The document describes the configuration and verification of IP devices which moves across the data centre in Locator Identity Separation Protocol (LISP) enabled network without changing its IP address. In LISP environment this device is called Dynamic EID. LISP multihop mobility supports the subnet extended mode which allows different Data Centers(DC) to have same subnet which inturn allows VMs to keep their assigned IP address while migrating to another Data Center.
A first hop router ( FHR ) detects the presence of dynamic EID and informs the same to xTR side gateway via the EID(Endpoint Identifier) notify message. xTRs register the dynamic EID to map server and also perform LISP encapsulation and decapsulation function for traffic passing through LISP domain.
xTRs deployed in different data centers should be connected via the Data Centre Interconnect (DCI) technology like OTV. In Nexus, OTV multicast mode is supported.
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Configure
Network Diagram
Following image would be used as a sample topology for rest of the document:
xTR = A LISP router can be ITR or ETR depending on the traffic flow direction. If traffic is going out of the LISP router, it becomes ITR for that flow and the receiving end LISP router becomes ETR for that router.
ITR = Ingress Tunnel Router
ETR = Egress Tunnel Router
Map Resolver (MR) = A Map-Resolver is a LISP infrastructure device to which LISP site ITRs send LISP Map-Request queries when resolving EID-to-RLOC mappings.
Map Server (MS) = A Map-Server is a LISP infrastructure device to which LISP site ETRs register with their EID prefixes. The Map-Server advertises aggregates for the registered EID prefixes to the LISP mapping system. All LISP sites use the LISP mapping system to resolve EID-to-RLOC mappings
Endpoint Identifier (EID) addresses: EID addresses consist of the IP addresses and prefixes identifying the endpoints. EID reachability across LISP sites is achieved by resolving EID-to-RLOC mappings.
Route Locator (RLOC) addresses: RLOC addresses consist of the IP addresses and prefixes identifying the different routers in the IP network. Reachability within the RLOC space is achieved by traditional routingmethods.
SMR: Solicit-map-request; control plane message used to tell remote xTRs to update the mappings they have cached.
ASM: Across subnet mode; allows for EID mobility between LISP sites without a Layer 2 extension in place.
Map-Notify: LISP message used by an xTR that has detected an EID to update the other xTRs in the same LISP site about that discovery. It also used by the map-server to confirm that a map-register has been received and processed.
Map-Register : LISP message used by an xTR to register an EID with the map-server.
In the example discussed in this article, traffic is continously flowing from VM (172.16.54.200) to Site-3 (172.16.20.1).
Configurations
West-DC
First Hop Router (FHR-1)
!
feature lisp
!
ip lisp etr
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.1.1.1 priority 10 weight 50
database-mapping 172.16.54.0/24 10.2.2.2 priority 10 weight 50
eid-notify 10.10.10.10 key 3 9125d59c18a9b015
map-notify-group 225.1.1.1
!
interface loopback0
ip address 10.1.1.1/32
ip router ospf 1 area 0.0.0.0
!
interface Vlan2
no shutdown
lisp mobility VM
lisp extended-subnet-mode
ip address 172.16.54.3/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no ip arp gratuitous request
hsrp 1
preempt
priority 120
ip 172.16.54.1
!
FHR-2
!
feature lisp
!
ip lisp etr
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.1.1.1 priority 10 weight 50
database-mapping 172.16.54.0/24 10.2.2.2 priority 10 weight 50
eid-notify 10.10.10.10 key 3 9125d59c18a9b015
map-notify-group 225.1.1.1
!
interface Vlan2
no shutdown
lisp mobility VM
lisp extended-subnet-mode
ip address 172.16.54.2/24
ip ospf passive-interface
ip pim sparse-mode
no ip arp gratuitous request
hsrp 1
preempt
priority 90
ip 172.16.54.1
!
interface loopback0
ip address 10.2.2.2/32
ip router ospf 1 area 0.0.0.0
xTR
!
feature lisp
!
ip lisp itr-etr
ip lisp database-mapping 172.16.54.0/24 10.10.10.10 priority 10 weight 50
ip lisp itr map-resolver 192.168.1.1
ip lisp etr map-server 192.168.1.1 key 3 9125d59c18a9b015
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.10.10.10 priority 10 weight 50
eid-notify authentication-key 3 9125d59c18a9b015
!
interface loopback0
ip address 10.10.10.10/32
ip router ospf 1 area 0.0.0.0
!
East-DC
FHR-3
!
feature lisp
!
ip lisp etr
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.3.3.3 priority 10 weight 50
database-mapping 172.16.54.0/24 10.4.4.4 priority 10 weight 50
eid-notify 10.11.11.11 key 3 9125d59c18a9b015
map-notify-group 225.1.1.1
!
interface Vlan2
no shutdown
lisp mobility VM
lisp extended-subnet-mode
ip address 172.16.54.4/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no ip arp gratuitous request
hsrp 1
preempt
priority 110
ip 172.16.54.1
!
interface loopback0
ip address 10.3.3.3/32
ip router ospf 1 area 0.0.0.0
FHR-4
!
feature lisp
!
ip lisp etr
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.3.3.3 priority 10 weight 50
database-mapping 172.16.54.0/24 10.4.4.4 priority 10 weight 50
eid-notify 10.11.11.11 key 3 9125d59c18a9b015
map-notify-group 225.1.1.1
!
interface Vlan2
no shutdown
lisp mobility VM
lisp extended-subnet-mode ip pim sparse-mode
ip ospf passive-interface
ip address 172.16.54.5/24
hsrp 1
preempt
priority 90
ip 172.16.54.1
!
interface loopback0
ip address 10.4.4.4/32
ip router ospf 1 area 0.0.0.0
xTR
!
interface loopback0
ip address 10.11.11.11/32
ip router ospf 1 area 0.0.0.0
!
feature lisp
!
ip lisp itr-etr
ip lisp database-mapping 172.16.54.0/24 10.11.11.11 priority 10 weight 50
ip lisp itr map-resolver 192.168.1.1
ip lisp etr map-server 192.168.1.1 key 3 9125d59c18a9b015
!
lisp dynamic-eid VM
database-mapping 172.16.54.0/24 10.11.11.11 priority 9 weight 50
eid-notify authentication-key 3 9125d59c18a9b015
!
MS/MR
!
router lisp
locator-table default
site 1
authentication-key cisco
eid-prefix 172.16.54.0/24 accept-more-specifics
exit
!
site 2
authentication-key cisco
eid-prefix 172.16.20.0/24 accept-more-specifics
exit
!
ipv4 map-server
ipv4 map-resolver
Site-3
!
router lisp
database-mapping 172.16.20.0/24 10.20.20.20 priority 10 weight 50
ipv4 itr map-resolver 192.168.1.1
ipv4 itr
ipv4 etr map-server 192.168.1.1 key cisco
ipv4 etr
exit
!
interface Loopback1
ip address 10.20.20.20 255.255.255.255
!
interface Loopback2
ip address 172.16.20.1 255.255.255.0
!
Order Of Operation
Step 1: VM is booted up.
VM has been powered on and has started sending traffic to remote site i.e. Site-3. FHR-1 will receive this stream and will create Dynamic-EID.
N7K-358-West-FHR1# show lisp dynamic-eid summary
LISP Dynamic EID Summary for VRF "default"
* = Dyn-EID learned by site-based Map-Notify
! = Dyn-EID learned by routing protocol
^ = Dyn-EID learned by EID-Notify
Dyn-EID Name Dynamic-EID Interface Uptime Last Pending
Packet Ping Count
VM 172.16.54.200 Vlan2 06:50:21 00:12:12 0
N7K-358-West-FHR1# show lisp dynamic-eid detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000003
Locator: 10.1.1.1, priority: 10, weight: 50
Uptime: 06:51:34, state: up, local
Locator: 10.2.2.2, priority: 10, weight: 50
Uptime: 06:50:10, state: up
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: 225.1.1.1
Extended Subnet Mode configured on 1 interfaces
Number of roaming dynamic-EIDs discovered: 3
Last dynamic-EID discovered: 172.16.54.1, 00:00:04 ago
Roaming dynamic-EIDs:
172.16.54.200, Vlan2, uptime: 06:50:31, last activity: 00:12:22
Discovered by: packet reception
Step 2: FHR installs the LISP route
As shown in step 1, FHR creates a dynamic EID entry on receiving packets from the VM. It then installs a a /32 route in the RIB:
N7K-358-FHR1-West-DC# show ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Vlan2, [240/0], 06:58:08, lisp, dyn-eid
via 172.16.54.200, Vlan2, [250/0], 06:58:45, am
Step 3: FHR notifies all other FHRs about this Dynamic EID
This FHR will send Map-Notify messages to all other FHRs including the ones in the local site as well as in all the remote sites. In our example, FHR-1 will be sending the Map-Notify regarding 172.16.54.200 to FHR-2 on the local DC as well as FHR-3 and FHR-4 on the East DC.
But only local site FHR will be installing the route for that EID in its RIB as shown below:
N7K-358-FHR2-West-DC# show lisp dynamic-eid detailLISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000003
Locator: 10.1.1.1, priority: 10, weight: 50
Uptime: 00:01:04, state: up
Locator: 10.2.2.2, priority: 10, weight: 50
Uptime: 00:01:53, state: up, local
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: 225.1.1.1
Extended Subnet Mode configured on 1 interfaces
Number of roaming dynamic-EIDs discovered: 1
Last dynamic-EID discovered: 172.16.54.200, 00:01:04 ago
Roaming dynamic-EIDs:
172.16.54.200, Vlan2, uptime: 00:01:04, last activity: 00:00:42
Discovered by: site-based Map-Notify
Secure-handoff pending for sources: none
N7K-358-FHR2-West-DC#sh ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Vlan2, [240/0], 00:00:08, lisp, dyn-eid
via 172.16.54.200, Vlan2, [250/0], 00:01:53, am
Step 4: FHR updates this EID to local xTR
Both sites FHR on knowing about the EID will be notifying their local site's xTR about this EID using EID-Notify message.
East DC xTR router will also instal a null 0 route for this prefix whereas the West DC xTR will add this prefix in RIB.
N7K-FA8-East_xTR#show ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Null0, [241/0], 00:00:32, lisp, dyn-eid
N7K-358-West_xTR#show lisp dynamic-eid detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000001
Locator: 10.10.10.10, priority: 10, weight: 50
Uptime: 00:02:37, state: up, local
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: none configured
Number of roaming dynamic-EIDs discovered: 1
Last dynamic-EID discovered: 172.16.54.1, 00:00:06 ago
Roaming dynamic-EIDs:
172.16.54.200, (null), uptime: 00:00:28, last activity: 00:00:06
Discovered by: EID-Notify
EID-Notify Locators:
10.1.1.1
10.2.2.2
N7K-358-West_xTR#sh ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.0/24, ubest/mbest: 1/0
via 10.10.13.3, Eth3/2, [110/44], 00:01:00, ospf-1, intra
Local xTR will register EID with MR/MS:
East DC xTR will also send a Map-Register message to the MR/MS and register this newly discovered EID with them. This is also true for Site-3 router.
MS_MR#show lisp site 172.16.54.200/32
LISP Site Registration Information
Site name: 1
Allowed configured locators: any
Requested EID-prefix:
EID-prefix: 172.16.54.200/32
First registered: 07:11:28
Routing table tag: 0
Origin: Dynamic, more specific of 172.16.54.0/24
Merge active: No
Proxy reply: No
TTL: 00:03:00
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.10.90.1, last registered 00:00:07, no proxy-reply, map-notify
TTL 00:03:00, no merge, hash-function sha1, nonce 0x00000000-0x00000000
state complete, no security-capability
xTR-ID N/A
site-ID N/A
Locator Local State Pri/Wgt Scope
10.10.10.10 yes up 10/50 IPv4 none
MS_MR#sh lisp site 172.16.20.0/24
LISP Site Registration Information
Site name: 2
Allowed configured locators: any
Requested EID-prefix:
EID-prefix: 172.16.20.0/24
First registered: 06:30:48
Routing table tag: 0
Origin: Configuration, accepting more specifics
Merge active: No
Proxy reply: No
TTL: 1d00h
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.10.67.7, last registered 00:00:23, no proxy-reply, map-notify
TTL 1d00h, no merge, hash-function sha1, nonce 0xEE339164-0xC3199AF1
state complete, no security-capability
xTR-ID 0x7C6C7CF6-0x2AE64A0C-0xDCBC62DA-0x79762795
site-ID unspecified
Locator Local State Pri/Wgt Scope
10.20.20.20 yes up 10/50 IPv4 none
Step 5: Verify traffic flow on both Site 1 and Site 3 xTRs:
N7K-358-West_xTR# show ip lisp map-cacheLISP IP Mapping Cache for VRF "default" (iid 0), 3 entries
* = Locator data counters are cumulative across all EID-prefixes
0.0.0.0/1, uptime: 00:13:28, expires: 00:01:31, via map-reply
Negative cache entry, action: forward-native
128.0.0.0/3, uptime: 00:13:28, expires: 00:01:31, via map-reply
Negative cache entry, action: forward-native
172.16.20.0/24, uptime: 00:00:26, expires: 23:59:33, via map-reply, auth
Locator Uptime State Priority/ Data Control MTU
Weight in/out in/out
10.20.20.20 00:00:26 up 10/50 0/0* 0/0 1500
Site 3 LISP Map Cache Entry
Site-3#show ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries
0.0.0.0/0, uptime: 01:53:04, expires: never, via static send map-request
Negative cache entry, action: send-map-request
172.16.54.200/32, uptime: 01:50:02, expires: 22:09:57, via map-reply, complete
Locator Uptime State Pri/Wgt
10.10.10.10 01:50:02 up 10/50
Step 6: VM moves from West DC to East DC
Above steps are before the VM migration between the DC have taken place. Now, VM moves from West DC to East DC without changing the IP address. As soon as VM moves from West DC to East DC, FHR-3 at East DC will receive the packet from the VM and it will add its IP address to dynamic EID table. It will then send the map-notify request to all FHR including the West DC, and once West DC receives map-notify request it will remove the VM entry from dynamic-Eid table which was created when the VM was present in the West DC. xTR at West DC will now install the null 0 route to VM's IP.
Below is the status of Dynamic-EID on FHR-3 at East DC:
N7K-FA8-East_FHR3# sh lisp dynamic-eid detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000003
Locator: 10.3.3.3, priority: 10, weight: 50
Uptime: 02:04:48, state: up, local
Locator: 10.4.4.4, priority: 10, weight: 50
Uptime: 02:03:27, state: up
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: 225.1.1.1
Extended Subnet Mode configured on 1 interfaces
Number of roaming dynamic-EIDs discovered: 1
Last dynamic-EID discovered: 172.16.54.1, 00:00:14 ago
Roaming dynamic-EIDs:
172.16.54.200, Vlan2, uptime: 00:04:28, last activity: 00:03:11
Discovered by: packet reception
N7K-FA8-East_FHR3# sh ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Vlan2, [240/0], 00:05:00, lisp, dyn-eid
via 172.16.54.200, Vlan2, [250/0], 00:05:10, am
So the West FHR is not having the Dynamic EID for VM i.e. 172.16.54.200
N7K-358-West-FHR1(config)# sh lisp dynamic-eid summary
LISP Dynamic EID Summary for VRF "default"
* = Dyn-EID learned by site-based Map-Notify
! = Dyn-EID learned by routing protocol
^ = Dyn-EID learned by EID-Notify
Dyn-EID Name Dynamic-EID Interface Uptime Last Pending
Packet Ping Count
VM 172.16.54.2 Vlan2 00:33:30 00:00:07 0
Step 7: xTR at West DC will add the null 0 entry in routing table .
N7K-358-West_xTR# sh ip route 172.16.54.200
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.54.200/32, ubest/mbest: 1/0, attached
*via 172.16.54.200, Null0, [241/0], 00:00:05, lisp, dyn-eid
Step 8: East xTR will be updated by FHR-3 via EID notify and East xTR will then send map-register to MS with the migrated VM's prefix
N7K-FA8-East_xTR(config)# show lisp dynamic-eid Detail
LISP Dynamic EID Information for VRF "default"
Dynamic-EID name: VM
Database-mapping [0] EID-prefix: 172.16.54.0/24, LSBs: 0x00000001
Locator: 10.11.11.11, priority: 9, weight: 50
Uptime: 02:19:51, state: up, local
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): none configured, use global Map-Server
Site-based multicast Map-Notify group: none configured
Number of roaming dynamic-EIDs discovered: 1
Last dynamic-EID discovered: 172.16.54.1, 00:00:58 ago
Roaming dynamic-EIDs:
172.16.54.200, (null), uptime: 00:17:50, last activity: 00:00:25
Discovered by: EID-Notify
EID-Notify Locators:
10.3.3.3
10.4.4.4
MS_MR#sh lisp site 172.16.54.200
LISP Site Registration Information
Site name: 1
Allowed configured locators: any
Requested EID-prefix:
EID-prefix: 172.16.54.200/32
First registered: 02:02:24
Routing table tag: 0
Origin: Dynamic, more specific of 172.16.54.0/24
Merge active: No
Proxy reply: No
TTL: 00:03:00
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.11.17.1, last registered 00:00:32, no proxy-reply, map-notify
TTL 00:03:00, no merge, hash-function sha1, nonce 0x00000000-0x00000000
state complete, no security-capability
xTR-ID N/A
site-ID N/A
Locator Local State Pri/Wgt Scope
10.11.11.11 yes up 9/50 IPv4 none
Step 9 : Both xTR will update the map-cache entry
Before the VM migration, for Site-3 the RLOC for the VM's IP was West xTR(10.10.10.10). Post-migration of VM to East DC, as soon as West xTR receives traffic from Site-3, it will send SMR message to the Site-3 router to update the new RLOC address of the East xTR(10.11.11.11) as shown below:
Site-3#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries
0.0.0.0/0, uptime: 02:03:23, expires: never, via static send map-request
Negative cache entry, action: send-map-request
172.16.54.200/32, uptime: 02:00:22, expires: 23:57:56, via map-reply, complete
Locator Uptime State Pri/Wgt
10.11.11.11 00:02:03 up 9/50
N7K-FA8-East_xTR(config)# show ip lisp map-cache
LISP IP Mapping Cache for VRF "default" (iid 0), 1 entries
* = Locator data counters are cumulative across all EID-prefixes
172.16.20.0/24, uptime: 00:25:24, expires: 23:34:35, via map-reply, auth
Locator Uptime State Priority/ Data Control MTU
Weight in/out in/out
10.20.20.20 00:25:24 up 10/50 0/0* 0/0 1500
No comments:
Post a Comment