-
Cisco IOS IP Routing: LISP Command Reference
-
LISP Clear Commands
-
LISP Debug Commands
-
LISP DDT Configuration Commands
-
LISP Global Configuration Commands
-
LISP Interface Configuration Commands
-
LISP-Related Configuration Commands
-
LISP Router Configuration Commands
-
LISP Router IPv4 Configuration Commands
-
LISP Router IPv6 Configuration Commands
-
LISP Site Configuration Commands
-
LISP Show Commands
-
LISP VM-Mobility Commands
-
Index
-
Feedback
Contents
LISP Router Configuration Commands
- database-mapping (LISP EID-table)
- eid-notify authentication-key
- eid-notify key
- eid-table
- locator-down
- locator-scope
- locator-table
- loc-reach-algorithm
- map-cache
- other-xtr-probe
- rloc-prefix
- rtr-locator-set
- xtr instance-id
database-mapping (LISP EID-table)
To configure an IPv4 or IPv6 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and an associated traffic policy for Locator/ID Separation Protocol (LISP), use the database-mapping command in LISP EID-table or LISP EID-table dynamic-EID configuration mode. To remove the configured database mapping, use the no form of this command.
database-mapping eid-prefix/prefix-length { locator | ipv4-interface interface-name | ipv6-interface interface-name | auto-discover-rlocs } priority priority weight weight
no database-mapping eid-prefix/prefix-length { locator | ipv4-interface interface-name | ipv6-interface interface-name | auto-discover-rlocs }
Syntax Description
eid-prefix/prefix-length
IPv4 or IPv6 EID prefix and length to be advertised by the router.
locator
IPv4 or IPv6 routing locator (RLOC) associated with the value specified for the eid-prefix/prefix-length argument.
ipv4-interface interface-name
Specifies the IPv4 address and name of the interface to be used as the RLOC for the EID prefix.
ipv6-interface interface-name
Specifies the IPv6 address and name of the interface to be used as the RLOC for the EID prefix.
auto-discover-rlocs
Configures the Egress Tunnel Router (ETR) to discover the locators of all routers configured to function as both an ETR and an Ingress Tunnel Router (ITR)—such routers are referred to as xTRs—in the ETR LISP site when the site uses multiple xTRs and each xTR is configured to use DHCP-learned locators or configured with only its own locators.
priority priority
Specifies the priority assigned to the RLOC. Valid values are from 0 to 255.
weight weight
Specifies the weight assigned to the locator. Valid values are from 0 to 100.
Command Modes
LISP EID-table configuration (config-router-lisp-eid-table)
LISP EID-table dynamic-EID (config-router-lisp-eid-table-dynamic-eid)
NoteThe EID-table dynamic-EID command mode only supports the locator-set option for configuring RLOCs and its associated policies.
Command History
Release
Modification
15.1(1)XB
This command was introduced.
15.1(4)M
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the ip, ipv6, and lisp keywords were removed from the command syntax.
Cisco IOS XE Release 3.3S
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the ip, ipv6, and lisp keywords were removed from the command syntax.
15.2(3)T
This command was modified to permit up to 100 database-mapping entries per site.
Cisco IOS XE Release 3.6S
This command was modified to permit up to 100 database-mapping entries per site.
15.3(1)T
This command was modified and support was added for the LISP EID-table dynamic-EID configuration mode.
Cisco IOS XE Release 3.8S
This command was modified and support was added for the LISP EID-table dynamic-EID configuration mode.
Usage Guidelines
This command configures the LISP database parameters for a specified IPv4 or IPv6 EID-prefix block. Parameters for each IPv4 or IPv6 EID-prefix block include the associated locator, priority, and weight. The IPv4 or IPv6 specified in the eid-prefix/prefix-length argument of the command syntax is the LISP IPv4 or IPv6 EID-prefix block associated with the site.
Typically, the device registers as being authoritative with a map server. The locator is typically the IPv4 or IPv6 address of any interface used as the RLOC address for the EID prefix assigned to the site but can also be the IPv4 or IPv6 address of a loopback interface. Priority and weight values are associated with the locator address to define traffic policies when multiple RLOCs are defined for the same EID-prefix block.
When a device is configured as an ETR, the LISP database-mapping parameters are advertised within a map-reply message to indicate the EID-prefix block and ingress traffic preferences of the site. An ITR then selects a destination locator (outer header) address for encapsulating packets destined to the EID prefix based on these advertised parameters.
NoteWhen LISP is configured for virtualization, multitenancy can be achieved by associating a LISP instance ID with a virtual routing and forwarding (VRF) table. The database-mapping command is configured after entering the eid-table command in LISP configuration mode so that the subsequent database-mapping entries are associated with the appropriate LISP instance ID specified in the eid-table command. Additional details on this usage of the database-mapping command with instance IDs can be found on the eid-table command page.
When a LISP site has multiple locators associated with the same EID-prefix block, multiple database-mapping commands are used to configure all of the locators for a given EID-prefix block. Each locator may be assigned the same or a different priority value from 0 to 255. When multiple locators are assigned different priority values, the priority value alone is used to determine which locator to prefer. A lower value indicates a more preferable path. A value of 255 indicates that the locator must not be used for unicast traffic forwarding. When multiple locators have the same priority, they can be used in a load-sharing manner.
In this case, for a given priority, the weight given to each locator is used to determine how to load-balance unicast packets between them. Weight is a value between 0 and 100 and represents the percentage of traffic to be load-shared to that locator. If a nonzero weight value is assigned to any locator for a given EID-prefix block, then all locators with the same priority for that same EID-prefix block must also be assigned a nonzero weight value. If a weight value of zero is assigned to any locator for a given EID-prefix block, then all locators with the same priority for that same EID-prefix block must also be assigned a weight value of zero. A weight value of zero indicates to an ITR receiving the map reply that it may decide how to load-share traffic destined to that EID-prefix block.
When a LISP site is assigned multiple IPv4 or IPv6 EID-prefix blocks, database mapping is configured for each IPv4 or IPv6 EID-prefix block assigned to the site and for each locator by which the IPv4 or IPv6 EID-prefix block is reachable.
NotePrior to Cisco IOS Release 15.2(3)T and Cisco IOS XE Release 3.6S, a maximum of 10 database-mapping entries were permitted per site. Beginning with Cisco IOS Release 15.2(3)T and Cisco IOS XE Release 3.6S, this limit has been raised to 100 database-mapping entries.
When multiple ETRs are used at a LISP site, the database-mapping command must be configured on all ETRs for all locators by which an IPv4 or IPv6 EID-prefix block is reachable, even when the locator is not local to the specific ETR being configured. For example, if a site uses two ETRs and each has a single locator, both ETRs must be configured with the database-mapping command for the assigned IPv4 or IPv6 EID-prefix block for its own locator as well as the locator of the other ETR. That is, all ETRs will have identical database-mapping command configurations.
When the IPv4 or IPv6 address of an interface to be used as a routing locator is determined dynamically, such as by DHCP, you must specify the name of the interface that will be used as the locator rather than directly configuring the IP address. In this case, use the ipv4-interface interface-name or ipv6-interface interface-name keyword-argument pair of the database-mapping command to configure the appropriate RLOC.
When multiple ETRs are used at a LISP site, you must configure consistent database-mapping commands on all ETRs for all locators—including those local and not local to each ETR. To accomplish this when the database-mapping eid-prefix/prefix-length ipv4-interface interface-name or ipv6-interface interface-name form of the database-mapping command is configured for local locators, the database-mapping eid-prefix/prefix-length auto-discover-rlocs form of the command must be used to indicate that other ETRs within the same LISP site also have dynamic locators. Configuring the auto-discover-rlocs keyword signals to the map server that it should merge all locators for the associated EID prefixes within map-register messages it receives from all of the ETRs within a LISP site and send the merged locator set back to all registering ETRs via a map-notify message.
NoteTo reduce the configuration length and complexity when a LISP site contains multiple xTRs, configure the auto-discover-rlocs form of the database-mapping command (even when static addresses are used for local locators).
Examples
The following example shows how to enter LISP EID table configuration mode and configure the database-mapping command with the dynamic-EID prefix 172.16.91.0/24:
Device> enable Device# configure terminal Device(config)# router lisp Device(config-router-lisp)# eid-table default instance-id 0 Device(config-router-lisp-eid-table)# database-mapping 172.16.91.0/24The following example shows how to configure LISP database-mapping entries for a single IPv4 EID-prefix block with two IPv4 locators. It also shows how to configure a single IPv6 EID-prefix block and the same two IPv4 locators. Each locator is assigned the same priority (1) and weight (50), indicating that ingress traffic is expected to be load-shared equally across both paths. In this example, both IPv4 and IPv6 EIDs are reachable via IPv4 locators.
Device(config)# router lisp Device(config-router-lisp)# eid-table default instance-id 0 Device(config-router-lisp-eid-table)# database-mapping 172.16.91.0/24 10.1.1.1 priority 1 weight 50 Device(config-router-lisp-eid-table)# database-mapping 172.16.91.0/24 10.2.1.1 priority 1 weight 50 Device(config-router-lisp-eid-table)# database-mapping 2001:DB8:BB::/48 10.1.1.1 priority 1 weight 50 Device(config-router-lisp-eid-table)# database-mapping 2001:DB8:BB::/48 10.2.1.1 priority 1 weight 50The following example shows how to configure LISP database-mapping entries for a single IPv4 EID-prefix block with the IPv4 addresses from Gigabit Ethernet interface 0/0/0 referenced as the RLOC:
Device(config)# router lisp Device(config-router-lisp)# eid-table default instance-id 0 Device(config-router-lisp-eid-table)# database-mapping 172.16.91.0/24 ipv4-interface GigabitEthernet0/0/0 priority 1 weight 100The following example shows how to configure database-mapping entries for two xTRs (xTR-1 and xTR-2) at a LISP site. Both xTRs have a single database-mapping entry for a single IPv6 EID-prefix block with the IPv4 addresses from Gigabit Ethernet interface 0/0/0 referenced as the RLOC. In this case, because both xTRs use dynamically determined locator addresses, the auto-discover-rlocs form of the command is also added to indicate to the map server that it should merge the locators and send the merged locator set back to the xTRs via map-notify messages.
Configuration on xTR-1
Device(config)# router lisp Device(config-router-lisp)# eid-table default instance-id 0 Device(config-router-lisp-eid-table)# database-mapping 2001:db8:a::/48 ipv4-interface GigabitEthernet0/0/0 priority 1 weight 50 Device(config-router-lisp-eid-table)# database-mapping 2001:db8:a::/48 auto-discover-rlocsConfiguration on xTR-2
Device(config)# router lisp Device(config-router-lisp)# eid-table default instance-id 0 Device(config-router-lisp-eid-table)# database-mapping 2001:db8:a::/48 ipv4-interface GigabitEthernet0/0/0 priority 1 weight 50 Device(config-router-lisp-eid-table)# database-mapping 2001:db8:a::/48 auto-discover-rlocsVerification on xTR-2
Device# show ipv6 lisp database LISP ETR IPv6 Mapping Database for EID-table default (IID 0), LSBs: 0x3, 1 entries Device# 2001:db8:a::/48, auto-discover-rlocs Locator Pri/Wgt Source State 10.7.6.6 1/1 cfg-addr site-self, reachable 10.7.7.7 1/1 auto-disc site-other, report-reachable xTR-2#Related Commands
Command
Description
database-mapping (LISP dynamic-EID)
Configures an IPv4 mapping relationship and an associated traffic policy for LISP VM (dynamic-EID) policy.
eid-table
Configures a LISP instance ID for association with a VRF table or default table through which the EID address space is reachable.
ipv4 etr map-server
Configures the IPv4 or IPv6 locator address of the LISP map server to be used by the ETR when registering for IPv4 EIDs.
ipv6 etr map-server
Configures the IPv4 or IPv6 locator address of the LISP map server to be used by the ETR when registering for IPv6 EIDs.
locator-down
Configures a locator from a locator set associated with an IPv4 or IPv6 EID-prefix database-mapping to be unreachable (down).
map-cache
Configures a static IPv4 or IPv6 EID-to-RLOC mapping relationship and its associated traffic policy or statically configures the packet handling behavior associated with a specified destination IPv4 or IPv6 EID prefix.
other-xtr-probe
Configures the interval, in seconds, that an xTR probes site-local RLOCs.
eid-notify authentication-key
To specify an authentication key to validate the endpoint identifier (EID)-notify messages received from a device, use the eid-notify authentication-key command in Locator/ID Separation Protocol (LISP) EID-table dynamic-EID configuration mode. To remove the specified authentication key, use the no form of the command.
eid-notify authentication-key { 0 unencrypted-password | 6 encrypted-password | password}
no eid-notify authentication-key
Syntax Description
authentication-key Specifies the authentication key used to validate EID-notify messages received from a device.
0 unencrypted-password Specifies that the password is in unencrypted form.
6 encrypted-password Specifies that the password is in encrypted form.
password Specifies that the password is unencrypted and in a cleartext format.
Command Default
No authentication key is specified to validate the EID-notify messages received from a device.
Command History
Release Modification 15.4(1)T
This command was introduced.
Cisco IOS XE Release 3.11S
This command was integrated into Cisco IOS XE Release 3.11S.
Usage Guidelines
Use the eid-notify authentication-key command to specify an authentication key that the site gateway uses to authenticate endpoint identifier (EID)-notify messages that are received from a device. This command is configured on a site gateway device. A device that functions both as an ingress tunnel router (ITR) and egress tunnel router (ETR) is known as an xTR .
After the site gateway xTR authenticates an EID-notify message for a particular host discovery and if a different LISP device registers the same host later, as in the case of a virtual machine (VM) move, the site gateway xTR sends a unicast map-notify control plane message to the original first-hop router (FHR) to signal the change in host location.
Examples
The following example shows how to specify an unencrypted authentication key k:
Device> enable Device# configure terminal Device(config)# router lisp Device(config-router-lisp)# eid-table default instance-id 0 Device(config-router-lisp-eid-table)# dynamic-eid VMs Device(config-router-lisp-eid-table-dynamic-eid)# eid-notify authentication-key 0 kRelated Commands
Command
Description
dynamic-eid Configures a LISP VM-mobility (dynamic-EID roaming) policy.
eid-table Configures a LISP instance ID for association with a VRF table or default table through which the EID address space is reachable.
router lisp Enters LISP configuration mode and configures LISP commands on a device.
eid-notify key
To enable sending of dynamic endpoint identifier (EID) presence notifications to a gateway xTR with the specified IPv4/IPv6 address along with the authentication key used with the gateway xTR, use the eid-notify key command in Locator/ID Separation Protocol (LISP) EID-table dynamic-EID configuration mode. To disable the configured options, use the no form of the command.
eid-notify { ipv4-address | ipv6-address} key { 0 unencrypted-password | 6 encrypted-password | password} [ hash-function { sha1 | sha2}]
no eid-notify [{ ipv4-address | ipv6-address} [ key]]
Syntax Description
ipv4-address Specifies the IPv4 address of gateway xTR.
ipv6-address Specifies the IPv6 address of gateway xTR.
key Specifies the authentication-key used with gateway xTR.
0 unencrypted-password Specifies that the password is in unencrypted form.
6 encrypted-password Specifies that the password is in encrypted form.
password Specifies that the password is unencrypted and in a cleartext format.
hash-function Specifies the authentication type for the EID-notify message.
sha1 Specfies the usage of SHA-1-96 hash function.
sha2 Specifies the usage of SHA-256-128 hash function.
Command History
Release Modification 15.4(1)T
This command was introduced.
Cisco IOS XE Release 3.11S
This command was integrated into Cisco IOS XE Release 3.11S.
Usage Guidelines
Use the eid-notify key command to configure a site gateway xTR on a first-hop router (FHR). This ensures that an EID-notify message is sent to the site-gateway xTR upon the discovery of a host. A device that functions both as an ingress tunnel router (ITR) and an egress tunnel router (ETR) is known as an xTR. The key is specific to a site gateway xTR.
The EID-notify message is a special map-notify control plane message that uses the ipv4-address or ipv6-address as the destination IP address that is specified using the eid-notify key command and any of the specified locator-set entries as the source IP address that is configured using the database-mapping dynamic-eid-prefix/prefix-length locator-set name command in LISP EID table dynamic EID configuration mode.
Examples
Device> enable Device# configure terminal Device(config)# router lisp Device(config-router-lisp)# eid-table default instance-id 0 Device(config-router-lisp-eid-table)# dynamic-eid VMs Device(config-router-lisp-eid-table-dynamic-eid)# eid-notify 192.0.2.21 key 0 k Device(config-router-lisp-eid-table-dynamic-eid)# eid-notify 2001:DB8::1 key 0 kRelated Commands
Command
Description
database-mapping Configures an IPv4 or IPv6 EID-to-RLOC mapping relationship and an associated traffic policy for LISP.
dynamic-eid Configures a LISP VM-mobility (dynamic-EID roaming) policy.
eid-table Configures a LISP instance ID for association with a VRF table or default table through which the EID address space is reachable.
router lisp Enters LISP configuration mode and configures LISP commands on a router.
eid-table
To configure a Locator ID Separation Protocol (LISP) instance ID for association with a virtual routing and forwarding (VRF) table or default table through which the endpoint identifier (EID) address space is reachable, use the eid-table command in LISP configuration mode. To remove this association, use the no form of this command.
eid-table { default | vrf vrf-name } instance-id iid
no eid-table { default | vrf vrf-name } instance-id iid
Syntax Description
default
Selects the default (global) routing table for association with the configured instance ID.
vrf vrf-name
Selects the specified VRF table for association with the configured instance ID.
instance-id iid
Specifies the instance ID to be associated with this EID table (value between 0 and 16777215).
Command History
Release
Modification
15.1(1)XB3
The command eid-table was introduced to support LISP virtualization.
2.5.1XC
The command eid-table was introduced to support LISP virtualization.
15.1(4)XB4
The syntax of this command was modified.
15.2(3)T
This command was integrated into Cisco IOS Release 15.2(3)T.
Cisco IOS XE Release 3.6S
This command was integrated into Cisco IOS XE Release 3.6S.
Usage Guidelines
The eid-table command is used to associate a LISP instance ID with either the default routing table, or a VRF table through which its EID address space is reachable. When a LISP instance ID is specified, LISP Map Registration (control plane) messages include this instance ID along with the associated EID prefixes upon registering and LISP data plane packets include this instance ID in the LISP header.
LISP virtualization can be used to support multiple organizations within a LISP site, also known as multitenancy. For example, this may be useful when multiple organizations use private addresses [RFC1918] as EID-prefixes and where these addresses might be duplicated between organizations, or when segmentation of a customer traffic virtual private network (VPN) in general is required. Adding a LISP instance ID in the address encoding makes the entire address unique, thus preventing duplication and providing segmentation. Multiple segments can be created inside a LISP site by associating a LISP instance ID with the specific VRF tables used for these VPNs.
Note
When LISP is configured without virtualization, the eid-table command is not required and all LISP commands are simply entered directly under the router lisp command. The eid-table command is only required for configuring LISP virtualization. However, the eid-table command may be used even when LISP is configured without virtualization by using the eid-table default instance-id 0 command form. When this form of the eid-table command is used, the default keyword can be used only with the instance-id 0 keywords when other instance IDs are specified.
When an instance ID is configured on any LISP device, the same instance ID must be configured on all other LISP devices participating in the same virtualized LISP environment. For example, when an instance ID is configured on an xTR, this instance ID is included with the EID prefixes during registration with the map server. The map server must therefore also be configured to use the same instance ID within the EID prefix configurations for this LISP site in order for the registration to succeed. (A LISP instance ID is configured on the map server using the eid-prefix command within LISP site configuration mode.)
When considering LISP deployments, especially with virtualization, the following guidelines may be helpful in understanding the configuration:
- When LISP is first configured by entering the router lisp command to begin the configuration process, all LISP subcommands (for example, database-mapping, map-cache, ipv4 map-resolver, and ipv4 map-server) are available for entry and are applied directly in LISP router configuration mode and without considering virtualization. You will notice in the output of the show ip lisp command that instance-id 0 is indicated even though the eid- table command was not configured and that the show running-config output does not indicate that the command eid-table has been configured. That is, all LISP commands appear directly below router lisp.
- Upon entering the eid-table command for the first time, any existing database-mapping, map-cache, or alt-vrf configurations previously configured directly under router lisp will automatically be moved underneath and associated with eid-table default instance-id 0. All subsequent entries of database- mapping or map-cache configurations can only then be made from within a specific eid-table command. LISP commands that can be associated on a global or virtual basis (for example, ipv4 map-resolver and ipv4 map- server commands) can be entered either directly under the router lisp command, in which case they are inherited by all configured eid-tables, or within a specific eid-table, in which case their scope extends only to that specific instance.
NoteWhen the eid-table vrf vrf-name command is used, the referenced VRF must already be created using the vrf definition command and at least one address family must be enabled within that VRF.
Examples
In the example below, an xTR is configured to segment traffic using two VRFs named green and blue. In addition, the loopback interface is configured for management purposes using the default table. Thus the management loopback is carried in the default table in instance ID 0, the EID prefix associated with the VRF named green is connected to instance ID 123, and the EID prefixes associated with the VRF named blue is connected to instance ID 456.
Router(config)# vrf definition blue Router(config-vrf)# address-family ipv4 Router(config-vrf-af)# exit Router(config-vrf)# vrf definition green Router(config-vrf)# address-family ipv4 Router(config-vrf-af)# exit Router(config-vrf)# exit Router(config)# router lisp Router(config-router-lisp)# eid-table default instance-id 0 Router(config-router-lisp-eid-table)# database-mapping 10.1.1.1/32 172.1.0.2 priority 1 weight 100 Router(config-router-lisp-eid-table)# exit Router(config-router-lisp)# eid-table vrf green instance-id 123 Router(config-router-lisp-eid-table)# database-mapping 192.168.1.0/24 172.1.0.2 priority 1 weight 100 Router(config-router-lisp-eid-table)# exit Router(config-router-lisp)# eid-table vrf blue instance-id 456 Router(config-router-lisp-eid-table)# database-mapping 192.168.2.0/24 172.1.0.2 priority 1 weight 100In this example, the map resolver/map server (MR/MS) site functionality is configured to match the example above.
Router(config)# router lisp Router(config-router-lisp)# site Site-1 Router(config-router-lisp-site)# authentication-key secret Router(config-router-lisp-site)# eid-prefix 10.1.1.1/32 Router(config-router-lisp-site)# eid-prefix instance-id 123 192 168.1.0/24 Router(config-router-lisp-site)# eid-prefix instance-id 456 192.168.2.0/24 Router(config-router-lisp-site)# exitRelated Commands
Command
Description
database-mapping
Configures an IPv4 or IPv6 EID-to-RLOC mapping relationship and an associated traffic policy for LISP.
eid-prefix
Configures a list of EID prefixes that are allowed in a Map Register message sent by an ETR when registering to the map server.
ipv4 map-resolver
Configures a router to act as an IPv4 LISP map resolver.
ipv4 map-server
Configures a router to act as an IPv4 LISP map server.
map-cache
Configures a static IPv4 or IPv6 EID-to-RLOC mapping relationship and its associated traffic policy or statically configures the packet handling behavior associated with a specified destination IPv4 or IPv6 EID prefix.
router lisp
Enters LISP configuration mode and configures LISP commands on a router.
show ip lisp
Displays the IPv4 LISP configuration status.
vrf definition
Configures a VRF routing table instance and enters VRF configuration mode.
locator-down
To configure a locator from a locator set associated with an IPv4 or IPv6 EID-prefix database-mapping to be unreachable (down), use the locator-down command in Locator/ID Separation Protocol (LISP) configuration mode. To return the locator to reachable (up) status, use the no form of this command.
Command Default
An IPv4 or IPv6 locator associated with a configured IPv4 or IPv6 EID-prefix block is considered reachable (up) unless an Interior Gateway Protocol (IGP) routing protocol indicates it is down.
Command History
Release
Modification
15.1(1)XB
This command was introduced.
Cisco IOS XE Release 2.5.1XA
This command was integrated into Cisco IOS XE Release 2.5.1XA.
Cisco IOS XE Release 3.3.0S
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the ip, ipv6, and lisp keywords were removed from the command syntax.
15.1(4)M
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the ip, ipv6, and lisp keywords were removed from the command syntax.
Usage Guidelines
When LISP database parameters are configured on an Ingress Tunnel Router (ITR) for specified IPv4 or IPv6 EID-prefix blocks using the database-mapping command or map-cache command, the locators associated with these IPv4 or IPv6 EID-prefix blocks are considered as reachable (up) by default. The locator-down command can be used to configure a locator from a locator-set associated with the EID-prefix database mapping to be down.
When this command is configured, the locator status bits (LSBs) for the configured locator will be cleared when packets are encapsulated and sent to remote sites. ETRs at remote sites look for changes in the LSBs when decapsulating LISP packets when the LSBs indicate that a specific locator is down, the egress tunnel router (ETR) will not encapsulate packets using this locator to reach the local site.
NoteIf this command is configured on an ITR to indicate that a locator is unreachable (down) and the LISP site includes multiple ITRs, this command must be configured on all ITRs at the site to ensure that the site consistently tells remote sites that the configured locator is not reachable.
Examples
The following example shows how to configure the locator 10.1.1.1 to a down state for the IPv4 EID-prefix block 172.16. 1.0/24.
Router(config)# router lisp Router(config)# locator-down 172.16.1.0/24 10.1.1.1The following example shows how to configure the locator 2001:DB8:0A::1 to a down state for the IPv6 EID-prefix block 2001:DB8:BB::/48.
Router(config)# router lisp Router(config)# locator-down 2001:DB8:BB::/48 2001:DB8:0A::1locator-scope
To specify a locator scope and enter Locator/ID Separation Protocol (LISP) locator scope configuration mode, use the locator-scope command in LISP configuration mode. To remove the specified locator scope, use the no form of the command.
Syntax Description
Command History
Release Modification 15.4(1)T
This command was introduced.
Cisco IOS XE Release 3.11S
This command was integrated into Cisco IOS XE Release 3.11S.
Usage Guidelines
Use the locator-scope command to specify the locator scope name and to define the disjointed routing locator (RLOC) scopes. The map server will consider disjointed RLOCs in its map-request message only if the locator scopes are configured.
locator-table
To associate a virtual routing and forwarding (VRF) table through which the routing locator address space is reachable to a router Locator ID Separation Protocol (LISP) instantiation, use the locator-table command in LISP configuration mode. To remove this association, use the no form of this command.
Usage Guidelines
When a LISP device is deployed in a multitenant (virtualized) network environment with segmented routing locator (RLOC) address space, separate router LISP instantiations are required for each locator address space. Separate instantiations are created by including the optional id entry with the router lisp command. Each router LISP instantiation is considered to be standalone and must be associated with an RLOC address space. The locator-table command is used to associate a VRF table through which the routing locator address space is reachable to a router LISP instantiation. All necessary LISP components used in the operation of that particular router LISP instantiation, (for example, map server, map resolver, proxy ingress tunnel router (PITR), proxy egress tunnel router (PETR), and other routers that function as both egress and ingress tunnel routers, also known as xTRs) must be reachable via the routing locator address space referred to by the locator-table command.
NoteMost multitenant deployments will not require separate locator forwarding tables. As with most current virtualization schemes, LISP endpoint ID (EID) virtualization (configured using the eid-table instance-id keywords) does not require locators and map-resolver/map-server (MR/MS) devices to exist in a VRF.
The following guidelines may be helpful in understanding the use of the locator-table command when RLOC address space virtualization is configured.
Router LISP instantiations are configured:
- When a router LISP instantiation is created without using the optional ID entry or when using the optional ID entry with a value of 0 (that is, router lisp 0), and no locator table is specified using the locator-table command. That particular router LISP instantiation then automatically uses the default (global) routing table as its RLOC or locator table. All locators, map resolvers, map servers, PETRs, PITRs, and other LISP devices must be reachable via the default routing table.
- When a router LISP instantiation is created using an optional ID entry other than 0, a locator table must be specified using the locator-table command. That particular router LISP instantiation then uses the routing table (default or VRF) referenced by the locator-table command and all locators, map resolvers, map servers, PETRs, PITRs, and other LISP devices must be reachable via a specified routing table.
- Only a single locator-table command can be configured per router LISP instantiation. Within each router LISP instantiation, multiple EID table instances may be configured, as necessary, to associate all EID address space with that routing locator addresses space.
- When a router LISP instantiation is created, it can only use a routing locator address space that has not already previously been assigned to another router LISP instantiation. That is, the default (global) routing table or any single VRF table referenced by a locator-table command can only be assigned within a single router LISP instantiation. Likewise, endpoint identifier (EID) address space referenced by the eid-table command can only be associated with a single router LISP instantiation.
NoteWhen the locator-table vrf vrf-name command is used, the referenced VRF must already have been created using the vrf definition command, and at least one address family must be enabled within that VRF.
Examples
The following example shows a LISP device deployed as a MR/MS to support multiple customers configured in a virtualized network. In this case, the MR/MS can be configured using the router lisp command (in conjunction with the locator-table command) to segment and associate the MR/MS with multiple customer VRFs to support LISP site entries and Map Registration and Map Request (control plane) messages received within specific routing locator address space. In the example below, the VRF named Cust1-loc defines the routing locator space VRF to be used by one router LISP instantiation deployed in this scenario.
Router(config)# vrf definition Cust1-loc Router(config-vrf)# address-family ipv4 Router(config-vrf-af)# exit Router(config-vrf)# exit Router(config)# router lisp 1 Router(config-router-lisp)# locator-table vrf Cust1-loc Router(config-router-lisp)# ---<more>---The following example shows a LISP device deployed as an xTR in a multitenant environment where multiple customers share the resources of a single LISP xTR. In this case, both the EID address space and the routing locator address space are segmented. The xTR can be configured with multiple router LISP instantiations that bind each customers EID address space and the routing locator address space. In the example below, the VRF named Cust1-loc defines the routing locator space VRF, and the VRF named Cust1-eid defines the EID address space VRF (tied to instance ID 123) to be used by one router LISP instantiation deployed in this scenario.
Router(config)# vrf definition Cust1-loc Router(config-vrf)# address-family ipv4 Router(config-vrf-af)# exit Router(config-vrf)# exit Router(config)# vrf definition Cust1-eid Router(config-vrf)# address-family ipv4 Router(config-vrf-af)# exit Router(config-vrf)# exit Router(config)# router lisp 1 Router(config-router-lisp)# locator-table vrf Cust1-loc Router(config-router-lisp)# eid-table vrf Cust1-eid instance-id 123 Router(config-router-lisp-eid-table)# ---<more>---loc-reach-algorithm
To configure a Locator/ID Separation Protocol (LISP) locator reachability algorithm, use the loc-reach-algorithm command in LISP configuration mode. To disable this functionality, use the no form of this command.
Command History
Release
Modification
15.1(1)XB
This command was introduced.
Cisco IOS XE Release 2.5.1XA
This command was integrated into Cisco IOS XE Release 2.5.1XA
Cisco IOS XE Release 3.3.0S
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the lisp keyword was removed from the command syntax.
15.1(4)M
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the lisp keyword was removed from the command syntax.
Usage Guidelines
Use the loc-reach-algorithm command to enable LISP locator reachability algorithms. RLOC-probing is the only locator reachability algorithm available in Cisco IOS and Cisco IOS XE versions of LISP and it is disabled by default. To disable RLOC probing, use the no form of this command.
The RLOC-probing algorithm is a method used by a LISP to determine the reachability status of locators cached in its map cache. It involves the periodic exchange of special map-request and map-reply messages between an Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) to validate locator reachability. The advantage of using RLOC probing is that it can handle a variety of failure scenarios, allowing the ITR to determine when the path to a specific locator is reachable or has become unreachable. This provides a robust mechanism for switching to using another locator from the cached locator.
map-cache
To configure a static IPv4 or IPv6 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and its associated traffic policy, or to statically configure the packet handling behavior associated with a specified destination IPv4 or IPv6 EID prefix, use the map-cache command in Locator/ID Separation Protocol (LISP) configuration mode. To remove the configuration, use the no form of this command.
map-cache destination-EID-prefix /prefix-length locator priority priority weight percentage
map-cache destination-EID-prefix /prefix-length { drop | map-request | native-forward }
no map-cache destination-EID-prefix /prefix-length
Syntax Description
destination-EID-prefix/prefix-length
Destination IPv4 or IPv6 EID-prefix/prefix-length. The slash is required in the syntax.
locator
The IPv4 or IPv6 RLOC associated with the value specified for the EID-prefix/prefix-length argument.
priority priority
The priority (value from 0 to 255) assigned to the RLOC. When multiple locators have the same priority they may be used in load-shared fashion. A lower value indicates a higher priority.
weight percentage
The weight (value from 0 and 100) assigned to the locator. Used in order to determine how to load-share traffic between multiple locators when the priorities assigned to multiple locators are the same. The value represents the percentage of traffic to be load-shared.
drop
(Optional) Drop packets that match this map-cache entry
map-request
(Optional) Send a map request for packets that match this map-cache entry
native-forward
(Optional) Natively forward packets that match this map-cache entry
Command History
Release
Modification
15.1(1)XB1
This command was introduced.
Cisco IOS XE Release 2.5.1XA
This command was integrated into Cisco IOS XE Release 2.5.1XA.
Cisco IOS XE Release 3.3.0S
This command was integrated into Cisco IOS XE Release 2.5.1XA. This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the ip, ipv6, and lisp keywords were removed from the command syntax.
15.1(4)M
This command was integrated into Cisco IOS XE Release 2.5.1XA. This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the ip, ipv6, and lisp keywords were removed from the command syntax.
Usage Guidelines
The first use of this command is to configure an Ingress Tunnel Router (ITR) with a static IPv4 or IPv6 EID-to-RLOC mapping relationship and its associated traffic policy. For each entry, a destination EID-prefix block and its associated locator, priority, and weight are entered. The value in the EID-prefix/prefix-length argument is the LISP EID-prefix block at the destination site. The locator is an IPv4 or IPv6 address of the remote site where the IPv4 or IPv6 EID-prefix can be reached. Associated with the locator address is a priority and weight that are used to define traffic policies when multiple RLOCs are defined for the same EID-prefix block. This command can be entered up to eight times for a given EID-prefix. Static IPv4 or IPv6 EID-to-RLOC mapping entries configured using this command take precedence over dynamic mappings learned through map-request and map-reply exchanges.
The second, optional use of this command is to statically configure the packet handling behavior associated with a specified destination IPv4 or IPv6 EID prefix. For each entry, a destination IPv4 or IPv6 EID-prefix block is associated with a configured forwarding behavior. When a packet’s destination address matches the EID prefix, one of the following packet handling options can be configured:
- drop - Packets matching the destination IPv4 or IPv6 EID prefix are dropped. For example, this action may be useful when administrative policies define that packets should be prevented from reaching a site.
- map-request - Packets matching the destination IPv4 or IPv6 EID prefix cause a map request to be sent. It is implied that the map reply returned by this request will allow subsequent packets matching this EID prefix to be LISP-encapsulated. This action may be useful for troubleshooting map-request activities and other diagnostic actions.
- native-forward - Packets matching the destination IPv4 or IPv6 EID prefix are natively forwarded without LISP encapsulation. This action may be useful when the destination site is known to always be reachable natively and LISP encapsulation should never be used.
Examples
The following example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy for the IPv4 EID-prefix block 172.16. 1.0/24. In this example, the locator for this IPv4 EID-prefix block is 10.1.1.1 and the traffic policy for this locator has a priority of 1 and a weight of 100.
Router(config)# router lisp Router(config)# map-cache 172.16.1.0/24 10.1.1.1 priority 1 weight 100The following example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy for the IPv6 EID-prefix block 2001:DB8:BB::/48. In this example, the locator for this IPv6 EID-prefix block is 2001:DB8:0A::1, and the traffic policy for this locator has a priority of 1 and a weight of 100:
Router(config)# router lisp Router(config)# map-cache 2001:DB8:BB::/48 2001:DB8:0A::1 priority 1 weight 100Related Commands
Command
Description
database-mapping
Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
ipv4 itr
Configures the router to act as an IPv4 LISP ITR.
ipv4 map-cache-limit
Configures the maximum number of IPv4 LISP map-cache entries allowed to be stored by the router.
other-xtr-probe
To configure the interval, in seconds, that an xTR probes site-local routing locators (RLOCs), use the other-xtr-probe command in Locator/ID Separation Protocol (LISP) configuration mode. To return to the default setting, use the no form of this command.
Command Default
Probing of site-local RLOCs is enabled by default and cannot be disabled. The default interval is 30 seconds.
Command History
Release
Modification
15.1(1)XB3
This command was introduced.
Cisco IOS XE Release 2.5.1XC
This command was integrated into Cisco IOS XE Release 2.5.1XC.
Cisco IOS XE Release 3.3.0S
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the ip and lisp keywords were removed from the command syntax.
15.1(4)M
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the ip and lisp keywords were removed from the command syntax.
Usage Guidelines
When a LISP site contains more than one xTR, all xTRs that are part of the same LISP site must be configured with consistent EID-to-RLOC mapping information using the database-mapping command. From the perspective of any xTR within the LISP site, one or more RLOCs will be local to that xTR (referred to as site-self in show command outputs), and one or more RLOCs will be local the other xTRs that are part of the same LISP site (and referred to as site-other in show command outputs). For a LISP site to maintain an accurate status of all locators within the site, each xTR sends RLOC probes to all site-other RLOCs.
Use the other-xtr-probe command to change the probe interval for sending RLOC probes to all site-other RLOCs.
NoteThis functionality is enabled by default and cannot be disabled. The default interval is 30 seconds. Use the show run | include other-xtr-probe command to display the configured interval. When an output value is displayed, the value is configured for something other than the default value. When no output is displayed, it is configured for the default.
rloc-prefix
To specify a routing locator (RLOC) prefix to check against the ingress tunnel router (ITR) RLOC and the egress tunnel router (ETR) RLOC, use the rloc-prefix command in Locator/ID Separation Protocol (LISP) locator scope confuguration mode. To remove the RLOC prefix, use the no form of the command.
rloc-prefix { ipv4-rloc-prefix | ipv6-rloc-prefix}
no rloc-prefix { ipv4-rloc-prefix | ipv6-rloc-prefix}
Syntax Description
ipv4-rloc-prefix Specifies the IPv4 RLOC prefix that belongs to a locator scope.
ipv6-rloc-prefix Specifies the IPv6 RLOC prefix that belongs to a locator scope.
Command History
Release Modification 15.4(1)T
This command was introduced.
Cisco IOS XE Release 3.11S
This command was integrated into Cisco IOS XE Release 3.11S.
Usage Guidelines
Use the rloc-prefix command to specify a RLOC prefix to define locator scopes on a LISP map server. The map server uses these defined locator scopes to determine how to process the LISP map-request message that it receives.
In a LISP environment, it is possible for some LISP sites to have RLOC connectivity in one locator-scope, such as IPv4 Internet, and other LISP sites to have RLOC connectivity in a different locator-scope, such as IPv6 Internet. The deployment of a LISP device called a Re-encapsulating tunnel router (RTR) solves this disjointed RLOC scope connectivity problem by defining locator-scopes covering the disjointed RLOC scopes on the map server. When locator scopes are defined on a map server and the map server receives a LISP map request message, it compares the locator scope associated with the ingress tunnel router (ITR) RLOC that the map request contains against the locator scope associated with the egress tunnel router (ETR) RLOC reported in the map server site registration for the EID prefix referred to in the Map-Request message. Based on this comparison, the following results can occur:
- If the ITR and ETR share at least one one RLOC of the same address-family in the same locator scope, the map server forwards the map-request message to the ETR as it normally would.
- If the ITR and ETR do not share RLOCs of the same address-family in the same locator-scope, the map server sends a proxy map-reply message containing an RTR RLOC list to the ITR. The RTR RLOC list is extracted from the RTR locator set configured in the locator scope matching the ITR RLOC. If no RTR RLOC set is defined within the locator scope matching the ITR RLOC, the map server returns a negative map-reply as normal.
- If the ITR and ETR RLOCs match no locator scopes, the map server forwards the map-request message to the ETR as it normally would. This default action makes the assumption that the RLOCs are reachable via routing even though they are not defined in any locator scope configuration.
Examples
The following example shows how to specify locator sets containing the RLOCs of an RTR that are associated with particular locator scopes. In this example, two locator sets are created, one to define the RTR RLOC associated with the IPv4 locator scope, and a second to define the RTR RLOC associated with the IPv6 locator scope:
Device> enable Device# configure terminal Device(config)# router lisp Device(config-router-lisp)# locator-set rtr-set1 Device(config-router-lisp-locator-set)# 10.0.3.1 priority 1 weight 1 Device(config-router-lisp-locator-set)# exit Device(config-router-lisp)# locator-set rtr-set2 Device(config-router-lisp-locator-set)# 2001:db8:3::1 priority 1 weight 1 Device(config-router-lisp-locator-set)# exit Device(config-router-lisp)# locator-scope ipv4-Internet Device(config-router-lisp-locator-scope)# rloc-prefix 0.0.0.0/0 Device(config-router-lisp-locator-scope)# rtr-locator-set rtr-set1 Device(config-router-lisp-locator-scope)# exit Device(config-router-lisp)# locator-scope ipv6-Internet Device(config-router-lisp-locator-scope)# rloc-prefix ::/0 Device(config-router-lisp-locator-scope)# rtr-locator-set rtr-set2 Device(config-router-lisp-locator-scope)# exitrtr-locator-set
To specify a locator set of the re-encapsulating tunnel router (RTR) routing locators (RLOCs), use the rtr-locator-set command in Locator/ID Separation Protocol (LISP) locator scope configuration mode. To remove the specified locator set, use the no form of the command.
Syntax Description
Command History
Release Modification 15.4(1)T
This command was introduced.
Cisco IOS XE Release 3.11S
This command was integrated into Cisco IOS XE Release 3.11S.
Usage Guidelines
Use the rtr-locator-set command on a LISP map server to specify a locator set that includes the RLOCs of an RTR that are associated with a particular locator scope.
In a LISP environment, it is possible for some LISP sites to have RLOC connectivity in one locator-scope, such as IPv4 Internet, and other LISP sites to have RLOC connectivity in a different locator-scope, such as IPv6 Internet. The deployment of a LISP device called as the RTR solves the disjointed RLOC scope connectivity problem by defining locator scopes covering the disjointed RLOC scopes on the map server. When locator scopes are defined on a map server and the map server receives a LISP map-request message, it compares the locator scope associated with the ingress tunnel router (ITR) RLOC that the map-request message contains against the locator scope associated with the egress tunnel router (ETR) RLOC reported in the map server site registration for the EID prefix referred to in the map-request message. Based on this comparison, the following results can occur:
- If the ITR and ETR share at least one RLOC of the same address-family in the same locator scope, the map server forwards the map-request message to the ETR as it normally would.
- If the ITR and ETR do not share RLOCs of the same address family in the same locator scope, the map server sends a proxy map-reply message containing an RTR RLOC list to the ITR. The RTR RLOC list is extracted from the RTR locator set configured in the locator scope matching the ITR RLOC. If no RTR RLOC set is defined within the locator scope matching the ITR RLOC, the map server returns a negative map-reply as normal.
- If the ITR and ETR RLOCs match no locator scopes, the map server forwards the map-request message to the ETR as it normally would. This default action makes the assumption that the RLOCs are reachable via routing even though they are not defined in any locator scope configuration.
You must define a locator set before referring to it by using the locator-set command.
Examples
The following example shows how to specify a locator set of an RTR to use in the proxy reply for disjoint/cross address family RLOC:
Device> enable Device# configure terminal Device(config)# router lisp Device(config-router-lisp)# locator-set rtr-set1 Device(config-router-lisp-locator-set)# 10.0.3.1 priority 1 weight 1 Device(config-router-lisp-locator-set)# exit Device(config-router-lisp)# locator-set rtr-set2 Device(config-router-lisp-locator-set)# 2001:db8:3::1 priority 1 weight 1 Device(config-router-lisp-locator-set)# exit Device(config-router-lisp)# locator-scope ipv4-Internet Device(config-router-lisp-locator-scope)# rloc-prefix 0.0.0.0/0 Device(config-router-lisp-locator-scope)# rtr-locator-set rtr-set1 Device(config-router-lisp-locator-scope)# exit Device(config-router-lisp)# locator-scope IPv6-Internet Device(config-router-lisp-locator-scope)# rloc-prefix ::/0 Device(config-router-lisp-locator-scope)# rtr-locator-set rtr-set2 Device(config-router-lisp-locator-scope)# exitxtr instance-id
To configure an instance-id to be associated with EID-prefixes for a LISP xTR, use the xtr instance-id command in LISP configuration mode. To disable this functionality, use the no form of this command.
Command History
Release
Modification
15.1(1)XB3
This command was introduced.
2.5.1XC
This command was integrated into Cisco IOS XE Release 2.5.1XC.
15.1(4)M
This command was modified. The command name was changed from ip lisp xtr instance-id to xtr instance-id.
3.3.0S
This command was modified. The command name was changed from ip lisp xtr instance-id to xtr instance-id.
Usage Guidelines
Virtualization support is currently is available in LISP xTRs and MS/MRs. The instance-id has been added to LISP to support virtualization.
Use the xtr instance-id command to configure the instance-id associated with this xTR. Only one instance-id can be configured on an xTR. When an instance-id is configured, this instance-id will be included with the EID-prefixes when they are registered with the Map-Server. The Map-Server must also include the same instance-id within the EID-prefix configurations for this LISP site. Instance-id’s are configured on the Map-Server using the eid-prefix command in LISP Site configuration mode.
NoteVirtualization support is not currently available for the LISP ALT, which means that it is also not supported on LISP PITRs. To configure an xTR that is configured with an instance-id to communicate with non-LISP sites, you must use NAT techniques instead of a PITR for this functionality.
