Campus fabric architecture for Enterprise network uses Locator IP Separator Protocol (LISP) as its overlay protocol. The overlay virtual network uses Virtual Routing and Forwarding (VRF) to provide segmentation, isolation, and security among the network elements. LISP binds VRFs to instance IDs (IIDs) and these IIDs are included in the LISP header to provide traffic flow separation for single or multi-hop needs.
LISP learned mappings are kept within same instance ID (IID) or VRF context and is not shared across IIDs or VRFs. When two hosts (subscriber and provider) communicate to each other across the IIDs, LISP mappings are shared across the IIDs. This communication support across IIDs is called Extranet or LISP VRF Leaking.
Cisco IOS XE 16.6.1 supports inter-VRF communication through LISP, providing the hosts (endpoints) access to resources in other VRF while maintaining the isolation between the hosts themselves.
In the following topology, assume that hosts H1, H2 are in VRF A corresponding to IID 1000. Host H11 is in VRF B corresponding to IID 2000. Host H22 is in VRF C corresponding to IID 3000. All hosts in VRF A, VRF B, and VRF C access shared services from server H3 in VRF S, corresponding to IID 5000. You can achieve this by configuring an extranet policy on the MSMR (xTR3), as shown in the figure
Figure 1. Inter-VRF Communication in Campus Fabric
Following are the sequence of events that occur:
ETRs (xTR1 and xTR2) detect local hosts(H1, H11 and H2, H22 respectively) and register them in the corresponding source IIDs (1000, 2000 and 3000).
When ITR (xTR1) receives a request from H1 to communicate to H3, it generates map-requests for destination prefix (H3) in the context of source IID 1000.
MSMR(xTR3) receives the map-request and does not find the destination eid/prefix, H3, in the source IID context (1000). It looks up H3 in the extranet policy table to determine the destination IID (5000). MSMR adds the destination IID (5000) as encapsulation IID to the map-reply packet and sends it to xTR1.
On receiving the map reply, xTR1 installs the destination VRF as the encapsulation IID (5000) with EID and RLOC in the map-cache. xTR1 uses the source IID (1000) to match the incoming packets from its hosts. It encapsulates the packets towards remote RLOCs with encapsulation IID (5000) instead of source IID (1000) .