Introduction

Victor Acevedo · ‎05-17-2016

Introduction
Components Involved
Configure
Verify
Troubleshoot

Introduction

The Locator Identity Separation Protocol (LISP) is a new routing architecture that creates a new paradigm by splitting the device identity, known as an Endpoint Identifier (EID), and its location, known as its Routing Locator (RLOC), into two different numbering spaces. This capability brings renewed scale and flexibility to the network in a single protocol, enabling the areas of mobility, scalability and security.

In this architecture, there is clear separation between "who" the endpoint is, and "where" the endpoint currently is located. By separating EIDs and RLOCs, LISP inherently enables numerous benefits within a single protocol, including:

Low OpEx multihoming with ingress traffic engineering
Address familiy independence for efficient IPv6 Transition support
High-scale Virtualization/Multi-tenancy support
Data Center/Cloud Mobility support, including session persistence across mobility events
and seamless mobile node support.

Components Involved

EID (Endpoint Identifier) - IP address of a host

RLOC (Routing Locator) - IP address of the LISP router facing ISP
ITR (Ingress Tunnel Router) - Sends map requests and processes received map replies in order to resolve EID-to-RLOC mappings. On the data plane side, an ITR receives packets from site-facing interfaces and either LISP-encapsulates packets to remote LISP sites, or natively forwards packets to non-LISP sites.
ETR (Egress Tunnel Router) - Registers its EID prefixes and RLOCs with the Map-Server, and responds to map requests received from the Map-Server. On the data plane side, an ETR receives packets from core-facing interfaces, de-encapsulates them, and delivers them to local EIDs at the site.
xTR - Performs both ITR/ETR functions.
PxTR - (Proxy xTR) Accepts encapsulated traffic from LISP sites and forwards natively to non-LISP sites. Draw non-LISP traffic to itself by announcing aggregates of EID prefixes to non-LISP core.
MS (Map Server) - An MS receives Map-Registration messages from LISP sites. It also receives Map-Requests (via the Mapping System) seeking mapping resolutions for EID prefixes and forwards them to the registered ETR that is authoritative for the EID prefix being queried.
MR (Map Resolver) - An MR receives map requests from ITRs and forwards them to the Mapping System (resulting in an MS receiving the Map-Request). An MR also sends negative map replies to ITRs in response to queries for non-LISP addresses.

EID-to-RLOC Mapping

The key to using these RLOCs and EIDs is the mapping between them. A device (S1) communicating with another device (D1) will create a packet with the EID of S1 as the source IP address and the EID of D1 as the destination IP address.

At the edge of the network, when this packet needs to be routed to the Internet, an ingress tunnel router maps the destination EID to a destination RLOC and then encapsulates the original packet with an additional header that has the source IP address of the ITR RLOC and the destination IP address of the RLOC of an egress tunnel router that connects to D1. LISP specifies the way that the mappings between EIDs and RLOCs are defined, exchanged, and used.

"LISP" refers to the protocol used for exchanging EID-to-RLOC mapping information, the overall architecture includes two additional components: a mapping database, which consists of devices and procedures for distributing mapping information, and additional devices for implementing interworking between LISP-capable and non-LISP-capable parts of the Internet.

• Map-Request: This message is sent by an ITR to the mapping database when it needs to send a packet to a destination EID for which is has no cached RLOC.

• Map-Reply: This message is returned to an ITR by an ETR or map server in response to a Map-Request message. A Map-Reply message contains the EID prefix that matches the requested destination EID along with a set of RLOCs that can be used as the destination IP addresses for encapsulating user data. Additional information regarding priority and traffic-distribution across multiple RLOCs is also returned.

• Map-Register: This message is sent by an ETR to a map server to define an EID prefix that it owns as well as the RLOCs that should be used for exchanging Map-Request and Map-Reply messages. The registration request includes the EID prefix, prefix length, RLOCs associated with the prefix, and priorities and traffic-sharing weights of each RLOC. Map-Register messages are sent periodically to maintain the registration state between an ETR and its map servers.

LISP xTR Encap Rules:

1) Perform destination address lookup in the normal routing table, if the route matched is one of the following proceed with LISP encap process, otherwise forward natively:

default route (0.0.0.0/0 or ::/0)
no route
a route with a Null0 next-hop

2) Check if the source address of the packet is within a local EID prefix.

- If yes, the packet is eligible for LISP encapsulation.
- If no, the packet is not eligible for LISP encapsulation, and will get forwarded natively.

3) Perform lookup in map-cache, if entry found perform forwarding action (encap, drop, send-map-request or fwd-native), if no entry found forward natively. (As LISP control component installs default map-cache entry with action send-map-request, we will never get a miss).

4)If the action is to forward, then the packet is encapsulated and a destination address lookup is performed on the destination/remoteRLOC, and once the output interface is known, the source RLOC is filled in.

LISP Data Packet Header Format

Encapsulated user data packets are transported using UDP port 4341, and LISP control packets are transported using UDP port 4342.

LISP Map-Register Header Format

Configure

Network Diagram

xTR

interface Loopback0
 ip address 172.16.1.1 255.255.255.255
!
interface GigabitEthernet0/1
 description to ISP 
 ip address 10.1.1.1 255.255.255.252    <<< RLOC Space
!
interface GigabitEthernet0/2
 description to Sw1
 ip address 192.168.1.1 255.255.255.0  <<< LAN / EID Space 
!
router lisp
 database-mapping 192.168.1.0/24 10.1.1.1 priority 1 weight 50
 database-mapping 192.168.1.0/24 10.1.1.5 priority 1 weight 50
 ipv4 itr map-resolver 172.16.3.1
 ipv4 itr
 ipv4 etr map-server 172.16.3.1 key cisco
 ipv4 etr

xTR2

interface Loopback0
 ip address 172.16.1.2 255.255.255.255
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.1.5 255.255.255.252   <<< RLOC 
!
interface GigabitEthernet0/2
 description to Sw1
 ip address 192.168.1.2 255.255.255.0  <<< EID
!
router lisp
 database-mapping 192.168.1.0/24 10.1.1.1 priority 1 weight 50
 database-mapping 192.168.1.0/24 10.1.1.5 priority 1 weight 50
 ipv4 itr map-resolver 172.16.3.1
 ipv4 itr
 ipv4 etr map-server 172.16.3.1 key cisco
 ipv4 etr

MS/MR

interface Loopback0
 ip address 172.16.3.1 255.255.255.255  
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.3.1 255.255.255.252  
!
router lisp
 site DataCenter
  authentication-key cisco
  eid-prefix 192.168.1.0/24
  exit
 !
 site Remote
  authentication-key cisco
  eid-prefix 192.168.4.0/24
  exit
 !
 ipv4 map-server
 ipv4 map-resolver

Remote xTR

interface Loopback0
 ip address 172.16.4.1 255.255.255.255  <<< Loopback used for RLOC Space 
!
interface Loopback192
 ip address 192.168.4.1 255.255.255.0  <<< Loopback used for EID Space
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.4.1 255.255.255.252
!
router lisp
 database-mapping 192.168.4.0/24 172.16.4.1 priority 1 weight 50
 ipv4 itr map-resolver 172.16.3.1
 ipv4 itr
 ipv4 etr map-server 172.16.3.1 key cisco
 ipv4 etr

PxTR

interface Loopback0
 ip address 172.16.6.1 255.255.255.255
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.6.1 255.255.255.252
!
router lisp
 loc-reach-algorithm rloc-probing
 map-cache 192.168.0.0/16 map-request  <<< Static the device to send a map-request for these EID prefies
 ipv4 map-request-source 172.16.6.1
 ipv4 proxy-etr
 ipv4 proxy-itr 172.16.6.1
 ipv4 itr map-resolver 172.16.3.1
 ipv4 etr map-server 172.16.3.1 key cisco
 

NOTE: The PxTR must also advertise the 192.168.0.0/16 to the Non-LISP routers. 
      Via redistributed Null0 route or have the Non-LISP routers point to the PxTR as it's default route.

Non-LISP

interface Loopback0
 ip address 172.16.5.1 255.255.255.255
!
interface Loopback192
 ip address 192.168.5.1 255.255.255.0
!
interface GigabitEthernet0/1
 description to ISP
 ip address 10.1.5.1 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 172.16.6.1   <<< Send all traffic to PxTR

Verify

xTR's

xTR#sh ip route | b Gateway   <<<< We have no routes for Remote EID prefixes!
Gateway of last resort is 192.168.0.3 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 192.168.0.3, 00:27:23
      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C        10.1.1.0/30 is directly connected, GigabitEthernet0/1
L        10.1.1.1/32 is directly connected, GigabitEthernet0/1
B        10.1.1.4/30 [20/0] via 192.168.0.3, 00:31:58
B        10.1.3.0/30 [20/0] via 192.168.0.3, 00:31:58
B        10.1.4.0/30 [20/0] via 192.168.0.3, 00:31:58
B        10.1.6.0/30 [20/0] via 192.168.0.3, 00:31:58
      172.16.0.0/32 is subnetted, 3 subnets
C        172.16.1.1 is directly connected, Loopback0
B        172.16.3.1 [20/0] via 192.168.0.3, 00:31:58
B        172.16.4.1 [20/0] via 192.168.0.3, 00:14:09
      192.168.0.0/32 is subnetted, 1 subnets
S        192.168.0.3 [1/0] via 10.1.1.2, GigabitEthernet0/1
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/2
L        192.168.1.1/32 is directly connected, GigabitEthernet0/2


xTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:15:37, expires: never, via static send map-request
 Negative cache entry, action: send-map-request

xTR#ping 192.168.4.1 so 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1 
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/13/24 ms

xTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:15:47, expires: never, via static send map-request
 Negative cache entry, action: send-map-request
192.168.4.0/24, uptime: 00:00:05, expires: 23:59:54, via map-reply, complete
 Locator Uptime State Pri/Wgt
 172.16.4.1 00:00:05 up 1/50 


xTR#sh ip lisp database 
LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x3, 1 entries

192.168.1.0/24      <<< Displays EIDs owned at this site
 Locator Pri/Wgt Source State  
 10.1.1.1 1/50 cfg-addr site-self, reachable
 10.1.1.5 1/50 cfg-addr site-other, report-reachable

xTR#sh ip lisp 
 Instance ID: 0
 Router-lisp ID: 0
 Locator table: default
 EID table: default
 Ingress Tunnel Router (ITR): enabled
 Egress Tunnel Router (ETR): enabled
 Proxy-ITR Router (PITR): disabled
 Proxy-ETR Router (PETR): disabled
 NAT-traversal Router (NAT-RTR): disabled
 Mobility First-Hop Router: disabled
 Map Server (MS): disabled
 Map Resolver (MR): disabled
 Delegated Database Tree (DDT): disabled
 Map-Request source: derived from EID destination
 ITR Map-Resolver(s): 172.16.3.1   <<< Verify we have a valid/correct MS/MR configured
 ETR Map-Server(s): 172.16.3.1 (00:00:16)  <<<
 xTR-ID: 0xDF09EA35-0xA92A026B-0x38E33A52-0x4C5353DF
 site-ID: unspecified
 ITR local RLOC (last resort): 10.1.1.1
 ITR Solicit Map Request (SMR): accept and process
 Max SMRs per map-cache entry: 8 more specifics
 Multiple SMR suppression time: 20 secs
 ETR accept mapping data&colon; disabled, verify disabled
 ETR map-cache TTL: 1d00h
 Locator Status Algorithms:
 RLOC-probe algorithm: disabled
 RLOC-probe on route change: N/A (periodic probing disabled)
 RLOC-probe on member change: disabled
 LSB reports: process
 IPv4 RLOC minimum mask length: /0
 IPv6 RLOC minimum mask length: /0
 Static mappings configured: 0
 Map-cache size/limit: 1/1000
 Imported route count/limit: 0/1000
 Map-cache activity check period: 60 secs
 Map-cache FIB updates: established
 Total database mapping size: 1
 static database size/limit: 1/5000
 dynamic database size/limit: 0/1000
 route-import database size: 0
 Persistent map-cache: disabled

MS/MR

MS/MR#sh lisp site name DataCenter 
Site name: DataCenter
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 192.168.1.0/24    <<< Verify which EIDs have registerd with us 
    First registered:     00:27:12
    Last registered:      00:00:11
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   1
      Allowed locators mismatch: 0
    ETR 10.1.1.5, last registered 00:00:11, no proxy-reply, map-notify
                  TTL 1d00h, no merge, hash-function sha1, nonce 0x17165B51-0x6F5B6A50
                  state complete, no security-capability
                  xTR-ID 0x0A5D10E9-0x8D972761-0x3791E1CC-0xA7863C9F
                  site-ID unspecified
      Locator   Local  State      Pri/Wgt  Scope
      10.1.1.1  no     up           1/50   IPv4 none
      10.1.1.5  yes    up           1/50   IPv4 none
    ETR 10.1.1.1, last registered 00:00:44, no proxy-reply, map-notify
                  TTL 1d00h, no merge, hash-function sha1, nonce 0x8678609A-0x206712EC
                  state complete, no security-capability
                  xTR-ID 0xE53F6A2E-0x5850B5B5-0x3E6645CB-0x89052513
                  site-ID unspecified
      Locator   Local  State      Pri/Wgt  Scope
      10.1.1.1  yes    up           1/50   IPv4 none
      10.1.1.5  no     up           1/50   IPv4 none



MS/MR#sh lisp site name Remote 
Site name: Remote
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 192.168.4.0/24 
    First registered:     00:14:46
    Last registered:      00:00:58
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 10.1.4.1, last registered 00:00:58, no proxy-reply, map-notify
                  TTL 1d00h, no merge, hash-function sha1, nonce 0x3DCADBB7-0x3D378B15
                  state complete, no security-capability
                  xTR-ID 0x51DDD3AD-0x56C1265C-0x68E5A932-0xB5004B7D
                  site-ID unspecified
      Locator     Local  State      Pri/Wgt  Scope
      172.16.4.1  yes    up           1/50   IPv4 none


MS/MR#sh ip lisp map-cache 
MS/MR#                         <<<< MS/MR will not build a LISP Map-cache as it is not in the forwarding path. Only actings as MS/MR and not xTR

Remote xTR

Remote-XTR#sh ip route | b Gateway     <<< Remote xTR does not have a route for xTR's EID Space
Gateway of last resort is 192.168.0.3 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 192.168.0.3, 00:16:18
      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        10.1.1.0/30 [20/0] via 192.168.0.3, 00:16:18
B        10.1.1.4/30 [20/0] via 192.168.0.3, 00:16:18
B        10.1.3.0/30 [20/0] via 192.168.0.3, 00:16:18
C        10.1.4.0/30 is directly connected, GigabitEthernet0/1
L        10.1.4.1/32 is directly connected, GigabitEthernet0/1
B        10.1.6.0/30 [20/0] via 192.168.0.3, 00:16:18
      172.16.0.0/32 is subnetted, 2 subnets
B        172.16.3.1 [20/0] via 192.168.0.3, 00:16:18
C        172.16.4.1 is directly connected, Loopback0
      192.168.0.0/32 is subnetted, 1 subnets
S        192.168.0.3 [1/0] via 10.1.4.2, GigabitEthernet0/1
      192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.4.0/24 is directly connected, Loopback192
L        192.168.4.1/32 is directly connected, Loopback192


Remote-XTR#sh ip lisp database 
LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1, 1 entries

192.168.4.0/24
 Locator Pri/Wgt Source State
 172.16.4.1 1/50 cfg-addr site-self, reachable


Remote-XTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:00:02, expires: never, via static send map-request
 Negative cache entry, action: send-map-request

Remote-XTR#ping 192.168.1.1 so 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.4.1 
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/9/11 ms

Remote-XTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:00:13, expires: never, via static send map-request
 Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, complete
 Locator Uptime State Pri/Wgt
 10.1.1.1 00:00:04 up 1/50 
 10.1.1.5 00:00:04 up 1/50

PxTR

PxTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

192.168.0.0/16, uptime: 00:00:08, expires: never, via static send map-request
  Negative cache entry, action: send-map-request


Non-LISP#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/10/14 ms

PxTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

192.168.0.0/16, uptime: 00:00:25, expires: never, via static send map-request
 Negative cache entry, action: send-map-request
PxTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

192.168.0.0/16, uptime: 00:00:49, expires: never, via static send map-request   <<<< 
 Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:00:19, expires: 23:59:40, via map-reply, complete   <<< After we sucessfully get a reply back with RLOC info
 Locator Uptime State Pri/Wgt
 10.1.1.1 00:00:19 up 1/50 
 10.1.1.5 00:00:19 up 1/50

Troubleshoot

Common Issues:

Expecting forwarding to a LISP destination to work from a source which is not itself an EID (does not have a database line configured for the prefix)
Missing locator-table under router lisp
Missing corresponding database entries on the ETR and/or eid-prefix entries on the Map Server
RLOC reachability

Map-Cache Issues

If the map cache is showing:

Empty

- Packet doesn't pass forwarding rules

Verify config - ITR enabled, map-request source, map-resolver (show ip lisp)

Correct source

Incomplete

Verify config - correct map-resolver
Forwarding problem - Map request reached MS/MR? Map request forwarded to ETR? ETR sent map-reply to ITR?

Forward-Native

MS/MR dos not have an entry for this EID Prefix

Verify on MS/MR if the EID has been registered from xTR

Verify config on ETR (etr enabled, database entries are correct, map-server key is correct)
Verify config on MS/MR (site entries are correct, in proper locator-table, accept-more-specifics if needed)
Forwarding problems between ETR and MS/MR (ETR sending Map-Registers correctly to MS/MR?)

LISP Packet Tracing

If trying to telnet/traceroute/ping directly from the router, one must use a source address in EID space.

On ITR

CEF debugging: Verify packet is coming in from site on physical interface
CEF debugging: Verify lisp is encapsulating the packet on LISP interface
CEF debugging: Verify the encapsulated packet egresses on physical uplink

On ETR

CEF debugging: Verify the encapsulated packet ingresses on physical uplink
CEF debugging: Verify lisp is decapsulating the packet on LISP interface
CEF debugging: Verify decapsulated packet is forwarded to the site on the physical interface

Remote xTR sends packets towards XTR2's EID space:

Remote-XTR#ping 192.168.1.1 so 192.168.4.1 rep 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.4.1 
.!!!!!!!!!
Success rate is 90 percent (9/10), round-trip min/avg/max = 6/9/13 ms  << First ping is dropped to trigger Map-Request

Remote-XTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:23:30, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:14:28, expires: 23:45:31, via map-reply, complete   <<< Map-reply received successfully
  Locator   Uptime    State      Pri/Wgt
  10.1.1.1  00:14:28  up           1/50 
  10.1.1.5  00:14:28  up           1/50

Packet Received on XTR2:

xTR2#sh ip int br 
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         10.255.0.107    YES NVRAM  administratively down down    
GigabitEthernet0/1         10.1.1.5        YES NVRAM  up                    up      <<< RLOC
GigabitEthernet0/2         192.168.1.2     YES NVRAM  up                    up      
LISP0                      192.168.1.2     YES unset  up                    up      
Loopback0                  172.16.1.2      YES NVRAM  up                    up    

xTR2#sh ip access-lists 199
Extended IP access list 199
    10 permit ip host 10.1.4.1 host 10.1.1.5 (1 match)   <<< ACL matching RLOC of Remote XTR as the Source, and RLOC of XTR2 as the destination 
    
xTR2#debug ip cef packet g0/1 input 199 rate 0 detail 
*Sep 22 00:35:01.908: CEF-Debug: Packet from 10.1.4.1 (Gi0/1) to 10.1.1.5     <<<<< LISP encapped packet coming into RLOC interface 
*Sep 22 00:35:01.908:   ihl=20, length=136, tos=0, ttl=253, checksum=25621, offset=0 DF
*Sep 22 00:35:01.908:     UDP src=1024, dst=4341, length=116, checksum=0     <<<< UDP of 4341 indicates LISP Data plane packet


xTR2#debug ip cef packet LISP0 input rate 0 detail          <<< Capturing inbound traffic from LISP 0 decapsulating interface
IP CEF packets debugging is on ingress on LISP0 (detailed)

xTR2#
*Sep 22 00:28:02.721: CEF-Debug: Packet from 192.168.4.1 (LI0) to 192.168.1.1   <<< Original ping packet from Remote-XTR's EID Space to XTR2's EID space
*Sep 22 00:28:02.721:   ihl=20, length=100, tos=0, ttl=253, checksum=14080, offset=0
*Sep 22 00:28:02.721:     ICMP type=8, code=0, checksum=26453
*Sep 22 00:28:02.721:          ECHO

Remote xTR receives reply packet:

Remote-XTR#debug ip cef packet LISP0 input rate 0 detail
 
Remote-XTR#ping 192.168.1.1 so 192.168.4.1 rep 1           
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.4.1 
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 10/10/10 ms

Remote-XTR#
*Sep 22 00:25:03.758: CEF-Debug: Packet from 192.168.1.1 (LI0) to 192.168.4.1
*Sep 22 00:25:03.758:   ihl=20, length=100, tos=0, ttl=253, checksum=14083, offset=0
*Sep 22 00:25:03.758:     ICMP type=0, code=0, checksum=4437
*Sep 22 00:25:03.758:          ECHO reply

LIG

RFC 6835 introduces the Locator/ID Separation Protocol Internet Groper (LIG) which is a simple tool which can be used to query the LISP mapping database.

It can be run by all devices that implement LISP, including

Ingress Tunnel Routers (ITRs),
Egress Tunnel Routers (ETRs),
Proxy-ITRs,
Proxy-ETRs,
Map-Resolvers,
Map-Servers, and
LISP-ALT Routers,

as well as by a host system at either a LISP-capable or non-LISPcapable site.”

With "lig" you do not need to worry about sourcing the packet from an EID space as it will query the MS/MR system as long as it has a valid IP address to a valid MS/MR database.

xTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:00:03, expires: never, via static send map-request
  Negative cache entry, action: send-map-request

xTR#lig 192.168.1.1
Mapping information for EID 192.168.1.1 from 10.1.1.1 with RTT 85 msecs
192.168.1.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, self, complete
  Locator   Uptime    State      Pri/Wgt
  10.1.1.1  00:00:00  up, self     1/50 
  10.1.1.5  00:00:00  up           1/50 

xTR#lig 192.168.4.1
Mapping information for EID 192.168.4.1 from 10.1.4.1 with RTT 15 msecs
192.168.4.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  172.16.4.1  00:00:00  up           1/50 

xTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries

0.0.0.0/0, uptime: 00:00:13, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:00:07, expires: 23:59:53, via map-reply, self, complete
  Locator   Uptime    State      Pri/Wgt
  10.1.1.1  00:00:07  up, self     1/50 
  10.1.1.5  00:00:07  up           1/50 
192.168.4.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  172.16.4.1  00:00:04  up           1/50 




PxTR#sh ip lisp map-cache    
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

192.168.0.0/16, uptime: 00:00:01, expires: never, via static send map-request
  Negative cache entry, action: send-map-request

PxTR#lig 192.168.1.1
Mapping information for EID 192.168.1.1 from 10.1.1.5 with RTT 124 msecs
192.168.1.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete
  Locator   Uptime    State      Pri/Wgt
  10.1.1.1  00:00:00  up           1/50 
  10.1.1.5  00:00:00  up           1/50 

PxTR#lig 192.168.4.1
Mapping information for EID 192.168.4.1 from 10.1.4.1 with RTT 100 msecs
192.168.4.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  172.16.4.1  00:00:00  up           1/50 


PxTR#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries  << Fully populated LISP table now with LIG:

192.168.0.0/16, uptime: 00:00:09, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, complete
  Locator   Uptime    State      Pri/Wgt
  10.1.1.1  00:00:04  up           1/50 
  10.1.1.5  00:00:04  up           1/50 
192.168.4.0/24, uptime: 00:00:02, expires: 23:59:58, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  172.16.4.1  00:00:02  up           1/50

Useful Debugs

debug lisp control-plane link-layer
debug lisp control-plane etr-map-server
debug lisp control-plane etr-map-notify
debug lisp control-plane solicit-map-request
debug lisp control-plane map-server-registration
debug lisp control-plane map-server-map-notify
debug lisp control-plane messages (on xTR and MS)
debug lisp detail

References:

irakli_n · ‎10-01-2018

Hello Victor,

First of all thanks for such a detailed document.

May I ask for a help? I am trying to setup LISP ESM subnet extension solution. I am using following white paper documentation as a reference:

http://www.cisco.com/c/en/us/products/collateral/routers/cloud-services-router-1000v-series/white-paper-c11-731872.pdf

In my case I used 1000v at the central DC site and 892 at the remote sete to form LISP tunnels and extend the VLAN/network on DC site to the device connected to 892.

However it does not exactly work. The device connected to 892 can't get IP address when it is configured with DHCP. When configured with a static IP from the DC's VLAN the device on 892 can communicate to remote servers at DC, but it can't access internet or send traffic anywhere outside of the VLAN.

I suspect that there might be misconfiguration of Lisp on my PoC. Could you please tell where should I look into?

P.S. I have documented my case at the separate post with congifs and more explanation:

https://community.cisco.com/t5/routing/setting-up-lisp-between-1000v-and-892for-extended-subnet-esm

mhiyoshi · ‎01-27-2022

Hi Victor Acevedo,

Thank you for your precious information!

This is very useful to understand LISP overview and configuration.

I have a question, basically LISP can comunicate on the same segment?

Currently I am configuring the LISP xTR and MS/MR the different segment is OK. but same segment is unknown..

I appreciate if you can let me know any comment about this question, the attached is the image topology.

LISP fundamentals and Troubleshooting Basics

Introduction

Components Involved

EID-to-RLOC Mapping

Configure

Verify

Troubleshoot