配置LISP並對其進行故障排除

下載選項

  • PDF     (254.4 KB)
    在多種裝置上使用 Adobe Reader 檢視
  • ePub     (96.0 KB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上的各種應用程式中檢視
  • Mobi (Kindle)     (109.9 KB)
    在 Kindle 裝置或多部裝置的 Kindle 應用程式上檢視
已更新: 2015 年 10 月 27 日
文件 ID:200216

無偏見用語

本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。

關於此翻譯

思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。

簡介

Cisco Locator/ID Separation Protocol(LISP)通過建立兩個新名稱空間來更改當前IP地址語義:分配給終端主機的端點識別符號(EID)和分配給組成全域性路由系統的裝置(主要是路由器)的路由定位器(RLOC)。

當路由器具有完整的internet路由表時,需要記憶體和進程利用率,LISP可以幫助減少記憶體利用率。

必要條件

思科建議您瞭解LISP的基本知識。

採用元件

本文件所述內容不限於特定軟體和硬體版本。

本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路正在作用,請確保您已瞭解任何指令可能造成的影響。

設定

網路圖表

以下影象將用作本文檔其餘部分的示例拓撲:

xTR = LISP路由器可以是ITR或ETR,具體取決於流量方向。如果流量從LISP路由器流出,則該流量將成為ITR,接收端LISP路由器將成為ETR。

ITR =輸入通道路由器

ETR =輸出通道路由器

對映解析器(MR) = 對映解析器是LISP基礎結構裝置,在解析EID到RLOC的對映時,LISP站點ITR會將LISP對映請求查詢傳送到該裝置。R5是本文中的MR。

對映伺服器(MS) = 對映伺服器是LISP基礎結構裝置,LISP站點ETR使用其EID字首註冊到該裝置。對映伺服器向LISP對映系統通告已註冊EID字首的聚合。所有LISP站點都使用LISP對映系統解析EID到RLOC的對映。R7是本文中的MS。

終端識別符號(EID)地址:EID地址由標識終端的IP地址和字首組成。通過解析EID到RLOC的對映,可以跨LISP站點實現EID可達性。

路由定位器(RLOC)地址:RLOC地址由標識IP網路中不同路由器的IP地址和字首組成。RLOC空間內的可達性是通過傳統的路由方法實現的。

ALT(替代邏輯拓撲):通過R6連線對映解析器和對映伺服器的鏈路,是此圖中的ALT,僅用於兩者之間的控制平面通訊。此鏈路從未用於xTR之間的實際流量。

alt-vrf:此虛擬路由和轉送(VRF)用於配置當直接通過備用邏輯拓撲(ALT)傳送IPv4端點識別符號到路由定位器(EID到RLOC)對映的對映請求時,定位器/ID分離協定(LISP)應使用哪個VRF例項支援該IPv4地址系列

R1配置

!
router lisp
database-mapping 172.16.1.1/32 10.1.12.1 priority 5 weight 100 ------> EID Mapping with RLOC
 ipv4 itr map-resolver 192.168.5.5
 ipv4 itr
ipv4 etr map-server 192.168.7.7 key cisco ---> ETR will send the map-register message to map server for EID
 ipv4 etr
 exit
 !

R4配置

!
router lisp
database-mapping 172.16.4.4/32 10.1.34.4 priority 5 weight 100 ------> EID Mapping with RLOC
ipv4 itr map-resolver 192.168.5.5
 ipv4 itr
ipv4 etr map-server 192.168.7.7 key cisco ---> ETR will send the map-register message to map server for EID
 ipv4 etr
 exit
 !

R5:對映解析程式配置

在Map-Resolved下,強制將vrf定義為alt-vrf,這將用於在MR和MS之間形成MPBGP對等,然後用於共用由xTR註冊到MS的遠端站點的EID。

!
vrf definition lisp
 rd 100:1
 !
 address-family ipv4
  route-target export 100:1
  route-target import 100:1
 exit-address-family
!
!
interface Tunnel1
 vrf forwarding lisp
 ip address 10.1.45.4 255.255.255.0
 tunnel source Ethernet0/1
 tunnel destination 10.1.67.7
!
!       
router lisp
 ipv4 map-resolver
ipv4 alt-vrf lisp >>> This command defines "lisp" as the alt-vrf.
 exit
!
router bgp 65000
 !
 address-family ipv4 vrf lisp
  neighbor 10.1.45.5 remote-as 65000
  neighbor 10.1.45.5 activate
 exit-address-family

R7:MAP-Server Config

與MR類似,MS上也需要配置alt-vrf。

!
router lisp
 site 1
  authentication-key cisco
  eid-prefix 172.16.4.4/32 accept-more-specifics
  exit
 !
 site 2
  authentication-key cisco
  eid-prefix 172.16.1.1/32 accept-more-specifics
  exit
 !
 ipv4 map-server
 ipv4 alt-vrf lisp            >>>>>>> ALT VRF is lisp
 exit
!
vrf definition lisp
 rd 100:1
 !
 address-family ipv4
  route-target export 100:1
  route-target import 100:1
 exit-address-family
!
!
interface Tunnel1
 vrf forwarding lisp
 ip address 10.1.45.5 255.255.255.0
 tunnel source Ethernet0/0
 tunnel destination 10.1.56.5
!
router bgp 65000
 !
 address-family ipv4 vrf lisp
  redistribute lisp
  neighbor 10.1.45.4 remote-as 65000
  neighbor 10.1.45.4 activate
 exit-address-family
!
end

驗證

為了觸發LISP通訊,需要滿足以下條件之一:

  1. xTR上的預設路由應指向空值0。
  2. 通向遠端xTR的EID的特定路由不應出現在任何xTR上。

操作順序如下:

  1. 兩個ETR都應該向對映伺服器傳送對映註冊消息以查詢其EID和RLOC地址。
  2. 從ITR對ETR執行ping操作時,即從172.16.1.1到172.16.4.4,然後 ITR 172.16.1.1將對映請求消息傳送到對映解析器172.16.5.5,對映解析器將請求通過ALT拓撲轉發到對映伺服器。
  3. 一旦MS從MR接收該請求,它將將該對映請求轉發到遠端ETR。 
  4. 一旦ETR收到對映請求,它將直接使用其RLOC地址回覆ITR。
R1_XTR#sh ip route 172.16.4.4 -----> R4's EID
% Subnet not in table

R1_XTR#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "static", distance 1, metric 0 (connected), candidate default path
  Routing Descriptor Blocks:
  * directly connected, via Null0
      Route metric is 0, traffic share count is 1

如上所示,到達R4的EID的路由:17.16.4.4不在路由表中。而是靜態配置了指向null0的預設路由。在滿足必要的觸發條件時,對17.16.4.4執行ping操作現在將觸發LISP封裝。

R1_XTR#ping 172.16.4.4 source lo1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1 
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/4/7 ms
R1_XTR#

為了讓上述ping正常工作,R4通過LISP通訊將目標xTR的資訊傳送到R1:

R1_XTR#sh ip lisp map-cache  
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 06:10:24, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
172.16.4.4/32, uptime: 05:55:27, expires: 18:04:32, via map-reply, complete
  Locator    Uptime    State      Pri/Wgt
  10.1.34.4  05:55:27  up           1/100

疑難排解

  

以下是一些調試輸出和資料包捕獲檢查LISP資料包流。已啟用以下debug命令以擷取資訊:"debug lisp control-plane all"。 

  

附註:請注意,debug命令會產生大量資料,需要在受控環境中運行。

在xTR- R1上調試

在下面的調試消息中,R1向MS註冊其EID,然後MS進行確認。同樣地,R4也會將其EID註冊到MS。

*Oct 16 12:46:09.398: LISP-0: IPv4 Map Server IID 0 192.168.7.7, Sending map-register (src_rloc 10.1.15.1) nonce 0xBEB73F0C-0xFE3EBC4E.
*Oct 16 12:46:09.403: LISP: Processing received Map-Notify message from 192.168.7.7 to 10.1.15.1

現在,從R1向R4的EID發起來自R1的ping,並且R1立即向MR傳送對映請求資料包。

R1_XTR#ping 172.16.4.4 source 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1

*Oct 16 12:46:23.380: LISP: Send map request type remote EID prefix
*Oct 16 12:46:23.380: LISP: Send map request for EID prefix IID 0 172.16.4.4/32
*Oct 16 12:46:23.380: LISP-0: Remote EID IID 0 prefix 172.16.4.4/32, Send map request (1) (sources: <signal>, state: incomplete, rlocs: 0).
*Oct 16 12:46:23.380: LISP-0: AF IPv4, Sending map-request from 10.1.12.1 to 172.16.4.4 for EID 172.16.4.4/32, ITR-RLOCs 1, nonce 0x99255979-0x30A1BAC1 (encap src 10.1.15.1, dst 192.168.5.5).

接收資料包的MR會聯絡MS以標識為該EID註冊的xTR,並將對映請求消息轉發給R4。R4作為交換,將對映應答傳送回R1及其RLOC:

*Oct 16 12:46:23.389: LISP: Processing received Map-Reply message from 10.1.34.4 to 10.1.12.1
*Oct 16 12:46:23.389: LISP: Received map reply nonce 0x99255979-0x30A1BAC1, records 1
*Oct 16 12:46:23.389: LISP: Processing Map-Reply mapping record for IID 0 172.16.4.4/32, ttl 1440, action none, authoritative, 1 locator
 10.1.34.4 pri/wei=1/100 LpR
*Oct 16 12:46:23.389: LISP-0: Map Request IID 0 prefix 172.16.4.4/32 remote EID prefix[LL], Received reply with rtt 9ms.
*Oct 16 12:46:23.389: LISP: Processing mapping information for EID prefix IID 0 172.16.4.4/32

對映解析程式資料包流

如下所示,MR首先從R1收到對映請求消息,以瞭解172.16.4.4的RLOC。然後它會檢查其BGP lisp vrf表,以查詢從MS獲取的EID中的匹配項,找到匹配項後,MR將對映請求轉發給MS:

LISP_Resolver#show ip bgp vpnv4 vrf lisp
BGP table version is 3, local router ID is 192.168.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf lisp)
*>i 172.16.1.1/32    10.1.45.5                1    100      0 ?
*>i 172.16.4.4/32    10.1.45.5                1    100      0 ?
*Oct 16 12:46:23.384: LISP: Processing received Map-Request message from 10.1.12.1 to 172.16.4.4
*Oct 16 12:46:23.384: LISP: Received map request for IID 0 172.16.4.4/32, source_eid IID 0 172.16.1.1, ITR-RLOCs: 10.1.12.1, records 1, nonce 0x99255979-0x30A1BAC1
*Oct 16 12:46:23.384: LISP-0: AF IID 0 IPv4, Forwarding map request to 172.16.4.4 on the ALT.

附註:即使日誌消息表明對映請求正在轉發到172.16.4.4,它實際上根據BGP表中的下一跳條目傳送到MS。

對映伺服器資料包流

在MS上運行的調試顯示來自R1和R4的對映暫存器消息首先註冊它們各自的ETR:

*Oct 16 12:46:09.398: LISP: Processing Map-Register mapping record for IID 0 172.16.1.1/32, ttl 1440, action none, authoritative, 1 locator
 10.1.12.1 pri/wei=5/100 LpR
*Oct 16 12:46:09.398: LISP-0: MS registration IID 0 prefix 172.16.1.1/32 10.1.15.1 site 2, Updating.
*Oct 16 12:46:41.445: LISP: Processing Map-Register mapping record for IID 0 172.16.4.4/32, ttl 1440, action none, authoritative, 1 locator
 10.1.34.4 pri/wei=1/100 LpR
*Oct 16 12:46:41.445: LISP-0: MS registration IID 0 prefix 172.16.4.4/32 10.1.47.4 site 1, Updating.

現在,兩個xTR均已成功註冊其EID:

R7#show lisp site detail
LISP Site Registration Information
Site name: 1
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 172.16.4.4/32
    First registered:     05:02:48    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors: 
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 10.1.47.4, last registered 00:00:21, no proxy-reply, map-notify
                   TTL 1d00h, no merge, hash-function sha1, nonce 0x56D89121-0xC39C2892
                   state complete, no security-capability
                   xTR-ID 0xF7DE6C93-0x06F8DDA4-0x7D6400B1-0x19EC9669
                   site-ID unspecified
      Locator    Local  State      Pri/Wgt
      10.1.34.4  yes    up           1/100
Site name: 2
Allowed configured locators: any
Allowed EID-prefixes:
 EID-prefix: 172.16.1.1/32
    First registered:     05:02:46
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors: 
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 10.1.15.1, last registered 00:00:50, no proxy-reply, map-notify
                   TTL 1d00h, no merge, hash-function sha1, nonce 0xBEB73F0C-0xFE3EBC4E
                   state complete, no security-capability
                   xTR-ID 0xCF7E1300-0x302FF91A-0x1C2D0499-0x8A105258
                   site-ID unspecified
      Locator    Local  State      Pri/Wgt
      10.1.12.1  yes    up           5/100

從R1執行ping操作且MR向MS傳送對映請求消息時,MS上可看到以下日誌:

*Oct 16 12:46:23.388: LISP: Processing received Map-Request message from 10.1.12.1 to 172.16.4.4
*Oct 16 12:46:23.388: LISP: Received map request for IID 0 172.16.4.4/32, source_eid IID 0 172.16.1.1, ITR-RLOCs: 10.1.12.1, records 1, nonce 0x99255979-0x30A1BAC1
*Oct 16 12:46:23.388: LISP-0: MS EID IID 0 prefix 172.16.4.4/32 site 1, Forwarding map request to ETR RLOC 10.1.34.4.

xTR2-R4資料包流

R4上發生以下事件:

  1. R4收到來自R7(即MS)的LISP封裝消息。
  2. 資料包被解除封裝,並被發現與R1之前傳送到R5(即MS)的對映請求相同,該對映請求後來從MR轉發到MS。
  3. 然後R4將對映回覆消息直接傳送到R1。
*Oct 16 13:32:40.700: LISP: Processing received Encap-Control message from 10.1.47.7 to 10.1.34.4
*Oct 16 13:32:40.702: LISP: Processing received Map-Request message from 10.1.12.1 to 172.16.4.4
*Oct 16 13:32:40.702: LISP: Received map request for IID 0 172.16.4.4/32, source_eid IID 0 172.16.1.1, ITR-RLOCs: 10.1.12.1, records 1, nonce 0x188823A0-0xAFF029C8
*Oct 16 13:32:40.702: LISP: Processing map request record for EID prefix IID 0 172.16.4.4/32
*Oct 16 13:32:40.702: LISP-0: Sending map-reply from 10.1.34.4 to 10.1.12.1.

封包擷取

在MR上

以下資料包捕獲用於來自R1的R4的對映請求:

Internet Protocol Version 4, Src: 10.1.15.1 (10.1.15.1), Dst: 192.168.5.5 (192.168.5.5)
    Version: 4
    Header Length: 20 bytes
    Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    Total Length: 120
    Identification: 0x1446 (5190)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 31
    Protocol: UDP (17)
    Header checksum: 0xa7c0 [validation disabled]
    Source: 10.1.15.1 (10.1.15.1)
    Destination: 192.168.5.5 (192.168.5.5)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 4342 (4342), Dst Port: 4342 (4342)
Locator/ID Separation Protocol
Internet Protocol Version 4, Src: 10.1.12.1 (10.1.12.1), Dst: 172.16.4.4 (172.16.4.4)
    Version: 4
    Header Length: 20 bytes
    Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    Total Length: 88
    Identification: 0x1445 (5189)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 32
    Protocol: UDP (17)
    Header checksum: 0xbf7a [validation disabled]
    Source: 10.1.12.1 (10.1.12.1)
    Destination: 172.16.4.4 (172.16.4.4)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 4342 (4342), Dst Port: 4342 (4342)
Locator/ID Separation Protocol
在MS上

對映暫存器資料包捕獲如下:

Internet Protocol Version 4, Src: 10.1.47.4 (10.1.47.4), Dst: 192.168.7.7 (192.168.7.7)
User Datagram Protocol, Src Port: 4342 (4342), Dst Port: 4342 (4342)
Locator/ID Separation Protocol
    0011 .... .... .... .... .... = Type: Map-Register (3)
    .... 0... .... .... .... .... = P bit (Proxy-Map-Reply): Not set
    .... .0.. .... .... .... .... = S bit (LISP-SEC capable): Not set
    .... ..1. .... .... .... .... = I bit (xTR-ID present): Set
    .... ...0 .... .... .... .... = R bit (Built for an RTR): Not set
    .... .... 0000 0000 0000 000. = Reserved bits: 0x000000
    .... .... .... .... .... ...1 = M bit (Want-Map-Notify): Set
    Record Count: 1
    Nonce: 0x56d89121c39c2892
    Key ID: 0x0001
    Authentication Data Length: 20
    Authentication Data&colon; ce8f37f14c76d49e52717d1c5407e638e2733015
    Mapping Record 1, EID Prefix: 172.16.4.4/32, TTL: 1440, Action: No-Action, Authoritative
        Record TTL: 1440
        Locator Count: 1
        EID Mask Length: 32
        000. .... .... .... = Action: No-Action (0)
        ...1 .... .... .... = Authoritative bit: Set
        .... .000 0000 0000 = Reserved: 0x0000
        0000 .... .... .... = Reserved: 0x0000
        .... 0000 0000 0000 = Mapping Version: 0
        EID Prefix AFI: IPv4 (1)
        EID Prefix: 172.16.4.4 (172.16.4.4)
        Locator Record 1, Local RLOC: 10.1.34.4, Reachable, Priority/Weight: 1/100, Multicast Priority/Weight: 255/0
    xTR-ID: f7de6c9306f8dda47d6400b119ec9669
    Site-ID: 0000000000000000
在R1上

從R4接收的R1上捕獲的Map-Reply消息

Internet Protocol Version 4, Src: 10.1.34.4 (10.1.34.4), Dst: 10.1.12.1 (10.1.12.1)
User Datagram Protocol, Src Port: 4342 (4342), Dst Port: 4342 (4342)
Locator/ID Separation Protocol
    0010 .... .... .... .... .... = Type: Map-Reply (2)
    .... 0... .... .... .... .... = P bit (Probe): Not set
    .... .0.. .... .... .... .... = E bit (Echo-Nonce locator reachability algorithm enabled): Not set
    .... ..0. .... .... .... .... = S bit (LISP-SEC capable): Not set
    .... ...0 0000 0000 0000 0000 = Reserved bits: 0x000000
    Record Count: 1
    Nonce: 0xe9ee73f07b0cb7d6
    Mapping Record 1, EID Prefix: 172.16.4.4/32, TTL: 1440, Action: No-Action, Authoritative
        Record TTL: 1440
        Locator Count: 1
        EID Mask Length: 32
        000. .... .... .... = Action: No-Action (0)
        ...1 .... .... .... = Authoritative bit: Set
        .... .000 0000 0000 = Reserved: 0x0000
        0000 .... .... .... = Reserved: 0x0000
        .... 0000 0000 0000 = Mapping Version: 0
        EID Prefix AFI: IPv4 (1)
        EID Prefix: 172.16.4.4 (172.16.4.4)
        Locator Record 1, Local RLOC: 10.1.34.4, Reachable, Priority/Weight: 1/100, Multicast Priority/Weight: 255/0

TAC Authored

由思科工程師貢獻

  • Naveen Bansal
    Cisco TAC工程師
  • Subeh Sharma
    Cisco TAC工程師

這份文件是否有所幫助?

Feedback意見

讓思科協助您

本文件適用於這些產品