[LAB] Cisco SD-Access – Basic LISP Configuration

ใน LAB นี้จะมาลองให้ทำเกี่ยวกับ Basic LISP Configuration กันครับ ซึ่งก็เป็น protocol นึงที่ถูกใช้งานเป็น control plane สำหรับ solution Cisco SD-Access (Software Defined Network : SDN ฝั่ง Enterprise) โดยจะควบคุมผ่าน controller นั่นก็คือ Cisco DNA Center

โดยปกติถ้าเราใช้ Cisco SD-Access นั้น มันจะถูก deploy configure ทั้งหมดมาจาก controller (Cisco DNA Center) โดยที่เราไม่จำเป็นต้องรู้เลยด้วยซ้ำ แต่ใน LAB นี้ เราจะมาลองเล่น และ ทำความเข้าใจ LISP แบบง่ายๆ ด้วยการตั้งค่าผ่าน CLI เองครับ จะได้เข้าการทำงาน การตั้งค่า และ การตรวจสอบแบบเบื้องต้นกัน ไปลุยกันเลยยยย !!!

สำหรับใครที่ยังไม่รู้จัก LISP สามารถไปดูคลิปนี้ก่อนได้เลยครับ

Time : 15 นาที

Lab Sim : EVE-NG (โปรแกรมลองหาติดตั้งและลงเอาจาก www.eve-ng.net นะครับ)

File Lab : Download Now

Image : vIOS 15.6.2T

หมายเหตุ : image vIOS เป็นลิขสิทธิ์ของทาง Cisco สามารถซื้อ License เพื่อใช้งานได้ที่

1. Enable OSPF on MR-MS , RLOC1 and RLOC2 for routing on LISP Cloud (Underlay) that allows for loopback to talk each other and complete reachability between them.2. Configure MR-MS to mapping resolver / mapping server role and configuring the prefixes on PC01 and PC02 side to accept and store its in mapping database.

• PC01 : SITE_A – 10.1.1.0/24
• PC02 : SITE_B – 20.1.1.0/24

3. Configure RLOC1 and RLOC2 to advertise EID and point to the MR_MS and acts as both ITR / ETR role.
4. Verify LISP Site on MR-MS
5. Verify LISP database on RLOC
6. Verify LISP map-cache on RLOC
7. Verify IP CEF on RLOC1 of 20.1.1.1 (PC02)
8. Ping test from PC01 to PC02

• PC01 : 10.1.1.1

• PC02 : 20.1.1.1

9. Verify LISP map-cache on RLOC1 again
10. Verify IP CEF on RLOC1 of 20.1.1.1 (PC02) again

 router-id 3.3.3.3
!

interface gi0/0

 ip ospf 1 area 0

 ip ospf network point-to-point

!

interface gi0/1

 ip ospf 1 area 0

 ip ospf network point-to-point

!

interface loopback0

 ip ospf 1 area 0

 router-id 1.1.1.1

!

interface gi0/0

 ip ospf 1 area 0

 ip ospf network point-to-point

!

interface loopback0

 ip ospf 1 area 0

  router-id 2.2.2.2 

 interface gi0/1

  ip ospf 1 area 0

  ip ospf network point-to-point 

 interface loopback0

  ip ospf 1 area 0

 Type escape sequence to abort.

 Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

 Packet sent with a source address of 2.2.2.2 

 !!!!!

 Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/6 ms

 Type escape sequence to abort.

 Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

 Packet sent with a source address of 2.2.2.2 

 !!!!!

 Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/6 ms

MR_MS(config-router-lisp)#site SITE_A

MR_MS(config-router-lisp-site)#eid-prefix 10.1.1.0/24

MR_MS(config-router-lisp-site)#exit

MR_MS(config-router-lisp)#site SITE_B 

MR_MS(config-router-lisp-site)#eid-prefix 20.1.1.0/24

MR_MS(config-router-lisp-site)#exit

MR_MS(config-router-lisp)#ipv4 map-server 

MR_MS(config-router-lisp)#ipv4 map-resolver

RLOC1(config)#router lisp

RLOC1(config-router-lisp)#eid-table default instance-id 0

!! Advertise EID !!
RLOC1(config-router-lisp-eid-table)#database-mapping 10.1.1.0/24 1.1.1.1 priority 1 weight 50       

RLOC1(config-router-lisp-eid-table)#exit

!! Configure device role to be xTR (both iTR and eTR) !! additionally, specify IP address of MS/MR

RLOC1(config-router-lisp)# ipv4 itr map-resolver 3.3.3.3

RLOC1(config-router-lisp)# ipv4 itr

RLOC1(config-router-lisp)# ipv4 etr map-server 3.3.3.3

RLOC1(config-router-lisp)# ipv4 etr

RLOC1(config-router-lisp)# exit

RLOC2(config)#router lisp

RLOC2(config-router-lisp)#eid-table default instance-id 0

!! Advertise EID !!

RLOC2(config-router-lisp-eid-table)#database-mapping 20.1.1.0/24 2.2.2.2 priority 1 weight 50       

RLOC2(config-router-lisp-eid-table)#exit

!! Configure device role to be xTR (both iTR and eTR) !! additionally, specify IP address of MS/MR

RLOC2(config-router-lisp)# ipv4 itr map-resolver 3.3.3.3

RLOC2(config-router-lisp)# ipv4 itr

RLOC2(config-router-lisp)# ipv4 etr map-server 3.3.3.3

RLOC2(config-router-lisp)# ipv4 etr

RLOC2(config-router-lisp)# exit

Task 4 :
Verify LISP Site on MR-MS

MR_MS#show lisp site 

LISP Site Registration Information

* = Some locators are down or unreachable

# = Some registrations are sourced by reliable transport

 

Site Name   Last     Up     Who Last     Inst    EID Prefix

            Register        Registered   ID    

SITE_A      00:42:26 yes#   1.1.1.1              10.1.1.0/24

SITE_B      00:42:24 yes#   2.2.2.2              20.1.1.0/24

Task 5 :
Verify LISP database on RLOC

RLOC1#show ip lisp database 

LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1

Entries total 1, no-route 0, inactive 0

 

  Locator  Pri/Wgt   Source    State

  1.1.1.1  1/50      cfg-addr  site-self, reachable

RLOC2#show ip lisp database 

LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1

Entries total 1, no-route 0, inactive 0

 

  Locator  Pri/Wgt   Source    State

  2.2.2.2  1/50      cfg-addr  site-self, reachable

Task 6 :
Verify LISP map-cache on RLOC

RLOC1#show ip lisp map-cache  

LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

 

0.0.0.0/0, uptime: 00:00:01, expires: never, via static send map-request

  Negative cache entry, action: send-map-request

RLOC2#show ip lisp map-cache  

LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

 

0.0.0.0/0, uptime: 00:00:01, expires: never, via static send map-request

  Negative cache entry, action: send-map-request

Task 7 :
Verify IP CEF on RLOC1 of 20.1.1.1 (PC02)

RLOC1#show ip cef 20.1.1.1 detail 

0.0.0.0/0, epoch 0, flags [default route handler, check lisp eligibility, default route]

  LISP remote EID: 0 packets 0 bytes fwd action signal, cfg as EID space

  LISP source path list

 attached to LISP0

  1 IPL source [unresolved]

  no route

Task 8 :
Ping test from PC01 to PC02

PC01#ping 20.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:

Success rate is 60 percent (3/5), round-trip min/avg/max = 8/9/11 ms

Task 9 :
Verify LISP map-cache on RLOC1

RLOC1#show ip lisp map-cache      

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

 

0.0.0.0/0, uptime: 00:11:31, expires: never, via static send map-request

  Negative cache entry, action: send-map-request

20.1.1.0/24, uptime: 00:06:05, expires: 23:53:55, via map-reply, complete

  Locator  Uptime    State   Pri/Wgt

  2.2.2.2  00:06:05  up      1/50

RLOC1#show ip lisp map-cache 20.1.1.1

LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

20.1.1.0/24, uptime: 00:07:09, expires: 23:52:51, via map-reply, complete

 Sources: map-reply

 State: complete, last modified: 00:07:09, map-source: 200.0.0.1

 Idle, Packets out: 4(400 bytes) (~ 00:06:29 ago)

 Locator Uptime State Pri/Wgt

 2.2.2.2 00:07:09 up 1/50

   Last up-down state change: 00:07:09, state change count: 1

   Last route reachability change: 00:07:09, state change count: 1

   Last priority / weight change: never/never

   RLOC-probing loc-status algorithm:

     Last RLOC-probe sent: never

Task 10 :
Verify IP CEF on RLOC1 of 20.1.1.1 (PC02)

RLOC1#show ip cef 20.1.1.1 detail          

20.1.1.0/24, epoch 0, flags [default route handler, subtree context, check lisp eligibility, default route]

  SC owned,sourced: LISP remote EID - locator status bits 0x00000001

  LISP remote EID: 4 packets 400 bytes fwd action encap

  LISP source path list

 nexthop 2.2.2.2 LISP0

  2 IPL sources [unresolved, active source]

 Dependent covered prefix type inherit, cover 0.0.0.0/0

  recursive via 0.0.0.0/0

 no route