WOLF-LAB沃尔夫网络实验室中国网络精英的发源地!
24小时咨询热线:173-1636-2402

技术文档

Technical documentation

您当前位置: 首页 > 技术文档 > 详情

​思科CCIE培训EI方向LISP-to-LISP for IPv4详细配置实例

发布日期:2023-10-30 浏览次数:1997 来源:杨广成

思科CCIE培训EI方向LISP-to-LISP for IPv4详细配置实例

WOLFLAB网络技术实验室1.jpg

思科认证CCIE培训课程咨询联系WOLF-LAB网络技术实验室,理论学习、考试服务都有!

如图:R3R4充当Internet网络,也可以想象为一个核心网;

R1R2是公司的一个站点,R1是站点内部路由器,R2是站点出口路由器也是xTR;

R5R6是公司的另一站点,R6是站点内部路由器,R5是站点出口路由器也是xTR;

R2R5作为站点的出口路由器,可以接入Internet;

R3作为MS和MR;

现在需要通过LISP协议,把公司两个站点逻辑联合起来,让两个站点内部的用户可以相互访问。

图片1(8).png

第一步:运营商配置

R3 R4的全部接口,运行OSPF,让R3 R4全部接口实现互通:

R3(config)#router os 1

R3(config-router)#netw 0.0.0.0 0.0.0.0 a 0

 

R4(config)#router os 1

R4(config-router)#netw 0.0.0.0 0.0.0.0 a 0

 

第二步:站点出口路由器接入internet

R2 R5 添加默认路由指向运营商

R2(config)#ip route 0.0.0.0 0.0.0.0 8.8.23.3

R5(config)#ip route 0.0.0.0 0.0.0.0 8.8.45.4

图片1(14).png

第三步:R2和R5的xTR配置

 

R2#sho run | se lisp

router lisp  启动LISP协议,默认进程号为0,进程号取值范围0-15

 database-mapping 192.168.1.1/32 8.8.23.2 priority 1 weight 50 

 database-mapping 192.168.12.0/24 8.8.23.2 priority 1 weight 50 

 映射EID和RLOC;RLOC优先级取值0-255,越小越优,255表示RLOC不可用;如果多个RLOC的优先级相同,那么执行负载均衡,weight值范围0-100,表示负载流量比例;

 ipv4 itr map-resolver 8.8.3.3 指定ITR所使用的映射解析器(MR)的地址

 ipv4 itr 指定本设备是ITR

 ipv4 etr map-server 8.8.3.3 key wolf 指定ETR所使用的映射服务器(MS)的地址,以及认证密码wolf

 ipv4 etr 指定本设备是ETR

 exit

 

R5#sho run | se lisp

router lisp

 database-mapping 192.168.6.6/32 8.8.45.5 priority 1 weight 50

 database-mapping 192.168.56.0/24 8.8.45.5 priority 1 weight 50

 ipv4 itr map-resolver 8.8.3.3

 ipv4 itr

 ipv4 etr map-server 8.8.3.3 key wolf

 ipv4 etr

 exit

 

第四步:R3的MS+MR配置

R3#sho run | se lisp

router lisp

 site A 创建站点,名称A

  authentication-key wolf 认证密码是wolf

  eid-prefix 192.168.1.1/32 本站点的EID

  eid-prefix 192.168.12.0/24

  exit

 !

 site B

  authentication-key wolf

  eid-prefix 192.168.6.6/32

  eid-prefix 192.168.56.0/24

  exit

 !

 ipv4 map-server 指定本设备是映射服务器MS

 ipv4 map-resolver 指定本设备是映射解析器MR

 exit

 

第五步:站点内部路由配置

R1 ip route 0.0.0.0 0.0.0.0 192.168.12.2

R2 ip route 192.168.1.1 255.255.255.255 192.168.12.1

R5 ip route 192.168.6.6 255.255.255.255 192.168.56.6

R6 ip route 0.0.0.0 0.0.0.0 192.168.56.5

 

第六步:测试

PING测试:

R1#ping 192.168.56.6      

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 80/97/112 ms

R1#ping 192.168.6.6 so lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.6.6, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.1 

..!!!

Success rate is 60 percent (3/5), round-trip min/avg/max = 92/101/116 ms

R1#

 

show ip lisp 全部lisp路由器都可以使用

R2#sho ip lisp

  Instance ID:                      0

  Router-lisp ID:                   0

  Locator table:                    default

  EID table:                        default

  Ingress Tunnel Router (ITR):      enabled

  Egress Tunnel Router (ETR):       enabled

  Proxy-ITR Router (PITR):          disabled

  Proxy-ETR Router (PETR):          disabled

  Map Server (MS):                  disabled

  Map Resolver (MR):                disabled

  Map-Request source:               192.168.12.2

  ITR Map-Resolver(s):              8.8.3.3

  ETR Map-Server(s):                8.8.3.3 (00:00:13)

  ITR Solicit Map Request (SMR):    accept and process

    Max SMRs per map-cache entry:   8 more specifics

    Multiple SMR suppression time:  60 secs

  ETR accept mapping data:          disabled, verify disabled

  ETR map-cache TTL:                1d00h

  Locator Status Algorithms:

    RLOC-probe algorithm:           disabled

  Static mappings configured:       0

  Map-cache size/limit:             6/1000

  Map-cache activity check period:  60 secs

  Map-database size/limit:          2/100

  Persistent map-cache:             interval 01:00:00

    Earliest next store:            now

    Location:                       NONE

R2#

 

R3#sho ip lisp

  Instance ID:                      0

  Router-lisp ID:                   0

  Locator table:                    default

  EID table:                        N/A

  Ingress Tunnel Router (ITR):      disabled

  Egress Tunnel Router (ETR):       disabled

  Proxy-ITR Router (PITR):          disabled

  Proxy-ETR Router (PETR):          disabled

  Map Server (MS):                  enabled

  Map Resolver (MR):                enabled

  Map-Request source:               NOT AVAILABLE (cfg UNSPEC is not local)

  ITR Solicit Map Request (SMR):    accept and process

    Max SMRs per map-cache entry:   8 more specifics

    Multiple SMR suppression time:  60 secs

  ETR accept mapping data:          disabled, verify disabled

  ETR map-cache TTL:                1d00h

  Locator Status Algorithms:

    RLOC-probe algorithm:           disabled

  Static mappings configured:       0

  Map-cache size/limit:             0/1000

  Map-cache activity check period:  60 secs

  Map-database size/limit:          0/100

  Persistent map-cache:             interval 01:00:00

    Earliest next store:            now

    Location:                       NONE

R3#

 

R5#sho ip lisp

  Instance ID:                      0

  Router-lisp ID:                   0

  Locator table:                    default

  EID table:                        default

  Ingress Tunnel Router (ITR):      enabled

  Egress Tunnel Router (ETR):       enabled

  Proxy-ITR Router (PITR):          disabled

  Proxy-ETR Router (PETR):          disabled

  Map Server (MS):                  disabled

  Map Resolver (MR):                disabled

  Map-Request source:               192.168.56.5

  ITR Map-Resolver(s):              8.8.3.3

  ETR Map-Server(s):                8.8.3.3 (00:00:55)

  ITR Solicit Map Request (SMR):    accept and process

    Max SMRs per map-cache entry:   8 more specifics

    Multiple SMR suppression time:  60 secs

  ETR accept mapping data:          disabled, verify disabled

  ETR map-cache TTL:                1d00h

  Locator Status Algorithms:

    RLOC-probe algorithm:           disabled

  Static mappings configured:       0

  Map-cache size/limit:             4/1000

  Map-cache activity check period:  60 secs

  Map-database size/limit:          2/100

  Persistent map-cache:             interval 01:00:00

    Earliest next store:            now

    Location:                       NONE

R5#

 

show ip lisp map-cache  在ITR上使用 用来查看“解析得到的其他站点EID和RLOC的map关系”

R2#sho ip lisp map-cache 

LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries

 

0.0.0.0/0, uptime: 00:00:58, expires: never, via static send map-request

  Negative cache entry, action: send-map-request

192.168.6.6/32, uptime: 00:00:50, expires: 23:59:02, via map-reply, complete

  Locator   Uptime    State      Pri/Wgt

  8.8.45.5  00:00:50  up           1/50 

192.168.56.0/24, uptime: 00:00:54, expires: 23:58:58, via map-reply, complete

  Locator   Uptime    State      Pri/Wgt

  8.8.45.5  00:00:54  up           1/50 

R2#

 

Show ip lisp database  在ETR上使用 用来查看“本站点的EID和RLOC的map关系”

R5#sho ip lisp database 

LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1, 2 entries

 

192.168.6.6/32

  Locator   Pri/Wgt  Source     State

  8.8.45.5    1/50   cfg-addr   site-self, reachable

192.168.56.0/24

  Locator   Pri/Wgt  Source     State

  8.8.45.5    1/50   cfg-addr   site-self, reachable

R5#

 

show lisp site 在MS上使用

R3#sho lisp site

LISP Site Registration Information

 

Site Name      Last      Up   Who Last             Inst     EID Prefix

               Register       Registered           ID       

A              00:00:02  yes  8.8.23.2                      192.168.1.1/32

               00:00:02  yes  8.8.23.2                      192.168.12.0/24

B              00:00:07  yes  8.8.45.5                      192.168.6.6/32

               00:00:07  yes  8.8.45.5                      192.168.56.0/24

 

R3#sho lisp site name A

Site name: A

Allowed configured locators: any

Allowed EID-prefixes:

  EID-prefix: 192.168.1.1/32 

    First registered:     00:19:54

    Routing table tag:    0

    Origin:               Configuration

    Merge active:         No

    Proxy reply:          No

    TTL:                  1d00h

    State:                complete

    Registration errors:  

      Authentication failures:   0

      Allowed locators mismatch: 0

    ETR 8.8.23.2, last registered 00:00:10, no proxy-reply, no map-notify

                  TTL 1d00h, no merge, nonce 0x4CF90E84-0xF713C1E2

                  state complete

      Locator   Local  State      Pri/Wgt

      8.8.23.2  yes    up           1/50 

  EID-prefix: 192.168.12.0/24 

    First registered:     02:52:36

    Routing table tag:    0

    Origin:               Configuration

    Merge active:         No

    Proxy reply:          No

    TTL:                  1d00h

    State:                complete

    Registration errors:  

      Authentication failures:   0

      Allowed locators mismatch: 0

    ETR 8.8.23.2, last registered 00:00:10, no proxy-reply, no map-notify

                  TTL 1d00h, no merge, nonce 0x4CF90E84-0xF713C1E2

                  state complete

      Locator   Local  State      Pri/Wgt

      8.8.23.2  yes    up           1/50 

R3#

 

lig指令:可以去向map-server查询一个EID是否已经注册上去,以及EID和RLOC的map关系是什么,此命令有多种用法

 

R2#lig 192.168.1.1

Mapping information for EID 192.168.1.1 from 8.8.23.2 with RTT 92 msecs

192.168.1.1/32, uptime: 00:05:25, expires: 23:59:52, via map-reply, self

  Locator   Uptime    State      Pri/Wgt

  8.8.23.2  00:05:25  up, self     1/50 

R2#

 

R2#lig self ipv4 all-eid 

Mapping information for EID 192.168.1.1 from 8.8.23.2 with RTT 100 msecs

192.168.1.1/32, uptime: 00:06:16, expires: 23:59:52, via map-reply, self

  Locator   Uptime    State      Pri/Wgt

  8.8.23.2  00:06:16  up, self     1/50 

Mapping information for EID 192.168.12.0 from 8.8.23.2 with RTT 96 msecs

192.168.12.0/24, uptime: 00:05:52, expires: 23:59:52, via map-reply, self

  Locator   Uptime    State      Pri/Wgt

  8.8.23.2  00:05:52  up, self     1/50 

R2#

 

R2#lig 192.168.6.6

Mapping information for EID 192.168.6.6 from 8.8.45.5 with RTT 140 msecs

192.168.6.6/32, uptime: 00:28:31, expires: 23:59:52, via map-reply, complete

  Locator   Uptime    State      Pri/Wgt

  8.8.45.5  00:28:31  up           1/50 

R2#

 

R2#lig 8.8.8.8

Mapping information for EID 8.8.8.8 from 8.8.23.3 with RTT 88 msecs

0.0.0.0/1, uptime: 00:06:57, expires: 00:14:52, via map-reply, forward-native

  Negative cache entry, action: forward-native

R2#

 

clear ip lisp map-cache  清除当前的map-cache表

R2#clear ip lisp map-cache  

R2#sho ip lisp ma

R2#sho ip lisp map-cache 

LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

 

0.0.0.0/0, uptime: 00:00:04, expires: never, via static send map-request

  Negative cache entry, action: send-map-request

R2#

 

Show ip lisp forwarding eid remote  可以查看具体封装的情况

R2#sho ip lisp forwarding eid remote 192.168.6.6

Prefix                 Fwd action  Locator status bits

192.168.6.6/32         encap       0x00000001

  packets/bytes      24/1590

  path list 681D69D4, flags 0x49, 3 locks, per-destination

  ifnums:

   LISP0(9): 8.8.45.5

  1 path

    path 67A4C5B8, path list 681D69D4, share 50/50, type attached nexthop, for IPv4

    nexthop 8.8.45.5 LISP0, adjacency IP midchain out of LISP0, addr 8.8.45.5 675BC380

  1 output chain

  chain[0]:  IP midchain out of LISP0, addr 8.8.45.5 675BC380 IP adj out of Ethernet1/0, addr 8.8.23.3 675BC680

R2#

 

抓包

R1 尝试ping 192.168.6.6 so lo0

1,R2收到这个数据包,首先发送map-request给MS(也就是R3),问“你是否知道192.168.6.6 对应的RLOC?”

图片1(19).png

2,R3收到收到map-request,于是本地查找发现“192.168.6.6 应该是在site B“,于是向site B的RLOC8.8.45.5发送map-request,询问“你是否知道192.168.6.6这个EID?”

图片1(27).png

3,R5收到map-request于是做出应答,发出map-reply消息,要注意的是,这个map-reply消息是直接回复给R2的

图片1(28).png

4,R2收到map-reply之后,有了map-cache,于是用LISP协议的格式封装数据,发出数据包

图片1(30).png

这里有个关键的问题,也就是第2步。 MS怎么知道site B的地址是8.8.45.5 ?我们在配置MS的时候,并未告诉它每个站点的具体RLOC地址!

1698648878174734.png

其实,每60秒,ETR都会向MS发送map-register消息,告诉MS具体的本站点的RLOC和EID的map关系:

图片1(34).png

另外 当EID很多的时候,可以用locator-set指令,简化配置:

图片1(35).png

https://www.wolf-lab.com/

WOLFLAB官方微信:17316362402

WOLFLAB官方QQ:2569790740

思科认证CCIE培训课程咨询联系WOLF-LAB网络技术实验室

返回目录
在线咨询