Home > LISP Lab

LISP Lab

April 20th, 2020 in Basic Labs Go to comments

Expand the topology

Now let’s expand our topology to see how LISP works in a company by adding two routers R5 & R6 at two sites as shown below:

Basic_LISP_Topology_Expand.jpg

The configurations for R5, R6 and additional configurations for R1, R2, R3 are listed below:

R5
interface e0/0
ip address 192.168.15.5 255.255.255.0
no shut
int lo0
ip address 5.5.5.5 255.255.255.255
int lo1
ip address 55.55.55.55 255.255.255.255
router ospf 1
network 192.168.15.0 0.0.0.255 area 0
network 5.5.5.5 0.0.0.0 area 0
network 55.55.55.55 0.0.0.0 area 0
R6
interface e0/0
ip address 192.168.26.6 255.255.255.0
no shut
int lo0
ip address 6.6.6.6 255.255.255.255
int lo1
ip address 66.66.66.66 255.255.255.255
router ospf 1
network 192.168.26.0 0.0.0.255 area 0
network 6.6.6.6 0.0.0.0 area 0
network 66.66.66.66 0.0.0.0 area 0
R1 (additional config)
interface e0/1
ip address 192.168.15.1 255.255.255.0
no shut
router ospf 1
network 192.168.15.0 0.0.0.255 area 0
default-information originate always
router lisp
database-mapping 5.5.5.0/24 10.10.14.1 priority 1 weight 100
database-mapping 55.55.55.55/32 10.10.14.1 priority 1 weight 100
database-mapping 192.168.15.0/24 10.10.14.1 priority 1 weight 100
R2 (additional config)
interface e0/1
ip address 192.168.26.2 255.255.255.0
no shut
router ospf 1
network 192.168.26.0 0.0.0.255 area 0
default-information originate always
router lisp
database-mapping 6.6.6.0/24 10.10.24.2 priority 1 weight 100
database-mapping 66.66.66.66/32 10.10.24.2 priority 1 weight 100
database-mapping 192.168.26.0/24 10.10.24.2 priority 1 weight 100
R3 (additional config)
lisp site siteA
eid-prefix 5.5.5.0/24
eid-prefix 55.55.55.55/32
eid-prefix 192.168.15.0/24

lisp site siteB
eid-prefix 6.6.6.0/24
eid-prefix 66.66.66.66/32
eid-prefix 192.168.26.0/24

 

The configuration above is simple and the main point here is assigning different EIDs (5.5.5.0/24, 55.55.55.55/32, 192.168.15.0/24 on R1 and 6.6.6.0/24, 66.66.66.66/32, 192.168.26.0/24 on R2) to the same RLOCs (10.10.14.1 on R1 & 10.10.24.2 on R2). Therefore the communication destined to these EIDs will be sent to R1 & R2 where they are encapsulated into LISP packet before sending out to R4.

Please notice that we inject a default route to downstream OSPF routers so that they can send unknown traffic to R1 & R2. you

If configuring correctly, you can see all the configured EIDs on the MS/MR.

R3_expand_show_lisp_site.jpg

And ping from R5 to R6 is successful.

R5_ping_successful.jpg

Before ending this lab, we wish to show how traffic flows from R5 to R6 so we have a deeper understanding of LISP.

How traffic flows through LISP-enabled site

Suppose R5 (192.168.15.5) wants to talk to R6 (6.6.6.6). R5 may queries a DNS server to get the IP address of R6. R5 realizes the destination address does not belong to its local subnet so it forwards packets to its default gateway, which is R1, a LISP enabled device. R1 lookups its routing table (RIB). If the route matches one of the following condition:
– default route (0.0.0.0/0 or ::/0)
– no route
– a route with a Null0 next-hop
then proceed with LISP encap process, otherwise forward natively.

In this case, R1 does not find any matched route in its routing table (no route) so the packet is proceeded with LISP encapsulation process.
Next R1 checks if the source address (192.168.15.5) of the packet is within a local EID prefix (configured with the “database-mapping” or “map-cache” command). Because it matches so the packet is eligible for LISP encapsulation.

R1 continues checking the map-cache, trying to find a matching destination but at this moment only the default entry 0.0.0.0/0 is available so it has to send a Map Request message to the MR then it drops the packets (this is also the reason why one or two first ping failed).

R1_show_ip_lisp_map-cache.jpg

MR check its site database to see if any RLOC registered this EID. It finds siteB has the EID Prefix of 6.6.6.0/24 (should verify with the “show lisp site 6.6.6.6” command), with a RLOC of 10.10.24.2. With “no-proxy-reply” flag, MR must forward the Map Request to R2 with RLOC of 10.10.24.2.

R3_extend_show_ip_lisp_site_6.jpg

When R2 receives this message, it checks its database to see that it is responsible for this EID so it sends a Map Reply back to R1 with its own RLOC 10.10.24.2.

Basic_LISP_Map_Request_Map_Reply.jpg

R1 receives the Map Reply message and the destination EID has been added to the map-cache.

R1_expand_show_ip_lisp_map_cache.jpg

Now it has enough information to send packets to R2. R1 encapsulates the IP packet with LISP encapsulation and sends it to R2. R2 receives and decapsulates it then forward to R6.

This is the LISP packet forwarding flow chart, taking from the link below for your reference:

LISP_Packet_Forwarding_Flow_Chart.jpg

Good reference: http://lisp.cisco.com/docs/LISP-IOS_PacketForwarding.pd

Note: According to Cisco guide, there are two ways of configuring LISP:

“When configuring a device as a LISP ingress tunnel router (ITR) to resolve IPv4 EID-to-RLOC mappings for destination EIDs, you can configure the device to use one of the following two options:

– Send map requests to a map resolver—the ITR sends map requests in a LISP encapsulated control message (ECM) header with either an IPv4 or IPv6 map-resolver RLOC as its destination address (depending on the configuration). For this option, use the ipv4 itr map-resolver command instead of the ipv4 alt-vrf command.

– Send map requests directly over the LISP ALT using the VRF instance specified when configuring this command – the ITR sends map requests directly over the ALT (without the additional LISP ECM header). The destination of the map request is the EID being queried. For this option, use the ipv4 alt-vrf command.

When using the ALT, you must configure the correct address family (IPv4 or IPv6) for resolving EID-to-RLOC mappings. If an IPv4 EID mapping is required, configure the ipv4 alt-vrf command and specify a VRF that enables the IPv4 address-family and connects to an IPv4-capable ALT.”

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/command/ip-lisp-cr-book/lisp-rtr-ipv4-config-cmds.html

In this lab we used the first option without ipv4 alt-vrf, vrf definition and address-family ipv4 command. If you want to use this option then R3 should have these commands:

R3

vrf definition LISP_tut
rd 1:1
address-family ipv4
exit-address-family

ip lisp alt-vrf LISP_tut
//Remove command “ip lisp map-resolver”

On the MS/MR side, we first configure a VRF with RD of 1:1 or any value we want. The command “vrf definition …” has been used in IOS v15 to replace for the old “ip vrf” command. Also we need to specify LISP is used for IPv4, not IPv6 with the “address-family ipv4” command.

Comments
  1. Ant
    May 18th, 2020

    Thx 9tut!

  2. rob
    May 19th, 2020

    I followed the laboratory exactly. I can see the two registered sites from the MR / MS router (site a-b), but from router r1 I do not ping… I use gns3 with ios cisco7200 15.x with lisp support

  3. digitaltut
    May 31st, 2020

    @rob: We have just uploaded the final configs here: https://www.digitaltut.com/download/LISP_Basic_6_routers_config_final.zip so that you can verify.

  4. capitao_caverna
    July 31st, 2020

    this lab works with eve-ng?

  5. digitaltut
    August 1st, 2020

    @capitao_caverna: Yes, it does.

  6. truthseeker
    February 10th, 2021

    hi. how do I open the lab files uploaded here? Thanks!

  7. Dav
    March 22nd, 2021

    While setting up the same LISP lab via GNS3 with Cisco 7200 the configuration in R3 is slightly difference from the config listed.

    Following is the configuration for SiteA.

    R3 (MS/MR)
    Router(config)#router lisp
    Router(config-router-lisp)#ipv4 map-server
    Router(config-router-lisp)#ipv4 map-resolver
    Router(config-router-lisp)#site siteA
    Router(config-router-lisp-site)#eid-prefix 1.1.1.0/24
    Router(config-router-lisp-site)#authentication-key tut_siteA
    Router(config-router-lisp-site)#exit

    Router#sh lisp site
    LISP Site Registration Information

    Site Name Last Up Who Last Inst EID Prefix
    Register Registered ID
    siteA 00:00:47 yes 10.10.14.1 1.1.1.0/24

    From the LISP related config:
    The ip map-server and ip lisp map-resolver command is not available and is avilable under ipv4/6

    The site configuration also need to enter lisp configuration mode before configuring the site
    Same as for eid-prefix and authentication-key.

    Router(config-router-lisp)#ipv4 ?
    alt-vrf Activate LISP-ALT functionality in VRF
    etr Configures a LISP Egress Tunnel Router (ETR)
    itr Configures a LISP Ingress Tunnel Router (ITR)
    map-cache-limit Configures maximum size of map-cache
    map-cache-persistent Dump map-cache onto flash, making it persistent across
    reboots
    map-request-source Configures inner header source address in Map-Request
    message
    map-resolver Configures a LISP Map Resolver (MR)
    map-server Configures a LISP Map Server (MS)
    path-mtu-discovery Path MTU discovery
    proxy-etr Configures a LISP Proxy Engress Tunnel Router (PETR)
    proxy-itr Configures a LISP Proxy Ingress Tunnel Router (PITR)
    route-import Import RIB routes by a routing protocol into LISP
    solicit-map-request Configure Solicit-Map-Request handling
    use-petr Encapsulate to Proxy ETR when matching forward-native
    entry

  1. No trackbacks yet.