Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
240
Views
0
Helpful
3
Replies

Defaults when using LISP protocols

hina316
Level 1
Level 1

‎06-26-2024 02:29 AM

What is the default when Proxy xTR and PETR features are enabled?
Will all communication flow from the on-premises Router to the Internet environment?

If we want to enable communication flow to the Internet on each router, do we need to configure each router with a default
configuration on each router to achieve the communication flow to the Internet?
ip route 0.0.0.0 0.0.0.0 gateway

When using the SmartLicense direct authentication method from each router
We believe that each router needs to be configured with a default route to communicate with the Internet.
The following configuration is assumed in this case.

<Configuration diagram
---------|L3SW|-----------|Router|------WAN------|Azure Router|---------

<Role>
・Router is on-premises.
・Azure Router is in the cloud.
・Router plays the role of xTR, MR/MS and Proxy xTR.
・Azure Router is in the role of XTR.
・Azure Router is an IPv4 locator and uses PETR ipv4 use-petr ”Router IP”
・L3SW has a SVI for the VLAN of the segment extending to Azure.
・The SVI of the VLAN of the segment to be extended to Azure exists in the L3SW.
・Routing-based IPSEC-VPN is used between the Router and Azure Router.
・Connect L3SW and Router by trunk.

Labels:
0 Helpful
3 Replies 3

M02@rt37
VIP
VIP

‎06-26-2024 02:39 AM - edited ‎06-26-2024 02:40 AM

Hello @hina316 

When Proxy ITR and Proxy ETR  are configured in a LISP environment, they handle routing between LISP-enabled networks and non-LISP (internet) destinations, theoretically reducing the need for a traditional default route on each router.

However, it depends on your specific network design and requirements...

By definition, PITR advertises routes to non-LISP destinations into the LISP network, allowing LISP sites to reach non-LISP destinations. And PETR receives traffic from LISP sites destined for non-LISP destinations and forwards it accordingly.

In such a setup, PITR and PETR handle the routing for LISP-to-non-LISP communication. Therefore, if the network is designed so that all traffic to non-LISP sites is correctly managed by the PITR and PETR, an explicit default route (ip route 0.0.0.0 0.0.0.0 [gateway-IP]) on each router might not be necessary.

If the network design or specific requirements dictate that some traffic needs to bypass the LISP infrastructure or if there's any non-LISP traffic that needs direct routing to the Internet, then configuring a default route is necessary. For scenarios like Smart lcense direct authentication, a default route is often required to ensure that each router can directly reach the Internet for licensing purposes...

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

hina316
Level 1
Level 1
In response to M02@rt37

‎06-27-2024 07:31 PM

Hello M02@rt37 

Thank you for all your good answers.

I am going to proceed without Proxy xTR.
The only communication for internet will be through smartlicense.

The base config is as shown in the following page.
Deploying Cisco Catalyst 8000V Edge Software on Microsoft Azure - Configure LISP Layer 2 Extension [Cisco Catalyst 8000V Edge Software] - Cisco
What we would like to do is as follows.
Any additional comments would be appreciated.

1.We need communication from Azure to the NW segment in the DC.
⇒Communication for DC from terminal moved to Azure is Default gateway for terminals moved from on-prem to Azure
(L3SW on-premises) of the terminal migrated from on-premises to Azure.

2.The authentication from DC and Azure to SmartLicense is required.
⇒It is assumed that the communication flow will be from the router directly to the Internet.

3.We will prepare a new subnet in the virtual network of Azure.
 This new subnet is a segment that does not exist on-premise.
 Also, it is necessary to be able to communicate from the terminal moved to this subnet.
⇒User-defined route (UDR) in Azure to this segment.
We assume that the flow will be able to communicate by setting the destination to CiscoRouter on Azure in Azure's UDR (user defined route) to this segment.

4.The terminal moved to Azure will need to communicate directly to the Azure internet without going through Proxy XTR.
The terminal moved to Azure needs to communicate directly to Azure's internet without going through Proxy XTR.
⇒We are aware that Proxy XTR is not necessary.

0 Helpful

hina316
Level 1
Level 1
In response to hina316

‎07-10-2024 02:27 AM

Hello M02@rt37 
Can you tell us about your inquiry? 
I hope to not have caused any inconvenience. Thank you for your cooperation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card