deployment that is configured for virtualization, you must concurrently configure the Map-Resolver with a Map-Server and see registrations from all ETRs in the LISP network to properly resolve Map-Requests when instance IDs are used. A Map-Resolver cannot forward a Map-Request with an instance ID over the LISP ALT, as would be the case in a nonvirtualized configuration. The Map-Resolver can only query EID-tables that are maintained by the concurrent Map-Server for EID-to-RLOC mapping resolution in a virtualized LISP deployment.
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP Map-Server functionality on the Cisco NX-OS device:
switch# configure terminal
switch(config)# ip lisp map-server
Related Commands
Command Descriptionip lisp alt-vrf
Configures which VRF that LISP should use when sending Map Requests for an IPv4 EID-to-RLOC mapping directly over the ALT.
ip lisp nat-transversal
To configure an egress tunnel router (ETR) with a private locator that is sited behind a Network Address Translation (NAT) device to dynamically determine its NAT-translated public locator for use in Map-Register and Map-Reply messages, use the ip lisp nat-transversal command. To remove this functionality, use the no form of this command.
ip lisp nat-transversal
no ip lisp nat-transversal
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR is sited behind a NAT device, its routing locator belongs to the private address space that the NAT device translates to a public globally routed address. The ETR needs to know this public global locator address because this address is required for use in Map-Register and Map-Reply messages.
When you enter the ip lisp nat-transversal command, the ETR determines its own public global locator dynamically. When configured, the ETR sends a LISP Echo-Request message to the configured Map-Server out the interface under which this command is configured. The Map Server replies with an Echo-Reply message that includes the source address from the Echo Request, which is the NAT-Translated public global locator address.
The ip lisp nat-transversal is useful when the dynamic keyword is used with the ip lisp database-mapping in order to dynamically determine the routing locator rather than statically defining it.
This command does not require a license.
Examples
This example shows how to configure the ETR to dynamically determine its public global routing locator when it is behind a NAT device:
switch# configuration terminal
switch(config)# interface Ethernet 2/0
switch(config-if)# ip lisp nat-transversal
Related Commands
ip lisp proxy-etr
To configure the Cisco NX-OS device to act as the IPv4 Locator/ID Separation Protocol (LISP) Proxy Egress Tunnel Router (PETR), use the ip lisp proxy-etr command. To remove the LISP PETR functionality, use the no form of this command.
ip lisp proxy-etr
no ip lisp proxy-etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp proxy-etr command to enable the IPv4 LISP Proxy Egress Tunnel Router (PETR) functionality on the Cisco NX-OS device. The Cisco NX-OS device accepts LISP-encapsulated packets from an ingress tunnel router (ITR) or Proxy ITR (PITR) that are destined to non-LISP sites, deencapsulates them, and then forwards them natively toward the non-LISP destination.
PETR services may be necessary in several cases. For example, by default, when a LISP site forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site EID. If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF) or an anti-spoofing access-list, it would consider these packets to be spoofed and drop them because EIDs are not advertised in the provider default free zone (DFZ). Instead of natively forwarding packets destined to non-LISP sites, the ITR encapsulates these packets using the site locator as the source address and the PETR as the destination address. Packets destined for LISP sites follow normal LISP forwarding processes and are sent directly to the destination ETR.
Note When an ITR or PITR requires IPv4 PETR services, you must configure ITR or PITR to forward IPv4 EID packets to the PETR by using the ip lisp use-petr command.
This command does not require a license.
Examples
This example shows how to configure the Cisco NX-OS device to act as an IPv4 LISP PETR:
switch# configure terminal
switch(config)# ip lisp proxy-etr
Related Commands
ip lisp proxy-itr
To configure a Cisco NX-OS device to act as an IPv4 Locator/ID Separation Protocol (LISP) Proxy Ingress Tunnel Router (PITR), use the ip lisp proxy-itr command. To remove the LISP PITR functionality, use the no form of this command.
ip lisp proxy-itr ipv4-local-locator [ipv6-local-locator]
no ip lisp proxy-itr ipv4-local-locator [ipv6-local-locator]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp proxy-itr command to enable IPv4 LISP Proxy Ingress Tunnel Router (PITR) functionality on the Cisco NX-OS device. The Cisco NX-OS device receives native packets from non-LISP sites that are destined for LISP sites, encapsulates them, and forwards them to the ETR that is authoritative for the destination LISP site EID.
PITR services are required to provide interworking between non-LISP sites and LISP sites. For example, when connected to the Internet, a PITR acts as a gateway between the legacy Internet and the LISP-enabled network. The PITR must advertise one or more highly aggregated endpoint identifier (EID) prefixes on behalf of LISP sites into the underlying default free zone (DFZ) (that is the Internet) and act as an ITR for traffic received from the public Internet.
When you enable PITR services by using the ip lisp proxy-itr command, the PITR creates LISP-encapsulated packets when it sends a data packet to a LISP site, sends a data probe, or sends a Map-Request message. The outer (LISP) header address family and source address are determined as follows:
•When the locator-hash function returns a destination RLOC within the IPv4 address family, the address ipv4-local-locator is used as the source address from the locator namespace.
•When the locator-hash function returns a destination RLOC within the IPv6 address family (assuming the optional address ipv6-local-locator is entered), it will used as a source locator for encapsulation.
When you configure a switch to function as an IPv4 PITR, you can also configure it to use the LISP ALT for IPv4 EID-to-RLOC mapping resolution. When configured to use the LISP ALT, the PITR sends its map request messages directly over the LISP ALT using the virtual routing and forwarding (VRF) referred to by the ip lisp alt-vrf command. A PITR can send a Map-Request to a configured Map-Resolver for EID-to-RLOC mapping resolution as an alternative to sending a Map-Request directly over the LISP ALT. (See the ipv4 map-resolver command). When using a PITR in a virtualized LISP deployment, you must configure the PITR to use a Map-Resolver for EID-to-RLOC mapping resolution and not the LISP ALT because the LISP ALT does not support virtualization.
Note A switch that is configured as an ITR performs a check to see if the source of any packet intended for LISP encapsulation is within the address range of a local EID prefix, whereas a Cisco NX-OS device configured as a PITR does not perform this check. Unlike the Cisco IOS LISP implementation, in Cisco NX-OS you can configure a Cisco NX-OS device to support both ITR and PITR functionality at the same time. If you configure a Cisco NX-OS device as an ITR and as a PITR, preference goes to PITR functionality for packet processing.
This command does not require a license.
Examples
This example shows how to configure the LISP PITR functionality on the Cisco NX-OS device, and how to encapsulate packets using a source locator:
switch# configure terminal
switch(config)# ip lisp proxy-itr 10.1.1.1
Related Commands
ip lisp shortest-eid-prefix-length
To configure the shortest IPv4 endpoint identifier (EID)-prefix mask-length that is acceptable to an ingress tunnel router (ITR) or Proxy ITR (PITR) in a received Map-Reply message or to an ETR in the mapping-data record of a received Map-Request, use the ip lisp shortest-eid-prefix-length command. To return to the default configuration, use the no form of this command.
ip lisp shortest-eid-prefix-length IPv4-EID-prefix-length
no ip lisp shortest-eid-prefix-length IPv4-EID-prefix-length
Syntax Description
IPv4-EID-prefix-length
Shortest IPv4 EID prefix-length accepted from a Map-Reply or data record in a Map-Request. The range is from 0 to 32.
Defaults
a/6
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ITR or PITR receives a Map-Reply message, the mapping data it contains includes the EID mask-length for the returned EID prefix. By default, the shortest EID prefix mask length accepted by an ITR or PITR for an IPv4 EID prefix is a /16. You can use the ip lisp shortest-eid-prefix-length command to change this default. For example, it may be necessary for a PITR to accept a shorter (coarser) prefix if one exists.
When an ETR receives a Map-Request message, it might contain a mapping data record that the ETR can cache and possible use to forward traffic depending on the configuration of the ip lisp etr accept-map-request-mapping command. Use the ip lisp shortest-eid-prefix-length command to change the shortest prefix length accepted by the ETR. In this case, the check for the shortest EID-prefix mask length is done prior to the verifying Map-Request, if also configured. That is, if the EID-prefix mask length is less than the configured value, the verifying Map-Request is not sent and the mapping data is not accepted.
This command does not require a license.
Examples
This example shows how to configure the Cisco NX-OS device to accept a minimum IPv4 EID-prefix length:
switch# configure terminal
switch(config)# ip lisp shortest-eid-prefix-length 12
Related Commands
ip lisp source-locator
To configure a source locator to be used for IPv4 Locator/ID Separation Protocol (LISP)-encapsulated packets, use the ip lisp source-locator command. To remove the configured source locator, use the no form of this command.
ip lisp source-locator interface
no ip lisp source-locator interface
Syntax Description
interface
Name of the interface whose IPv4 address should be used as the source locator address for outbound LISP-encapsulated packets.
Defaults
The IPv4 address of the outbound interface is used by default as the source locator address for outbound LISP encapsulated packets.
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When sending a LISP-encapsulated packet (data or control message), Cisco NX-OS device performs a destination lookup to determine the appropriate outgoing interface. By default, the IPv4 address of this outgoing interface is used as the source locator for the outbound LISP encapsulated packet.
In some circumstances, you might need to use the IPv4 address of a different interface as the source locator for the outbound LISP encapsulated packets rather than that of the outgoing interface. For example, when an ITR has multiple egress interfaces, you might configure a loopback interface for stability purposes and instruct the ITR to use the address of this loopback interface as the source locator for the outbound LISP-encapsulated packets rather than one or both of the physical interface addresses. The use of this command is also important for maintaining locator consistency between the two xTRs when rloc-probing is used.
This command does not require a license.
Examples
This example shows how to configure the source locator:
switch# configuration terminal
switch(config)# interface Ethernet2/0
switch(config-if)# ip lisp source-locator Loopback0
switch(config-if)# interface Ethernet2/1
switch(config-if)# ip lisp source-locator Loopback0
Related Commands
Command Descriptionip lisp itr
Configures the switch to act as an IPv4 LISP Ingress Tunnel Router (ITR).
ip lisp translate
To configure IPv4 Locator/ID Separation Protocol (LISP) translation mapping, use the ip lisp translate command. To remove IPv4 LISP translation mappings and return to the default value, use the no form of this command.
ip lisp translate inside IPv4-inside-EID outside IPv4-outside-EID
no ip lisp translate inside IPv4-inside-EID outside IPv4-outside-EID
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure a LISP ITR or ETR with a nonroutable EID prefix and you want to replace it with a routable EID prefix, use the ip lisp translate command. A LISP device that acts as an ITR and detects a nonroutable EID in the source IPv4 address field replaces it with the routable EID when you use the inside and outside keyword. In the opposite direction when acting as an ETR, it replaces the routable EID referred to by the outside keyword with the no-routable EID referred to by the inside keyword.
Note The outside EID address can be assigned to the Cisco NX-OS device itself, in which case it responds to ARP requests, ICMP echo-requests (ping) and any other packet sent to this address. When you do not assign the outside EID to the device, the address does not answer ARP requests.
This feature may be useful when if you want to upgrade but you want to continue to communicate with non-LISP sites. An alternative approach for providing communications between LISP and non-LISP sites is to use Proxy-ITR services. See to the ip lisp proxy-itr command for further details. Both proxy-ITR and Network Address Translation (NAT) translation services, commonly referred to as Interworking services, are described in draft-ietf-lisp-interworking-00.
This command does not require a license.
Examples
This example shows how to configure LISP to translate the inside address to the outside address:
switch# configure terminal
switch(config)# ip lisp translate inside 192.168.10.1 outside 10.1.10.1
Related Commands
ip lisp use-petr
To configure a Cisco NX-OS device to use an IPv4 LISP Proxy Egress Tunnel Router (PETR), use the ip lisp use-petr command. To remove the use of a LISP PETR, use the no form of this command.
ip lisp use-petr locator-address
no ip lisp use-petr locator-address
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use ip lisp use-petr command to enable the Cisco NX-OS device to use IPv4 Proxy Egress Tunnel Router (PETR) services. When the use of PETR services is enabled, instead of natively forwarding packets destined to non-LISP sites, these packets are LISP-encapsulated and forwarded to the PETR, where these packets are then deencapsulated and forwarded natively toward the non-LISP destination. An ITR or PITR can be configured to use PETR services.
PETR services may be necessary in several cases. For example, by default when a LISP sites forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site endpoint identifier (EID). If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF), it considers these packets to be spoofed and drops them because EIDs are not advertised in the provider default free zone (DFZ). In this case, instead of natively forwarding packets destined to non-LISP sites, the ITR encapsulates these packets using the site locator as the source address and the PETR as the destination address. Packets destined for LISP sites follow normal LISP forwarding processes and are sent directly to the destination ETR.
Note Because LISP supports mixed protocol encapsulations, the locator specified for the PETR can either be an IPv4 or IPv6 address. Up to eight PETRs can be configured per address family.
This command does not require a license.
Examples
This example shows how to configure the ITR to use the PETR with the IPv4 locator:
switch# configure terminal
switch(config)# ip lisp use-petr 10.1.1.1
Related Commands
Command Descriptionip lisp proxy-etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Proxy Egress Tunnel Router (PETR).
ipv6 lisp alt-vrf
To configure the virtual routing and forwarding (VRF) instance that the Cisco NX-OS device uses when sending map requests for an IPv6 end point identifier (EID) to Routing Locator mapping directly over the Locator/ID Separation Protocol Alternative Topology (LISP-ALT), use the ipv6 lisp alt-vrf command. To remove the reference to a VRF, use the no form of this command.
ipv6 lisp alt-vrf vrf-name
no ipv6 lisp alt-vrf vrf-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp alt-vrf command to configure which virtual routing and forwarding (VRF) instance that the LISP device should use for control plane mapping resolution functions.
You must use the ipv6 lisp alt-vrf command for all devices that connect to the ALT to exchange LISP control plane messages for mapping. These devices include LISP Map-Server (MS), Map-Resolver (MR), and Proxy Ingress Tunnel Router (PITR) devices, and directly ALT-connected xTRs.
Follow these guidelines when using this command:
•The LISP ALT does not support virtualization. A Map-Request with an instance-id cannot be forwarded over the LISP ALT. When you configure a LISP device for virtualization, you must not sue the ipv6 lisp alt-vrf command.
•When you configure instance IDs on an MS (see the LISP Site eid-prefix command), you must configure the MS as a standalone because virtualization of the LISP ALT is not supported.
•When you configure a Cisco NX-OS device as a standalone MS or MR without virtualization, you need not use the ipv6 lisp alt-vrf command.
•When you configure a Cisco NX-OS device as a LISP PITR, you can use the ip lisp alt-vrf command if you are using the ALT for EID-to-RLOC mapping resolution. You can configure PITRs to send a Map-Request to a configured Map-Resolver for EID-to-RLOC mapping resolution as an alternative to sending a Map-Request directly over the LISP ALT. When using a PITR in a virtualized LISP deployment, you must configure the PITR to use a Map-Resolver for EID-to-RLOC mapping resolution, not the LISP ALT because the LISP ALT does not support virtualization.
Note When you use the ip lisp alt-vrf command, the referenced VRF must already have been created by using the vrf context command. In addition, the corresponding configurations for connecting the LISP device to the ALT, including the generic routing encapsulation (GRE) tunnel interface(s) and any routing that is associated with the VRF (static or dynamic) you must also have created.
Examples
This example shows how to configure the VRF named lisp and then configure LISP to use this VRF when resolving IPv6 EID-to-RLOC mappings:
switch# configure terminal
switch(config)# vrf context lisp
switch(config-vrf)# exit
switch(config)# ipv6 lisp alt-vrf lisp
Related Commands
ipv6 lisp database-mapping
To configure an IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy, use the ipv6 lisp database-mapping command. To remove the configured database mapping, use the no form of this command.
ipv6 lisp database-mapping EID-prefix {locator | dynamic} priority priority weight weight
no ipv6 lisp database-mapping EID-prefix {locator | dynamic} priority priority weight weight
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp database-mapping command to configure the LISP database parameters for the specified IPv4 EID-prefix block, including its associated locator, priority and weight. The IPv6 EID-prefix is the LISP IPv6 EID-prefix block that is associated with the site that the Cisco NX-OS Series device registers as being authoritative with a Map-Server. The locator is typically the IPv4 or IPv6 address of a loopback interface but can be the IPv4 or IPv6 address of any interface used as the Routing Locator (RLOC) address for the EID-prefix assigned to the site. Associated with the locator address are a priority and weight used to define traffic policies when multiple RLOCs apply to the same EID-prefix block.
When you configure a Cisco NX-OS Series device is as an egress tunnel router (ETR), these LISP database-mapping parameters are advertised within a Map-Reply message to indicate the ingress traffic preferences of the site for the associated EID-prefix block. An ingress tunnel router (ITR) then selects a source locator (outer header) address for encapsulating packets destined to the EID-prefix based on these advertised parameters.
When a LISP site has multiple locators associated with the same EID-prefix block, you use multiple ipv6 lisp database mapping commands to configure all of the locators for a given EID-prefix block. Each locator may be assigned the same or a different priority value between 0 and 255. When multiple locators are assigned different priority values, the priority value alone is used to determine which locator to prefer. A lower value indicates a more preferable path. A value of 255 indicates that the locator must not be used for unicast traffic forwarding.
When multiple locators have the same priority, they can be used in a load-sharing manner. In this case, for a given priority, the weight given to each locator is used to determine how to load-balance unicast packets between them. Weight is a value between 0 and 100 and represents the percentage of traffic to be load shared to that locator. If you assign a nonzero weight value to any locator for a given EID-prefix block, you must assign all locators with the same priority for that same EID-prefix block with a nonzero weight value and the sum of all weight values must equal 100. If you assign a weight value of zero to any locator for a given EID prefix block, you must assign all locators with the same priority for that same EID-prefix block a weight value of zero. A weight value of zero indicates to an ITR that receives the Map-Reply that it can decide how to load-share traffic destined to that EID-prefix block.
When you assign a LISP site with multiple IPv6 EID-prefixes, the ipv6 lisp database-mapping is configured for each IPv4 EID-prefix assigned to the site and for each locator that has a reachable IPv6 EID-prefix.
When multiple ETRs are used at a LISP site, you must enter the ipv6 lisp database-mapping command on all ETRs for all locators to make an IPv4 EID-prefix block reachable even when the locator is not local to the specific ETR that is being configured.
If the ETR receives its RLOC through a dynamic process such as DHCP, or if it is sited behind Network Address Translation (NAT) device and the routing locator belongs to the private address space that the NAT device translates to a public globally routed address, you might not be able to specify a locator in the ip lisp database-mapping entry. When this is the case, add the dynamic keyword with the ipv6 lisp database-mapping command so that the RLOC for this Cisco NX-OS device will be determined dynamically rather than being statically defined in each ip lisp database-mapping entry.
When an ETR is sited behind NAT, it needs to know the public global locator address; this is address that is required for Map-Register and Map-Reply messages. In this case, you should enter the {ip | ipv6} lisp nat-traversal command. For more information, see the {ip | ipv6} lisp nat-traversal command.
This command does not require a license.
Examples
This example shows how to configure lisp database-mapping entries for a single IPv6 EID-prefix block and two IPv4 locators that are associated with the EID-prefix block:
switch# configure terminal
switch(config)# ipv6 lisp database-mapping 2001:DB8:BB::/48 10.1.1.1 priority 1 weight 100
switch(config)# ipv6 lisp database-mapping 2001:DB8:BB::/48 10.1.2.1 priority 1 weight 100
Related Commands
ipv6 lisp etr
To configure a Cisco NX-OS device to act as an IPv6 Locator/ID Separation Protocol (LISP) Egress Tunnel Router (ETR), use the ipv6 lisp etr command. To remove LISP ETR functionality, use the no form of this command.
ipv6 lisp etr
no ipv6 lisp etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp etr command to enable the Cisco NX-OS device to perform IPv4 LISP Egress Tunnel Router (ETR) functionality. When you configure a Cisco NX-OS device as an IPv4 ETR, also use ipv6 lisp database-mapping command so that the ETR knows what EID-prefix blocks and corresponding locators are used for the LISP site. In addition, you should configure the ETR to register with a Map-Server by using the ipv6 lisp etr map-server command, or to use static LISP EID-to-RLOC mappings by using the ipv6 lisp map-cache command in order to participate in LISP networking.
When a map-cache entry contains mixed locators (both IPv4 and IPv6 RLOCs) and an ITR encapsulates using an IPv4 locator, you must configure the ETR that is assigned with the IPv4 locator by using the ipv6 lisp etr command. When an IPv6 locator is used by an ITR, you must configure the ETR that is assigned with the IPv6 locator by using the ipv6 lisp etr command.
Note You configure an ETR as an ITR. However, the LISP architecture does not require that you do so. When configuring a device as both an ITR and an ETR, use the ipv6 lisp itr-etr command to enable both capabilities.
This command does not require a license.
Examples
This example shows how to configure IPv6 LISP ETR functionality on the Cisco NX-OS device:
switch# configure terminal
switch(config)# ipv6 lisp etr
Related Commands
ipv6 lisp etr accept-map-request-mapping
To configure an Egress Tunnel Router (ETR) to cache IPv6 mapping data contained in a Map-Request message, use the ipv6 lisp etr accept-map-request-mapping command. To remove this functionality, use the no form of this command.
ipv6 lisp etr accept-map-request-mapping [verify]
no ipv6 lisp etr accept-map-request-mapping [verify]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR receives a Map-Request message, this message might contain mapping data for the invoking IPv4 source-EID packet. By default, the ETR ignores mapping data included in Map-Request messages. However, by entering the ipv6 lisp etr accept-map-request-mapping command, the ETR caches the mapping data in its map-cache and immediately uses it to forward packets.
When you use the optional verify keyword, the ETR still caches the mapping data but does not forward packets until the ETR can send its own Map-Request to one of the locators from the mapping data record and receive the same data in a Map-Reply message.
Note For security purposes, we recommend that you use the verify keyword. Unless you deploy the ETR and ITR in a trusted environment, you should use the optional verify keyword. In a trusted environment, if you do not use the optional verify keyword, the new mapping occurs in one-half round-trip-time (RTT) as compared with the normal Map-Request/Map-Reply exchange process.
When you enable and then later disable this command, you must enter the clear ipv6 lisp map-cache command to clear any map-cache entries that are currently in the tentative state. Map-cache entries can remain in the tentative state for up to one minute; therefore, you might want to clear these entries manually when this command is removed.
This command does not require a license.
Examples
This example shows how to configure the ETR to accept and cache IPv6 mapping data included in Map-Request messages and verify its accuracy prior to using this data to forward packets:
switch# configure terminal
switch(config)# ipv6 lisp etr accept-map-request-mapping verify
Related Commands
ipv6 lisp etr glean-mapping
To configure an egress tunnel router (ETR) to add inner header (EID) source address to outer header (RLOC) source address mappings it to its endpoint identifier to Routing Locator (EID-to-RLOC) cache (map-cache, use the ipv6 lisp etr glean-mapping command. To remove this functionality, use the no form of this command.
ipv6 lisp etr glean-mapping [verify]
no ipv6 lisp etr glean-mapping [verify]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR receives Locator/ID Separation Protocol (LISP)-encapsulated packets, the inner header EID source address and outer header RLOC source address should match an entry found in the map cache as determined by the results of a Map-Request/Map-Reply exchange. When a host moves from one ingress tunnel router (ITR) to another ITR, the EID-to-RLOC mapping to change because the new ITR can encapsulate packets to the ETR using a different locator. By entering the ipv6 lisp etr glean-mapping command, the ETR recognizes the new locator information for the moved host's EID and updates the map cache with this information.
The learned EID-to-RLOC map-cache entries are stored with a priority of 1 and a weight of 100.
When you enter the optional verify keyword, the ETR caches the learned EID-to-RLOC mapping data but does not forward packets until the ETR can send its own Map-Request to the originating ITR and receive a Map-Reply. The gleaned locator will then be used. When you specify the verify keyword, the locator is used to forward traffic and all packets are dropped until the Map-Reply is returned.
Note For security purposes, we recommend that you use the verify keyword. Unless you deploy the ETR and ITR in a trusted environment, you should use the optional verify keyword. In a trusted environment, if you do not use the optional verify keyword, the new mapping occurs in one-half round-trip-time (RTT) as compared with the normal Map-Request/Map-Reply exchange process.
This command does not require a license.
Examples
This example shows how to configure the ETR to glean and cache IPv6 mapping data included in Map-Request messages and verify its accuracy prior to using this data to forward packets:
switch# configure terminal
switch(config)# ipv6 lisp etr glean-mapping verify
Related Commands
Command Descriptionipv6 lisp etr
Configures the Cisco NX-OS device to act as an IPv6 LISP Egress Tunnel Router (ETR).
ipv6 lisp etr map-cache-ttl
To configure the Time-to-live (TTL) value inserted into Locator/ID Separation Protocol (LISP) IPv6 Map-Reply messages, use the ipv6 lisp etr map-cache-ttl command. To remove the configured TTL value and return to the default value, use the no form of this command.
ipv6 lisp etr map-cache-ttl time-to-live
no ipv6 lisp etr map-cache-ttl time-to-live
Syntax Description
time-to-live
Value, in minutes, to be inserted in the TTL field in Map-Reply messages. The range is from 60 to 10080.
Defaults
1440
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp etr map-cache-ttl command to change the default value associated with the TTL field in IPv4 Map-Reply messages. Use this command when you want to change the default TTL that remote ITRs cache and use for your site's IPv4 EID prefix. The default value is 1440 minutes (24 hours), the minimum value cannot be less than 60 minutes, and the maximum cannot be greater than 10080 minutes (one week).
This command does not require a license.
Examples
This example shows how to configure the ETR to use a TTL in its IPv6 Map-Reply messages:
switch# configure terminal
switch(config)# ipv6 lisp etr map-cache-ttl 120
Related Commands
Command Descriptionipv6 lisp etr
Configures the Cisco NX-OS device to act as an IPv6 LISP Egress Tunnel Router (ETR).
ipv6 lisp etr map-server
To configure the IPv4 or IPv6 locator address of the Locator/ID Separation Protocol (LISP) Map-Server to be used by the egress tunnel router (ETR) when registering for IPv4 EIDs, use the ipv6 lisp etr map-server command. To remove the configured locator address of the LISP Map-Server, use the no form of this command.
ipv6 lisp etr map-server map-server-address {[key key-type authentication-key] | proxy-reply}
no ipv6 lisp etr map-server map-server-address {[key key-type authentication-key] | proxy-reply}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp etr map-server command to configure the IPv4 or IPv6 locator of the Map-Server to which the ETR registers for its IPv4 EID(s). A password used for a SHA-1 HMAC hash that is included in the header of the Map-Register message must also be provided. You can configure the ETR to register with a maximum of two Map-Servers per EID address family. Once the ETR registers with the Map-Server(s), the Map-Server(s) begin to advertise the EID-prefix block(s) and RLOC(s) for the LISP site.
You can enter the SHA-1 HMAC password in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter a 3DES-encrypted password, specify a key-type value of 3. To enter a Cisco-encrypted password, specify a key-type value of 7.
Caution A Map-Server authentication key entered in cleartext form will automatically be converted to Type 3 (encrypted) form.
Note•You must also configure the Map-Server with IPv4 EID prefixes that match the IPv4 EID-prefixes configures on this ETR by using the ipv6 lisp database-mapping command, as well as a password that matches the one provided with the key keyword on this ETR.
•When the ipv6 lisp database-mapping command is entered, the ETR does not need to run the Locator/ID Separation Protocol Alternative Topology (LISP-ALT) for EID-to-RLOC mapping resolution. All commands related to the Alternative Topology-Virtual Routing and Forwarding (VRF) (ALT-VRF) can be removed.
Note When you use the proxy-reply keyword, the ETR indicates to the Map-Server through a Map-Register message that the Map Server should sends Map Replies on behalf of the site. The Map Server sends non-authoritative Map Replies for all the EID-prefixes contained in the Map-Register message. On the Map Server, the show lisp site site-name command indicates whether proxy-reply is enabled or not.
This command does not require a license.
Examples
This example shows how to configure ETR to register to two Map-Servers:
switch# configure terminal
switch(config)# ipv6 lisp etr map-server 2001:db8:0a::1 key 3 1c275642c17d1e17
switch(config)# ipv6 lisp etr map-server 2001:db8:0b::1 key 3 1c275642c17d1e17
This example shows how to configure ETR to register to the Map-Server:
switch# configure terminal
switch(config)# ipv6 lisp etr map-server 2001:db8:0a::1 key 3 1c275642c17d1e17
switch(config)# ipv6 lisp etr map-server 2001:db8:0a::1 proxy-reply
Related Commands
ipv6 lisp hardware-forwarding
To enable hardware-forwarding specifically on the Cisco Nexus 7000 Series switch when at least one 32x10GE line card is installed, use the ipv6 lisp hardware-forwarding command. To disable this functionality, use the no form of this command.
ipv6 lisp hardware-forwarding
no ipv6 lisp hardware-forwarding
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled when at least one 32x10 GE line card is installed.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command is only applicable to the Cisco NX-OS device.
The ip lisp hardware-forwarding command is applicable to the Cisco Nexus 7000 Series switch only. Hardware forwarding for LISP is only supported on the N7K-M132XP-12 line card only. That is, LISP input and output interfaces MUST be on the N7K-M132XP-12 line card.
Caution Disabling hardware forwarding should only be used in diagnostic situations. Configuring the no ip lisp hardware-forwarding command will cause a full map-cache download to the Cisco NX-OS device hardware.
This command does not require a license.
Examples
This example shows how to disable the IPv6 LISP hardware forwarding feature:
switch# configure terminal
switch(config)# no ipv6 lisp hardware-forwarding
switch(config)# exit
Related Commands
ipv6 lisp itr
To configure a Cisco NX-OS device to act as an IPv6 Locator/ID Separation Protocol (LISP) Ingress Tunnel Router (ITR), use the ipv6 lisp itr command. To remove LISP ITR functionality, use the no form of this command.
ipv6 lisp itr
no ipv6 lisp itr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp itr command to enable the Cisco NX-OS device to perform the IPv6 LISP Ingress Tunnel Router (ITR) functionality.
When a Cisco NX-OS device is configured as an ITR, if a packet is received for which no IPv6 destination address prefix match exists in the routing table or which matches a default route (you can configure that the source address of the packet matches an IPv4 EID-prefix block configured by using the ipv6 lisp database-mapping command or ipv6 lisp map-cache command, the packet is a candidate for LISP routing. The ITR looks in the LISP map cache and forwards either the packet, drop the packet, send a Map-Request, or LISP-encapsulates the packet.
If there is no match in the LISP map cache, the ITR might use one of two methods to obtain an IPv6 EID-to-RLOC mapping. When a Map-Resolver is configured when you enter the ipv6 lisp itr map-resolver command, the ITR sends its Map-Request in a LISP Encapsulated Control Message (ECM) to the Map-Resolver. When the ITR is attached to the ALT using the ipv6 lisp alt-vrf command, the ITR sends its Map-Request directly on the alternate LISP topology (LISP-ALT). The ITR caches the IPv4 EID-to-RLOC mapping information returned by the associated Map-Reply in its map-cache. Subsequent packets destined to the same IPv6 EID-prefix block are then LISP-encapsulated according to this IPv4 EID-to-RLOC mapping entry.
Note An ITR can also be configured as an ETR. However, the LISP architecture does not require this requirement.
This command does not require a license.
Examples
This example shows how to configure the ITR functionality on the NX-OS device:
switch# configuration terminal
switch(config)# ipv6 lisp itr
Related Commands
ipv6 lisp itr map-resolver
To configure the IPv4 or IPv6 locator address of the Locator/ID Separation Protocol (LISP) Map-Resolver to be used by the ingress tunnel router (ITR) ITR or Proxy ITR (PITR) when sending Map-Requests for IPv4 EID-to-RLOC mapping resolution, use the ipv6 lisp itr map-resolver command. To remove the configured locator address of the LISP Map-Resolver, use the no form of this command.
ip lispv6 itr map-resolver map-resolver-address
no ipv6 lisp itr map-resolver map-resolver-address
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp itr map-resolver command to configure the locator to be used by a LISP ITR or PITR to reach the configured Map-Resolver when sending a map request for IPv6 EID-to-RLOC mapping resolution. Up to two Map-Resolvers can be configured per ITR or PITR within a site for each address-family.
When a LISP ITR or PITR needs to resolve an IPv6 EID-to-RLOC mapping for a destination EID, you can be configure it to send a map request either to a Map Resolver by using the ipv6 lisp itr map-resolver command or directly over the LISP ALT by using the ipv6 lisp alt-vrf command. When a Map Resolver is used, map requests are sent to the Map Resolver with the additional LISP Encapsulated Control Message (ECM) header that includes the Map Resolver RLOC as its destination address. When the ALT is used, map requests are sent directly over the ALT without the additional LISP Encapsulated Control Message (ECM) header, where the destination of the map request is the EID being queried.
Note When you use the ipv6 lisp itr map-resolver command, the ITR or PITR does not run the LISP-ALT. All commands related to the ALT-VRF are ignored (and can be removed).
This command does not require a license.
Examples
This example shows how to configure an ITR to use the Map-Resolver located at 2001:DB8:0A::1 when sending its Map-Request messages.
switch# configuration terminal
switch(config)# ipv6 lisp itr map-resolver 2001:DB8:0A::1
Related Commands
ipv6 lisp itr send-data-probe
To configure an ingress tunnel router (ITR) or Proxy ITR (PITR) to find an IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping for a packet it needs to encapsulate by sending a data probe rather than by sending a Map-Request message, use the ipv6 lisp itr send-data-probe command. To remove this functionality, use the no form of this command.
ipv6 lisp itr send-data-probe
no ipv6 lisp itr send-data-probe
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Locator/ID Separation Protocol (LISP) ITR or PITR gets a map-cache miss and needs to resolve an IPv4 EID-to-RLOC mapping for a destination EID, you can send a Map-Request message either in a LISP Encapsulate Control Message (ECM) to the Map Resolver configured by using the ip lisp itr map-resolver command, or directly over the Locator/ID Separation Protocol Alternative Topology (LISP-ALT) by using the ip lisp alt-vrf command. In either case, the first packet of the flow that caused the map-cache miss is dropped. Once the Map-Reply populates the map cache, subsequent packets to the same destination are forwarded directly by LISP.
Note When you configure an ITR or PITR by using the ip lisp itr send-data-probe command, you must also configure the ITR or PITR to use the LISP-ALT by using the ip lisp alt-vrf command because the data-probe is sent over the LISP-ALT.
Caution We do not recommend that you use the LISP data probe because this mechanism forwards data plane traffic over the LISP-ALT. The LISP-ALT is intended to function solely as a control plane mechanism for LISP and its use subjects it to denial of service attacks.
This command does not require a license.
Examples
This example shows how to configure a LISP ITR to send Data Probes to determine IPv6 EID-to-RLOC mappings:
switch# configuration terminal
switch(config)# ipv6 lisp itr send-data-probe
Related Commands
ipv6 lisp itr-etr
To configure a switch to act as both an IPv6 LISP Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR), use the ipv6 lisp itr-etr command. To remove the LISP ITR functionality, use the no form of this command.
ipv6 lisp itr-etr
no ipv6 lisp itr-etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp itr-etr command to enable the Cisco NX-OS device to perform both IPv6 LISP Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) functionality simultaneously, by using a single command.
For usage guidelines for the IPv6 LISP ITR functionality, see the ipv6 lisp itr command.
For usage guidelines for the IPv6 LISP ETR functionality, see the ipv6 lisp etr command.
Note If you use the ipv6 lisp itr-etr command and either of the ipv6 lisp itr or ipv6 lisp etr command have already been configured, they will be automatically removed from the configuration file. When configuring a device as both an ITR and an ETR, use the command iv6p lisp itr-etr to enable both capabilities.
This command does not require a license.
Examples
This example shows how to configure the IPv6 LISP ITR and ETR functionality on the NX-OS device:
switch# configuration terminal
switch(config)# ipv6 lisp itr-etr
Related Commands
Command Descriptionipv6 lisp etr
Configures the switch to act as an IPv6 LISP Egress Tunnel Router (ETR).
ipv6 lisp itr
Configures the switch to act as an IPv6 LISP Ingress Tunnel Router (ITR).
ipv6 lisp locator-down
To configure a locator from a locator-set that is associated with an IPv6 endpoint identifier (EID)prefix database-mapping to be unreachable (down), use the ipv6 lisp locator-down command. To return the locator to be reachable (up), use the no form of this command.
ipv6 lisp locator-down EID-prefix/prefix-length locator
no ipv6 lisp locator-down EID-prefix/prefix-length locator
Syntax Description
EID-prefix/prefix-length
IPv6 EID prefix and length advertised by this switch.
locator
IPv4 or IPv6 Routing Locator (RLOC) associated with this EID-prefix.
Defaults
An IPv4 or IPv6 locator associated with a configured IPv6 EID-prefix block is considered reachable (up) unless an IGP routing protocol indicates it is down.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure LISP database parameters on an ITR for specified IPv4 EID-prefix blocks by using the ipv6 lisp database-mapping command or the ipv6 lisp map-cache command, the locators associated with these IPv4 EID-prefix blocks are considered as reachable (up) by default. You can use the ipv6 lisp locator-down command to configure a locator from a locator-set associated with the EID-prefix database mapping to be down.
When you enter the ipv6 lisp locator-down command, the Locator Status Bits (LSB) for the configured locator is cleared when encapsulating packets to remote sites. ETRs at remote sites look for changes in the LSB when decapsulating LISP packets, and when the LSB indicates that a specific locator is down, the ETR refrains from encapsulating packets using this locator to reach the local site.
Note If you enter the ipv6 lisp locator-down command on an ITR to indicate that a locator is unreachable (down) and the LISP site includes multiple ITRs, you must enter the ip lisp locator-down command on all ITRs at the site to ensure that the site consistently tells remote sites that the configured locator is not reachable.
This command does not require a license.
Examples
This example shows how to configure the locator to a down state for the IPv6 EID-prefix block:
switch# configuration terminal
switch(config)# ipv6 lisp locator-down 2001:DB8:BB::/48 2001:DB8:0A::1
Related Commands
ipv6 lisp locator-vrf
To configure a nondefault virtual routing and forwarding (VRF) table to be referenced by any IPv6 locator addresses, use the ipv6 lisp locator-vrf command. To return to using the default routing table for locator address references, use the no form of this command.
ipv6 lisp locator-vrf vrf-name
no ipv6 lisp locator-vrf vrf-name
Syntax Description
vrf-name
Name of the VRF instance to be referenced by IPv6 locator addresses instead of the default table.
Defaults
IPv6 locator addresses are associated with the default (global) routing table.
Command Modes
VRF configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure Locator/ID Separation Protocol (LISP) in a nondefault VRF to keep EID-prefixes in one VRF separate from EID-prefixes in another VRF, and both EID VRFs share the same locator-based core network and same mapping database system infrastructure, these locator addresses must be reachable from the default VRF or a specified common VRF. Use the ipv6 lisp locator-vrf command to specify the VRF to be associated with these locator addresses.
When you enter the ipv6 lisp locator-vrf command, the locator addresses in any subsequent LISP commands are referenced to the specified VRF. For example, the locator addresses in the ipv6 lisp itr map-resolver and ipv6 lisp etr map-server commands refer to the VRF that you configured when you entered the ip lisp locator-vrf command. The map-servers and map-resolvers can also share the configuration from the locator-VRF.
Note When you configure mixed address families (for example, IPv4 EIDs and IPv6 locators or IPv6 EIDs and IPv4 locators), use the ipv6 lisp locator-vrf command.
This command does not require a license.
Examples
In the following example, a LISP xTR is configured with three EID contexts red, blue, and green, and the locator VRF default. Red and blue are both using the RLOC of 10.10.10.1 if you enter the ipv6 lisp locator-vrf default command. In addition, red and blue both inherit the globally defined map-resolver and map-server located at 10.100.1.1 (configured at the end of this example). Both red and blue have an EID prefix of 172.16.0.0/24, but segmentation is maintained due to the unique LISP instance ID for each VRF context. Green context also uses the RLOC of 10.10.10.1 if you enter the ipv6 lisp locator-vrf default command. However, green overrides the inheritance of the globally defined map-resolver and map-server by including the ones configured within the VRF context an located at 10.200.1.1. The locator for this locally defined map-resolver or map-server remains within the default VRF when you enter the ipv6 lisp locator-vrf default command.
switch# configuration terminal
switch(config)# vrf context red
switch(config-vrf)# ipv6 lisp itr-etr
switch(config-vrf)# ipv6 lisp database-mapping 2001:db8:a::/48 10.10.10.1 priority 1 weight 1
switch(config-vrf)# lisp instance-id 111
switch(config-vrf)# ipv6 lisp locator-vrf default
switch(config-vrf)# exit
switch(config)# vrf context blue
switch(config-vrf)# ipv6 lisp itr-etr
switch(config-vrf)# ipv6 lisp database-mapping 2001:db8:a::/48 10.10.10.1 priority 1 weight 1
switch(config-vrf)# lisp instance-id 222
switch(config-vrf)# ipv6 lisp locator-vrf default
switch(config-vrf)# exit
switch(config)# vrf context green
switch(config-vrf)# ipv6 lisp itr-etr
switch(config-vrf)# ipv6 lisp database-mapping 2001:db8:b::/48 10.10.10.1 priority 1 weight 1
switch(config-vrf)# lisp instance-id 444
switch(config-vrf)# ipv6 lisp locator-vrf default
switch(config-vrf)# ipv6 lisp itr map-resolver 10.200.1.1
switch(config-vrf)# ipv6 lisp etr map-server 10.200.1.1 key 3 xxxxxxxxxxx
switch(config-vrf)# exit
switch(config)# ipv6 lisp itr map-resolver 10.100.1.1
switch(config)# ipv6 lisp etr map-server 10.100.1.1 key 3 xxxxxxxxxxx
Related Commands
ipv6 lisp map-cache
To configure a static IPv6 endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy or to statically configure the packet handling behavior associated with a specified destination IPv6 EID prefix, use the ipv6 lisp map-cache command. To remove the configuration, use the no form of this command.
ipv6 lisp map-cache destination-EID-prefix/prefix-length {locator priority priority weight weight}
no ipv6 lisp map-cache destination-EID-prefix/prefix-length {locator priority priority weight weight}
ipv6 lisp map-cache destination-EID-prefix/prefix-length {drop | map-request | native-forward}
no ipv6 lisp map-cache destination-EID-prefix/prefix-length {drop | map-request | native-forward}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The first use of the ip lisp map-cache command is to configure an ingress tunnel router (ITR) with a static IPv6 EID-to-RLOC mapping relationship and its associated traffic policy. For each entry, you must enter a destination IPv6 EID-prefix block and its associated locator, priority, and weight. The IPv6 EID-prefix/prefix-length is the LISP EID-prefix block at the destination site. The locator is an IPv6 or IPv6 address of the remote site where the IPv6 EID-prefix can be reached. The locator address has a priority and weight that are used to define traffic policies when multiple RLOCs are defined for the same EID-prefix block. You can enter this command up to four times for a given EID-prefix. Static IPv4 EID-to-RLOC mapping entries configured when you enter the ip lisp map-cache command take precedence over dynamic mappings learned through Map-Request/Map-Reply exchanges.
The second, optional use of the ipv6 lisp map-cache command is to statically configure the packet handling behavior associated with a specified destination IPv6 EID-prefix. For each entry, a destination IPv4 EID-prefix block is associated with a configured forwarding behavior. When a packet's destination address matches the EID-prefix, one of the following packet handling options:
•drop—Packets that match the destination IPv6 EID-prefix are dropped. For example, this action may be useful when administrative policies define that packets should be prevented from reaching a site.
•native-forward—Packets that match the destination IPv6 EID-prefix are natively forwarded without LISP encapsulation. Use this action when the destination site is known to always be reachable natively and LISP encapsulation should never be used.
•map-request—Packets that match the destination IPv6 EID-prefix cause a Map-Request to be sent. It is implied that the Map-Reply returned by this request will allow subsequent packets that match this EID-prefix to be Locator/ID Separation Protocol (LISP)-encapsulated. Use this action troubleshooting map-request activities and other diagnostic actions.
This command does not require a license.
Examples
This example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy:
switch# configuration terminal
switch(config)# ipv6 lisp map-cache 2001:DB8:BB::/48 2001:DB8:0A::1 priority 1 weight 100
This example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy to drop:
switch# configuration terminal
switch(config)# ip lisp map-cache 2001:DB8:AA::/64 drop
Related Commands
ipv6 lisp map-cache-limit
To configure the maximum number of IPv4 Locator/ID Separation Protocol (LISP) map-cache entries allowed to be stored by the Cisco NX-OS device, use the ipv6 lisp map-cache-limit command. To remove the configured map-cache limit, use the no form of this command.
ipv6 lisp map-cache-limit cache-limit [reserve-list list]
no ipv6 lisp map-cache-limit cache-limit [reserve-list list]
Syntax Description
Defaults
1000
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp map-cache-limit command to control the maximum number of IPv6 LISP map-cache entries that are allowed to be stored on the Cisco NX-OS device. An optional reserve-list can be configured to guarantee that the Cisco NX-OS device always stores the referenced IPv6 EID-prefixes.
LISP IPv6 map-cache entries are added in one of two ways - dynamically or statically. Dynamic entries are added when a valid Map-Reply message is returned for a Map-Request message generated in response to a cache-miss lookup. Static entries are added when you enter the ipv6 lisp map-cache command.
Dynamic map-cache entries are always added until the default or configured cache-limit is reached. After the default or configured cache limit is reached, unless the optional reserve list is configured, no further dynamic entries are added and no further Map-Requests are generated in response to cache-miss lookups until a free position is available.
When you do no configure an optional reserve-list keyword, dynamic entries are added on a first-in-first-added basis until the configured map-cache limit is reached. After that time, no new dynamic entries can be added. If the reserve-list keyword is configured but the prefix-list to which it refers is not configured, the results are the same as if the reserve-list keyword was not configured.
When the optional reserve-list keyword is configured, a Map-Request is generated and a new dynamic map-cache entry may be added only for IP v6 EID-prefixes that are permitted by the prefix-list referenced by the reserve-list keyword. In this case, the new entry must be able to replace an existing dynamic entry so that the cache limit is maintained. The deleted dynamic entry will be either a nonreserve idle map-cache entry or non-reserve active map-cache entry. Idle map-cache entries are those entries that have seen no activity in the last 10 minutes. If all current dynamic entries are also permitted by the prefix-list referenced by the reserve-list, no further dynamic entries can be added.
Existing dynamic IPv6 map-cache entries can time-out due to inactivity or can be removed by the using the clear ip lisp map-cache command to create a free position in the map cache.
Static map-cache entries are always added, until the default or configured cache-limit is reached. After the default or configured cache limit is reached, unless the optional reserve-list is configured, no further static entries are added.
When the optional reserve-list keyword is not configured, static entries are added on a first-in-first-added basis until the configured map-cache limit is reached. After that time, no new static entries can be added. If the reserve-list keyword is configured but the prefix-list to which it refers is not configured, the results are the same as if the reserve-list keyword was not configured.
When the optional reserve-list keyword is configured, a static entry that matches the reserve list, a prefix list can be added, but only if it can replace an existing static entry or dynamic entry that does not-match the reserve list prefix list.
Note When the reserve-list command is used, be sure that the prefix-list includes entries that match all expected prefixes in any Map-Reply, including the more-specifics. This can be ensured by appending le 128 to the end of all prefix-list entries for IPv6 prefixes. For example, if you want to match 2001:DDB8:BB::/48 and any of the more specifics, you should enter ipv6 prefix-list lisp-list seq 5 permit 2001:DDB8:BB::/48 le 128 in order to cover all replies within this range.
This command does not require a license.
Examples
This example shows how to configure the LISP cache-limit and a reserve-list:
switch# configuration terminal
switch(config)# ipv6 lisp map-cache-limit 2000 reserve-list LISP-v6-always
switch(config)# ip prefix-list LISP-always seq 10 permit 2001:DB8:BA::/46 le 128
Related Commands
ipv6 lisp map-request-source
To configure an IPv4 or IPv6 address to be used as the source address for Locator/ID Separation Protocol (LISP) IPv6 Map-Request messages, use the ipv6 lisp map-request-source command. To remove the configured Map-Request source address and return to the default behavior, use the no form of this command.
ipv6 lisp map-request-source source-address
no ipv6 lisp map-request-source source-address
Syntax Description
Defaults
The Cisco NX-OS device uses one of the locator addresses that you configure by using the ipv6 lisp database-mapping command as the default source address for LISP Map-Request messages.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
A locator address that you configured in by using the ipv6 lisp database-mapping command is used as the source address for LISP IPv6 Map-Request messages. There are cases, however, where it may be necessary to configure the specified source address for these Map-Request messages. For example, when the ingress tunnel router (ITR) is behind a Network Address Translation (NAT) device, you might need to specify a source address that matches the NAT configuration to properly allow for return traffic.
When you enter the ipv6 lisp map-request-source command on an ITR, the specified IPv4 or IPv6 locator is used by an ITR as the source address for LISP IPv6 Map-Request messages. When you enter the ipv6 lisp map-request-source command on a Map-Server, this locator is used as the source address in the Encapsulated Control Message that carries a Map-Request to an ETR.
This command does not require a license.
Examples
This example shows how to configure an ITR to use the source IPv6 address in its IPv6 Map-Request messages:
switch# configuration terminal
switch(config)# ipv6 lisp map-request-source 2001:DB8:0A::1
Related Commands
Command Descriptionipv6 lisp database-mapping
Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
ipv6 lisp map-resolver
To configure a switch to act as an IPv6Locator/ID Separation Protocol (LISP) Map-Resolver (MR), use the ipv6 lisp map-resolver command. To remove LISP Map-Resolver functionality, use the no form of this command.
ipv6 lisp map-resolver
no ipv6 lisp map-resolver
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp map-resolver command to enable the Cisco NX-OS device to perform the IPv6 LISP Map-Resolver (MR) functionality. A LISP Map-Resolver is deployed as a LISP Infrastructure component.
A Map-Resolver receives a LISP Encapsulated Control Message (ECM) that contains a Map-Request from a LISP ITR directly over the underlying locator-based network. The Map-Resolver decapsulates this message and forwards it on the LISP-ALT topology, where it is delivered either to an ingress tunnel router (ITR) that is directly connected to the LISP-ALT and that is authoritative for the endpoint identifier (EID) being queried by the Map-Request or to the Map-Server that is injecting EID-prefixes into the LISP-ALT on behalf of the authoritative ETR.
Map-Resolvers also send Negative Map-Replies directly back to an ITR in response to queries for non-LISP addresses.
When deploying a LISP Map-Resolver, follow these guidelines:
•When a Map-Resolver is configured to use the LISP ALT for endpoint identifier to Routing Locator (EID-to-RLOC) mapping resolution, the Map-Resolver configuration must include the ipv6 alt-vrf command.
•When a Map-Resolver is configured concurrently with a Map-Server as a stand-alone system (when it is not connected to any ALT and it has full knowledge of the LISP mapping system for a private LISP deployment), using the ipv6 alt-vrf command is not required.
•When a Map-Resolver supports a LISP deployment that is configured for virtualization, you must concurrently configure the Map-Resolver with a Map-Server and see registrations from all ETRs in the LISP network to properly resolve Map-Requests when instance IDs are used. A Map-Resolver cannot forward a Map-Request with an instance ID over the LISP ALT, as would be the case in a nonvirtualized configuration. The Map-Resolver can only query EID-tables that are maintained by the concurrent Map-Server for EID-to-RLOC mapping resolution in a virtualized LISP deployment.
This command does not require a license.
Examples
This example shows how to configure the IPv6 LISP Map-Resolver functionality on the NX-OS device.
switch# configuration terminal
switch(config)# ipv6 lisp map-resolver
Related Commands
Command Descriptionipv6 lisp alt-vrf
Configures which VRF that LISP should use when sending Map Requests for an IPv4 EID-to-RLOC mapping directly over the ALT.
ipv6 lisp map-server
To configure a switch to act as an IPv6 Locator/ID Separation Protocol (LISP) Map-Server (MS), use the ipv6 lisp map-server command. To remove LISP Map-Server functionality, use the no form of this command.
ipv6 lisp map-server
no ipv6 lisp map-server
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp map-server command to enable the Cisco NX-OS device to perform IPv6 LISP Map-Server (MS) functionality. A LISP Map-Server is deployed as a LISP Infrastructure component. LISP site commands are configured on the Map Server for a LISP egress tunnel router (ETR) that registers to it, including an authentication key, which must match the one also configured on the ETR. A Map Server receives Map-Register control packets from ETRs. When you configure the Map Server with a service interface to the LISP-ALT, it injects aggregates for the registered EID prefixes into the LISP-ALT.
The Map-Server also receives Map-Request control packets from the LISP-ALT, which it then forwards as a LISP Encapsulated Control Message (ECM) to the registered ETR that is authoritative for the EID prefix being queried. The ETR returns a Map-Reply message directly back to the ITR.
When deploying a LISP Map-Resolver, follow these guidelines:
•When a Map-Resolver is configured to use the LISP ALT for endpoint identifier to Routing Locator (EID-to-RLOC) mapping resolution, the Map-Resolver configuration must include the ipv6 alt-vrf command.
•When a Map-Resolver is configured concurrently with a Map-Server as a stand-alone system (when it is not connected to any ALT and it has full knowledge of the LISP mapping system for a private LISP deployment), using the ipv6 alt-vrf command is not required.
•When a Map-Resolver supports a LISP deployment that is configured for virtualization, you must concurrently configure the Map-Resolver with a Map-Server and see registrations from all ETRs in the LISP network to properly resolve Map-Requests when instance IDs are used. A Map-Resolver cannot forward a Map-Request with an instance ID over the LISP ALT, as would be the case in a nonvirtualized configuration. The Map-Resolver can only query EID-tables that are maintained by the concurrent Map-Server for EID-to-RLOC mapping resolution in a virtualized LISP deployment.
This command does not require a license.
Examples
This example shows how to configure IPv6 LISP Map-Server functionality on the NX-OS device.
switch# configuration terminal
switch(config)# ipv6 lisp map-server
Related Commands
Command Descriptionipv6 lisp alt-vrf
Configure which VRF supporting the IPv6 address-family LISP should use when sending Map Requests for an IPv6 EID-to-RLOC mapping directly over the ALT.
ipv6 lisp nat-transversal
To configure an egress tunnel router (ETR) with a private locator that is sited behind a Network Address Translation (NAT) device to dynamically determine its NAT-translated public locator for use in Map-Register and Map-Reply messages, use the ip lisp nat-transversal command. To remove this functionality, use the no form of this command.
ipv6 lisp nat-transversal
no ipv6 lisp nat-transversal
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR is sited behind a NAT device, its routing locator belongs to the private address space that the NAT device translates to a public globally routed address. The ETR needs to know this public global locator address because this address is required for use in Map-Register and Map-Reply messages.
When you enter the ip lisp nat-transversal command is configured, the ETR determines its own public global locator dynamically. When configured, the ETR sends a LISP Echo-Request message to the configured Map Server out the interface under which this command is configured. The Map Server replies with an Echo Reply message that includes the source address from the Echo Request, which is the NAT-Translated public global locator address.
The ipv6 lisp nat-transversal command is useful when the dynamic keyword is used with the ipv6 lisp database-mapping command in order to dynamically determine the routing locator rather than statically defining it.
This command does not require a license.
Examples
This example shows how to configure the ETR to dynamically determine its public global routing locator when it is behind a NAT device:
switch# configuration terminal
switch(config)# interface Ethernet2/0
switch(config-if)# ipv6 lisp nat-transversal
Related Commands
ipv6 lisp proxy-etr
To configure a switch to act as an IPv6 Locator/ID Separation Protocol (LISP) Proxy Egress Tunnel Router (PETR), use the ipv6 lisp proxy-etr command. To remove LISP PETR functionality, use the no form of this command.
ipv6 lisp proxy-etr
no ipv6 lisp proxy-etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp proxy-etr command to enable the IPv4 LISP Proxy Egress Tunnel Router (PETR) functionality on the Cisco NX-OS device. The Cisco NX-OS device accepts LISP-encapsulated packets from an ingress tunnel router (ITR) or Proxy ITR (PITR) that are destined to non-LISP sites, deencapsulates them, and then forwards them natively toward the non-LISP destination.
PETR services may be necessary in several cases. For example, by default, when a LISP site forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site EID. If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF) or an anti-spoofing access-list, it would consider these packets to be spoofed and drop them because EIDs are not advertised in the provider default free zone (DFZ). Instead of natively forwarding packets destined to non-LISP sites, the ITR encapsulates these packets using the site locator as the source address and the PETR as the destination address. Packets destined for LISP sites follow normal LISP forwarding processes and are sent directly to the destination ETR.
Note When an ITR or PITR requires IPv4 PETR services, you must configure ITR or PITR to forward IPv4 EID packets to the PETR by using the ip lisp use-petr command.
This command does not require a license.
Examples
This example shows how to configure IPv6 LISP PETR functionality on the NX-OS device:
switch# configuration terminal
switch(config)# ipv6 lisp proxy-etr
Related Commands
pv6 lisp proxy-itr
To configure a switch to act as an IPv6 Locator/ID Separation Protocol (LISP) Proxy Ingress Tunnel Router (PITR), use the ipv6 lisp proxy-itr command. To remove the LISP PITR functionality, use the no form of this command.
ipv6 lisp proxy-itr ipv6-local-locator [ipv4-local-locator]
no ipv6 lisp proxy-itr ipv6-local-locator [ipv4-local-locator]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp proxy-itr command to enable IPv4 LISP Proxy Ingress Tunnel Router (PITR) functionality on the Cisco NX-OS device. The Cisco NX-OS device receives native packets from non-LISP sites that are destined for LISP sites, encapsulates them, and forwards them to the ETR that is authoritative for the destination LISP site EID.
PITR services are required to provide interworking between non-LISP sites and LISP sites. For example, when connected to the Internet, a PITR acts as a gateway between the legacy Internet and the LISP-enabled network. The PITR must advertise one or more highly aggregated endpoint identifier (EID) prefixes on behalf of LISP sites into the underlying DFZ (that is the Internet) and act as an ITR for traffic received from the public Internet.
When you enable PITR services by using the ipv6 lisp proxy-itr command, the PITR creates LISP-encapsulated packets when it sends a data packet to a LISP site, sends a data probe, or sends a Map-Request message. The outer (LISP) header address family and source address are determined as follows:
•When the locator-hash function returns a destination RLOC within the IPv4 address family, the address ipv4-local-locator is used as the source address from the locator namespace.
•When the locator-hash function returns a destination RLOC within the IPv6 address family (assuming the optional address ipv6-local-locator is entered), it will used as a source locator for encapsulation.
When you configure a switch to function as an IPv4 PITR, you can also configure it to use the LISP ALT for IPv4 EID-to-RLOC mapping resolution. When configured to use the LISP ALT, the PITR sends its map request messages directly over the LISP ALT using the virtual routing and forwarding (VRF) referred to by the ipv6 lisp alt-vrf command. A PITR can send a Map-Request to a configured Map-Resolver for EID-to-RLOC mapping resolution as an alternative to sending a Map-Request directly over the LISP ALT. (See the ipv6 map-resolver command). When using a PITR in a virtualized LISP deployment, you must configure the PITR to use a Map-Resolver for EID-to-RLOC mapping resolution and not the LISP ALT because the LISP ALT does not support virtualization.
Note A switch that is configured as an ITR performs a check to see if the source of any packet intended for LISP encapsulation is within the address range of a local EID prefix, whereas a Cisco NX-OS device configured as a PITR does not perform this check. Unlike the Cisco IOS LISP implementation, in Cisco NX-OS you can configure a Cisco NX-OS device to support both ITR and PITR functionality at the same time. If you configure a Cisco NX-OS device as an ITR and as a PITR, preference goes to PITR functionality for packet processing.
This command does not require a license.
Examples
This example shows how to configure the LISP PITR functionality on the NX-OS device and to encapsulate packets using a source locator:
switch# configuration terminal
switch(config)# ipv6 lisp proxy-itr 2001:db8:bb::1
Related Commands
ipv6 lisp shortest-eid-prefix-length
To configure the shortest IPv6 endpoint identifier (EID)-prefix mask-length that is acceptable to an ingress tunnel router (ITR) or Proxy ITR (PITR) in a received Map-Reply message or to an ETR in the mapping-data record of a received Map-Request, use the ipv6 lisp shortest-eid-prefix-length command. To return to the default configuration, use the no form of this command.
ipv6 lisp shortest-eid-prefix-length IPv6-EID-prefix-length
no ipv6 lisp shortest-eid-prefix-length IPv6-EID-prefix-length
Syntax Description
IPv6-EID-prefix-length
Shortest IPv6 EID prefix-length accepted from a Map-Reply or data record in a Map-Request. The range is from 0 to 128.
Defaults
48
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ITR or PITR receives a Map-Reply message, the mapping data it contains includes the EID mask-length for the returned EID prefix. By default, the shortest EID prefix mask length accepted by an ITR or PITR for an IPv4 EID prefix is a /48.
You can use the ipv6 lisp shortest-eid-prefix-length command to change this default. For example, it might be necessary for a PITR to accept a shorter (coarser) prefix if one exists.
When an ETR receives a Map-Request message, it might contain a mapping data record that the ETR can cache and possible use to forward traffic depending on the configuration of the ipv6 lisp etr accept-map-request-mapping command.
Use the ipv6 lisp shortest-eid-prefix-length command to change the shortest prefix length accepted by the ETR. In this case, the check for the shortest EID-prefix mask length is done prior to the verifying Map-Request, if also configured. That is, if the EID-prefix mask length is less than the configured value, the verifying Map-Request is not sent and the mapping data is not accepted.
Examples
This example shows how to configure the NX-OS device to accept a minimum IPv6 EID-prefix length:
switch# configuration terminal
switch(config)# ipv6 lisp shortest-eid-prefix-length 40
Related Commands
ipv6 lisp source-locator
To configure a source locator to be used for IPv6 Locator/ID Separation Protocol (LISP)-encapsulated packets, use the ipv6 lisp source-locator command. To remove the configured source locator, use the no form of this command.
ipv6 lisp source-locator interface
no ipv6 lisp source-locator interface
Syntax Description
interface
Name of the interface whose IPv6 address should be used as the source locator address for outbound LISP-encapsulated packets.
Defaults
The IPv6 address of the outbound interface is used by default as the source locator address for outbound LISP-encapsulated packets.
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When sending a LISP-encapsulated packet (data or control message), Cisco NX-OS device performs a destination lookup to determine the appropriate outgoing interface. By default, the IPv6 address of this outgoing interface is used as the source locator for the outbound LISP encapsulated packet.
In certain circumstances you might need to use the IPv6 address of a different interface as the source locator for the outbound LISP encapsulated packets rather than that of the outgoing interface. For example, when an ITR has multiple egress interfaces, you might configure a loopback interface for stability purposes and instruct the ITR to use the address of this loopback interface as the source locator for the outbound LISP-encapsulated packets rather than one or both of the physical interface addresses. The usage of the ipv6 lisp source-locator command is also important for maintaining locator consistency between the two xTRs when rloc-probing is used.
This command does not require a license.
Examples
This example shows how to configure the source locator when sending LISP encapsulated packets:
switch# configuration terminal
switch(config)# interface Ethernet 2/0
switch(config-if)# ipv6 lisp source-locator Loopback0
switch(config-if)# interface Ethernet2/1
switch(config-if)# ipv6 lisp source-locator Loopback0
Related Commands
Command Descriptionipv6 lisp itr
Configures the switch to act as an IPv6 LISP Ingress Tunnel Router (ITR).
ipv6 lisp translate
To configure IPv6 Locator/ID Separation Protocol (LISP) translation mapping, use the ipv6 lisp translate command. To remove IPv6 LISP translation mappings and return to the default value, use the no form of this command.
ipv6 lisp translate inside IPv6-inside-EID outside IPv6-outside-EID
no ipv6 lisp translate inside IPv6-inside-EID outside IPv6-outside-EID
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure a LISP ITR or ETR with a nonroutable EID prefix and you want to replace it with a routable EID prefix, use the ipv6 lisp translate command. A LISP device that acts as an ITR and detects a nonroutable EID in the source IPv4 address field replaces it with the routable EID when you use the inside and outside keyword. In the opposite direction when acting as an ETR, it replaces the routable EID referred to by the outside keyword with the no-routable EID referred to by the inside keyword.
Note The outside EID address can be assigned to the Cisco NX-OS device itself, in which case it responds to ARP requests, ICMP echo-requests (ping) and any other packet sent to this address. When you do not assign the outside EID to the device, the address does not answer ARP requests.
This feature may be useful when if you want to upgrade but you want to continue to communicate with non-LISP sites. An alternative approach for providing communications between LISP and non-LISP sites is to use Proxy-ITR services. See to the ipv6 lisp proxy-itr command for further details. Both proxy-ITR and NAT translation services, commonly referred to as Interworking services, are described in draft-ietf-lisp-interworking-00.
This command does not require a license.
Examples
This example shows how to configure LISP to translate the inside address to the outside address:
switch# configuration terminal
switch(config)# ipv6 lisp translate inside 2001:db8:aa::1 outside 2001:db8:bb::1
Related Commands
ipv6 lisp use-petr
To configure a switch to use an IPv6 Locator/ID Separation Protocol (LISP) Proxy Egress Tunnel Router (PETR), use the ipv6 lisp use-petr command. To remove the use of a LISP PETR, use the no form of this command.
ipv6 lisp use-petr locator-address
no ipv6 lisp use-petr locator-address
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use ipv6 lisp use-petr command to enable the Cisco NX-OS device to use IPv6 Proxy Egress Tunnel Router (PETR) services. When the use of PETR services is enabled, instead of natively forwarding packets destined to non-LISP sites, these packets are LISP-encapsulated and forwarded to the PETR, where these packets are then deencapsulated and forwarded natively toward the non-LISP destination. An ITR or PITR can be configured to use PETR services.
PETR services may be necessary in several cases. For example, by default, when a LISP sites forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site endpoint identifier (EID). If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF), it considers these packets to be spoofed and drops them because EIDs are not advertised in the provider default free zone (DFZ). In this case, instead of natively forwarding packets destined to non-LISP sites, the ITR encapsulates these packets using the site locator as the source address and the PETR as the destination address. Packets destined for LISP sites follow normal LISP forwarding processes and are sent directly to the destination ETR.
Note Because LISP supports mixed protocol encapsulations, the locator specified for the PETR can either be an IPv4 or IPv6 address. Up to eight PETRs can be configured per address family.
This command does not require a license.
Examples
This example shows how to configure an ITR to use the PETR with the IPv6 locator:
Note This example assumes that the PETR supports dual-stack connectivity.
switch# configuration terminal
switch(config)# ipv6 lisp use-petr 10.1.1.1
Related Commands
Command Descriptionipv6 lisp proxy-etr
Configures the switch to act as an IPv6 LISP Proxy Egress Tunnel Router (PETR).
lig
To initiate a LISP Internet Groper (LIG) operation for a destination endpoint identifier (EID) or to test the router's local EID prefix, use the lig command.
lig {hostname | destination-EID} [count count] [source source-EID] [to map-resolver]
lig {self | self6 | version} [count count] [source source-EID] [to map-resolver]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command initiates a LIG query for the indicated destination hostname or EID, or the routers local EID-prefix. Use the lig command to test whether a destination EID exists in the LISP mapping database system, or see if your site is registered with the mapping database system.
When a LIG query is initiated with a hostname or destination EID, the router sends a Map-Request to the configured Map-Resolver for the indicated destination hostname or EID. When a Map-Reply is returned, its contents are displayed to the user and entered in the LISP map-cache.
When a LIG self query is initiated, the router's local EID-prefix is substituted in place of the destination EID when the router sends a Map-Request to the configured Map-Resolver.
The following operational attributes apply to LIG:
•By default, at a minimum, one Map-Request is sent to the Map-Resolver but up to three Map-Requests might be sent to the Map-Resolver. Once a Map-Reply is returned for a Map-Request, no further Map-Requests are sent. When you apply the count option, a specified number of Map-Requests is sent.
•By default, the source of the Map-Request is the first configured EID-prefix for the site (with the host-bit set to zero). For example, if the local EID-prefix is 153.16.21.0/24, the source EID is 153.16.21.0 for the Map-Request. When the source option is applied, a specific source EID might be used. However, the source-EID must be one of the EID addresses assigned to the LISP router.
•When the lig command is used with the self option, the destination IPv4 EID is also the first configured EID-prefix for the site (with the host-bit set to zero). For example, if the local IPv4 EID-prefix is 153.16.21.0/24, the destination EID is 153.16.21.0 for the Map-Request. Use the self6 option for IPv6 addresses.
•By default, when you enter the lig command, the Map-Request is sent to the configured Map-Resolver. However, the to option can be specified to cause the Map-Request to be forwarded to a specified Map-Resolver instead. Sending a Map-Request to a different Map-Resolver can be useful to test that your EID-prefix has been properly injected into the ALT infrastructure. In this case, the lig Map-Request is processed by the specified Map-Resolver and propagated through each ALT router hop to the Map-Server you have registered to. The Map-Server returns the Map-Request to your site. Your site generates a Map-Reply to the source of the Map Request (which could be itself or a different xTR within your LISP site).
This command does not require a license.
Examples
This example shows how to initiate a LIG operation for a destination EID or to test the router's local EID prefix:
switch# lig self
Send loopback map-request to 128.223.156.35 for 153.16.12.0 ...Received map-reply from 128.223.156.23 with rtt 0.002770 secsMap-cache entry for EID 153.16.12.0:153.16.12.0/24, uptime: 00:00:02, expires: 23:59:57, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:02 up 1/100 0/0 0/0This example shows how to display the local IPv6 EID-prefix that is registered in the mapping database:
switch# lig self6
Send loopback map-request to 128.223.156.35 for 2610:d0:1203:: ...Received map-reply from 128.223.156.23 with rtt 0.001148 secsMap-cache entry for EID 2610:d0:1203:::2610:d0:1203::/48, uptime: 00:00:02, expires: 23:59:57, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:02 up 1/100 0/0 0/0switch#This example shows how to display all LISP map-cache entries, and then uses lig to test for the remote IPv6 EID-prefix:
switch# show ipv6 lisp map-cache
LISP IPv6 Mapping Cache for VRF "default", 0 entriesThis example show to to configure LIG to test for the remote IPv6 EID-prefix:
switch# lig 2610:d0:210f::1
end map-request to 128.223.156.35 for 2610:d0:210f::1 ...Received map-reply from 85.184.2.10 with rtt 0.204710 secsMap-cache entry for EID 2610:d0:210f::1:2610:d0:210f::/48, uptime: 00:00:01, expires: 23:59:58, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 00:00:01 up 0/100 0/0 0/02001:6e0:4:2::2 00:00:01 up 0/100 0/0 0/0This example shows how to display all IPv6 LISP map-cache entries:
switch# show ipv6 lisp map-cache
LISP IPv6 Mapping Cache for VRF "default", 1 entries2610:d0:210f::/48, uptime: 00:01:25, expires: 23:58:34, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 00:01:25 up 0/100 0/0 0/02001:6e0:4:2::2 00:01:25 up 0/100 0/0 0/0switch#This example shows how to display the version of LIG being used by the system:
switch# lig version
http://tools.ietf.org/html/draft-ietf-lisp-05http://tools.ietf.org/html/draft-farinacci-lisp-lig-01Related Commands
lisp beta
To enable Locator/ID Separation Protocol (LISP) to run on the Cisco NX-OS device, use the lisp beta command. To disable this functionality, use the no form of this command.
lisp beta
no lisp beta
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The lisp beta command is only applicable to the Cisco NX-OS device.
In order to run LISP on the Cisco Nexus 7000 Series switch, the functionality must be enabled by using the lisp beta command. When enabled, hardware forwarding of LISP packets is automatically enabled, assuming that at least one 32x10GE line card is installed. Hardware forwarding is the default mode of operation when LISP is enabled.
Caution You can disable hardware forwarding by using the no ip lisp hardware-forwarding command. However, we strongly discourage that you do not do so. Its use is intended for diagnostic functions only.
Additional caveats and requirements apply when LISP is configured on the Cisco NX-OS device only.
In order for LISP to operate, you must configure at least one tunnel interface (or any type) on the system. If no tunnel interface is configured, you must configure an arbitrary (unused) tunnel interface. The only requirements for the tunnel is that the source be active or up and that the destination be reachable, usually by matching a default route to exit the switch or by using a loopback interface that is not in a shutdown state. An example is as follows:
interface Tunnel101tunnel source Ethernet10/9tunnel destination 10.1.1.1no shutdownThis command does not require a license.
Examples
This example shows how to enable LISP on the Cisco Nexus 7000 Series switch:
switch# configuration terminal
switch(config)# lisp beta
Related Commands
lisp dynamic-eid
To configure a LISP Virtual Machine (VM) Mobility (dynamic-EID roaming) policy and enter dynamic-EID configuration mode on an xTR, use the lisp dynamic-eid command. To remove the LISP dynamic-EID policy, use the no form of this command.
lisp dynamic-eid dynamic-EID-policy-name
no lisp dynamic-eid dynamic-EID-policy-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
To configure LISP VM Mobility, you must create a dynamic-EID roaming policy that can be referenced by the lisp mobility dynamic-eid-policy-name interface command. When you enter the lisp dynamic-eid dynamic-EID-policy-name command, the referenced LISP dynamic-EID policy is created and you are placed in the dynamic-EID configuration mode. In this mode, you can enter all attributes associated with the referenced LISP dynamic-EID policy.
Note In this release of LISP VM-Mobility, the following caveats apply:
When a dynamic-EID is roaming across subnets, you must configure it with a /32 IP address and an interface route to the default switch. For example, for a Linux or UNIX host, the following configuration is used:
ifconfig eth0 eid-address netmask 255.255.255.255
route add default any-switch-address
route add default any-switch-address
When a dynamic-EID is roaming across subnets, you must configure it with a /32 IP address and an interface route to the default switch. For example, for a Linux or UNIX host, the following configuration will be used:
ifconfig eth0 eid-address netmask 255.255.255.255
route add default any-switch-address
arp -s any-switch-address 00:00:0e:1d:01:0c
All LISP VM-router interfaces (the interface the dynamic-EID will roam to) must have the same MAC address. You can configure interfaces by using the mac-address 0000.0e1d.010c command:
Note This feature is available for both IPv4 and IPv6. However, this feature is tested for IPv4 only. In addition, while necessary ARP changes have been made for IPv4, similar changes required for ND for IPv6 have not been implemented.
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy named Roamer-1 and enter dynamic-EID configuration mode:
switch# configuration terminal
switch(config)# lisp dynamic-eid Roamer-1
switch(config-lisp-dynamic-eid)#Related Commands
Command Descriptionlisp mobility
Configures an interface on an ITR to participate in LISP VM-mobility (dynamic-EID roaming).
lisp extend-subnet-mode
To configure an interface to create a dynamic-endpoint identifier (EID) state for hosts attached on their own subnet in order to track the movement of EIDs from one part of the subnet to another part of the same subnet, use the lisp extend-subnet-mode command. To remove this functionality, use the no form of this command.
lisp extended-subnet-mode
no lisp extended-subnet-mod
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the lisp extended-subnet-mode command when a subnet is extended across a Layer 3 cloud where Layer 2 connectivity is maintained by a mechanism other than LISP (for example, Overlay Transport Virtualization (OTV) or Virtual Private LAN Services (VPLS)). Use the lisp extended-subnet-mode command to enable the dynamic-EID state to create host attached on their own subnet so that the remote ingress tunnel routers (ITRs) and Proxy ITRs (PITRs) can track the movement of EIDs from one part of its subnet to another part of the same subnet.
Note When you enter the lisp extended-subnet-mode command on an interface, any dynamic-EID prefixes configured by using lisp mobility commands on the same interface must have more specific prefixes than any overlapping subnet prefixes. For example, if lisp extended-subnet-mode is configured on an interface that has a base subnet of a /24, when you enter the lisp mobility dyn-eid-name command, the EID-prefix for dynamic-EID dyn-eid-name must be /25 or greater
This command does not require a license.
Examples
This example shows how to configure an interface to create a dynamic-EID state for hosts attached on their own subnet:
switch# configuration terminal
switch(config)# interface Ethernet 2/0
switch(config-if)# lisp extended-subnet-mode
Related Commands
lisp instance id
To configure an instance ID to be associated with endpoint identifier (EID)-prefixes for a Locator/ID Separation Protocol (LISP) xTR, use the lisp instance-id command. To disable this functionality, use the no form of this command.
lisp instance-id iid
no lisp instance-id iid
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Virtualization support is currently available in LISP xTRs and Map Server (MS) and Map Resolver (MR). The instance ID has been added to LISP to support virtualization.
Use this command to configure the instance ID associated with this xTR. Only one instance ID can be configured per EID virtual routing and forwarding (VRF) context. When an instance ID is configured, this instance ID is included with the EID prefixes when they are registered with the Map Server. The Map Server must also include the same instance ID within the EID-prefix configurations for this LISP site. You can configure instance IDs on the MS by using the eid-prefix command in the lisp site command mode.
Note Virtualization support is not currently available for the LISP ALT, which means that it is also not supported on LISP PITRs.
This command does not require a license.
Examples
This example shows how to configure an instance ID on this xTR:
switch# configuration terminal
switch(config)# lisp xtr instance-id 123
Related Commands
Command Descriptioneid-prefix
Configures a list of EID-prefixes that are allowed in a Map-Register message sent by an ETR when registering to the Map-Server.
lisp loc-reach-algorithm
To configure a Locator/ID Separation Protocol (LISP) locator reachability algorithm, use the lisp loc-reach-algorithm command. To disable this functionality, use the no form of this command.
lisp loc-reach-algorithm {count-tcp | echo-nonce | rloc-probing}
no lisp loc-reach-algorithm {count-tcp | echo-nonce | rloc-probing}
Syntax Description
count-tcp
Enables the tcp-count locator reachability algorithm.
echo-nonce
Enables the echo-nonce locator reachability algorithm.
rloc-probing
Enables the rloc-probing locator reachability algorithm.
Defaults
Disabled
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the lisp loc-reach-algorithm command to enable or disable the selected LISP locator reachability algorithms. When a LISP site communicates with a remote LISP site, it maintains EID-to-RLOC mapping information in its local map cache. In order for a LISP site to maintain an accurate status of locators at remote LISP sites with which it is communicating, the xTR can be configured to use three different locator reachability algorithms: tcp-count, echo-nonce, and rloc-probing. Certain algorithms can only be enabled on certain devices.
The following locator reachability algorithms and their descriptions are as follows:
•The tcp-count algorithm is most useful when the traffic between the sites is asymmetric (but also works for symmetric traffic patterns). The count-tcp algorithm can only be enabled on ingress tunnel router (ITR) and Proxy ITR (PITR) devices. An egress tunnel router (ETR) does not need to participate. The count-tcp algorithm is particularly useful in PITRs because encapsulated traffic is not returned to a PITR. When count-tcp is configured, an ITR counts SYN and ACK TCP packets per locator to which it encapsulates packets. Over a 1-minute period, if SYNs-seen are non-zero and ACKs-seen are zero, the ITR assumes the locator is no longer reachable; the locator is marked to the down status and a switchover is made to another locator if one is available. After 3 minutes, the locator is brought back up and counting resumes.
•The echo-nonce algorithm works only when traffic is flowing in both directions between locators. You must enable the echo-nonce algorithm on both an ITR and ETR to have it operate correctly. You must not use the echo-nonce algorithm on a PITR because the echo-nonce algorithm requires bidirectional traffic flows between locators and encapsulated traffic is not returned to the PITR. When you configure echo-nonce, every 1 minute, an ITR requests that the nonce it is using in encapsulated packets be echoed back from the locator it is using. If data is still arriving from the locator but the nonce is not being echoed, the ITR assumes that the forward path is unreachable; the locator is marked to the down status and a switchover is made to another locator if one is available. After 3 minutes and if data is arriving from the locator, the ITR marks the locator up and starts sending nonce requests again.
•The rloc-probing algorithm works in most environments. The rloc-probing algorithm can be used on ITR, ETR, and PITR devices. When you configure the rloc-probing algorithm, the ITR sends a Map-Request to an ETR with the Probe-bit set. This action solicits a Map-Reply with the Probe-bit from the ETR. Use the rloc-probing algorithm only when the tcp-count and echo-nonce cannot determine the up and down status of the forwarding path. This algorithm is particularly useful for unidirectional traffic flows between two sites. In this case, an ETR that receives a Map-Request rloc-probe from an ITR can use the mapping data if supplied and if the ETR has accept-map-request-data configured. An ITR that receives a Map-Reply rloc-probe from an ETR can use the mapping data from the ETR's site for fast mapping data updates.
You can enable multiple algorithms concurrently, subject to the dependencies listed above with each algorithm.
You can view the status associated with each locator reachability algorithm by using the show ip lisp map-cache or show ipv6 lisp map-cache commands.
This command does not require a license.
Examples
This example shows how to configure the locator reachability algorithm rloc-probing functionality on a Cisco NX-OS device:
switch# configuration terminal
switch(config)# lisp loc-reach-algorithm rloc-probing
Related Commands
lisp mobility
To configure an interface on an ingress tunnel router (ITR) to participate in Locator/ID Separation Protocol (LISP) Virtual Machine (VM) mobility (dynamic-endpoint identifier (EID) roaming) for a specific dynamic-EID policy, use the lisp mobility command. To remove this functionality, use the no form of this command.
lisp mobility dynamic-EID-policy-name
no lisp mobility dynamic-EID-policy-name
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
In order for an interface on an xTR to participate in LISP Virtual Machine (VM) mobility (dynamic-EID roaming), it must be associated by name with a specific LISP dynamic-EID roaming policy. A LISP dynamic-EID roaming policy is configured by using the lisp dynamic-eid command. This policy is then associated with an interface when you enter the lisp mobility dynamic-eid-policy-name command, where the dynamic-eid-policy-name provides the association.
When a packet is received on an interface configured for LISP VM mobility, the packet is considered a candidate for LISP VM mobility (dynamic-EID roaming) and its source address is compared against the EID-prefix in the database-mapping entry (or entries) included as part of the specific lisp dynamic-eid policy. If there is a match, the rules associated with LISP dynamic-EID roaming are applied. If there is no match, the packet is forwarded natively (that is not LISP encapsulated).
You can apply multiple lisp mobility commands that refer to different dynamic-EID-policy-name instances to the same interface. Packets received on the interface are compared against all policies until a match is found or the packet discarded.
Caution In this release of LISP Virtual Machine (VM) Mobility, note these:
- When a dynamic-EID is roaming across subnets, you must configure it with a /32 IP address and an interface route to the default switch. For example, for a Linux or UNIX host, the following configuration:
ifconfig eth0 eid-address netmask 255.255.255.255
route add default any-switch-address
arp -s any-switch-address 00:00:0e:1d:01:0c
- All LISP VM-router interfaces (which is the interface the dynamic-EID will roam to) must have the same MAC address. You can configure interfaces by using the mac-address 0000.0e1d.010c command.
Note•This feature is available for both IPv4 and IPv6. However, this feature is tested for IPv4 only. In addition, while necessary ARP changes have been made for IPv4, similar required changes for ND for IPv6 have not been implemented.
•When you configure lisp extended-subnet-mode on an interface, any dynamic-EID prefixes configured by using lisp mobility commands on the same interface must have more specific prefixes than any overlapping subnet prefixes. For example, if lisp extended-subnet-mode is configured on an interface that has a base subnet of a /24, when you enter the lisp mobility dyn-eid-name command, the EID-prefix for dynamic-EID dyn-eid-name must be /25 or greater.
This command does not require a license.
Examples
This example shows how to configure the Roamer-1 policy defined under the LISP dynamic-EID configuration:
switch# configuration terminal
switch(config)# interface Ethernet 2/0
switch(config-if)# lisp mobility Roamer-1
Related Commands
lisp site
To configure a Locator/ID Separation Protocol (LISP) site and enter site configuration mode on a LISP Map-Server, use the lisp site command. To remove the LISP site, use the no form of this command.
lisp site site-name
no lisp site site-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
To properly register a Locator/ID Separation Protocol (LISP) egress tunnel router (ETR) with a Map Server, the Map Server must already have been configured with certain LISP site attributes that match the ETR attributes. At a minimum, these attributes include the EID-prefix(es) to be registered by the ETR, and a shared authentication key. On the ETR these attributes are configured by using the iplisp database-mapping, ipv6 lisp database-mapping, ip lisp etr map-server, and ipv6 lisp etr map-server commands.
When you enter the lisp site command, the referenced LISP site is created and you are placed in the site configuration mode. In this mode, all attributes associated with the referenced LISP site can be entered.
This command does not require a license.
Examples
This example shows how to configure the LISP site and enter the site command mode:
switch# configuration terminal
switch(config)# lisp site Customer-1
switch(config-lisp-site)#Related Commands
map-notify-group
To configure a discovering LISP-Virtual Machine (VM) switch to send a Map-Notify message to other LISP-VM switches within the same data center site so that they can also determine the location of the dynamic-EID, use the map-notify-group command. To remove this functionality, use the no form of this command.
map-notify-group ipv4-group-address
no map-notify-group ipv4-group-address
Syntax Description
ipv4-group-address
IPv4 multicast group address used for both sending and receiving site-based Map-Notify multicast messages.
Defaults
Disabled
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the map-notify-group command when dynamic-EID discovery is necessary in a multi-homed data center. When you configure a dynamic-EID with more than one locator in the locator set, any locator can decapsulate LISP packets that enter the data center. Because unicast packets that egress the data center go out a single LISP-VM switch, this switch is the only one that can discover the location of a roaming dynamic-EID. By using this command, the discovering LISP-VM switch sends Map-Notify messages to other LISP-VM switches (via the configured IPv4-group-address multicast group address) at the data center site, so that all LISP-VM switches can determine the location of the dynamic-EID.
The multicast group address is used for both sending and receiving site-based Map-Notify multicast messages. The interface that this multicast Map-Notify messages are received on is the interface used to send decapsulated packets to the dynamic-EID.
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy, enter the dynamic-EID configuration mode, and configure the map notify group:
switch# configuration terminal
switch(config)# lisp dynamic-eid Roamer-1
switch(config-lisp-dynamic-eid)# map-notify-group 239.1.1.254
Related Commands
Command Descriptionlisp mobility
Configures an interface on an ITR to participate in LISP VM-mobility (dynamic-EID roaming).
map-server
To configure the Map-Server to which the dynamic-endpoint identifier (EID) registers to when this policy is invoked, use the map-server command. To remove the configured reference to the Map-Server, use the no form of this command.
map-server locator key key-type password
no map-server locator key key-type password
map-server locator proxy-reply
no map-server locator proxy-reply
Syntax Description
Defaults
By default, no Map-Server is configured within a dynamic-EID policy and the configured map-server on the LISP-VM router (from the {ip|ipv6} lisp etr map-server command) is used to register the dynamic-EID.
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
In LISP VM mobility, when a dynamic-EID roams to the LISP-VM router, you must register the dynamic-EID to a Map-Server with its new attributes (the 3-tuple of (locator, priority, weight) according to the database-mapping dynamic-EID subcommand). The map-server dynamic-EID subcommand configures the Map-Server to which the dynamic-EID registers. The locator specified in the map-server command can be either an IPv4 or IPv6 address in the locator space.
You can configure multiple map-server commands so that registration can occur to different Map-Servers with either the same or different authentication keys.
Note You should configure the home Map-Server, the one that the dynamic-EID initially registered to, as the dynamic-EID Map-Server.
If you do not enter the map-server dynamic-EID subcommand command, the configured map-server on the LISP-VM router that was configured by using the {ip | ipv6} lisp etr map-server command is used to register the dynamic-EID.
If you configure the proxy-reply option, the Map-Register sends Map-Server requests that the Map-Server proxy map-reply on behalf of dynamic-EIDs when it receives a Map-Request for the dynamic-EID prefix.
This command does not require a license.
Examples
The following example shows how to configure the LISP dynamic-EID policy named Roamer-1, enter dynamic-EID configuration mode, and configure the Map-Server with IPv4 locator 10.1.1.1 for dynamic-EIDs that match this policy to register to. The Map-Server is also specified to proxy-reply on behalf of the dynamic-EID.
switch# configuration terminal
switch(config)# lisp dynamic-eid Roamer-1
switch(config-lisp-dynamic-eid)# map-server 10.1.1.1 key 3 1c27564ab1212434
switch(config-lisp-dynamic-eid)# map-server 10.1.1.1 proxy-reply
Related Commands
redistribute lisp route-map
To configure Border Gateway Protocol (BGP) running on a Locator/ID Separation Protocol (LISP) Map Server to redistribute and advertise EID-prefixes from registered LISP sites, use the redistribute lisp route-map command. To remove the configuration, use the no form of this command.
redistribute lisp route-map route-map
no redistribute lisp route-map route-map
Syntax Description
Defaults
None
Command Modes
BGP configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Map Server registers LISP sites, the EID-prefixes from these registered LISP sites are advertised through BGP into the virtual routing and forwarding (VRF) instance that is used by the Locator/ID Separation Protocol Alternative Topology (LISP-ALT). This action can be accomplished by using the redistribute lisp route-map command.
Only after an egress tunnel router (ETR) successfully registers through the Map-Registration process, the EID-prefixes from that LISP site are advertised in the URIB or U6RIB by the LISP process. BGP then redistributse the EID-prefixes, according to the route-map rules, into the LISP-ALT.
Note•We recommend that you use the route-tag under the eid-prefix command to simplify redistributing EID-prefixes into BGP.
•You must connect the Map Server to the LISP-ALT. For more information, see the ip lisp alt-vrf and ipv6 lisp alt-vrf command.
This command does not require a license.
Examples
This example shows how to configure redistribution of registered LISP site EID-prefixes, according to the rules of the route-map Valid-LISP:
switch# configuration terminal
switch(config)# switch bgp 65001
switch(config-switch)# vrf lisp
switch(config-switch-vrf)# address-family ipv4 unicast
switch(config-switch-vrf)# redistribute lisp route-map Valid-LISP
switch(config-switch-vrf)# address-family ipv6 unicast
switch(config-switch-vrf)# redistribute lisp route-map Valid-LISP
Related Commands
register-database-mapping
To configure the LISP Virtual Machine (VM) switch to register the dynamic-EID prefix from the database-mapping dynamic-EID subcommand rather than a more-specific host-EID, use the optional register-database-mapping command. To remove this optional functionality, use the no form of this command.
register-database-mapping
no register-database-mapping
Syntax Description
This command has no arguments or keywords.
Defaults
More-specific (host-EID) prefix is registered with the configured Map Server.
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the register-database-mapping command to cause the LISP VM switch to register the dynamic-EID prefix from the database-mapping dynamic-EID subcommand rather than (more-specific) dynamic host-EIDs to the Map Server. By default, host-based dynamic-EIDs are registered to the Map Server.
You can use the register-database-mapping command to support cloud applications. When a dynamic-EID matches the dynamic-EID-prefix from the database-mapping dynamic-EID subcommand, the entire dynamic-EID prefix is registered and all endpoint identifiers (EIDs) are moved to the new locator-set.
This command does not require a license.
Examples
This example shows how to configure the Locator/ID Separation Protocol (LISP) dynamic-EID policy, enter the dynamic-EID configuration mode, and configure the policy to register the entire dynamic-EID prefix instead of individual dynamic host EIDs:
switch# configuration terminal
switch(config)# lisp dynamic-eid Roamer-1
switch(config-lisp-dynamic-eid)# register-database-mapping
Related Commands
roaming-eid-prefix
To configure an optional endpoint identifier (EID) or list of EIDs to be considered as roaming dynamic-EIDs, use the roaming-eid-prefix command. To remove this optional functionality, use the no form of this command.
roaming-eid-prefix eid-prefix
no roaming-eid-prefix eid-prefix
Syntax Description
Defaults
Specific (host-EID) prefixes within the dynamic-EID-prefix range specified in the database-mapping dynamic-EID subcommand are individually registered with the configured Map Server.
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the roaming-eid-prefix command to apply further restrictions on deciding which EIDs are t dynamic-EIDs and allowed to roam onto the interfaces that you configured when you entered the matching dynamic-EID-policy-name by using the lisp mobility dynamic-EID-policy-name command.
When an EID is detected to be a candidate for dynamic-EID roaming and the optional roaming-eid-prefix command is used, the EID must be covered by the roaming-eid-prefix entry in order to be discovered. The EID-prefix listed in a database-mapping entry within the lisp dynamic-eid policy is registered with the Map Server specified in the map-server command. That is, the roaming-eid-prefix command restricts the discovery aspect of LISP VM Mobility (dynamic-EID roaming) for initiating Map-Server registration.
Note Without this command, any EID within the EID-prefix range configured via the database-mapping entry is discovered and registered.
The EID referenced by the roaming-eid-prefix command can be either an IPv4 or IPv6 address in the EID space.
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy, enter dynamic-EID configuration mode, configure the IPv4 dynamic-EID prefix with an IPv4 locator, and configure the roaming EID prefix with the more-specific EID as the only EID prefix that invokes registration:
switch# configuration terminal
switch(config)# lisp dynamic-eid Roamer-1
switch(config-lisp-dynamic-eid)# database-mapping 172.16.1.0/24 10.1.1.1 priority 1 weight 100
switch(config-lisp-dynamic-eid)# roaming-eid-prefix 172.16.1.12/32
Related Commands
show ip lisp
To display the IPv4 Locator/ID Separation Protocol (LISP) configuration status, use the show ip lisp command.
show ip lisp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display information about the current IPv4 LISP configuration status:
switch# show ip lisp
LISP IP Configuration Information for VRF "default" (iid 0)Ingress Tunnel Router (ITR): enabledEgress Tunnel Router (ETR): enabledProxy-ITR Router (PTR): disabledProxy-ETR Router (PETR): disabledMap Resolver (MR): disabledMap Server (MS): disabledLast-resort source locator: 172.22.156.23LISP-NAT Interworking: disabledITR send Map-Request: enabledITR send Data-Probe: disabledLISP-ALT vrf: not configuredITR Map-Resolver: 172.22.156.35ETR Map-Server(s): 172.22.156.35, 172.22.132.89Last Map-Register sent to MS: 00:00:45ETR glean mapping: disabled, verify disabledETR accept mapping data: disabled, verify disabledETR map-cache TTL: 24 hoursShortest EID-prefix allowed: /16Use Proxy-ETRs: 172.16.2.1Locator Reachability Algorithms:Echo-nonce algorithm: disabledTCP-counts algorithm: disabledRLOC-probe algorithm: disabledStatic mappings configured: 0Map-cache limit: 10000Map-cache size: 3ETR Database, global LSBs: 0x00000001:EID-prefix: 192.168.12.0/24, LSBs: 0x00000001Locator: 172.22.156.23, priority: 1, weight: 100Uptime: 09:27:15, state: up, localswitch#Table 1 describes the significant fields shown in the display.
Table 1 show ip lisp Field Descriptors
Related Commands
show ip lisp data-cache
To display the LISP IPv4 EID-to-RLOC data-cache mapping on an ITR, use the show ip lisp data-cache command.
show ip lisp data-cache [destination-EID]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ip lisp data-cache command on LISP ITR devices to display the LISP IPv4 EID-to-RLOC data-cache mappings. Data-cache mappings are built when a Map-Request is sent and are maintained until a valid (matching nonce) Map-Reply is received. The data-cache entry is then moved to the map-cache.
This command does not require a license.
Examples
This example shows how to display the LISP IPv4 EID-to-RLOC data-cache mapping on an ITR:
switch# show ip lisp data-cache
LISP IP Mapping Data Cache for Context "default", 0 entries, hwm: 4Complete entries removed after 15-second period: 0Incomplete entries removed after 1-minute period: 0switch#Related Commands
Command Descriptionip lisp map-cache
Displays the current dynamic and static IPv4 EID-to-RLOC map-cache entries.
show ip lisp database
To display LISP ETR configured local IPv4 EID-prefixes and associated locator sets, use the show ip lisp database command in privileged EXEC mode.
show ip lisp database [vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ip lisp database command on LISP ETR devices to display the configured local IPv4 EID-prefixes and associated locator set(s).
This command does not require a license.
Examples
This example shows how to display the configured local IPv4 EID-prefixes and associated locator set:
switch# show run
...<skip>...!ip lisp database-mapping 192.168.12.0/24 172.22.156.23 priority 1 weight 100!switch# show ip lisp database
LISP ETR IP Mapping Database for VRF "default" (iid 0), global LSBs: 0x00000001EID-prefix: 192.168.12.0/24, instance-id: 0, LSBs: 0x00000001Locator: 172.22.156.23, priority: 1, weight: 100Uptime: 10:36:59, state: up, localswitch#Related Commands
Command Descriptionip lisp database-mapping
Configures an IPv4 EID-to-RLOC mapping relationship and its associated traffic policy.
show ip lisp locator-hash
To display source and destination locators that are used for a given IPv4 source and destination EID pair, use the show ip lisp locator-hash command.
show ip lisp locator-hash {source-EID dest-EID} | dest-EID-prefix} [vrf vrf-name]
Syntax Description
source-EID
IPv4 source EID.
dest-EID
IPv4 destination EID.
dest-EID-prefix
IPv4 destination EID-prefix.
vrf vrf-name
(Optional) Specifies the vrf within which to resolve EIDs.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ip lisp database command is used to display the source and destination locators that are used for a given IPv4 source and destination EID pair as the result of the locator hashing process. The source locator is chosen based on the source EID from the EID-prefix database configured by using the ip lisp etr database-mapping command. The destination locator is selected by finding the destination EID in the EID-to-RLOC map-cache.
When the dest-EID-prefix argument is used, the locator hash array is display, indicating which locator will be used for each of 25 different flow hash buckets.
When the vrf keyword is used, IPv4 EIDs are resolved within the specified VRF in order to display the locator-hash.
This command does not require a license.
Examples
This example shows how to display source and destination locators that are used for a given IPv4 source and destination EID pair:
switch# show ip lisp database
LISP ETR IP Mapping Database for VRF "default", global LSBs: 0x00000001EID-prefix: 153.16.12.0/24, LSBs: 0x00000001Locator: 128.223.156.23, priority: 1, weight: 100Uptime: 04:14:41, state: up, localswitch# show ip lisp map-cache
---<skip>---153.16.11.0/24, uptime: 04:12:35, expires: 19:47:24, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out67.169.7.150 04:12:35 up 1/100 1968/1967 3/2switch# show ip lisp locator-hash 153.16.12.1 153.16.11.1
EIDs 153.16.12.1 -> 153.16.11.1 yields:RLOCs 128.223.156.23 -> 67.169.7.150Address hash: 0x07 (7), hash bucket: 7, RLOC index: 0switch#Related Commands
Command Descriptionip lisp database-mapping
Configures an IPv4 EID-to-RLOC mapping relationship and its associated traffic policy.
show ip lisp map-cache
To display the current dynamic and static IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) map-cache entries, use the show ip lisp map-cache command.
show ip lisp map-cache [destination-EID | destination-EID-prefix/prefix-length | vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The show ip lisp map-cache command is used to display the current dynamic and static IPv4 EID-to-RLOC map-cache entries. When no IPv4 EID or IPv4 EID-prefix is specified, a summary of information is listed for all current dynamic and static IPv4 EID-to-RLOC map-cache entries. When an IPv4 EID or IPv4 EID-prefix, information is listed for the longest-match lookup in the cache. When you use the vrf keyword, summary information related to the referenced vrf name is listed.
This command does not require a license.
Examples
This example shows how to display a summary list of current dynamic and static IPv4 EID-to-RLOC map-cache entries:
switch# show ip lisp map-cache
LISP IP Mapping Cache for VRF "default", 4 entries153.16.1.0/24, uptime: 04:41:40, expires: 19:18:19, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out129.250.1.255 04:41:40 up 254/0 0/0 0/0129.250.26.242 04:41:40 up 1/100 1139/1138 1/0---<skip>---switch#This example shows how to display a specific IPv4 EID-prefix information that is associated with that IPv4 EID prefix entry:
switch# show ip lisp map-cache 153.16.11.0/24
LISP IP Mapping Cache for VRF "default", 4 entries153.16.11.0/24, uptime: 04:43:21, expires: 19:16:38, via map-reply, authState: complete, last modified: 04:43:21, map-source: 67.169.7.150Locator Uptime State Priority/ Data ControlWeight in/out in/out67.169.7.150 04:43:21 up 1/100 2214/2213 3/2Last up/down state change: 04:43:21, state change count: 0Last data packet in/out: 00:00:14/00:00:14Last control packet in/out: 00:45:23/00:45:23Last priority/weight change: never/neverswitch#Related Commands
show ip lisp statistics
To display Locator/ID Separation Protocol (LISP) IPv4 address-family packet count statistics, use the show ip lisp statistics command.
show ip lisp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ip lisp statistics command to display IPv4 LISP statistics related to packet encapsulations, deencapsulations, map requests, map replies, map-registers, and other LISP-related packets.
This command does not require a license.
Examples
This example shows how to display LISP IPv4 address-family packet count statistics:
switch# show ip lisp statistics
LISP Statistics for VRF "default" - last cleared: neverData Forwarding:IPv4-in-IPv4 encap/decap packets: 4687/33220IPv4-in-IPv6 encap/decap packets: 0/3555Translated packets in/out: 0/0Map-cache lookup succeeded/failed: 5908/78LISP-ALT lookup succeeded/failed: 0/0Packets with SMRs in/out: 0/0Loc-reach-bit changes local/remote: 0/0Control Packets:Data-Probes in/out: 0/0Map-Requests in/out: 654/90Encapsulated Map-Requests in/out: 0/90RLOC-probe Map-Requests in/out: 607/0Map-Replies in/out: 73/654Authoritative in/out: 4/654Non-authoritative in/out: 69/0Negative Map-Replies in/out: 69/0RLOC-probe Map-Replies in/out: 0/607Map-Registers in/out: 0/294Authentication failures: 0Errors:Encapsulations failed: 78Map-Request format errors: 0Map-Reply format errors: 0Map-Reply spoof alerts: 0Cache Related:Cache entries created/timed-out: 40/36Number of EID-prefixes in map-cache: 4Number of negative map-cache entries: 1Number of translation cache entries: 0Total number of RLOCs in map-cache: 6Number of best-priority RLOCs: 5Average RLOCs per EID-prefix: 1switch#Related Commands
show ip lisp translation-cache
To display the Locator/ID Separation Protocol (LISP) IPv4 address translation cache and statistics associated with each entry, use the show ip lisp translation-cache command.
show ip lisp translation-cache [non-routable-EID]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The show ip lisp translation-cache command is applicable only when the ip lisp translate command is used to configure LISP translation.
When you use the non-routable-EID argument, only the statistics associated with that single translation are displayed.
This command does not require a license.
Examples
This example shows how to display the LISP IPv4 address translation cache and statistics associated with each entry:
switch# show ip lisp translate-cache
LISP EID Translation Cache for VRF "default" - 1 entriesInside: 10.1.1.1 outside: 172.16.1.1, ingress/egress count: 0/0Last ingress packet: never, last egress packet: neverswitch#Related Commands
show ipv6 lisp
To display the only IPv6 configuration status, use the show ipv6 lisp command.
show ipv6 lisp
Syntax Description
This command has no arguments or keywords
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the LISP IPv6 configuration status:
switch# show ipv6 lisp
LISP IPv6 Configuration Information for VRF "default" (iid 0)Ingress Tunnel Router (ITR): enabledEgress Tunnel Router (ETR): enabledProxy-ITR Router (PTR): disabledProxy-ETR Router (PETR): disabledMap Resolver (MR): disabledMap Server (MS): disabledLast-resort source locator: 2001:db8:d01:9c::80df:9c17LISP-NAT Interworking: disabledITR send Map-Request: enabledITR send Data-Probe: disabledLISP-ALT vrf: not configuredITR Map-Resolver: 172.22.156.35ETR Map-Server(s): 172.22.156.35, 172.22.132.89Last Map-Register sent to MS: 00:00:20ETR glean mapping: disabled, verify disabledETR accept mapping data: disabled, verify disabledETR map-cache TTL: 24 hoursSend IP Map-Reply: enabledShortest EID-prefix allowed: /48Use Proxy-ETRs: 172.16.2.1Locator Reachability Algorithms:Echo-nonce algorithm: disabledTCP-counts algorithm: disabledRLOC-probe algorithm: disabledStatic mappings configured: 0Map-cache limit: 1000Map-cache size: 3ETR Database, global LSBs: 0x00000001:EID-prefix: 2001:db8:1203::/48, LSBs: 0x00000001Locator: 172.22.156.23, priority: 1, weight: 100Uptime: 09:27:51, state: up, localswitch#Table 2 describes the significant fields shown in the display.
Table 2 show ip6 lisp Field Descriptors
Related Commands
show ipv6 lisp data-cache
To display the Locator/ID Separation Protocol (LISP) IPv6 endpoint identifier to Routing Locator (EID-to-RLOC) data-cache mapping on an ITR, use the show ipv6 lisp data-cache command.
show ipv6 lisp data-cache [destination-EID]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ipv6 lisp data-cache command on LISP ITR devices to display the LISP IPv6 EID-to-RLOC data-cache mappings. Data-cache mappings are built when a Map Request is sent and are maintained until a valid (matching nonce) Map Reply is received. The data-cache entry is then moved to the map cache.
This command does not require a license.
Examples
This example shows how to display the LISP IPv6 EID-to-RLOC data-cache mapping on an ITR:
switch# show ipv6 lisp data-cache
LISP IPv6 Mapping Data Cache for Context "default", 0 entries, hwm: 1Complete entries removed after 15-second period: 0Incomplete entries removed after 1-minute period: 1switch#Related Commands
Command Descriptionipv6 lisp map-cache
Displays the current dynamic and static IPv6 EID-to-RLOC map-cache entries.
show ipv6 lisp database
To display Locator/ID Separation Protocol (LISP) egress tunnel router (ETR) configured local IPv6 EID-prefixes and associated locator sets, use the show ip lisp database command.
show ipv6 lisp database [vrf vrf-name]
Syntax Description
vrf vrf-name
(Optional) Displays information for the specified virtual routing and forwarding (VRF).
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ipv6 lisp database command on LISP ETR devices to display the configured local IPv6 EID-prefixes and associated locator set.
This command does not require a license.
Examples
This example shows how to display the configured local IPv6 EID-prefixes and the associated locator set:
switch# show ipv6 lisp database
LISP ETR IPv6 Mapping Database for VRF "default" (iid 0), global LSBs: 0x0000000fEID-prefix: 2001:db8:1209::/48, instance-id: 0, LSBs: 0x0000000f172.22.156.222, priority: 1, weight: 100, state: up, localswitch#Related Commands
Command Descriptionipv6 lisp database-mapping
Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
show ipv6 lisp locator-hash
To display source and destination locators that are used for a given IPv6 source and destination endpoint identifier (EID) pair, use the show ip lisp locator-hash command.
show ipv6 lisp locator-hash {source-EID dest-EID} | dest-EID-prefix} [vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ipv6 lisp locator-hash command to display the source and destination locators that are used for a given IPv4 source and destination EID pair as the result of the locator hashing process. The source locator is chosen based on the source EID from the EID-prefix database that you configured by using the ipv6 lisp etr database-mapping command. The destination locator is selected by finding the destination EID in the EID-to-RLOC map cache.
When you use the dest-EID-prefix argument, the locator hash array appears, indicating which locator is used for each of 25 different flow hash buckets.
When you use the vrf keyword, IPv4 EIDs are resolved within the specified VRF in order to display the locator-hash.
This command does not require a license.
Examples
This example shows how to display source and destination locators that are used for a given IPv6 source and destination EID pair:
switch# show ipv6 lisp map-cache
---<skip>---2610:d0:210f::/48, uptime: 04:18:39, expires: 19:41:20, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 04:18:39 up 0/100 0/0 0/02001:6e0:4:2::2 04:18:39 up 0/100 0/0 0/0switch# show ipv6 lisp locator-hash 2610:d0:1203::1 2610:d0:210f::1
EIDs 2610:d0:1203::1 -> 2610:d0:210f::1 yields:RLOCs 128.223.156.23 -> 85.184.2.10Address hash: 0x00 (0), hash bucket: 0, RLOC index: 0switch#The example shows how to display the full locator hash bucket for the IPv6 destination EID-prefix:
switch# show ipv6 lisp locator-hash 2610:d0:210f::/48
RLOC Hash Indexes for EID-prefix 2610:d0:210f::/48:[00000-00000-00000-00000-00000]switch#Related Commands
Command Descriptionipv6 lisp database-mapping
Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
show ipv6 lisp map-cache
To display the current dynamic and static IPv6 endpoint identifier to Routing Locator (EID-to-RLOC) map-cache entries, use the show ipv6 lisp map-cache command.
show ipv6 lisp map-cache [destination-EID | destination-EID-prefix/prefix-length | vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ipv6 lisp map-cache command to display the current dynamic and static IPv6 EID-to-RLOC map-cache entries. When you do not specify IPv6 EID or IPv6 EID-prefix, a summary of information is listed for all current dynamic and static IPv4 EID-to-RLOC map-cache entries.
This command does not require a license.
Examples
This example shows how to display a summary of current dynamic and static IPv6 EID-to-RLOC map-cache entries:
switch# show ipv6 lisp map-cacheLISP IPv6 Mapping Cache for VRF "default", 1 entries2610:d0:210f::/48, uptime: 04:48:44, expires: 19:11:15, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 04:48:44 up 0/100 0/0 0/02001:6e0:4:2::2 04:48:44 up 0/100 0/0 0/0---<skip>---switch#This example shows how to displays information associated with that IPv6 EID prefix entry with a specific IPv6 EID-prefix:
switch# show ipv6 lisp map-cache 2610:d0:210f::/48LISP IPv6 Mapping Cache for VRF "default", 1 entries2610:d0:210f::/48, uptime: 04:50:43, expires: 19:09:16, via map-reply, authState: complete, last modified: 04:50:43, map-source: 85.184.2.10Locator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 04:50:43 up 0/100 0/0 0/0Last up/down state change: 04:50:43, state change count: 0Last data packet in/out: never/neverLast control packet in/out: never/neverLast priority/weight change: never/never2001:6e0:4:2::2 04:50:43 up 0/100 0/0 0/0Last up/down state change: 04:50:43, state change count: 0Last data packet in/out: never/neverLast control packet in/out: never/neverLast priority/weight change: never/neverswitch#Related Commandsswitch# show ipv6 lisp map-cache
Related CommandsLISP IPv6 Mapping Cache for VRF "default", 1 entries
Related Commands
Related Commands2610:d0:210f::/48, uptime: 04:48:44, expires: 19:11:15, via map-reply, auth
Related Commands Locator Uptime State Priority/ Data Control
Related Commands Weight in/out in/out
Related Commands 85.184.2.10 04:48:44 up 0/100 0/0 0/0
Related Commands 2001:6e0:4:2::2 04:48:44 up 0/100 0/0 0/0
Related Commands---<skip>---
Related Commandsswitch#
Related CommandsThe following sample output from the show ipv6 lisp map-cache command with a specific IPv6 EID-prefix displays detailed information associated with that IPv6 EID prefix entry.
Related Commandsswitch# show ipv6 lisp map-cache 2610:d0:210f::/48
Related CommandsLISP IPv6 Mapping Cache for VRF "default", 1 entries
Related Commands
Related Commands2610:d0:210f::/48, uptime: 04:50:43, expires: 19:09:16, via map-reply, auth
Related Commands State: complete, last modified: 04:50:43, map-source: 85.184.2.10
Related Commands Locator Uptime State Priority/ Data Control
Related Commands Weight in/out in/out
Related Commands 85.184.2.10 04:50:43 up 0/100 0/0 0/0
Related Commands Last up/down state change: 04:50:43, state change count: 0
Related Commands Last data packet in/out: never/never
Related Commands Last control packet in/out: never/never
Related Commands Last priority/weight change: never/never
Related Commands 2001:6e0:4:2::2 04:50:43 up 0/100 0/0 0/0
Related Commands Last up/down state change: 04:50:43, state change count: 0
Related Commands Last data packet in/out: never/never
Related Commands Last control packet in/out: never/never
Related Commands Last priority/weight change: never/never
Related CommandsRo
Command Descriptionshow ipv6 lisp
Displays the IPv6 LISP configuration status for the local device.
show ipv6 lisp statistics
To display LISP IPv6 address-family packet count statistics, use the show ipv6 lisp statistics command.
show ipv6 lisp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ip lisp statistics command to display IPv6 LISP statistics related to packet encapsulations, deencapsulations, map requests, map- eplies, map registers, and other LISP-related packets.
This command does not require a license.
Examples
This example shows how to display LISP IPv6 address-family packet count statistics:
switch# show ipv6 lisp statistics
LISP Statistics for VRF "default" - last cleared: neverData Forwarding:IPv6-in-IPv4 encap/decap packets: 1239/0IPv6-in-IPv6 encap/decap packets: 0/0Translated packets in/out: 0/0Map-cache lookup succeeded/failed: 2461/1260LISP-ALT lookup succeeded/failed: 0/0Packets with SMRs in/out: 0/0Loc-reach-bit changes local/remote: 0/0Control Packets:Data-Probes in/out: 0/0Map-Requests in/out: 1219/1280Encapsulated Map-Requests in/out: 0/1280RLOC-probe Map-Requests in/out: 0/0Map-Replies in/out: 1243/1217Authoritative in/out: 1243/1219Non-authoritative in/out: 0/0Negative Map-Replies in/out: 0/0RLOC-probe Map-Replies in/out: 0/0Map-Registers in/out: 0/614Authentication failures: 0Errors:Encapsulations failed: 1260Map-Request format errors: 0Map-Reply format errors: 0Map-Reply spoof alerts: 0Cache Related:Cache entries created/timed-out: 32/27Number of EID-prefixes in map-cache: 5Number of negative map-cache entries: 4Number of translation cache entries: 0Total number of RLOCs in map-cache: 6Number of best-priority RLOCs: 6Average RLOCs per EID-prefix: 1switch#Related Commands
Command Descriptionshow ipv6 lisp
Displays the IPv6 LISP configuration status for the local device.
show ipv6 lisp translation-cache
To display the Locator/ID Separation Protocol (LISP) IPv6 address translation cache and statistics associated with each entry, use the show ipv6 lisp translation-cache command.
show ipv6 lisp translation-cache [non-routable-EID]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The show ipv6 lisp translation-cache command is applicable only when the ipv6 lisp translate command is used to configure LISP translation.
When you use the non-routable-EID argument, only the statistics that are associated with that single translation are displayed.
This command does not require a license.
Examples
This example shows how to display the LISP IPv6 address translation cache and statistics associated with each entry:
switch# show ipv6 lisp translate-cache
LISP EID Translation Cache for VRF "default" - 1 entriesInside: 2001:db8:aa::1 outside: 2001:db8:bb::1, ingress/egress count: 0/0Last ingress packet: never, last egress packet: neverswitch#Related Commands
Command Descriptionshow ipv6 lisp
Displays the IPv6 LISP configuration status for the local device.
show lisp dynamic-eid
To display the Locator/ID Separation Protocol (LISP) dynamic-endpoint identifiers (EIDs) configured and discovered on this device, use the show lisp dyanmic-eid command.
show lisp dyanmic-eid [summary] [dynamic-eid-name] [detail]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show lisp dyanmic-eid command on LISP VM routers to display information related to LISP dynamic-EIDs configured and discovered on the Cisco NX-OS device. The displayed output includes the number of roaming dynamic-EIDs configured, associated database-mapping information, and the number of roaming dynamic-EIDs.
When you use the summary keyword, a one-line listing is presented per discovered dynamic-EID. When the dynamic-eid-name entry is listed, information related to that single entry appears. When you use the detail keyword, a list of discovered roaming EIDs appears.
This command does not require a license.
Examples
This example shows how to display summary information related to all configured and discovered LISP LISP dynamic-EIDs:
switch# show lisp dynamic-eid
LISP Dynamic EID Information for VRF "default"Dynamic-EID name: DarrelDatabase-mapping EID-prefix: 153.16.19.2/32, registering more-specificsLocator: 173.8.188.25, priority: 1, weight: 50, localLocator: 173.8.188.26, priority: 1, weight: 50, localMap-Server(s): 204.69.200.7Number of roaming dynamic-EIDs discovered: 0switch#show lisp proxy-itr
To display a list of Proxy-ITRs (PITRs) that have been discovered through Map-Requests, use the show lisp proxy-itr command.
show lisp proxy-itr [vrf vrf-name]
Syntax Description
vrf vrf-name
(Optional) Specifies the virtual routing and forwarding (VRF) instance with which to clear the locator address of the PITR.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Becasue of the unidirectional nature of data flows for Proxy-ITRs (PITRs), an xTR never has a map-cache entry that contains locators for PITRs. However, when an xTR receives a Map-Request from a PITR for an endpoint identifier to Routing Locator (EID-to-RLOC) mapping resolution, the locator address of the PITR is saved (separately from the map cache) by an xTR there is a need to send Solicit-Map-Requests (SMRs) to other LISP devices, including PITRs. The number of locators currently cached is eight (8).
The show lisp proxy-itr command displays the list of PITRs that have been discovered through Map-Requests. When you use the vrf keyword, all PITR locators associated with this VRF are displayed.
This command does not require a license.
Examples
This example shows how to display a list of PITRs that have been discovered through Map-Requests:
switch# show lisp proxy-itr
Discovered Proxy-ITRs (PITRs) in VRF "default"10.20.10.60switch#show lisp site
To display configured Locator/ID Separation Protocol (LISP) sites on a LISP Map-Server, use the show lisp site command.
show lisp site [{EID | EID-prefix} [[instance-id iid] | site-name] [vrf vrf-name] [detail]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The show lisp site command is used on a LISP Map-Server to display information related to configured LISP sites. The displayed output indicates whether a site is actively registered.
This command does not require a license.
Examples
This example shows how to display the configured LISP sites on a LISP Map-Server:
switch# show lisp site
LISP Site Registration Information for VRF "default"* = truncated IPv6 addressSite Name Last Actively Who last EID-prefixRegistered Registered Registeredcisco-it-xtr 00:00:47 yes 172.16.81.170 2001:db8:110c::/4800:00:18 yes 172.17.81.170 192.168.5.0/24dmm-xtr-1 00:00:56 yes 172.30.156.134 2001:db8:1200::/4800:00:56 yes 172.31.65.94 192.168.10.0/24dmm-xtr-2 00:00:48 yes 172.30.156.23 2001:db8:1203::/48never no -- 192.168.12.0/24switch#This example shows how to display detailed information related specifically to a LISP site:
switch# show lisp site dmm-xtr-1
LISP Site Registration Information for VRF "default"* = truncated IPv6 addressSite name: "dmm-xtr-1"Description: none configuredAllowed configured locators: anyAllowed EID-prefixes:Configured EID-prefix: 2001:db8:1200::/48, instance-id: 0Currently registered: yesFirst registered: 07:54:01Last registered: 00:00:10Who last registered: 172.30.156.134Routing table tag: 0x00000000Proxy Replying: noWants Map-Notifications: noRegistered TTL: 1440 minutesRegistered locators:Registered locators:172.30.156.134 (up), priority: 1, weight: 50172.31.65.94 (up), priority: 1, weight: 50Registration errors:Authentication failures: 0Allowed locators mismatch: 0Configured EID-prefix: 192.168.10.0/24, instance-id: 0Currently registered: yesFirst registered: 2w0dLast registered: 00:00:36Who last registered: 172.30.156.134Routing table tag: 0x00000000Proxy Replying: noWants Map-Notifications: noRegistered TTL: 1440 minutesRegistered locators:172.30.156.134 (up), priority: 1, weight: 50172.31.65.94 (up), priority: 1, weight: 50Registration errors:Authentication failures: 0Allowed locators mismatch: 0switch#Related Commands