Configuring Control Plane Node

A LISP VXLAN control plane node controls and manages the routing information between the devices in the network. It maintains a host tracking database to identify and map the endpoints' identity with their location information.

The following devices can be configured as control plane nodes:

  • Cisco Catalyst 9300 Series Switches

  • Cisco Catalyst 9400 Series Switches

  • Cisco Catalyst 9500 Series Switches

  • Cisco Catalyst 9600 Series Switches

Functions of a Control Plane Node

A fabric control plane node performs the following functions in the fabric:

  • Host Tracking Database (HTDB): HTDB is a repository that contains the mapping of an endpoint ID to its routing locator (EID-to-RLOC). Routing locator is the IP address of the loopback interface of the fabric device to which the endpoint is connected. The control plane builds and maintains the HTDB.

  • Endpoint Identifier (EID): An EID is an address used for identifying an endpoint device in the network. The endpoint information that is registered by a fabric edge node is updated in the HTDB. HTDB supports IPv4, IPv6, and MAC addresses as endpoint IDs.

  • LISP Map-Server: The control plane receives endpoint ID map registrations from the edge and border nodes. This information is used to populate the HTDB.

  • LISP Map-Resolver: The control plane resolves the lookup requests from edge and border nodes, to locate destination endpoint IDs. This tells the requesting device to which fabric node an endpoint is connected and thus where to direct traffic.

How to Configure a Control Plane Node


Note

Before you begin, ensure that the underlay network links are configured for routed access connectivity.

Task

Purpose

Configure LISP to build the endpoint identifier (EID) namespace and the routing information table.

  • Configure a LISP site to maintain the endpoint ID namespace. A control plane node builds the HTDB using the endpoint information that it receives from the fabric edge nodes.

  • Configure a Map Server to receive and store the endpoint registrations.

  • Configure a Map Resolver to resolve a lookup request for route to destination endpoints. Map Resolver tells the requesting device to which fabric node an endpoint is connected and directs the traffic flow from one endpoint to another.

Configure LISP

To configure LISP on a control plane node, perform this task:

Procedure

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

router lisp

Example:

Device(config)# router lisp

Enters LISP configuration mode.

Step 4

locator-table default

Example:

Device(config-router-lisp)# locator-table default

Selects the default (global) routing table for association with the routing locator address space.

Step 5

service { ipv4| ipv6}

Example:

Device(config-router-lisp)# service ipv4
Device(config-router-lisp)# service ipv6

Enables network services for the default instance.

service ipv4 : Enables Layer 3 network services for the IPv4 address family.

service ipv6 : Enables Layer 3 network services for the IPv6 address family.

Step 6

encapsulation vxlan

Example:

Device(config-router-lisp-serv-ipv4)# encapsulation vxlan
Device(config-router-lisp-serv-ipv6)# encapsulation vxlan

Specifies VXLAN-based encapsulation for the configured IP address family.

Step 7

sgt

Example:

Device(config-router-lisp-serv-ipv4)# sgt
Device(config-router-lisp-serv-ipv6)# sgt

(Optional) Enables the Security Group Tag (SGT) function for SGT tag propagation, for the configured IP address family. Configure this command only if you need SGT propagation in your fabric network.

Step 8

map-server

Example:

Device(config-router-lisp-serv-ipv4)# map-server
Device(config-router-lisp-serv-ipv6)# map-server

Configures a LISP map server (MS).

Step 9

map-resolver

Example:

Device(config-router-lisp-serv-ipv4)# map-resolver
Device(config-router-lisp-serv-ipv6)# map-resolver

Configures a LISP map resolver (MR).

Step 10

Do one of the following:

  • exit-service-ipv4
  • exit-service-ipv6

Example:

Device(config-router-lisp-serv-ipv4)# exit-service-ipv4
Device(config-router-lisp-serv-ipv6)# exit-service-ipv6

Exits service configuration mode, and enters LISP configuration mode.

Use the appropriate command, depending on which service mode you are exiting from (IPv4 or IPv6 service mode).

Step 11

service ethernet

Example:

Device(config-router-lisp)# service ethernet

Enables Layer 2 network services.

Step 12

map-server

Example:

Device(config-router-lisp-serv-eth)# map-server

Configures a LISP map server (MS).

Step 13

map-resolver

Example:

Device(config-router-lisp-serv-eth)# map-resolver

Configures a LISP map resolver (MR).

Step 14

exit-service-ethernet

Example:

Device(config-router-lisp-serv-eth)# exit-service-ethernet

Exits service configuration mode, and enters LISP configuration mode.

Step 15

site site-name

Example:

Device(config-router-lisp)# site site_uci

Specifies a LISP site and enters LISP site configuration mode.

A LISP site name is locally significant to the map server on which it is configured. It has no relevance anywhere else. This name is used solely as an administrative means of associating one or more EID prefixes with an authentication key and other site-related mechanisms.

Step 16

description description

Example:

Device(config-router-lisp-site)# description map-server

Provides a description for the LISP site.

Step 17

authentication-key { key-type} authentication-key

Example:

Device(config-router-lisp-site)# authentication-key some-key

Configures the password used to create the Hashed Message Authentication Code (HMAC) Secure Hash Algorithm (SHA-1) hash for authenticating the map-register messages sent by edge nodes when registering with the control plane node.

Use the following values for key-type, depending on the type of authentication desired:

  • 0: Specifies that an unencrypted password follows

  • 6: Specifies that an encrypted (AES) password follows

  • 7: Specifies that an encrypted (weak) password follows

  • <any word>: the unencrypted (cleartext) password

Note

 

Ensure that you have the same authentication key configured on all the fabric nodes in your network.

Step 18

eid-record instance-id instance-id[ eid-prefix] [ accept-more-specifics]

Example:

Device(config-router-lisp-site)# eid-record instance-id 4099 10.50.1.0/24 accept-more-specifics
Device(config-router-lisp-site)# eid-record instance-id 8197 any-mac

Configures EID prefixes that are associated with this LISP instance ID. A LISP instance ID is a unique identifier for LISP instance and is associated with a routing table (VRF) or a switching table (VLAN).

eid-prefix can be IPv4 or IPv6 or MAC EID prefixes.

accept-more-specifics allows the site to accept registrations for more EID prefixes

Use this command to configure the EID prefixes that are allowed in a map-register message sent by the edge device when registering with the control plane node. Configure 0.0.0.0/0 as eid-prefix for a default instance, if you have to import unregistered prefixes into the LISP database.

  • Repeat this step as necessary to configure additional EID prefixes under the LISP instance.

Step 19

allow-locator-default-etr instance-id instance-id {ipv4 | ipv6}

Example:

Device(config-router-lisp-site)# allow-locator-default-etr instance-id 4099 ipv4
Device(config-router-lisp-site)#  allow-locator-default-etr instance-id 4099 ipv6

Configures the LISP site to accept default egress tunnel router (ETR) registrations for a particular instance-id and a given service level (IPv4 or IPv6) within that instance-id.

A default ETR handles the unknown EID prefixes, which are the EID prefixes that are not present in the control plane database. A border node that registers with the control plane node as a default ETR tracks the unknown EID prefixes in each of their VRF tables (a given service level within an instance ID).

Step 20

exit-site

Example:

Device(config-router-lisp-site)# exit-site

Exits the LISP Site configuration mode, and enters LISP configuration mode.

Step 21

ipv4 source-locator Loopback loopback-interface-number

Example:

Device(config-router-lisp)# ipv4 source-locator Loopback0
Specifies the interface whose IPv4 address should be used as the source locator address for outbound LISP encapsulated packets.

Step 22

exit-router-lisp

Example:

Device(config-router-lisp)# exit-router-lisp

Exits LISP configuration mode, and enters global configuration mode.

Step 23

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Configuration Example for a Control Plane Node

This example shows a sample configuration for a control plane node in a LISP VXLAN-based fabric with two border nodes, two control plane nodes, and two fabric edge nodes. VLAN50 is configured on Fabric Edge 1 and VLAN91 is configured on Fabric Edge 2.

This example only shows the configuration of a control plane node. It does not show any other prior configuration such as that of an underlay.

Figure 1. LISP VXLAN Fabric Topology

CP


router lisp
 locator-table default
 service ipv4
  encapsulation vxlan
  sgt 
  map-server
  map-resolver
  exit-service-ipv4
 !
 service ipv6
  encapsulation vxlan
  sgt
  map-server
  map-resolver
  exit-service-ipv6
 !
 service ethernet
  map-server
  map-resolver
  exit-service-ethernet
 !
 !
 site site_uci
  description map-server
  authentication-key some-key
  eid-record instance-id 4097 0.0.0.0/0 accept-more-specifics     //to import routes from external network
  eid-record instance-id 4097 10.91.1.0/24 accept-more-specifics  //10.91.1.0/24 is a fabric prefix
  eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics     //to import routes from external network
  eid-record instance-id 4099 10.50.1.0/24 accept-more-specifics  //10.50.1.0/24 is fabric prefix
  eid-record instance-id 4099 ::/0 accept-more-specifics          //to import routes from external network
  eid-record instance-id 4099 2001:DB8:2050::/64 accept-more-specifics  //fabric prefix
  eid-record instance-id 8194 any-mac
  eid-record instance-id 8197 any-mac
  allow-locator-default-etr instance-id 4097 ipv4
  allow-locator-default-etr instance-id 4099 ipv4
  allow-locator-default-etr instance-id 4099 ipv6
  exit-site
 !
 ipv4 source-locator Loopback0
 exit-router-lisp
!

Note

Configure the 0.0.0.0/0 and ::/0 EID prefixes if you have to import routes from external network into the LISP database. A typical case would be if your fabric is connected to a Data Center. The Data Center pushes EID prefixes that are not known in the LISP database and that are imported into the fabric through BGP.