Skip to main content

LISP Vlan Extension using host mobility across DC's 

LISP protocol feature set is used for multiple/various applications within inter-DC communication. The most commonly used feature set is to use it for Vlan/subnet extension across DC's over remote sites. It works solely based on user-demand. Meaning unless there is no traffic, the control plane would remain idle, unless we give few parameters to make the control plane query the subnets individually.





Topology :



   CSR_16.12.2S                               CSR_16.12.2S_CORE                         CSR_16.12.2S_2

   +-------+                                  +-------+                                 +-------+
   |       |G3         +-------+            G2|       |G3          +-------+          G2|       |
   |       +-----------+  P2   +--------------+       +------------+  P3   +------------+       |
   |       |           +-------+              |       |            +-------+            |       |
   +-------+                                  +-------+                                 +-------+
       |G2                                                                                  |G3
       |                                                                                    |
       |                                                                                +---+---+
   +---+---+                                                                            |  P4   |
   |  P1   |                                                                            +---+---+
   +---+---+                                                                                |
       |                                                                                    |
       |                                                                                    |
       |                                                                                    |
   +---+---+                                                                            +---+---+
   |       |                                                                            |       |
   | .43   |                                                                            |  .210 |
   |       |                                                                            |       |
   +-------+                                                                            +-------+
Ubuntu VM 1                                                                         Ubuntu VM Cu On-Prem 1







The above is a simple example of getting the two VM's across the CORE to communicate. The configuration is pretty basic and this is an example of running LISP over IPSec Route-Based VPN. You can find the relevant configurations from either CSR edges below :




CSR_16.12.2S(config)#do sh run
Building configuration...

Current configuration : 5445 bytes
!
! Last configuration change at 13:07:18 UTC Tue May 26 2020 by cisco
!


<snip>


hostname CSR_16.12.2S
!
boot-start-marker
boot-end-marker
!
!
vrf definition APP
 !
 address-family ipv4
 exit-address-family


<snip>


!
crypto isakmp policy 1
 encryption 3des
 hash sha256
 authentication pre-share
 group 5
crypto isakmp key cisco address 192.168.3.2    
!
!
crypto ipsec transform-set T1 esp-aes 256 esp-sha-hmac 
 mode tunnel
!
crypto ipsec profile P1
 set transform-set T1 
!


<snip>


interface Loopback0
 ip address 192.168.224.1 255.255.255.255
!
interface Tunnel0
 ip address 192.168.226.1 255.255.255.252
 tunnel source GigabitEthernet3
 tunnel mode ipsec ipv4
 tunnel destination 192.168.3.2
 tunnel path-mtu-discovery
 tunnel protection ipsec profile P1
 crypto ipsec df-bit clear
!
interface LISP0
!
interface LISP0.1
!


<snip>


interface GigabitEthernet2
 vrf forwarding APP
 ip address 192.168.1.201 255.255.255.0
 load-interval 30
 negotiation auto
 lisp mobility 192_168_1_0
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 ip address 172.31.6.125 255.255.255.224
 negotiation auto
 no mop enabled
 no mop sysid
!
router lisp
 locator-set Launch
  192.168.224.1 priority 1 weight 100
  exit-locator-set
 !
 service ipv4
  itr map-resolver 192.168.224.1
  itr
  etr map-server 192.168.224.1 key cisco
  etr
  use-petr 192.168.225.1
  map-server
  map-resolver
  exit-service-ipv4
 !
 instance-id 1
  dynamic-eid 192_168_1_0
   database-mapping 192.168.1.0/24 locator-set Launch
   exit-dynamic-eid
  !
  service ipv4
   eid-table vrf APP
   exit-service-ipv4
  !
  exit-instance-id
 !
 site Launch
  authentication-key cisco
  eid-record instance-id 1 192.168.1.0/24 accept-more-specifics
  exit-site
 !
 exit-router-lisp
!
router ospf 1
 passive-interface Loopback0
 network 192.168.224.1 0.0.0.0 area 0
 network 192.168.226.0 0.0.0.3 area 0
!
<snip>
!
ip route 0.0.0.0 0.0.0.0 172.31.6.126
ip route vrf APP 0.0.0.0 0.0.0.0 192.168.1.4 <<<< This default route presence is what triggers the LISP map register message towards the MSMR for any locally discovered EID


!


end




CSR_16.12.2S_2(config)#do sh run
Building configuration...

Current configuration : 5217 bytes
!
! Last configuration change at 12:55:42 UTC Tue May 26 2020
!


<snip>


hostname CSR_16.12.2S_2
!
boot-start-marker
boot-end-marker
!
!
vrf definition APP
 !
 address-family ipv4
 exit-address-family


<snip>


!
crypto isakmp policy 1
 encryption 3des
 hash sha256
 authentication pre-share
 group 5
crypto isakmp key cisco address 172.31.6.125   
!
!
crypto ipsec transform-set T1 esp-aes 256 esp-sha-hmac 
 mode tunnel
!
crypto ipsec profile P1
 set transform-set T1 
!


interface Loopback0
 ip address 192.168.225.1 255.255.255.255
!
interface Tunnel0
 ip address 192.168.226.2 255.255.255.252
 tunnel source GigabitEthernet2
 tunnel mode ipsec ipv4
 tunnel destination 172.31.6.125
 tunnel path-mtu-discovery
 tunnel protection ipsec profile P1
 crypto ipsec df-bit clear
!
interface LISP0
!
interface LISP0.1
!


<snip>


interface GigabitEthernet2
 ip address 192.168.3.2 255.255.255.0
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 vrf forwarding APP
 ip address 192.168.1.200 255.255.255.0
 negotiation auto
 lisp mobility 192_168_1_0
 no mop enabled
 no mop sysid
!
router lisp
 locator-set On-Prem
  192.168.225.1 priority 1 weight 100
  exit-locator-set
 !
 service ipv4
  itr map-resolver 192.168.224.1
  etr map-server 192.168.224.1 key cisco
  etr
  proxy-etr
  proxy-itr 192.168.225.1
  exit-service-ipv4
 !
 instance-id 1
  dynamic-eid 192_168_1_0
   database-mapping 192.168.1.0/24 locator-set On-Prem
   exit-dynamic-eid
  !
  service ipv4
   eid-table vrf APP
   exit-service-ipv4
  !
  exit-instance-id
 !
 exit-router-lisp
!
router ospf 1
 passive-interface Loopback0
 network 192.168.225.1 0.0.0.0 area 0
 network 192.168.226.0 0.0.0.3 area 0
!
<snip>
!
ip route 0.0.0.0 0.0.0.0 192.168.3.1
ip route vrf APP 0.0.0.0 0.0.0.0 192.168.1.4


!


end






You can see the following outputs when the pings are initiated from either end :


CSR_16.12.2S(config)#do sh lisp instance-id 1 ipv4 map-cache

LISP IPv4 Mapping Cache for EID-table vrf APP (IID 1), 3 entries



0.0.0.0/0, uptime: 00:01:30, expires: never, via static-send-map-request

  Negative cache entry, action: send-map-request

192.168.1.0/24, uptime: 00:06:59, expires: never, via dynamic-EID, send-map-request

  Negative cache entry, action: send-map-request

192.168.1.210/32, uptime: 00:00:16, expires: 23:59:43, via map-reply, complete

  Locator        Uptime    State      Pri/Wgt     Encap-IID

  192.168.225.1  00:00:16  up           1/100       -




### 192.168.1.210/32 is the EID which is remotely learnt and is seen as part of the map-cache


CSR_16.12.2S(config)#do sh lisp instance-id 1 ipv4 database

LISP ETR IPv4 Mapping Database for EID-table vrf APP (IID 1), LSBs: 0x1

Entries total 1, no-route 0, inactive 0



192.168.1.43/32, dynamic-eid 192_168_1_0, inherited from default locator-set Launch

  Locator        Pri/Wgt  Source     State

  192.168.224.1    1/100  cfg-addr   site-self, reachable




### 192.168.1.43/32 is the EID which is locally discovered and is seen as part of the local database



CSR_16.12.2S_2(config)#do sh lisp instance-id 1 ipv4 map-cache

LISP IPv4 Mapping Cache for EID-table vrf APP (IID 1), 2 entries



192.168.1.0/24, uptime: 00:05:17, expires: never, via dynamic-EID, send-map-request

  Negative cache entry, action: send-map-request

192.168.1.43/32, uptime: 00:00:07, expires: 23:59:53, via map-reply, complete

  Locator        Uptime    State      Pri/Wgt     Encap-IID

  192.168.224.1  00:00:07  up           1/100       -



### 192.168.1.43/32 is the EID which is remotely learnt and is seen as part of the map-cache


CSR_16.12.2S_2(config)#do sh lisp instance-id 1 ipv4 database

LISP ETR IPv4 Mapping Database for EID-table vrf APP (IID 1), LSBs: 0x1

Entries total 1, no-route 0, inactive 0



192.168.1.210/32, dynamic-eid 192_168_1_0, inherited from default locator-set On-Prem

  Locator        Pri/Wgt  Source     State

  192.168.225.1    1/100  cfg-addr   site-self, reachable




### 192.168.1.210/32 is the EID which is locally discovered and is seen as part of the local database




In this example the CSR_16.12.2S node acts as an XTR/MSMR and the CSR_16.12.2S_2 acts as the PXTR in the LISP domain. 















Labels:































Comments











Post a Comment



















Popular posts from this blog













































  Best Home system Routers:   Welcome networking buddy's, this being my first blog.. I would be discussing on the best routing devices for home systems purposes.  Now, although other sites like life hacker mentioned "ASUS RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router" as the top model, considering it's features of dual band reception and modifiable antenna's. Other sites like pc- mag described "Linksys smart WiFi Router AC 1900" to be the best. But you know, all of us have specific requirements... Some need speed, others need accesibilty while some others need a budget model. Well, I come under the third category. For such requirements, such that the model would be affordable easily, I would prefer to go with "Western Digital My Net N 900". It is available in Amazon for a total price of only USD 67.24, which is quite under the level. Taking into consideration it's SEVEN port design excluding the WAN port, with parental support (which is




















1 comment









Read more






















































  Hurry up and get your 100Gb Cloud space on One drive completely free of cost (within 10 days from now) ...       We've all heard of 2Gb(DropBox) free space, even 15Gb(Google Drive) free space,..sometimes even 25Gb(DropBox Offer to Students); But 100Gb, this seems to be a joke, to meet reality. Well folks, it is true and live till 10 more days. So, go ahead and try it. Microsoft is running a new promo-event in which they’re offering up 100GB of cloud storage space on OneDrive absolutely free. Here’s everything you need to know.  You’ll first need to create an account with Microsoft if you haven’t done so already. From there, you’ll want to create an account with Bing Rewards soft’s loyalty program that rewards users for using its search engine.        Assuming you perform all of this before February 28, you should see the offer for your free 100GB of OneDrive storage in the Earn and Explore category on the Bing Rewards dashboard. To accept the reward, simply click the “Get my stor




















Post a Comment









Read more