Home > LISP Tutorial

LISP Tutorial

in ENCOR Knowledge Go to comments

In the Internet nowadays, the IPv4 or IPv6 address of a device represents both its identity and location. When a host moves from one location to another location, it is assigned a different IPv4 or IPv6 address, which overloads the location/identity semantic. We can say routing in the Internet today is like putting direction signs about every city in the world at every crossing.

Locator ID Separation Protocol (LISP) solves this issue by separating the location and identity of a device through the Routing locator (RLOC) and Endpoint identifier (EID):

+ Endpoint identifiers (EIDs) – assigned to end hosts.
+ Routing locators (RLOCs) – assigned to devices (primarily routers) that make up the global routing system.

With LISP, the change in location of a device does not result in a change in its identity. In other words, when the device moves from one location to another, it still keeps its IPv4 or IPv6 address, which is the EID part. Only the RLOC (which represents the IP address of the connected router) changes. In order to do so, LISP provides the distributed architecture EID-to-RLOC mapping that maps EIDs to RLOCs.

LISP_Traditional_IP_address.jpg

Splitting ID and RLOC functions yields several advantages including improved routing system scalability, and improved multihoming efficiency and ingress traffic engineering.

LISP traffic flow example

Let’s see an example of how PC1 sends traffic to PC2 in a LISP-capable environment to understand more about LISP.

Basic_LISP_Topology.jpg

1. PC1 wants to send traffic to PC2. PC1 sends packets to its default gateway R1. Notice that PC1 does not know anything about LISP.
2. R1 has not had information about EID 5.5.5.5 in its Map cache so it queries R3, which is a LISP MS/MR (will be explained later).
3. R3 replies the RLOC of EID 5.5.5.5 to R1. R1 will store this mapping in its Map cache for later use.
4. R1 forwards packets to this RLOC, which is R2.
5. R2 removes RLOC information, and forwards packets to the destination. Notice that PC2 does not know anything about LISP.

In the example above, R1 works as an Ingress Tunnel Router (requesting LISP information) while R2 works as an Egress Tunnel Router (registering LISP information).

Ingress Tunnel Router (ITR) is the device (or function) that is responsible for finding EID-to-RLOC mappings for all traffic destined for LISP-capable sites. After the encapsulation, the original packet become a LISP packet.

Egress Tunnel Router (ETR) is the device (or function) that connects a site to the LISP-capable part of a core network (such as the Internet), publishes EID-to-RLOC mappings for the site, responds to Map-Request messages, and decapsulates and delivers LISP-encapsulated user data to end systems at the site. During operation, an ETR sends periodic Map-Register messages to all its configured map servers.

Do you remember in the above figure, R3 already learned EID 5.5.5.5 in RLOC 20.20.20.1. But how did it know? Well, when R2 was configured with the mapping, it sent a “Map Register” message to R3 to inform about it.

LISP_Map_Register_Map_Notify.jpg

R3 worked as a Map Server (MS) and used this information to populate its EID to RLOC mapping table and replied back with a “Map Notify” message to confirm it received the registration.

And when R1 asks information to reach R2, R3 works as a Map-resolver (MR) to receive and process the EID-to-RLOC mapping lookup queries and provides the mappings to requester.

LISP_Map_Request.jpg

MS & MR functions are often included in a single device, which is referred to as an MR/MS device.

If MS and MR are two separate devices, MR is responsible to forward the Map-Request messages to the correct MS.

ITR and ETR are often included in a single device and it is called a xTR device. xTR is usually implemented in a LISP site’s customer premises equipment (CPE) router.

So now let’s see the topology above again with all the LISP devices:

LISP_Topology_ETR_ITR.jpg

 

So far we have established communication between LISP sites registered in the mapping system. But how can we interoperate between LISP regions and non-LISP regions as sites are not capable of running LISP in one day? This is where Proxy Ingress Tunnel Router and Proxy Egress Tunnel Router come into play.

Proxy Ingress Tunnel Router (PITR): A LISP device that receives packets from non-LISP sites and encapsulates the packets to LISP sites.

PITRs perform two primary functions:
+ Originating EID advertisements: PITRs advertise highly aggregated EID-prefix space on behalf of LISP sites to the non-LISP sites so that non-LISP sites can reach them.
+ Encapsulating legacy Internet traffic: PITRs encapsulate non-LISP Internet traffic into LISP packets and route them toward their destination RLOCs.

Proxy Egress Tunnel Router (PETR): A LISP device that de-encapsulates packets from LISP sites to deliver them to non-LISP sites.

PETRs are useful in the following cases:
+ Avoiding strict uRPF failures: Some providers’ access networks require the source of a packet to be within the address scope of the access networks. PETRs allow for LISP sites to send packets to non-LISP sites in cases where the access network does not allow for the LISP site to send packets with the source address of the site’s EIDs.
+ Traversing a different IP protocol: The transit path network between LISP sites and non-LISP sites may not be IPv4 or IPv6 enabled. LISP support for mixed protocol encapsulation allows PETRs to hop over such networks in order to route the traffic between the LISP and non-LISP sites.

LISP_PxTR.jpgLike ITR and ETR, PITR and PETR are usually included in one device, which is called PxTR.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/15-mt/irl-15-mt-book/irl-overview.pdf

and https://www.ciscopress.com/articles/article.asp?p=2992605

Comments
  1. Highdef
    November 5th, 2020

    Excellent work here to explain this – thanks !

  2. HAKIM
    November 12th, 2020

    NICE EXPLAIN THANKS

  3. McRae
    November 26th, 2020

    Nice explanation!! Thanks ;)

  4. Anonymous
    December 31st, 2020

    This is the Best lisp overview I have seen

  5. Anonymous
    February 13th, 2021

    Excelente explicação! Obrigado por compartilhar!

  6. bella
    February 20th, 2021

    @george thankyou for providing this helpful link

  7. Bail
    March 9th, 2021

    Hi, can anybody please advise me on a list of images I should use in gns3 when preparing for the Encor exam Thanks.

  8. TACACS
    June 15th, 2021

    you can treining with o EVE is much better GNS

  9. Noly
    June 16th, 2021

    Really cool explanation n very well understood.

  10. Anonymous
    September 4th, 2021

    awesome staff guys.

  11. Ogbwefi Udo
    September 14th, 2021

    Pretty great explanation. I am reading and understanding more from this site than the official press books. congratulations for work well done.

  12. Jay-Dizal
    September 15th, 2021

    Passed today. All I did was study Digitaltut. I was using a VCE dump but the answers wrong when compared to this site. 95 percent of the questions came from this site. I advise anyone studying for the cert to buy the Premium membership it really helped. I studied the for about two months. Good luck everyone.

  13. mfn
    November 13th, 2021

    Guys, what about ENSLD 300-420 resources?, where can I find it?

  14. TheBaj
    November 23rd, 2021

    How to get premium membership to have correct dumps for exams?

  15. mchezo
    February 1st, 2022

    HI, please some one could help me with dumps for encore 350 401

  16. Ciryl
    February 16th, 2022

    @mchezo : 17$ and you get access to DIGITAL Premium. You can practice the dump and all valide questions (updated all time) for one -1- Month

  17. CCNP Renewel
    March 19th, 2022

    Explained very simply to the point.Better than Cisco Book.Kudos to Digitaltut

  18. Black C
    April 22nd, 2022

    Really good work explaining LISP! Really good content for the premium users.

  19. Sid
    October 25th, 2022

    Finally, an explanation that someone can get!
    Thanks @Digitaltut, never seen this topic summarized so perfectly :)

  20. Emerald
    March 18th, 2023

    Hi

    The data flow is incorrect, by default a MS does NOT reply direct to an ITR map-request.
    The MS looks up the ETR that registered the EID address space and forwards the map-request to that ETR. The ETR then replies direct to the requesting ITR which confirms that routing between the ITR and ETR is valid.

    Reference: https://www.ciscopress.com/articles/article.asp?p=2992605

    ” Based on the request, the MR forwards the map request to the map server (MS). The MS redirects the packet to the ETR, which has the information about the host prefix/subnet. One important thing to notice in this map request/map reply is that the map request comes toward the mapping system, but the mapping system does not send the reply. The ETR sends the map reply directly to the ITR that raised the map request. This significantly reduces the load on the MR/MS and at the same time helps validate the path between the ETR and the ITR. The map reply contain the mapping entries of the ETRs that hold the destination EIDs.”

  21. Gils
    March 28th, 2023

    Well Explained. Thanks!

  22. Anonymous
    July 12th, 2023

    Hola maje buena esa mafriend.

  23. Net_Lover
    July 12th, 2023

    @Gils,

    You’re right. The MS/MR R3 router will send a MAP-Request (Forward) message to R2 (ETR) if No Proxy-Reply is configured on R3. From there R2 will reply with a MAP-REPLY to R1 (ITR).

  24. Rambo
    September 28th, 2023

    Where can I find material for CompTIA CYSA+ 003 Exam? Thanks so much for your help.

  25. Avenue 17
    April 25th, 2024

    What phrase…

  1. No trackbacks yet.