Technical documentation
发布日期:2023-10-30 浏览次数:1997 来源:杨广成
思科CCIE培训EI方向LISP-to-LISP for IPv4详细配置实例
思科认证CCIE培训课程咨询联系WOLF-LAB网络技术实验室,理论学习、考试服务都有!
如图:R3R4充当Internet网络,也可以想象为一个核心网;
R1R2是公司的一个站点,R1是站点内部路由器,R2是站点出口路由器也是xTR;
R5R6是公司的另一站点,R6是站点内部路由器,R5是站点出口路由器也是xTR;
R2R5作为站点的出口路由器,可以接入Internet;
R3作为MS和MR;
现在需要通过LISP协议,把公司两个站点逻辑联合起来,让两个站点内部的用户可以相互访问。
第一步:运营商配置
R3 R4的全部接口,运行OSPF,让R3 R4全部接口实现互通:
R3(config)#router os 1
R3(config-router)#netw 0.0.0.0 0.0.0.0 a 0
R4(config)#router os 1
R4(config-router)#netw 0.0.0.0 0.0.0.0 a 0
第二步:站点出口路由器接入internet
R2 R5 添加默认路由指向运营商
R2(config)#ip route 0.0.0.0 0.0.0.0 8.8.23.3
R5(config)#ip route 0.0.0.0 0.0.0.0 8.8.45.4
第三步:R2和R5的xTR配置
R2#sho run | se lisp
router lisp 启动LISP协议,默认进程号为0,进程号取值范围0-15
database-mapping 192.168.1.1/32 8.8.23.2 priority 1 weight 50
database-mapping 192.168.12.0/24 8.8.23.2 priority 1 weight 50
映射EID和RLOC;RLOC优先级取值0-255,越小越优,255表示RLOC不可用;如果多个RLOC的优先级相同,那么执行负载均衡,weight值范围0-100,表示负载流量比例;
ipv4 itr map-resolver 8.8.3.3 指定ITR所使用的映射解析器(MR)的地址
ipv4 itr 指定本设备是ITR
ipv4 etr map-server 8.8.3.3 key wolf 指定ETR所使用的映射服务器(MS)的地址,以及认证密码wolf
ipv4 etr 指定本设备是ETR
exit
R5#sho run | se lisp
router lisp
database-mapping 192.168.6.6/32 8.8.45.5 priority 1 weight 50
database-mapping 192.168.56.0/24 8.8.45.5 priority 1 weight 50
ipv4 itr map-resolver 8.8.3.3
ipv4 itr
ipv4 etr map-server 8.8.3.3 key wolf
ipv4 etr
exit
第四步:R3的MS+MR配置
R3#sho run | se lisp
router lisp
site A 创建站点,名称A
authentication-key wolf 认证密码是wolf
eid-prefix 192.168.1.1/32 本站点的EID
eid-prefix 192.168.12.0/24
exit
!
site B
authentication-key wolf
eid-prefix 192.168.6.6/32
eid-prefix 192.168.56.0/24
exit
!
ipv4 map-server 指定本设备是映射服务器MS
ipv4 map-resolver 指定本设备是映射解析器MR
exit
第五步:站点内部路由配置
R1 ip route 0.0.0.0 0.0.0.0 192.168.12.2
R2 ip route 192.168.1.1 255.255.255.255 192.168.12.1
R5 ip route 192.168.6.6 255.255.255.255 192.168.56.6
R6 ip route 0.0.0.0 0.0.0.0 192.168.56.5
第六步:测试
PING测试:
R1#ping 192.168.56.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 80/97/112 ms
R1#ping 192.168.6.6 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.6.6, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 92/101/116 ms
R1#
show ip lisp 全部lisp路由器都可以使用
R2#sho ip lisp
Instance ID: 0
Router-lisp ID: 0
Locator table: default
EID table: default
Ingress Tunnel Router (ITR): enabled
Egress Tunnel Router (ETR): enabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
Map Server (MS): disabled
Map Resolver (MR): disabled
Map-Request source: 192.168.12.2
ITR Map-Resolver(s): 8.8.3.3
ETR Map-Server(s): 8.8.3.3 (00:00:13)
ITR Solicit Map Request (SMR): accept and process
Max SMRs per map-cache entry: 8 more specifics
Multiple SMR suppression time: 60 secs
ETR accept mapping data: disabled, verify disabled
ETR map-cache TTL: 1d00h
Locator Status Algorithms:
RLOC-probe algorithm: disabled
Static mappings configured: 0
Map-cache size/limit: 6/1000
Map-cache activity check period: 60 secs
Map-database size/limit: 2/100
Persistent map-cache: interval 01:00:00
Earliest next store: now
Location: NONE
R2#
R3#sho ip lisp
Instance ID: 0
Router-lisp ID: 0
Locator table: default
EID table: N/A
Ingress Tunnel Router (ITR): disabled
Egress Tunnel Router (ETR): disabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
Map Server (MS): enabled
Map Resolver (MR): enabled
Map-Request source: NOT AVAILABLE (cfg UNSPEC is not local)
ITR Solicit Map Request (SMR): accept and process
Max SMRs per map-cache entry: 8 more specifics
Multiple SMR suppression time: 60 secs
ETR accept mapping data: disabled, verify disabled
ETR map-cache TTL: 1d00h
Locator Status Algorithms:
RLOC-probe algorithm: disabled
Static mappings configured: 0
Map-cache size/limit: 0/1000
Map-cache activity check period: 60 secs
Map-database size/limit: 0/100
Persistent map-cache: interval 01:00:00
Earliest next store: now
Location: NONE
R3#
R5#sho ip lisp
Instance ID: 0
Router-lisp ID: 0
Locator table: default
EID table: default
Ingress Tunnel Router (ITR): enabled
Egress Tunnel Router (ETR): enabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
Map Server (MS): disabled
Map Resolver (MR): disabled
Map-Request source: 192.168.56.5
ITR Map-Resolver(s): 8.8.3.3
ETR Map-Server(s): 8.8.3.3 (00:00:55)
ITR Solicit Map Request (SMR): accept and process
Max SMRs per map-cache entry: 8 more specifics
Multiple SMR suppression time: 60 secs
ETR accept mapping data: disabled, verify disabled
ETR map-cache TTL: 1d00h
Locator Status Algorithms:
RLOC-probe algorithm: disabled
Static mappings configured: 0
Map-cache size/limit: 4/1000
Map-cache activity check period: 60 secs
Map-database size/limit: 2/100
Persistent map-cache: interval 01:00:00
Earliest next store: now
Location: NONE
R5#
show ip lisp map-cache 在ITR上使用 用来查看“解析得到的其他站点EID和RLOC的map关系”
R2#sho ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 3 entries
0.0.0.0/0, uptime: 00:00:58, expires: never, via static send map-request
Negative cache entry, action: send-map-request
192.168.6.6/32, uptime: 00:00:50, expires: 23:59:02, via map-reply, complete
Locator Uptime State Pri/Wgt
8.8.45.5 00:00:50 up 1/50
192.168.56.0/24, uptime: 00:00:54, expires: 23:58:58, via map-reply, complete
Locator Uptime State Pri/Wgt
8.8.45.5 00:00:54 up 1/50
R2#
Show ip lisp database 在ETR上使用 用来查看“本站点的EID和RLOC的map关系”
R5#sho ip lisp database
LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1, 2 entries
192.168.6.6/32
Locator Pri/Wgt Source State
8.8.45.5 1/50 cfg-addr site-self, reachable
192.168.56.0/24
Locator Pri/Wgt Source State
8.8.45.5 1/50 cfg-addr site-self, reachable
R5#
show lisp site 在MS上使用
R3#sho lisp site
LISP Site Registration Information
Site Name Last Up Who Last Inst EID Prefix
Register Registered ID
A 00:00:02 yes 8.8.23.2 192.168.1.1/32
00:00:02 yes 8.8.23.2 192.168.12.0/24
B 00:00:07 yes 8.8.45.5 192.168.6.6/32
00:00:07 yes 8.8.45.5 192.168.56.0/24
R3#sho lisp site name A
Site name: A
Allowed configured locators: any
Allowed EID-prefixes:
EID-prefix: 192.168.1.1/32
First registered: 00:19:54
Routing table tag: 0
Origin: Configuration
Merge active: No
Proxy reply: No
TTL: 1d00h
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 8.8.23.2, last registered 00:00:10, no proxy-reply, no map-notify
TTL 1d00h, no merge, nonce 0x4CF90E84-0xF713C1E2
state complete
Locator Local State Pri/Wgt
8.8.23.2 yes up 1/50
EID-prefix: 192.168.12.0/24
First registered: 02:52:36
Routing table tag: 0
Origin: Configuration
Merge active: No
Proxy reply: No
TTL: 1d00h
State: complete
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 8.8.23.2, last registered 00:00:10, no proxy-reply, no map-notify
TTL 1d00h, no merge, nonce 0x4CF90E84-0xF713C1E2
state complete
Locator Local State Pri/Wgt
8.8.23.2 yes up 1/50
R3#
lig指令:可以去向map-server查询一个EID是否已经注册上去,以及EID和RLOC的map关系是什么,此命令有多种用法
R2#lig 192.168.1.1
Mapping information for EID 192.168.1.1 from 8.8.23.2 with RTT 92 msecs
192.168.1.1/32, uptime: 00:05:25, expires: 23:59:52, via map-reply, self
Locator Uptime State Pri/Wgt
8.8.23.2 00:05:25 up, self 1/50
R2#
R2#lig self ipv4 all-eid
Mapping information for EID 192.168.1.1 from 8.8.23.2 with RTT 100 msecs
192.168.1.1/32, uptime: 00:06:16, expires: 23:59:52, via map-reply, self
Locator Uptime State Pri/Wgt
8.8.23.2 00:06:16 up, self 1/50
Mapping information for EID 192.168.12.0 from 8.8.23.2 with RTT 96 msecs
192.168.12.0/24, uptime: 00:05:52, expires: 23:59:52, via map-reply, self
Locator Uptime State Pri/Wgt
8.8.23.2 00:05:52 up, self 1/50
R2#
R2#lig 192.168.6.6
Mapping information for EID 192.168.6.6 from 8.8.45.5 with RTT 140 msecs
192.168.6.6/32, uptime: 00:28:31, expires: 23:59:52, via map-reply, complete
Locator Uptime State Pri/Wgt
8.8.45.5 00:28:31 up 1/50
R2#
R2#lig 8.8.8.8
Mapping information for EID 8.8.8.8 from 8.8.23.3 with RTT 88 msecs
0.0.0.0/1, uptime: 00:06:57, expires: 00:14:52, via map-reply, forward-native
Negative cache entry, action: forward-native
R2#
clear ip lisp map-cache 清除当前的map-cache表
R2#clear ip lisp map-cache
R2#sho ip lisp ma
R2#sho ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries
0.0.0.0/0, uptime: 00:00:04, expires: never, via static send map-request
Negative cache entry, action: send-map-request
R2#
Show ip lisp forwarding eid remote 可以查看具体封装的情况
R2#sho ip lisp forwarding eid remote 192.168.6.6
Prefix Fwd action Locator status bits
192.168.6.6/32 encap 0x00000001
packets/bytes 24/1590
path list 681D69D4, flags 0x49, 3 locks, per-destination
ifnums:
LISP0(9): 8.8.45.5
1 path
path 67A4C5B8, path list 681D69D4, share 50/50, type attached nexthop, for IPv4
nexthop 8.8.45.5 LISP0, adjacency IP midchain out of LISP0, addr 8.8.45.5 675BC380
1 output chain
chain[0]: IP midchain out of LISP0, addr 8.8.45.5 675BC380 IP adj out of Ethernet1/0, addr 8.8.23.3 675BC680
R2#
抓包
R1 尝试ping 192.168.6.6 so lo0
1,R2收到这个数据包,首先发送map-request给MS(也就是R3),问“你是否知道192.168.6.6 对应的RLOC?”
2,R3收到收到map-request,于是本地查找发现“192.168.6.6 应该是在site B“,于是向site B的RLOC8.8.45.5发送map-request,询问“你是否知道192.168.6.6这个EID?”
3,R5收到map-request于是做出应答,发出map-reply消息,要注意的是,这个map-reply消息是直接回复给R2的
4,R2收到map-reply之后,有了map-cache,于是用LISP协议的格式封装数据,发出数据包
这里有个关键的问题,也就是第2步。 MS怎么知道site B的地址是8.8.45.5 ?我们在配置MS的时候,并未告诉它每个站点的具体RLOC地址!
其实,每60秒,ETR都会向MS发送map-register消息,告诉MS具体的本站点的RLOC和EID的map关系:
另外 当EID很多的时候,可以用locator-set指令,简化配置:
WOLFLAB官方微信:17316362402
WOLFLAB官方QQ:2569790740
思科认证CCIE培训课程咨询联系WOLF-LAB网络技术实验室