Cisco Nexus 7000 Series NX-OS LISP Configuration Guide First Published: 2011-10-25 Last Modified: 2014-04-25 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-25808-03
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cisco Nexus 7000 Series NX-OS LISP Configuration GuideFirst Published: 2011-10-25
Last Modified: 2014-04-25
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883
Text Part Number: OL-25808-03
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS"WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)
C H A P T E R 4 Configuring LISP ESMMultihop Mobility 33
Finding Feature Information 33
Information About LISP ESM Multihop Mobility 34
Licensing Requirements for LISP 34
Cisco Nexus 7000 Series NX-OS LISP Configuration Guideiv OL-25808-03
Contents
Guidelines and Limitations for LISP ESM Multihop Mobility 34
Default Settings for LISP 34
Configuring LISP ESM Multihop Mobility 35
Configuring the First-Hop Device 35
Configuring the Site Gateway xTR 37
Configuring xTR 38
Configuring the Map Server 39
Configuration Examples for LISP ESM Multihop Mobility 41
Example: First-Hop Router Configuration 42
Example: Site Gateway xTR Configuration 44
Example: xTR Configuration 44
Example: MSMR Configuration 44
Example: Multi-Hop Mobility Interworking with Routing Protocols Configuration 45
Additional References 45
Feature Information for LISP ESM Multihop Mobility 45
C H A P T E R 5 LISP Instance-ID Support 47
Information about LISP Instance-ID Support 47
Overview of LISP Instance ID 47
Prerequisites for LISP Instance-ID Support 48
Guidelines and Limitations for LISP Instance-ID Support 48
Device Level Virtualization 48
Path Level Virtualization 49
LISP Virtualization at the Device Level 50
Default (Non-Virtualized) LISP Model 50
LISP Shared Model Virtualization 51
LISP Shared Model Virtualization Architecture 51
LISP Shared Model Virtualization Implementation Considerations and Caveats 53
LISP Parallel Model Virtualization 53
LISP Parallel Model Virtualization Architecture 54
LISP Parallel Model Virtualization Implementation Considerations and Caveats 54
How to Configure LISP Instance-ID Support 55
Configuring Simple LISP Shared Model Virtualization 55
Configuring a Private LISP Mapping System for LISP Shared Model Virtualization 62
Configuring Large-Scale LISP Shared Model Virtualization 64
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 v
Contents
Configuring a Remote Site for Large-Scale LISP Shared Model Virtualization 71
Configuring Simple LISP Parallel Model Virtualization 76
Configuring a Private LISP Mapping System for LISP Parallel Model Virtualization 81
Configuration Examples for LISP Instance-ID Support 85
Example: Configuring Simple LISP Shared Model Virtualization 85
Example: Configuring a Private LISP Mapping System for LISP Shared Model
Virtualization 87
Example: Configuring Large-Scale LISP Shared Model Virtualization 87
Example: Configuring a Remote Site for Large-Scale LISP Shared Model
Virtualization 89
Example: Configuring Simple LISP Parallel Model Virtualization 90
Example: Configuring a Private LISP Mapping System for LISP Parallel Model
Virtualization 92
Feature History for Configuring LISP Instance ID 93
C H A P T E R 6 Configuring LISP Delegate Database Tree (DDT) 95
LISP Delegate Database Tree (DDT) 95
Overview of DDT 95
Restrictions for LISP Delegate Database Tree (DDT) 95
Configuring LISP Delegate Database Tree (DDT) 96
Configuration Examples for LISP Delegate Database Tree (DDT) 97
Examples: LISP Delegate Database Tree (DDT) 97
Feature History for Delegate Database Tree 98
C H A P T E R 7 Configuring LISP Multicast 99
LISP Multicast 99
Finding Feature Information 100
Restrictions for LISP Multicast 100
Configuring LISP Multicast 100
Configuration Example for LISP Multicast 103
Example: Configuring LISP Multicast 103
Feature History for LISP Multicast 103
C H A P T E R 8 Configuration Limits for LISP 105
Configuration Limits for LISP 105
Cisco Nexus 7000 Series NX-OS LISP Configuration Guidevi OL-25808-03
Contents
Preface
The preface contains the following sections:
• Audience, page vii
• Document Conventions, page vii
• Related Documentation for Cisco Nexus 7000 Series NX-OS Software, page ix
• Documentation Feedback, page xi
• Obtaining Documentation and Submitting a Service Request, page xi
AudienceThis publication is for network administrators who configure and maintain Cisco Nexus devices.
Document Conventions
As part of our constant endeavor to remodel our documents to meet our customers' requirements, we havemodified the manner in which we document configuration tasks. As a result of this, you may find adeviation in the style used to describe these tasks, with the newly included sections of the documentfollowing the new format.
Note
Command descriptions use the following conventions:
DescriptionConvention
Bold text indicates the commands and keywords that you enter literallyas shown.
bold
Italic text indicates arguments for which the user supplies the values.Italic
Square brackets enclose an optional element (keyword or argument).[x]
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 vii
DescriptionConvention
Square brackets enclosing keywords or arguments separated by a verticalbar indicate an optional choice.
[x | y]
Braces enclosing keywords or arguments separated by a vertical barindicate a required choice.
{x | y}
Nested set of square brackets or braces indicate optional or requiredchoices within optional or required elements. Braces and a vertical barwithin square brackets indicate a required choice within an optionalelement.
[x {y | z}]
Indicates a variable for which you supply values, in context where italicscannot be used.
variable
A nonquoted set of characters. Do not use quotation marks around thestring or the string will include the quotation marks.
string
Examples use the following conventions:
DescriptionConvention
Terminal sessions and information the switch displays are in screen font.screen font
Information you must enter is in boldface screen font.boldface screen font
Arguments for which you supply values are in italic screen font.italic screen font
Nonprinting characters, such as passwords, are in angle brackets.< >
Default responses to system prompts are in square brackets.[ ]
An exclamation point (!) or a pound sign (#) at the beginning of a lineof code indicates a comment line.
!, #
This document uses the following conventions:
Means reader take note. Notes contain helpful suggestions or references to material not covered in themanual.
Note
Means reader be careful. In this situation, you might do something that could result in equipment damageor loss of data.
Caution
Cisco Nexus 7000 Series NX-OS LISP Configuration Guideviii OL-25808-03
PrefaceDocument Conventions
Related Documentation for Cisco Nexus 7000 Series NX-OSSoftware
The entire Cisco Nexus 7000 Series NX-OS documentation set is available at the following URL:
Documentation FeedbackTo provide technical feedback on this document, or to report an error or omission, please send your commentsto: .
We appreciate your feedback.
Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a servicerequest, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What'sNew in Cisco Product Documentation RSS feed. RSS feeds are a free service.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 xi
Cisco Nexus 7000 Series NX-OS LISP Configuration Guidexii OL-25808-03
PrefaceObtaining Documentation and Submitting a Service Request
C H A P T E R 1New and Changed Information
• New and Changed Information, page 1
New and Changed InformationThe table below summarizes the new and changed features for this document and shows the releases in whicheach feature is supported. Your software release might not support all the features in this document. For thelatest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and therelease notes for your software release.
Table 1: New and Changed Information
Where DocumentedChanged in ReleaseDescriptionFeature
Configuring LISP ESMMultihop Mobility, onpage 33
6.2(8)This feature was introduced.LISP ESM MultihopMobility
Configuring LISP ESMMultihop Mobility, onpage 33
6.2(8)This feature was introduced.Dynamic-EID RouteImport
6.2(2)This feature was introduced.LISP Instance IDSupport
Configuring LISPDelegateDatabase Tree (DDT), onpage 95
6.2(2)This feature was introduced.LISP DelegateDatabase Tree
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 1
Where DocumentedChanged in ReleaseDescriptionFeature
Configuring LISPMulticast, on page 99
6.2(2)
The LISPMulticastfeature is notsupported on theF3 seriesmodule.
Note
This feature was introduced.LISP Multicast
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide2 OL-25808-03
New and Changed InformationNew and Changed Information
C H A P T E R 2Configuring Locator/ID Separation Protocol
This chapter describes how to configure the basic Cisco NX-OS Locator/ID Separation Protocol (LISP)functionality on all LISP-related devices, including the Ingress Tunnel Router (ITR), Egress Tunnel Router,Proxy ITR (PITR), Proxy ETR (PETR), Map Resolver (MR), Map Server (MS), and LISP-ALT device.
This chapter contains the following sections:
• Information About Locator/ID Separation Protocol, page 3
Information About Locator/ID Separation ProtocolThe Locator/ID Separation Protocol (LISP) network architecture and protocol implements a new semanticfor IP addressing by creating two new namespaces: Endpoint Identifiers (EIDs), which are assigned to endhosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up theglobal routing system. Splitting EID and RLOC functions improves routing system scalability, multihomingefficiency, and ingress traffic engineering. LISP end site support is configured on devices such as Ciscorouters.
Information About LISPIn the current Internet routing and addressing architecture, the IP address is used as a single namespace thatsimultaneously expresses two functions about a device: its identity and how it is attached to the network. Onevery visible and detrimental result of this single namespace is demonstrated by the rapid growth of the Internet's
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 3
default-free zone (DFZ) as a consequence of multi-homing, traffic engineering (TE), nonaggregatable addressallocations, and business events such as mergers and acquisitions.
LISP changes current IP address semantics by creating two new namespaces: Endpoint Identifiers (EIDs) thatare assigned to end-hosts and Routing Locators (RLOCs) that are assigned to devices (primarily routers) thatmake up the global routing system. These two namespaces provide the following advantages:
• Improved routing system scalability by using topologically aggregated RLOCs
• Provider independence for devices numbered out of the EID space
• Multihoming of endsites with improved traffic engineering
• IPv6 transition functionality
LISP is deployed primarily in network edge devices. It requires no changes to host stacks, Domain NameService (DNS), or local network infrastructure, and little to nomajor changes to existing network infrastructures.
This figure shows a LISP deployment environment. Three essential environments exist in a LISP environment:LISP sites (EID namespace), non-LISP sites (RLOC namespace), and LISPMapping Service (infrastructure).Figure 1: Cisco NX-OS LISP Deployment Environment
The LISP EID namespace represents customer end sites as they are defined today. The only difference is thatthe IP addresses used within these LISP sites are not advertised within the non-LISP, Internet (RLOCnamespace). End customer LISP functionality is deployed exclusively on CE routers that function withinLISP as Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) devices.
The ITR and ETR are abbreviated as xTR in the figure.Note
To fully implement LISP with support for Mapping Services and Internet interworking, you might need todeploy additional LISP infrastructure components such as Map Server (MS), Map Resolver (MR), ProxyIngress Tunnel Router (PITR), Proxy Egress Tunnel Router (PETR), and Alternative Topology (ALT).
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide4 OL-25808-03
Configuring Locator/ID Separation ProtocolInformation About LISP
LISP Devices OverviewThe following devices are found in a full LISP deployment:
LISP Site DevicesThe LISP site devices are as follows:
Ingress Tunnel Router (ITR)—This device is deployed as a LISP site edge device. It receives packets fromsite-facing interfaces (internal hosts) and either LISP encapsulates packets to remote LISP sites or the ITRnatively forwards packets to non-LISP sites.
Egress Tunnel Router (ETR)—This device is deployed as a LISP site edge device. It receives packets fromcore-facing interfaces (the Internet) and either decapsulates LISP packets or delivers them to local EIDs atthe site.
Customer Edge (CE) devices can implement both ITR and ETR functions. This type of CE device isreferred to as an xTR. The LISP specification does not require a device to perform both ITR and ETRfunctions, however.
For both devices, the EID namespace is used inside the sites for end-site addresses for hosts and routers.The EIDs go in DNS records. The EID namespace is not globally routed in the underlying Internet. TheRLOC namespace is used in the (Internet) core. RLOCs are used as infrastructure addresses for LISProuters and ISP routers and are globally routed in the underlying infrastructure. Hosts do not know aboutRLOCs, and RLOCs do not know about hosts.
Note
LISP InfrastructureThe LISP infrastructure devices are as follows:
Map Server (MS)—This device is deployed as a LISP Infrastructure component. It must be configured topermit a LISP site to register to it by specifying for each LISP site the EID prefixes for which registeringETRs are authoritative. An authentication key must match the key that is configured on the ETR. An MSreceives Map-Register control packets from ETRs. When the MS is configured with a service interface to theLISP ALT, it injects aggregates for the EID prefixes for registered ETRs into the ALT. The MS also receivesMap-Request control packets from the ALT, which it then encapsulates to the registered ETR that is authoritativefor the EID prefix being queried.
Map Resolver (MR)—This device is deployed as a LISP Infrastructure device. It receives Map-Requestsencapsulated to it from ITRs. When configured with a service interface to the LISP ALT, the MR forwardsMap Requests to the ALT. The MR also sends Negative Map-Replies to ITRs in response to queries fornon-LISP addresses.
Alternative Topology (ALT)—This is a logical topology and is deployed as part of the LISP Infrastructureto provide scalable EID prefix aggregation. Because the ALT is deployed as a dual-stack (IPv4 and IPv6)Border Gateway Protocol (BGP) over Generic Routing Encapsulation (GRE) tunnels, you can use ALT-onlydevices with basic router hardware or other off-the-shelf devices that can support BGP and GRE.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 5
LISP Internetworking DevicesThe LISP internetworking devices are as follows:
Proxy ITR (PITR)—This device is a LISP infrastructure device that provides connectivity between non-LISPsites and LISP sites. A PITR advertises coarse-aggregate prefixes for the LISP EID namespace into the Internet,which attracts non-LISP traffic destined to LISP sites. The PITR then encapsulates and forwards this trafficto LISP sites. This process not only facilitates LISP/non-LISP internetworking but also allows LISP sites tosee LISP ingress traffic engineering benefits from non-LISP traffic.
Proxy ETR (PETR)—This device is a LISP infrastructure device that allows IPv6 LISP sites without nativeIPv6 RLOC connectivity to reach LISP sites that only have IPv6 RLOC connectivity. In addition, the PETRcan also be used to allow LISP sites with Unicast Reverse Path Forwarding (URPF) restrictions to reachnon-LISP sites.
Licensing Requirements for LISPThe following table shows the LISP licensing requirements:
License RequirementProduct
This feature requires the Transport Services license. For a complete explanation of theCisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Cisco NX-OS
LISP Guidelines and LimitationsLISP has the following configuration guidelines and limitations:
• LISP requires the Cisco Nexus 7000 Series 32-Port, 10 Gigabit Ethernet (M1)module (N7K-M132XP-12or N7K-M132XP-12L), with Electronic Programmable Logic Device (EPLD) version 186.008 or later.
• Use an Overlay Transport Virtualization (OTV) or another LAN extension mechanism to filter the HSRPhello messages across the data centers to create an active-active HSRP setup and provide egress pathoptimization for the data center hosts.
• Make sure that the HSRP group and the HSRP Virtual IP address in all data centers in the extendedLAN are the same. Keeping the HSRP group number consistent across locations guarantees that thesame MAC address is always used for the virtual first-hop gateway.
• LISP VM mobility across subnets requires that the same MAC address is configured across all HSRPgroups that allow dynamic EIDs to roam. Youmust enable the Proxy Address Resolution Protocol (ARP)for the interfaces that have VM mobility enabled across subnets.
• LISP is not supported for F2 Series modules.
• From Release 8.2(1), LISP is supported on F3 and M3 line cards.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide6 OL-25808-03
Default Settings for LISPThis table lists the default settings for LISP parameters.
Table 2: LISP Default Settings
DefaultParameters
Disabledfeature lisp command
Configuring Locator/ID Separation Protocol
Enabling the LISP FeatureYou can enable the LISP feature on the Cisco NX-OS device.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:switch# configure terminalswitch(config)#
Step 1
Enables the LISP feature set if it is notalready configured.
feature lisp
Example:switch(config)# feature lisp
Step 2
Configuring LISP ITR/ETR (xTR) Functionality
Configuring LISP ITR/ETR (xTR)You can enable and configure a LISP xTR with a LISP Map-Server and Map-Resolver for mapping servicesfor both IPv4 and IPv6 address families.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 7
Configuring Locator/ID Separation ProtocolDefault Settings for LISP
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
If the site has multiple locators associated withthe same EID-prefix block, enter multiple iplisp database-mapping commands to configureall of the locators for a given EID-prefix block.
If the site is assignedmultiple EID-prefix blocks,enter the ip lisp database-mapping commandfor each EID-prefix block assigned to the siteand for each locator by which the EID-prefixblock is reachable.
If the site has multiple ETRs, you mustconfigure all ETRs with the ip lispdatabase-mapping and ipv6 lispdatabase-mapping commands ensuring theoptions used are consistent.
Example:switch(config)# ip lisp etrmap-server 172.16.1.2key 0 123456789
The Map-Server must be configured with EIDprefixes that match the EID-prefixes configuredon this ETR, and a key matching the oneconfigured on this ETR.
The locator address of the Map-Server may bean IPv4 or IPv6 address. See the Cisco Nexus7000 Series NX-OS LISP Command Referencefor more details.
ETR can send its own Map-Request to one of thelocators from the mapping data record and receive aMap-Reply with the same data in response. By default,the router does not cache mapping data contained ina Map-Request message.
(Optional)Configures the time-to-live (TTL) value, in minutes,inserted into LISP Map-Reply messages sent by thisETR.
{ip | ipv6} lisp ip lisp etr map-cache-ttltime-to-live
Example:switch(config)# ip lisp etrmap-cache-ttl 720
(Optional)Configures the address to be used as the source addressfor LISP Map-Request messages. By default, one of
{ip | ipv6} lisp map-request-sourcesource-address
Example:switch(config)# ip lispmap-request-source 172.16.1.1
Step 5
the locator addresses configured with the ip lispdatabase-mapping or ipv6 lisp database-mappingcommand is used as the default source address forLISP Map-Request messages.
(Optional)Configures theminimum andmaximumMTU settingsfor the LISP router for path-mtu-discovery. By default,path-mtu-discovery is enabled by the LISP router.
Configuring LISP-ALT FunctionalityYou can enable and configure LISP-ALT (ALT) functionality for both IPv4 and IPv6 address families.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:switch# configure terminalswitch(config)#
Step 1
Configures LISP to use the LISP-ALTVRF vrf-name.
{ip | ipv6} lisp alt-vrf vrf-name
Example:switch(config)# ip lisp alt-vrf lisp
Step 2
Example:switch(config)# ipv6 lisp alt-vrf lisp
Exits global configuration mode.exit
Example:switch(config)# exitswitch#
Step 3
(Optional)Displays all configured IPv4 or IPv6 LISPconfiguration parameters.
show {ip | ipv6} lisp
Example:switch# show ip lisp
Step 4
Example:switch# show ipv6 lisp
Configuring Required LISP Map-Resolver FunctionalityYou can enable and configure LISPMap-Resolver (MR) functionality for both IPv4 and IPv6 address families.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:switch# configure terminalswitch(config)#
Step 1
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide12 OL-25808-03
Enables LISPMap-Resolver functionalityon the device.
{ip | ipv6} lisp map-resolver
Example:switch(config)# ip lisp map-resolver
Step 2
Example:switch(config)# ipv6 lisp map-resolver
Exits global configuration mode.exit
Example:switch(config)# exitswitch#
Step 3
(Optional)Displays all configured IPv4 or IPv6 LISPconfiguration parameters.
show {ip | ipv6} lisp
Example:switch# show ip lisp
Step 4
Example:switch# show ipv6 lisp
Related Topics
Configuring LISP-ALT Functionality, on page 12
Configuring LISP Map-Server Functionality
Configuring Required LISP Map-Server FunctionalityYou can enable and configure LISP Map-Server (MS) functionality for both IPv4 and IPv6 address families.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
When the allowed-locators command isconfigured, all locators listed on theMap-Server within the LISP siteconfiguration must also appear in theMap-Register message sent by the ETR forthe Map-Register message to be accepted.
Note
Exits LISP site configuration mode.end
Example:switch(config-lisp-site)# endswitch#
Step 4
(Optional)Displays all configured IPv4 or IPv6 LISPconfiguration parameters.
show {ip | ipv6} lisp
Example:switch# show ip lisp
Step 5
Example:switch# show ipv6 lisp
Related Topics
Configuring LISP-ALT Functionality, on page 12Configuring Required LISP Map-Server Functionality, on page 13
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 15
No new or modified standards are supported by thisrelease.
MIBsMIBs LinkMIB
To locate and downloadMIBs for selected platforms,Cisco NX-OS software releases, and feature sets, useCiscoMIBLocator found at the followingURL: http://www.cisco.com/go/mibs
Feature History for LISPTable 3: Feature History for LISP
Feature InformationReleasesFeature Name
This functionality is no longer required to configureother LISP features.
5.2(3)LISP-ALT functionality
This feature is introduced.5.2(1)Locator/ID Separation Protocol(LISP)
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 19
Configuring Locator/ID Separation ProtocolFeature History for LISP
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide20 OL-25808-03
Configuring Locator/ID Separation ProtocolFeature History for LISP
C H A P T E R 3LISP VM Mobility
This chapter contains the following sections:
• Information About LISP VM Mobility, page 21
• Licensing Requirements for LISP, page 23
• LISP Guidelines and Limitations, page 23
• Default Settings for LISP, page 23
• Configuring LISP VM Mobility, page 24
• Additional References, page 31
• Feature History for LISP, page 32
Information About LISP VM MobilityLocator/ID Separation Protocol (LISP) Virtual Machine (VM) mobility enables IP end points to changelocations while keeping their assigned IP addresses. Because LISP separates the location information (RLOCs)from the identity information (EID), devices can change locations dynamically. RLOCs remain associatedwith the topology and are reachable by traditional routing. EIDs can change locations dynamically and arereachable through different RLOCs, depending on where an EID attaches to the network.
The LISP Tunnel Router (xTR) dynamically detects VMmoves based on data plane events. LISPVMMobilitycompares the source IP address of the host traffic received at the LISP router against a range of prefixes thatare allowed to roam. The IP prefixes of roaming devices within the range of allowed prefixes are referred toas the dynamic EIDs. When a new xTR detects a move, it updates the mappings between EIDs and RLOCs.Traffic is redirected to the new locations without causing any disruption to the underlying routing. Whendeployed at the first-hop router, LISP VM Mobility provides adaptable and comprehensive first-hop routerfunctionality to service the IP gateway needs of the roaming devices that relocate.
LISP VM Mobility allows any IP addressable device to move and keep the same IP address in the followingtwo scenarios:
VM Mobility with LAN extensions
The device moves to a new location on a subnet that has been extended with Overlay Transport Virtualization(OTV) or another LAN extension mechanism.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 21
VM Mobility across subnets
The device moves off of a subnet to a new subnet.
Dynamic EIDsA device that moves to another subnet or extended subnet is a roaming device. The IP address of this roamingdevice is within the dynamic-EID prefix. A LISP xTR configured with LISP VMmobility and dynamic EIDsis a LISP-VM router. The LISP-VM router dynamically determines when a dynamic EID moves on or offone of the directly connected subnets on the LISP-VM router. The IP addresses of the LISP-VM router arethe locators (RLOCs) used to encapsulate traffic to and from the dynamic EID. When a dynamic EID roams,the new LISP-VM router needs to detect the newly moved-in VM and process the following updates:
• Update the Map Server (MS) with the new locators for the EID.
• Update the Ingress Tunnel Routers (ITRs) or Proxy ITRs (PITRs) that have cached the EID.
To detect VM moves, LISP-VM router compares the source address in a received packet with the range ofprefixes configured as dynamic EIDs for the interface that the data packet is received on. Once the LISP-VMrouter detects a move and registers the dynamic EID to the MS, the new LISP-VM router also needs to updatethe map caches on the other LISP domain ITRs and PITRs.
VM-Mobility with LAN ExtensionsLISPVMMobility supports virtualmachine (VM)movement in a network that uses LAN extensionmechanismssuch as OTV. The LISP-VM router detects the mobile EIDs (VMs) dynamically and updates the LISPmappingsystem with the new EID-RLOC mapping. LISP can coexist with LAN extensions such as OTV to providedynamic move detection and updates that are transparent to the host and provide a direct data path to the newlocation of the mobile VM. The VM move requires no routing reconvergence or DNS updates.
The LISP-VM router detects new VMmove events if it receives a data packet from a source that matches thedynamic EID configured for that interface. Once the LISP-VM router detects a dynamic EID, the LISP-VMrouter triggers an update to the map server with the database mapping details from the dynamic-EID mapconfiguration.
The LISP-VM router continues to register the dynamic EID as long as the source continues to be active. Thedynamic-EID registration times out based on server inactivity. See Configuring VM Mobility with VLANExtensions, on page 24.
Related Topics
Configuring VM Mobility with VLAN Extensions, on page 24
VM Mobility Across SubnetsIn a network without LAN extension mechanisms, the LISP VM router can detect the dynamic-EIDs (VMs)across subnets with automated move detection and map-cache updates that provide a direct data path to thenew location of the mobile VM. Off-subnet connections (connections between the moved VM and otherdevices that are not on the local subnets) are maintained across the move and require no routing re-convergenceor DNS updates.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide22 OL-25808-03
LISP VM MobilityDynamic EIDs
The LISP-VM router detects a VM move if it receives any data packet that is not from one of its configuredsubnets and that is within the range of prefixes configured as dynamic EIDs for the receiving interface. TheLISP-VM router registers the new dynamic-EID-RLOC mapping to the configured map servers associatedwith the dynamic EID. See Configuring VM Mobility Across Subnets, on page 26.
Related Topics
Configuring VM Mobility Across Subnets, on page 26
Licensing Requirements for LISPThe following table shows the LISP licensing requirements:
License RequirementProduct
This feature requires the Transport Services license. For a complete explanation of theCisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Cisco NX-OS
LISP Guidelines and LimitationsLISP has the following configuration guidelines and limitations:
• LISP requires the Cisco Nexus 7000 Series 32-Port, 10 Gigabit Ethernet (M1)module (N7K-M132XP-12or N7K-M132XP-12L), with Electronic Programmable Logic Device (EPLD) version 186.008 or later.
• Use an Overlay Transport Virtualization (OTV) or another LAN extension mechanism to filter the HSRPhello messages across the data centers to create an active-active HSRP setup and provide egress pathoptimization for the data center hosts.
• Make sure that the HSRP group and the HSRP Virtual IP address in all data centers in the extendedLAN are the same. Keeping the HSRP group number consistent across locations guarantees that thesame MAC address is always used for the virtual first-hop gateway.
• LISP VM mobility across subnets requires that the same MAC address is configured across all HSRPgroups that allow dynamic EIDs to roam. Youmust enable the Proxy Address Resolution Protocol (ARP)for the interfaces that have VM mobility enabled across subnets.
• LISP is not supported for F2 Series modules.
• From Release 8.2(1), LISP is supported on F3 and M3 line cards.
Default Settings for LISPThis table lists the default settings for LISP parameters.
Table 4: LISP Default Settings
DefaultParameters
Disabledfeature lisp command
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 23
LISP VM MobilityLicensing Requirements for LISP
Configuring LISP VM Mobility
Configuring VM Mobility with VLAN ExtensionsYou can enable and configure the dynamic-EID roaming functionality for a given EID prefix on a CiscoNexus 7000 Series device. By default, LISP considers that the mobility event is across the subnet, unless itis configured with the lisp extended-subnet-mode command.
Before You Begin
• You must enable the LISP feature.
• Ensure that you are in the correct virtual device context (VDC).
• Configure a dynamic-EID map to associate with this VLAN interface.
• Ensure that you have enabled the VLAN interfaces feature.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide24 OL-25808-03
LISP VM MobilityConfiguring LISP VM Mobility
PurposeCommand or Action
If you assign multiple dynamic-EID-prefix blocksto the site, database mapping is configured for eachdynamic-EID prefix block and for each locator bywhich the EID-prefix block is reachable. Also, thesubnet associated to the dynamic-eid prefixes mustbe more specific than the one used in the globaldatabase-mapping configuration and the one usedfor the switch virtual interfaces (SVIs) where theLISP map is applied.
Note10.1.1.1 priority 1 weight100
If the site has multiple locators associated with the sameEID-prefix block, use the ip lisp database-mappingcommand to configure all of the locators for a givenEID-prefix block. If a site is multihomed, you mustconsistently configure all ETRs that belong to the sameLISP or data center site by using the ip lispdatabase-mapping command.
Configures a discovering LISP-VM router to send aMap-Notify message to other LISP-VM routers within the
same data center site so that they can also determine thelocation of the dynamic EID.
In LISP extended subnet mode, a dynamic-EIDdetection by one xTR needs to be notified to all ofthe xTRs that belong to the same LISP site. In thiscase, use themap-notify-group command underthe dynamic-EID-map with a multicast group IPaddress. This address is used to send a map-notifymessage by the xTR to all other xTRs when adynamic-EID is detected. The Time To Live (TTL)value for this notification message is set to 1. Thismulticast group IP address can be any user-definedaddress other than an address that is already in usein your network. Themulticast message is deliveredby leveraging the LAN extension connectionestablished between separate data centers.
Note
(Optional) Configures the IP address of the LISP MS towhich this router registers dynamic-EID-RLOCmappings.
When deploying a redundantMS pair, you can specify bothIP addresses.Use this optional configuration step when you want toregister Dynamic-EID-RLOC mapping to a specific MS
other than one configured in the global LISP configuration.map-server 10.111.10.14 key 0If you do not configure the MS, LISP uses the MS that isconfigured in the global configuration.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 25
LISP VM MobilityConfiguring VM Mobility with VLAN Extensions
PurposeCommand or Action
Exits the configuration mode.exit
Example:switch(config-lisp-dynamic-eid)#exit
Step 6
Enters the interface configuration mode.interface interface-nameStep 7
Example:switch(config)# interfaceEthernet 2/0
The interface-name value is the name of the interface inwhich the dynamic EIDs are expected to roam in or out.Switch virtual interfaces (SVIs) are specifically used in thisscenario.
Configures the interface that you configured earlier in Step7 to detect a dynamic EID when a roam event occurs.The dynamic-eid-map-name can be any case-sensitive,alphanumeric string up to 64 characters.
lisp mobility dynamic-eid-map-name
Example:switch(config-if)# lisp mobilityRoamer-1
Step 8
The interface-name value is the dynamic EIDmapname that you configured in Step 2.
Note
Configures the interface that you configured in Step 7 toaccept and detect dynamic-EID roaming on extendedsubnets.
dynamic-EID prefixes for this LISP site. Because this isconfigured under the dynamic-eid-map configuration
Example:switch(config)# lisp dynamic-eidRoamer-1
mode, the LISP ETR registers a /32 host prefix to themapping system when a dynamic-EID is detected in theconfigured range.
switch(config-lisp-dynamic-eid)#database-mapping 172.16.1.0/24 If you assignmultiple dynamic-EID-prefix blocks
to the site, database mapping is configured foreach dynamic-EID-prefix block and for eachlocator by which the EID-prefix block isreachable.
Note10.1.1.1 priority 1 weight100
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 27
LISP VM MobilityConfiguring VM Mobility Across Subnets
PurposeCommand or Action
If the site has multiple locators associated with the sameEID-prefix block, use the database-mapping commandto configure all of the locators for a given EID-prefixblock. If a site is multihomed, you must consistentlyconfigure all ETRs that belong to the same LISP or datacenter site by using the database-mapping command.Only the RLOCs of the xTRs that belong to the same datacenter site must be specified, which you specified by usingthe database-mapping command. Do not specify theRLOCs for all the xTRs that belong to the same LISP site.
Configures a discovering LISP-VM router to send aMap-Notify message to other LISP-VM routers within the
map-notify-group multicast-group-ip
Example:switch(config)# lisp dynamic-eidRoamer-1
Step 5
same data center site so that they can also determine thelocation of the dynamic EID.
If the LISP dynamic-EID site is multihomed, adynamic-EID detection by one ETR needs tonotify the second ETR in the same site so that thetraffic is handled or load balanced by both xTRs.In this case, use themap-notify-group commandto configure the dynamic-EID-map with amulticast group IP address. This address is usedto send a map-notify message from the ETR to allother ETRs that belong to the same LISP or datacenter site when a dynamic EID is detected. TheTime To Live (TTL) value for this notificationmessage is set to 1. This multicast group IPaddress can be any user-defined address other thanan address that is already in use in your network.
LISP-VMMobility with LAN extensions, we recommendthat the same HSRP IDs be used consistently across allsites where the VLANs are extended to guarantee that thesame MAC address is used for the HSRP gateway in allsites. If different HSRP IDs are used, then you mustmanually set the mac-address as described in thefollowing step.
(Optional)Configures the HSRP virtual MAC address. This addressmust be identical across all subnets. This command is
required when using LISP-VM mobility across subnets,but might not be required when using LISP VM-mobilityin conjunction with LAN extensions and if the HSRP IDis kept constant across the different sites.
(Optional)Configures the HSRP virtual IP address. You must usethis command for extended VLANs, and the address mustbe identical in all sites in the extended VLAN.
ip virtual-ip-address
Example:switch(config-if-hsrp)# ip10.3.3.1
Step 6
(Optional)Displays a summary of the dynamic EIDs detected.
show lisp dynamic-eid [summary]
Example:switch(config-if-hsrp)# show lispdynamic-eid summary
Step 7
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide30 OL-25808-03
LISP VM MobilityConfiguring HSRP for VM Mobility
PurposeCommand or Action
(Optional)Copies the running configuration to the startupconfiguration.
No new or modified standards are supported by thisrelease.
MIBsMIBs LinkMIB
To locate and downloadMIBs for selected platforms,Cisco NX-OS software releases, and feature sets, useCiscoMIBLocator found at the followingURL: http://www.cisco.com/go/mibs
None
Feature History for LISPTable 5: Feature History for LISP
Feature InformationReleasesFeature Name
This functionality is no longer required to configureother LISP features.
5.2(3)LISP-ALT functionality
This feature is introduced.5.2(1)Locator/ID Separation Protocol(LISP)
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide32 OL-25808-03
C H A P T E R 4Configuring LISP ESM Multihop Mobility
This chapter describes how to configure the Extended Subnet Mode (ESM) multihop mobility feature toseparate the Locator/ID Separation Protocol (LISP) dynamic host detection function from the LISPencapsulation/decapsulation function within a LISP topology.
This chapter contains the following sections:
• Finding Feature Information, page 33
• Information About LISP ESM Multihop Mobility, page 34
• Licensing Requirements for LISP, page 34
• Guidelines and Limitations for LISP ESM Multihop Mobility, page 34
• Default Settings for LISP, page 34
• Configuring LISP ESM Multihop Mobility, page 35
• Configuration Examples for LISP ESM Multihop Mobility, page 41
• Additional References, page 45
• Feature Information for LISP ESM Multihop Mobility, page 45
Finding Feature InformationYour software release might not support all the features documented in this module. For the latest caveatsand feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notesfor your software release. To find information about the features documented in this module, and to see a listof the releases in which each feature is supported, see the "New and Changed Information"chapter or theFeature History table in this chapter.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 33
Licensing Requirements for LISPThe following table shows the LISP licensing requirements:
License RequirementProduct
This feature requires the Transport Services license. For a complete explanation of theCisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Cisco NX-OS
Guidelines and Limitations for LISP ESM Multihop MobilityLISP ESM multihop mobility has the following guidelines and limitations:
• Locator/ID Separation Protocol (LISP) multihop mobility is supported only in Extended Subnet Mode(ESM) and it is recommended in combination with Overlay Transport Virtualization (OTV).
• ESM multihop mobility requires OTV First Hop Redundancy Protocol (FHRP) isolation to avoidhair-pinning of traffic across the OTV Data Center Interconnect (DCI) framework.
• ESM multihop mobility does not support Network Address Translated (NAT’d) endpoint identifiers(EIDs).
• To properly route traffic between extended VLANs when the source and destination hosts are detectedby FHRs at different data centers, we recommend one of the following designs:
◦Establish a routing protocol adjacency between the first-hop routers (FHRs) in the different datacenters over a dedicated extended VLAN; redistribute host routes from LISP into the routingprotocol for discovered hosts at each data center FHR.
◦Separate each mobile VLAN in a VRF and configure the LISP FHR within the related virtualrouting and forwarding (VRF) context. Set up an external site gateway xTR to act as router for allof the mobile VLANs (VRFs).
Default Settings for LISPThis table lists the default settings for LISP parameters.
Table 6: LISP Default Settings
DefaultParameters
Disabledfeature lisp command
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide34 OL-25808-03
Configuring LISP ESM Multihop MobilityInformation About LISP ESM Multihop Mobility
Configuring LISP ESM Multihop MobilityThis section includes the following topics:
Configuring the First-Hop Device
Before You Begin
• Ensure that LISP is enabled on the Cisco NX-OS device.
• Ensure that you are in the correct VDC.
• Ensure that you have enabled the VLAN interfaces feature.
Procedure
PurposeCommand or Action
Enters global configuration mode.switch# configure terminalStep 1
Configures a Cisco NX-OS device to act as an IPv4Locator/ID Separation Protocol (LISP) Egress Tunnel Router(ETR),
switch(config)# ip lisp etrStep 2
(Optional)Creates a new VRF and enters VRF configuration mode toconfigure the first-hop router (FHR) function within the
switch(config)# vrf contextvrf-name
Step 3
specified VRF routing context instead of using the defaultVRF.
The value of the vrf- name is any case-sensitive,alphanumeric string of up to 32 characters.
This approach implements a mobility design whereeach mobile VLAN is a member of a distinct VRFand an external site gateway xTR acts as router forall of the mobile VLANs (VRFs).
Note
Configures a LISP Virtual Machine (VM) Mobility(dynamic-EID roaming) policy and enters the LISPdynamic-EID configuration mode.
Configures a IPv4 or IPv6 dynamic-endpoint identifier toRouting Locator (EID-to-RLOC) mapping relationship andits associated traffic policy.
If you configured the vrf context command, theIP prefix specified for the dynamic-EID-prefixlocator argument must belong to a local interfacethat is member of the same VRF.
Configures an interface to create a dynamic-endpointidentifier (EID) state for hosts attached on their own subnet
switch(config-if)# lisp-extendedsubnet-mode
Step 14
in order to track the movement of EIDs from one part of thesubnet to another part of the same subnet.
Species the Open Shortest Path First (OSPF) instance andarea for an interface
switch(config-if)# ip router ospfinstance-tag area area-id
Step 15
Suppresses Open Shortest Path First (OSPF) routing updateson an interface to avoid establishing adjacency over theLAN extension.
switch(config-if)# ip ospfpassive-interface
Step 16
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide36 OL-25808-03
Configuring LISP ESM Multihop MobilityConfiguring the First-Hop Device
PurposeCommand or Action
Enters Hot Standby Router Protocol (HSRP) configurationmode and creates an HSRP group.
switch(config-if)# hsrpgroup-number
Step 17
Creates a virtual IP address for the HSRP group. The IPaddress must be in the same subnet as the interface IPaddress.
switch(config-if-hsrp)# ip addressip-address
Step 18
—Repeat the preceding steps for eachinterface to be configured formultihop mobility.
Step 19
Returns to privileged EXEC mode.switch(config-if-hsrp)# endStep 20
Configuring the Site Gateway xTR
Before You Begin
• Ensure that LISP is enabled on the Cisco NX-OS device.
• Ensure that you are in the correct VDC.
Procedure
PurposeCommand or Action
Enters global configuration mode.switch# configure terminalStep 1
(Optional)Configures an association between a VRF or the defaultVRF and a LISP instance ID. The value of the instance
switch# lisp instance-id iidStep 2
ID configured on the FHR, Site Gateway xTR, MSMR,and remote xTR must match.
This command modifies the value of the instance ID(iid) from the default (0) to the specified value. Therange of the iid argument is from 1 to 16777215.
Configures a Cisco NX-OS device to act as both an IPv4LISP Ingress Tunnel Router (ITR) and Egress TunnelRouter (ETR), also known as an xTR.
switch(config)# ip lisp itr-etrStep 3
Configures an IPv4 endpoint identifier to RoutingLocator (EID-to-RLOC) mapping relationship and itsassociated traffic policy.
switch(config)# ip lispdatabase-mappingEID-prefix { locator| dynamic } priority priority weightweight
Step 4
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 37
Configuring LISP ESM Multihop MobilityConfiguring the Site Gateway xTR
PurposeCommand or Action
switch(config)# ip lisp database-mapping192.168.0.0/16 10.0.1.2 priority 1 weight 5
Repeat the preceding step for eachlocator.
Step 5
switch(config)# ip lisp database-mapping192.168.0.0/16 10.0.2.2 priority 1 weight 5
Configures a Cisco NX-OS device to act as an IPv4Locator/ID Separation Protocol (LISP) Map-Resolver(MR).
switch(config)# ip lisp itrmap-resolvermap-resolver-address
Step 6
Configures the IPv4 or IPv6 locator address of theLocator/ID Separation Protocol (LISP) Map-Server to
(Optional)Configures an association between a VRF or the defaultVRF and a LISP instance ID. The value of the instance
switch# lisp instance-id iidStep 2
ID configured on the FHR, Site Gateway xTR, MSMR,and remote xTR must match.
This command modifies the value of the instance ID (iid)from the default (0) to the specified value. The range ofthe iid argument is from 1 to 16777215.
Configures a Cisco NX-OS device to act as both an IPv4LISP Ingress Tunnel Router (ITR) and Egress TunnelRouter (ETR), also known as an xTR.
switch(config)# ip lisp itr-etrStep 3
Configures an IPv4 endpoint identifier to Routing Locator(EID-to-RLOC) mapping relationship and its associatedtraffic policy.
The following example shows how to configure the first hop "FH-1a" in the sample topology:ip lisp etrlisp dynamic-eid VLAN-11database-mapping 10.1.1.0/24 172.16.1.2 pr 10 w 50database-mapping 10.1.1.0/24 172.16.1.3 pr 10 w 50eid-notify 172.16.0.1 key 3 75095fe9112836e3map-notify-group 225.1.1.1lisp dynamic-eid VLAN-12database-mapping 10.1.2.0/24 172.16.1.2 pr 10 w 50database-mapping 10.1.2.0/24 172.16.1.3 pr 10 w 50eid-notify 172.16.0.1 key 3 75095fe9112836e3map-notify-group 225.1.1.2
interface Vlan11lisp mobility VLAN-11
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide42 OL-25808-03
The following example shows how to configure the first hop "FH-2a" in the sample topology:ip lisp etrlisp dynamic-eid VLAN-11database-mapping 10.1.1.0/24 172.17.2.2 pr 10 w 50database-mapping 10.1.1.0/24 172.17.2.3 pr 10 w 50eid-notify 172.17.0.1 key 3 6d018260cf71b07cmap-notify-group 225.1.1.1lisp dynamic-eid VLAN-12database-mapping 10.1.2.0/24 172.17.2.2 pr 10 w 50database-mapping 10.1.2.0/24 172.17.2.3 pr 10 w 50eid-notify 172.17.0.1 key 3 6d018260cf71b07cmap-notify-group 225.1.1.2
The following additional configuration ensures that the FHRs can route traffic from other attached subnets toservers that belong to the mobile subnet site1 and are discovered in the opposite data center. For this purposethe FHRs are configured to establish an adjacency over a dedicated extended VLAN using a dedicated routingprotocol instance and to redistribute host routes from LISP.
For FH-1a:ip prefix-list DiscoveredServers seq 5 permit 10.1.0.0/22 ge 32
route-map LISP2EIGRP permit 10match ip address prefix-list DiscoveredServers
Example: Site Gateway xTR ConfigurationThe following example shows how to configure the site gateway "Site GW xTR-1" in the sample topology:ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 172.18.3.3 priority 10 weight 50ip lisp itr map-resolver 172.20.5.5ip lisp etr map-server 172.20.5.5 key 3 0b50279df3929e28lisp dynamic-eid VLAN11database-mapping 10.1.1.0/24 172.18.3.3 priority 10 weight 50eid-notify authentication-key 3 75095fe9112836e3lisp dynamic-eid VLAN12database-mapping 10.1.2.0/24 172.18.3.3 priority 10 weight 50eid-notify authentication-key 3 75095fe9112836e3
interface Ethernet3/1description Inside DC Westip address 172.16.0.1/30ip router ospf 1 area 0.0.0.1The following example configuration is for the site gateway "Site GW xTR-2" in the sample topology:ip lisp itr-etrip lisp database-mapping 10.2.2.0/24 172.19.4.4 priority 10 weight 50ip lisp itr map-resolver 172.20.5.5ip lisp etr map-server 172.20.5.5 key 3 0b50279df3929e28lisp dynamic-eid VLAN11database-mapping 10.1.1.0/24 172.19.4.4 priority 10 weight 50eid-notify authentication-key 3 6d018260cf71b07clisp dynamic-eid VLAN12database-mapping 10.1.2.0/24 172.19.4.4 priority 10 weight 50eid-notify authentication-key 3 6d018260cf71b07c
interface Ethernet3/1description Inside DC Eastip address 172.17.0.1/30ip router ospf 1 area 0.0.0.2
Example: xTR ConfigurationThe following example shows how to configure the xTR (at Site 3):ip lisp itr-etrip lisp database-mapping 198.51.100.0/24 172.21.1.5 priority 10 weight 50ip lisp itr map-resolver 172.20.5.5ip lisp etr map-server 172.20.5.5 key 3 0b50279df3929e28
Example: MSMR ConfigurationThe following example shows how to configure the map server map resolver (MSMR) device in the sampletopology:ip lisp map-resolverip lisp map-serverlisp site roaming1
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide44 OL-25808-03
Configuring LISP ESM Multihop MobilityExample: Site Gateway xTR Configuration
eid-prefix 10.1.0.0/16 accept-more-specificsauthentication-key 3 0b50279df3929e28lisp site site2eid-prefix 10.2.2.0/24authentication-key 3 0b50279df3929e28lisp site site3eid-prefix 198.51.100.0/24authentication-key 3 0b50279df3929e28
Example: Multi-Hop Mobility Interworking with Routing Protocols ConfigurationThe following example shows how to dynamically redistribute LISP host routes for discovered servers intoOSPF at the first-hop router (FHR):ip prefix-list lisp-pflist seq 10 permit 10.1.1.0/24 ge 32route-map lisp-rmap permit 10match ip address prefix-list lisp-pflistrouter ospf 100redistribute lisp route-map lisp-rmapThe following example shows how to automatically convert host routes from a routing protocol into LISPdynamic EID entries at a Site Gateway xTR (in lieu of an EID notification coming from a FHR):ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 172.18.3.3 priority 10 weight 50ip lisp itr map-resolver 172.20.5.5ip lisp etr map-server 172.20.5.5 key 3 0b50279df3929e28lisp dynamic-eid site1database-mapping 10.1.1.0/24 172.18.3.3 priority 10 weight 50register-route-notifications
Additional ReferencesThis section includes additional information related to implementing LISP.
Feature Information for LISP ESM Multihop MobilityFeature InformationReleaseFeature Name
This feature was introduced.
The LISP Extended Subnet Mode(ESM) Multihop Mobility featureseparates the Locator/ID SeparationProtocol (LISP) dynamic hostdetection function from the LISPencapsulation and decapsulationfunction within a LISP topology.
6.2(8)LISP ESM multihop mobility
This feature was introduced.
This feature provides the ability fora Site Gateway xTR to performserver presence detection uponreceiving host routes updates.
6.2(8)Dynamic-EID Route Import
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 45
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide46 OL-25808-03
Configuring LISP ESM Multihop MobilityFeature Information for LISP ESM Multihop Mobility
C H A P T E R 5LISP Instance-ID Support
This chapter includes the following sections:
• Information about LISP Instance-ID Support, page 47
• How to Configure LISP Instance-ID Support, page 55
• Configuration Examples for LISP Instance-ID Support, page 85
Information about LISP Instance-ID Support
Overview of LISP Instance IDThe LISP Instance ID provides ameans of maintaining unique address spaces (or "address space segmentation")in the control and data plane. Instance IDs are numerical tags defined in the LISP canonical address format(LCAF). The Instance ID has been added to LISP to support virtualization.
When multiple organizations inside of a LISP site are using private addresses as Endpoint ID (EID) prefixes,their address spaces must remain segregated due to possible address duplication. An Instance ID in the addressencoding can be used to create multiple segmented VPNs inside of a LISP site where you want to keep usingEID-prefix-based subnets. The LISP Instance ID is currently supported in LISP ingress tunnel routers andegress tunnel routers (ITRs and ETRs, collectively known as xTRs), map server (MS) andmap resolver (MR).
This chapter explains how to configure LISP xTRs with LISP MS and MR to implement virtualization. Thecontent considers different site topologies and includes guidance to both shared and parallel LISP modelconfigurations. It includes conceptual background and practical guidance, and provides multiple configurationexamples.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 47
The purpose of network virtualization, as illustrated the following figure, is to create multiple, logicallyseparated topologies across one common physical infrastructure.
Figure 4: LISP Deployment Environment
When you plan the deployment of a LISP virtualized network environment, you must plan for virtualizationat both the device level and the path level.
For path level virtualization: LISP binds virtual routing and forwarding (VRFs) to instance IDs (IIDs). TheseIIDs are included in the LISP header to provide data plane (traffic flow) separation.
For device level virtualization: Both the EID and the RLOC namespaces can be virtualized. The EID can bevirtualized by binding a LISP instance ID to an EIDVRF; the RLOC by tying locator addresses and associatedmapping services to the specific VRF within which they are reachable.
Prerequisites for LISP Instance-ID Support• Allow the use of instance-id 0's within a virtual routing and forwarding (VRF) instance.
Guidelines and Limitations for LISP Instance-ID SupportThe LISP Instance-ID Support feature has the following configuration guidelines and restrictions:
• If you enable LISP, nondisruptive upgrade (ISSU) and nondisruptive downgrade (ISSD) paths are notsupported. Disable LISP prior to any upgrade. This restriction applies only to releases before 6.2(2), notto 6.2(2) or subsequent LISP releases.
Device Level VirtualizationVirtualization at the device level uses virtual routing and forwarding (VRF) to create multiple instances ofLayer 3 routing tables, as shown in the figure below. VRFs provide segmentation across IP addresses, allowingfor overlapped address space and traffic separation. Separate routing, quality of service (QoS), security, and
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide48 OL-25808-03
LISP Instance-ID SupportOverview of LISP Instance ID
management policies can be applied to each VRF instance. An interior gateway protocol (IGP) or exteriorgateway protocol (EGP) routing process is typically enabled within a VRF, just as it would be in the global(default) routing table. LISP binds VRFs to instance IDs for similar purposes.
Figure 5: Device Level Virtualization
Path Level VirtualizationVRF table separation is maintained across network paths, as shown in the following figure. Single-hop pathsegmentation (hop by hop) is typically accomplished by using 802.1q VLANs, virtual path identifier/virtualcircuit identifier password (VPI/VCI PW), or easy virtual network (EVN). You can also use the Locator IDSeparation Protocol (LISP) in multihop mechanisms that include Multiprotocol Label Switching (MPLS) andgeneric routing encapsulation (GRE) tunnels. LISP binds VRF instances to instance IDs (IIDs), and then theseIIDs are included in the LISP header to provide data plane (traffic flow) separation for single or multihopneeds.
Figure 6: Path Level Virtualization
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 49
LISP Instance-ID SupportOverview of LISP Instance ID
LISP Virtualization at the Device LevelLISP implements Locator ID separation and thereby creates two namespaces; endpoint ID (EID) and routinglocator (RLOC). Either or both of these can be virtualized.
• EID virtualization—Enabled by binding a LISP instance ID to an EID virtual routing and forwarding(VRF). Instance IDs are numerical tags defined in the LISP canonical address format (LCAF) draft, andare used to maintain address space segmentation in both the control plane and data plane.
• Routing locator (RLOC) virtualization—Tying locator addresses and associated mapping services tothe specific VRF within which they are reachable enables RLOC virtualization.
Because LISP can virtualize either or both of these namespaces, two models of operation are defined: theshared model and the parallel model. To understand how these models differ from the non-virtualized modelof LISP, review information about the default (non-virtualized) model of LISP before reading about the sharedmodel and the parallel model.
Default (Non-Virtualized) LISP ModelBy default, LISP is not virtualized in the EID space or the RLOC space. That is, unless otherwise configured,both EID and RLOC addresses are resolved in the default (global) routing table. See the following figure.
Figure 7: Default (Nonvirtualized) LISP Model
The mapping system must also be reachable through the default table. This default model can be thought ofas a single instantiation of the parallel model of LISP virtualization where EID and RLOC addresses are withinthe same namespace.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide50 OL-25808-03
LISP Instance-ID SupportOverview of LISP Instance ID
LISP Shared Model VirtualizationA LISP shared model virtualized EID space is created when you bind VRFs associated with an EID space toInstance IDs. A common, shared locator space is used by all virtualized EIDs.
Figure 8: LISP Shared Model Virtualization resolves EIDs within VRFs tied to Instance IDs. The default (global) routingtable is the shared space.
As shown in the figure, EID space is virtualized through its association with VRFs, and these VRFs are tiedto LISP Instance IDs to segment the control plane and data plane in LISP. A common, shared locator space,the default (global) table, is used to resolve RLOC addresses for all virtualized EIDs. The mapping systemmust also be reachable through the common locator space.
LISP Shared Model Virtualization ArchitectureYou can deploy the LISP shared model virtualization in single or multitenancy configurations. In the sharedmodel single tenancy case, ingress and egress tunnel routers (xTRs) are dedicated to a customer but shareinfrastructure with other customers. Each customer and all sites associated with an xTR use the same instance
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 51
LISP Instance-ID SupportLISP Shared Model Virtualization
ID and are part of a VPN using their own EID namespace. LISP instance IDs segment the LISP data planeand control plane. See the following figure.
Figure 9: LISP shared model single tenancy use case. A customers uses its own xTR and shares a common core networkand mapping system.
In the shared modelmultitenancy case, a set of xTRs is shared (virtualized) among multiple customers. Thesecustomers also share a common infrastructure with other single and multitenant customers. Each customerand all sites associated with it use the same instance ID and are part of a VPN using their own EID namespace.LISP instance IDs segment the LISP data plane and control plane. See the following figure.
Figure 10: LISP shared model multitenancy use case. Customer's use shared xTRs and share a common core networkand mapping system.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide52 OL-25808-03
LISP Instance-ID SupportLISP Shared Model Virtualization Architecture
LISP Shared Model Virtualization Implementation Considerations and CaveatsWhen you use the LISP Shared Model, instance IDs must be unique to an EID VRF.
In the example, two EID VRFs are created: alpha and beta. In global configuration mode, a VRF named alphais specified and associated with the instance ID 101. Next, a VRF named beta is specified and also associatedwith the instance ID 101. This configuration is not permissible because instance ID 101 is already associatedwith the VRF context named alpha. That is, you cannot connect the same instance ID to more than one EIDVRF.
LISP Parallel Model VirtualizationThe LISP parallel model virtualization ties the virtualized EID space associated with VRFs to RLOCs thatare associated with the same or different VRFs (see the following figure).
Figure 11: LISP parallel model virtualization resolves an EID and associated RLOCs within the same or a different VRF.In this example, both EID and RLOC addresses are resolved in the same VRF, but multiple (parallel) segmentation isconfigured on the same device (BLUE and PINK).
EID space is virtualized through its association with VRFs, and these VRFs are tied to LISP Instance IDs tosegment the control plane and data plane in LISP. A common, “shared” locator space, the default (global)table is used to resolve RLOC addresses for all virtualized EIDs. The mapping system must also be reachablethrough the common locator space as well.
In the figure, virtualized EID space is associated with a VRF (and bound to an Instance ID) that is tied tolocator space associated with the same VRF, in this case - Pink/Pink and Blue/Blue. However, this is notrequired; the EID VRF does not need to match the RLOC VRF. In any case, a mapping system must bereachable through the associated locator space. Multiple parallel instantiations can be defined.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 53
LISP Instance-ID SupportLISP Shared Model Virtualization Implementation Considerations and Caveats
A shared model and parallel model can be combined such that multiple EID VRFs share a common RLOCVRF, and multiple instantiations of this architecture are implemented on the same platform, as shown in thefollowing figure.
Figure 12: LISP shared and parallel models may be combined for maximum flexibility.
LISP Parallel Model Virtualization ArchitectureYou can deploy LISP parallel model virtualization in single or multitenancy configurations. In the parallelmodel multitenancy case, a set of xTRs is shared (virtualized) among multiple customers, and each customeruses their own private (segmented) core infrastructure and mapping system. All sites associated with thecustomer use the same instance ID and are part of a VPN using their own EID namespace, as shown in thefollowing figure.
Figure 13: LISP parallel model multitenancy case. Shared xTRs use virtualized core networks and mapping systems. LISPinstance IDs segment the LISP data plane and control plane.
LISP Parallel Model Virtualization Implementation Considerations and CaveatsWhen you use LISP parallel model virtualization, each vrfvrf vrf-name instantiation is considered by a separateprocess. Instance IDs must be unique only within a vrf instantiation.xTR-1# configure terminalxTR-1(config)# vrf context alphaxTR-1(config-vrf)# address-family ipv4 unicastxTR-1(config-vrf-af-ipv4)# exitxTR-1(config)# vrf context beta
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide54 OL-25808-03
LISP Instance-ID SupportLISP Parallel Model Virtualization Architecture
xTR-1(config-vrf)# address-family ipv4 unicastxTR-1(config-vrf-af-ipv4)# exitxTR-1(config-vrf)# exitxTR-1(config)# vrf context gammaxTR-1(config-vrf)# address-family ipv4 unicastxTR-1(config-vrf-af-ipv4)# exitxTR-1(config-vrf)# exitxTR-1(config)# vrf context deltaxTR-1(config-vrf)# address-family ipv4 unicastxTR-1(config-vrf-af-ipv4)# exitxTR-1(config-vrf)# exitxTR-1(config)# vrf context alphaxTR-1(config-vrf)# lisp instance-id 101xTR-1(config-vrf)# exitxTR-1(config)# vrf context gammaxTR-1(config-vrf)# lisp instance-id 101xTR-1(config-vrf)# exitxTR-1(config)# vrf context betaxTR-1(config-vrf)# lisp instance-id 201The vrf beta table is not available for use as an EID table (in use by switch lisp 1 EIDinstance 101 VRF)In the above example, four VRFs are created: alpha, beta, gamma, and delta, as follows:
• The vrf instantiation device lisp 1 is created and associated with the VRF named alpha.
• The EID VRF named beta is specified and associated with instance ID 101.
• A new vrf instantiation, device lisp 3, is created and associated with the locator-table VRF named gamma.
• The EID table VRF named delta is specified and also associated with instance ID 101.
These two instance IDs are unrelated to each other; one is relevant only within device lisp 1, and the other isrelevant only within device lisp 2.
In the example, note that under device lisp 2, the code requests a VRF instance named beta. Note that thedevice is unable to use this VRF instance because it (beta) is already associated with a vrf command withinthe device lisp 1 instantiation.
You can reuse an instance ID. The EID VRF into which it is decapsulated depends on the vrf instantiationwith which it is associated. However, you cannot connect the same EID VRF to more than one VRF.
How to Configure LISP Instance-ID Support
Configuring Simple LISP Shared Model VirtualizationYou can perform this task to enable and configure LISP ingress tunnel router/egress tunnel router (ITR/ETR)functionality (also known as xTR) with the LISP map server and map resolver, and thereby implement LISPshared model virtualization. This LISP shared model reference configuration is for a very simple two-siteLISP topology, including xTRs and an map server/map resolver (MS/MR).
The following figure shows a basic LISP shared model virtualization solution. Two LISP sites are deployed,each containing two VRFs: PURPLE and GOLD. LISP is used to provide virtualized connectivity between
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 55
LISP Instance-ID SupportHow to Configure LISP Instance-ID Support
these two sites across a common IPv4 core, while maintaining address separation between the two VRFinstances.
Figure 14: Simple LISP Site with Virtualized IPv4 and IPv6 EIDs and a Shared IPv4 core
In this figure, each LISP site uses a single edge switch that is configured as both an ITR and ETR (xTR), witha single connection to its upstream provider. The RLOC is IPv4, and IPv4 and IPv6 EID prefixes are configured.Each LISP site registers to a map server/map resolver (MS/MR) switch that is located in the network corewithin the shared RLOC address space.
All IPv4 or IPv6 EID-sourced packets destined for both LISP and non-LISP sites are forwarded in one oftwo ways:
Note
• LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• Natively forwarded when traffic is LISP-to-non-LISP
Packets are deemed to be a candidate for LISP encapsulation when they are sourced from a LISP EID andthe destination matches one of the following entries:
• a current map-cache entry
• a default route with a legitimate next-hop
• a static route to Null0
• no route at all
In this configuration example, because the xTR has IPv4 RLOC connectivity, a default route to the upstreamSP is used for all IPv4 packets to support LISP processing. Adding an IPv6 default route to Null0 ensuresthat all IPv6 packets are handled by LISP processing. (The use of the static route to Null0 is not strictlyrequired, but is a LISP best practice.)
The components in the figure above are as follows:
LISP site
• The CPE functions as a LISP ITR and ETR (xTR).
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide56 OL-25808-03
LISP Instance-ID SupportConfiguring Simple LISP Shared Model Virtualization
• Both LISP xTRs have two VRFs: GOLD and PURPLE. Each VRF contains both IPv4 and IPv6EID-prefixes. A LISP instance ID is used to maintain separation between two VRFs. In this example,the share key is configured "per-site" and not "per-VRF." (Another configuration could configure theshared key per-VPN.)
• Each LISP xTR has a single RLOC connection to a shared IPv4 core network.
Mapping system
• One map server/map resolver system is shown and is assumed available for the LISP xTR to registerto. The MS/MR has an IPv4 RLOC address of 10.0.2.2 within the shared IPv4 core.
• Themap server site configurations are virtualized using LISP instance IDs to maintain separation betweenthe two VRFs.
Perform the following procedure (once through for each xTR in the LISP site) to enable and configure LISPITR and ETR (xTR) functionality when using a LISP map server and map resolver for mapping services. Theexample configurations at the end of this task show the full configuration for two xTRs (xTR1 and xTR2).
Summary StepsBefore you begin, create the VRF instances by using the vrf definition command.
Before You Begin
Create the VRFs using the vrf definition command.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Enables LISP ITR functionality for the IPv4 addressfamily.
ip lisp itr
Example:
switch(config-vrf)# ip lisp itr
Step 5
Enables LISP ETR functionality for the IPv4 addressfamily.
ip lisp etr
Example:
switch(config-vrf)# ip lisp etr
Step 6
Configures a locator address for the LISP map resolverto which this switch will send map request messages forIPv4 EID-to-RLOC mapping resolutions.
ip lisp itr map-resolvermap-resolver-address
Example:
switch(config-vrf)# ip lisp itrmap-resolver 10.0.2.2
Step 7
The locator address of the map resolver may be an IPv4or IPv6 address. In this example, because each xTR hasonly IPv4 RLOC connectivity, the map resolver isreachable using its IPv4 locator address.
You can configure up to two map resolvers ifmultiple map resolvers are available.
Note
Configures a locator address for the LISPmap server andan authentication key for which this switch, acting as an
ip lisp etr map-servermap-server-address key key-typeauthentication-key
Step 8
IPv4 LISP ETR, will use to register with the LISPmapping system.
Example:
switch(config-vrf)# ip lisp etrmap-server 10.0.2.2 key 0 Left-key
Youmust configure the map serve with EID prefixes andinstance IDs matching those configured on this ETR andwith an identical authentication key.
The locator address of the map server may bean IPv4 or IPv6 address. In this example,because each xTR has only IPv4 RLOCconnectivity, the map-server is reachable usingits IPv4 locator addresses.
Note
Enables LISP ITR functionality for the IPv6 addressfamily.
ipv6 lisp itr
Example:
switch(config-vrf)# ipv6 lisp itr
Step 9
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide58 OL-25808-03
LISP Instance-ID SupportConfiguring Simple LISP Shared Model Virtualization
PurposeCommand or Action
Enables LISP ETR functionality for the IPv6 addressfamily.
ipv6 lisp etr
Example:
switch(config-vrf)# ipv6 lisp etr
Step 10
Configures a locator address for the LISP map resolverto which this switch will send map request messages forIPv6 EID-to-RLOC mapping resolutions.
The locator address of the map resolver may be an IPv4or IPv6 address. In this example, because each xTR hasonly IPv4 RLOC connectivity, the map resolver isreachable using its IPv4 locator addresses.
You can configure up to two map resolvers ifmultiple map resolvers are available.
Note
Configures a locator address for the LISP map-serverand an authentication key that this switch, acting as an
IPv6 LISP ETR, will use to register to the LISP mappingsystem.
Example:
switch(config-vrf)# ipv6 lisp etr
The map server must be configured with EID prefixesand instance IDs matching those configured on this ETRand with an identical authentication key.map-server 10.0.2.2 key 0
Left-keyThe locator address of the map-server may bean IPv4 or IPv6 address. In this example,because each xTR has only IPv4 RLOCconnectivity, the map-server is reachable usingits IPv4 locator addresses.
Note
Configures a nondefault VRF table to be referenced byany IPv4 locators addresses.
ip lisp locator-vrf default
Example:
switch(config-vrf)# ip lisplocator-vrf BLUE
Step 13
Configures a nondefault VRF table to be referenced byany IPv6 locator addresses.
ipv6 lisp locator-vrf default
Example:
switch(config-vrf)# ipv6 lisplocator-vrf default
Step 14
Exits VRF configuration mode and returns to globalconfiguration mode.
exit
Example:
switch(config-vrf)# exit
Step 15
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 59
LISP Instance-ID SupportConfiguring Simple LISP Shared Model Virtualization
PurposeCommand or Action
Enables LISP ITR functionality for the IPv4 addressfamily.
ip lisp itr
Example:
switch(config)# ip lisp itr
Step 16
Enables LISP ETR functionality for the IPv4 addressfamily.
ip lisp etr
Example:
switch(config)# ip lisp etr
Step 17
Enables LISP ITR functionality for the IPv6 addressfamily.
ipv6 lisp itr
Example:
switch(config)# ipv6 lisp itr
Step 18
Enables LISP ETR functionality for the IPv6 addressfamily.
ipv6 lisp etr
Example:
switch(config)# ipv6 lisp etr
Step 19
Configures a default route to the upstream next hop forall IPv4 destinations.
ip route ipv4-prefix next-hop
Example:
switch(config)# ip route 0.0.0.00.0.0.0 10.0.0.1
Step 20
In this configuration example, because the xTR has IPv4RLOC connectivity, a default route to the upstream SPis used for all IPv4 packets to support LISP processing.
Configures a default route to the upstream next hop forall IPv6 destinations.
ipv6 route ipv6-prefix next-hop
Example:
switch(config)# ipv6 route ::/0Null0
Step 21
In this configuration example, because the xTR has onlyIPv4 RLOC connectivity, adding an IPv6 default routeto Null0 ensures that all IPv6 packets are handled byLISP processing. (Use of the static route to Null0 is notstrictly required, but is recommended as a LISP bestpractice.) If the destination is another LISP site, packetsare LISP-encapsulated (using IPv4 RLOCs) to the remotesite. If the destination is non-LISP, all IPv6 EIDs areLISP-encapsulated to a PETR (assuming one isconfigured).
Displays the LISP configuration on the switch.(Optional) show running-config lisp
Example:
switch(config)# showrunning-config lisp
Step 22
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide60 OL-25808-03
LISP Instance-ID SupportConfiguring Simple LISP Shared Model Virtualization
PurposeCommand or Action
The show ip lisp and show ipv6 lisp commands quicklyverify the operational status of LISP as configured on the
(Optional) show [ip | ipv6] lisp
Example:
switch(config)# show ip lisp vrfTRANS
Step 23
switch, as applicable to the IPv4 and IPv6 addressfamilies, respectively.
The show ip lisp map-cache and show ipv6 lispmap-cache commands quickly verify the operational
(Optional) show [ip | ipv6] lispmap-cache [vrf vrf-name]
Step 24
status of the map cache on a switch configured as an ITRExample:
switch(config)# show ip lispmap-cache
or PITR, as applicable to the IPv4 and IPv6 addressfamilies, respectively.
The show ip lisp database and show ipv6 lisp databasecommands quickly verify the operational status of the
(Optional) show [ip | ipv6] lispdatabase [ vrf vrf-name]
Step 25
database mapping on a switch configured as an ETR, asExample: applicable to the IPv4 and IPv6 address families,
respectively.The following example shows IPv6mapping database information for theVRF named GOLD.
switch(config)# show ipv6 lispdatabase vrf GOLD
Displays the operational status of LISP sites as configuredon a map server. This command applies only to a switchconfigured as a map server.
(Optional) show lisp site [namesite-name]
Example:
switch(config)# show lisp site
Step 26
This command removes all IPv4 or IPv6 dynamic LISPmap-cache entries stored by the switch, and displays the
clear [ip | ipv6] lisp map-cache [vrfvrf-name]
Step 27
operational status of the LISP control plane. ThisExample: command applies to a LISP switch that maintains a map
cache (for example, if configured as an ITR or PITR).The first command displays IPv4mapping cache information for vrf1. Thesecond clears the mapping cache forvrf1 and shows the information afterclearing the cache.
switch(config)# show ip lispmap-cache vrf vrf1switch(config)# clear ip lispmap-cache vrf vrf1
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 61
LISP Instance-ID SupportConfiguring Simple LISP Shared Model Virtualization
Configuring a Private LISP Mapping System for LISP Shared ModelVirtualization
You can perform this task to configure and enable standalone LISP map server/map resolver functionality forLISP shared model virtualization. In this procedure, you configure a switch as a standalone map server/mapresolver (MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a standaloneswitch, it has no need for LISP Alternate Logical Topology (ALT) connectivity. All relevant LISP sites mustbe configured to register with this map server so that this map server has full knowledge of all registered EIDprefixes within the (assumed) private LISP system.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
switch# configure terminal
Step 1
Specifies a LISP site named LEFT and enters LISP siteconfiguration mode.
lisp site site-name
Example:
switch(config)# lisp site LEFT
Step 2
A LISP site name is locally significant to themap server on which it is configured. It has norelevance anywhere else. This name is usedsolely as an administrative means of associatingEID-prefix or prefixes with an authenticationkey and other site-related mechanisms.
Note
Configures the password used to create the SHA-2HMAChash for authenticating themap register messagessent by an ETR when registering to the map server.
when registering to this map server. This step is repeated
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide62 OL-25808-03
LISP Instance-ID SupportConfiguring a Private LISP Mapping System for LISP Shared Model Virtualization
PurposeCommand or Action
Example:
switch(config-lisp-site)#
here to configure an additional EID prefix under thisLISP site.
In this example, the IPv6 EID prefix2001:db8:a:b::/64 and instance ID 102 areassociated together.
Note
eid-prefix 2001:db8:a:b::/64instance-id 102
Exits LISP site configuration mode and returns to globalconfiguration mode.
exit
Example:
switch(config-lisp-site)# exit
Step 6
Enables LISP map resolver functionality for EIDs in theIPv4 address family and in the IPv6 family..
ip lisp map-resolver ipv6 lispmap-resolver
Example:
switch(config)# ip lisp
Step 7
map-resolverswitch(config)# ipv6 lispmap-resolver
Enables LISP map server functionality for EIDs in theIPv4 address family and in the IPv6 address family..
ip lisp map-server ipv6 lispmap-server
Example:
switch(config)# ip lisp map-server
Step 8
switch(config)# ipv6 lispmap-server
Displays the LISP configuration on the switch.(optional) show running-config lisp
Example:
switch(config)# show running-configlisp
Step 9
The show ip lisp and show ipv6 lisp commands displaythe operational status of LISP as configured on the
(optional) show [ip | ipv6] lisp
Example:
switch(config)# show ip lisp vrfTRANS
Step 10
switch, as applicable to the IPv4 and IPv6 addressfamilies respectively.
The show ip lisp map-cache and show ipv6 lispmap-cache commands display the operational status of
(optional) show [ip | ipv6] lispmap-cache [vrf vrf-name]
Step 11
the map cache on a switch configured as an ITR or PITR,Example:
switch(config)# show ip lispmap-cache
as applicable to the IPv4 and IPv6 address familiesrespectively.
The show ip lisp database and show ipv6 lisp databasecommands display the operational status of the database
(optional) show [ip | ipv6] lisp database[ vrf vrf-name]
Step 12
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 63
LISP Instance-ID SupportConfiguring a Private LISP Mapping System for LISP Shared Model Virtualization
PurposeCommand or Action
mapping on a switch configured as an ETR, as applicableto the IPv4 and IPv6 address families respectively.Example:
The following example shows IPv6mapping database information for theVRF named GOLD.
switch(config)# show ipv6 lispdatabase vrf GOLD
The show lisp site command displays the operationalstatus of LISP sites, as configured on a map server. This
(optional) show lisp site [namesite-name]
Step 13
command only applies to a switch configured as a mapserver.Example:
switch(config)# show lisp site
The clear ip lisp map-cache and clear ipv6 lispmap-cache commands remove all IPv4 or IPv6 dynamic
clear [ip | ipv6] lisp map-cache [vrfvrf-name]
Example:
Step 14
LISP map-cache entries stored by the switch,respectively. They also show the operational status ofthe LISP control plane. This command applies to a LISPThe first command displays IPv4
mapping cache information for vrf1. The switch that maintains a map cache (for example, a switchconfigured as an ITR or PITR).second command clears the mapping
cache for vrf1 and displays the updatedstatus.
switch(config)# show ip lispmap-cache vrf vrf1switch(config)# clear ip lispmap-cache vrf vrf1
Configuring Large-Scale LISP Shared Model VirtualizationTo implement LISP shared model virtualization, you can configure LISP ITR/ETR (xTR) functionality withLISP map server and map resolver. This LISP shared model reference configuration is for a large-scale,multiple-site LISP topology, including xTRs and multiple MS/MRs.
This procedure is for an enterprise that is deploying the LISP Shared Model where EID space is virtualizedover a shared, common core network. A subset of the entire network is shown in the following figure. Threesites are shown: a multihomed "Headquarters" (HQ) site, and two remote office sites. The HQ site switches
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide64 OL-25808-03
LISP Instance-ID SupportConfiguring Large-Scale LISP Shared Model Virtualization
are deployed as xTRs and also as map resolver/map servers. The remote sites switches act as xTRs, and usethe MS/MRs at the HQ site for LISP control plane support.
Figure 15: Large Scale LISP Site with Virtualized IPv4 EIDs and a Shared IPv4 Core
The components in the figure are as follows:
• LISP site:
• Each customer premises equipment (CPE) switch functions as a LISP ITR and ETR (xTR), as wellas a Map-Server/Map-Resolver (MS/MR).
• Both LISP xTRs have three VRFs: TRANS (for transactions), SOC (for security operations), andFIN (for financials). Each VRF contains only IPv4 EID-prefixes. No overlapping prefixes are used;segmentation between eachVRF by LISP instance-idsmakes this possible. Note that in this example,the separate authentication key is configured “per-vrf" and not “per-site", which affects both thexTR and MS configurations.
• The HQ LISP Site is multihomed to the shared IPv4 core, but each xTR at the HQ site has a singleRLOC.
• Each CPE also functions as an MS/MR to which the HQ and Remote LISP sites can register.
• The map server site configurations are virtualized using LISP instance IDs to maintain separationbetween the three VRFs.
• LISP remote sites
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 65
LISP Instance-ID SupportConfiguring Large-Scale LISP Shared Model Virtualization
Each remote site CPE switch functions as a LISP ITR and ETR (xTR).•
• Each LISP xTRs has the same three VRFs as the HQ Site: TRANS, SOC, and FIN. Each VRFcontains only IPv4 EID-prefixes.
• Each remote site LISP xTR has a single RLOC connection to a shared IPv4 core network.
Before You Begin
Create the VRFs using the vrf definition command.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
switch# configure terminal
Step 1
Specifies a LISP site named TRANS and enters LISP siteconfiguration mode.
lisp site site-name
Example:
switch(config)# lisp siteTRANS
Step 2
ALISP site name is significant to the local map serveron which it is configured and has no relevanceanywhere else. This site name serves solely as anadministrative means of associating an EID-prefixor prefixes with an authentication key and othersite-related mechanisms.
Note
Configures the password used to create the SHA-2 HMAChash for authenticating the map register messages sent by anETR when registering to the map server.
this map server. Repeat this step as necessary to configureadditional EID prefixes under this LISP site.
Example:
switch(config-lisp-site)#
• In the example, EID-prefix 10.1.0.0/16 and instance ID1 are associated. The EID-prefix 10.1.0.0/16 is assumedto be an aggregate that covers all TRANS EID-prefixeseid-prefix 10.1.0.0/16
instance-id 1accept-more-specifics at all LISP Sites. Use accept-more-specifics to allow
each site to register its more-specific EID-prefixcontained within that aggregate. If aggregation is notpossible, simply enter all EID prefixes integrated withininstance ID 1.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide66 OL-25808-03
LISP Instance-ID SupportConfiguring Large-Scale LISP Shared Model Virtualization
PurposeCommand or Action
Exits LISP site configuration mode and returns to LISPconfiguration mode.
exit
Example:
switch(config-lisp-site)# exit
Step 5
Repeat steps 3 through 5 for the site SOC and FIN as shownin the configuration example at the end of this procedure.
Repeat Steps 3 through 5 for eachLISP site to be configured.
Step 6
Enables LISP map resolver functionality for EIDs in the IPv4address family.
ip lisp map-resolver
Example:
switch(config)# ip lispmap-resolver
Step 7
Enables LISP map server functionality for EIDs in the IPv4address family.
• The EID prefix 10.1.1.0/24 within instance ID 1 at thissite is associated with the local IPv4 RLOC 172.16.1.2,as well as with the neighbor xTR RLOC 172.6.1.6.Example:
switch(config-vrf)# • Repeat Step 10 until all EID-to-RLOCmappings withinthis eid-table vrf and instance ID for the LISP site areconfigured.
Repeat Step 10 until allEID-to-RLOCmappingswithin this
Step 11
EID table VRF and instance ID forthe LISP site are configured.
Configures a locator address for the LISP map server and anauthentication key, which this switch, acting as an IPv4 LISPETR, will use to register with the LISP mapping system.
ip lisp etr map-servermap-server-address key key-typeauthentication-key
Step 12
Example:
switch(config-vrf)# ip lisp
• In this example, the map server and authentication-keyare specified in the EID-table subcommand mode, so
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 67
LISP Instance-ID SupportConfiguring Large-Scale LISP Shared Model Virtualization
PurposeCommand or Action
that the authentication key is associated only with thisinstance ID, within this VPN.
etr map-server 172.16.1.2 key0 TRANS-key
Themap server must be configured with EID prefixesand instance-ids matching the one(s) configured onthis ETR, as well as an identical authentication key.
Note
The locator address of the map server can be an IPv4or IPv6 address. Because each xTR has only IPv4RLOC connectivity, the map server is reachable usingits IPv4 locator addresses.
Note
Configures a locator address for the LISP map resolver towhich this switch will send map request messages for IPv4EID-to-RLOC mapping resolutions.
ip lisp itr map-resolvermap-resolver-address
Example:
switch(config-vrf)# ip lispitr map-resolver 172.16.1.2
Step 13
In this example, the map resolver is specified inswitch lisp configuration mode and is inherited intoall EID-table instances, since nothing is related toany single instance ID. In addition, redundant mapresolvers are configured. Because the MR isco-located with the xTRs in this case, this xTR ispointing to itself for mapping resolution (and to itsneighbor xTR/MS/MR at the same site).
Note
The locator address of the map resolver may be anIPv4 or IPv6 address. In this example, because eachxTR has only IPv4 RLOC connectivity, the mapresolver is reachable using its IPv4 locator address.
Note
You can configure up to twomap resolvers if multiplemap resolvers are available.
Note
Configures a locator address for the LISP map resolver towhich this switch will send map request messages for IPv4EID-to-RLOC mapping resolutions.
Repeat Step 13 to configure anotherlocator address for the LISP mapresolver
Step 14
Example:
switch(config-vrf)# ip lispitr map-resolver 172.16.1.6
In this example, a redundant map resolver isconfigured. (Because the MR is co-located with thexTRs in this case, this command indicates that thisxTR is pointing to itself for mapping resolution (andits neighbor xTR/MS/MR at the same site).
Note
The locator address of the map resolver may be anIPv4 or IPv6 address. In this example, because eachxTR has only IPv4 RLOC connectivity, the mapresolver is reachable using its IPv4 locator address.
Note
You can configure up to twomap resolvers if multiplemap resolvers are available.
Note
Enables LISP ITR functionality for the IPv4 address family.ip lisp itr
Example:
switch(config-vrf)# ip lispitr
Step 15
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide68 OL-25808-03
LISP Instance-ID SupportConfiguring Large-Scale LISP Shared Model Virtualization
PurposeCommand or Action
Enables LISP ETR functionality for the IPv4 address family.ip lisp etr
Example:
switch(config-vrf)# ip lispetr
Step 16
Configures a nondefault VRF table to be referenced by anyIPv4 locators addresses.
ip lisp locator-vrf default
Example:
switch(config-vrf)# ip lisplocator-vrf BLUE
Step 17
Configures a nondefault VRF table to be referenced by anyIPv6 locator addresses.
ipv6 lisp locator-vrf default
Example:
switch(config-vrf)# ipv6 lisplocator-vrf default
Step 18
Exits VRF configuration mode and returns to globalconfiguration mode.
exit
Example:
switch(config-vrf)# exit
Step 19
Repeat step 9 to 19 for all VRFs.Step 20
Configures a default route to the upstream next hop for allIPv4 destinations.
ip route ipv4-prefix next-hop
Example:
switch(config)# ip route0.0.0.0 0.0.0.0 172.16.1.1
Step 21
All IPv4 EID-sourced packets destined to both LISPand non-LISP sites are forwarded in one of two ways:
Note
• LISP-encapsulated to a LISP site when trafficis LISP-to-LISP
• natively forwarded when traffic isLISP-to-non-LISP
Packets are deemed to be a candidate for LISPencapsulation when they are sourced from a LISPEID and the destination is one of the following:
Note
• a current map-cache entry
• a default route with a legitimate next-hop
• a static route to Null0
• no route at all
In this configuration example, because the xTR has IPv4RLOC connectivity, a default route to the upstream SP is usedfor all IPv4 packets to support LISP processing.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 69
LISP Instance-ID SupportConfiguring Large-Scale LISP Shared Model Virtualization
PurposeCommand or Action
Displays the LISP configuration on the switch.(Optional) show running-configlisp
Step 22
Example:
switch(config)# showrunning-config lisp
The show ip lisp and show ipv6 lisp commands are usefulfor quickly verifying the operational status of LISP as
(Optional) show [ip | ipv6] lisp
Example:
switch(config)# show ip lispvrf TRANS
Step 23
configured on the switch, as applicable to the IPv4 and IPv6address families respectively.
Displays the operational status of the map cache on a switchconfigured as an ITR or PITR, as applicable to the IPv4 andIPv6 address families.
(Optional) show [ip | ipv6] lispmap-cache [vrf vrf-name]
Example:
switch(config)# show ip lispmap-cache
Step 24
The show ip lisp database and show ipv6 lisp databasecommands are useful for quickly verifying the operational
(Optional) show [ip | ipv6] lispdatabase [ vrf vrf-name]
Step 25
status of the database mapping on a switch configured as anETR, as applicable to the IPv4 and IPv6 address families.Example:
switch(config)# show ipv6 lisp This example shows IPv6 mapping database information fora VRF named GOLD.database vrf GOLD
The show lisp site command verifies the operational status ofLISP sites, as configured on a map server. This command onlyapplies to a switch configured as a map server.
(Optional) show lisp site [namesite-name]
Example:
switch(config)# show lisp site
Step 26
The clear ip lisp map-cache and clear ipv6 lisp map-cachecommands remove all IPv4 or IPv6 dynamic LISPmap-cache
entries stored by the switch. They verify the operational statusExample:
switch(config)# show ip lisp
of the LISP control plane. The command applies to a LISPswitch that maintains a map cache (for example, a switchconfigured as an ITR or PITR).
map-cache vrf vrf1switch(config)# clear ip lispmap-cache vrf vrf1
The first command in the example displays IPv4 mappingcache information for vrf1. The second command clears themapping cache for vrf1 and displays the status informationafter clearing the cache.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide70 OL-25808-03
LISP Instance-ID SupportConfiguring Large-Scale LISP Shared Model Virtualization
Configuring a Remote Site for Large-Scale LISP Shared Model VirtualizationYou can perform this task to enable and configure LISP ITR/ETR (xTR) functionality at a remote site toimplement LISP shared model virtualization as part of a large-scale, multiple-site LISP topology.
This configuration task is part of a more complex, larger scale LISP virtualization solution. The configurationapplies to one of the remote sites shown in the figure below. The remote site switches only act as xTRs, anduse the MS/MRs at the HQ site for LISP control plane support.
Figure 16: Large Scale LISP Site with Virtualized IPv4 EIDs and a Shared IPv4 Core
The components illustrated in the topology shown in the figure above are described below:
• LISP remote sites:
• Each customer premises equipment (CPE) switch at a remote site functions as a LISP ITR andETR (xTR).
• Each LISP xTR has the same three VRFs as the HQ Site: the TRANS (for transactions), the SOC(for security operations), and the FIN (for financials). Each VRF contains only IPv4 EID-prefixes.
• Each remote site LISP xTR has a single RLOC connection to a shared IPv4 core network.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 71
LISP Instance-ID SupportConfiguring a Remote Site for Large-Scale LISP Shared Model Virtualization
Before You Begin
Create the VRFs using the vrf definition command and verify that the Configure a Large-Scale LISP SharedModel Virtualization task has been performed at one or more central (headquarters) sites.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Configures a locator address for the LISP map server and anauthentication key for which this switch, acting as an IPv4LISP ETR, will use to register with the LISPmapping system.
ip lisp etr map-servermap-server-address key key-typeauthentication-key
Step 4
Example:
Switch(config-vrf)# ip lisp etr
• In this example, the map server and authentication-keyare specified here, within the eid-table subcommandmode, so that the authentication key is associated onlywith this instance ID, within this VPN.map-server 172.16.1.2 key 0
TRANS-key
The map server must be configured with EIDprefixes and instance-ids matching the one(s)configured on this ETR, as well as an identicalauthentication key.
Note
The locator address of the map server may be anIPv4 or IPv6 address. In this example, because eachxTR has only IPv4 RLOC connectivity, the mapserver is reachable using its IPv4 locator addresses.
Note
Configures a locator address for the LISP map server and anauthentication key for which this switch, acting as an IPv4LISP ETR, will use to register with the LISPmapping system.
Repeat Step 4 to configure anotherlocator address for the same LISPmap server.
Step 5
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide72 OL-25808-03
LISP Instance-ID SupportConfiguring a Remote Site for Large-Scale LISP Shared Model Virtualization
PurposeCommand or Action
Example:
Switch(config-vrf)# ip lisp etr
• In this example, a redundant map server is configured.(Because the MS is co-located with the xTRs in thiscase, this command indicates that this xTR is pointingto itself for registration (and its neighbor xTR/MS/MRat the same site).map-server 172.16.1.6 key 0
TRANS-key
Configures a locator address for the LISP map resolver towhich this switch will send map request messages for IPv4EID-to-RLOC mapping resolutions.
ip lisp itr map-resolvermap-resolver-address
Example:
Switch(config-vrf)# ip lisp itrmap-resolver 172.16.1.2
Step 6
• In this example, the map resolver is specified withinswitch lisp configuration mode and inherited into alleid-table instances since nothing is related to any singleinstance ID. In addition, redundant map resolvers areconfigured. (Because the MR is co-located with thexTRs in this case, this command indicates that this xTRis pointing to itself for mapping resolution (and itsneighbor xTR/MS/MR at the same site).
• The locator address of the map resolver may be an IPv4or IPv6 address. In this example, because each xTR hasonly IPv4 RLOC connectivity, the map resolver isreachable using its IPv4 locator address.
Up to two map resolvers may be configured ifmultiple map resolvers are available.
Note
Configures a locator address for the LISP map resolver towhich this switch will send map request messages for IPv4EID-to-RLOC mapping resolutions.
Repeat Step 6 to configure anotherlocator address for the LISP mapresolver
Step 7
Example:
Switch(config-vrf)# ip lisp itrmap-resolver 172.16.1.6
In this example, a redundant map resolver isconfigured. (Because the MR is co-located with thexTRs in this case, this command indicates that thisxTR is pointing to itself for mapping resolution (andits neighbor xTR/MS/MR at the same site).
The locator address of the map resolver may be anIPv4 or IPv6 address. In this example, because eachxTR has only IPv4 RLOC connectivity, the mapresolver is reachable using its IPv4 locator address.
Note
Up to two map resolvers may be configured ifmultiple map resolvers are available.
Note
Enables LISP ITR functionality for the IPv4 address family.ip lisp itr
Example:
Switch(config-vrf)# ip lisp itr
Step 8
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 73
LISP Instance-ID SupportConfiguring a Remote Site for Large-Scale LISP Shared Model Virtualization
PurposeCommand or Action
Enables LISP ETR functionality for the IPv4 address family.ip lisp etr
Example:
Switch(config-vrf)# ip lisp etr
Step 9
Configures a non-default VRF table to be referenced by anyIPv4 locators addresses.
ip lisp locator-vrf default
Example:
Switch(config-vrf)# ip lisplocator-vrf BLUE
Step 10
Configures a non-default VRF table to be referenced by anyIPv6 locator addresses.
ipv6 lisp locator-vrf default
Example:
Switch(config-vrf)# ipv6 lisplocator-vrf default
Step 11
Exits VRF configuration mode and returns to globalconfiguration mode.
exit
Example:
Switch(config-vrf)# exit
Step 12
Repeat Steps 2 to 12 for all VRFs.Step 13
Configures a default route to the upstream next hop for allIPv4 destinations.
ip route ipv4-prefix next-hop
Example:
Switch(config)# ip route0.0.0.0 0.0.0.0 172.16.2.1
Step 14
• All IPv4 EID-sourced packets destined to both LISPand non-LISP sites are forwarded in one of two ways:
• LISP-encapsulated to a LISP site when traffic isLISP-to-LISP
• natively forwarded when traffic isLISP-to-non-LISP
• Packets are deemed to be a candidate for LISPencapsulation when they are sourced from a LISP EIDand the destinationmatches one of the following entries:
• a current map-cache entry
• a default route with a legitimate next-hop
• a static route to Null0
• no route at all
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide74 OL-25808-03
LISP Instance-ID SupportConfiguring a Remote Site for Large-Scale LISP Shared Model Virtualization
PurposeCommand or Action
In this configuration example, because the xTR has IPv4RLOC connectivity, a default route to the upstream SP isused for all IPv4 packets to support LISP processing.
Verifies the LISP configuration on the switch.(Optional) show running-config lisp
Example:
Switch(config)# showrunning-config lisp
Step 15
The show ip lisp and show ipv6 lisp commands verify theoperational status of LISP as configured on the switch, asapplicable to the IPv4 and IPv6 address families, respectively.
(Optional) show [ip | ipv6] lisp
Example:
Switch(config)# show ip lispvrf TRANS
Step 16
The show ip lispmap-cache and show ipv6 lispmap-cachecommands verify the operational status of the map cache on
(Optional) show [ip | ipv6] lispmap-cache [vrf vrf-name]
Step 17
a switch configured as an ITR or PITR, as applicable to theIPv4 and IPv6 address families, respectively.Example:
Switch(config)# show ip lispmap-cache
The show ip lisp database and show ipv6 lisp databasecommands display the operational status of the database
(Optional) show [ip | ipv6] lispdatabase [ vrf vrf-name]
Step 18
mapping on a switch configured as an ETR, as applicable tothe IPv4 and IPv6 address families, respectively.Example:
The following example shows IPv6mapping database information for theVRF named GOLD.
Switch(config)# show ipv6 lispdatabase vrf GOLD
The show lisp site command is useful for quickly verifyingthe operational status of LISP sites, as configured on a map
(Optional) show lisp site [namesite-name]
Step 19
server. This command only applies to a switch configured asa map server.Example:
Switch(config)# show lisp site
The clear ip lisp map-cache and clear ipv6 lisp map-cachecommands remove all IPv4 or IPv6 dynamic LISPmap-cache
clear [ip | ipv6] lisp map-cache [vrfvrf-name]
Step 20
entries stored by the switch. These verify the operationalExample: status of the LISP control plane. The command applies to a
LISP switch that maintains a map cache (for example, ifconfigured as an ITR or PITR).
The following commands displayIPv4 mapping cache information forvrf1, and clear the mapping cache for
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 75
LISP Instance-ID SupportConfiguring a Remote Site for Large-Scale LISP Shared Model Virtualization
PurposeCommand or Action
vrf1. Clearing also displays the showinformation after it clears the cache.
Switch(config)# show ip lispmap-cache vrf vrf1Switch(config)# clear ip lispmap-cache vrf vrf1
Configuring Simple LISP Parallel Model VirtualizationYou can perform these tasks to enable and configure LISP ITR/ETR (xTR) functionality and LISP mapresolver and map server for LISP parallel model virtualization.
The configuration in the following figure below is for two LISP sites that are connected in parallel mode.Each LISP site uses a single edge switch configured as both an ITR and ETR (xTR), with a single connectionto its upstream provider. Note that the upstream connection is VLAN-segmented to maintain RLOC spaceseparation within the core. Two VRFs are defined here: BLUE and GREEN. The IPv4 RLOC space is usedin each of these parallel networks. Both IPv4 and IPv6 EID address space is used. The LISP site registers toone map server/map resolver (MS/MR), which is segmented to maintain the parallel model architecture ofthe core network.
Figure 17: Simple LISP Site with One IPv4 RLOC and One IPv4 EID
The components illustrated in the topology shown in the figure above are described below.
LISP site
• The customer premises equipment (CPE) functions as a LISP ITR and ETR (xTR).
• Both LISP xTRs have two VRFs: GOLD and PURPLE, with each VRF containing both IPv4 and IPv6EID-prefixes, as shown in the figure above. Note the overlapping prefixes, used for illustration purposes.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide76 OL-25808-03
LISP Instance-ID SupportConfiguring Simple LISP Parallel Model Virtualization
A LISP instance ID is used to maintain separation between two VRFs. The share key is configured“per-VPN."
• Each LISP xTR has a single RLOC connection to a parallel IPv4 core network.
Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITRand ETR (xTR) functionality when using a LISP map-server and map-resolver for mapping services. Theexample configurations at the end of this task show the full configuration for two xTRs (Left-xTR andRight-xTR).
Before You Begin
Create the VRFs using the vrf context command.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
• In this example, the RLOC VRF named vrf1 isconfigured.
Configures an association between a VRF and a LISP instanceID.
lisp instance-id instance-id
Example:
switch(config-vrf)# lispinstance-id 101
Step 3
Configures an EID-to-RLOC mapping relationship and itsassociated traffic policy for this LISP site.
ip lisp database-mappingEID-prefix/prefix-length locatorpriority priority weight weight
Step 4
In this example, a single IPv4 EID prefix,192.168.1.0/24, within instance ID 1 at this site isassociated with the local IPv4 RLOC 10.0.0.2.
Note
Example:
switch(config-vrf)# ip lispdatabase-mapping192.168.1.0/24 10.0.0.2priority 1 weight 1
Exits VRF configuration submode and returns to global mode.exit
Example:
switch(config-vrf)# exit
Step 5
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 77
LISP Instance-ID SupportConfiguring Simple LISP Parallel Model Virtualization
PurposeCommand or Action
Configures a locator address for the LISPmap resolver to whichthis switch will send map request messages for IPv4EID-to-RLOC mapping resolutions.
ipv4 itr map-resolvermap-resolver-address
Example:
switch(config)# ip lisp itrmap-resolver 10.0.2.2
Step 6
The locator address of the map resolver may be anIPv4 or IPv6 address. In this example, because eachxTR has only IPv4 RLOC connectivity, the mapresolver is reachable using its IPv4 locator address.
Note
Up to twomap resolvers may be configured if multiplemap resolvers are available.
Note
Configures a locator address for the LISP map server and anauthentication key for which this switch, acting as an IPv4LISP ETR, will use to register with the LISP mapping system.
ip lisp etr map-servermap-server-address key key-typeauthentication-key
Step 7
Example:
switch(config)# ip lisp etr
Themap server must be configured with EID prefixesand instance IDs matching those configured on thisETR and with an identical authentication key.
Note
The locator address of the map server may be an IPv4or IPv6 address. In this example, because each xTRhas only IPv4 RLOC connectivity, the map-server isreachable using its IPv4 locator addresses.
Notemap-server 10.0.2.2 key 0PURPLE-key
Enables LISP ITR functionality for the IPv4 address family.ip lisp itr
Example:
switch(config)# ip lisp itr
Step 8
Enables LISP ETR functionality for the IPv4 address family.ip lisp etr
Example:
switch(config)# ip lisp etr
Step 9
Configures a locator address for the LISPmap resolver to whichthis switch will send map request messages for IPv6EID-to-RLOC mapping resolutions.
The locator address of the map resolver may be anIPv4 or IPv6 address. In this example, because eachxTR has only IPv4 RLOC connectivity, themap-resolver is reachable using its IPv4 locatoraddresses.
Note
Up to twomap resolvers may be configured if multiplemap resolvers are available.
Note
Configures a locator address for the LISP map-server and anauthentication key that this switch, acting as an IPv6 LISP ETR,will use to register to the LISP mapping system.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide78 OL-25808-03
LISP Instance-ID SupportConfiguring Simple LISP Parallel Model Virtualization
PurposeCommand or Action
Example:
switch(config)# ipv6 lisp etr
Themap-server must be configured with EID prefixesand instance IDs matching those configured on thisETR and with an identical authentication key.
Note
The locator address of the map-server may be an IPv4or IPv6 address. In this example, because each xTRhas only IPv4 RLOC connectivity, the map-server isreachable using its IPv4 locator addresses.
Notemap-server 10.0.2.2 key 0PURPLE-key
Enables LISP ITR functionality for the IPv6 address family.ipv6 itr
Example:
switch(config)# ipv6 itr
Step 12
Enables LISP ETR functionality for the IPv6 address family.ipv6 etr
Example:
switch(config)# ipv6 etr
Step 13
Configures a default route to the upstream next hop for all IPv4destinations.
ip route vrf rloc-vrf-nameipv4-prefix next-hop
Step 14
Example:
switch(config)# ip route vrfBLUE 0.0.0.0 0.0.0.0 10.0.0.1
All IPv4 EID-sourced packets destined to both LISP andnon-LISP sites are forwarded in one of two ways:
• LISP-encapsulated to a LISP site when traffic isLISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
Packets are deemed to be a candidate for LISP encapsulationwhen they are sourced from a LISP EID and the destinationmatches one of the following entries:
• a current map-cache entry
• a default route with a legitimate next-hop
• a static route to Null0
• no route at all
In this configuration example, because the xTR has IPv4 RLOCconnectivity, a default route to the upstream SP is used for allIPv4 packets to support LISP processing.
Configures a default route to the upstream next hop for all IPv6destinations, reachable within the specified RLOC VRF.
ipv6 route vrf rloc-vrf-nameipv6-prefix next-hop
Step 15
Example:
switch(config)# ipv6 route vrfBLUE ::/0 Null0
All IPv6 EID-sourced packets destined for both LISP andnon-LISP sites require LISP support for forwarding in thefollowing two ways:
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 79
LISP Instance-ID SupportConfiguring Simple LISP Parallel Model Virtualization
PurposeCommand or Action
• LISP-encapsulated to a LISP site when traffic isLISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
Packets are deemed to be a candidate for LISP encapsulationwhen they are sourced from a LISP EID and the destinationmatches one of the following entries:
• a current map-cache entry
• a default route with a legitimate next-hop
• a static route to Null0
• no route at all
In this configuration example, because the xTR has only IPv4RLOC connectivity, adding an IPv6 default route to Null0ensures that all IPv6 packets are handled by LISP processing.If the destination is another LISP site, packets areLISP-encapsulated (using IPv4 RLOCs) to the remote site. Ifthe destination is non-LISP, all IPv6 EIDs areLISP-encapsulated to a Proxy ETR (PETR) –assuming one isconfigured.
The use of the static route to Null0 is not required, butis considered a LISP best practice.
Note
Shows the LISP configuration on the switch.(Optional) show running-configlisp
Step 16
Example:
switch(config)# showrunning-config lisp
The show ip lisp and show ipv6 lisp commands verify theoperational status of LISP as configured on the switch, asapplicable to the IPv4 and IPv6 address families, respectively.
(Optional) show [ip | ipv6] lisp
Example:
switch(config)# show ip lispvrf TRANS
Step 17
The show ip lisp map-cache and show ipv6 lisp map-cachecommands verify the operational status of the map cache on a
(Optional) show [ip | ipv6] lispmap-cache [vrf vrf-name]
Step 18
switch configured as an ITR or Proxy ETR (PETR), asapplicable to the IPv4 and IPv6 address families, respectively.Example:
switch(config)# show ip lispmap-cache
The show ip lisp database and show ipv6 lisp databasecommands verify the operational status of the databasemapping
(Optional) show [ip | ipv6] lispdatabase [ vrf vrf-name]
Step 19
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide80 OL-25808-03
LISP Instance-ID SupportConfiguring Simple LISP Parallel Model Virtualization
PurposeCommand or Action
on a switch configured as an ETR, as applicable to the IPv4and IPv6 address families, respectively.Example:
The following example shows IPv6mapping database information forthe VRF named GOLD.
switch(config)# show ipv6 lispdatabase vrf GOLD
The show lisp site command verifies the operational status ofLISP sites, as configured on a map server. This command onlyapplies to a switch configured as a map server.
(Optional) show lisp site [namesite-name]
Example:
switch(config)# show lisp site
Step 20
The clear ip lisp map-cache and clear ipv6 lisp map-cachecommands remove all IPv4 or IPv6 dynamic LISP map-cache
clear [ip | ipv6] lisp map-cache[vrf vrf-name]
Step 21
entries stored by the switch. This verifies the operational statusExample:
switch(config)# show ip lisp
of the LISP control plane. This command applies to a LISPswitch that maintains a map cache (for example, if configuredas an ITR or PITR).
map-cache vrf vrf1The commands in the example display IPv4 mapping cacheinformation for vrf1, and clear the mapping cache for vrf1 andshow information after clearing the cache.
switch(config)# clear ip lispmap-cache vrf vrf1
Configuring a Private LISP Mapping System for LISP Parallel ModelVirtualization
Perform this task to configure and enable standalone LISP map server/map resolver functionality for LISPparallel model virtualization. In this task, a Cisco switch is configured as a standalone map resolver/mapserver (MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a stand-aloneswitch, it has no need for LISP alternate logical topology (ALT) connectivity. All relevant LISP sites mustbe configured to register with this map server so that this map server has full knowledge of all registered EIDprefixes within the (assumed) private LISP system.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 81
LISP Instance-ID SupportConfiguring a Private LISP Mapping System for LISP Parallel Model Virtualization
•Mapping system:
Figure 18: Simple LISP Site with One IPv4 RLOC and One IPv4 EID
• Onemap resolver/map server (MS/MR) system is shown in the figure above and assumed availablefor the LISP xTR to register to within the proper parallel RLOC space. The MS/MR has an IPv4RLOC address of 10.0.2.2, within each VLAN/VRF (Green and Blue) providing parallel modelRLOX separation in the IPv4 core.
• The map server site configurations are virtualized using LISP instance IDs to maintain separationbetween the two VRFs, PURPLE and GOLD.
Repeat this task for all lisp instantiations and RLOC VRFs.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 1
Specifies a LISP site named Purple and enters LISP siteconfiguration mode.
lisp site site-name
Example:
Switch(config)# lisp site PURPLE
Step 2
• In this example, the LISP site named Purple isconfigured.
Configures the password used to create the SHA-2HMAC hash for authenticating the map register
authentication-key [key-type]authentication-key
Step 3
messages sent by an ETR when registering to the mapserver.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide82 OL-25808-03
LISP Instance-ID SupportConfiguring a Private LISP Mapping System for LISP Parallel Model Virtualization
The ETRmust be configuredwith EID prefixesand instance IDs matching the one(s)configured on this map server, as well as anidentical authentication key.
Note
Configures an EID prefix and instance ID that areallowed in a map register message sent by an ETRwhen
eid-prefix EID-prefix instance-idinstance-id
Step 4
registering to this map server. Repeat this step asExample:
Switch(config-lisp-site)#
necessary to configure additional IPv4 EID prefixesunder this LISP site.
• In this example, the IPv4 EID prefix192.168.1.0/24 and instance ID 101 are associatedtogether.
eid-prefix 192.168.1.0/24instance-id 101
Configures an EID prefix and instance ID that areallowed in a map register message sent by an ETRwhen
eid-prefix EID-prefix instance-idinstance-id
Step 5
registering to this map server. Repeat this step asExample:
Switch(config-lisp-site)#
necessary to configure additional IPv6 EID prefixesunder this LISP site.
• In this example, the IPv6 EID prefix2001:db8:a:a::/64 and instance ID 101 areassociated together.
eid-prefix 2001:db8:a:b::/64instance-id 101
Exits LISP site configurationmode and returns to globalconfiguration mode.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 83
LISP Instance-ID SupportConfiguring a Private LISP Mapping System for LISP Parallel Model Virtualization
PurposeCommand or Action
Enables LISP map server functionality for EIDs in theIPv6 address family.
ipv6 lisp map-server
Example:
Switch(config)# ipv6 lispmap-server
Step 10
Configures a default route to the upstream next hop forall IPv4 destinations, reachable within the specifiedRLOC VRF.
ip route vrf rloc-vrf-name ipv4-prefixnext-hop
Example:
Switch(config)# ip route vrf BLUE0.0.0.0 0.0.0.0 10.0.2.1
Step 11
Verifies the LISP configuration on the switch.show running-config lisp
Example:
Switch(config)# show running-configlisp
Step 12
The show ip lisp and show ipv6 lisp commands areuseful for quickly verifying the operational status of
show [ip | ipv6] lisp
Example:
Switch(config)# show ip lisp vrfTRANS
Step 13
LISP as configured on the switch, as applicable to theIPv4 and IPv6 address families respectively.
The show ip lisp map-cache and show ipv6 lispmap-cache commands are useful for quickly verifying
show [ip | ipv6] lisp map-cache [vrfvrf-name]
Example:
Switch(config)# show ip lispmap-cache
Step 14
the operational status of the map cache on a switchconfigured as an ITR or PITR, as applicable to the IPv4and IPv6 address families respectively.
The show ip lisp database and show ipv6 lisp databasecommands are useful for quickly verifying the
show [ip | ipv6] lisp database [ vrfvrf-name]
Step 15
operational status of the database mapping on a switchExample: configured as an ETR, as applicable to the IPv4 and
IPv6 address families respectively.The following example shows IPv6mapping database information for theVRF named GOLD.
Switch(config)# show ipv6 lispdatabase vrf GOLD
The show lisp site command is useful for quicklyverifying the operational status of LISP sites, as
show lisp site [name site-name]
Example:
Switch(config)# show lisp site
Step 16
configured on a map server. This command only appliesto a switch configured as a map server.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide84 OL-25808-03
LISP Instance-ID SupportConfiguring a Private LISP Mapping System for LISP Parallel Model Virtualization
PurposeCommand or Action
The clear ip lisp map-cache and clear ipv6 lispmap-cache commands remove all IPv4 or IPv6 dynamic
clear [ip | ipv6] lisp map-cache [vrfvrf-name]
Example:
Step 17
LISP map-cache entries stored by the switch. This canbe useful for trying to quickly verify the operationalstatus of the LISP control plane. This command appliesThe following example displays IPv4
mapping cache information for vrf1, to a LISP switch that maintains a map cache (forexample, if configured as an ITR or PITR).shows the command used to clear the
mapping cache for vrf1, and displays theshow information after clearing the cache.
Switch(config)# show ip lispmap-cache vrf vrf1Switch(config)# clear ip lispmap-cache vrf vrf1
Configuration Examples for LISP Instance-ID Support
Example: Configuring Simple LISP Shared Model VirtualizationThese examples show the complete configuration for the LISP topology. On the xTRs, the VRFs and EIDprefixes are assumed to be attached to VLANs configured on the switches.
Example: Configuring Large-Scale LISP Shared Model Virtualization
Example:
The examples show the complete configuration for the HQ-RTR-1 and HQ-RTR-2 (xTR/MS/MR located atthe HQ site), and Site2-xTR LISP switches. Both HQ-RTR-1 and HQ-RTR-2 are provided to illustrate theproper method for configuring a LISP multihomed site.
This example shows how to configure HQ-RTR-1 with an xTR, a map server, and a map resolver.
feature lispinterface loopback 0
ip address 172.31.1.11/32interface ethernet2/1
ip address 172.16.1.6/30interface Ethernet 2/2
vrf member TRANSip address 10.1.1.1/24
interface Ethernet 2/3vrf member SOCip address 10.2.1.1/24
interface Ethernet 2/4vrf member FINip address 10.3.1.1/24
ip lisp itr
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 87
LISP Instance-ID SupportExample: Configuring a Private LISP Mapping System for LISP Shared Model Virtualization
Example: Configuring Simple LISP Parallel Model Virtualization
Example:
These examples show the complete configuration for the LISP topology. On the xTRs, the VRFs and EIDprefixes are assumed to be attached to VLANs configured on the switches.
This example shows how to configure the left xTR:
hostname Left-xTR!ipv6 unicast-routing
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide90 OL-25808-03
LISP Instance-ID SupportExample: Configuring Simple LISP Parallel Model Virtualization
Feature History for Configuring LISP Instance IDThis table lists the release history for this feature.
Table 7: Feature History for Configuring LISP Instance ID
Feature InformationReleasesFeature Name
This feature is introduced.6.2(2)Locator/ID Separation Protocol(LISP) Instance ID
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 93
LISP Instance-ID SupportFeature History for Configuring LISP Instance ID
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide94 OL-25808-03
LISP Instance-ID SupportFeature History for Configuring LISP Instance ID
C H A P T E R 6Configuring LISP Delegate Database Tree (DDT)
This chapter contains the following sections:
• LISP Delegate Database Tree (DDT), page 95
• Overview of DDT, page 95
• Restrictions for LISP Delegate Database Tree (DDT), page 95
• Configuring LISP Delegate Database Tree (DDT), page 96
• Configuration Examples for LISP Delegate Database Tree (DDT), page 97
LISP Delegate Database Tree (DDT)
Overview of DDTLISP Delegated Database Tree (DDT) defines a large-scale distributed database of LISP Endpoint Identifier(EID) space using a DDT node. A DDT node is configured to be authoritative for some specified portion ofan overall LISP EID space, as well as the set of more specific subprefixes that are delegated to other DDTnodes. It is also configured with the set of more-specific sub-prefixes that are further delegated to other DDTnodes. To delegate a sub-prefix, the “parent” DDT node is configured with the Routing Locators (RLOCs) ofeach child DDT node that is authoritative for the sub-prefix. Each RLOC either points to a map server(sometimes termed a “terminal DDT node”) to which an egress tunnel routers (ETRs) registers that sub-prefixor points to another.
Restrictions for LISP Delegate Database Tree (DDT)The following restriction applies to the LISP Delegate Database Tree (DDT) feature:
• If LISP is enabled, nondisruptive upgrade (ISSU) and nondisruptive downgrade (ISSD) paths are notsupported. Disable LISP prior to any upgrade. This restriction only applies to releases before 6.2(2) butnot to this release or to future LISP releases.
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 95
Configuring LISP Delegate Database Tree (DDT)Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 1
Configures a switch to perform LISP DDTfunctionality.
lisp ddt
Example:
Switch(config)# lisp ddt
Step 2
Configures an IPv4 or IPv6 locator for a DDT rootnode within the delegation hierarchy on aDDT-enabled map resolver.
lisp ddt root root-locator [public-keynumber]
Example:
Switch(config)# lisp ddt root10.1.1.1
Step 3
• In this example, a DDT-enabled map resolveris configured to refer to the DDT root nodelocator: 2001:db8:1::1111.
Configures a DDT-enabled map server, the locatorand EID prefix (and/or instance ID) for a map serverpeer within the LISP DDT delegation hierarchy.
• In this example, the LISP DDT node isconfigured to be authoritative for the IPv4EID-prefix 172.16.0.0/16
authoritative-prefix eid-prefix172.16.0.0/16
Exits global configuration mode and returns toprivileged EXEC mode.
exit
Example:
Switch(config)# exit
Step 6
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide96 OL-25808-03
Configuring LISP Delegate Database Tree (DDT)Configuring LISP Delegate Database Tree (DDT)
PurposeCommand or Action
Displays the configured DDT root(s) and/or DDTdelegation nodes on a switch enabled for LISP DDT.
show lisp ddt vrf vrf-name
Example:Switch# show lisp ddt vrf vrf-1
Step 7
When vrf vrf-nameis specified, information for VRFis displayed.
Displays the map-resolver's map-request queue. Ifeid-address is specified, then only the queue elementfor an EID being map-requested is displayed
show lisp ddt queue [eid-address |instance-id iid {eid-address} | vrfvrf-name]
Example:Switch# show lisp ddt queue 10.1.1.1
Step 8
Displays the DDT referral cache stored inmap-resolvers. When the eid-address variable is
show lisp ddt referral-cache [eid-address| instance-id iid {eid-address} |
Step 9
specified each cache entry that is less specific thanthe eid-address variable will be displayed.
cache-entries {vrf vrf-name} | vrfvrf-name]
Example:Switch# show lisp ddt referral-cache10.1.1.1
endStep 10
Example:
Switch# end
Configuration Examples for LISP Delegate Database Tree (DDT)
Examples: LISP Delegate Database Tree (DDT)The following is an example of parent and child DDT nodes, where the parent has all of 10.0.0.0/8 anddelegates two sub-prefixes, 10.0.0.0/12 and 10.0.16.0/12 to two child DDT nodes. All of these prefixes arewithin the DDT sub-tree Key-ID=0, IID=223, and AFI=1 (IPv4).
The following example defines the delegation of the EID-prefix 10.0.0.0/12 to a DDTMap Server with RLOC192.168.1.100 and delegation of the EID-prefix 10.16.0.0/12 to a DDTMap-Server with RLOC 192.168.1.200.The child DDT Map-Server for 10.16.0.0/12 is further configured to allow ETRs to register the sub-prefixes10.18.0.0/16 and 10.17.0.0/16:Switch(config)# lisp ddt authoritative-prefix instance-id 223 eid-prefix 10.16.0.0/12Switch(config)# lisp site site-1Switch(config)# eid-prefix 10.18.0.0/16 instance-id 223Switch(config)# lisp site site-2
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 97
Configuring LISP Delegate Database Tree (DDT)Configuration Examples for LISP Delegate Database Tree (DDT)
Table 8: Feature History for LISP Delegate Database Tree
Feature InformationReleasesFeature Name
This feature is introduced.6.2(2)Locator/ID Separation Protocol(LISP) Delegate Database Tree(DDT)
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide98 OL-25808-03
Configuring LISP Delegate Database Tree (DDT)Feature History for Delegate Database Tree
C H A P T E R 7Configuring LISP Multicast
This chapter contains the following sections:
• LISP Multicast, page 99
• Finding Feature Information, page 100
• Restrictions for LISP Multicast, page 100
• Configuration Example for LISP Multicast, page 103
LISP MulticastThis chapter describes how to configure the Multicast functionality in Locator/ID Separation Protocol (LISP)architecture where the Multicast source and Multicast receivers can reside in separate LISP sites.
LISP introduced a mapping function from a site's Endpoint ID (EID) prefix to its associated Routing Locator(RLOC). Unicast packets require the mapping of both the source and destination address. Multicast onlyrequires the source address to be mapped as the destination group address is not topology-dependent.
The implementation of Multicast LISP includes the following features:
• Building the multicast distribution tree across LISP sites.
• Forwarding multicast data packets from sources to receivers across LISP sites.
• Supporting different service models, including ASM (Any SourceMulticast), and SSM (Source SpecificMulticast).
• Supporting different combinations of LISP and non-LISP capable source and receiver sites.
When the Multicast LISP feature is enabled, a new tunnel interface type called GLT (Generic Lisp Tunnel)is created. The GLT is supported by Oracle Identity Manager APIs and only one GLT per Virtual DeviceContext (VDC) is created.
The LISP Multicast feature is not supported on the F3 series module.Attention
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide OL-25808-03 99
Finding Feature InformationYour software release may not support all the features documented in this module. For the latest caveats andfeature information, see Bug Search Tool and the release notes for your platform and software release. Tofind information about the features documented in this module, and to see a list of the releases in which eachfeature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for LISP MulticastThe following restrictions apply to the LISP Multicast feature:
• Only IPv4 Multicast LISP is supported over the Unicast core.
• Only Any Source Multicast (ASM) and Single Source Multicast (SSM) modes are supported.
• Only static Rendezvous Point (RP) is supported.
Configuring LISP MulticastPerform this task to configure a device to support Locator/ID Separation Protocol (LISP)Multicast functionality.
In this task, a LISP site an edge router configured as an xTR (performs as both an ITR and an ETR) andincludes a single IPv4 connection to an upstream provider. Both the RLOC and the EID are IPv4. Additionally,this LISP site registers to one map resolver/map server (MR/MS) device in the network core.
•Mapping system:
• One map resolver/map server (MR/MS) system is assumed to be available for the LISP xTR toconfigure. The MR/MS have IPv4 RLOC 11.0.0.2.
• Mapping services are assumed to be provided as part of this LISP solution via a private mappingsystem or as a public LISP mapping system. From the perspective of the configuration of theseLISP site xTRs, there is no difference.
The steps in this task enable and configure LISP Multicast ITR and ETR (xTR) functionality when using aLISP map server and map resolver for mapping services.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Device# configure terminal
Step 1
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide100 OL-25808-03
Configuring LISP MulticastFinding Feature Information
Device(config-vrf)# ip lisp itrmap-resolver 10.0.0.2
(PITR) when sending Map-Requests for IPv4EID-to-RLOC mapping resolution.
Up to two map resolvers may be configuredif multiple map resolvers are available. (Seethe LISP Command Reference for moredetails.)
Note
Configures the IPv4 locator address of the Locator/IDSeparation Protocol (LISP) Map-Server to be used
ip lisp etrmap-servermap-server-addresskey key-type authentication-key
Step 10
by the egress tunnel router (ETR) when registeringfor IPv4 EIDs.Example:
Device(config-vrf)# ip lisp etr Up to two map servers may be configuredif multiple map servers are available. (Seethe LISP Command Reference for moredetails.)
Notemap-server 10.0.0.2 key 35b0f2bd760fe4ce3
Configures the device to support Locator/IDSeparation Protocol (LISP) Multicast functionality.
ip lisp multicast
Example:
Device(config-vrf)# ip lispmulticast
Step 11
Exits vrf configuration mode.exit
Example:
Device(config-vrf)# exit
Step 12
(Optional) Displays information about the LISPmulticast encapsulation for the IPv4 multicast routes.
show ipmroutedetail
Example:
Device# show ip mroute detail
Step 13
(Optional) Displays information about the LISPencapsulation indices stored by PIM.
show ippimlisp encap
Example:
Router# show ip pim lisp encap
Step 14
(Optional) Displays information about the multicastForwarding Information Base (FIB) distributionroutes.
show forwardingdistributionmulticastroute group-addr
Example:
Router# show forwarding distributionmulticast route group 226.1.1.1
Step 15
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide102 OL-25808-03
Example: Configuring LISP MulticastThe following example shows how to configure Locator/ID Separation Protocol (LISP) Multicast on eitherthe Egress Tunnel Router (ETR) or the Ingress Tunnel Router (ITR):
LISP parallel model virtualization 53LISP parallel model virtualization architecture 54LISP parallel model virtualization implementationconsiderations and caveats 54LISP shared model virtualization 51LISP shared model virtualization architecture 51LISP shared model virtualization implementationconsiderations and caveats 53LISP virtualization at the device level 50overview of LISP instance ID 47path level virtualization 49prerequisites 48private LISP mapping system for LISP parallel model
virtualization 81, 92configuring 81example 92mapping system 81
private LISP mapping system for LISP shared modelvirtualization 62, 87
configuring 62example 87
remote site for large-scale LISP shared modelvirtualization 71, 89