LISP Lab Guide

Developers and Lab Proctors

Version 1.0 – Created by Gregg Schudel, TME – LISP Team, 05 Sep 2010
Version 1.1 – Updated by Nick Mitchell, Gregg Schudel, 27 Nov 2012
Version 2.0 – Updated by Gregg Schudel, 02 May 2013
Lab proctor: Gregg Schudel and Nick Mitchell

The Locator/ID Separation Protocol (LISP) implements a new routing architecture via a set of
protocols that utilize a level of indirection to separate an IP address into two namespaces:
Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators (RLOCs),
which are assigned to devices (primarily routers) that make up the global routing system. In
addition to helping solve routing scalability issues, LISP provides many other benefits, including:
simplified and cost-effective multi-homing, including ingress traffic engineering; IP address (host)
mobility, including session persistence across mobility events; IPv6 transition support, including
incremental deployment of IPv6 using existing IPv4 infrastructure (or IPv4 over IPv6); and
simplified, highly-scalable network virtualization.

LISP is deployed primarily in network edge devices. It requires no changes to host stacks, DNS,
or local network infrastructure, and little to no major changes to existing network infrastructures.

Lab Exercises
Lab participant will learn about the basics of the LISP protocol and a general deployment
architecture, as well as general configuration, verification, and troubleshooting concepts.
This lab guide includes the following exercises:
• Lab Exercise 1: Topology Review, including LISP Mapping and Proxy Services
• Lab Exercise 2: Deploying LISP-to-LISP for IPv4
• Lab Exercise 3: Deploying LISP-to-LISP for IPv6 with IPv4 Locators
• Lab Exercise 4: Deploying LISP-to-non-LISP for IPv4 EIDs with IPv4 Locators
• Lab Exercise 5: Deploying LISP-to-non-LISP for IPv6 EIDs with IPv4 Locators
• Lab Exercise 6: Deploying LISP Multi-Homing with IPv4 Locators
• Lab Exercise 7: Deploying LISP Multi-Homing with IPv4 and IPv6 Locators

Lab participants must normally complete these exercises “in order,” starting at Lab Exercise 1,
and working through the set. In this version, the option has been added to “jump in” to any Lab
Exercise at any time as the starting point. To skip to a specific exercise, issue the following
command on R112-xTR and R116-xTR:
RTR112#<start#>
where start# is the desired starting point. That is, if you wish to being at Exercise 3, then indicate
this to the system by entering R112-xTR#start3 (and similar on R116-xTR). (Note that starting
at Lab Exercise 1 or Lab Exercise 2 results in the same initial configurations.)

  1  
Lab Topology and Access
Every attendee will be given access to a POD including seven Cisco routers.

Lab Topology
The base topology used for the lab is shown below. In the topology, routers R111 and R112
make up LISP Site 1, and R116 and R117 make up LISP Site 2. This could represent two
different Enterprise sites, or two sites related to one Enterprise network. Router R113 represents
the Internet (core). Routers R114 and R115 provide LISP Mapping Services and Proxy Services
support, respectively.
 

 
 
 
 
 
 
 
 
 
 
 
 
   

  2  
Lab Exercise 1: Topology Review, Including
LISP Mapping Services Components
 
Exercise Description
In Exercise 1, you will explore the basic topology, review the Core configurations, and understand
the basic routing of the “underlying” core network. You will also review the LISP configurations on
the Map-Server (R114) and Proxy-Ingress/Egress Tunnel Router (R115).

Exercise Objective
As the intention of this Lab exercise is to familiarize you with the overall topology, and the core
network configurations and routing. The underlying IP connectivity for the lab topology has
already been pre-configured. The LISP Map-Server and PxTR have also been pre-configured.

By completing this exercise, you will learn the functions, baseline configurations, and forwarding
characteristics of each router in the topology. This will provide you with knowledge of this
topology that is required to complete the LISP deployments that follow.

Lab Exercise Steps

Step 1 Review the IPv4 and IPv6 addressing, configurations, and connectivity for LISP Site 1
(routers R111 and R112) and LISP Site 2 (routers R116 and R117).
LISP Site 1:
• R111 is used as a “host” for LISP EID addresses within LISP Site 1. It will be used later
during ping testing. R111 has four Loopback interfaces, each with an IPv4/32 and IPv6/128
address from the LISP EID address space for Site 1 of 192.168.1.0/24 and
2001:db8:A:1::/64. R111 has one infrastructure link (E0/0) connecting it to R112 with
addresses of 172.16.1.1/30 and 2001:db8:a:2::1/64.

R111-Host1#show ip interface brief | exclude un|down

Interface IP-Address OK? Method Status Protocol
Ethernet0/0 172.16.1.1 YES manual up up
Loopback1 192.168.1.1 YES manual up up
Loopback2 192.168.1.2 YES manual up up
Loopback3 192.168.1.3 YES manual up up
Loopback4 192.168.1.4 YES manual up up
R111-Host1#

R111-Host1#show ipv6 interface brief | exclude un|down|FE

Ethernet0/0 [up/up]
2001:DB8:A:2::1
Loopback1 [up/up]
2001:DB8:A:1::1
Loopback2 [up/up]
2001:DB8:A:1::2
Loopback3 [up/up]
2001:DB8:A:1::3
Loopback4 [up/up]
2001:DB8:A:1::4
R111-Host1#

• In later exercises, R112 will be the LISP Ingress Tunnel Router/Egress Tunnel Router
(ITR/ETR) (abbreviated xTR) for LISP Site 1. R112 has three uplinks connecting it to Core
router R113, as well as the internal link connecting it to R111. The uplinks to R113 (E1/1,
E1/2, and E1/3) will be used as the locators (RLOCs) for LISP in later exercises. Note that
Loopback0 is also configured with IPv4 and IPv6 EID addresses; these will be useful for
sourcing packets within the EID prefix range during testing in later exercises.

  3  
 R112-xTR#show ip interface brief | exclude admin|un|Int
Ethernet0/0 172.16.1.2 YES manual up up
Ethernet1/1 10.0.1.2 YES manual up up
Ethernet1/2 10.0.2.2 YES manual up up
Loopback0 192.168.1.254 YES manual up up

R112-xTR#

R112-xTR#show ipv6 interface brief | exclude un|down|FE

Ethernet0/0 [up/up]
2001:DB8:A:2::2
Ethernet1/1 [up/up]
Ethernet1/2 [up/up]
Ethernet1/3 [up/up]
2001:DB8:2:3::2
Loopback0 [up/up]
2001:DB8:A:1::254

R112-xTR#

• At this initial stage in the Lab, from R111 and R112 you should only be able to ping any of the
addresses used in internal infrastructure (i.e. 172.16.1.0/24 and 2001:db8:a:2::/64), as well
as any of the (soon to be) LISP EIDs (i.e. 192.168.1.1/2/3/4 and /254, and
2001:db8:a:1::1/2/3/4 and :254). From R112, you should also be able to ping any of the 10/8
infrastructure addresses (in the Core). You should not be able to ping the LISP EID space in
LISP Site 2, however (192.168.7.0/24). For example:

R112-xTR#ping 10.0.100.2 so 10.0.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.100.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/8 ms
R112-xTR#ping 10.0.101.2 so 10.0.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.101.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R112-xTR#ping 10.0.9.2 so 10.0.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.9.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.1.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R112-xTR#ping 192.168.7.254 so 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.7.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
.....
Success rate is 0 percent (0/5)
R112-xTR#

LISP Site 2:
• R117 is used as a “host” for LISP EID addresses within LISP Site 2. It will be used later
during ping testing. R117 has four Loopback interfaces, each with an IPv4/32 and IPv6/128
address from the LISP EID address space for Site 2 of 192.168.7.0/24 and
2001:db8:B:1::/64. R117 has one infrastructure link (E0/0) connecting it to R116 with
addresses of 172.16.2.1/30 and 2001:db8:b:2::1/64.
 
R117-Host7#show ip interface brief | exclude un|down
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 172.16.7.1 YES manual up up
Loopback1 192.168.7.1 YES manual up up
Loopback2 192.168.7.2 YES manual up up
Loopback3 192.168.7.3 YES manual up up

  4  
 Loopback4 192.168.7.4 YES manual up up
R117-Host7#

R117-Host7#show ipv6 interface brief | exclude un|down|FE

Ethernet0/0 [up/up]
2001:DB8:B:2::1
Loopback1 [up/up]
2001:DB8:B:1::1
Loopback2 [up/up]
2001:DB8:B:1::2
Loopback3 [up/up]
2001:DB8:B:1::3
Loopback4 [up/up]
2001:DB8:B:1::4

R117-Host7#

• In later exercises, R116 will be the LISP xTR for LISP Site 2. R116 has one uplink connecting
it to Core router R113, as well as the internal link connecting it to R117. The uplink to R113
(E0/1) will be used as the locator (RLOC) for LISP in later exercises. Note that Loopback0 is
also configured with IPv4 and IPv6 EID addresses; these will be useful for sourcing packets
within the EID prefix range during testing in later exercises.

R116-xTR#show ip int brief | exc ad|d

Ethernet0/0 172.16.7.2 YES NVRAM up up
Ethernet0/1 10.0.9.2 YES NVRAM up up
Loopback0 192.168.7.254 YES NVRAM up up
R116-xTR#

R116-xTR#show ipv6 interface brief | exclude un|do|FE

Ethernet0/0 [up/up]
2001:DB8:B:2::2
Loopback0 [up/up]
2001:DB8:B:1::254

R116-xTR#

• At this initial stage in the Lab, from R116 and R117 you should only be able to ping any of the
addresses used in internal infrastructure (i.e. 172.16.2.0/24 and 2001:db8:b:2::/64), as well
as any of the (soon to be) LISP EIDs (i.e. 192.168.7.1/2/3/4 and /254, and
2001:db8:b:1::1/2/3/4 and :254). From R116, you should also be able to ping any of the 10/8
infrastructure addresses (in the Core). You should not be able to ping the LISP EID space in
LISP Site 1, however (192.168.1.0/24). For example:

R116-xTR#ping 10.0.100.2 so 10.0.9.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.100.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.9.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R116-xTR#ping 10.0.101.2 so 10.0.9.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.101.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.9.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R116-xTR#ping 10.0.1.2 so 10.0.9.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.1.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.9.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/13 ms
R116-xTR#ping 192.168.1.254 so 192.168.7.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.7.254
.....
Success rate is 0 percent (0/5)

  5  
 R116-xTR#

Step 3 Review the IPv4 and IPv6 addressing, configurations, and connectivity for the Core
Router, R113.
Core Router:
• Router R113 serves as a “core” router representing the IPv4 and IPv6 Internet for the LISP
Lab topology. In addition to the connections to LISP xTR R112 and R116, router R113 also
has connections to LISP Map-Server/Map-Resolver, R114, and the LISP Proxy Ingress
Tunnel Router/Proxy Egress Tunnel Router (PxTR), R115. Router R113 is also configured
with two loopback interfaces: Loopback1, which represents an IPv4 “non-LISP” (Internet) host
(ping target), and Loopback0, which represents an IPv6 “non-LISP” (Internet) host. These will
be used for testing in later exercises.

R3-Core#show ip interface brief | exclude un|down

Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.0.100.1 YES NVRAM up up
Ethernet0/1 10.0.101.1 YES NVRAM up up
Ethernet0/2 10.0.9.1 YES NVRAM up up
Ethernet1/1 10.0.1.1 YES NVRAM up up
Ethernet1/2 10.0.2.1 YES NVRAM up up
Loopback1 10.200.1.1 YES NVRAM up up

R3-Core#show ipv6 interface brief | exclude un|down|FE

Ethernet0/0 [up/up]
2001:DB8:3:4::1
Ethernet0/1 [up/up]
2001:DB8:3:5::1
Ethernet1/3 [up/up]
2001:DB8:2:3::1
Loopback0 [up/up]
2001:DB8:C5C0::1
Loopback1 [up/up]
R3-Core#

• From R113 you should only be able to ping any of the 10/8 infrastructure addresses
including: R112 and R116, and R114, the LISP MS/MR, and R115, the LISP PxTR. You can
also ping the IPv6 versions as appropriate.

• As mentioned in the LISP Lab Overview, this lab concentrates on LISP from the Enterprise
perspective; thus the existence of a “LISP Mapping Service Provider” is assumed. Therefore,
all of the LISP Mapping Services and Proxy Services have been pre-configured for this lab.
As part of that configuration, R113 is configured as a BGP peer with R115, the LISP PxTR.
(This is not a “mandatory” requirement. It does, however, represent a “typical” configuration
that a PITR would use to advertise LISP EID space into the Core network. It has been
included here for completeness.) As discussed in greater detail in later exercises, the PITR
advertises coarse aggregates for both IPv4 and IPv6 LISP EID prefixes into the Core
(Internet) in order to attract traffic destined for these prefixes. It then LISP-encapsulates this
traffic to the LISP sites. That is the purpose of the above BGP configuration.

R3-Core#sh run | sec router bgp

router bgp 3
bgp asnotation dot
bgp log-neighbor-changes
neighbor 10.0.101.2 remote-as 5
neighbor 2001:DB8:3:5::2 remote-as 5
!
address-family ipv4
neighbor 10.0.101.2 activate
neighbor 2001:DB8:3:5::2 activate
exit-address-family
!
address-family ipv6
neighbor 2001:DB8:3:5::2 activate
exit-address-family

  6  
 R3-Core#

Step 5 Review the IPv4 and IPv6 addressing, configurations, and connectivity for the LISP Map-
Server/Map-Resolver, R114, and the Proxy xTR, R115.

LISP Mapping-Server/Map-Resolver (MSMR):

• R114 provides LISP Map-Server/Map-Resolver (MS/MR) functions for the LISP Lab. R114
has one connection to the Core (R113), but it is configured for both IPv4 and IPv6
connectivity.

R114-MSMR#sh ip int br | exc un|do

Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.0.100.2 YES manual up up

R114-MSMR#sh ipv6 int br | exc un|do|FE

Ethernet0/0 [up/up]
2001:DB8:3:4::2

R114-MSMR#

LISP Proxy ITR/ETR (PxTR):

• R115 provides LISP Proxy Ingress Tunnel Router/Proxy Egress Tunnel Router (PxTR) for
both IPv4 and IPv6 address families for the LISP Lab. R115 has one connection to the core,
R113, but it is configured for both IPv4 and IPv6 connectivity.

R115-PxTR#sh ip int br | exc un|do

Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.0.101.2 YES manual up up

R115-PxTR#sh ipv6 int br | exc un|do|FE

Ethernet0/0 [up/up]
2001:DB8:3:5::2

R115-PxTR#

• From R114 and R115, you should be able to ping any of the 10/8 infrastructure addresses.
Likewise, you should also be able to ping any of the IPv6 versions as appropriate.

Step 6 Review the LISP configurations for the LISP MSMR, R114, and the PxTR, R115.

LISP Mapping-Server/Map-Resolver (MSMR):

• R114 provides LISP Map-Server/Map-Resolver (MS/MR) functions for the LISP Lab. The
required LISP configurations are all pre-built for this lab. Review their configurations now.

R114-MSMR#show run | section lisp|ip route|ipv6 route

router lisp
site site1
description LISP Site 1 - GOLD Lab
authentication-key SITE1KEY
eid-prefix 192.168.1.0/24
eid-prefix 2001:DB8:A::/48
exit
!
site site2
description Site 2 - GOLD Lab
authentication-key SITE2KEY
eid-prefix 192.168.7.0/24
eid-prefix 2001:DB8:B::/48
exit
!
ipv4 map-server
ipv4 map-resolver

  7  
 ipv6 map-server
ipv6 map-resolver
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.100.1
ipv6 route ::/0 2001:DB8:3:4::1
R114-MSMR#

• As shown in R114 above, LISP “site” configurations for LISP Site 1 and LISP Site 2 are
specified. These must be configured in order for these sites to properly register and
participate in LISP mapping services. Addition details are provided in later exercises.

LISP Proxy ITR/ETR (PxTR):

• R115 provides LISP Proxy ITR/ETR (PxTR) functions for the LISP Lab. The LISP
configurations are all pre-built for this lab. Review their configurations now.

R115-PxTR#show run | sec router lisp|router bgp|route-map|ip route|ipv6 route

router lisp
eid-table default instance-id 0
ipv4 route-import map-cache static route-map EID-space
ipv6 route-import map-cache static route-map EID-space
exit
!
ipv4 map-request-source 10.0.101.2
no ipv4 map-cache-persistent
ipv4 map-cache-limit 100000
ipv4 proxy-etr
ipv4 proxy-itr 10.0.101.2 2001:DB8:3:5::2
ipv4 itr map-resolver 10.0.100.2
ipv6 map-request-source 2001:DB8:3:5::2
no ipv6 map-cache-persistent
ipv6 map-cache-limit 100000
ipv6 proxy-etr
ipv6 proxy-itr 2001:DB8:3:5::2 10.0.101.2
ipv6 itr map-resolver 10.0.100.2
exit
!
router bgp 5
bgp asnotation dot
bgp log-neighbor-changes
neighbor 10.0.101.1 remote-as 3
neighbor 2001:DB8:3:5::1 remote-as 3
!
address-family ipv4
redistribute static route-map pop-EID
neighbor 10.0.101.1 activate
no neighbor 2001:DB8:3:5::1 activate
exit-address-family
!
address-family ipv6
redistribute static route-map pop-EID
neighbor 2001:DB8:3:5::1 activate
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 10.0.101.1
ip route 192.168.0.0 255.255.0.0 Null0 tag 111
ipv6 route 2001:DB8:A::/47 Null0 tag 111
ipv6 route ::/0 2001:DB8:3:5::1
route-map EID-space permit 10
match tag 111
route-map pop-EID permit 10
match tag 111
set origin igp
set community 111:5
R115-PxTR#

  8  
 • As shown in R115 above, two important functions are configured on this router. First, the
router acts as a Proxy Ingress Tunnel Router (PITR) and Proxy Egress Tunnel Router
(PETR). Enabling PETR functions is trivial (one command for each address family). For the
PITR functions, however, the PITR must be configured with the EID-prefix space that it is
responsible for being a proxy. Second, as described in further detail in later exercises, the
PITR must “advertise” coarse-aggregates for the IPv4 and IPv6 LISP EID prefixes into the
Core (Internet) in order to attract traffic destined for these prefixes and for which it is acting as
a proxy. This is necessary so that traffic from all non-LISP sources that is destined for LISP
sites is first “attracted” to the PITR, which will then LISP-encapsulate the traffic to the LISP
site. This interworking function provides “day-one” benefit to LISP sites. That is the purpose
of the above BGP configuration. (There are other approaches; BGP has been used here.)

Note: In a “public” LISP deployment, a LISP Services Provider provides all mapping and proxy services.
This lab assumes such a scenario, and thus, these services have been ‘pre-configured’ to match the lab
exercises. In a “private” LISP implementation, the Enterprise typically deploys its own Mapping Services
(i.e. Map-Server/Map-Resolver support), and if required, Proxy Services (i.e. Proxy ITR/ETR).

 End of Exercise: You have successfully completed this exercise.

Proceed to next section.
 

  9  
Lab Exercise 2: Deploying LISP-to-LISP for IPv4
 
Exercise Description
In Exercise 2, you will learn to configure the basic elements of LISP by enabling LISP services on
the xTRs for LISP Site 1 (R112) and LISP Site 2 (R116), and investigating LISP-to-LISP traffic for
IPv4 EID using IPv4 RLOCs.
 

 
 
Exercise Objective
Through the course of this exercise, you will learn how to configure basic LISP Ingress/Egress
Tunnel Router services (xTRs). You will also gain familiarity with LISP verification steps.
 
Lab Exercise Steps
 
Step 1 Configure LISP Site 1 (R112) for IPv4 EIDs.
• In this exercise, R112 will only be using the Ethernet1/1 WAN link as its LISP RLOC. (The
other WAN links will be added in later exercises to demonstrate multihoming/ingress TE.)
Also, only the IPv4 EID space will be configured in LISP. (The IPv6 EID space will be added
in later exercises to demonstrate multi-address family support.)
• Enter LISP configuration mode:

R112-xTR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R112-xTR(config)#router lisp
R112-xTR(config-router-lisp)#

• Configure a “locator-set” and include the Ethernet 1/1 interface as the only RLOC. Include a
priority or “1” and weight of “1” for this RLOC.
 
R112-xTR(config-router-lisp)#locator-set SITE1
R112-xTR(config-router-lisp-locator-set)# 10.0.1.2 priority 1 weight 1
R112-xTR(config-router-lisp-locator-set)#exit
R112-xTR(config-router-lisp)#

  10  
 ALTERNATIVE:  
• When a LISP site has locators that obtain their IP addresses automatically (such as via
DHCP), the locator-set configuration can specify the interface(s) to be associated as the
RLOC(s) rather than directly referring to the IP address(es). For example:

R112-xTR(config-router-lisp)#locator-set SITE1
R112-xTR(config-router-lisp-locator-set)# ipv4-interface Ethernet1/1 priority 1 weight 1
R112-xTR(config-router-lisp-locator-set)#exit
R112-xTR(config-router-lisp)#

• In the example above, the IPv4 interface assigned to Ethernet1/1 will automatically be
included as the RLOC. If this IP address changes, for example upon DHCP renewal, the xTR
will immediately re-register this new RLOC address with the Map-Server.

• Configure the IPv4 EID prefix 192.168.1.0/24 for this ETR within the default (global) routing
table (and no virtualization instance-id), and associate it to the above locator-set:
 
R2-xTR(config-router-lisp)#eid-table default instance-id 0
R2-xTR(config-router-lisp-eid-table)#database-mapping 192.168.1.0/24 locator-set SITE1
R2-xTR(config-router-lisp-eid-table)#exit
R2-xTR(config-router-lisp)#

• Enable LISP ITR and ETR services for IPv4. Notice that after the first service is started, a
diagnostic message is displayed indicating this has occurred.
 
R112-xTR(config-router-lisp)#ipv4 itr
R112-xTR(config-router-lisp)#ipv4 etr
R112-xTR(config-router-lisp)#
*Apr 8 00:53:01.044: %LINEPROTO-5-UPDOWN: Line protocol on Interface LISP0, changed
state to up

• Configure the xTR to point to the Map-Server/ Map-Resolver for registration and mapping
resolution.

R112-xTR(config-router-lisp)#ipv4 itr map-resolver 10.0.100.2

R112-xTR(config-router-lisp)#ipv4 etr map-server 10.0.100.2 key SITE1KEY
R112-xTR(config-router-lisp)#
 
• Finally, enable the rloc-probing mechanism for determining remote-site locator reachability.

R112-xTR(config-router-lisp)#loc-reach-algorithm rloc-probing
R112-xTR(config-router-lisp)#end
R112-xTR#
 
• The Map-Server/Map-Resolver (R114) has been preconfigured with this LISP site information.
The authentication key is “SITE1KEY” and must match correctly for registration to succeed.

Step 2 Verify that the EID prefix of LISP Site 1 is registered:

• Use the command show ip lisp database to verify the state of the LISP database on R112.
Notice that this output matches the configured information.
 
R112-xTR#sh ip lisp database
LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1, 1 entries

192.168.1.0/24, locator-set SITE1

Locator Pri/Wgt Source State
10.0.1.2 1/1 cfg-addr site-self, reachable
R112-xTR#

  11  
 • Use the command show ip lisp map-cache command to display the initial state of the LISP
map-cache on R112. Notice that at this point, only the default (always present) map-cache
entry exists. This LISP site is not communicating with any other LISP sites yet; no additional
map-cache entries are required. Note that the “default” entry (0.0.0.0/0) has an “action” of
“send-map-request” which causes the router to automatically query the mapping system for
unknown destinations.

R112-xTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:08:54, expires: never, via static send map-request

Negative cache entry, action: send-map-request
R112-xTR#

• Use the “lig self ipv4” command to query the Mapping System for R112’s own IPv4 EID
prefix. The command “lig” (LISP Internet Groper) is a tool that can be used to query the LISP
mapping system for its current knowledge of a prefix.
 
R112-xTR#lig self ipv4
Mapping information for EID 192.168.1.0 from 10.0.1.2 with RTT 1 msecs
192.168.1.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, self, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:00:00 up, self 1/1
R112-xTR#
 
• This step verifies that R112 has registering correctly. If R112 were not correctly registering,
lig would not return the EID prefix for this site.

• Use the “show ip lisp map-cache” command to see that R112’s own EID prefix is in the
map-cache.

R112-xTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:16:56, expires: never, via static send map-request

Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:01:55, expires: 23:58:09, via map-reply, self, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:01:55 up, self 1/1
R112-xTR#

• Notice that this output matches the configured information. IMPORTANT: The existence of
“your own” EID prefix in your (local) map-cache is not required for LISP operations. The
above exercise was used only to illustrate the behavior of the LISP control plane, and to
verify LISP site registration success.

Note: To illustrate a failure example, where something is wrong in the control plane, consider the case
where the wrong key is entered and LISP Site 1 fails registration, the following would be returned on the
LISP Site 1 xTR R2 when “lig self ipv4” is entered.

R112-xTR#lig self ipv4

Mapping information for EID 192.168.1.0 from 10.0.100.2 with RTT 1 msecs
192.168.1.0/24, uptime: 00:00:00, expires: 00:00:59, via map-reply, self, forward-native
Negative cache entry, action: forward-native
R112-xTR#

• If the site was properly registered (and if the control plane is working), we should expect to
receive the correct information in return. In this case, a negative map-reply is returned.
(Further verification is possible, if access to the Map-Server is available. This is discussed
later in this exercise below.)

  12  
 Step 3 Configure LISP Site 2 (R116) for IPv4 EIDs.
• Follow the same procedures as used for LISP Site 1, but use the appropriate RLOC and LISP
EID information for LISP Site 2:

R116-xTR(config)#router lisp
R116-xTR(config-router-lisp)#locator-set SITE2
R116-xTR(config-router-lisp-locator-set)#10.0.9.2 priority 1 weight 1
R116-xTR(config-router-lisp-locator-set)#exit
R116-xTR(config-router-lisp)#eid-table default instance-id 0
R116-xTR(config-router-lisp-eid-table)#database-mapping 192.168.7.0/24 locator-set SITE2
R116-xTR(config-router-lisp-eid-table)#exit
R116-xTR(config-router-lisp)#ipv4 itr
R116-xTR(config-router-lisp)#ipv4 etr
R116-xTR(config-router-lisp)#ipv4 itr map-resolver 10.0.100.2
R116-xTR(config-router-lisp)#ipv4 etr map-server 10.0.100.2 key SITE2KEY
R116-xTR(config-router-lisp)#^Z
R116-xTR#

• The Map-Server/Map-Resolver (R114) has been preconfigured with this LISP site information.
The authentication key is “SITE2KEY” and must match correctly for registration to succeed.

Step 4 Verify LISP Site 2 information.

• Use the command show ip lisp database to verify the state of the LISP database on R116.
Notice that this output matches the configured information.

R116-xTR#sh ip lisp database

LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1, 1 entries

192.168.7.0/24, locator-set SITE2

Locator Pri/Wgt Source State
10.0.9.2 1/1 cfg-addr site-self, reachable
R116-xTR#

• Use the command show ip lisp map-cache command to display the initial state of the LISP
map-cache on R116. Notice that at this point, only the default (always present) map-cache
entry exists. This LISP site is not communicating with any other LISP sites yet; no additional
map-cache entries are required. Note that the “default” entry (0.0.0.0/0) has an “action” of
“send-map-request” which causes the router to automatically query the mapping system for
unknown destinations.

R116-xTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:07:53, expires: never, via static send map-request

Negative cache entry, action: send-map-request
R116-xTR#

• Use the “lig self ipv4” command to query the Mapping System for R116’s own IPv4 EID
prefix. The command “lig” (LISP Internet Groper) is a tool that can be used to query the LISP
mapping system for its current knowledge of a prefix. This step verifies that R116 has
registering correctly. If R116 were not correctly registering, lig would not return the EID prefix
for this site

R116-xTR#lig self ipv4

Mapping information for EID 192.168.7.0 from 10.0.9.2 with RTT 0 msecs
192.168.7.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, self, complete
Locator Uptime State Pri/Wgt
10.0.9.2 00:00:00 up, self 1/1
R116-xTR#

  13  
 Step 5 Check the Map-Server:
• Use the “show lisp site detail” command on the Map-Server (R114) to verify that EID
prefixes of both LISP Sites are registered:

R114-MSMR#sh lisp site detail

LISP Site Registration Information

Site name: site1

Description: LISP Site 1 - GOLD Lab
Allowed configured locators: any
Allowed EID-prefixes:
EID-prefix: 192.168.1.0/24
First registered: 00:10:54
Routing table tag: 0
Origin: Configuration
Merge active: No
Proxy reply: No
TTL: 1d00h
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.0.2.2, last registered 00:00:41, no proxy-reply, map-notify
TTL 1d00h, no merge, hash-function sha1, nonce 0x954597F5-0x859BF9D1
state complete, no security-capability
xTR-ID 0x816B8510-0xBEA35091-0x9D01B036-0xBD9EC071
site-ID unspecified
Locator Local State Pri/Wgt
10.0.1.2 yes up 1/1
---<skip>---
Site name: site2
Description: Site 2 - GOLD Lab
Allowed configured locators: any
Allowed EID-prefixes:
EID-prefix: 192.168.7.0/24
First registered: 00:09:59
Routing table tag: 0
Origin: Configuration
Merge active: No
Proxy reply: No
TTL: 1d00h
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.0.9.2, last registered 00:00:48, no proxy-reply, map-notify
TTL 1d00h, no merge, hash-function sha1, nonce 0xCADCE387-0xFF2B9684
state complete, no security-capability
xTR-ID 0x046EC371-0xBC7134B0-0x59DED478-0x067155EA
site-ID unspecified
Locator Local State Pri/Wgt
10.0.9.2 yes up 1/1
---<skip>---
R114-MSMR#

Step 6 Verify LISP-to-LISP connectivity by pinging LISP Site 2 from LISP Site 1
• Source-ping R116 from R112 using EID loopbacks as source and destination.

R112-xTR#ping 192.168.7.254 source 192.168.1.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.7.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
R112-xTR#

• Notice that the first two packets were unsuccessful. This is a “classic” indication that neither
xTR had an existing map-cache entry for the destination. These packets were discarded by

  14  
 R112 and R116 while they built map-cache entries for each other. Once this map-cache entry
is built, subsequent flows between any hosts within the full /24 EID prefixes will use the
cached mapping entry.

• Use the “show ip lisp map-cache” command on R112 to show that a new map-cache entry
(via map-reply) is now present for LISP Site 2:

R112-xTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 20:03:11, expires: never, via static send map-request

Negative cache entry, action: send-map-request
192.168.7.0/24, uptime: 20:02:48, expires: 04:43:43, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.9.2 20:02:48 up 1/1
R112-xTR#

• Use the “show ip lisp map-cache” command on R116 to show that a new map-cache entry
(via map-reply) is now present for LISP Site 1.
 
R116-xTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 20:04:35, expires: never, via static send map-request

Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 20:04:17, expires: 04:42:36, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 20:04:17 up 1/1
R116-xTR#

• From the host router, R111, use a source-ping again; this time no packet drops will occur:

R111-Host1#ping 192.168.7.1 source 192.168.1.1 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.7.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/1/1 ms
R111-Host1#

• On the LISP xTR R112, use the “show ip lisp forwarding eid remote” command to verify
how many LISP packets were encapsulated by this router, to show many of the LISP
attributes about how this local xTR encapsulates packets to the remote EID.

R112-xTR#sh ip lisp forwarding eid remote 192.168.7.1

Prefix Fwd action Locator status bits
192.168.7.0/24 encap 0x00000001
packets/bytes 114/11274
path list B460082C, flags 0x49, 3 locks, per-destination
ifnums:
LISP0(21): 10.0.9.2
1 path
path B45CF1C8, path list B460082C, share 1/1, type attached nexthop, for IPv4
nexthop 10.0.9.2 LISP0, adjacency IP midchain out of LISP0, addr 10.0.9.2 B467E5F8
1 output chain
chain[0]: IP midchain out of LISP0, addr 10.0.9.2 B467E5F8 IP adj out of Ethernet1/2,
addr 10.0.2.1 B467E4C8
R112-xTR#

• From the host router, R111, use a sourced traceroute to show the LISP path.

  15  
 R111-Host1#traceroute 192.168.7.1 source 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.7.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.1.2 0 msec 0 msec 0 msec
2 10.0.2.1 1 msec 7 msec 7 msec
3 10.0.9.2 1 msec 1 msec 0 msec
4 172.16.7.1 1 msec * 0 msec
R111-Host1#

• Notice that all hops between the LISP EIDs are visible in the traceroute. (Typically, tunnel
technologies such as GRE and IPsec hide the network elements between tunnel endpoints.)

 End of Exercise: You have successfully completed this exercise.

Proceed to next section.
 

  16  
Lab Exercise 3: Deploying LISP-to-LISP for IPv6
with IPv4 Locators
 
Exercise Description
In Exercise 3, you will learn to configure LISP for IPv6 EID’s by enabling IPv6 LISP services on
the xTRs for LISP Site 1 (R112) and LISP Site 2 (R116), and investigating LISP-to-LISP traffic for
IPv6 EID using IPv4 RLOCs.

Exercise Objective
In this exercise, the goal is to understand how to extend LISP functionality to IPv6 EIDs and
explore the address family agnostic behavior of LISP.

Lab Exercise Steps

Step 1 Configure LISP Site 1 (R112) for IPv6 EIDs. (The RLOC will remain IPv4.)
• In this exercise, R112 will be configured to add the IPv6 EID space to the LISP configuration
from Exercise 2. The LISP configuration will continue using Ethernet1/1 WAN link as its LISP
IPv4 RLOC.
• Enter LISP configuration mode and configure the IPv6 EID prefix 2001:db8:a::/48 and use
the existing IPv4-only locator-set. Enable LISP ITR and ETR services for IPv6. Configure the
Map-Resolver and Map-Server to point to and register with (respectively) for this xTR.

R112-xTR(config)#router lisp
R112-xTR(config-router-lisp)#eid-table default instance-id 0
R112-xTR(config-router-lisp-eid-table)#database-mapping 2001:db8:a::/48 locator-set SITE1
R112-xTR(config-router-lisp-eid-table)#exit
R112-xTR(config-router-lisp)#ipv6 itr
R112-xTR(config-router-lisp)#ipv6 etr
R112-xTR(config-router-lisp)#ipv6 itr map-resolver 10.0.100.2
R112-xTR(config-router-lisp)#ipv6 etr map-server 10.0.100.2 key SITE1KEY
R112-xTR(config-router-lisp)#^Z
R112-xTR#

  17  
 • The Map-Server (R114) has been preconfigured with this IPv6 EID LISP site information. The
authentication key is “SITE1KEY” and must match correctly for registration to succeed. Note
that the IPv4 RLOCs are still used to communicate with the Map-Resolver and Map-Server
since this xTR only has IPv4 WAN connectivity.

Step 2 Verify that LISP Site 1 is registered:

• Use the “show ipv6 lisp database” and “show ipv6 lisp map-cache” command to verify the
initial state of the LISP database and map-cache on R112.

R112-xTR#sh ipv6 lisp database

LISP ETR IPv6 Mapping Database for EID-table default (IID 0), LSBs: 0x1, 1 entries

2001:DB8:A::/48, locator-set SITE1

Locator Pri/Wgt Source State
10.0.1.2 1/1 cfg-addr site-self, reachable
R112-xTR#sh ipv6 lisp map-cache
LISP IPv6 Mapping Cache for EID-table default (IID 0), 1 entries

::/0, uptime: 00:20:09, expires: never, via static send map-request

Negative cache entry, action: send-map-request
R112-xTR#

• Notice that this information matches that configured in the database-mapping command.
Notice that at this point, only the default (always present) map-cache entry exists. This LISP
site is not communicating with any other LISP sites yet; no additional map-cache entries are
required. Note that the “default” entry (::/0) has an “action” of “send-map-request” which
causes the router to automatically query the mapping system for unknown destinations

• You can use “lig self ipv6” to query the Mapping System for R112’s own IPv6 EID prefix.

R112-xTR#lig self ipv6

Mapping information for EID 2001:DB8:A:: from 10.0.1.2 with RTT 0 msecs
2001:DB8:A::/48, uptime: 00:00:00, expires: 23:59:59, via map-reply, self, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:00:00 up, self 1/1
R112-xTR#

• This step verifies that R112 is registering correctly. If R112 were not correctly registering, it
would not return the EID prefix for this site.

• Use the “show ipv6 lisp map-cache” command to show that R112’s own IPv6 EID prefix is
now in the map-cache (as a result of “lig”).

R112-xTR#sh ipv6 lisp map-cache

LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 00:40:10, expires: never, via static send map-request

Negative cache entry, action: send-map-request
2001:DB8:A::/48, uptime: 00:02:20, expires: 23:57:45, via map-reply, self, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:02:20 up, self 1/1
R112-xTR#

• Notice that this information matches that configured in the database-mapping command.

Step 3 Configure LISP Site 2 (R116) for IPv6 EIDs using the existing IPv4 locators.
• Follow the same procedures as used for LISP Site 1, but use the appropriate RLOC and LISP
EID information for LISP Site 2:

R116-xTR(config)#router lisp
R116-xTR(config-router-lisp)#eid-table default instance-id 0
R116-xTR(config-router-lisp-eid-table)# database-mapp 2001:db8:b::/48 locator-set SITE2

  18  
 R116-xTR(config-router-lisp-eid-table)#exit
R116-xTR(config-router-lisp)#ipv6 itr
R116-xTR(config-router-lisp)#ipv6 etr
R116-xTR(config-router-lisp)#ipv6 itr map-resolver 10.0.100.2
R116-xTR(config-router-lisp)#ipv6 etr map-server 10.0.100.2 key SITE2KEY
R116-xTR(config-router-lisp)#^Z

• The Map-Server/Map-Resolver (R114) has been preconfigured with this LISP site information.
The authentication key is “SITE2KEY” and must match correctly for registration to succeed.

Step 4 Verify LISP Site 2 information.

• Use the “show ipv6 lisp database” and “show ipv6 lisp map-cache” command to verify the
initial state of the LISP database and map-cache on R6.

R116-xTR#sh ipv6 lisp database

LISP ETR IPv6 Mapping Database for EID-table default (IID 0), LSBs: 0x1, 1 entries

2001:DB8:B::/48, locator-set SITE2

Locator Pri/Wgt Source State
10.0.9.2 1/1 cfg-addr site-self, reachable
R116-xTR#

• Notice that this output matches the configured information.

R116-xTR#sh ipv6 lisp map-cache

LISP IPv6 Mapping Cache for EID-table default (IID 0), 1 entries

::/0, uptime: 00:30:55, expires: never, via static send map-request

Negative cache entry, action: send-map-request
R116-xTR#

• Notice that at this point, only the default (always present) map-cache entry exists. This LISP
site is not communicating with any other LISP sites yet; no additional map-cache entries are
required. Note that the “default” entry (::/0) has an “action” of “send-map-request” which
causes the router to automatically query the mapping system for unknown destinations.
• Use “lig self ipv6” to query the Mapping System for R116’s own IPv6 EID prefix.

R116-xTR#lig self ipv6

Mapping information for EID 2001:DB8:B:: from 10.0.9.2 with RTT 1 msecs
2001:DB8:B::/48, uptime: 00:00:00, expires: 23:59:59, via map-reply, self, complete
Locator Uptime State Pri/Wgt
10.0.9.2 00:00:00 up, self 1/1
R116-xTR#

• This step verifies that R116 has registering correctly. If R116 were not correctly registering,
lig would not return the EID prefix for this site.

Step 5 Check the Map-Server:

• Use the “show lisp site” command on the Map-Server (R114) to verify that both LISP Sites
are registered:

R114-MSMR#sh lisp site

LISP Site Registration Information

Site Name Last Up Who Last Inst EID Prefix

Register Registered ID
site1 00:00:34 yes 10.0.2.2 192.168.1.0/24
00:00:44 yes 10.0.2.2 2001:DB8:A::/48
site2 00:00:41 yes 10.0.9.2 192.168.7.0/24
00:00:32 yes 10.0.9.2 2001:DB8:B::/48
R114-MSMR#

  19  
 Step 6 Verify LISP-to-LISP connectivity by pinging from LISP Site 1 to LISP Site 2:
• Source-ping R116 from R112 using the IPv6 EID loopbacks as source and destination.

R112-xTR#ping 2001:db8:b:1::254 so 2001:db8:a:1::254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:B:1::254, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:1::254
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
R112-xTR#

• Notice that the first two packets were unsuccessful. This is a “classic” indication that neither
xTR had an existing map-cache entry for the destination. These packets were discarded by
R112 and R116 while they built map-cache entries for each other. Once this map-cache entry
is built, subsequent flows between any hosts within the full /48 EID prefixes will use the
cached mapping entry.

• Use the “show ipv6 lisp map-cache” command on R112 to show that a new map-cache
entry (via map-reply) is now present for LISP Site 2:

R112-xTR#sh ipv6 lisp map-cache

LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 00:00:18, expires: never, via static send map-request

Negative cache entry, action: send-map-request
2001:DB8:B::/48, uptime: 00:00:15, expires: 23:59:45, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.9.2 00:00:15 up 1/1
R112-xTR#

• Use the “show ipv6 lisp map-cache” command on R116 to show that a new map-cache
entry (via map-reply) is now present for LISP Site 1.
 
R116-xTR#sh ipv6 lisp map-cache
LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 00:01:13, expires: never, via static send map-request

Negative cache entry, action: send-map-request
2001:DB8:A::/48, uptime: 00:01:03, expires: 23:58:59, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:01:03 up 1/1
R116-xTR#

• From the host router, R111, use a source-ping again; this time no packet drops will occur:

R111-Host1#ping 2001:db8:b:1::1 so 2001:db8:a:1::1 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 2001:DB8:B:1::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:1::1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 6/6/8 ms
R111-Host1#

• On the LISP xTR R112, use the “show ipv6 lisp forwarding eid remote” command to verify
how many LISP packets were encapsulated by this router, to show many of the LISP
attributes about how this local xTR encapsulates packets to the remote EID.

R112-xTR#sh ipv6 lisp forwarding eid remote 2001:db8:b:1::1

Prefix Fwd action Locator status bits
2001:DB8:B::/48 encap 0x00000001
packets/bytes 109/10844
path list B4600A5C, flags 0x49, 3 locks, per-destination
ifnums:

  20  
 LISP0(21): 10.0.9.2
1 path
path B45CEF28, path list B4600A5C, share 1/1, type attached nexthop, for IPv6
nexthop 10.0.9.2 LISP0, adjacency IPV6 midchain out of LISP0, addr 10.0.9.2 B467E5F8
1 output chain
chain[0]: IPV6 midchain out of LISP0, addr 10.0.9.2 B467E5F8 IP adj out of
Ethernet1/2, addr 10.0.2.1 B467E4C8
R112-xTR#

• From the host router, R111, use a sourced traceroute to show the LISP path.

R111-Host1#traceroute
Protocol [ip]: ipv6
Target IPv6 address: 2001:db8:b:1::1
Source address: 2001:db8:a:1::1
Insert source routing header? [no]:
Numeric display? [no]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [0]:
Type escape sequence to abort.
Tracing the route to 2001:DB8:B:1::1

1 2001:DB8:A:2::2 0 msec 1 msec 1 msec

2 2001:DB8:B:1::254 0 msec 1 msec 1 msec
3 2001:DB8:B:2::1 0 msec 0 msec 0 msec
R111-Host1#

• Notice that in this case, only the IPv6 hops are visible. (There is no “interworking” between
IPv4 and IPv6 ICMP.)

 
 End of Exercise: You have successfully completed this exercise.
Proceed to next section.

  21  
Lab Exercise 4: Deploying LISP-to-non-LISP for
IPv4 EIDs with IPv4 Locators
 
Exercise Description
In Exercise 4, no new LISP configurations are needed on the LISP Site routers. However, this
exercise will use the pre-configured LISP Proxy Ingress Tunnel Router (PITR) (R115). During this
exercise you will mainly be exploring the functionality implemented by the PITR. This exercise
simulates the real-world scenario where an Enterprise site that has converted to LISP also
requires access to non-LISP (Internet) sites.

 
Exercise Objective
In this exercise, the goal is to understand the functionality of the LISP PITR in supporting
interworking in the “non-LISP to LISP” direction.
 
Lab Exercise Steps
 
Step 1 Verify that the Core router (R113) is seeing the IPv4 LISP EID aggregate prefix, and
that the LISP PITR is operating correctly. Verify that the PITR has no IPv4 map-cache
entries initially.
• Ensure that the Core router (R113) sees the IPv4 LISP EID aggregate prefix (192.168.0.0/16)
as being advertised by the LISP PITR (R5):

R113-Core#sh ip route | inc 192.168.0.0

B 192.168.0.0/16 [20/0] via 10.0.101.2, 2d10h
R113-Core#

• Notice that the IPv4 LISP EID aggregate 192.168.0.0/16 is advertised by the LISP PITR
(R115). (BGP peering shows this prefix as “via 10.0.101.2”.)

  22  
 • Verify that Core router (R113) has the “non-LISP ping target” configured for this exercise:

R113-Core#show ip interface brief | include 10.200.1.1

Loopback1 10.200.1.1 YES NVRAM up up
R113-Core#

• In this case, the interface Loopback1 (10.200.1.1) is dedicated as a non-LISP ‘IPv4 ping
target”.

• The LISP PITR (R115) operates in a very similar manner as a normal LISP ITR. The main
difference is where an ITR will only LISP-encapsulate packets sourced from its own EID
prefixes (as determined by any configured “database-mapping” commands), a PITR will
LISP-encapsulate any packets, regardless of source, that are destined to a LISP site.
Therefore, a PITR also maintains a LISP map-cache, but does not have LISP database.
Rather, the PITR must be “configured” with the EID space it is responsible for “proxying” to
LISP sites.

• Prior to sending traffic to the non-LISP address, verify that the PITR LISP map-cache
contains no entries, except the entry for 192.168.0.0/16:

R115-PxTR#clear ip lisp map-cache

R115-PxTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

192.168.0.0/16, uptime: 00:00:03, expires: never, via route-import, send-map-request

Negative cache entry, action: send-map-request
R115-PxTR#

• Note that the “action” for this map-cache entry is ”send-map-request.” This shows that this
PITR is configured to proxy for the EID address space covered by 192.168.0.0/16, and that,
in the absence of any other map-cache entries, it should send a map-request to the
configured Map-Resolver to obtain a current EID-to-RLOC mapping.

Step 2 Source ping traffic from LISP xTR R112 to the non-LISP host and review the results.
• Clear the ip lisp map-cache on the LISP xTR R112. This gives us a good baseline from
which to begin this exercise.

R112-xTR#clear ip lisp map-cache

R112-xTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 00:00:12, expires: never, via static send map-request

Negative cache entry, action: send-map-request
R112-xTR#

• Source-ping from LISP xTR R112 using the source IPv4 test EID address 192.168.1.254
and the non-LISP IPv4 destination 10.200.1.1. Review the results.

R112-xTR#ping 10.200.1.1 source 192.168.1.254 repeat 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.200.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/1 ms
R112-xTR#

• These results are very similar to the prior examples where the map-cache entry is not already
built. However, in this case, the map-cache entries are built on this router (R112) for the
destination, and on the PITR (R115) for the return traffic (back to this site).
• Review the map-cache now added on LISP xTR R112.

  23  
 R112-xTR#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:11:15, expires: never, via static send map-request

Negative cache entry, action: send-map-request
0.0.0.0/1, uptime: 00:04:34, expires: 00:10:36, via map-reply, forward-native
Negative cache entry, action: forward-native
R112-xTR#

• In this case, because the destination (10.200.1.1) is determined by the MSMR (R114) to not
be a LISP EID (as would be known by it via a configured “site” command), the MSMR returns
a “negative map-reply” (NMR) back to the xTR (R112). The aggregate covered by this NMR
is computed by the MSMR to cover the “largest possible block” that does not contain a known
LISP EID prefix. In this case (above), you can see that the NMR covers the block 0.0.0.0/1
since for this lab the MSMR only contains two sites – both in the 192.168.0.0/16 range. Note
also that the “action” of the negative cache entry is “forward-native” which means these
packets are forwarded natively (sent without LISP encapsulation) toward the destination.

• Verify that a map-cache entry has also now been built on the LISP PITR R115 to handle the
return traffic (non-LISP to LISP):

R115-PxTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

192.168.0.0/16, uptime: 00:56:53, expires: never, via route-import, send-map-request

Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:13:46, expires: 23:46:44, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:13:46 up 1/1
R115-PxTR#

• As expected, the PITR (R115) has a map-cache entry that includes the LISP xTR R112 prefix
and its site policy (locators and ingress TE specifications) installed in its map-cache. The
PITR uses this map-cache entry to LISP-encapsulate traffic (return echo-reply packets in this
case) to LISP xTR R112.

• Check the LISP encapsulation details on the LISP PITR R115:

R115-PxTR#sh ip lisp forwarding eid remote 192.168.1.0

Prefix Fwd action Locator status bits
192.168.1.0/24 encap 0x00000001
packets/bytes 98/9800
path list B4672D3C, flags 0x49, 4 locks, per-destination
ifnums:
LISP0(11): 10.0.1.2
1 path
path B44938A8, path list B4672D3C, share 1/1, type attached nexthop, for IPv4
nexthop 10.0.1.2 LISP0, adjacency IP midchain out of LISP0, addr 10.0.1.2 B0A34D08
1 output chain
chain[0]: IP midchain out of LISP0, addr 10.0.1.2 B0A34D08 IP adj out of Ethernet0/0,
addr 10.0.101.1 B2977008
R115-PxTR#

• Notice that the LISP PITR R115 has encapsulated packets to the LISP Site 1 xTR R112.

 End of Exercise: You have successfully completed this exercise.

Proceed to next section.
 

  24  
Lab Exercise 5: Deploying LISP-to-non-LISP for
IPv6 with IPv4 Locators
 
Exercise Description
In Exercise 5, new LISP configurations will be added, and you will be exploring the functionality
implemented by the LISP Proxy Egress Tunnel Router (PETR). This exercise simulates the
real-world scenario where an Enterprise site that has incorporated LISP as an IPv6 transition
mechanism and requires access to non-LISP IPv6 sites. In order for this to work (when LISP sites
only have IPv4 WAN connectivity), both PITR and PETR support must exist.

 
 
Exercise Objective
In this exercise, the goal is to understand the functionality of the LISP PETR (and PITR) in cross
address-family interworking support. Specifically in this case, the PETR is used to allow IPv6
EIDs to “hop over” the IPv4 RLOC core. The dual-stacked PETR provides this Address Family
“hop over” functionality. The PITR is also dual-stacked and provides the return traffic support.
 
Lab Exercise Steps
 
Step 1 Verify that the Core router (R113) is seeing the IPv6 LISP EID aggregate prefix, and
that the LISP PITR is operating correctly. Verify that the PITR has no IPv6 map-cache
entries initially.
• Ensure that Core router (R113) has the IPv6 LISP EID aggregate prefix (2001:db8:a::/47) as
being advertised by the LISP PITR (R115).

R113-Core#sh ipv6 route | inc /47

B 2001:DB8:A::/47 [20/0]
R113-Core#

• Notice that the IPv6 LISP EID aggregate 2001:db8:a::/47 is advertised by LISP PITR (R115).

  25  
 • Verify that Core router (R113) has the “non-LISP ping target” configured for this exercise:

R113-Core#show ipv6 interface brief | inc Loop|C5

Loopback0 [up/up]
2001:DB8:C5C0::1
R113-Core#

• In this case, Loopback0 (2001:db8:c5c0::1) is dedicated as a non-LISP ‘ping target”.

• Verify the LISP PxTR (R115) configuration for both Proxy ITR and Proxy ETR services.

R115-PxTR#sh ipv6 lisp

Instance ID: 0
Router-lisp ID: 0
Locator table: default
EID table: default
Ingress Tunnel Router (ITR): disabled
Egress Tunnel Router (ETR): disabled
Proxy-ITR Router (PITR): enabled RLOCs: 2001:DB8:3:5::2, 10.0.101.2
Proxy-ETR Router (PETR): enabled
Map Server (MS): disabled
Map Resolver (MR): disabled
Delegated Database Tree (DDT): disabled
Map-Request source: 2001:DB8:3:5::2
ITR Map-Resolver(s): 10.0.100.2
---<skip>---
R115-PxTR#

• The LISP PITR (R115) operates in a very similar manner as a normal LISP ITR. The main
difference is where an ITR will only LISP-encapsulate packets sourced from its own EID
prefixes (as determined by any configured “database-mapping” commands), a PITR will
LISP-encapsulate any packets, regardless of source, that are destined to a LISP site.
Therefore, a PITR also maintains a LISP map-cache, but does not have LISP database.
Rather, the PITR must be “configured” with the EID space it is responsible for “proxying” to
LISP sites.

• Prior to sending traffic to the non-LISP address, verify that the PITR LISP map-cache
contains no entries, except the entry for 2001:db8:a::/47.

R115-PxTR#clear ipv6 lisp map-cache

R115-PxTR#sh ipv6 lisp map-cache
LISP IPv6 Mapping Cache for EID-table default (IID 0), 1 entries

2001:DB8:A::/47, uptime: 00:00:02, expires: never, via route-import, send-map-request

Negative cache entry, action: send-map-request
R115-PxTR#

• Note that the “action” for this map-cache entry is ”send-map-request.” This shows that this
PITR is configured to proxy for the EID address space covered by 2001:db8:a::/47, and that,
in the absence of any other map-cache entries, it should send a map-request to the
configured Map-Resolver to obtain a current EID-to-RLOC mapping.

Step 2 Configure LISP xTR R112 and LISP xTR R116 to use the LISP PETR for address family
“hop-over” support.

• Configure the LISP xTR R112 to use the LISP PETR.

R112-xTR(config)#router lisp
R112-xTR(config-router-lisp)#ipv6 use-petr 10.0.101.2
R112-xTR(config-router-lisp)#^Z
R112-xTR#

  26  
 • Configure the LISP xTR R116 to use the LISP PETR.

R116-xTR(config)#router lisp
R116-xTR(config-router-lisp)#ipv6 use-petr 10.0.101.2
R116-xTR(config-router-lisp)#^Z
R116-xTR#

• Verify that LISP xTR R112 is configured to use Proxy ETR services.

R112-xTR#sh ipv6 lisp

Instance ID: 0
Router-lisp ID: 0
Locator table: default
EID table: default
Ingress Tunnel Router (ITR): enabled
Egress Tunnel Router (ETR): enabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
Map Server (MS): disabled
Map Resolver (MR): disabled
Delegated Database Tree (DDT): disabled
Map-Request source: 2001:DB8:A:2::2
ITR Map-Resolver(s): 10.0.100.2
ETR Map-Server(s): 10.0.100.2 (00:00:52)
xTR-ID: 0xA2EADCF9-0xC09C318D-0x99EC7710-0xD93D3099
site-ID: unspecified
ITR use proxy ETR RLOC(s): 10.0.101.2
---<skip>---
R112-PxTR#

Step 3 Source ping traffic from LISP xTR R112 to the non-LISP host and review the results.
• Clear the ipv6 lisp map-cache on the LISP xTR R112. This gives us a good baseline from
which to begin this exercise.

R112-xTR#clear ipv6 lisp map-cache

R112-xTR#sh ipv6 lisp map-cache
LISP IPv6 Mapping Cache for EID-table default (IID 0), 1 entries

::/0, uptime: 00:00:03, expires: never, via static send map-request

Negative cache entry, action: send-map-request
R112-xTR#

• Source-ping from LISP xTR R112 using the source IPv6 test EID address 2001:db8:a::254
and the non-LISP IPv6 destination 2001:db8:c5c0::1. Review the results.

R112-xTR#ping 2001:db8:c5c0::1 source 2001:db8:a:1::254 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 2001:DB8:C5C0::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:1::254
..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/8 ms
R112-xTR#

• These results are very similar to the prior examples where the map-cache entry is not already
built. However, in this case, the map-cache entries are built on this router (R112) for the
PETR as the destination, and on the PITR (R115) for the return traffic (back to this site).

• Review the map-cache now added on LISP xTR R112.

R112-xTR#sh ipv6 lisp map-cache

LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 00:06:38, expires: never, via static send map-request

Negative cache entry, action: send-map-request

  27  
 2001:DB8:8000::/33, uptime: 00:00:28, expires: 00:14:32, via map-reply, forward-native
Encapsulating to proxy ETR
R112-xTR#

• In this case, because the destination (2001:db8:c5c0::1) is determined by the MSMR (R114)
to not be a LISP EID (as would be known to it via a configured “site” command), the MSMR
returns a “negative map-reply” (NMR) back to the xTR (R112). The aggregate covered by this
NMR is computed by the MSMR to cover the “largest possible block” that does not contain a
known LISP EID prefix. In this case (above), you can see that the NMR covers the block
2001:db8:8000::/33. Note also that the “action” of the negative cache entry is “forward-
native” which means these packets are forwarded natively. However, since this site only has
an IPv4 WAN connection (RLOC), LISP uses the IPv4 RLOC on R112 as an outer header
source, and the IPv4 RLOC of the PETR is the outer header destination – and all IPv6 EID
packets are LISP-encapsulated over IPv4 to the PETR. The PETR is dual-stacked; it
decapsulates the LISP packets and then forwards them natively to the non-LISP target.
Return packets are attracted to the dual-stacked PITR, which LISP encapsulates them over
IPv4 back to LISP Site 1.

• Verify that a map-cache entry has also now been built on the LISP PITR R115 to handle the
return traffic (non-LISP to LISP):

R115-PxTR#sh ipv6 lisp map-cache

LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

2001:DB8:A::/47, uptime: 00:07:20, expires: never, via route-import, send-map-request

Negative cache entry, action: send-map-request
2001:DB8:A::/48, uptime: 00:01:18, expires: 23:58:44, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:01:18 up 1/1
R115-PxTR#

• As expected, the PITR (R115) has a map-cache entry that includes the LISP xTR R112 prefix
and its site policy (locators and ingress TE specifications) installed in its map-cache. The
PITR uses this map-cache entry to LISP-encapsulate traffic (return echo-reply packets in this
case) to LISP xTR R112.

• Check the LISP encapsulation details on the LISP PITR R115:

R115-PxTR#sh ipv6 lisp forwarding eid remote 2001:db8:a:1::1

Prefix Fwd action Locator status bits
2001:DB8:A::/48 encap 0x00000001
packets/bytes 98/9800
path list B4672DDC, flags 0x49, 4 locks, per-destination
ifnums:
LISP0(11): 10.0.1.2
1 path
path B4493988, path list B4672DDC, share 1/1, type attached nexthop, for IPv6
nexthop 10.0.1.2 LISP0, adjacency IPV6 midchain out of LISP0, addr 10.0.1.2 B0A34BD8
1 output chain
chain[0]: IPV6 midchain out of LISP0, addr 10.0.1.2 B0A34BD8 IP adj out of
Ethernet0/0, addr 10.0.101.1 B2977008
R115-PxTR# R115-PxTR#

• Notice that the LISP PITR R115 has encapsulated packets to the LISP Site 1 xTR R112.

• Check the LISP encapsulation details on the LISP xTR R112:

R112-xTR#sh ipv6 lisp forwarding eid remote 2001:db8:c5c0::1

Prefix Fwd action Locator status bits
2001:DB8:8000::/33 fwd native 0x00000000
packets/bytes 99/8514
path list B460069C, flags 0x49, 3 locks, per-destination
ifnums:

  28  
 LISP0(23): 10.0.101.2
1 path
path B45CEBA8, path list B460069C, share 1/1, type attached nexthop, for IPv6
nexthop 10.0.101.2 LISP0, adjacency IPV6 midchain out of LISP0, addr 10.0.101.2
B467E5F8
1 output chain
chain[0]: IPV6 midchain out of LISP0, addr 10.0.101.2 B467E5F8 IP adj out of
Ethernet1/1, addr 10.0.1.1 B467E728
R112-xTR#

• Notice that the LISP xTR R112 has encapsulated IPv6 EIDs to the LISP PETR located at
10.0.100.2.

 End of Exercise: You have successfully completed this exercise.

Proceed to next section.
 
 

  29  
Lab Exercise 6: Deploying LISP Multihoming
with IPv4 Locators

Exercise Description
In Exercise 6, you will continue configuring basic LISP elements. In this exercise, you will add a
second RLOC interface to the edge router (xTR) at LISP Site 1. This exercise simulates the real-
world scenario where an Enterprise site requires additional bandwidth and desires to attain
diversity in Service Providers by using multi-homing.

Exercise Objective
Through the course of this exercise, you will learn how to configure basic multihoming using
LISP, and set an ingress traffic engineering policy for the site. In this case, the site will specify
active/active link utilization with 50%/50% load sharing.

Lab Exercise Steps

Step 1 Configure LISP Site 1 (R112) for a second IPv4 RLOC.
• Ensure that both IPv4 WAN interfaces are “up” (Eth1/1 and Eth1/2) on R112, and that default
routing is set for both interfaces. (This should be the pre-configured state for this Lab. This
step simply confirms that current state.)

R112-xTR#show ip interface brief | exc un|down

Interface IP-Address OK? Method Status Protocol
Ethernet0/0 172.16.1.2 YES manual up up
Ethernet1/1 10.0.1.2 YES manual up up
Ethernet1/2 10.0.2.2 YES manual up up
Loopback0 192.168.1.254 YES manual up up
R112-xTR#
 
  30  
 • Add the default route for interface Eth1/2, which will be added to the LISP locator-set. A
default route needs to be added for this interface.

R112-xTR(config)# ip route 0.0.0.0 0.0.0.0 10.0.2.1

R112-xTR(config)#

• Add interface Eth1/2 to the LISP locator-set. Adding this second RLOC allows this xTR to be
multihomed. In this case, specify that ingress traffic to the site should use both links in a
50%/50% active/active load sharing mode.

R112-xTR(config)#router lisp
R112-xTR(config-router-lisp)#locator-set SITE1
R112-xTR(config-router-lisp-locator-set)#10.0.2.2 priority 1 weight 1
R112-xTR(config-router-lisp-locator-set)#^Z
R112-xTR#

• Now the EID prefixes for which this site is authoritative are associated with two IPv4 RLOCs
(10.0.1.2, and 10.0.2.2), with each give a priority of 1 and a weight of 1.

Note: LISP uses the concept of “priority” and “weight” to create a policy that indicates how the site wants to
receive traffic destined for its EID prefixes.
o When a LISP site has multiple locators, each locator may be assigned the same or a different
priority value between 0 and 255. When multiple locators are assigned different priority values, the
priority value alone is used to determine which locator to prefer. A lower value indicates a more
preferable path. A value of 255 indicates that the locator must not be used for unicast traffic
forwarding.
o When multiple locators have the same priority, they will be used in a load-sharing manner. For a
given priority, the weight assigned to each locator is used to determine how to load-share unicast
flows amongst each locator. A weight value of between 0 and 100 is used to represent the
percentage of traffic to be load-shared to that locator.

** In practice, the router computes the percentage based on the assigned weights. This is required
for failure scenarios where an RLOC may not be available and LISP must re-balance the load-
share. (For example, if an xTR has three locators, and then one goes down, the xTR must re-
compute the load share. Here is the calculation for this lab.

(weight of this locator) 1 1

------------------------ --- --
(sum of all weights) (1+1) 2

In the trivial case here, each locator has been given a weight value of “1” which indicates that
each locator is to receive 1/2 the traffic flows

Step 2 Verify that LISP Site 1 is now using this new information in its database:
• Use the “show ip lisp database” command to verify the LISP database on R112. Notice that
the new information matches the configured database-mapping commands.

R112-xTR#sh ip lisp database

LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x3, 1 entries

192.168.1.0/24, locator-set SITE1

Locator Pri/Wgt Source State
10.0.1.2 1/1 cfg-addr site-self, reachable
10.0.2.2 1/1 cfg-addr site-self, reachable
R112-xTR#

• Observe the map-cache on LISP xTR (R116) using the command show ip lisp map-cache.
The new mapping policy for R112 should now be available to R116.

R116-xTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

  31  
 0.0.0.0/0, uptime: 00:48:32, expires: never, via static send map-request
Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:29:20, expires: 23:56:03, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:29:20 up 1/1
10.0.2.2 00:29:20 up 1/1
R116-xTR#

• Notice that the IPv4 map-cache on LISP xTR R116 is already updated and using the new
policy from LISP xTR R112. Did this happen? Why or why not?
If this did happen:
o First, remember that LISP sites only maintain map-cache entries for EIDs that they are
having conversations with. By default, map-cache entries have a TTL of 24-hours. In
addition, each map-cache entry will have a “state” of either “active” or “idle” – indicating
how recently traffic has actually been flowing towards the remote EID. This can be seen
in the detailed output of the command show ip lisp map-cache. For example, on
RTR116, observe the details for the remote EID 192.168.1.0/24.

R116-xTR#sh ip lisp map-cache 192.168.1.0/24

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

192.168.1.0/24, uptime: 00:44:47, expires: 23:59:46, via map-reply, complete

Sources: map-reply
State: complete, last modified: 00:32:45, map-source: 10.0.2.2
Active, Packets out: 1044 (~ 00:00:14 ago)
Locator Uptime State Pri/Wgt
10.0.1.2 00:44:47 up 1/1
Last up-down state change: 00:44:47, state change count: 1
Last route reachability change: never, state change count: 0
Last priority / weight change: never/00:32:45
RLOC-probing loc-status algorithm:
Last RLOC-probe sent: 00:00:14 (rtt 1ms)
Next RLOC-probe in: 00:00:44
Latched to ITR-RLOC: 10.0.9.2
10.0.2.2 00:44:47 up 1/1
Last up-down state change: 00:44:47, state change count: 1
Last route reachability change: never, state change count: 0
Last priority / weight change: never/never
RLOC-probing loc-status algorithm:
Last RLOC-probe sent: 00:00:14 (rtt 0ms)
Next RLOC-probe in: 00:00:46
Latched to ITR-RLOC: 10.0.9.2
R116-xTR#

o Also notice above that RLOC probing is querying the status of the R112 locators. LISP
xTR R112 also has rloc-probing enabled. When rloc-probing is enabled, an xTR will
automatically “inform” the xTRs with which it is currently conversing, as determined by
the list of high priority locators in its map-cache, of any changes to its site policy. In this
case, when you added the second RLOC to the LISP xTR R112 locator-set, R112 will
request that LISP xTR R116 “update” its map-cache entry for R112. R112 does this by
sending a “solicit map-request” (SMR) message to R116. An SMR requests that the
receiver initiate a normal “map-request” process in order to cause it to update its (now
out-of-date) map-cache entry for the changed site.
If this did not happen:
o The above discussion assumes of course that a map-cache entry was still present on
R112 for the remote site LISP xTR R116. If a map-cache entry is not present on R112,
then R112 will not inform R116 of the change of policy immediately. In this case: a) if
R116 also does not have a mapping, it will obtain a new mapping during the normal map-
request/map-reply process, or b) if R116 has the old mapping, it will be updated by R112
once R116 and R112 initiate traffic flow and R112 installs a map-cache entry for R116.

• On the LISP xTR R116, ping the LISP xTR R112 EID. Observe that all packets are
successful (assuming that a map-cache entry is available on both xTRs).

  32  
 R116-xTR#ping 192.168.1.254 so 192.168.7.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.7.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R116-xTR#

• On the LISP xTR R116, use the show ip lisp forwarding eid remote command to verify that
LISP encapsulation will utilize both RLOCs on LISP xTR 112.

R116-xTR#sh ip lisp forward eid remote 192.168.1.1

Prefix Fwd action Locator status bits
192.168.1.0/24 encap 0x00000003
packets/bytes 4/344
path list B4389BDC, flags 0x49, 3 locks, per-destination
ifnums:
LISP0(11): 10.0.1.2, 10.0.2.2
2 paths
path B3736748, path list B4389BDC, share 1/1, type attached nexthop, for IPv4
nexthop 10.0.1.2 LISP0, adjacency IP midchain out of LISP0, addr 10.0.1.2 B4404780
path B3736198, path list B4389BDC, share 1/1, type attached nexthop, for IPv4
nexthop 10.0.2.2 LISP0, adjacency IP midchain out of LISP0, addr 10.0.2.2 B4404520
1 output chain
chain[0]:
loadinfo B1BC829C, per-session, 2 choices, flags 0083, 5 locks
flags: Per-session, for-rx-IPv4, 2buckets
2 hash buckets
< 0 > IP midchain out of LISP0, addr 10.0.1.2 B4404780 IP adj out of Ethernet0/1,
addr 10.0.9.1 B297D648
< 1 > IP midchain out of LISP0, addr 10.0.2.2 B4404520 IP adj out of Ethernet0/1,
addr 10.0.9.1 B297D648
Prefix Fwd action Locator status bits
Subblocks:
None
R116-xTR#

• Notice that the “locator status bits” show 0x00000003, indicating that the remote site (R112)
has two locators, and both are considered “up” and available as destinations for LISP
encapsulated packets to reach 192.168.1.0/24. (The hex value 0x00000003 represents the
Locator-Status-Bits (LSB) binary value of 0000 00011 which indicates the up/down status
(both “up” in this case as indicated by the value “1” in each of the first two bit positions).

• Because LISP load sharing is performed on a per-flow basis using a five-tuple hash of the
source packets, in order to exercise and observer load sharing of traffic into LISP xTR 112,
you will need to initiate traffic flows from different sources and destinations. On LISP Site 2
host R117, issue “source-pings” from multiple addresses, such as “ping 192.168.1.1 source
192.168.7.1” and “ping 192.168.1.2 source 192.168.7.3” and observe the results. You can
verify how LISP xTR R116 is sending traffic by observing the output of the “show adjacency
lisp0 detail” command, and/or how LISP xTR R112 is receiving traffic is to observe the
RLOC interface counters. For example, send 500 pings from 192.168.7.1 to 192.168.1.1.

R112-xTR#clear counters
Clear "show interface" counters on all interfaces [confirm]
R112-xTR#

R116-xTR#clear counters
Clear "show interface" counters on all interfaces [confirm]
R116-xTR#

R117-Host7#ping 192.168.1.1 so 192.168.7.1 rep 500

Type escape sequence to abort.
Sending 500, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.7.1

  33  
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
---<skip>---
!!!!!!!!!!
Success rate is 100 percent (500/500), round-trip min/avg/max = 1/3/8 ms
R117-Host7#

R116-xTR#show adjacency lisp0 detail

Protocol Interface Address
IP LISP0 10.0.1.2(5)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 0
Encap length 36
450000000000400000115CEA0A000902
0A000102000010F500000000C0CB873B
00000001
LISP
Next chain element:
IP adj out of Ethernet0/1, addr 10.0.9.1
IP LISP0 10.0.2.2(5)
500 packets, 68000 bytes
epoch 0
sourced in sev-epoch 0
Encap length 36
450000000000400000115BEA0A000902
0A000202000010F500000000C0CB873B
00000001
LISP
Next chain element:
Protocol Interface Address
IP adj out of Ethernet0/1, addr 10.0.9.1
R116-xTR#

R112-xTR#sh interface eth1/1 | in pack

5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 9000 bits/sec, 9 packets/sec
0 packets input, 0 bytes, 0 no buffer
0 input packets with dribble condition detected
501 packets output, 75060 bytes, 0 underruns
R112-xTR#sh interface eth1/2 | in pack
5 minute input rate 9000 bits/sec, 9 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
501 packets input, 75154 bytes, 0 no buffer
0 input packets with dribble condition detected
2 packets output, 214 bytes, 0 underruns
R112-xTR#

• Now repeat this, but send 500 pings from 192.168.7.3 to 192.168.1.2 (as an example).

R112-xTR#clear counters
Clear "show interface" counters on all interfaces [confirm]
R112-xTR#

R116-xTR#clear counters
Clear "show interface" counters on all interfaces [confirm]
R116-xTR#

R117-Host7#ping 192.168.1.2 so 192.168.7.3 rep 500

Type escape sequence to abort.
Sending 500, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.7.3
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
---<skip>---
!!!!!!!!!!
Success rate is 100 percent (500/500), round-trip min/avg/max = 1/4/23 ms
R117-Host7#

R116-xTR#show adjacency lisp0 detail

Protocol Interface Address
IP LISP0 10.0.1.2(5)

  34  
 500 packets, 68000 bytes
epoch 0
sourced in sev-epoch 0
Encap length 36
450000000000400000115CEA0A000902
0A000102000010F500000000C0CB873B
00000001
LISP
Next chain element:
IP adj out of Ethernet0/1, addr 10.0.9.1
IP LISP0 10.0.2.2(5)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 0
Encap length 36
450000000000400000115BEA0A000902
0A000202000010F500000000C0CB873B
00000001
LISP
Next chain element:
Protocol Interface Address
IP adj out of Ethernet0/1, addr 10.0.9.1
R116-xTR#

R112-xTR#sh int eth1/1 | in pack

5 minute input rate 6000 bits/sec, 6 packets/sec
5 minute output rate 9000 bits/sec, 9 packets/sec
500 packets input, 75000 bytes, 0 no buffer
0 input packets with dribble condition detected
501 packets output, 75060 bytes, 0 underruns
R112-xTR#sh int eth1/2 | in pack
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2 packets input, 152 bytes, 0 no buffer
0 input packets with dribble condition detected
4 packets output, 318 bytes, 0 underruns
R112-xTR#

• Notice that the LISP xTR R116 has encapsulated packets to both RLOCs on the LISP Site 1
xTR R2, satisfying the 50%/50% ingress traffic engineering policy set by LISP xTR R112.

Note: The ability to achieve accurate load sharing is dependent upon statistically relevant five-tuple hash distributions
from all flows. Depending upon this distribution, hashing may or may not be an exactly meet the desired percentages
as specified by LISP weights. Given a sufficiently rich distribution, it will be very close, however.

Extra Credit: Explore policy update mechanics

• If you would like to observer the process by which an xTR site “updates” its remote
correspondents about a policy change, perform the following tasks.
o On xTR R116, enable LISP debugging
o On xTR R112, modify the locator-set policy by adjusting one of the locator load shares
o Observe the messaging via the LISP debug output on xTR R116, and the propagation of
this policy change

R116-xTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 01:20:14, expires: never, via static send map-request

Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:03:02, expires: 23:57:57, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:01:02 up 1/1
10.0.2.2 00:01:02 up 1/1
R116-xTR#

R116-xTR#deb lisp control-plane all

All LISP control debugging is on

  35  
 R112-xTR(config)#router lisp
R112-xTR(config-router-lisp)#locator-set SITE1
R112-xTR(config-router-lisp-locator-set)#10.0.1.2 priority 1 weight 4
R112-xTR(config-router-lisp-locator-set)#

R116-xTR#
*Apr 11 05:46:51.535: LISP: Processing received Map-Request message from 10.0.2.2 to
10.0.9.2
*Apr 11 05:46:51.535: LISP: Received map request for IID 0 192.168.7.0/24, source_eid IID
0 192.168.1.0, ITR-RLOCs: 10.0.2.2, records 1, nonce 0xE5539C42-0x78DBF4E6,
probe, SMR
*Apr 11 05:46:51.535: LISP-0: AF IID 0 IPv4, Scheduling SMR trigger Map-Request for
192.168.1.0/32 from 192.168.7.0.
*Apr 11 05:46:51.535: LISP: Processing map request record for EID prefix IID 0
192.168.7.0/24
*Apr 11 05:46:51.535: LISP-0: Sending map-reply from 10.0.9.2 to 10.0.2.2.
*Apr 11 05:46:51.589: LISP-0: IID 0 Request processing of SMR map requests to IPv4.
*Apr 11 05:46:51.589: LISP: Executing work item Net_tx:_0_v4_Map-Request_send[normal]
*Apr 11 05:46:51.589: LISP: Send map request type SMR
*Apr 11 05:46:51.589: LISP: Send map request for EID prefix IID 0 192.168.1.0/32
*Apr 11 05:46:51.589: LISP-0: AF IID 0 IPv4, Send SMR triggered map request for
192.168.1.0/32 (1) from 192.168.7.0.
*Apr 11 05:46:51.589: LISP-0: AF IPv4, Sending map-request from 10.0.9.2 to 192.168.1.0
for EID 192.168.1.0/32, ITR-RLOCs 1, nonce 0x40783E0F-0x3D260D74 (encap src
10.0.9.2, dst 10.0.100.2).
*Apr 11 05:46:51.598: LISP: Processing received Map-Reply message from 10.0.2.2 to
10.0.9.2
*Apr 11 05:46:51.598: LISP: Received map reply nonce 0x40783E0F-0x3D260D74, records 1
*Apr 11 05:46:51.598: LISP: Processing Map-Reply mapping record for IID 0 192.168.1.0/24,
ttl 1440, action none, authoritative, 2 locators
10.0.1.2 pri/wei=1/4 LpR
10.0.2.2 pri/wei=1/1 LpR
*Apr 11 05:46:51.598: LISP-0: Map Request IID 0 prefix 192.168.1.0/32 SMR[LL], Received
reply with rtt 1ms.
*Apr 11 05:46:51.598: LISP: Processing mapping information for EID prefix IID 0
192.168.1.0/24
*Apr 11 05:46:51.598: LISP-0: Remote EID IID 0 prefix 192.168.1.0/24 RLOC 10.0.1.2
pri/wei=1/4, Add/update locator flags LpR (sources: <map-rep>, state:
complete, rlocs: 2).
R116-xTR#
*Apr 11 05:46:51.598: LISP-0: Remote EID IID 0 prefix 192.168.1.0/24 RLOC 10.0.1.2
pri/wei=1/4, Updated locator (sources: <map-rep>, state: complete, rlocs: 2).
*Apr 11 05:46:51.598: LISP-0: Remote EID IID 0 prefix 192.168.1.0/24 RLOC 10.0.2.2
pri/wei=1/1, Add/update locator flags LpR (sources: <map-rep>, state:
complete, rlocs: 2).
*Apr 11 05:46:51.598: LISP-0: Remote EID IID 0 prefix 192.168.1.0/24 RLOC 10.0.2.2
pri/wei=1/1, No change in pri/wei for locator (sources: <map-rep>, state:
complete, rlocs: 2).
R116-xTR#

R116-xTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:20:14, expires: never, via static send map-request

Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:01:02, expires: 23:59:57, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:01:02 up 1/4
10.0.2.2 00:01:02 up 1/1
R116-xTR#

 End of Exercise: You have successfully completed this exercise.

Proceed to next section.
 

  36  
Lab Exercise 7: Deploying LISP Multihoming
with IPv4 and IPv6 Locators
 
Exercise Description
In this seventh and final exercise, you will add an IPv6 RLOC interface to the LISP Site1 router
(xTR). This exercise simulates the real-world scenario where an Enterprise site decides to add
IPv6 WAN connectivity. You will also explore the implications of mixed address family locators,
and see how this affects the way that LISP and non-LISP remote sites reach LISP Site1.
 

 
 
Exercise Objective
In Exercise 7, the goal is to understand mixed address family implications for both LISP and non-
LISP traffic when a LISP site has both IPv4 and IPv6 RLOCs.
 
Lab Exercise Steps
Step 1 Configure LISP Site 1 (R112) for a second IPv4 RLOC.
• Ensure that both IPv4 WAN interfaces are “up” (Eth1/1 and Eth1/2) on R112, and that default
routing is set for both interfaces. (This should be the pre-configured state for this Lab. This
step simply confirms that current state.)

R112-xTR#show ipv6 interface brief eth1/3

Ethernet1/3 [up/up]
FE80::A8BB:CCFF:FE00:7031
2001:DB8:2:3::2
R112-xTR#

  37  
 • Add the IPv6 default route for interface Eth1/3, which will be added to the LISP locator-set. A
default route needs to be added for this interface.

R112-xTR(config)#ipv6 route ::/0 2001:db8:2:3::1

R112-xTR(config)#

• Add the IPv6 interface to the LISP locator-set, and give it a priority of 1 and a weight of 1. The
EID prefixes for which this site is authoritative are now associated with two IPv4 RLOCs
(10.0.1.2, and 10.0.2.2) and one IPv6 RLOC (2001:db8:2:3::2).

R112-xTR(config)#router lisp
R112-xTR(config-router-lisp)#locator-set SITE1
R112-xTR(config-router-lisp-locator-set)# 2001:db8:2:3::2 priority 1 weight 1
R112-xTR(config-router-lisp-locator-set)#^Z
R112-xTR#

• It could now be possible to remove the “ipv6 use-petr” command from the configuration.
However, operational considerations which may result in this command being retained
o If this command is removed, LISP xTR R112 will now send IPv6 EID-sourced
packets destined to non-LISP IPv6 sites “natively” (i.e. without LISP encapsulation).
Return traffic will still be via the PITR (see below). However, if this command is
removed and the IPv6 link fails, the LISP site will no longer have access to non-LISP
IPv6 destinations since it will only have IPv4 uplinks and no path the PETR.
o If this command is retained, LISP xTR R112 will continue sending IPv6 EID-sourced
packets destined to non-LISP IPv6 sites via the PETR (and return traffic will still be
via the PITR) (see below). Also, if this command is retained and the IPv6 link fails,
the LISP site will still have access to non-LISP IPv6 destinations via the IPv4 uplinks
and the PETR.
For this exercise, let’s leave the “ipv6 use-petr” command configured.

Step 2 Verify that LISP Site 1 is now using this new information in its database mapping:
• Use the “show ip lisp database” command to verify the LISP database on R112. Notice
that the new information matches the configured database-mapping commands.

R112-xTR#sh ip lisp database

LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x7, 1 entries

192.168.1.0/24, locator-set SITE1

Locator Pri/Wgt Source State
10.0.1.2 1/1 cfg-addr site-self, reachable
10.0.2.2 1/1 cfg-addr site-self, reachable
2001:DB8:2:3::2 1/1 cfg-addr site-self, reachable
R112-xTR#sh ipv6 lisp database
LISP ETR IPv6 Mapping Database for EID-table default (IID 0), LSBs: 0x7, 1 entries

2001:DB8:A::/48, locator-set SITE1

Locator Pri/Wgt Source State
10.0.1.2 1/1 cfg-addr site-self, reachable
10.0.2.2 1/1 cfg-addr site-self, reachable
2001:DB8:2:3::2 1/1 cfg-addr site-self, reachable
R112-xTR#

Step 3 Test the new IPv6 RLOC functionality.

• Only other devices with IPv6 RLOCs can LISP-encapsulated traffic to the IPv6 RLOC of
LISP xTR R112. In this topology, only the PITR (R115) has this capability. But this just
means to non-LISP traffic destined for LISP Site 1 EIDs (both IPv4 and IPv6 by the way!)
can be encapsulated from the PITR to LISP xTR R112 using all three RLOCs.

• On the LISP xTR R112, source-ping the non-LISP IPv4 destination 10.200.1.1 using the
LISP EID 192.168.1.254 and observe the results.

  38  
 R112-xTR#ping 10.200.1.1 so 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
R112-xTR#

• The return traffic from this ping must be handled buy the PITR (R115). Observe the map-
cache entry now installed on R115. Notice that the PITR is able to use all three RLOCs of
LISP xTR R112 and can thus encapsulate traffic (on a per-flow basis) 33/33/33% to R112.

R115-PxTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

192.168.0.0/16, uptime: 08:30:37, expires: never, via route-import, send-map-request

Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 00:00:46, expires: 23:59:14, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:00:46 up 1/1
10.0.2.2 00:00:46 up 1/1
2001:DB8:2:3::2 00:00:46 up 1/1
R115-PxTR#

• This can be further observed in detail by reviewing the CEF structure on PITR R115. You
can see from this output how the 15 hash buckets (o through 14) have been distributed in
order to achieve the 33/33/33% load sharing.

R115-PxTR#sh ip lisp for eid remo 192.168.1.1

Prefix Fwd action Locator status bits
192.168.1.0/24 encap 0x00000007
packets/bytes 3/300
path list B448D6EC, flags 0x49, 4 locks, per-destination
ifnums:
LISP0(10): 10.0.1.2, 10.0.2.2, 2001:DB8:2:3::2
3 paths
path B448C048, path list B448D6EC, share 1/1, type attached nexthop, for IPv4
nexthop 10.0.1.2 LISP0, adjacency IP midchain out of LISP0, addr 10.0.1.2 B4052D50
path B448BDA8, path list B448D6EC, share 1/1, type attached nexthop, for IPv4
nexthop 10.0.2.2 LISP0, adjacency IP midchain out of LISP0, addr 10.0.2.2 B4052C20
path B448BD38, path list B448D6EC, share 1/1, type attached nexthop, for IPv4
nexthop 2001:DB8:2:3::2 LISP0, adjacency IP midchain out of LISP0, addr
2001:DB8:2:3::2 B4516608
1 output chain
chain[0]:
loadinfo B1B16A28, per-session, 3 choices, flags 0003, 5 locks
flags: Per-session, for-rx-IPv4
Prefix Fwd action Locator status bits
15 hash buckets
< 0 > IP midchain out of LISP0, addr 10.0.1.2 B4052D50 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 1 > IP midchain out of LISP0, addr 10.0.2.2 B4052C20 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 2 > IP midchain out of LISP0, addr 2001:DB8:2:3::2 B4516608 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
< 3 > IP midchain out of LISP0, addr 10.0.1.2 B4052D50 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 4 > IP midchain out of LISP0, addr 10.0.2.2 B4052C20 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 5 > IP midchain out of LISP0, addr 2001:DB8:2:3::2 B4516608 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
< 6 > IP midchain out of LISP0, addr 10.0.1.2 B4052D50 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 7 > IP midchain out of LISP0, addr 10.0.2.2 B4052C20 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 8 > IP midchain out of LISP0, addr 2001:DB8:2:3::2 B4516608 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
< 9 > IP midchain out of LISP0, addr 10.0.1.2 B4052D50 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138

  39  
 <10 > IP midchain out of LISP0, addr 10.0.2.2 B4052C20 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
Prefix Fwd action Locator status bits
<11 > IP midchain out of LISP0, addr 2001:DB8:2:3::2 B4516608 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
<12 > IP midchain out of LISP0, addr 10.0.1.2 B4052D50 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
<13 > IP midchain out of LISP0, addr 10.0.2.2 B4052C20 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
<14 > IP midchain out of LISP0, addr 2001:DB8:2:3::2 B4516608 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
Subblocks:
None
R115-PxTR#

• Notice that the “locator status bits” shows 0x00000007 (representing the Locator-Status-Bits
(LSB) binary value of 0000 00111), indicating that the remote site (R112) has three locators,
all are considered “up” and available for LISP encapsulated packets to reach 192.168.1.0/24.

• On the LISP xTR R112, now source-ping the non-LISP IPv6 destination 2001:db8:c5c0::1
using the LISP EID 2001:db8:a:1::254 and observe the results.

R112-xTR#ping 2001:db8:c5c0::1 so 2001:db8:a:1::254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:C5C0::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:1::254
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
R112-xTR#

• On the LISP xTR R112, review the IPv6 LISP map-cache.

R112-xTR#sh ipv6 lisp map-cache

LISP IPv6 Mapping Cache for EID-table default (IID 0), 3 entries
---<skip>---
2001:DB8:8000::/33, uptime: 00:00:08, expires: 00:14:52, via map-reply, forward-native
Encapsulating to proxy ETR
R112-xTR#

• Note that traffic destined to non-LISP IPv6 space continues to use the PETR on egress. IPv6
return traffic from this ping must be handled buy the PITR (R115).

• Observe the map-cache entry now installed on R115. Notice that the PITR is able to use all
three RLOCs of LISP xTR R112 and can thus encapsulate traffic (on a per-flow basis)
33/33/33% to R112.

R115-PxTR#sh ipv6 lisp map-cache

LISP IPv6 Mapping Cache for EID-table default (IID 0), 3 entries
---<skip>---
2001:DB8:A::/48, uptime: 00:00:34, expires: 23:59:27, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 00:00:34 up 1/1
10.0.2.2 00:00:34 up 1/1
2001:DB8:2:3::2 00:00:34 up 1/1
2001:DB8:B::/48, uptime: 00:09:43, expires: 23:57:34, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.9.2 00:09:43 up 1/1
R115-PxTR#R112-xTR#

  40  
 • On the LISP PxTR R115, review the details of the IPv6 EID LISP forwarding to R112. This
looks identical to the IPv4 EID LISP forwarding.

R115-PxTR#sh ipv6 lisp for eid rem 2001:db8:a:1::1

Prefix Fwd action Locator status bits
2001:DB8:A::/48 encap 0x00000007
packets/bytes 3/300
path list B448D5AC, flags 0x49, 4 locks, per-destination
ifnums:
LISP0(10): 10.0.1.2, 10.0.2.2, 2001:DB8:2:3::2
3 paths
path B448BE88, path list B448D5AC, share 1/1, type attached nexthop, for IPv6
nexthop 10.0.1.2 LISP0, adjacency IPV6 midchain out of LISP0, addr 10.0.1.2 B45164D8
path B448BA28, path list B448D5AC, share 1/1, type attached nexthop, for IPv6
nexthop 10.0.2.2 LISP0, adjacency IPV6 midchain out of LISP0, addr 10.0.2.2 B45163A8
path B448B9B8, path list B448D5AC, share 1/1, type attached nexthop, for IPv6
nexthop 2001:DB8:2:3::2 LISP0, adjacency IPV6 midchain out of LISP0, addr
2001:DB8:2:3::2 B4516278
1 output chain
chain[0]:
loadinfo B1B16974, per-session, 3 choices, flags 0005, 5 locks
flags: Per-session, for-rx-IPv6
Prefix Fwd action Locator status bits
15 hash buckets
< 0 > IPV6 midchain out of LISP0, addr 10.0.1.2 B45164D8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 1 > IPV6 midchain out of LISP0, addr 10.0.2.2 B45163A8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 2 > IPV6 midchain out of LISP0, addr 2001:DB8:2:3::2 B4516278 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
< 3 > IPV6 midchain out of LISP0, addr 10.0.1.2 B45164D8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 4 > IPV6 midchain out of LISP0, addr 10.0.2.2 B45163A8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 5 > IPV6 midchain out of LISP0, addr 2001:DB8:2:3::2 B4516278 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
< 6 > IPV6 midchain out of LISP0, addr 10.0.1.2 B45164D8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 7 > IPV6 midchain out of LISP0, addr 10.0.2.2 B45163A8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
< 8 > IPV6 midchain out of LISP0, addr 2001:DB8:2:3::2 B4516278 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
< 9 > IPV6 midchain out of LISP0, addr 10.0.1.2 B45164D8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
<10 > IPV6 midchain out of LISP0, addr 10.0.2.2 B45163A8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
Prefix Fwd action Locator status bits
<11 > IPV6 midchain out of LISP0, addr 2001:DB8:2:3::2 B4516278 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
<12 > IPV6 midchain out of LISP0, addr 10.0.1.2 B45164D8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
<13 > IPV6 midchain out of LISP0, addr 10.0.2.2 B45163A8 IP adj out of Ethernet0/0,
addr 10.0.101.1 B28CC138
<14 > IPV6 midchain out of LISP0, addr 2001:DB8:2:3::2 B4516278 IPV6 adj out of
Ethernet0/0, addr 2001:DB8:3:5::1 B28CC008
Subblocks:
None
R115-PxTR#

• On the LISP xTR R112, now source-ping the LISP IPv6 EID destination 2001:db8:b:1::254
using the LISP EID 2001:db8:a:1::254 and observe the results.

R112-xTR#ping 2001:db8:b:1::254 so 2001:db8:a:1::254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:B:1::254, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:1::254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R112-xTR#

  41  
 • On the LISP xTR R112, review the IPv6 LISP map-cache. Note that the IPv6 EID space is
encapsulated in IPv4 to match the only RLOC available on LISP Site 2 xTR R116.

R112-xTR#sh ipv6 lisp for eid remo 2001:db8:b:1::1

Prefix Fwd action Locator status bits
2001:DB8:B::/48 encap 0x00000001
packets/bytes 1004/67072
path list B3499ADC, flags 0x49, 3 locks, per-destination
ifnums:
LISP0(15): 10.0.9.2
1 path
path B25CB5E0, path list B3499ADC, share 1/1, type attached nexthop, for IPv6
nexthop 10.0.9.2 LISP0, adjacency IPV6 midchain out of LISP0, addr 10.0.9.2 B4741398
1 output chain
chain[0]: IPV6 midchain out of LISP0, addr 10.0.9.2 B4741398 IP adj out of
Ethernet1/1, addr 10.0.1.1 B1E6A0B0
R112-xTR#

• The more interesting result, perhaps, is to review the IPv6 LISP map-cache entry on LISP
Site 2 xTR R116. Since this xTR only has IPv4 RLOC connectivity, it can only LISP-
encapsulate packets to R112 using IPv4. Let’s look at the map-cache entry on R116.

R116-xTR#sh ip lisp map-cache

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 04:01:49, expires: never, via static send map-request

Negative cache entry, action: send-map-request
192.168.1.0/24, uptime: 03:42:36, expires: 23:43:15, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 03:42:36 up 1/1
10.0.2.2 03:42:36 up 1/1
2001:DB8:2:3::2 00:17:23 no-route 1/1
R116-xTR#
R116-xTR#sh ipv6 lisp map-cache
LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 05:18:28, expires: never, via static send map-request

Negative cache entry, action: send-map-request
2001:DB8:A::/48, uptime: 01:27:35, expires: 23:59:46, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.1.2 01:27:35 up 1/1
10.0.2.2 01:27:35 up 1/1
2001:DB8:2:3::2 01:27:35 no-route 1/1
R116-xTR#

• Notice in this case that the IPv6 locator for the IPv4 and IPv6 EIDs is marked “no-route.” In
this case, R116 will not use the IPv6 RLOC for encapsulation (it cannot).

• On the LISP xTR R116, review the details of the IPv6 EID LISP forwarding to R112. Note
that only the two IPv4 RLOCs are used for encapsulation (implying a 50/50% load share).

R116-xTR#sh ipv6 lisp forwarding eid remote 2001:db8:a:1::1

Prefix Fwd action Locator status bits
2001:DB8:A::/48 encap 0x00000007
packets/bytes 1008/100800
path list B36EB02C, flags 0x49, 3 locks, per-destination
ifnums:
LISP0(11): 10.0.1.2, 10.0.2.2
2 paths
path B42FD298, path list B36EB02C, share 0/1, type attached nexthop, for IPv6
nexthop 10.0.1.2 LISP0, adjacency IPV6 midchain out of LISP0, addr 10.0.1.2 B458F0E8
path B42FCF88, path list B36EB02C, share 1/1, type attached nexthop, for IPv6
nexthop 10.0.2.2 LISP0, adjacency IPV6 midchain out of LISP0, addr 10.0.2.2 B458EFB8
1 output chain
chain[0]:
loadinfo B1B7BD24, per-session, 2 choices, flags 0085, 5 locks
flags: Per-session, for-rx-IPv6, 2buckets
2 hash buckets

  42  
 < 0 > IPV6 midchain out of LISP0, addr 10.0.1.2 B458F0E8 IP adj out of Ethernet0/1,
addr 10.0.9.1 B2931108
< 1 > IPV6 midchain out of LISP0, addr 10.0.2.2 B458EFB8 IP adj out of Ethernet0/1,
addr 10.0.9.1 B2931108
Prefix Fwd action Locator status bits
Subblocks:
None
R116-xTR#

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 End of Lab: Congratulations! You have successfully completed the
lab. Please let your proctor know you finished and provide any
feedback to help improve the lab experience.
End of Exercise: You have successfully completed this exercise.
Proceed to next section.
 

  43  
Appendix A: Additional Resources
You can find other useful information related to the topics covered in this lab at the following URLs.

Cisco Information:
• Cisco LISP Download Site (EXTERNAL)
You  can  find  software  downloads,  configurations,  command  reference  guides,  and  more.  This  is  
the  site  that  “customers”  see.  
http://lisp.cisco.com   (IPv4  and  IPv6  accessible)  
• Cisco LISP Marketing Page (EXTERNAL)
Cisco  Marketing  maintains  this  page.  This  site  is  available  to  customers.  
http://www.cisco.com/go/lisp  
 
Other LISP Information:
• LISP Beta Network (EXTERNAL)
You  can  find  operational  information  on  the  LISP  Beta  Network,  and  general  LISP  protocol  
information.  This  site  is  available  to  customers.  
http://www.lisp4.net/   http://www.lisp6.net  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

  44  
Appendix B: Final Configurations
The final configurations for all routers used in this lab follow.

RTR113 (core)
!
hostname R113-Core
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
no ip address
ipv6 address 2001:DB8:C5C0::1/48
!
interface Loopback1
ip address 10.200.1.1 255.255.255.0
!
interface Ethernet0/0
description Connection to MSMR
ip address 10.0.100.1 255.255.255.252
ipv6 address 2001:DB8:3:4::1/64
!
interface Ethernet0/1
description Connection to PxTR
ip address 10.0.101.1 255.255.255.252
ipv6 address 2001:DB8:3:5::1/64
!
interface Ethernet0/2
description Connection to LISP Site 2 (RTR 116)
ip address 10.0.9.1 255.255.255.252
!
interface Ethernet1/1
description Connection to LISP Site 1 (RTR 112)
ip address 10.0.1.1 255.255.255.252
!
interface Ethernet1/2
description Connection to LISP Site 1 (RTR 112)
ip address 10.0.2.1 255.255.255.252
!
interface Ethernet1/3
description Connection to LISP Site 1 (RTR 112)
no ip address
ipv6 address 2001:DB8:2:3::1/64
!
router bgp 3
bgp asnotation dot
bgp log-neighbor-changes
neighbor 10.0.101.2 remote-as 5
neighbor 2001:DB8:3:5::2 remote-as 5
!
address-family ipv4
neighbor 10.0.101.2 activate
neighbor 2001:DB8:3:5::2 activate
exit-address-family
!
address-family ipv6
neighbor 2001:DB8:3:5::2 activate
exit-address-family
!
ip bgp-community new-format
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0

  45  
 privilege level 15
password cisco
login
transport input all
!

RTR114 (MSMR)
!
hostname R114-MSMR
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface LISP0
!
interface Ethernet0/0
ip address 10.0.100.2 255.255.255.252
ipv6 address 2001:DB8:3:4::2/64
!
router lisp
site site1
description LISP Site 1 - GOLD Lab
authentication-key SITE1KEY
eid-prefix 192.168.1.0/24
eid-prefix 2001:DB8:A::/48
exit
!
site site2
description Site 2 - GOLD Lab
authentication-key SITE2KEY
eid-prefix 192.168.7.0/24
eid-prefix 2001:DB8:B::/48
exit
!
ipv4 map-server
ipv4 map-resolver
ipv6 map-server
ipv6 map-resolver
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.100.1
!
ipv6 route ::/0 2001:DB8:3:4::1
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
login
transport input all
!

RTR115 (PxTR)
!
hostname R115-PxTR
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface LISP0
!
interface Ethernet0/0

  46  
 ip address 10.0.101.2 255.255.255.252
ipv6 address 2001:DB8:3:5::2/64
!
router lisp
eid-table default instance-id 0
ipv4 route-import map-cache static route-map EID-space
ipv6 route-import map-cache static route-map EID-space
exit
!
loc-reach-algorithm rloc-probing
ipv4 map-request-source 10.0.101.2
no ipv4 map-cache-persistent
ipv4 map-cache-limit 100000
ipv4 proxy-etr
ipv4 proxy-itr 10.0.101.2 2001:DB8:3:5::2
ipv4 itr map-resolver 10.0.100.2
ipv6 map-request-source 2001:DB8:3:5::2
no ipv6 map-cache-persistent
ipv6 map-cache-limit 100000
ipv6 proxy-etr
ipv6 proxy-itr 2001:DB8:3:5::2 10.0.101.2
ipv6 itr map-resolver 10.0.100.2
exit
!
router bgp 5
bgp asnotation dot
bgp log-neighbor-changes
neighbor 10.0.101.1 remote-as 3
neighbor 2001:DB8:3:5::1 remote-as 3
!
address-family ipv4
redistribute static route-map pop-EID
neighbor 10.0.101.1 activate
no neighbor 2001:DB8:3:5::1 activate
exit-address-family
!
address-family ipv6
redistribute static route-map pop-EID
neighbor 2001:DB8:3:5::1 activate
exit-address-family
!
ip bgp-community new-format
!
ip route 0.0.0.0 0.0.0.0 10.0.101.1
ip route 192.168.0.0 255.255.0.0 Null0 tag 111
!
ipv6 route 2001:DB8:A::/47 Null0 tag 111
ipv6 route ::/0 2001:DB8:3:5::1
!
route-map EID-space permit 10
match tag 111
!
route-map pop-EID permit 10
match tag 111
set origin igp
set community 111:5
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
login
transport input all
!

  47  
RTR112 (LISP Site 1 xTR)
!
hostname R112-xTR
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 192.168.1.254 255.255.255.255
ipv6 address 2001:DB8:A:1::254/128
!
interface LISP0
!
interface Ethernet0/0
ip address 172.16.1.2 255.255.255.0
ip ospf 1 area 0
ipv6 address 2001:DB8:A:2::2/64
ipv6 ospf 6 area 0
!
interface Ethernet1/1
ip address 10.0.1.2 255.255.255.252
!
interface Ethernet1/2
ip address 10.0.2.2 255.255.255.252
!
interface Ethernet1/3
no ip address
ipv6 address 2001:DB8:2:3::2/64
!
router lisp
locator-set SITE1
10.0.1.2 priority 1 weight 1
10.0.2.2 priority 1 weight 1
2001:DB8:2:3::2 priority 1 weight 1
exit
!
eid-table default instance-id 0
database-mapping 192.168.1.0/24 locator-set SITE1
database-mapping 2001:DB8:A::/48 locator-set SITE1
exit
!
loc-reach-algorithm rloc-probing
ipv4 itr map-resolver 10.0.100.2
ipv4 itr
ipv4 etr map-server 10.0.100.2 key SITE1KEY
ipv4 etr
ipv6 use-petr 10.0.101.2
ipv6 itr map-resolver 10.0.100.2
ipv6 itr
ipv6 etr map-server 10.0.100.2 key SITE1KEY
ipv6 etr
exit
!
router ospf 1
default-information originate
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1
ip route 0.0.0.0 0.0.0.0 10.0.2.1
!
ipv6 route ::/0 2001:DB8:2:3::1
ipv6 router ospf 6
default-information originate always
!
alias exec shbr show ip interface brief | exclude admin|un|Int
alias exec sh0 sh ip int br | ex un|do
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0

  48  
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
login
transport input all
!

RTR111 (LISP Site 1 Host)

!
hostname R111-Host1
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback1
ip address 192.168.1.1 255.255.255.255
ipv6 address 2001:DB8:A:1::1/128
ipv6 ospf 6 area 0
!
interface Loopback2
ip address 192.168.1.2 255.255.255.255
ipv6 address 2001:DB8:A:1::2/128
ipv6 ospf 6 area 0
!
interface Loopback3
ip address 192.168.1.3 255.255.255.255
ipv6 address 2001:DB8:A:1::3/128
ipv6 ospf 6 area 0
!
interface Loopback4
ip address 192.168.1.4 255.255.255.255
ipv6 address 2001:DB8:A:1::4/128
ipv6 ospf 6 area 0
!
interface Ethernet0/0
ip address 172.16.1.1 255.255.255.0
ip ospf 1 area 0
ipv6 address 2001:DB8:A:2::1/64
ipv6 ospf 6 area 0
!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
!
ipv6 router ospf 6
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
login
transport input all
!

RTR116 (LISP Site 2 xTR)

!
hostname R116-xTR
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0

  49  
 ip address 192.168.7.254 255.255.255.255
ipv6 address 2001:DB8:B:1::254/128
!
interface LISP0
!
interface Ethernet0/0
description Conn to Inside (hosts)
ip address 172.16.7.2 255.255.255.0
ip ospf 1 area 0
ipv6 address 2001:DB8:B:2::2/64
ipv6 ospf 6 area 0
!
interface Ethernet0/1
description Conn to CORE (RLOC for LISP)
ip address 10.0.9.2 255.255.255.252
!
router lisp
locator-set SITE2
10.0.9.2 priority 1 weight 1
exit
!
eid-table default instance-id 0
database-mapping 192.168.7.0/24 locator-set SITE2
database-mapping 2001:DB8:B::/48 locator-set SITE2
exit
!
loc-reach-algorithm rloc-probing
ipv4 itr map-resolver 10.0.100.2
ipv4 itr
ipv4 etr map-server 10.0.100.2 key SITE2KEY
ipv4 etr
ipv6 use-petr 10.0.101.2
ipv6 itr map-resolver 10.0.100.2
ipv6 itr
ipv6 etr map-server 10.0.100.2 key SITE2KEY
ipv6 etr
exit
!
router ospf 1
default-information originate always
!
ip route 0.0.0.0 0.0.0.0 10.0.9.1
!
ipv6 router ospf 6
router-id 172.16.7.2
default-information originate always
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
login
transport input all
!

RTR117 (LISP Site 2 Host)

!
hostname R117-Host7
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback1
ip address 192.168.7.1 255.255.255.255
ipv6 address 2001:DB8:B:1::1/128

  50  
 ipv6 ospf 6 area 0
!
interface Loopback2
ip address 192.168.7.2 255.255.255.255
ipv6 address 2001:DB8:B:1::2/128
ipv6 ospf 6 area 0
!
interface Loopback3
ip address 192.168.7.3 255.255.255.255
ipv6 address 2001:DB8:B:1::3/128
ipv6 ospf 6 area 0
!
interface Loopback4
ip address 192.168.7.4 255.255.255.255
ipv6 address 2001:DB8:B:1::4/128
ipv6 ospf 6 area 0
!
interface Ethernet0/0
ip address 172.16.7.1 255.255.255.0
ip ospf 1 area 0
ipv6 address 2001:DB8:B:2::1/64
ipv6 ospf 6 area 0
!
router ospf 1
network 192.168.7.0 0.0.0.255 area 0
!
ipv6 router ospf 6
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
password cisco
login
transport input all
!

 
 

  51