cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

LISP fundamentals and Troubleshooting Basics

6412
Views
25
Helpful
1
Comments

 

Introduction

 

The Locator Identity Separation Protocol (LISP) is a new routing architecture that creates a new paradigm by splitting the device identity, known as an Endpoint Identifier (EID), and its location, known as its Routing Locator (RLOC), into two different numbering spaces. This capability brings renewed scale and flexibility to the network in a single protocol, enabling the areas of mobility, scalability and security. 

 

In this architecture, there is clear separation between "who" the endpoint is, and "where" the endpoint currently is located. By separating EIDs and RLOCs, LISP inherently enables numerous benefits within a single protocol, including:

  • Low OpEx multihoming with ingress traffic engineering
  • Address familiy independence for efficient IPv6 Transition support
  • High-scale Virtualization/Multi-tenancy support
  • Data Center/Cloud Mobility support, including session persistence across mobility events
  • and seamless mobile node support.

 

Components Involved 

 

  • EID (Endpoint Identifier) - IP address of a host
  • RLOC (Routing Locator) - IP address of the LISP router facing ISP

  • ITR (Ingress Tunnel Router) -  Sends map requests and processes received map replies in order to resolve EID-to-RLOC mappings. On the data plane side, an ITR receives packets from site-facing interfaces and either LISP-encapsulates packets to remote LISP sites, or natively forwards packets to non-LISP sites.

  • ETR (Egress Tunnel Router) - Registers its EID prefixes and RLOCs with the Map-Server, and responds to map requests received from the Map-Server. On the data plane side, an ETR receives packets from core-facing interfaces, de-encapsulates them, and delivers them to local EIDs at the site. 

  • xTR - Performs both ITR/ETR functions. 

  • PxTR - (Proxy xTR) Accepts encapsulated traffic from LISP sites and forwards natively to non-LISP sites. Draw non-LISP traffic to itself by announcing aggregates of EID prefixes to non-LISP core. 

  • MS (Map Server) - An MS receives Map-Registration messages from LISP sites. It also receives Map-Requests (via the Mapping System) seeking mapping resolutions for EID prefixes and forwards them to the registered ETR that is authoritative for the EID prefix being queried.

  • MR (Map Resolver) - An MR receives map requests from ITRs and forwards them to the Mapping System (resulting in an MS receiving the Map-Request). An MR also sends negative map replies to ITRs in response to queries for non-LISP addresses.

 

 

 

one.png

 

 

EID-to-RLOC Mapping

 

The key to using these RLOCs and EIDs is the mapping between them. A device (S1) communicating with another device (D1) will create a packet with the EID of S1 as the source IP address and the EID of D1 as the destination IP address.

 

At the edge of the network, when this packet needs to be routed to the Internet, an ingress tunnel router maps the destination EID to a destination RLOC and then encapsulates the original packet with an additional header that has the source IP address of the ITR RLOC and the destination IP address of the RLOC of an egress tunnel router that connects to D1. LISP specifies the way that the mappings between EIDs and RLOCs are defined, exchanged, and used.

 

"LISP" refers to the protocol used for exchanging EID-to-RLOC mapping information, the overall architecture includes two additional components: a mapping database, which consists of devices and procedures for distributing mapping information, and additional devices for implementing interworking between LISP-capable and non-LISP-capable parts of the Internet.

 

two.png 

  

Map-Request: This message is sent by an ITR to the mapping database  when it needs to send a packet to a destination EID for which is has no cached RLOC.

 

Map-Reply: This message is returned to an ITR by an ETR or map server  in response to a Map-Request message. A Map-Reply message contains the EID prefix that matches the requested destination EID along with a set of RLOCs that can be used as the destination IP addresses for encapsulating user data. Additional information regarding priority and traffic-distribution across multiple RLOCs is also returned.

 

Map-Register: This message is sent by an ETR to a map server to define an EID prefix that it owns as well as the RLOCs that should be used for exchanging Map-Request and Map-Reply messages. The registration request includes the EID prefix, prefix length, RLOCs associated with the prefix, and priorities and traffic-sharing weights of each RLOC. Map-Register messages are sent periodically to maintain the registration state between an ETR and its map servers.

 

 

 

LISP xTR Encap Rules:

 

1) Perform destination address lookup in the normal routing table, if the route matched is one of the following proceed with LISP encap process, otherwise forward natively:

  • default route (0.0.0.0/0 or ::/0)
  • no route
  • a route with a Null0 next-hop

 

2) Check if the source address of the packet is within a local EID prefix.

  • - If yes, the packet is eligible for LISP encapsulation.
  • - If no, the packet is not eligible for LISP encapsulation, and will get forwarded natively.

 

3) Perform lookup in map-cache, if entry found perform forwarding action (encap, drop, send-map-request or fwd-native), if no entry found forward natively. (As LISP control component installs default map-cache entry with action send-map-request, we will never get a miss).

 

4)If the action is to forward, then the packet is encapsulated and a destination address lookup is performed on the destination/remoteRLOC, and once the output interface is known, the source RLOC is filled in.

 

 

LISP Data Packet Header Format

 

Encapsulated user data packets are transported using UDP port 4341, and LISP control packets are transported using UDP port 4342.

 

three.png

 

LISP Map-Register Header Format

 

four.png

 

 

Configure

Network Diagram

 

five.png

 

 

xTR

interface Loopback0
ip address 172.16.1.1 255.255.255.255 ! interface GigabitEthernet0/1
description to ISP
ip address 10.1.1.1 255.255.255.252 <<< RLOC Space ! interface GigabitEthernet0/2
description to Sw1
ip address 192.168.1.1 255.255.255.0 <<< LAN / EID Space ! router lisp
database-mapping 192.168.1.0/24 10.1.1.1 priority 1 weight 50
database-mapping 192.168.1.0/24 10.1.1.5 priority 1 weight 50
ipv4 itr map-resolver 172.16.3.1
ipv4 itr
ipv4 etr map-server 172.16.3.1 key cisco
ipv4 etr

 

 

xTR2

interface Loopback0
 ip address 172.16.1.2 255.255.255.255
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.1.5 255.255.255.252   <<< RLOC 
!
interface GigabitEthernet0/2
 description to Sw1
 ip address 192.168.1.2 255.255.255.0  <<< EID
!
router lisp
 database-mapping 192.168.1.0/24 10.1.1.1 priority 1 weight 50
 database-mapping 192.168.1.0/24 10.1.1.5 priority 1 weight 50
 ipv4 itr map-resolver 172.16.3.1
 ipv4 itr
 ipv4 etr map-server 172.16.3.1 key cisco
 ipv4 etr

 

MS/MR

interface Loopback0
 ip address 172.16.3.1 255.255.255.255  
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.3.1 255.255.255.252  
!
router lisp
 site DataCenter
  authentication-key cisco
  eid-prefix 192.168.1.0/24
  exit
 !
 site Remote
  authentication-key cisco
  eid-prefix 192.168.4.0/24
  exit
 !
 ipv4 map-server
 ipv4 map-resolver

 

Remote xTR

interface Loopback0
 ip address 172.16.4.1 255.255.255.255  <<< Loopback used for RLOC Space 
!
interface Loopback192
 ip address 192.168.4.1 255.255.255.0  <<< Loopback used for EID Space
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.4.1 255.255.255.252
!
router lisp
 database-mapping 192.168.4.0/24 172.16.4.1 priority 1 weight 50
 ipv4 itr map-resolver 172.16.3.1
 ipv4 itr
 ipv4 etr map-server 172.16.3.1 key cisco
 ipv4 etr

 

PxTR 

interface Loopback0
 ip address 172.16.6.1 255.255.255.255
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.6.1 255.255.255.252
!
router lisp
 loc-reach-algorithm rloc-probing
 map-cache 192.168.0.0/16 map-request  <<< Static the device to send a map-request for these EID prefies
 ipv4 map-request-source 172.16.6.1
 ipv4 proxy-etr
 ipv4 proxy-itr 172.16.6.1
 ipv4 itr map-resolver 172.16.3.1
 ipv4 etr map-server 172.16.3.1 key cisco
 

NOTE: The PxTR must also advertise the 192.168.0.0/16 to the Non-LISP routers.
Via redistributed Null0 route or have the Non-LISP routers point to the PxTR as it's default route.

 

Non-LISP 

interface Loopback0
 ip address 172.16.5.1 255.255.255.255
!
interface Loopback192
 ip address 192.168.5.1 255.255.255.0
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.5.1 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 172.16.6.1   <<< Send all traffic to PxTR

 

 

 

Verify

 

xTR's 

xTR#sh ip route | b Gateway   <<<< We have no routes for Remote EID prefixes!
Gateway of last resort is 192.168.0.3 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 192.168.0.3, 00:27:23
      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C        10.1.1.0/30 is directly connected, GigabitEthernet0/1
L        10.1.1.1/32 is directly connected, GigabitEthernet0/1
B        10.1.1.4/30 [20/0] via 192.168.0.3, 00:31:58
B        10.1.3.0/30 [20/0] via 192.168.0.3, 00:31:58
B        10.1.4.0/30 [20/0] via 192.168.0.3, 00:31:58
B        10.1.6.0/30 [20/0] via 192.168.0.3, 00:31:58
      172.16.0.0/32 is subnetted, 3 subnets
C        172.16.1.1 is directly connected, Loopback0
B        172.16.3.1 [20/0] via 192.168.0.3, 00:31:58
B        172.16.4.1 [20/0] via 192.168.0.3, 00:14:09
      192.168.0.0/32 is subnetted, 1 subnets
S        192.168.0.3 [1/0] via 10.1.1.2, GigabitEthernet0/1
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/2
L        192.168.1.1/32 is directly connected, GigabitEthernet0/2


xTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:15:37, expires: never, via static send map-request
Negative cache entry, action: send-map-request

xTR#ping 192.168.4.1 so 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/13/24 ms

xTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:15:47, expires: never, via static send map-request
Negative cache entry, action: send-map-request
192.168.4.0/24, uptime: 00:00:05, expires: 23:59:54, via map-reply, complete
Locator Uptime State Pri/Wgt
172.16.4.1 00:00:05 up 1/50


xTR#sh ip lisp database
LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x3, 1 entries

192.168.1.0/24 <<< Displays EIDs owned at this site
Locator Pri/Wgt Source State
10.1.1.1 1/50 cfg-addr site-self, reachable
10.1.1.5 1/50 cfg-addr site-other, report-reachable

xTR#sh ip lisp
Instance ID: 0
Router-lisp ID: 0
Locator table: default
EID table: default
Ingress Tunnel Router (ITR): enabled
Egress Tunnel Router (ETR): enabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
NAT-traversal Router (NAT-RTR): disabled
Mobility First-Hop Router: disabled
Map Server (MS): disabled
Map Resolver (MR): disabled
Delegated Database Tree (DDT): disabled
Map-Request source: derived from EID destination
ITR Map-Resolver(s): 172.16.3.1 <<< Verify we have a valid/correct MS/MR configured
ETR Map-Server(s): 172.16.3.1 (00:00:16) <<<
xTR-ID: 0xDF09EA35-0xA92A026B-0x38E33A52-0x4C5353DF
site-ID: unspecified
ITR local RLOC (last resort): 10.1.1.1
ITR Solicit Map Request (SMR): accept and process
Max SMRs per map-cache entry: 8 more specifics
Multiple SMR suppression time: 20 secs
ETR accept mapping data&colon; disabled, verify disabled
ETR map-cache TTL: 1d00h
Locator Status Algorithms:
RLOC-probe algorithm: disabled
RLOC-probe on route change: N/A (periodic probing disabled)
RLOC-probe on member change: disabled
LSB reports: process
IPv4 RLOC minimum mask length: /0
IPv6 RLOC minimum mask length: /0
Static mappings configured: 0
Map-cache size/limit: 1/1000
Imported route count/limit: 0/1000
Map-cache activity check period: 60 secs
Map-cache FIB updates: established
Total database mapping size: 1
static database size/limit: 1/5000
dynamic database size/limit: 0/1000
route-import database size: 0
Persistent map-cache: disabled

 

 

MS/MR

MS/MR#sh lisp site name DataCenter 
Site name: DataCenter
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 192.168.1.0/24    <<< Verify which EIDs have registerd with us 
    First registered:     00:27:12
    Last registered:      00:00:11
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   1
      Allowed locators mismatch: 0
    ETR 10.1.1.5, last registered 00:00:11, no proxy-reply, map-notify
                  TTL 1d00h, no merge, hash-function sha1, nonce 0x17165B51-0x6F5B6A50
                  state complete, no security-capability
                  xTR-ID 0x0A5D10E9-0x8D972761-0x3791E1CC-0xA7863C9F
                  site-ID unspecified
      Locator   Local  State      Pri/Wgt  Scope
      10.1.1.1  no     up           1/50   IPv4 none
      10.1.1.5  yes    up           1/50   IPv4 none
    ETR 10.1.1.1, last registered 00:00:44, no proxy-reply, map-notify
                  TTL 1d00h, no merge, hash-function sha1, nonce 0x8678609A-0x206712EC
                  state complete, no security-capability
                  xTR-ID 0xE53F6A2E-0x5850B5B5-0x3E6645CB-0x89052513
                  site-ID unspecified
      Locator   Local  State      Pri/Wgt  Scope
      10.1.1.1  yes    up           1/50   IPv4 none
      10.1.1.5  no     up           1/50   IPv4 none



MS/MR#sh lisp site name Remote 
Site name: Remote
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 192.168.4.0/24 
    First registered:     00:14:46
    Last registered:      00:00:58
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 10.1.4.1, last registered 00:00:58, no proxy-reply, map-notify
                  TTL 1d00h, no merge, hash-function sha1, nonce 0x3DCADBB7-0x3D378B15
                  state complete, no security-capability
                  xTR-ID 0x51DDD3AD-0x56C1265C-0x68E5A932-0xB5004B7D
                  site-ID unspecified
      Locator     Local  State      Pri/Wgt  Scope
      172.16.4.1  yes    up           1/50   IPv4 none


MS/MR#sh ip lisp map-cache 
MS/MR#                         <<<< MS/MR will not build a LISP Map-cache as it is not in the forwarding path. Only actings as MS/MR and not xTR

 

 

Remote xTR 

Remote-XTR#sh ip route | b Gateway     <<< Remote xTR does not have a route for xTR's EID Space
Gateway of last resort is 192.168.0.3 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 192.168.0.3, 00:16:18
      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        10.1.1.0/30 [20/0] via 192.168.0.3, 00:16:18
B        10.1.1.4/30 [20/0] via 192.168.0.3, 00:16:18
B        10.1.3.0/30 [20/0] via 192.168.0.3, 00:16:18
C        10.1.4.0/30 is directly connected, GigabitEthernet0/1
L        10.1.4.1/32 is directly connected, GigabitEthernet0/1
B        10.1.6.0/30 [20/0] via 192.168.0.3, 00:16:18
      172.16.0.0/32 is subnetted, 2 subnets
B        172.16.3.1 [20/0] via 192.168.0.3, 00:16:18
C        172.16.4.1 is directly connected, Loopback0
      192.168.0.0/32 is subnetted, 1 subnets
S        192.168.0.3 [1/0] via 10.1.4.2, GigabitEthernet0/1
      192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.4.0/24 is directly connected, Loopback192
L        192.168.4.1/32 is directly connected, Loopback192


Remote-XTR#sh ip lisp database
LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1, 1 entries

192.168.4.0/24
Locator Pri/Wgt Source State
172.16.4.1 1/50 cfg-addr site-self, reachable


Remote-XTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:00:02, expires: never, via static send map-request
Negative cache entry, action: send-map-request

Remote-XTR#ping 192.168.1.1 so 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.4.1
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/9/11 ms

Remote-XTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:00:13, expires: never, via static send map-request
Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, complete
Locator Uptime State Pri/Wgt
10.1.1.1 00:00:04 up 1/50
10.1.1.5 00:00:04 up 1/50

 

PxTR

PxTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

192.168.0.0/16, uptime: 00:00:08, expires: never, via static send map-request
  Negative cache entry, action: send-map-request


Non-LISP#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/10/14 ms PxTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

192.168.0.0/16, uptime: 00:00:25, expires: never, via static send map-request
Negative cache entry, action: send-map-request
PxTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

192.168.0.0/16, uptime: 00:00:49, expires: never, via static send map-request <<<<
Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:00:19, expires: 23:59:40, via map-reply, complete <<< After we sucessfully get a reply back with RLOC info
Locator Uptime State Pri/Wgt
10.1.1.1 00:00:19 up 1/50
10.1.1.5 00:00:19 up 1/50

 

 

Troubleshoot

 

Common Issues:

  • Expecting forwarding to a LISP destination to work from a source which is not itself an EID (does not have a database line configured for the prefix)
  • Missing locator-table under router lisp
  • Missing corresponding database entries on the ETR and/or eid-prefix entries on the Map Server
  • RLOC reachability

 

Map-Cache Issues

 

If the map cache is showing:

Empty

- Packet doesn't pass forwarding rules 

 Verify config - ITR enabled, map-request source, map-resolver (show ip lisp)

 Correct source

 

Incomplete

  • Verify config - correct map-resolver
  • Forwarding problem - Map request reached MS/MR? Map request forwarded to ETR? ETR sent map-reply to ITR?

 

 

Forward-Native

  • MS/MR dos not have an entry for this EID Prefix 
    • Verify on MS/MR if the EID has been registered from xTR
  • Verify config on ETR (etr enabled, database entries are correct, map-server key is correct)
  • Verify config on MS/MR (site entries are correct, in proper locator-table, accept-more-specifics if needed)
  • Forwarding problems between ETR and MS/MR (ETR sending Map-Registers correctly to MS/MR?)

 

 

 

LISP Packet Tracing

 

  • If trying to telnet/traceroute/ping directly from the router, one must use a source address in EID space. 

On ITR

  • CEF debugging: Verify packet is coming in from site on physical interface
  • CEF debugging: Verify lisp is encapsulating the packet on LISP interface
  • CEF debugging: Verify the encapsulated packet egresses on physical uplink

On ETR

  • CEF debugging: Verify the encapsulated packet ingresses on physical uplink
  • CEF debugging: Verify lisp is decapsulating the packet on LISP interface
  • CEF debugging: Verify decapsulated packet is forwarded to the site on the physical interface

 

 

 

Remote xTR sends packets towards XTR2's EID space:

Remote-XTR#ping 192.168.1.1 so 192.168.4.1 rep 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.4.1
.!!!!!!!!!
Success rate is 90 percent (9/10), round-trip min/avg/max = 6/9/13 ms << First ping is dropped to trigger Map-Request

Remote-XTR#sh ip lisp map-cache LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries 0.0.0.0/0, uptime: 00:23:30, expires: never, via static send map-request Negative cache entry, action: send-map-request 192.168.1.0/24, uptime: 00:14:28, expires: 23:45:31, via map-reply, complete <<< Map-reply received successfully Locator Uptime State Pri/Wgt 10.1.1.1 00:14:28 up 1/50 10.1.1.5 00:14:28 up 1/50


 

 

Packet Received on XTR2:

xTR2#sh ip int br 
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         10.255.0.107    YES NVRAM  administratively down down    
GigabitEthernet0/1         10.1.1.5        YES NVRAM  up                    up      <<< RLOC
GigabitEthernet0/2         192.168.1.2     YES NVRAM  up                    up      
LISP0                      192.168.1.2     YES unset  up                    up      
Loopback0                  172.16.1.2      YES NVRAM  up                    up    

xTR2#sh ip access-lists 199
Extended IP access list 199
    10 permit ip host 10.1.4.1 host 10.1.1.5 (1 match)   <<< ACL matching RLOC of Remote XTR as the Source, and RLOC of XTR2 as the destination 
    
xTR2#debug ip cef packet g0/1 input 199 rate 0 detail 
*Sep 22 00:35:01.908: CEF-Debug: Packet from 10.1.4.1 (Gi0/1) to 10.1.1.5     <<<<< LISP encapped packet coming into RLOC interface 
*Sep 22 00:35:01.908:   ihl=20, length=136, tos=0, ttl=253, checksum=25621, offset=0 DF
*Sep 22 00:35:01.908:     UDP src=1024, dst=4341, length=116, checksum=0     <<<< UDP of 4341 indicates LISP Data plane packet


xTR2#debug ip cef packet LISP0 input rate 0 detail          <<< Capturing inbound traffic from LISP 0 decapsulating interface
IP CEF packets debugging is on ingress on LISP0 (detailed)

xTR2#
*Sep 22 00:28:02.721: CEF-Debug: Packet from 192.168.4.1 (LI0) to 192.168.1.1   <<< Original ping packet from Remote-XTR's EID Space to XTR2's EID space
*Sep 22 00:28:02.721:   ihl=20, length=100, tos=0, ttl=253, checksum=14080, offset=0
*Sep 22 00:28:02.721:     ICMP type=8, code=0, checksum=26453
*Sep 22 00:28:02.721:          ECHO

 

Remote xTR receives reply packet:

Remote-XTR#debug ip cef packet LISP0 input rate 0 detail
Remote-XTR#ping 192.168.1.1 so 192.168.4.1 rep 1 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Packet sent with a source address of 192.168.4.1 ! Success rate is 100 percent (1/1), round-trip min/avg/max = 10/10/10 ms Remote-XTR# *Sep 22 00:25:03.758: CEF-Debug: Packet from 192.168.1.1 (LI0) to 192.168.4.1 *Sep 22 00:25:03.758: ihl=20, length=100, tos=0, ttl=253, checksum=14083, offset=0 *Sep 22 00:25:03.758: ICMP type=0, code=0, checksum=4437 *Sep 22 00:25:03.758: ECHO reply

 

 

LIG

 

RFC 6835 introduces the Locator/ID Separation Protocol Internet Groper (LIG) which is a simple tool which can be used to query the LISP mapping database.

 

It can be run by all devices that implement LISP, including

  • Ingress Tunnel Routers (ITRs),
  • Egress Tunnel Routers (ETRs),
  • Proxy-ITRs,
  • Proxy-ETRs,
  • Map-Resolvers,
  • Map-Servers, and
  • LISP-ALT Routers,

as well as by a host system at either a LISP-capable or non-LISPcapable site.” 

 

With "lig" you do not need to worry about sourcing the packet from an EID space as it will query the MS/MR system as long as it has a valid IP address to a valid MS/MR database.

 

xTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:00:03, expires: never, via static send map-request
  Negative cache entry, action: send-map-request

xTR#lig 192.168.1.1 Mapping information for EID 192.168.1.1 from 10.1.1.1 with RTT 85 msecs 192.168.1.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, self, complete Locator Uptime State Pri/Wgt 10.1.1.1 00:00:00 up, self 1/50 10.1.1.5 00:00:00 up 1/50
xTR#lig 192.168.4.1 Mapping information for EID 192.168.4.1 from 10.1.4.1 with RTT 15 msecs 192.168.4.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt 172.16.4.1 00:00:00 up 1/50
xTR#sh ip lisp map-cache LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries 0.0.0.0/0, uptime: 00:00:13, expires: never, via static send map-request Negative cache entry, action: send-map-request 192.168.1.0/24, uptime: 00:00:07, expires: 23:59:53, via map-reply, self, complete Locator Uptime State Pri/Wgt 10.1.1.1 00:00:07 up, self 1/50 10.1.1.5 00:00:07 up 1/50 192.168.4.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, complete Locator Uptime State Pri/Wgt 172.16.4.1 00:00:04 up 1/50 PxTR#sh ip lisp map-cache LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries 192.168.0.0/16, uptime: 00:00:01, expires: never, via static send map-request Negative cache entry, action: send-map-request
PxTR#lig 192.168.1.1 Mapping information for EID 192.168.1.1 from 10.1.1.5 with RTT 124 msecs 192.168.1.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt 10.1.1.1 00:00:00 up 1/50 10.1.1.5 00:00:00 up 1/50
PxTR#lig 192.168.4.1 Mapping information for EID 192.168.4.1 from 10.1.4.1 with RTT 100 msecs 192.168.4.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt 172.16.4.1 00:00:00 up 1/50

PxTR#sh ip lisp map-cache LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries << Fully populated LISP table now with LIG: 192.168.0.0/16, uptime: 00:00:09, expires: never, via static send map-request Negative cache entry, action: send-map-request 192.168.1.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, complete Locator Uptime State Pri/Wgt 10.1.1.1 00:00:04 up 1/50 10.1.1.5 00:00:04 up 1/50 192.168.4.0/24, uptime: 00:00:02, expires: 23:59:58, via map-reply, complete Locator Uptime State Pri/Wgt 172.16.4.1 00:00:02 up 1/50

 

 Useful Debugs

  • debug lisp control-plane link-layer
  • debug lisp control-plane etr-map-server
  • debug lisp control-plane etr-map-notify
  • debug lisp control-plane solicit-map-request
  • debug lisp control-plane map-server-registration
  • debug lisp control-plane map-server-map-notify
  • debug lisp control-plane messages (on xTR and MS) 
  • debug lisp detail

 

References:

 

Comments
Beginner

Hello Victor,

 

First of all thanks for such a detailed document.

 

May I ask for a help? I am trying to setup LISP ESM subnet extension solution. I am using following white paper documentation as a reference: 

http://www.cisco.com/c/en/us/products/collateral/routers/cloud-services-router-1000v-series/white-paper-c11-731872.pdf

 

In my case I used 1000v at the central DC site and 892 at the remote sete to form LISP tunnels and extend the VLAN/network on DC site to the device connected to 892.

 

However it does not exactly work. The device connected to 892 can't get IP address when it is configured with DHCP. When configured with a static IP from the DC's VLAN the device on 892 can communicate to remote servers at DC, but it can't access internet or send traffic anywhere outside of the VLAN.

 

I suspect that there might be misconfiguration of Lisp on my PoC. Could you please tell where should I look into?

 

P.S. I have documented my case at the separate post with congifs and more explanation:

https://community.cisco.com/t5/routing/setting-up-lisp-between-1000v-and-892for-extended-subnet-esm 

CreatePlease to create content
Content for Community-Ad