hit counter script
Cisco Nexus 7000 Series Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Nexus 7000 Series
  6. Configuration manual

Cisco Nexus 7000 Series Configuration Manual

Nx-os lisp
Hide thumbs Also See for Nexus 7000 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Configuration Manual
Cisco Nexus 7000 Series NX-OS LISP Configuration Guide
First Published: 2016-12-23
Last Modified: 2018-07-05
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents
loading

Related Manuals for Cisco Nexus 7000 Series

Summary of Contents for Cisco Nexus 7000 Series

  • Page 1 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide First Published: 2016-12-23 Last Modified: 2018-07-05 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

  • Page 3: Table Of Contents

    LISP Guidelines and Limitations Default Settings for LISP Configuring Locator/ID Separation Protocol Enabling the LISP Feature Configuring LISP ITR/ETR (xTR) Functionality Configuring LISP ITR/ETR (xTR) Configuring Optional LISP ITR/ETR (xTR) Functionality Configuring LISP-ALT Functionality Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 4 Example: xTR Configuration Example: MSMR Configuration Example: Multi-Hop Mobility Interworking with Routing Protocols Configuration Additional References Feature Information for LISP ESM Multihop Mobility C H A P T E R 4 LISP Instance-ID Support Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 5 Example: Configuring a Private LISP Mapping System for LISP Parallel Model Virtualization Feature_History_for_Configuring LISP_Instance_ID C H A P T E R 5 Configuring LISP Delegate Database Tree (DDT) LISP Delegate Database Tree (DDT) Overview of DDT Restrictions for LISP Delegate Database Tree (DDT) Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 6 Use Case for LISP Local Extranet Policies Licensing Requirements for LISP Guidelines and Limitations for LISP Extranets Configuring LISP Extranets Configuring LISP Map Server with Extranet Policies Configuring LISP xTR functionality for Extranet Policies Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 7 Configuring Map-cache Application for Redistribution of RIB Routes into LISP Example: Redistribution of RIB Routes in LISP C H A P T E R 1 0 Configuration Limits for LISP Configuration Limits for LISP Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 8 Contents Cisco Nexus 7000 Series NX-OS LISP Configuration Guide viii...

  • Page 9: Preface

    This preface describes the audience, organization, and conventions of the Book Title. It also provides information on how to obtain related documentation. This chapter includes the following topics: Audience This publication is for experienced network administrators who configure and maintain Cisco NX-OS on Cisco Nexus 7000 Series Platform switches. Document Conventions Note •...

  • Page 10: Related Documentation

    Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Related Documentation Documentation for Cisco Nexus 7000 Series Switches is available at: • Configuration Guides http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/ products-installation-and-configuration-guides-list.html • Command Reference Guides http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/...

  • Page 11: Documentation Feedback

    What's New in Cisco Product Documentation. To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the . RSS feeds are a free service. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 12 Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 13: New And Changed Information

    LISP Extranets This feature was 8.3(1) Configuring LISP introduced. Extranets, on page 103 Redistribution of RIB This feature was 8.3(1) Redistribution of RIB Routes into LISP introduced. Routes into LISP, on page Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 14 New and Changed Information New and Changed Information Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 15: Configuring Locator Id Separation Protocol

    Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system. Splitting EID and RLOC functions improves routing system scalability, multihoming efficiency, and ingress traffic engineering. LISP end site support is configured on devices such as Cisco routers.

  • Page 16: Lisp Devices Overview

    LISP infrastructure components such as Map Server (MS), Map Resolver (MR), Proxy Ingress Tunnel Router (PITR), Proxy Egress Tunnel Router (PETR), and Alternative Topology (ALT). LISP Devices Overview The following devices are found in a full LISP deployment: Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 17: Lisp Site Devices

    LISP sites. A PITR advertises coarse-aggregate prefixes for the LISP EID namespace into the Internet, which attracts non-LISP traffic destined to LISP sites. The PITR then encapsulates and forwards this traffic Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 18: Licensing Requirements For Lisp

    LISP Guidelines and Limitations LISP has the following configuration guidelines and limitations: • LISP requires the Cisco Nexus 7000 Series 32-Port, 10 Gigabit Ethernet (M1) module (N7K-M132XP-12 or N7K-M132XP-12L), with Electronic Programmable Logic Device (EPLD) version 186.008 or later. • Use an Overlay Transport Virtualization (OTV) or another LAN extension mechanism to filter the HSRP hello messages across the data centers to create an active-active HSRP setup and provide egress path optimization for the data center hosts.

  • Page 19: Configuring Locator/Id Separation Protocol

    Configuring Locator ID Separation Protocol Configuring Locator/ID Separation Protocol Configuring Locator/ID Separation Protocol Enabling the LISP Feature You can enable the LISP feature on the Cisco NX-OS device. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode.
  • Page 20 {ip | ipv6} lisp etr map-server Configures the locator address of the LISP Map-Server to which this router, acting as an map-server-address key key-type authentication-key IPv4 or IPv6 LISP ETR, registers. Example: Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 21: Configuring Optional Lisp Itr/Etr (Xtr) Functionality

    Example: until the ETR can send its own Map-Request switch(config)# ipv6 lisp etr to one of the locators from the mapping data accept-map-request verify Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 22 1200 Step 7 (Optional) [no] lisp loc-reach-algorithm Enables or disables the use of a LISP locator reachability algorithm. Locator reachability {tcp-count | echo-nonce | algorithms are address-family independent. By rloc-probing} Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 23: Configuring Lisp-Alt Functionality

    Step 3 exit Exits global configuration mode. Example: switch(config)# exit switch# Step 4 (Optional) show {ip | ipv6} lisp Displays all configured IPv4 or IPv6 LISP configuration parameters. Example: switch# show ip lisp Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 24: Configuring Required Lisp Map-Resolver Functionality

    Related Topics Configuring LISP-ALT Functionality, on page 11 Configuring LISP Map-Server Functionality Configuring Required LISP Map-Server Functionality You can enable and configure LISP Map-Server (MS) functionality for both IPv4 and IPv6 address families. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 25 2001:db8:aa::/48 route-tag 12345 Step 7 Exits LISP site configuration mode. Example: switch(config-lisp-site)# end switch# Step 8 (Optional) show {ip | ipv6} lisp Displays all configured IPv4 or IPv6 LISP configuration parameters. Example: Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 26: Configuring Optional Lisp Map-Server Functionality

    LISP site configuration must also appear in the Map-Register message sent by the ETR for the Map-Register message to be accepted. Step 4 Exits LISP site configuration mode. Example: switch(config-lisp-site)# end switch# Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 27: Configuring Required Lisp Proxy-Itr Functionality

    Exits global configuration mode. Example: switch(config)# exit switch# Step 4 (Optional) show {ip | ipv6} lisp Displays all configured IPv4 or IPv6 LISP configuration parameters. Example: switch# show ip lisp Example: switch# show ipv6 lisp Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 28: Configuring Required Lisp Proxy-Etr Functionality

    Related Topics Configuring LISP-ALT Functionality, on page 11 Additional References This section includes additional information related to implementing LISP. Related Documents Related Topic Document Title Cisco NX-OS licensing Cisco NX-OS Licensing Guide Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 29: Standards

    LISP Map Server http://tools.ietf.org/html/draft-ietf-lisp-ms-05 Feature History for LISP Table 3: Feature History for LISP Feature Name Releases Feature Information LISP-ALT functionality 5.2(3) This functionality is no longer required to configure other LISP features. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 30 Configuring Locator ID Separation Protocol Feature History for LISP Feature Name Releases Feature Information Locator/ID Separation Protocol 5.2(1) This feature is introduced. (LISP) Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 31: Configuring Lisp Esm Multihop Mobility

    To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the Feature History table in this chapter. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 32: Information About Lisp Esm Multihop Mobility

    Cisco NX-OS This feature requires the LAN_ENTERPRISE_SERVICES_PKG license. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide. Guidelines and Limitations for LISP ESM Multihop Mobility LISP ESM multihop mobility has the following guidelines and limitations: •...

  • Page 33: Configuring Lisp Esm Multihop Mobility

    This section includes the following topics: Configuring the First-Hop Device Before you begin • Ensure that LISP is enabled on the Cisco NX-OS device. • Ensure that you are in the correct VDC. • Ensure that you have enabled the VLAN interfaces feature.
  • Page 34 (EID) state for hosts attached on their own subnet in order to track the movement of EIDs from one part of the subnet to another part of the same subnet. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 35: Configuring The Site Gateway Xtr

    Returns to privileged EXEC mode. Configuring the Site Gateway xTR Before you begin • Ensure that LISP is enabled on the Cisco NX-OS device. • Ensure that you are in the correct VDC. Procedure Command or Action Purpose...

  • Page 36: Configuring Xtr

    Returns to privileged EXEC mode. Configuring xTR Before you begin • Ensure that LISP is enabled on the Cisco NX-OS device. • Ensure that you are in the correct VDC. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 37: Configuring The Map Server

    Exits global configuration mode and returns to privileged EXEC mode. Configuring the Map Server Before you begin • Ensure that LISP is enabled on the Cisco NX-OS device. • Ensure that you are in the correct VDC. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 38 Step 1 switch# configure terminal Enters global configuration mode. Step 2 switch(config)# ip lisp itr map-resolver Configures a Cisco NX-OS device to act as an map-resolver-address IPv4 Locator/ID Separation Protocol (LISP) Map-Resolver (MR). Step 3 switch(config)# ip lisp etr map-server...

  • Page 39: Configuration Examples For Lisp Esm Multihop Mobility

    Configuration Examples for LISP ESM Multihop Mobility Configuration Examples for LISP ESM Multihop Mobility Figure 2: LISP ESM Multihop Topology This section includes the following examples for configuring the topology in the preceding figure: • Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 40: Example: First-Hop Router Configuration

    225.1.1.2 interface Vlan11 lisp mobility VLAN-11 lisp extended-subnet-mode ip address 10.1.1.3/24 ip ospf passive-interface ip router ospf 100 area 0.0.0.1 hsrp 1 ip 10.1.1.1 interface Vlan12 lisp mobility VLAN-12 lisp extended-subnet-mode Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 41 100 router eigrp 100 autonomous-system 100 redistribute lisp route-map LISP2EIGRP For FHA-2a: ip prefix-list DiscoveredServers seq 5 permit 10.1.0.0/22 ge 32 route-map LISP2EIGRP permit 10 match ip address prefix-list DiscoveredServers Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 42: Example: Site Gateway Xtr Configuration

    The following example shows how to configure the xTR (at Site 3): ip lisp itr-etr ip lisp database-mapping 198.51.100.0/24 172.21.1.5 priority 10 weight 50 ip lisp itr map-resolver 172.20.5.5 ip lisp etr map-server 172.20.5.5 key 3 0b50279df3929e28 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 43: Example: Msmr Configuration

    172.20.5.5 ip lisp etr map-server 172.20.5.5 key 3 0b50279df3929e28 lisp dynamic-eid site1 database-mapping 10.1.1.0/24 172.18.3.3 priority 10 weight 50 register-route-notifications Additional References This section includes additional information related to implementing LISP. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 44: Feature Information For Lisp Esm Multihop Mobility

    LISP topology. Dynamic-EID Route Import 6.2(8) This feature was introduced. This feature provides the ability for a Site Gateway xTR to perform server presence detection upon receiving host routes updates. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 45: Lisp Instance-Id Support

    It includes conceptual background and practical guidance, and provides multiple configuration examples. The purpose of network virtualization, as illustrated the following figure, is to create multiple, logically separated topologies across one common physical infrastructure. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 46: Prerequisites For Lisp Instance-Id Support

    VRF instance. An interior gateway protocol (IGP) or exterior gateway protocol (EGP) routing process is typically enabled within a VRF, just as it would be in the global (default) routing table. LISP binds VRFs to instance IDs for similar purposes. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 47: Path Level Virtualization

    Figure 6: Path Level Virtualization LISP Virtualization at the Device Level LISP implements Locator ID separation and thereby creates two namespaces; endpoint ID (EID) and routing locator (RLOC). Either or both of these can be virtualized. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 48: Default (Non-Virtualized) Lisp Model

    Instance IDs. A common, shared locator space is used by all virtualized EIDs. Figure 8: LISP Shared Model Virtualization resolves EIDs within VRFs tied to Instance IDs. The default (global) routing table is the shared space. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 49: Lisp Shared Model Virtualization Architecture

    ID and are part of a VPN using their own EID namespace. LISP instance IDs segment the LISP data plane and control plane. See the following figure. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 50: Lisp Shared Model Virtualization Implementation Considerations And Caveats

    LISP Parallel Model Virtualization The LISP parallel model virtualization ties the virtualized EID space associated with VRFs to RLOCs that are associated with the same or different VRFs (see the following figure). Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 51: Lisp Parallel Model Virtualization Architecture

    (segmented) core infrastructure and mapping system. All sites associated with the customer use the same instance ID and are part of a VPN using their own EID namespace, as shown in the following figure. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 52: Lispparallelmodelvirtualizationimplementationconsiderationsandcaveats

    • A new vrf instantiation, device lisp 3, is created and associated with the locator-table VRF named gamma. • The EID table VRF named delta is specified and also associated with instance ID 101. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 53: How To Configure Lisp Instance-Id Support

    The RLOC is IPv4, and IPv4 and IPv6 EID prefixes are configured. Each LISP site registers to a map server/map resolver (MS/MR) switch that is located in the network core within the shared RLOC address space. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 54 (xTR1 and xTR2). Summary Steps Before you begin, create the VRF instances by using the vrf definition command. Before you begin Create the VRFs using the vrf definition command. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 55 The locator address of the map resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map resolver is reachable using its IPv4 locator address. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 56 You can configure up to two map resolvers if multiple map resolvers are available. Step 12 ipv6 lisp etr map-server map-server-address Configures a locator address for the LISP key key-type authentication-key map-server and an authentication key that this Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 57 Enables LISP ETR functionality for the IPv4 address family. Example: switch(config)# ip lisp etr Step 18 Enables LISP ITR functionality for the IPv6 ipv6 lisp itr address family. Example: switch(config)# ipv6 lisp itr Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 58 Step 25 (Optional) show [ip | ipv6] lisp database [ The show ip lisp database and show ipv6 lisp vrf vrf-name] database commands quickly verify the operational status of the database mapping on Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 59: Configuring A Private Lisp Mapping System For Lisp Shared Model Virtualization

    Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal Step 2 lisp site site-name Specifies a LISP site named LEFT and enters LISP site configuration mode. Example: Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 60 In this example, the IPv6 EID Note prefix 2001:db8:a:b::/64 and instance ID 102 are associated together. Step 6 exit Exits LISP site configuration mode and returns to global configuration mode. Example: switch(config-lisp-site)# exit Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 61 The show lisp site command displays the operational status of LISP sites, as configured Example: on a map server. This command only applies to a switch configured as a map server. switch(config)# show lisp site Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 62: Configuring Large-Scale Lisp Shared Model Virtualization

    "Headquarters" (HQ) site, and two remote office sites. The HQ site switches are deployed as xTRs and also as map resolver/map servers. The remote sites switches act as xTRs, and use the MS/MRs at the HQ site for LISP control plane support. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 63 • Each remote site CPE switch functions as a LISP ITR and ETR (xTR). • Each LISP xTRs has the same three VRFs as the HQ Site: TRANS, SOC, and FIN. Each VRF contains only IPv4 EID-prefixes. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 64 EID-prefix 10.1.0.0/16 is assumed to be an aggregate that covers all TRANS EID-prefixes at all LISP Sites. Use accept-more-specifics to allow each site to register its more-specific EID-prefix contained within that aggregate. If Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 65 ID for the LISP site are configured. Step 12 ip lisp etr map-server map-server-address Configures a locator address for the LISP map key key-type authentication-key server and an authentication key, which this Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 66 The locator address of the map Note resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map resolver is reachable using its IPv4 locator address. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 67 IPv4 locators addresses. Example: switch(config-vrf)# ip lisp locator-vrf BLUE Step 18 ipv6 lisp locator-vrf default Configures a nondefault VRF table to be referenced by any IPv6 locator addresses. Example: Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 68 Step 23 (Optional) show [ip | ipv6] lisp The show ip lisp and show ipv6 lisp commands are useful for quickly verifying the Example: operational status of LISP as configured on Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 69: Configuring A Remote Site For Large-Scale Lisp Shared Model Virtualization

    The remote site switches only act as xTRs, and use the MS/MRs at the HQ site for LISP control plane support. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 70 Create the VRFs using the vrf definition command and verify that the Configure a Large-Scale LISP Shared Model Virtualization task has been performed at one or more central (headquarters) sites. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Switch# configure terminal Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 71 • In this example, a redundant map server Switch(config-vrf)# ip lisp etr map-server 172.16.1.6 key 0 TRANS-key is configured. (Because the MS is co-located with the xTRs in this case, this command indicates that this xTR is Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 72 The locator address of the map resolver may be an IPv4 or IPv6 address. In this example, because each xTR has only IPv4 RLOC connectivity, the map resolver is reachable using its IPv4 locator address. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 73 • natively forwarded when traffic is LISP-to-non-LISP • Packets are deemed to be a candidate for LISP encapsulation when they are sourced from a LISP EID and the destination matches one of the following entries: Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 74 Step 20 clear [ip | ipv6] lisp map-cache [vrf vrf-name] The clear ip lisp map-cache and clear ipv6 lisp map-cache commands remove all IPv4 Example: or IPv6 dynamic LISP map-cache entries Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 75: Configuring Simple Lisp Parallel Model Virtualization

    EID-prefixes, as shown in the figure above. Note the overlapping prefixes, used for illustration purposes. A LISP instance ID is used to maintain separation between two VRFs. The share key is configured “per-VPN." Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 76 Configures a locator address for the LISP map resolver to which this switch will send map Example: request messages for IPv4 EID-to-RLOC mapping resolutions. switch(config)# ip lisp itr map-resolver 10.0.2.2 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 77 Configures a locator address for the LISP map map-resolver-address resolver to which this switch will send map request messages for IPv6 EID-to-RLOC Example: mapping resolutions. switch(config)# ipv6 lisp itr map-resolver 10.0.2.2 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 78 All IPv4 EID-sourced packets destined to both LISP and non-LISP sites are forwarded in one of two ways: switch(config)# ip route vrf BLUE 0.0.0.0 0.0.0.0 10.0.0.1 • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 79 If the destination is another LISP site, packets are LISP-encapsulated (using IPv4 RLOCs) to the remote site. If the destination is non-LISP, all IPv6 EIDs are LISP-encapsulated to a Proxy ETR (PETR) –assuming one is configured. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 80 LISP control plane. vrf vrf1 This command applies to a LISP switch that switch(config)# clear ip lisp map-cache vrf vrf1 maintains a map cache (for example, if configured as an ITR or PITR). Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 81: Configuring A Private Lisp Mapping System For Lisp Parallel Model Virtualization

    Perform this task to configure and enable standalone LISP map server/map resolver functionality for LISP parallel model virtualization. In this task, a Cisco switch is configured as a standalone map resolver/map server (MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a stand-alone switch, it has no need for LISP alternate logical topology (ALT) connectivity.
  • Page 82 • In this example, the IPv6 EID prefix 2001:db8:a:a::/64 and instance ID 101 are associated together. Step 6 exit Exits LISP site configuration mode and returns to global configuration mode. Example: Switch(config-lisp-site)# exit Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 83 [ip | ipv6] lisp database [ vrf vrf-name] The show ip lisp database and show ipv6 lisp database commands are useful for quickly Example: verifying the operational status of the database Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 84: Configuration Examples For Lisp Instance-Id Support

    192.168.1.0/24 10.0.0.2 priority 1 weight 100 lisp instance-id 102 ipv6 lisp locator-vrf default ip lisp locator-vrf default ipv6 lisp itr map-resolver 10.0.2.2 ip lisp itr map-resolver 10.0.2.2 ipv6 lisp etr map-server 10.0.2.2 key Left-key Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 85 10.0.2.2 key Right-key ip lisp etr map-server 10.0.2.2 key Right-key interface Ethernet0/0 ip address 10.0.1.2 255.255.255.0 interface Ethernet1/0.1 encapsulation dot1q 101 vrf forwarding PURPLE ip address 192.168.2.1 255.255.255.0 ipv6 address 2001:DB8:A:B::1/64 interface Ethernet1/0.2 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 86: Example: Configuring A Private Lisp Mapping System For Lisp Shared Model Virtualization

    Right-key eid-prefix instance-id 101 192.168.2.0/24 eid-prefix instance-id 101 2001:DB8:A:B::/64 eid-prefix instance-id 102 192.168.2.0/24 eid-prefix instance-id 102 2001:DB8:B:B::/64 exit ipv4 map-server ipv4 map-resolver ipv6 map-server ipv6 map-resolver exit ip route 0.0.0.0 0.0.0.0 10.0.2.1 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 87: Example: Configuring Large-Scale Lisp Shared Model Virtualization

    172.16.1.6 key SOC-key ip lisp locator-vrf default vrf context TRANS ip lisp itr ip lisp etr ip lisp database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 88 SOC ip lisp itr ip lisp etr ip lisp database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50 ip lisp database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50 lisp instance-id 2 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 89: Example: Configuring A Remote Site For Large-Scale Lisp Shared Model Virtualization

    10.2.2.1/24 interface Ethernet 2/4 vrf member FIN ip address 10.3.2.1/24 ip lisp itr ip lisp etr ip lisp map-resolver ip lisp map-server ip lisp database-mapping 172.31.1.2/32 172.16.2.2 priority 1 weight 100 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 90: Example: Configuring Simple Lisp Parallel Model Virtualization

    EID prefixes are assumed to be attached to VLANs configured on the switches. This example shows how to configure the left xTR: hostname Left-xTR ipv6 unicast-routing vrf definition PURPLE address-family ipv4 exit address-family ipv6 exit vrf definition GOLD address-family ipv4 exit address-family ipv6 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 91 PURPLE address-family ipv4 exit address-family ipv6 exit vrf definition GOLD address-family ipv4 exit address-family ipv6 exit interface Ethernet0/0 ip address 10.0.1.2 255.255.255.0 interface Ethernet1/0.1 encapsulation dot1q 101 vrf forwarding PURPLE Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 92: Example: Configuring A Private Lisp Mapping System For Lisp Parallel Model Virtualization

    GREEN address-family ipv4 exit ipv6 unicast-routing interface Ethernet0/0.101 encapsulation dot1Q 101 vrf forwarding BLUE ip address 10.0.0.2 255.255.255.0 interface Ethernet0/0.102 encapsulation dot1Q 102 vrf forwarding GREEN ip address 10.0.0.2 255.255.255.0 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 93: Feature_History_For_Configuring Lisp_Instance_Id

    This table lists the release history for this feature. Table 5: Feature History for Configuring LISP Instance ID Feature Name Releases Feature Information Locator/ID Separation Protocol 6.2(2) This feature is introduced. (LISP) Instance ID Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 94 LISP Instance-ID Support Feature History for Configuring LISP Instance ID Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 95: Configuring Lisp Delegate Database Tree (Ddt)

    • If LISP is enabled, nondisruptive upgrade (ISSU) and nondisruptive downgrade (ISSD) paths are not supported. Disable LISP prior to any upgrade. This restriction only applies to releases before 6.2(2) but not to this release or to future LISP releases. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 96: Configuring Lisp Delegate Database Tree (Ddt)

    Exits global configuration mode and returns to privileged EXEC mode. Example: Switch(config)# exit Step 7 show lisp ddt vrf vrf-name Displays the configured DDT root(s) and/or DDT delegation nodes on a switch enabled for Example: Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 97: Configuration Examples For Lisp Delegate Database Tree (Ddt)

    The child DDT Map-Server for 10.16.0.0/12 is further configured to allow ETRs to register the sub-prefixes 10.18.0.0/16 and 10.17.0.0/16: Switch(config)# lisp ddt authoritative-prefix instance-id 223 eid-prefix 10.16.0.0/12 Switch(config)# lisp site site-1 eid-prefix 10.18.0.0/16 instance-id 223 Switch(config)# Switch(config)# lisp site site-2 Switch(config)# eid-prefix 10.17.0.0/16 instance-id 223 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 98: Feature History For Lisp Delegate Database Tree

    Feature History for Delegate Database Tree Table 6: Feature History for LISP Delegate Database Tree Feature Name Releases Feature Information Locator/ID Separation Protocol 6.2(2) This feature is introduced. (LISP) Delegate Database Tree (DDT) Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 99: Configuring Lisp Multicast

    Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 100: Restrictions For Lisp Multicast

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
  • Page 101 Map-Requests for IPv4 EID-to-RLOC map-resolver 10.0.0.2 mapping resolution. Note Up to two map resolvers may be configured if multiple map resolvers are available. (See the LISP Command Reference for more details.) Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 102: Configuration Example For Lisp Multicast

    Configuration Example for LISP Multicast Example: Configuring LISP Multicast The following example shows how to configure Locator/ID Separation Protocol (LISP) Multicast on either the Egress Tunnel Router (ETR) or the Ingress Tunnel Router (ITR): Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 103: Feature History For Lisp Multicast

    Table 7: Feature History for LISP Multicast Feature Name Releases Feature Information Locator/ID Separation Protocol 6.2(2) This feature is introduced. (LISP) Multicast Note LISP Multicast feature is supported on the F3 series module. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 104 Configuring LISP Multicast Feature History for LISP Multicast Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 105: Lisp Support For Disjointed Rloc Domains

    The inherent property of LISP, which separates IP addresses into two address spaces, gives it the ability to connect disjointed RLOC domains through simplified configuration mechanisms. The key components are Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 106 Tunnel Router (PETR), the PITR and PETR features must be enabled on the RTR. Note Cisco Nexus 7000 Series device is used for the PxTR (a device performing PITR and PETR functions) and RTR functions. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 107 • Two virtual routing and forwarding (VRF) instances are created on the RTRs, one for the underlay (VRF core), and one for the overlay (VRF vrf5000). Note Map-Servers and RTRs can be connected to eight locator scopes or address spaces. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 108: How To Configure Lisp Support For Disjointed Rloc Domains

    (config)# feature lisp Step 2 Create two VRF instances on the RTR, one for the underlay (VRF core), and one for the overlay (VRF vrf5000). Configure LISP parameters for the core VRF Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 109 192.0.2.1/32 isis circuit-type level-1-2 ip router isis 100 ip pim sparse-mode The configured loopback interface IP address is used for IS-IS communication within the LISP site, and is added to VRF core. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 110 192.0.2.1/32 isis circuit-type level-1-2 ip router isis 100 ip pim sparse-mode The configured loopback interface IP address is used for IS-IS communication within the LISP site, and is added to VRF core. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 111: Verifying Lisp Support For Disjointed Rloc Domains

    Map-Server to consider disjointed RLOCs in its Map-Request handling logic. • A device with IOS XE software is used for the role of Map-Server, and not a Cisco Nexus 7000 Series device. The Map-Server configuration is documented for reference and completeness. For information, see IP Routing: LISP Configuration Guide, Cisco IOS XE Release 3S.
  • Page 112 In the following example, corresponding LISP site information for the MSMR is displayed. The information includes, EID, IID, and locator information. MSMR# show lisp site detail EID-prefix: 198.51.100.10/32 instance-id 5000 First registered: 08:12:10 Last registered: 08:12:10 Routing table tag: Origin: Dynamic, more specific of 203.0.0.0/16 Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 113: Feature History For Lisp Support For Disjointed Rloc Domains

    This table lists the release history for this feature. Table 8: Feature History for LISP Support for Disjointed RLOC Domains Feature Name Release Feature Information Connecting LISP Disjointed 8.1(1) This feature was introduced. RLOC Domains Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 114 LISP Support for Disjointed RLOC Domains Feature History for LISP Support for Disjointed RLOC Domains Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 115: Configuring Lisp Extranets

    Information About LISP Extranets Starting from Cisco NX-OS 8.3(1), LISP Extranets support is added to the Locator ID Separator Protocol (LISP) in Cisco NX-OS. Campus fabric architecture for enterprise network uses LISP as its overlay control protocol. LISP based...

  • Page 116: Use Case For Lisp Extranets

    Egress Tunnel Router) discover the leaked routes on demand, as part of the regular route discovery process. The implementation of LISP Extranets on LISP includes the following features: • A Map Server (MS) device running Cisco IOS XE Everest 16.9.1 release or later, where the user can establish LISP Extranet policies.
  • Page 117 4. xTR1 receives the map-reply from the MS. It sees that it contains a valid Home IID within the map reply. • The Home IID is different from the IID (IID 100) that was used to send the map request. • xTR1 learns this mapping as an extranet route. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 118: Use Case For Lisp Local Extranet Policies

    Cisco NX-OS This feature requires the LAN_ENTERPRISE_SERVICES_PKG license. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide. Guidelines and Limitations for LISP Extranets LISP has the following configuration guidelines and limitations for the LISP Extranets feature:...

  • Page 119: Configuring Lisp Extranets

    Configuring LISP Extranets Configuring LISP Extranets • Only one provider IID is supported per policy configuration on Cisco IOS XE Everest 16.9.1 release. Configuring LISP Extranets This section includes the following topics: Configuring LISP Map Server with Extranet Policies The LISP Extranet feature is configured through the extranet policies. Users can configure these policies as part of the Map Server (MS) configuration and the xTR routers will dynamically learn the policies.
  • Page 120 MS(config-router-lisp)# extranet ext_policy_1 MS(config-router-lisp-extranet)# eid-record-provider instance-id 300 MS(config-router-lisp-extranet)# ip-any MS(config-router-lisp-extranet)# exit-eid-record-provider MS(config-router-lisp-extranet)# eid-record-subscriber instance-id 100 MS(config-router-lisp-extranet)# ip-any MS(config-router-lisp-extranet)# exit-eid-record-subscriber MS(config-router-lisp-extranet)# eid-record-subscriber instance-id 200 MS(config-router-lisp-extranet)# ip-any MS(config-router-lisp-extranet)# exit-eid-record-subscriber Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 121: Configuring Lisp Xtr Functionality For Extranet Policies

    Configuring LISP xTR functionality for Extranet Policies The LISP Extranet support is enabled once the Map Server (MS) device is configured with the Cisco IOS Everest 16.9.1 release and later. The xTRs in a LISP network dynamically learn the policies, and allow hosts from one VRF IID to talk to hosts from other VRF IIDs.
  • Page 122 VRF called VRF3 with an IID of 300. The source map-cache contains an additional field called Encap-IID. The traffic flowing through this map-cache will be encapsulated using its packets using the Encap-IID 100 and Encap-IID 200. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 123 Users can share resources across VRFs on the same device using LISP Extranets. All the configurations are done on the Map Server (MS). The xTRs in a LISP network dynamically learn the policies and share the policies across VRFs. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 124 10.4.0.0/16 10.10.10.3 priority 1 weight 100 switch(config-vrf)# ipv6 lisp database-mapping 2001:DB8:4::/48 10.10.10.3 priority 1 weight switch(config-vrf)# lisp instance-id 400 switch(config-vrf)# ip lisp locator-vrf underlay switch(config-vrf)# ipv6 lisp locator-vrf underlay switch(config-vrf)# exit Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 125 VRF4 IP Route Table for VRF ”VRF4” 10.3.0.0/16, ubest/mbest: 1/0 time *via 10.3.0.1%VRF3, Vlan300, [10/1], 00:49:27, lisp, eid 10.4.0.0/16, ubest/mbest: 1/0 time, attached *via 10.4.0.1, Vlan400, [0/0], 00:49:27, direct Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 126 Configuring LISP Extranets Verifying LISP Local Extranets Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 127: Redistribution Of Rib Routes Into Lisp

    Information About Redistribution of RIB Routes into LISP Starting with Cisco NX-OS 8.3(1), the Locator ID Separation Protocol (LISP) supports the redistribution of RIB routes into LISP feature. This feature allows LISP to import Layer 3 RIB routes in use for internal applications.

  • Page 128: Configuring Database Application For Redistribution Of Rib Routes Into Lisp

    Creates a new VRF and enters VRF configuration mode. Example: The value of the vrf-name is any case-sensitive, switch(config)# vrf context VRF1 alphanumeric string of up to 32 characters. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 129: Configuring Map-Cache Application For Redistribution Of Rib Routes Into Lisp

    Configuring Map-cache Application for Redistribution of RIB Routes into LISP The LISP Ingress Tunnel Routers (ITRs) import the remote EID map caches and program them into the platform. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 130 (for example, IPv6 for the ip proxy-itr command. Step 4 lisp instance-id iid Configures an instance ID to be associated with endpoint identifier (EID)-prefixes for LISP. Example: The range is from 1 to 16777215. switch(config-vrf)# lisp instance-id Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 131: Example: Redistribution Of Rib Routes In Lisp

    Displays LISP ITR configured local IPv4 EID vrf-name prefixes. map-cache Example: Redistribution of RIB Routes in LISP The following example shows the redistribution of RIB routes in database and map-cache applications in a LISP topology. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 132 OSPF network as database-mappings that are then registered with the Mapping System. The figure Redistribute RIB Routes into Database Topology shows the devices for configuring the LISP route import feature for the database application. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 133 Verify that the OSPF has programmed the target prefix in the routing table. xTR1# show ip route 192.168.1.1 vrf VRF1 IP Route Table for VRF “VRF1” '*' denotes best ucast next-hop '**' denotes best mcast next-hop Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 134 LISP as map-caches that can be resolved using LISP to optimize the path to destination device. The figure Redistribute RIB Routes into Map-cache Topology shows the devices configured for the LISP RIB route redistribution for the map-cache application. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 135 Once a prefix is imported as a map-cache, the routing table shows how LISP takes over the prefix to ensure an optimized path through the LISP overlay to the destination device. xTR2# show ip route 192.168.2.2 vrf VRF1 IP Route Table for VRF ”VRF1" '*' denotes best ucast next-hop Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 136 Specificatons Maximum Import : 1000 Threshold pct : 75% Warn only Withdraw Routes Imported Rejected by limit : 0 Warned protocol : bgp-65536 policy : RM_BGP_to_LISP bind_pending type : Route Import Policy Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...

  • Page 137: C H A P T E

    This chapter contains the following sections: • Configuration Limits for LISP, on page 125 Configuration Limits for LISP The configuration limits are documented in the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide. Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 138 Configuration Limits for LISP Configuration Limits for LISP Cisco Nexus 7000 Series NX-OS LISP Configuration Guide...
  • Page 139 LISP shared model virtualization ip lisp etr map-request-source command example ip lisp etr map-server command default (non-virtualized) LISP model Cisco Nexus 7000 Series NX-OS LISP Configuration Guide IN-1...
  • Page 140 Virtual Routing and Forwarding, See VRF lisp loc-reach-algorithm command 87, 88, 90 LISP multicast configure configuration example LISP-ALT configuring features generic lisp tunnel mapping system restrictions definition lisp site command Cisco Nexus 7000 Series NX-OS LISP Configuration Guide IN-2...

Table of Contents