06-26-2024 02:29 AM
What is the default when Proxy xTR and PETR features are enabled?
Will all communication flow from the on-premises Router to the Internet environment?
If we want to enable communication flow to the Internet on each router, do we need to configure each router with a default
configuration on each router to achieve the communication flow to the Internet?
ip route 0.0.0.0 0.0.0.0 gateway
When using the SmartLicense direct authentication method from each router
We believe that each router needs to be configured with a default route to communicate with the Internet.
The following configuration is assumed in this case.
<Configuration diagram
---------|L3SW|-----------|Router|------WAN------|Azure Router|---------
<Role>
・Router is on-premises.
・Azure Router is in the cloud.
・Router plays the role of xTR, MR/MS and Proxy xTR.
・Azure Router is in the role of XTR.
・Azure Router is an IPv4 locator and uses PETR ipv4 use-petr ”Router IP”
・L3SW has a SVI for the VLAN of the segment extending to Azure.
・The SVI of the VLAN of the segment to be extended to Azure exists in the L3SW.
・Routing-based IPSEC-VPN is used between the Router and Azure Router.
・Connect L3SW and Router by trunk.
06-26-2024 02:39 AM - edited 06-26-2024 02:40 AM
Hello @hina316
When Proxy ITR and Proxy ETR are configured in a LISP environment, they handle routing between LISP-enabled networks and non-LISP (internet) destinations, theoretically reducing the need for a traditional default route on each router.
However, it depends on your specific network design and requirements...
By definition, PITR advertises routes to non-LISP destinations into the LISP network, allowing LISP sites to reach non-LISP destinations. And PETR receives traffic from LISP sites destined for non-LISP destinations and forwards it accordingly.
In such a setup, PITR and PETR handle the routing for LISP-to-non-LISP communication. Therefore, if the network is designed so that all traffic to non-LISP sites is correctly managed by the PITR and PETR, an explicit default route (ip route 0.0.0.0 0.0.0.0 [gateway-IP]) on each router might not be necessary.
If the network design or specific requirements dictate that some traffic needs to bypass the LISP infrastructure or if there's any non-LISP traffic that needs direct routing to the Internet, then configuring a default route is necessary. For scenarios like Smart lcense direct authentication, a default route is often required to ensure that each router can directly reach the Internet for licensing purposes...
06-27-2024 07:31 PM
Hello M02@rt37
Thank you for all your good answers.
I am going to proceed without Proxy xTR.
The only communication for internet will be through smartlicense.
The base config is as shown in the following page.
Deploying Cisco Catalyst 8000V Edge Software on Microsoft Azure - Configure LISP Layer 2 Extension [Cisco Catalyst 8000V Edge Software] - Cisco
What we would like to do is as follows.
Any additional comments would be appreciated.
1.We need communication from Azure to the NW segment in the DC.
⇒Communication for DC from terminal moved to Azure is Default gateway for terminals moved from on-prem to Azure
(L3SW on-premises) of the terminal migrated from on-premises to Azure.
2.The authentication from DC and Azure to SmartLicense is required.
⇒It is assumed that the communication flow will be from the router directly to the Internet.
3.We will prepare a new subnet in the virtual network of Azure.
This new subnet is a segment that does not exist on-premise.
Also, it is necessary to be able to communicate from the terminal moved to this subnet.
⇒User-defined route (UDR) in Azure to this segment.
We assume that the flow will be able to communicate by setting the destination to CiscoRouter on Azure in Azure's UDR (user defined route) to this segment.
4.The terminal moved to Azure will need to communicate directly to the Azure internet without going through Proxy XTR.
The terminal moved to Azure needs to communicate directly to Azure's internet without going through Proxy XTR.
⇒We are aware that Proxy XTR is not necessary.
07-10-2024 02:27 AM
Hello M02@rt37
Can you tell us about your inquiry?
I hope to not have caused any inconvenience. Thank you for your cooperation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide