EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Testing 1

Testing 1

Posted on Jan 09, 2020 (0)

Implementing LISP Host Mobility with Extended Subnet

In Below Figure, LAN subnet 10.11.11.0/24 VLAN 100 has been extended between West and East DC. DC switches are said be to xTR and Remote Site is hosting 10.10.10.0/24 subnet. The MS/MR is also configured on same xTR devices in both DC.

Here we will how these DC and Remotes sites are configured as LISP sites and later we will see how traffic flows between them.

Prerequisites:

  • HSRP message must not be exchanged across DC, which will make sure that an active default gateway is present in each DC locations and prevent asymmetric path.
  • The Default gateway (VIP) and vMAC must be consistent across DC for that Extended VLAN.
  • The L2 extension protocols (OTV or any) must have multicast support over Extended LAN subnet for proper operation of LISP host Mobility in an extended subnet mode.

Sample Configuration & Explanation 

Below Both Nexus 7k on West DC and East DC and also each command explanation has been given.

Step1: Enable LISP feature which will make Nexus 7K as ETR while decapsulation LISP traffic received from L3 domain and N7K acts as ITR for encapsulating LISP traffic destined to desired location.

feature lisp
ip lisp itr-etr

Step2: A global Database mapping to be configured with aggregated subnet that identifies all IP subnets deployed in specific DC. Here 10.11.0.0/16 is mapped with two RLOC IP address each with xTR1 & xTR2 at DC West. The RLOC recommendation is to use loopback IP address. Priority and weight is also configured to insure that inbound traffic can be load-balanced across both DC xTRs.

ip lisp database-mapping 10.11.0.0/16 2.2.2.2 priority 1 weight 50
ip lisp database-mapping 10.11.0.0/16 2.2.2.3 priority 1 weight 50

Step3: Now configuration to define IP address of Map-Servers and MP-Resolvers.  Here we have used Map-Server from Both DC and anycast IP address of MR

ip lisp itr map-resolver 1.1.1.100
ip lisp etr map-server 1.1.1.1 key abcd
ip lisp etr map-server 5.5.5.5 key abcd

Step4: A Dynamic mapping of the mobile subnet is also required , Here Subnet 10.11.11.0/24 is mobile subnet under which host is moved from West Dc to East DC.

lisp dynamic-eid EXTENDED_SUBNET
database-mapping 10.11.11.0/24 2.2.2.2 priority 1 weight 50
database-mapping 10.11.11.0/24 2.2.2.3 priority 1 weight 50
map-notify-group 239.1.1.1

Step5: Finally LISP dynamic-eid-policy must be configured under L3 interface ( SVI of VLAN 100 )

N7K1:
interface vlan 100
ip address 10.11.11.2/24
lisp mobility EXTENDED_SUBNET
lisp extended-subnet-mode
hsrp 1
preempt delay reload 300
priority 130
ip 10.11.11.1
!

N7K2:
interface vlan 100
ip address 10.11.11.3/24
lisp mobility EXTENDED_SUBNET
lisp extended-subnet-mode
hsrp 1
preempt delay reload 300
priority 120
ip 10.11.11.1

Now below configuration also shows about East DC xTR

The Explanation of configuration is same as discussed above, but only few things needs to be noted which makes some difference.

  • The global mapping is different from one configured on west DC xTR, on east side it is 10.12.0.0/16.
  • Dynamic-eid mapping subnet must me same that is 10.11.11.0/24 which is defined on west xTR. However the RLOC is mapped to east DC RLOC.
  • Map-notify-group associated to dynamic-eid mapping must be identical as configured on West DC xTR switches. This is because it will be used for control plane communication by all xTR connected to extended subnet and due to which multicast support must be enabled and configured for this multicast IP.
  • HSRP group is same on both DC xTR so that it can give same vMAC address

Remote Site Cisco IOS-xTR configuration:

The Configuration of branch xTR is shown in below figure.

Step 1: Define EID space or subnet and host of this subnet will communicate to DC workload. RLOC address associated to EID prefix may be loopback address, which is 4.4.4.4 with priority 1 and weight 100 which influence the inbound traffic policies or the physical WAN IP can also be used as RLOC addresses

database-mapping 10.10.10.0/24 4.4.4.4 priority 1 weight 100

Step2: Configuration of Map-Server and Map-Resolver Anycast address.

ipv4 itr map-resolver 1.1.1.100
ipv4 etr map-server 1.1.1.1 key abcd
ipv4 etr map-server 5.5.5.5 key abcd

Step3: Enable ITR & ETR functionalities on device

ipv4 itr
ipv4 etr

Map-Server & Map-Resolver N7K Configuration:

Below Figure describes the Map-server and map-Resolver configuration

Step1: Enable MS& MR functionalities on the device.

feature lisp
ip lisp map-resolver
ip lisp map-server

Step2: Configure Loopback IP address for Map-Resolver and Map-Server.

interface loopback0
description Map-Resolver IP Address
ip address 1.1.1.100/32
!
interface loopback1
description Map-Server IP Address
ip address 1.1.1.1/32

Step3: Configure Remote Site Branch

lisp site BRANCH
eid-prefix 10.10.10.0/24
authentication-key 0 abcd

Step4: Configure West & East DC Sites.

lisp site WEST_DATA_CENTER
eid-prefix 10.11.0.0/16 accept-more-specifics
authentication-key 0 abcd
!
lisp site EAST_DATA_CENTER
eid-prefix 10.12.0.0/16 accept-more-specifics
authentication-key 0 abcd

Here in above configuration accept-more-specifics is associated to both DC eid-prefix , this is mandatory configuration where LISP host mobility is enabled because /32 prefix which are part of larger prefix will be registered by DC xTRs.

Leaf-2# show endpoint vrf DCLessons: DCLessons-VRF 
+-----------------------------------+---------------+-----------------+--------------+-------------+
VLAN/                                               Encap         MAC Address          MAC Info/ Interface
Domain                                             VLAN          IPAddress              IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
DCLessons: DCLessons-VRF       vlan-211        10.11.3.2 L              eth1/10

hi

Leaf-2# show ip interface brief vrf DCLessons:DCLessons_VRF 
IP Interface Status for VRF "DCLessons: DCLessons_VRF "(7)
Interface      Address                InterfaceStatus
vlan23      100.11.10.2/24      protocol-up/link-up/admin-up
vlan24      100.11.11.2/24      protocol-up/link-up/admin-up
vlan25      100.11.12.2/24      protocol-up/link-up/admin-up
vlan25      100.11.13.2/24      protocol-up/link-up/admin-up
------
Leaf-2# show vlan extended
VLAN            Name                                                                                    Status            Ports
---- --------------------------------                                                                     --------- -------------------------------
8       infra:default                                                                                      active     Eth1/1, Eth1/11, Eth1/33
18      DCLessons:DCLessons_AP_PROFILE:DCLessons-App-EPG     active        Eth1/33
19      DCLessons:DCLessons_AP_PROFILE:DCLessons-DB-EPG      active        Eth1/33
20      DCLessons:DCLessons_AP_PROFILE:DCLessons-Web-EPG    active        Eth1/33
!
VLAN       Type     Vlan-mode      Encap
23         enet       CE        vxlan-15237, vlan-110
24         enet       CE        vxlan-15467 vlan-112
25         enet       CE        vxlan-15475 vlan-113
26         enet       CE        vxlan-15434 vlan-114

hi


sh mac-address-table 
Destination Add                 Type of Packet      ports
----------------------------------------------------------------
01-00-5e-06-06-06                  L3 IGMP            0
01-00-5e-06-06-06                  non-IGMP          2,4
01-00-5e-06-06-06                  L3 IGMP            0
01-00-5e-06-06-06                  non-IGMP          1,2,4


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.