Configuring Border Node

A LISP VXLAN fabric border node serves as a gateway between the fabric site and the sites external to the fabric. Traffic entering or leaving the fabric is encapsulated or decapsulated (respectively) by the border node.

The following devices can be configured as border nodes:

Cisco Catalyst 9300 Series Switches
Cisco Catalyst 9400 Series Switches
Cisco Catalyst 9500 Series Switches
Cisco Catalyst 9600 Series Switches

A fabric border node can be configured as an internal border node, or an external border node, or both internal and external border node.

An internal border node is used when traffic originating from within the fabric should follow a non-default route to reach an external destination. The Internal Border Node advertises endpoint reachability to the external network and imports external non-default routes into the fabric control plane.

An external border node is a default gateway for a Fabric Site. It is used as a gateway for traffic originating from within the fabric that is following a default route, such as traffic destined for the internet. It advertises endpoint reachability to the external network but does not import any external routes into the fabric control plane.

An internal and external border node both imports non-default routes into the fabric control plane and functions a default gateway for a fabric site. It advertises endpoint reachability to the external network and imports external non-default routes into the fabric.

Note

In a border node configuration, each LISP instance-id should be associated with a routing table (global routing table or the VRF). A default border should have default routes configured in the routing table for each VRF, to dynamically register with the control plane node as a default border.

Functions of a Border Node

A fabric border node performs the following functions in the fabric:

Advertise EID subnets: A border node exports the endpoint prefix space as an aggregate to the external networks, using the Border Gateway Protocol (BGP). This helps to direct the traffic from outside of the fabric destined for endpoints within the fabric.
Gateway between the Fabric and an external network: A border node is an egress point for traffic to all those destinations that are outside the fabric.

An external border acts like a default gateway. It handles the traffic destined to locations that are not known to the control plane. Internal border advertises external destinations into the fabric and should be used for traffic to known destinations outside the fabric.
Network virtualization extension to the external world: A border node can extend network virtualization from inside the fabric to outside the fabric by using VRF-lite and VRF-aware routing protocols to preserve the segmentation.
Policy mapping: A border node maps the SGT information from within the fabric to be appropriately maintained when the traffic exits that fabric. When a fabric packet is decapsulated at the border node, the SGT information can be directly mapped into the Cisco metadata field of packet, using inline tagging.
VXLAN encapsulation/decapsulation: A border node encapsulates the packets received from external network, which are destined to the endpoints within the fabric. It decapsulates the packets that are sourced from the fabric endpoints and destined to locations outside the fabric.

How to Configure an External Border Node

Note

Before you begin, ensure that routed access design is used to configure the underlay network.


Step	Task	Purpose
Step 1	Configure Virtual Routing and Forwarding (VRF)	Configure a VRF to support IPv4 and IPv6 address routing tables. VRF maintains the routing and forwarding information for devices within a virtual network. A VRF instance has its own IP routing table, a forwarding table, and one or more interfaces assigned to it. The VRF tables help the routing device reach the locator address space.
Step 2	Configure Layer 3 Handoff SVI	Configure the SVI for Layer 3 handoff.
Step 3	Configure the Interface that connects to an Upstream Router	Configure a VLAN trunk port interface to connect to an upstream router. An upstream router is located external to the fabric and provides inter-VRF forwarding that is necessary for communication between the virtual networks (segments). It also provides access to shared services for the endpoints in the fabric.
Step 4	Configure Loopback interfaces	Configure a loopback interface for a overlay segment. This loopback is used to advertise the overlay subnet prefixes to the external network. Configure a loopback interface for the default instance in LISP (Global Routing Table). The default instance is used to connect the network infrastructure elements like Access Points and Layer 2 switches to the fabric access layer.
Step 5	Configure LISP	Set up the Proxy Ingress Tunnel Router (PITR) functionality for both IPv4 and IPv6 address families. A PITR encapsulates and forwards the incoming packets to provide non-LISP-to-LISP interworking. Set up the Proxy Egress Tunnel Router (PETR) functionality for both IPv4 and IPv6 address families. A PETR decapsulates the LISP VXLAN encapsulated packets to the provide LISP-to-non-LISP interworking. Define this border node as a default ETR and map the default route for each VRF.
Step 6	Configure Layer 3 Instance ID: For Default Instance For User-Defined VRF	Configure a Layer 3 instance ID for the default instance. Configure Layer 3 instance IDs for the VRFs that you define.
Step 7	Configure BGP	Configure Border Gateway Protocol (BGP) for route exchange with the external network.
Step 8	(Optional) Redistribute Routing Information through External Border	If your deployment has a scenario where the fabric site has an internal border that accepts prefixes to be routed to an external network through an external border, perform this step. This step redistributes LISP routes to BGP through an external border.
Step 9	Verify the configurations on the border node using these show commands:
	show lisp session	Displays the details of the LISP sessions that are established on the border node.
	show lisp locator-set	Displays the locator set information.
	show ip interface brief	Displays the usability status of all the interfaces that are configured on the device. Filter the output to view the dynamically created LISP interfaces, using the show ip interface brief \| i LISP command.
	*show lisp instance-id ipv4 show lisp instance-id * ipv6**	Displays the details of each of the LISP IPv4 or IPv6 instances that are configured on the border node. Use this command to view the operational status of the IPv4 or the IPv6 address family under each instance-id. This includes the status of the database, map-cache, publication entries, site registration entries, and so on.
	show ip route vrf vrf	Displays the route table that is created on the border node for a given VRF.
	show lisp service ipv4 summary show lisp service ipv6 summary	Displays a summary of the LISP IPv4 or IPv6 services on the border node. Use this command to check the number of EID tables and database entries, the total number of map-cache entries, and information about each VRF.
	show lisp service ipv4 statistics show lisp service ipv6 statistics	Displays the LISP IPv4 or IPv6 packet statistics for all EID prefixes. Use this command to check the total number of packet encapsulations, decapsulations, map requests, map replies, map registers, and other LISP-related packet information, for the IPv4 or IPv6 service.
	show lisp service ipv4 forwarding eid remote detail show lisp service ipv6 forwarding eid remote detail	Displays the forwarding information for the destination EID prefixes. Use this command to view the EID prefix, associated locator status bits, and total encapsulated packets and bytes for each destination EID-prefix.
	show lisp platform	Displays the limits of the given platform or the device. This command shows the LISP instance limits, Layer 3 limits, Layer 2 limits, and the supported configuration style on the device. Use this command to understand the limits of the device and plan its usage and role in the fabric.

To see a sample configuration for an external border node, go to Configuration example for an external border node.

To see the sample outputs of show commands on the border node, go to Verify Distributed Border and Control Plane Node.

How to Configure an Internal Border Node

Note

Before you begin, ensure that routed access design is used to configure the underlay network.


Step	Task	Purpose
Step 1	Configure Virtual Routing and Forwarding (VRF)	Configure a VRF to support IPv4 and IPv6 address routing tables. VRF maintains the routing and forwarding information for devices within a virtual network. A VRF instance has its own IP routing table, a forwarding table, and one or more interfaces assigned to it. The VRF tables help the routing device reach the locator address space.
Step 2	Configure Layer 3 Handoff SVI	Configure the SVI for Layer 3 handoff.
Step 3	Configure the Interface that connects to an Upstream Router	Configure a VLAN trunk port interface to connect to an upstream router. An upstream router is located external to the fabric and provides inter-VRF forwarding that is necessary for communication between the virtual networks (segments). It also provides access to shared services for the endpoints in the fabric.
Step 4	Configure Loopback interfaces	Configure a loopback interface for a overlay segment. This loopback is used to advertise the overlay subnet prefixes to the external network. Configure a loopback interface for the default instance in LISP (Global Routing Table). The default instance is used to connect the network infrastructure elements like Access Points and Layer 2 switches to the fabric access layer.
Step 5	Configure LISP	Set up the Proxy Ingress Tunnel Router (PITR) functionality for both IPv4 and IPv6 address families. A PITR encapsulates and forwards the incoming packets to provide non-LISP-to-LISP interworking. Set up the Proxy Egress Tunnel Router (PETR) functionality for both IPv4 and IPv6 address families. A PETR decapsulates the LISP VXLAN encapsulated packets to the provide LISP-to-non-LISP interworking. Set up the route-import functionality to import external routes into each VRF that is configured.
Step 6	Configure Layer 3 Instance ID: For Default Instance For User-Defined VRF	Configure a Layer 3 instance ID for the default instance. Configure Layer 3 instance IDs for the VRFs that you define. Use the route-import database command to register the imported routes to the control plane. The routes that are learnt are filtered according to the route-map option specified, to prevent routing loops.
Step 7	Configure BGP	Configure Border Gateway Protocol (BGP) for route exchange with the external network.
Step 8	Configure the Prefix List and Route Map	Define route maps with prefix lists to filter the routes that are imported into the fabric.
Step 9	Verify the configurations on the border node using these show commands:
	show lisp session	Displays the details of the LISP sessions that are established on the border node.
	show lisp locator-set	Displays the locator set information.
	show ip interface brief	Displays the usability status of all the interfaces that are configured on the device. Filter the output to view the dynamically created LISP interfaces, using the show ip interface brief \| i LISP command.
	*show lisp instance-id ipv4 show lisp instance-id * ipv6**	Displays the details of each of the LISP IPv4 or IPv6 instances that are configured on the border node. Use this command to view the operational status of the IPv4 address family under each instance-id. This includes the status of IPv4 database, map-cache, publication entries, site registration entries, and so on.
	show ip route vrf vrf	Displays the route table that is created on the border node for a given VRF.
	show lisp service ipv4 summary show lisp service ipv6 summary	Displays a summary of the LISP IPv4 or IPv6 services on the border node. Use this command to check the number of EID tables and database entries, the total number of map-cache entries, and information about each VRF.
	show lisp service ipv4 statistics show lisp service ipv6 statistics	Displays the LISP IPv4 or IPv6 packet statistics for all EID prefixes. Use this command to check the total number of packet encapsulations, decapsulations, map requests, map replies, map registers, and other LISP-related packet information, for the IPv4 or IPv6 service.
	show lisp service ipv4 forwarding eid remote detail show lisp service ipv6 forwarding eid remote detail	Displays the forwarding information for the remote or destination EID prefixes. Use this command to view the EID prefix, associated locator status bits, and total encapsulated packets and bytes for each remote EID-prefix.
	show lisp platform	Displays the limits of the given platform or the device. This command shows the LISP instance limits, Layer 3 limits, Layer 2 limits, and the supported configuration style on the device. Use this command to understand the limits of the device and plan its usage and role in the fabric.

To see a sample configuration for an internal border node, go to Configuration example for an internal border

To see a sample configuration for an internal and external border node, go to Configuration example for an internal and external border

Detailed Steps to Configure a Border Node

This section describes the tasks involved in configuring an internal border, an external border, and an anywhere border which is both internal and external.

Configure VRF

To configure VRFs on a border node, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	vrf definition `vrf-name` Example: `Device(config)# vrf definition VN3`	Configures a VRF table, and enters VRF configuration mode.
Step 4	rd `route-distinguisher` Example: `Device(config-vrf)# rd 1:4099`	Creates routing and forwarding tables for a VRF instance.
Step 5	address-family ipv4 Example: `Device(config-vrf)# address-family ipv4`	Specifies the address family, and enters address family configuration mode.
Step 6	route-target export `route-target-ext-community` Example: `Device(config-vrf-af)# route-target export 1:4099`	Creates a list of export route target communities for the specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an IP address and an arbitrary number (A.B.C.D:y). The `route-target-ext-community` value should be the same as the `route-distinguisher` value entered in the earlier step.
Step 7	route-target import `route-target-ext-community` Example: `Device(config-vrf-af)# route-target import 1:4099`	Creates a list of import route target communities for the specified VRF.
Step 8	exit-address-family Example: `Device(config-vrf-af)# exit-address-family`	Exits address family configuration mode, and enters VRF configuration mode.
Step 9	address-family ipv6 Example: `Device(config-vrf)# address-family ipv6`	Specifies the address family, and enters address family configuration mode.
Step 10	route-target export `route-target-ext-community` Example: `Device(config-vrf-af)# route-target export 1:4099`	Creates a list of export route target communities for the specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an IP address and an arbitrary number (A.B.C.D:y). The `route-target-ext-community` value should be the same as the `route-distinguisher` value entered in the earlier step.
Step 11	route-target import `route-target-ext-community` Example: `Device(config-vrf-af)# route-target import 1:4099`	Creates a list of import route target communities for the specified VRF.
Step 12	exit-address-family Example: `Device(config-vrf-af)# exit-address-family`	Exits address family configuration mode, and enters VRF configuration mode.
Step 13	end Example: `Device(config-vrf)# end`	Returns to privileged EXEC mode.

Configure Layer 3 Handoff SVI

To configure Layer 3 handoff SVI on a border node, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	vlan `vlan-id` Example: `Device(config)# vlan 222`	Specifies a VLAN ID, and enters VLAN configuration mode.
Step 4	name `vlan-name` Example: `Device(config-vlan)# name 222`	Specifies a name for the VLAN.
Step 5	exit Example: `Device(config-vlan)# exit`	Exits VLAN configuration mode, and enters global configuration mode.
Step 6	interface `vlan-id` Example: `Device(config)# interface Vlan222`	Specifies the interface for which you are adding a description, and enters interface configuration mode.
Step 7	description `string` Example: `Device(config-if)# description vrf-external`	Adds a description for the interface.
Step 8	vrf forwarding `name` Example: `Device(config-if)# vrf forwarding VN3`	Associates the VRF instance with the interface.
Step 9	ip address `ip_address subnet_mask` Example: `Device(config-if)# ip address 10.20.1.1 255.255.255.252`	Configures the IP address and IP subnet.
Step 10	no ip redirects Example: `Device(config-if)# no ip redirects`	Disables sending of Internet Control Message Protocol (ICMP) redirect messages.
Step 11	ipv6 address `address` Example: `Device(config-if)# ipv6 address 2001:DB8:20::1/126`	Configures an IPv6 address on the interface.
Step 12	ipv6 enable Example: `Device(config-if)# ipv6 enable`	Enables IPv6 on the interface.
Step 13	end Example: `Device(config-if)# end`	Returns to privileged EXEC mode.

Configure the Interface that Connects to an Upstream Router

To configure the interface that connects to an upstream router, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	interface `interface-number` Example: `Device(config)# interface FortyGigabitEthernet1/0/4`	Creates an interface to connect to an upstream router, and enters interface configuration mode.
Step 4	switchport mode trunk Example: `Device(config-if)# switchport mode trunk`	Configures the interface as a VLAN trunk port.
Step 5	end Example: `Device(config-if)# end`	Returns to privileged EXEC mode.

Configure Loopback for Overlay Segment in User-Defined VRF

To configure loopback for the overlay segment in user-defined VRF on a border node, perform this task:

Note

This loopback is used to advertise the overlay subnet prefixes to the external network.

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	interface loopback 50 Example: `Device(config)# interface loopback 50`	Creates a loopback interface for the overlay segment, and enters interface configuration mode.
Step 4	description `name` Example: `Device(config-if)# description Loopback Border`	Adds a description for an interface.
Step 5	vrf forwarding `vrf-name` Example: `Device(config-if)# vrf forwarding VN3`	Associates the VRF with the Layer 3 interface.
Step 6	ip address `address mask` Example: `Device(config-if)# ip address 10.50.1.1 255.255.255.255`	Assigns an IP address to the interface. Ensure that this is the IP address of the SVI for the user-defined VRF.
Step 7	ipv6 address `address` Example: `Device(config-if)# ipv6 address 2001:DB8:2050::1/128`	Assigns an IPv6 address to the interface.
Step 8	ipv6 enable Example: `Device(config-if)# ipv6 enable`	Enables IPv6 on the interface.
Step 9	end Example: `Device(config-if)# end`	Returns to privileged EXEC mode.

Configure Loopback for Overlay Segment in the Default Instance of LISP (Global Routing Table)

To configure the overlay segment in the default instance of LISP, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	interface loopback 91 Example: `Device(config)# interface loopback 91`	Creates a loopback interface for the default instance, and enters interface configuration mode.
Step 4	ip address `address mask` Example: `Device(config-if)# ip address 10.91.1.1 255.255.255.255`	Assigns an IP address to the interface. Ensure that this is the IP address of the SVI for the default instance.
Step 5	end Example: `Device(config-if)# end`	Returns to privileged EXEC mode.

Configure LISP

To configure LISP on a border node, perform this task:

Procedure

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

router lisp

Example:

Device(config)# router lisp

Enters LISP configuration mode.

Step 4

locator-table default

Example:

Device(config-router-lisp)# locator-table default

Selects the default (global) routing table for association with the routing locator address space.

Step 5

locator-set loc-set-name

Example:

Device(config-router-lisp)# locator-set default_etr_locator

Specifies a locator-set, and enters the locator-set configuration mode.

A locator-set identifies the routing-locator that LISP uses when it registers the local endpoints.

In this step, configure a default locator set.

Step 6

ipv4-interface Loopback loopback-interface-id priority locator-priority weight locator-weight

Example:

Device(config-router-lisp-locator-set)# ipv4-interface Loopback0 priority 10 weight 10

Specifies that the IPv4 address of the loopback interface should be used to reach the locator.

Priority and weight values are associated with the locator address to define traffic policies when multiple RLOCs are defined for the same EID-prefix block. A locator with a lower priority value takes preference. When multiple locators have the same priority, they can be used in a load-sharing manner.

Weight is a value 0–100 and represents the percentage of traffic to be load-shared to that locator.

Step 7

exit-locator-set

Example:

Device(config-router-lisp-locator-set)# exit-locator-set

Exits locator-set configuration mode, and enters LISP configuration mode.

Step 8

locator-set loc-set-name

Example:

Device(config-router-lisp)# locator-set eid_locator

Specifies a locator-set, and enters the locator-set configuration mode.

Ensure that this locator set is different from the default locator that was created in Step 5.

Step 9

ipv4-interface Loopback loopback-interface-id priority locator-priority weight locator-weight

Example:

Device(config-router-lisp-locator-set)# IPv4-interface Loopback0 priority 10 weight 10

Specifies that the IPv4 address of the loopback interface should be used to reach the locator.

Weight is a value 0–100 and represents the percentage of traffic to be load-shared to that locator.

Step 10

auto-discover-rlocs

Example:

Device(config-router-lisp-locator-set)# auto-discover-rlocs

Auto discover the locators registered by other ingress or egress tunnel routers (xTRs).

Step 11

exit-locator-set

Example:

Device(config-router-lisp-locator-set)# exit-locator-set

Exits locator-set configuration mode, and enters LISP configuration mode.

Step 12

locator default-set loc-set-name

Example:

Device(config-router-lisp)# locator default-set eid_locator

Specifies a default locator-set.

Step 13

service{ ipv4| ipv6}

Example:

Device(config-router-lisp)# service ipv4

Enables network services on the default instance.

service ipv4 : Enables Layer 3 network services for the IPv4 address family.

service ipv6 : Enables Layer 3 network services for the IPv6 address family.

Step 14

encapsulation vxlan

Example:

Device(config-router-lisp-serv-ipv4)# encapsulation vxlan

Device(config-router-lisp-serv-ipv6)# encapsulation vxlan

Specifies VXLAN-based encapsulation.

Step 15

map-cache publications

Example:

Device(config-router-lisp-serv-ipv4)# map-cache publications

Device(config-router-lisp-serv-ipv6)# map-cache publications

Exports the publication entries to the map cache. These entries are used for forwarding the traffic.

Step 16

import publication publisher publisher-address

Example:

Device(config-router-lisp-serv-ipv4)# import publication publisher 172.16.1.66

Device(config-router-lisp-serv-ipv6)# import publication publisher 172.16.1.66

Imports the publications from the publisher that is specified by the publisher-address . publisher-address is the IP address of the Loopback 0 interface of the control plane node.

If your fabric site has more than one control plane node, there are as many publishers. Execute this command for each of those publisher-address (control plane nodes). Imported publications are stored in a publication table.

Step 17

itr map-resolver map-resolver-address

Example:

Device(config-router-lisp-serv-ipv4)# itr map-resolver 172.16.1.66

Device(config-router-lisp-serv-ipv6)# itr map-resolver 172.16.1.66

Configures a locator address for the LISP map resolver to which this router sends map request messages for EID-to-RLOC mapping resolutions.

A control plane node is the LISP map resolver. map-resolver-address is the IP address of the Loopback 0 interface of the control plane node. If your fabric site has more than one control plane node, execute this command for each of the map-resolver-address (control plane nodes). Execute this command even if the border and control plane nodes are located on the same device.

Step 18

etr map-server map-server-address key authentication-key

Example:

Device(config-router-lisp-serv-ipv4)# etr map-server 172.16.1.66 key some-key

Device(config-router-lisp-serv-ipv6)# etr map-server 172.16.1.66 key some-key

Configures a map server to be used by the Egress Tunnel Router (ETR) for endpoint registrations, and specifies the authentication key to be used with this map server.

A control plane node is the LISP map server. map-server-address is the IP address of the Loopback 0 interface of the control plane node. If your fabric site has more than one control plane node, execute this command for each of the map-server-address (control plane nodes). Execute this command even if the border and control plane nodes are located on the same device.

Note

Ensure that you use the same authentication-key that was configured on the control plane node.

Step 19

etr map-server map-server-address proxy-reply

Example:

Device(config-router-lisp-serv-ipv4)# etr map-server 172.16.1.66 proxy-reply

Device(config-router-lisp-serv-ipv6)# etr map-server 172.16.1.66 proxy-reply

Configures the map server to send map replies on behalf of the ETR.

map-server-address is the IP address of the Loopback 0 interface of control plane node. If your fabric site has more than one control plane node, execute this command for each of the map-server-address (control plane nodes). Execute this command even if the border and control plane nodes are located on the same device.

Step 20

etr

Example:

Device(config-router-lisp-serv-ipv4)# etr

Device(config-router-lisp-serv-ipv6)# etr

Configures the device as an Egress Tunnel Router (ETR).

Step 21

sgt

Example:

Device(config-router-lisp-serv-ipv4)# sgt

Device(config-router-lisp-serv-ipv6)# sgt

(Optional) Enables the Security Group Tag (SGT) function for SGT tag propagation. Configure this command only if you need SGT propagation in your fabric network.

Step 22

route-export publications

Example:

Device(config-router-lisp-serv-ipv4)# route-export publications

Device(config-router-lisp-serv-ipv6)# route-export publications

Exports the LISP publications into the routing information base (RIB).

Step 23

distance publications distance

Example:

Device(config-router-lisp-serv-ipv4)# distance publications 250

Device(config-router-lisp-serv-ipv6)# distance publications 250

Specifies the administrative distance to RIB when the LISP publications are exported to the RIB.

Step 24

proxy-etr

Example:

Device(config-router-lisp-serv-ipv4)# proxy-etr

Device(config-router-lisp-serv-ipv6)# proxy-etr

Enables Proxy Egress Tunnel Router (PETR) functionality for IPv4 EIDs.

Step 25

proxy-itr address

Example:

Device(config-router-lisp-serv-ipv4)# proxy-itr 172.16.1.67

Device(config-router-lisp-serv-ipv6)# proxy-itr 172.16.1.67

Enables Proxy Ingress Tunnel Router (PITR) functionality for IPv4 or IPv6 EIDs.

For address , specify the IP address of the Loopback 0 interface on the device.

Step 26

Do one of the following:

exit-service-ipv4
exit-service-ipv6

Example:

Device(config-router-lisp-serv-ipv4)# exit-service-ipv4

Device(config-router-lisp-serv-ipv4)# exit-service-ipv6

Exits service configuration mode, and enters LISP configuration mode.

Use the appropriate command, depending on which service mode you are exiting from (IPv4 or IPv6 mode).

Step 27

ipv4 locator reachability minimum-mask-length length

Example:

Device(config-router-lisp)# ipv4 locator reachability minimum-mask-length 32

Specifies the shortest mask prefix to accept when looking up a remote RLOC in the RIB. LISP checks the host reachability from the routing locator.

Step 28

ipv4 source-locator interface-number

Example:

Device(config-router-lisp)# ipv4 source-locator loopback0

Configures the source locator for the outbound LISP packets. Set the loopback interface as the source locator.

Step 29

exit-router-lisp

Example:

Device(config-router-lisp)# exit-router-lisp

Exits LISP configuration mode, and enters global configuration mode.

Step 30

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Step 31

show lisp locator-set

Example:

Device# show lisp locator-set
LISP Locator-set information:

172.16.1.67, local, reachable, loopback
Device#

Displays the LISP Locator Set information configured on the device.

Create Layer 3 Instance ID for Default Instance

To create a Layer 3 instance ID for default instance on a border node, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	router lisp Example: `Device(config)# router lisp`	Enters LISP configuration mode.
Step 4	instance-id `id` Example: `Device(config-router-lisp)# instance-id 4097`	Specifies an instance ID. In this step, configure the Layer 3 default instance ID. The id of the instance can range from 1 to 16777200.
Step 5	remote-rloc-probe on-route-change Example: `Device(config-router-lisp-inst)# remote-rloc-probe on-route-change`	Configures parameters for probing of remote routing locators (RLOCs).
Step 6	service ipv4 Example: `Device(config-router-lisp-inst)# service ipv4`	Enables Layer 3 network services for the IPv4 address family.
Step 7	eid-table default Example: `Device(config-router-lisp-inst-serv-ipv4)# eid-table default`	Configures the default (global) routing table for association with the configured instance-service.
Step 8	map-cache `address` map-request Example: `Device(config-router-lisp-inst-serv-ipv4)# map-cache 10.91.1.0/24 map-request`	Specifies the destination EID for which map-requests are sent.
Step 9	exit-service-ipv4 Example: `Device(config-router-lisp-inst-serv-ipv4)# exit-service-ipv4`	Exits IPv4 service configuration mode, and enters LISP instance configuration mode.
Step 10	exit-instance-id Example: `Device(config-router-lisp-inst)# exit-instance-id`	Exits instance configuration mode, and enters LISP configuration mode.
Step 11	exit-router-lisp Example: `Device(config-router-lisp)# exit-router-lisp`	Exits LISP configuration mode, and enters global configuration mode.
Step 12	end Example: `Device(config)# end`	Returns to privileged EXEC mode.

Create Layer 3 Instance ID for User-Defined VRF - External Border

To create a Layer 3 instance ID for the user-defined VRF on the external border node, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	router lisp Example: `Device(config)# router lisp`	Enters LISP configuration mode.
Step 4	instance-id `id` Example: `Device(config-router-lisp)# instance-id 4099`	In this step, specify the instance ID for a user-defined VRF. The id of the instance can range from 1 to 16777200.
Step 5	remote-rloc-probe on-route-change Example: `Device(config-router-lisp-inst)# remote-rloc-probe on-route-change`	Configures parameters for probing of remote routing locators (RLOCs).
Step 6	service `{` ipv4`\|` ipv6`}` Example: `Device(config-router-lisp-inst)# service ipv4` `Device(config-router-lisp-inst)# service ipv6`	Enables Layer 3 network services for the IPv4 or IPv6 address family.
Step 7	eid-table vrf `vrf-name` Example: `Device(config-router-lisp-inst-serv-ipv4)# eid-table vrf VN3` `Device(config-router-lisp-inst-serv-ipv6)# eid-table vrf VN3`	Configures the VRF table for association with the configured instance-service.
Step 8	database-mapping `eid-prefix/prefix-length` locator-set `RLOC_name` default-etr local Example: `Device(config-router-lisp-inst-serv-ipv4)# database-mapping 0.0.0.0/0 locator-set default_etr_locator default-etr local` `Device(config-router-lisp-inst-serv-ipv6)# database-mapping ::/0 locator-set default_etr_locator default-etr local`	Configures an IPv4 or IPv6 default ETR for a default route
Step 9	Do one of the following:exit-service-ipv4 exit-service-ipv4 exit-service-ipv6 Example: `Device(config-router-lisp-inst-serv-ipv4)# exit-service-ipv4` `Device(config-router-lisp-inst-serv-ipv6)# exit-service-ipv6`	Exits service configuration mode, and enters LISP instance configuration mode. Use the appropriate command, depending on which service mode you are exiting from (IPv4 or IPv6 service mode).
Step 10	exit-instance-id Example: `Device(config-router-lisp-inst)# exit-instance-id`	Exits instance configuration mode, and enters LISP configuration mode.
Step 11	end Example: `Device(config)# end`	Returns to privileged EXEC mode.
Step 12	show lisp instance-id * ipv4 Example: `Device# show lisp instance-id * ipv4` To view only the LISP instance IDs that have IPv4 enabled, filter the output as shown: `Device# show lisp instance-id * ipv4 \| i Instance ID Instance ID: 4097 Instance ID: 4099 Device#`	Displays details of each LISP instance that has the IPv4 service enabled.

Create Layer 3 Instance ID for User-Defined VRF - Internal Border

An internal border imports and registers the routes advertised by an upstream router. The internal border uses the route-import database command to register these routes into Control Plane. The routes that are learnt are filtered according to the route-map option specified, to prevent routing loops.

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	router lisp Example: `Device(config)# router lisp`	Enters LISP configuration mode.
Step 4	instance-id `id` Example: `Device(config-router-lisp)# instance-id 4099`	In this step, specify the instance ID for a user-defined VRF. The id of the instance can range from 1 to 16777200.
Step 5	remote-rloc-probe on-route-change Example: `Device(config-router-lisp-inst)# remote-rloc-probe on-route-change`	Configures parameters for probing of remote routing locators (RLOCs).
Step 6	service `{` ipv4`\|` ipv6`}` Example: `Device(config-router-lisp-inst)# service ipv4` `Device(config-router-lisp-inst)# service ipv6`	Enables Layer 3 network services for the IPv4 or IPv6 address family.
Step 7	eid-table vrf `vrf-name` Example: `Device(config-router-lisp-inst-serv-ipv4)# eid-table vrf VN3` `Device(config-router-lisp-inst-serv-ipv6)# eid-table vrf VN3`	Configures the VRF table for association with the configured instance-service.
Step 8	map-cache `address` map-request Example: `Device(config-router-lisp-inst-serv-ipv4)# map-cache 0.0.0.0/0 map-request Device(config-router-lisp-inst-serv-ipv6)# map-cache ::/0 map-request`	Specifies the destination EID to which map-requests are sent.
Step 9	route-import database `protocol autonomous-system-number` [route-map `map-name` locator-set `locator-set-name` ] Example: `Device(config-router-lisp-inst-serv-ipv4)# route-import database bgp 600 route-map MATCH_DC_ROUTE locator-set eid_locator` `Device(config-router-lisp-inst-serv-ipv6)# route-import database bgp 600 route-map MATCH_DC_ROUTE_V6 locator-set eid_locator`	Configures the import of Routing Information Base (RIB) routes to define local EID prefixes and associates them with the specified locator set. (Optional) The route-map keyword specifies that imported IP prefixes should be filtered according to the specified route-map name.
Step 10	Do one of the following:exit-service-ipv4 exit-service-ipv4 exit-service-ipv6 Example: `Device(config-router-lisp-inst-serv-ipv4)# exit-service-ipv4` `Device(config-router-lisp-inst-serv-ipv6)# exit-service-ipv6`	Exits service configuration mode, and enters LISP instance configuration mode. Use the appropriate command, depending on which service mode you are exiting from (IPv4 or IPv6 service mode).
Step 11	exit-instance-id Example: `Device(config-router-lisp-inst)# exit-instance-id`	Exits instance configuration mode, and enters LISP configuration mode.

Configure a BGP Routing Process

To configure a BGP routing process on a border node, perform this task:

Procedure

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

router bgp autonomous-system-number

Example:

Device(config)# router bgp 600

Configures a BGP routing process, and enters router configuration mode for the specified routing process.

Use the autonomous-system-number argument to specify an integer, from 0 and 65534, that identifies the device to other BGP speakers.

Step 4

bgp router-id ip-address

Example:

Device(config-router)# bgp router-id interface Loopback0

(Optional) Configures a fixed 32-bit router ID as the identifier of the local device running BGP.

Use the ip-address argument to specify a unique router ID within the network.

Note

Configuring a router ID using the bgp router-id command resets all active BGP peering sessions.

Step 5

bgp log-neighbor-changes

Example:

Device(config-router)# bgp log-neighbor-changes

Enables logging of BGP neighbor status changes (up or down) and neighbor resets.

Use this command for troubleshooting network connectivity problems and measuring network stability. Unexpected neighbor resets might indicate high error rates or high packet loss in the network and should be investigated.

Step 6

bgp graceful-restart

Example:

Device(config-router)# bgp graceful-restart

Enables Nonstop Forwarding (NSF) awareness on the device. By default, NSF awareness is disabled.

Step 7

address-family ipv4

Example:

Device(config-router)# address-family ipv4

Enters address family configuration mode to configure routing sessions that use address family-specific command configurations.

Step 8

bgp aggregate-timer seconds

Example:


Device(config-router-af)# bgp aggregate-timer 0

Configures the interval at which the BGP routes are aggregated.

A value of 0 (zero) disables timer-based aggregation and starts aggregation immediately.

Step 9

network network-number [mask network-mask ] [route-map route-map-name ]

Example:

Device(config-router-af)# network 10.20.2.0 mask 255.255.255.252
Device(config-router-af)# network 10.91.1.1 mask 255.255.255.255

Specifies the network to be advertised by BGP and adds it to the BGP routing table.

For exterior protocols, the network command controls which networks are advertised. Interior protocols use the network command to determine where to send updates.

Step 10

aggregate-address address mask summary-only

Example:

Device(config-router-af)# aggregate-address 10.91.1.0 255.255.255.0 summary-only

Creates an aggregate entry in a BGP database.

Step 11

neighbor ip-address remote-as autonomous-system-number

Example:

Device(config-router-af)# neighbor 10.20.2.2 remote-as 300

Adds the IP address of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local router.

Step 12

neighbor ip-address update-source interface-type interface-number

Example:

Device(config-router-af)# neighbor 10.20.2.2 update-source Vlan111

Allows the BGP sessions to use any operational interface for TCP connections.

Step 13

neighbor ip-address activate

Example:

Device(config-router-af)# neighbor 10.20.2.2 activate

Enables the exchange of information with a BGP neighbor.

Step 14

neighbor ip-address send-community[both]

Example:

Device(config-router-af)# neighbor 10.20.2.2 send-community both

Specifies that a communities attribute should be sent to a BGP neighbor.

Step 15

exit-address-family

Example:

Device(config-router-af)# exit-address-family

Exits the address family configuration mode and enters router configuration mode.

Step 16

address-family { ipv4| ipv6} [ vrf vrf-name]

Example:


Device(config-router)# address-family ipv4 vrf VN3
Device(config-router)# address-family ipv6 vrf VN3

Enters address family configuration mode to configure routing sessions that use address family-specific command configurations.

Use the vrf option to specify the VRF instance with which the subsequent address family configuration commands are associated.

Step 17

bgp aggregate-timer seconds

Example:


Device(config-router-af)# bgp aggregate-timer 0

Configures the interval at which the BGP routes are aggregated.

A value of 0 (zero) disables timer-based aggregation and starts aggregation immediately.

Step 18

network network-number [mask network-mask ] [route-map route-map-name ]

Example:


Device(config-router-af)# network 10.20.1.0 mask 255.255.255.252
Device(config-router-af)# network 10.50.1.1 mask 255.255.255.255


Device(config-router-af)# network 2001:DB8:20::/126
Device(config-router-af)# network 2001:DB8:2050::1/128

Specifies the network to be advertised by BGP and adds it to the BGP routing table.

For exterior protocols, the network command controls which networks are advertised. Interior protocols use the network command to determine where to send updates.

Step 19

aggregate-address address mask summary-only

Example:

Device(config-router-af)# aggregate-address 10.50.1.0 255.255.255.0 summary-only

Device(config-router-af)# aggregate-address 2001:DB8:50::/64 summary-only

Creates an aggregate entry in a BGP database.

Step 20

neighbor ip-address remote-as autonomous-system-number

Example:

Device(config-router-af)# neighbor 10.20.1.2 remote-as 300

Device(config-router-af)# neighbor 2001:DB8:20::2 remote-as 300

Adds the IP address of the neighbor in the specified autonomous system to the IPv4 or IPv6 multiprotocol BGP neighbor table of the local router.

Step 21

neighbor ip-address update-source interface-type interface-number

Example:

Device(config-router-af)# neighbor 10.20.1.2 update-source Vlan222

Device(config-router-af)# neighbor 2001:DB8:20::2 update-source Vlan222

Allows the BGP sessions to use any operational interface for TCP connections.

Step 22

neighbor ip-address activate

Example:

Device(config-router-af)# neighbor 10.20.1.2 activate

Device(config-router-af)# neighbor 2001:DB8:20::2 activate

Enables the exchange of information with a BGP neighbor.

Step 23

neighbor ip-address send-community [both]

Example:

Device(config-router-af)# neighbor 10.20.1.2 send-community both

Device(config-router-af)# neighbor 2001:DB8:20::2 send-community both

Specifies that a communities attribute should be sent to a BGP neighbor.

Step 24

neighbor ip-address weight [number]

Example:

Device(config-router-af)# neighbor 10.20.1.2 weight 65535

Device(config-router-af)# neighbor 2001:DB8:20::2 weight 65535

Assigns a weight to a neighbor connection.

Step 25

exit-address-family

Example:

Device(config-router-af)# exit-address-family

Exits the address family configuration mode and enters router configuration mode.

Step 26

exit

Example:

Device(config-router)# exit

Exits router configuration mode and enters global configuration mode.

Step 27

end

Example:

Device(config-route-map)# end

Exits router map configuration mode and returns to privileged EXEC mode.

Step 28

show ip route vrf vrf-name

Example:

Device# show ip route vrf VN3

Routing Table: VN3
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
       & - replicated local route overrides by connected

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C        10.20.1.0/30 is directly connected, Vlan222
L        10.20.1.1/32 is directly connected, Vlan222
B        10.50.1.0/24 [200/0], 00:32:34, Null0
C        10.50.1.1/32 is directly connected, Loopback50
Device#

Displays the route table on the device, for a specified VRF.

Redistribute Routing Information through External Border

To redistribute routing information from LISP to other routing protocols, use the redistribute lisp command in the address-family configuration mode.

Consider a scenario where the LISP VXLAN fabric site is connected to a Data Center (DC) through its internal border. An external border connects the fabric to a non-fabric network, a Branch Site. Traffic from the Data Center that is destined to the Branch Site can transit through the LISP VXLAN fabric site. The prefixes from the internal border are routed to the external border which redistributes the routing information into BGP.

Here is an illustration that depicts the scenario described in this section.

To redistribute routes from LISP, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	router bgp `autonomous-system-number` Example: `Device(config)# router bgp 600`	Configures a BGP routing process, and enters router configuration mode for the specified routing process. Use the `autonomous-system-number` argument to specify an integer, from 0 and 65534, that identifies the device to other BGP speakers.
Step 4	address-family ipv4 Example: `Device(config-router)# address-family ipv4`	Enters address family configuration mode to configure routing sessions that use address family-specific command configurations.
Step 5	redistribute `protocol` metric `metric-value` route-map `map-tag` Example: `Device(config-router-af)# redistribute lisp metric 10 route-map LISP_TO_BGP`	Redistributes routes from one routing domain into another routing domain. Here, LISP routes are redistributed into the BGP domain. The route-map LISP_TO_BGP configuration filters the specific routes that are to be redistributed. Only the filtered routes are imported into the BGP domain.The LISP_TO_BGP route map is described in the following steps.
Step 6	exit-address-family Example: `Device(config-router-af)# exit-address-family`	Exits the address family configuration mode and enters router configuration mode.
Step 7	exit Example: `Device(config-router)# exit`	Exits router configuration mode and enters global configuration mode.
Step 8	route-map `map-name` [permit \| deny ] [`sequence-number`] Example: `Device(config)# route-map LISP_TO_BGP permit 10`	Configures a route map for the BGP and enters route map configuration mode. Route map entries are read in order. You can identify the order using the sequence_number argument.
Step 9	description `description` Example: `Device(config-route-map)# description AS-number tag`	Adds a description for the route map.
Step 10	set as-path tag Example: `Device(config-route-map)# set as-path tag`	Modifies an autonomous system path for BGP routes.
Step 11	end Example: `Device(config-route-map)# end`	Exits router map configuration mode and returns to privileged EXEC mode.

Configure Prefix-List and Route-Map

Note

This procedure is applicable to an internal border node and both internal and external border node. It is not applicable to an external border node.

To configure prefix list and route map on a border node, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	{ip \| ipv6} prefix-list `prefix-list-name` [seq `seq-value`] {deny `network` / `length` \| permit `network` / `length` } Example: `Device(config)# ip prefix-list DENY_0.0.0.0 seq 10 permit 0.0.0.0/0 Device(config)# ip prefix-list L3HANDOFF_PREFIXES seq 828011002 permit 10.20.1.0/30` `Device(config)# ipv6 prefix-list DENY_IPV6_0 seq 10 permit ::/0 Device(config)# ipv6 prefix-list L3HANDOFF_PREFIXES seq 568642686 permit 2001:DB8:20::/126`	Creates a prefix list and defines a range of IP prefixes to import into the VRF table.
Step 4	route-map `map-name` [permit \| deny ] [`sequence-number`] Example: `Device(config)# route-map MATCH_DC_ROUTE deny 5`	Configures a route map and enters route map configuration mode.
Step 5	description `description` Example: `Device(config-route-map)# description Deny IPV4 default route`	(Optional) Adds a description for the route map.
Step 6	match ip address {`access-list-number` \| `access-list-name`} [... `access-list-number` \| ... `access-list-name`] Example: `Device(config-route-map)# match ip address prefix-list DENY_0.0.0.0`	(Optional) Creates a match clause to permit routes that match the specified `access-list-number` or `access-list-name` argument.
Step 7	Repeat steps 4 to 7 to configure more route maps. Example: `route-map MATCH_DC_ROUTE deny 17 description Deny L3Handoff Prefixes match ip address prefix-list L3HANDOFF_PREFIXES !` `route-map MATCH_DC_ROUTE permit 20 description Permit DC routes match tag 300 !` `route-map MATCH_DC_ROUTE_V6 deny 5 description Deny IPV6 default route match ipv6 address prefix-list DENY_IPV6_0 !` `route-map MATCH_DC_ROUTE_V6 deny 17 description Deny L3Handoff IPV6 Prefixes match ipv6 address prefix-list L3HANDOFF_PREFIXES !` `route-map MATCH_DC_ROUTE_V6 permit 20 description Permit DC routes match tag 300`
Step 8	end Example: `Device(config-route-map)# end`	Returns to privileged EXEC mode.

Configuration Examples for Border Node

The example configurations described in this section are for a border node of a LISP VXLAN fabric that is shown in the topology. The fabric illustrated in the topology consists of a border node, a control plane node, and two fabric edge nodes. VLAN50 is configured on Fabric Edge 1 and VLAN91 is configured on Fabric Edge 2.

LiSP VXLAN fabric topology with a distributed border and control plane node — Figure 1. LISP VXLAN Fabric Topology

Configuration Example for an External Border Node

An external border node connects to the network that is external to the fabric, such as the internet. An external border is the default exit point for the virtual networks in the fabric. Ensure that you configure the external border with default routes to reach external unknown destinations.

Here is a sample configuration for an external border with Layer 3 handoff. In the topology:

External border has a Loopback0 address of 172.16.1.67
Control plane node has a Loopback0 address of 172.16.1.66
Layer 3 handoff segment for VN3 (user-defined VRF) is 10.20.1.0/30, 2001:DB8:20::/126
Layer 3 handoff segment for Default Instance is 10.20.2.0/30

Ensure that there is IP reachability between all fabric nodes in the underlay.

EBN
vrf definition VN3
 rd 1:4099
 !
 address-family ipv4
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
 !
 address-family ipv6
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
 
vlan 222
 name 222
!
vlan 111
 name 111
!
interface Vlan111
 description interface to External router
 ip address 10.20.2.1 255.255.255.252
 no ip redirects
!
interface Vlan222
 description interface to External router
 vrf forwarding VN3
 ip address 10.20.1.1 255.255.255.252
 no ip redirects
 ipv6 address 2001:DB8:20::1/126
 ipv6 enable
  
!
interface FortyGigabitEthernet1/0/4
 switchport mode trunk
  
interface Loopback50
 description Loopback Border
 vrf forwarding VN3
 ip address 10.50.1.1 255.255.255.255
 ipv6 address 2001:DB8:2050::1/128
 ipv6 enable
 ipv6 dhcp relay trust
!
  
interface Loopback91
 description Loopback Border
 ip address 10.91.1.1 255.255.255.255
!
  
router lisp
 locator-table default
 locator-set default_etr_locator
  IPv4-interface Loopback0 priority 10 weight 10
  exit-locator-set
 !
 locator-set eid_locator
  IPv4-interface Loopback0 priority 10 weight 10
  auto-discover-rlocs
  exit-locator-set
 !
 locator default-set eid_locator
!
 service ipv4
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.66
  itr map-resolver 172.16.1.66
  etr map-server 172.16.1.66 key some-key
  etr map-server 172.16.1.66 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-etr
  proxy-itr 172.16.1.67
  exit-service-ipv4
 !
 service ipv6
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.66
  itr map-resolver 172.16.1.66
  etr map-server 172.16.1.66 key some-key
  etr map-server 172.16.1.66 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-etr
  proxy-itr 172.16.1.67
  exit-service-ipv6
 !
 instance-id 4097
  remote-rloc-probe on-route-change
  service ipv4
   eid-table default
   map-cache 10.91.1.0/24 map-request
   exit-service-ipv4
  !
  instance-id 4099
  remote-rloc-probe on-route-change
  service ipv4
   eid-table vrf VN3
   database-mapping 0.0.0.0/0 locator-set default_etr_locator default-etr local
   exit-service-ipv4
  !
  service ipv6
   eid-table vrf VN3
   database-mapping ::/0 locator-set default_etr_locator default-etr local
   exit-service-ipv6
  !
  exit-instance-id
 !
 ipv4 locator reachability minimum-mask-length 32
 ipv4 source-locator Loopback0
 exit-router-lisp
!
 router bgp 600
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 bgp graceful-restart
 !
 address-family ipv4
  bgp redistribute-internal
  bgp aggregate-timer 0
  network 10.20.2.0 mask 255.255.255.252
  network 10.91.1.1 mask 255.255.255.255 
  aggregate-address 10.91.1.0 255.255.255.0 summary-only
  redistribute lisp metric 10 route-map LISP_TO_BGP
  neighbor 10.20.2.2 remote-as 300
  neighbor 10.20.2.2 update-source Vlan111
  neighbor 10.20.2.2 activate
  neighbor 10.20.2.2 send-community both
 exit-address-family !
 !
 address-family ipv4 vrf VN3
  bgp aggregate-timer 0
  network 10.20.1.0 mask 255.255.255.252
  network 10.50.1.1 mask 255.255.255.255 
  aggregate-address 10.50.1.0 255.255.255.0 summary-only
  redistribute lisp metric 10 route-map LISP_TO_BGP
  neighbor 10.20.1.2 remote-as 300
  neighbor 10.20.1.2 update-source Vlan222
  neighbor 10.20.1.2 activate
  neighbor 10.20.1.2 send-community both
  neighbor 10.20.1.2 weight 65535
 exit-address-family
 !
 address-family ipv6 vrf VN3
  redistribute lisp metric 10 route-map LISP_TO_BGP
  bgp aggregate-timer 0
  network 2001:DB8:20::/126
  network 2001:DB8:2050::1/128
  aggregate-address 2001:DB8:50::/64 summary-only
  neighbor 2001:DB8:20::2 remote-as 300
  neighbor 2001:DB8:20::2 update-source Vlan222
  neighbor 2001:DB8:20::2 activate
  neighbor 2001:DB8:20::2 send-community both
  neighbor 2001:DB8:20::2 weight 65535
 exit-address-family
!

route-map LISP_TO_BGP permit 10
 description AS-number tag
 set as-path tag

Verify Distributed Border and Control Plane Node

You can verify the configurations on the control plane node, border node and the fabric edge node using the show commands. This section provides sample outputs for the show commands on the fabric node devices in the topology wherein the border and control plane nodes are not colocated.

In the topology, 172.16.1.68 and 172.16.1.69 are Fabric Edge Nodes; 172.16.1.67 is the Border Node; 172.16.1.66 is the Control Plane Node.

Table 1. Show Commands for the Control Plane Node
View the LISP session details on the control plane node: `CP# show lisp session Sessions for VRF default, total: 6, established: 3 Peer State Up/Down In/Out Users 172.16.1.69:16244 Up 02:17:44 9/17 7 172.16.1.68:37085 Up 02:17:46 9/20 7 172.16.1.67:11364 Up 00:07:04 13/47 7 CP#`

View the LISP session details on the control plane node:

CP# show lisp session 

Sessions for VRF default, total: 6, established: 3
Peer                           State      Up/Down        In/Out    Users
172.16.1.69:16244                Up         02:17:44        9/17     7
172.16.1.68:37085                Up         02:17:46        9/20     7
172.16.1.67:11364                Up         00:07:04       13/47     7

CP#

Table 2. Show Commands for the Border Node
View the LISP session details on the border node: `Border# show lisp session Sessions for VRF default, total: 1, established: 1 Peer State Up/Down In/Out Users 172.16.1.66:4342 Up 00:07:21 47/13 7 Border#`
View the Locator Set information on the border node: `Border# show lisp locator-set LISP Locator-set information: 172.16.1.67, local, reachable, loopback Border#`
View the information about LISP instance IDs for IPv4 service: Border# show lisp instance-id * ipv4 ================================================= Output for router lisp 0 instance-id 4097 ================================================= Instance ID: 4097 Router-lisp ID: 0 Locator table: default EID table: default Ingress Tunnel Router (ITR): disabled Egress Tunnel Router (ETR): enabled Proxy-ITR Router (PITR): enabled RLOCs: 172.16.1.67 Proxy-ETR Router (PETR): enabled NAT-traversal Router (NAT-RTR): disabled Mobility First-Hop Router: disabled Map Server (MS): disabled Map Resolver (MR): disabled Mr-use-petr: disabled First-Packet pETR: disabled Multiple IP per MAC support: disabled Delegated Database Tree (DDT): disabled Multicast Flood Access-Tunnel: disabled Publication-Subscription: enabled Publisher(s): 172.16.1.66 Site Registration Limit: 0 Map-Request source: derived from EID destination ITR Map-Resolver(s): 172.16.1.66 ETR Map-Server(s): 172.16.1.66 (never) xTR-ID: 0x585ED747-0x87D8E878-0xC58A505D-0x10E643FC site-ID: unspecified ITR local RLOC (last resort): 172.16.1.67 ITR Solicit Map Request (SMR): accept and process Max SMRs per map-cache entry: 8 more specifics Multiple SMR suppression time: 2 secs ETR accept mapping data: disabled, verify disabled ETR map-cache TTL: 1d00h Locator Status Algorithms: RLOC-probe algorithm: disabled RLOC-probe on route change: N/A (periodic probing disabled) RLOC-probe on member change: disabled LSB reports: process IPv4 RLOC minimum mask length: /32 IPv6 RLOC minimum mask length: /0 Map-cache: Static mappings configured: 1 Map-cache size/limit: 1/214528 Imported route count/limit: 0/5000 Map-cache activity check period: 60 secs Map-cache signal suppress: disabled Conservative-allocation: disabled Map-cache FIB updates: established Persistent map-cache: disabled Map-cache activity-tracking: enabled Global Top Source locator configuration: Loopback0 (172.16.1.67) Database: Total database mapping size: 0 static database size/limit: 0/214528 dynamic database size/limit: 0/214528 route-import database size/limit: 0/5000 import-site-reg database size/limit: 0/214528 dummy database size/limit: 0/214528 import-publication database size/limit: 0/214528 import-publication-cfg-prop database siz0 proxy database size: 0 Inactive (deconfig/away) size: 0 Publication entries exported to: Map-cache: 0 RIB: 0 Database: 0 Prefix-list: 0 Site-registeration entries exported to: Map-cache: 0 RIB: 0 Publication (Type - Config Propagation) en Database: 0 Encapsulation type: vxlan ================================================= Output for router lisp 0 instance-id 4099 ================================================= Instance ID: 4099 Router-lisp ID: 0 Locator table: default EID table: vrf VN3 Ingress Tunnel Router (ITR): disabled Egress Tunnel Router (ETR): enabled Proxy-ITR Router (PITR): enabled RLOCs: 172.16.1.67 Proxy-ETR Router (PETR): enabled NAT-traversal Router (NAT-RTR): disabled Mobility First-Hop Router: disabled Map Server (MS): disabled Map Resolver (MR): disabled Mr-use-petr: disabled First-Packet pETR: disabled Multiple IP per MAC support: disabled Delegated Database Tree (DDT): disabled Multicast Flood Access-Tunnel: disabled Publication-Subscription: enabled Publisher(s): 172.16.1.66 Site Registration Limit: 0 Map-Request source: derived from EID destination ITR Map-Resolver(s): 172.16.1.66 ETR Map-Server(s): 172.16.1.66 (00:37:05) xTR-ID: 0x585ED747-0x87D8E878-0xC58A505D-0x10E643FC site-ID: unspecified ITR local RLOC (last resort): 172.16.1.67 ITR Solicit Map Request (SMR): accept and process Max SMRs per map-cache entry: 8 more specifics Multiple SMR suppression time: 2 secs ETR accept mapping data: disabled, verify disabled ETR map-cache TTL: 1d00h Locator Status Algorithms: RLOC-probe algorithm: disabled RLOC-probe on route change: N/A (periodic probing disabled) RLOC-probe on member change: disabled LSB reports: process IPv4 RLOC minimum mask length: /32 IPv6 RLOC minimum mask length: /0 Map-cache: Static mappings configured: 0 Map-cache size/limit: 1/214528 Imported route count/limit: 0/5000 Map-cache activity check period: 60 secs Map-cache signal suppress: disabled Conservative-allocation: disabled Map-cache FIB updates: established Persistent map-cache: disabled Map-cache activity-tracking: enabled Global Top Source locator configuration: Loopback0 (172.16.1.67) Database: Total database mapping size: 2 static database size/limit: 2/214528 dynamic database size/limit: 0/214528 route-import database size/limit: 0/5000 import-site-reg database size/limit: 0/214528 dummy database size/limit: 0/214528 import-publication database size/limit: 0/214528 import-publication-cfg-prop database siz0 proxy database size: 0 Inactive (deconfig/away) size: 0 Publication entries exported to: Map-cache: 0 RIB: 0 Database: 0 Prefix-list: 0 Site-registeration entries exported to: Map-cache: 0 RIB: 0 Publication (Type - Config Propagation) en Database: 0 Encapsulation type: vxlan Border#
View the route table on the border node for the VN3 VRF: Border# show ip route vrf VN3 Routing Table: VN3 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route H - NHRP, G - NHRP registered, g - NHRP registration summary o - ODR, P - periodic downloaded static route, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR & - replicated local route overrides by connected Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks C 10.20.1.0/30 is directly connected, Vlan222 L 10.20.1.1/32 is directly connected, Vlan222 B 10.50.1.0/24 [200/0], 00:32:34, Null0 C 10.50.1.1/32 is directly connected, Loopback50 Border#

Table 3. Show Commands for the Fabric Edge Node
View the LISP sessions on the fabric edge node: `FabricEdge# show lisp session Sessions for VRF default, total: 2, established: 1 Peer State Up/Down In/Out Users 172.16.1.66:4342 Up 02:21:53 20/9 14 FabricEdge#`
View the Locator Set information on the fabric edge node: `FabricEdge# show lisp locator-set LISP Locator-set information: 172.16.1.68, local, reachable, loopback FabricEdge#`
View the route table on the fabric edge node for the VN3 VRF: FabricEdge# show ip route vrf VN3 Routing Table: VN3 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route H - NHRP, G - NHRP registered, g - NHRP registration summary o - ODR, P - periodic downloaded static route, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR & - replicated local route overrides by connected Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.50.1.0/24 is directly connected, Vlan50 L 10.50.1.1/32 is directly connected, Vlan50 FabricEdge#

View the LISP sessions on the fabric edge node:

FabricEdge# show lisp session
 
Sessions for VRF default, total: 2, established: 1
Peer                           State      Up/Down        In/Out    Users
172.16.1.66:4342                 Up         02:21:53       20/9      14
FabricEdge#

View the Locator Set information on the fabric edge node:

FabricEdge# show lisp locator-set 
LISP Locator-set information:

172.16.1.68, local, reachable, loopback

FabricEdge#

View the route table on the fabric edge node for the VN3 VRF:

FabricEdge# show ip route vrf VN3

Routing Table: VN3
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
       & - replicated local route overrides by connected

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.50.1.0/24 is directly connected, Vlan50
L        10.50.1.1/32 is directly connected, Vlan50
FabricEdge#

Configuration Example for an Internal Border Node

Here is a sample configuration for an internal border with Layer 3 handoff.

In the topology:

Internal border has a Loopback0 address of 172.16.1.67
Control plane node has a Loopback0 address of 172.16.1.66
Layer 3 handoff segment is 10.20.1.0/30, 2001:DB8:20::/126
Layer 3 handoff segment for Default Instance is 10.20.2.0/30

Ensure that there is IP reachability between all fabric nodes in the underlay.

IBN

vrf definition VN3
 rd 1:4099
 !
 address-family ipv4
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
 !
 address-family ipv6
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
!
 
vlan 222
 name 222
!
vlan 111
 name 111
!
interface Vlan111
 description interface to External router
 ip address 10.20.2.1 255.255.255.252
 no ip redirects
!
interface Vlan222
 description interface to External router
 vrf forwarding VN3
 ip address 10.20.1.1 255.255.255.252
 no ip redirects
 ipv6 address 2001:DB8:20::1/126
 ipv6 enable
!
interface FortyGigabitEthernet1/0/4
 switchport mode trunk
 

interface Loopback50
 description Loopback Border
 vrf forwarding VN3
 ip address 10.50.1.1 255.255.255.255
 ipv6 address 2001:DB8:2050::1/128
 ipv6 enable
 ipv6 dhcp relay trust
!
interface Loopback91
 description Loopback Border
 ip address 10.91.1.1 255.255.255.255
!
 
router lisp
 locator-table default
 locator-set eid_locator
 IPv4-interface Loopback0 priority 10 weight 10
  auto-discover-rlocs
  exit-locator-set
 !
 locator default-set eid_locator
!
 service ipv4
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.66
  itr map-resolver 172.16.1.66
  etr map-server 172.16.1.66 key some-key
  etr map-server 172.16.1.66 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-itr 172.16.1.67
  exit-service-ipv4
 !
 service ipv6
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.66
  itr map-resolver 172.16.1.66
  etr map-server 172.16.1.66 key some-key
  etr map-server 172.16.1.66 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-itr 172.16.1.67
  exit-service-ipv6
 !
 instance-id 4097
  remote-rloc-probe on-route-change
  service ipv4
   eid-table default
   map-cache 10.91.1.0/24 map-request
   exit-service-ipv4
  !
  exit-instance-id
 !
 instance-id 4099
  remote-rloc-probe on-route-change
  service ipv4
   eid-table vrf VN3
   map-cache 0.0.0.0/0 map-request
   route-import database bgp 600 route-map MATCH_DC_ROUTE locator-set eid_locator
   exit-service-ipv4
  !
  service ipv6
   eid-table vrf VN3
   map-cache ::/0 map-request
   route-import database bgp 600 route-map MATCH_DC_ROUTE_V6 locator-set eid_locator
   exit-service-ipv6
  !
  exit-instance-id
 !
 ipv4 locator reachability minimum-mask-length 32
 ipv4 source-locator Loopback0
 exit-router-lisp
 
 
router bgp 600
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 bgp graceful-restart
 ! 
 address-family ipv4
  bgp redistribute-internal
  bgp aggregate-timer 0
  network 10.20.2.0 mask 255.255.255.252
  network 10.91.1.1 mask 255.255.255.255
  aggregate-address 10.91.1.0 255.255.255.0 summary-only
  redistribute lisp metric 10 route-map LISP_TO_BGP
  neighbor 10.20.2.2 remote-as 300
  neighbor 10.20.2.2 update-source Vlan111
  neighbor 10.20.2.2 activate
  neighbor 10.20.2.2 send-community both
 exit-address-family
 !
 address-family ipv4 vrf VN3
  bgp aggregate-timer 0
  network 10.20.1.0 mask 255.255.255.252
  network 10.50.1.1 mask 255.255.255.255
  aggregate-address 10.50.1.0 255.255.255.0 summary-only
  redistribute lisp metric 10 route-map LISP_TO_BGP
  neighbor 10.20.1.2 remote-as 300
  neighbor 10.20.1.2 update-source Vlan222
  neighbor 10.20.1.2 activate
  neighbor 10.20.1.2 send-community both
  neighbor 10.20.1.2 weight 65535
 exit-address-family
 !
 address-family ipv6 vrf VN3
  redistribute lisp metric 10 route-map LISP_TO_BGP
  bgp aggregate-timer 0
  network 2001:DB8:20::/126
  network 2001:DB8:2050::1/128
  aggregate-address 2001:DB8:2050::/64 summary-only
  neighbor 2001:DB8:20::2 remote-as 300
  neighbor 2001:DB8:20::2 update-source Vlan222
  neighbor 2001:DB8:20::2 activate
  neighbor 2001:DB8:20::2 send-community both
  neighbor 2001:DB8:20::2 weight 65535
 exit-address-family
 
 
!
route-map LISP_TO_BGP permit 10
 description AS-number tag
 set as-path tag
!
 
ip prefix-list DENY_0.0.0.0 seq 10 permit 0.0.0.0/0
!
ip prefix-list L3HANDOFF_PREFIXES seq 63755909 permit 10.20.2.0/30
ip prefix-list L3HANDOFF_PREFIXES seq 828011002 permit 10.20.1.0/30
!
ipv6 prefix-list DENY_IPV6_0 seq 10 permit ::/0
!
ipv6 prefix-list L3HANDOFF_PREFIXES seq 568642686 permit 2001:DB8:20::/126
 
route-map MATCH_DC_ROUTE deny 5
 description Deny IPV4 default route
 match ip address prefix-list DENY_0.0.0.0
!
route-map MATCH_DC_ROUTE deny 17
 description Deny L3Handoff Prefixes
 match ip address prefix-list L3HANDOFF_PREFIXES
!
route-map MATCH_DC_ROUTE permit 20
 description Permit DC routes
 match tag 300
!
route-map MATCH_DC_ROUTE_V6 deny 5
 description Deny IPV6 default route
 match ipv6 address prefix-list DENY_IPV6_0
!
route-map MATCH_DC_ROUTE_V6 deny 17
 description Deny L3Handoff IPV6 Prefixes
 match ipv6 address prefix-list L3HANDOFF_PREFIXES
!
route-map MATCH_DC_ROUTE_V6 permit 20
 description Permit DC routes
 match tag 300

Configuration Example for an Internal and External Border

Here is a sample configuration for an internal and external border with Layer 3 handoff.

In the topology:

Border has a Loopback0 address of 172.16.1.67
Control plane node has a Loopback0 address of 172.16.1.66
Layer 3 handoff segment for VN3 (user-defined VRF) is 10.20.1.0/30, 2001:DB8:20::/126
Layer 3 handoff segment for Default Instance is 10.20.2.0/30

Ensure that there is IP reachability between all fabric nodes in the underlay.

Internal+External BN

vrf definition VN3
 rd 1:4099
 !
 address-family ipv4
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
 !
 address-family ipv6
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
 
vlan 222
 name 222
!
vlan 111
 name 111
!
interface Vlan111
 description interface to External router
 ip address 10.20.2.1 255.255.255.252
 no ip redirects
!
interface Vlan222
 description interface to External router
 vrf forwarding VN3
 ip address 10.20.1.1 255.255.255.252
 no ip redirects
 ipv6 address 2001:DB8:20::1/126
 ipv6 enable
 
!

interface FortyGigabitEthernet1/0/4
 switchport mode trunk
  
  
interface Loopback50
 description Loopback Border
 vrf forwarding VN3
 ip address 10.50.1.1 255.255.255.255
 ipv6 address 2001:DB8:2050::1/128
 ipv6 enable
 ipv6 dhcp relay trust
!
 

interface Loopback91
 description Loopback Border
 ip address 10.91.1.1 255.255.255.255
!
 
router lisp
 locator-table default
 locator-set default_etr_locator
  IPv4-interface Loopback0 priority 10 weight 10
  exit-locator-set
 !
 locator-set eid_locator 
  IPv4-interface Loopback0 priority 10 weight 10
  auto-discover-rlocs
  exit-locator-set
 !
 locator default-set eid_locator
!
 service ipv4
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.66
  itr map-resolver 172.16.1.66
  etr map-server 172.16.1.66 key some-key
  etr map-server 172.16.1.66 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-etr
  proxy-itr 172.16.1.67
  exit-service-ipv4
 !
 service ipv6
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.66
  itr map-resolver 172.16.1.66
  etr map-server 172.16.1.66 key some-key
  etr map-server 172.16.1.66 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-etr
  proxy-itr 172.16.1.67
  exit-service-ipv6
 !
 instance-id 4097
  remote-rloc-probe on-route-change
  service ipv4
   eid-table default
   map-cache 10.91.1.0/24 map-request
   exit-service-ipv4
  !
  instance-id 4099
  remote-rloc-probe on-route-change
  service ipv4
   eid-table vrf VN3
   database-mapping 0.0.0.0/0 locator-set default_etr_locator default-etr local
   route-import database bgp 600 route-map MATCH_DC_ROUTE locator-set eid_locator
   exit-service-ipv4
  !
  service ipv6
   eid-table vrf VN3
   database-mapping ::/0 locator-set default_etr_locator default-etr local
   route-import database bgp 600 route-map MATCH_DC_ROUTE_V6 locator-set eid_locator
   exit-service-ipv6
  !
  exit-instance-id
 !
 ipv4 locator reachability minimum-mask-length 32
 ipv4 source-locator Loopback0
 exit-router-lisp
!
 

router bgp 600
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 bgp graceful-restart
 !
 address-family ipv4
  bgp redistribute-internal
  bgp aggregate-timer 0
  network 10.20.2.0 mask 255.255.255.252
  network 10.91.1.1 mask 255.255.255.255
  aggregate-address 10.91.1.0 255.255.255.0 summary-only
  redistribute lisp metric 10 route-map LISP_TO_BGP
  neighbor 10.20.2.2 remote-as 300
  neighbor 10.20.2.2 update-source Vlan111
  neighbor 10.20.2.2 activate
  neighbor 10.20.2.2 send-community both  
 exit-address-family
 !
 address-family ipv4 vrf VN3
  bgp aggregate-timer 0
  network 10.20.1.0 mask 255.255.255.252
  network 10.50.1.1 mask 255.255.255.255
  aggregate-address 10.50.1.0 255.255.255.0 summary-only
  redistribute lisp metric 10 route-map LISP_TO_BGP
  neighbor 10.20.1.2 remote-as 300
  neighbor 10.20.1.2 update-source Vlan222
  neighbor 10.20.1.2 activate
  neighbor 10.20.1.2 send-community both
  neighbor 10.20.1.2 weight 65535
 exit-address-family
 !
 address-family ipv6 vrf VN3
  redistribute lisp metric 10 route-map LISP_TO_BGP
  bgp aggregate-timer 0
  network 2001:DB8:20::/126
  network 2001:DB8:2050::1/128
  aggregate-address 2001:DB8:2050::/64 summary-only
  neighbor 2001:DB8:20::2 remote-as 300
  neighbor 2001:DB8:20::2 update-source Vlan222
  neighbor 2001:DB8:20::2 activate
  neighbor 2001:DB8:20::2 send-community both
  neighbor 2001:DB8:20::2 weight 65535
 exit-address-family
!
 
ip prefix-list DENY_0.0.0.0 seq 10 permit 0.0.0.0/0
!
ip prefix-list L3HANDOFF_PREFIXES seq 63755909 permit 10.20.2.0/30
ip prefix-list L3HANDOFF_PREFIXES seq 828011002 permit 10.20.1.0/30
!
ipv6 prefix-list DENY_IPV6_0 seq 10 permit ::/0
!
ipv6 prefix-list L3HANDOFF_PREFIXES seq 568642686 permit 2001:DB8:20::/126
!
route-map MATCH_DC_ROUTE deny 5
 description Deny IPV4 default route
 match ip address prefix-list DENY_0.0.0.0
!
route-map MATCH_DC_ROUTE deny 17
 description Deny L3Handoff Prefixes
 match ip address prefix-list L3HANDOFF_PREFIXES
!
route-map MATCH_DC_ROUTE permit 20
 description Permit DC routes
 match tag 300
!
route-map MATCH_DC_ROUTE_V6 deny 5
 description Deny IPV6 default route
 match ipv6 address prefix-list DENY_IPV6_0
!
route-map MATCH_DC_ROUTE_V6 deny 17
 description Deny L3Handoff IPV6 Prefixes
 match ipv6 address prefix-list L3HANDOFF_PREFIXES
!
route-map MATCH_DC_ROUTE_V6 permit 20
 description Permit DC routes
 match tag 300
!
 
route-map LISP_TO_BGP permit 10
 description AS-number tag
 set as-path tag

Configuration Example for Colocated Border Node

Here is a sample configuration for a colocated control plane node and external border node (BNCP) without Layer 3 handoff.

Figure 2. LISP VXLAN Fabric with Colocated Border and Control Plane Nodes

Ensure that there is IP reachability between all fabric nodes in the underlay.

BNCP

vrf definition VN3
 rd 1:4099
 !
 address-family ipv4
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
 !
 address-family ipv6
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
!

interface Loopback50
 description Loopback Border
 vrf forwarding VN3
 ip address 10.50.1.1 255.255.255.255
 ipv6 address 2001:DB8:2050::1/128
 ipv6 enable
 ipv6 dhcp relay trust
!
!
interface Loopback91
 description Loopback Border
 ip address 10.91.1.1 255.255.255.255
!

router lisp
 locator-table default
 locator-set default_etr_locator
  IPv4-interface Loopback0 priority 10 weight 10
  exit-locator-set
 !
 locator-set rloc_site1
  IPv4-interface Loopback0 priority 10 weight 10
  auto-discover-rlocs
  exit-locator-set
 !
 locator default-set rloc_set1
 service ipv4
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.66
  import publication publisher 172.16.1.67
  itr map-resolver 172.16.1.66
  itr map-resolver 172.16.1.67
  etr map-server 172.16.1.66 key auth-key
  etr map-server 172.16.1.66 proxy-reply
  etr map-server 172.16.1.67 key some-key
  etr map-server 172.16.1.67 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-etr
  proxy-itr 172.16.1.66
  map-server
  map-resolver
  exit-service-ipv4
 !
 service ipv6
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.66
  import publication publisher 172.16.1.67
  itr map-resolver 172.16.1.66
  itr map-resolver 172.16.1.67
  etr map-server 172.16.1.66 key auth-key
  etr map-server 172.16.1.66 proxy-reply
  etr map-server 172.16.1.67 key some-key
  etr map-server 172.16.1.67 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-etr
  proxy-itr 172.16.1.66
  map-server
  map-resolver
  exit-service-ipv6
 !
 
 instance-id 4097
  remote-rloc-probe on-route-change
  service ipv4
   eid-table default
   map-cache 10.91.1.0/24 map-request
   exit-service-ipv4
  !
  exit-instance-id
 !
 
 instance-id 4099
  remote-rloc-probe on-route-change
  service ipv4
   eid-table vrf VN3
   database-mapping 0.0.0.0/0 locator-set default_etr_locator default-etr local
   exit-service-ipv4
  !
  service ipv6
   eid-table vrf VN3
   database-mapping ::/0 locator-set default_etr_locator default-etr local
   exit-service-ipv6
  !
  exit-instance-id
 !
 site site_uci
  description map-server uci_map_server
  authentication-key some-key
  eid-record instance-id 4097 0.0.0.0/0 accept-more-specifics     //To import routes from external network
  eid-record instance-id 4097 10.91.1.0/24 accept-more-specifics  //Fabric prefix
  eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics     //To import routes from external network
  eid-record instance-id 4099 10.50.1.0/24 accept-more-specifics  //Fabric prefix
  eid-record instance-id 4099 ::/0 accept-more-specifics          //To import routes from external network
  eid-record instance-id 4099 2001:DB8:2050::/64 accept-more-specifics
  eid-record instance-id 8194 any-mac
  eid-record instance-id 8197 any-mac
  allow-locator-default-etr instance-id 4097 ipv4
  allow-locator-default-etr instance-id 4099 ipv4
  allow-locator-default-etr instance-id 4099 ipv6
  exit-site
 !
 ipv4 locator reachability minimum-mask-length 32
 ipv4 source-locator Loopback0
!

router bgp 700
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 bgp graceful-restart
 !
 address-family ipv4
  bgp redistribute-internal
  bgp aggregate-timer 0
  network 10.91.1.1 mask 255.255.255.255
 exit-address-family
 !
 address-family ipv4 vrf VN3
  bgp aggregate-timer 0
  network 10.50.1.1 mask 255.255.255.255
 exit-address-family
 !
 address-family ipv6 vrf VN3
  bgp aggregate-timer 0
  network 2001:DB8:2050::1/128
 exit-address-family
!
!

Verify Colocated Border and Control Plane Node

This section provides sample outputs for the show commands on the fabric edge nodes in the topology shown above.

In the topology, 172.16.1.68 and 172.16.1.69 are Fabric Edge Nodes; 172.16.1.67 is a colocated border and control plane node; 172.16.1.66 is another colocated border and control plane node.

The show lisp session command displays a summary of the the LISP sessions on the colocated control plane and border node device.

Note that the 4342 port on 172.16.1.66 and 172.16.1.67 is the control plane LISP server.

As you can see in the output below, each colocated control plane and border node shows two LISP sessions on the same device.

The LISP session entries for 172.16.1.66:4342 and 172.16.1.67:4342 indicate the LISP session from the border node to the control plane on the respective device. The LISP session entries 172.16.1.66:52946 and 172.16.1.67:13864 indicate the sessions from the control plane to the border on the respective device.

BNCP# show lisp session 

Sessions for VRF default, total: 10, established: 6
Peer                           State      Up/Down        In/Out    Users
172.16.1.69:27785                Up         1d04h           9/27     8
172.16.1.66:4342                 Up         1d04h         172/27     7
172.16.1.66:52946                Up         1d04h          27/172    7
172.16.1.68:33554                Up         1d02h          11/17     8
172.16.1.67:4342                 Up         1d03h          39/17     8
172.16.1.67:13864                Up         1d03h          14/35     7
BNCP#

View the LISP session with the edge node:

BNCP# show lisp session 172.16.1.69

Peer address:     172.16.1.69:27785
Local address:    172.16.1.66:4342
Session Type:     Passive
Session State:    Up (1d04h)
Messages in/out:  9/27
Bytes in/out:     276/1666
Fatal errors:     0
Rcvd unsupported: 0
Rcvd invalid VRF: 0
Rcvd override:    0
Rcvd malformed:   0
Sent deferred:    0
SSO redundancy:   unsynchronized
Auth Type:        None 

Accepting Users:  1
Users:            8
  Type                      ID                                      In/Out    State
  Capability Exchange       N/A                                      1/1      waiting
  MS Reliable Registration  lisp 0 IID 4097 AFI IPv4                 1/0      idle
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 4097 AFI IPv6                 1/0      idle
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 4099 AFI IPv4                 1/0      idle
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 4099 AFI IPv6                 1/0      idle
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 8194 AFI MAC                  1/0      idle
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 8197 AFI MAC                  1/0      idle
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 16777214 AFI IPv4             2/13     waiting
    WLC subscription received
BNCP#

View a summary of the LISP service IPv4 instances on the colocated border and control plane node:

BNCP# show lisp service ipv4 summary 
Router-lisp ID:   0
Instance count:   5
Key: DB - Local EID Database entry count (@ - RLOC check pending
                                          * - RLOC consistency problem),
     DB no route - Local EID DB entries with no matching RIB route,
     Cache - Remote EID mapping cache size, IID - Instance ID,
     Role - Configured Role

                      Interface    DB  DB no  Cache Incom Cache 
EID VRF name             (.IID)  size  route   size plete  Idle Role
default              LISP0.4097     0      0      1  0.0%  0.0% ETR-PITR-PETR
VN3                  LISP0.4099     1      1      0    0%    0% ETR-PITR-PETR

Number of eid-tables:                                 2
Total number of database entries:                     1 (inactive 0)
Maximum database entries:                        214528
EID-tables with inconsistent locators:                0
Total number of map-cache entries:                    1
Maximum map-cache entries:                       214528
EID-tables with incomplete map-cache entries:         0
EID-tables pending map-cache update to FIB:           0
BNCP1#

View the LISP EID statistics related to packet encapsulations, de-encapsulations, map requests, map replies, map registers, and other LISP-related packets on the colocated border and control plane node::


BNCP# show lisp service ipv4 statistics 
LISP EID Statistics for all EID instances - last cleared: never
Control Packets:
  Map-Requests in/out:                              170/2
    Map-Requests in (5 sec/1 min/5 min):            0/5/22
    Encapsulated Map-Requests in/out:               51/0
    RLOC-probe Map-Requests in/out:                 119/2
    SMR-based Map-Requests in/out:                  0/0
    Extranet SMR cross-IID Map-Requests in:         0
    Map-Requests expired on-queue/no-reply          0/0
    Map-Resolver Map-Requests forwarded:            0
    Map-Server Map-Requests forwarded:              0
  Map-Reply records in/out:                         0/0
    Authoritative records in/out:                   0/0
    Non-authoritative records in/out:               0/0
    Negative records in/out:                        0/0
    RLOC-probe records in/out:                      0/0
    Map-Server Proxy-Reply records out:             0
  WLC Map-Subscribe records in/out:                 11/5
    Map-Subscribe failures in/out:                  0/0
  WLC Map-Unsubscribe records in/out:               0/0
    Map-Unsubscribe failures in/out:                0/0
  Map-Register records in/out:                      16/14
    Map-Registers in (5 sec/1 min/5 min):           0/0/0
    Map-Server AF disabled:                         0
    Not valid site eid prefix:                      7
    Authentication failures:                        0
    Disallowed locators:                            0
    Miscellaneous:                                  0
  WLC Map-Register records in/out:                  0/0
    WLC AP Map-Register in/out:                     0/0
    WLC Client Map-Register in/out:                 0/0
    WLC Map-Register failures in/out:               0/0
  Map-Notify records in/out:                        22/35
    Authentication failures:                        0
  WLC Map-Notify records in/out:                    0/0
    WLC AP Map-Notify in/out:                       0/0
    WLC Client Map-Notify in/out:                   0/0
    WLC Map-Notify failures in/out:                 0/0
  Publish-Subscribe in/out:                         
    Subscription Request records in/out:            6/6
      IID subscription requests in/out:             6/6
      Pub-refresh subscription requests in/out:     0/0
      Policy subscription requests in/out:          0/0
    Subscription Request failures in/out:           0/0
    Subscription Status records in/out:             11/10
      End of Publication records in/out:            11/10
      Subscription rejected records in/out:         0/0
      Subscription removed records in/out:          0/0
    Subscription Status failures in/out:            0/0
    Solicit Subscription records in/out:            12/15
    Solicit Subscription failures in/out:           0/0
    Publication records in/out:                     7/6
    Publication failures in/out:                    0/0
Errors:
  Mapping record TTL alerts:                        0
  Map-Request invalid source rloc drops:            0
  Map-Register invalid source rloc drops:           0
  DDT Requests failed:                              0
  DDT ITR Map-Requests dropped:                     0 (nonce-collision: 0, bad-xTR-nonce: 0)
Cache Related:
  Cache entries created/deleted:                    1/0
  NSF CEF replay entry count                        0
  Number of rejected EID-prefixes due to limit:     0
Forwarding:
  Number of data signals processed:                 0 (+ dropped 0)
  Number of reachability reports:                   0 (+ dropped 0)
  Number of SMR signals dropped:                    0
LISP RLOC Statistics - last cleared: never
Control Packets:
  RTR Map-Requests forwarded:                       0
  RTR Map-Notifies forwarded:                       0
  DDT-Map-Requests in/out:                          0/0
  DDT-Map-Referrals in/out:                         0/0
Errors:
  Map-Request format errors:                        0
  Map-Reply format errors:                          0
  Map-Referral format errors:                       0
LISP Miscellaneous Statistics - last cleared: never
Errors:
  Invalid IP version drops:                         0
  Invalid IP header drops:                          0
  Invalid IP proto field drops:                     0
  Invalid packet size drops:                        0
  Invalid LISP control port drops:                  0
  Invalid LISP checksum drops:                      0
  Unsupported LISP packet type drops:               0
  Unknown packet drops:                             0
BNCP#

View the detailed information on the remote IPv4 EID-prefix forwarding. Remote EID-prefixes are the destination prefixes.

BNCP# show lisp service ipv4 forwarding eid remote detail 
Prefix                 Fwd action  Locator status bits   encap_iid
10.91.1.0/24           signal      0x00000000            N/A
  packets/bytes       2/1152
  path list 7FAE553FE0D8, 4 locks, per-destination, flags 0x49 [shble, rif, hwcn]
    ifnums:
      LISP0.4097(75)
    1 path
      path 7FAE574157A8, share 1/1, type attached prefix, for IPv4
        attached to LISP0.4097, glean for LISP0.4097
    1 output chain
      chain[0]: glean for LISP0.4097
BNCP#

View the LISP IPv4 service instance forwarding state.

BNCP# show lisp service ipv4 forwarding state  
LISP forwarding state for EID table IPv4:Default
  Instance ID                  4097
  EID VRF                      Default (0x0)
    IPv4
      Configured roles         ETR|PITR|PETR
      EID table                IPv4:Default
      ALT table                <null>
      Locator status bits      Disabled
      Nonce                    SGT
      TTL Propagation          Enabled
      Table Suppression        Disabled
      SGT Policy Fwd           Disabled
    IPv6
      Configured role          DISABLED
      EID table                <null>
      ALT table                <null>
      Locator status bits      Disabled
      Nonce                    N/A
      TTL Propagation          Enabled
      Table Suppression        Disabled
      SGT Policy Fwd           Disabled
    L2
      Configured role          DISABLED
      L2 Domain ID             0
      IPv4 Unnum I/F           N/A
      IPv6 Unnum I/F           N/A
    RLOC transport VRF         Default (0x0)
      IPv4 RLOC table          IPv4:Default
      IPv6 RLOC table          IPv6:Default
      IPv4 path MTU discovery  min  576 max 65535
      IPv6 path MTU discovery  min 1280 max 65535
      IPv4 RLOC fltr handle    0x0
      IPv6 RLOC fltr handle    0x0
    LISP router ID             0
    LISP virtual interface     LISP0.4097
    User                       LISP
BNCP#


BNCP# show lisp service ipv4 forwarding statistics 
IPv4 LISP Forwarding Statistics
 Map requests              0
 Map requests resolve DGT  0
 Unexpected map requests   0
 Map cache deletes         0
BNCP#

View the dynamic interfaces that are created after LISP configuration on the colocated control plane and border node:

BNCP# show ip interface brief | i LISP
Interface              IP-Address      OK? Method Status                Protocol
LISP0                  unassigned      YES unset  up                    up      
LISP0.4097             172.16.1.66     YES unset  up                    up      
LISP0.4099             10.50.1.1       YES unset  up                    up      
BNCP#

LISP VXLAN Fabric Configuration Guide, Cisco IOS XE Cupertino 17.9.x (Catalyst 9000 Series Switches)

Bias-Free Language

Results

Chapter: Configuring Border Node

Configuring Border Node

Functions of a Border Node

How to Configure an External Border Node

How to Configure an Internal Border Node

Detailed Steps to Configure a Border Node

Configure VRF

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure Layer 3 Handoff SVI

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure the Interface that Connects to an Upstream Router

Procedure

Example:

Example:

Example:

Example:

Example:

Configure Loopback for Overlay Segment in User-Defined VRF

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure Loopback for Overlay Segment in the Default Instance of LISP (Global Routing Table)

Procedure

Example:

Example:

Example:

Example:

Example:

Configure LISP

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example: