Licensing Requirements
For a complete explanation of Cisco NX-OS licensing recommendations and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure the basic Cisco NX-OS Locator/ID Separation Protocol (LISP) functionality on all LISP-related devices, including the Ingress Tunnel Router (ITR), Egress Tunnel Router, Proxy ITR (PITR), Proxy ETR (PETR), Map Resolver (MR), Map Server (MS), and LISP-ALT device.
This chapter contains the following sections:
For a complete explanation of Cisco NX-OS licensing recommendations and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
The Locator/ID Separation Protocol (LISP) network architecture and protocol implements a new semantic for IP addressing by creating two new namespaces: Endpoint Identifiers (EIDs), which are assigned to end hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system. Splitting EID and RLOC functions improves routing system scalability, multihoming efficiency, and ingress traffic engineering. LISP end site support is configured on devices such as Cisco routers.
In the current Internet routing and addressing architecture, the IP address is used as a single namespace that simultaneously expresses two functions about a device: its identity and how it is attached to the network. One very visible and detrimental result of this single namespace is demonstrated by the rapid growth of the Internet's default-free zone (DFZ) as a consequence of multi-homing, traffic engineering (TE), nonaggregatable address allocations, and business events such as mergers and acquisitions.
LISP changes current IP address semantics by creating two new namespaces: Endpoint Identifiers (EIDs) that are assigned to end-hosts and Routing Locators (RLOCs) that are assigned to devices (primarily routers) that make up the global routing system. These two namespaces provide the following advantages:
Improved routing system scalability by using topologically aggregated RLOCs
Provider independence for devices numbered out of the EID space
Multihoming of endsites with improved traffic engineering
IPv6 transition functionality
LISP is deployed primarily in network edge devices. It requires no changes to host stacks, Domain Name Service (DNS), or local network infrastructure, and little to no major changes to existing network infrastructures.
The LISP EID namespace represents customer end sites as they are defined today. The only difference is that the IP addresses used within these LISP sites are not advertised within the non-LISP, Internet (RLOC namespace). End customer LISP functionality is deployed exclusively on CE routers that function within LISP as Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) devices.
Note |
The ITR and ETR are abbreviated as xTR in the figure. |
To fully implement LISP with support for Mapping Services and Internet interworking, you might need to deploy additional LISP infrastructure components such as Map Server (MS), Map Resolver (MR), Proxy Ingress Tunnel Router (PITR), Proxy Egress Tunnel Router (PETR), and Alternative Topology (ALT).
The following devices are found in a full LISP deployment:
The LISP site devices are as follows:
Ingress Tunnel Router (ITR)—This device is deployed as a LISP site edge device. It receives packets from site-facing interfaces (internal hosts) and either LISP encapsulates packets to remote LISP sites or the ITR natively forwards packets to non-LISP sites.
Egress Tunnel Router (ETR)—This device is deployed as a LISP site edge device. It receives packets from core-facing interfaces (the Internet) and either decapsulates LISP packets or delivers them to local EIDs at the site.
Note |
Customer Edge (CE) devices can implement both ITR and ETR functions. This type of CE device is referred to as an xTR. The LISP specification does not require a device to perform both ITR and ETR functions, however. For both devices, the EID namespace is used inside the sites for end-site addresses for hosts and routers. The EIDs go in DNS records. The EID namespace is not globally routed in the underlying Internet. The RLOC namespace is used in the (Internet) core. RLOCs are used as infrastructure addresses for LISP routers and ISP routers and are globally routed in the underlying infrastructure. Hosts do not know about RLOCs, and RLOCs do not know about hosts. |
The LISP infrastructure devices are as follows:
Map Server (MS)—This device is deployed as a LISP Infrastructure component. It must be configured to permit a LISP site to register to it by specifying for each LISP site the EID prefixes for which registering ETRs are authoritative. An authentication key must match the key that is configured on the ETR. An MS receives Map-Register control packets from ETRs. When the MS is configured with a service interface to the LISP ALT, it injects aggregates for the EID prefixes for registered ETRs into the ALT. The MS also receives Map-Request control packets from the ALT, which it then encapsulates to the registered ETR that is authoritative for the EID prefix being queried.
Map Resolver (MR)—This device is deployed as a LISP Infrastructure device. It receives Map-Requests encapsulated to it from ITRs. When configured with a service interface to the LISP ALT, the MR forwards Map Requests to the ALT. The MR also sends Negative Map-Replies to ITRs in response to queries for non-LISP addresses.
Alternative Topology (ALT)—This is a logical topology and is deployed as part of the LISP Infrastructure to provide scalable EID prefix aggregation. Because the ALT is deployed as a dual-stack (IPv4 and IPv6) Border Gateway Protocol (BGP) over Generic Routing Encapsulation (GRE) tunnels, you can use ALT-only devices with basic router hardware or other off-the-shelf devices that can support BGP and GRE.
The LISP internetworking devices are as follows:
Proxy ITR (PITR)—This device is a LISP infrastructure device that provides connectivity between non-LISP sites and LISP sites. A PITR advertises coarse-aggregate prefixes for the LISP EID namespace into the Internet, which attracts non-LISP traffic destined to LISP sites. The PITR then encapsulates and forwards this traffic to LISP sites. This process not only facilitates LISP/non-LISP internetworking but also allows LISP sites to see LISP ingress traffic engineering benefits from non-LISP traffic.
Proxy ETR (PETR)—This device is a LISP infrastructure device that allows IPv6 LISP sites without native IPv6 RLOC connectivity to reach LISP sites that only have IPv6 RLOC connectivity. In addition, the PETR can also be used to allow LISP sites with Unicast Reverse Path Forwarding (URPF) restrictions to reach non-LISP sites.
LISP has the following configuration guidelines and limitations:
LISP requires the Cisco Nexus 7000 Series 32-Port, 10 Gigabit Ethernet (M1) module (N7K-M132XP-12 or N7K-M132XP-12L), with Electronic Programmable Logic Device (EPLD) version 186.008 or later.
Use an Overlay Transport Virtualization (OTV) or another LAN extension mechanism to filter the HSRP hello messages across the data centers to create an active-active HSRP setup and provide egress path optimization for the data center hosts.
Make sure that the HSRP group and the HSRP Virtual IP address in all data centers in the extended LAN are the same. Keeping the HSRP group number consistent across locations guarantees that the same MAC address is always used for the virtual first-hop gateway.
LISP VM mobility across subnets requires that the same MAC address is configured across all HSRP groups that allow dynamic EIDs to roam. You must enable the Proxy Address Resolution Protocol (ARP) for the interfaces that have VM mobility enabled across subnets.
LISP is not supported for F2 Series modules.
From Release 8.2(1), LISP is supported on F3 and M3 line cards.
This table lists the default settings for LISP parameters.
Parameters |
Default |
---|---|
feature lisp command |
Disabled |
Configuring Locator/ID Separation Protocol
You can enable the LISP feature on the Cisco NX-OS device.
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
Step 2 |
feature lisp Example:
|
Enables the LISP feature set if it is not already configured. |
Configuring LISP ITR/ETR (xTR) Functionality
You can enable and configure a LISP xTR with a LISP Map-Server and Map-Resolver for mapping services for both IPv4 and IPv6 address families.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 2 |
{ ip | ipv6} lisp itr Example:
Example:
|
Enables LISP ITR functionality. |
||
Step 3 |
{ ip | ipv6} lisp etr Example:
Example:
|
Enables LISP ETR functionality. |
||
Step 4 |
(Optional) { ip | ipv6} lisp itr-etr Example:
Example:
|
(Optional)
Enables both the LISP ITR and the LISP ETR functionality. When both ITR and ETR functionality is being enabled on the same device, the configuration can be simplified by using this command instead of the { ip | ipv6} lisp itr and { ip | ipv6} lisp etr commands separately. |
||
Step 5 |
{ ip | ipv6} lisp itr map-resolver map-resolver-address Example:
Example:
|
Configures the locator address of the Map-Resolver to which this router sends Map-Request messages for IPv4 or IPv6 EIDs.
|
||
Step 6 |
{ ip | ipv6} database-mapping EID-prefix/prefixlength locator priority priority weight weight Example:
Example:
|
Configures an EID-to-RLOC mapping relationship and associated traffic policy for all IPv4 or IPv6 EID prefix(es) for this LISP site.
|
||
Step 7 |
{ ip | ipv6} lisp etr map-server map-server-address key key-type authentication-key Example:
Example:
|
Configures the locator address of the LISP Map-Server to which this router, acting as an IPv4 or IPv6 LISP ETR, registers.
|
||
Step 8 |
exit Example:
|
Exits global configuration mode. |
||
Step 9 |
(Optional) show { ip | ipv6} lisp Example:
Example:
|
(Optional)
Displays all configured IPv4 or IPv6 LISP configuration parameters. |
Complete the optional LISP xTR parameters as needed.
You can configure optional capability for the LISP xTR.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 2 |
(Optional) { ip | ipv6} lisp etr accept-map-request-mapping [ verify] Example:
Example:
|
(Optional)
Configures the LISP ETR to cache IPv4 or IPv6 mapping data contained in a Map-Request message received from the Map-Server on behalf of a LISP ITR. The verify keyword allows the mapping data to be cached but not used for forwarding packets until the ETR can send its own Map-Request to one of the locators from the mapping data record and receive a Map-Reply with the same data in response. By default, the router does not cache mapping data contained in a Map-Request message. |
||
Step 3 |
(Optional) { ip | ipv6} lisp ip lisp etr map-cache-ttl time-to-live Example:
Example:
|
(Optional)
Configures the time-to-live (TTL) value, in minutes, inserted into LISP Map-Reply messages sent by this ETR. |
||
Step 4 |
(Optional) { ip | ipv6} lisp map-cache-limit cache-limit [ reserve-list list] Example:
Example:
|
(Optional)
Configures the maximum number of LISP map-cache entries allowed to be stored. By default, the LISP map-cache limit is 1000 entries. |
||
Step 5 |
(Optional) { ip | ipv6} lisp map-request-source source-address Example:
Example:
|
(Optional)
Configures the address to be used as the source address for LISP Map-Request messages. By default, one of the locator addresses configured with the ip lisp database-mapping or ipv6 lisp database-mapping command is used as the default source address for LISP Map-Request messages. |
||
Step 6 |
(Optional) { ip | ipv6} lisp path-mtu-discovery { min lower-bound| max upper-bound} Example:
Example:
|
(Optional)
Configures the minimum and maximum MTU settings for the LISP router for path-mtu-discovery. By default, path-mtu-discovery is enabled by the LISP router.
|
||
Step 7 |
(Optional) [ no] lisp loc-reach-algorithm { tcp-count | echo-nonce | rloc-probing} Example:
|
(Optional)
Enables or disables the use of a LISP locator reachability algorithm. Locator reachability algorithms are address-family independent. By default, all locator reachability algorithms are disabled. |
||
Step 8 |
exit Example:
|
Exits global configuration mode. |
||
Step 9 |
(Optional) show { ip| ipv6} lisp Example:
Example:
|
(Optional)
Displays all configured IPv4 or IPv6 LISP configuration parameters. |
You can enable and configure LISP-ALT (ALT) functionality for both IPv4 and IPv6 address families.
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
Step 2 |
{ ip | ipv6} lisp alt-vrf vrf-name Example:
Example:
|
Configures LISP to use the LISP-ALT VRF vrf-name. |
Step 3 |
exit Example:
|
Exits global configuration mode. |
Step 4 |
(Optional) show { ip | ipv6} lisp Example:
Example:
|
(Optional)
Displays all configured IPv4 or IPv6 LISP configuration parameters. |
You can enable and configure LISP Map-Resolver (MR) functionality for both IPv4 and IPv6 address families.
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
Step 2 |
{ ip | ipv6} lisp map-resolver Example:
Example:
|
Enables LISP Map-Resolver functionality on the device. |
Step 3 |
exit Example:
|
Exits global configuration mode. |
Step 4 |
(Optional) show { ip | ipv6} lisp Example:
Example:
|
(Optional)
Displays all configured IPv4 or IPv6 LISP configuration parameters. |
Configuring LISP Map-Server Functionality
You can enable and configure LISP Map-Server (MS) functionality for both IPv4 and IPv6 address families.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 2 |
{ ip | ipv6} lisp map-server Example:
Example:
|
Enables LISP Map-Server functionality on the device. |
||
Step 3 |
lisp site site-name Example:
|
Creates the site name and enters LISP site configuration mode. |
||
Step 4 |
description description Example:
|
Enters a description for the LISP site being configured. |
||
Step 5 |
authentication-key key-type password Example:
|
Enters the authentication key type and password for the LISP site being configured.
|
||
Step 6 |
eid-prefix EID-prefix [ route-tag tag] Example:
Example:
|
Enters the EID-prefix for which the LISP site being configured is authoritative and optionally adds a route-tag. |
||
Step 7 |
end Example:
|
Exits LISP site configuration mode. |
||
Step 8 |
(Optional) show { ip | ipv6} lisp Example:
Example:
|
(Optional)
Displays all configured IPv4 or IPv6 LISP configuration parameters. |
Complete the optional LISP Map-Server configuration items as needed.
You can configure optional LISP Map-Server functionality.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 2 |
lisp site site-name Example:
|
Enters LISP site configuration mode for the indicated site. If the site does not exist, it will be created. |
||
Step 3 |
(Optional) allowed-locators rloc1 [ rloc2 [ ...]] Example:
|
(Optional)
Enters the locators that are to be allowed to be included in the Map-Register message for the LISP site being configured.
|
||
Step 4 |
end Example:
|
Exits LISP site configuration mode. |
||
Step 5 |
(Optional) show { ip | ipv6} lisp Example:
Example:
|
(Optional)
Displays all configured IPv4 or IPv6 LISP configuration parameters. |
You can enable and configure LISP Proxy-ITR functionality for both IPv4 and IPv6 address families.
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
Step 2 |
{ ip | ipv6} proxy-itr locator [ other-address-family-locator] Example:
Example:
|
Configures LISP Proxy-ITR functionality on the device. The locator address is used as a source address for encapsulating data packets or Map-Request messages. Optionally, you can provide an address for the other address family (for example, IPv6 for the ip proxy-itr command). |
Step 3 |
exit Example:
|
Exits global configuration mode. |
Step 4 |
(Optional) show { ip | ipv6} lisp Example:
Example:
|
(Optional)
Displays all configured IPv4 or IPv6 LISP configuration parameters. |
You can enable and configure LISP Proxy-ETR functionality for both IPv4 and IPv6 address families.
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal Example:
|
Enters global configuration mode. |
Step 2 |
{ ip | ipv6} proxy-etr Example:
Example:
|
Configures LISP Proxy-ETR functionality. |
Step 3 |
exit Example:
|
Exits global configuration mode. |
Step 4 |
(Optional) show { ip | ipv6} lisp Example:
Example:
|
(Optional)
Displays all configured IPv4 or IPv6 LISP configuration parameters. |
This section includes additional information related to implementing LISP.
Related Topic |
Document Title |
---|---|
Cisco NX-OS licensing |
Cisco NX-OS Licensing Guide |
Standard |
Title |
---|---|
No new or modified standards are supported by this release. |
MIB |
MIBs Link |
---|---|
None |
To locate and download MIBs for selected platforms, Cisco NX-OS software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
RFC |
Title |
---|---|
draft-ietf-lisp-07 |
Locator/ID Separation Protocol (LISP) |
draft-ietf-lisp-alt-04 |
LISP Alternative Topology (LISP+ALT) |
draft-ietf-lisp-interworking-01 |
Interworking LISP with IPv4 and IPv6 |
draft-ietf-lisp-lig-00 |
LISP Internet Groper (LIG) |
draft-ietf-lisp-ms-05 |
LISP Map Server |
Feature Name |
Releases |
Feature Information |
---|---|---|
LISP-ALT functionality |
5.2(3) |
This functionality is no longer required to configure other LISP features. |
Locator/ID Separation Protocol (LISP) |
5.2(1) |
This feature is introduced. |