- Read Me First
- Locator ID Separation Protocol (LISP) Overview
- Configuring LISP (Locator ID Separation Protocol)
- LISP Multicast
- LISP Shared Model Virtualization
- LISP Parallel Model Virtualization
- LISP Host Mobility Across Subnet
- LISP Delegate Database Tree (DDT)
- LISP ESM Multihop Mobility
- LISP Support for Disjoint RLOC Domains
- LISP Data Plane Security
- LISP Reliable Registration
- Overlapping Prefix
- LISP Generalized SMR
- TTL Propagate Disable and Site-ID Qualification
- DNA SA Border Node Support
TTL Propagate Disable and Site-ID Qualification
The TTL Propagate Disable feature supports disabling of the TTL (Time-To-Live) propagation for implementing the traceroute tool in a LISP network when RLOC and EID belong to different address-family.
The Site ID Qualification feature supports Endpoint Identifier (EID) prefix registration by multiple LISP sites.
- Information About TTL Propagate Disable and Site-ID Qualification
- How to Configure Site ID Qualification
- How to Disable TTL Propagation
- Additional References for TTl Propagate Disable and Site-ID Qualification
- Feature Information for TTL Propagate Disable and Site-ID Qualification
Information About TTL Propagate Disable and Site-ID Qualification
LISP Site
LISP site is a set of routers in an edge network that are under a single technical administration. LISP routers in the edge network are the demarcation points to separate the edge network from the core network.
Map Server (MS)
An MS implements part of the distributed LISP mapping database by accepting registration requests from its client Egress Tunnel Routers (ETRs) and aggregating the successfully registered EID prefixes of ETRs.
Routing Locator (RLOC)
An RLOC is an IPv4 or IPv6 address of an Egress Tunnel Router (ETR).
Traceroute Tool
The traceroute tool is used to discover the routes that packets take when traveling to their destination.
Site ID Qualification
A site is best conceptualized as an authentication domain: A set of ETRs under the same administrative control. The map server authenticates all ETRs in a site using the same shared key. Without the concept of a site, the map server would be required to have prior knowledge of every ETR in the network along with its authentication key. Site managers will not be able to deploy new ETRs without changing the configuration of the map servers. When a site is considered as an authentication domain as opposed to a topological grouping, then it is easy to see that the benefit of site ID qualification resides in the ability of reaching an EID prefix through ETRs under different administrative control.
With Site ID Qualification, the map server can have the same prefix configuration under multiple sites. The name of the feature stems from the requirement that any two sites with at least one prefix in common must be qualified with a unique site IDs.
TTL Propagation
When TTL propagation is enabled the traceroute tool can display all middle hops between an LISP ITR and ETR. However, when RLOC and EID are of different address-family the traceroute output is undesirable.
When the above cross address-family situation exists, LISP does not propagate TTL between inner and outer IPv4 or IPv6 headers. During encapsulation, ITR uses the maximum permissible TTL in the outer header instead of using the TTL value from the inner header.
It is better to make the LISP tunnel between the ITR and ETR appear as a single hop to the client of traceroute. This is done through the disable-ttl-propagate configuration CLI either for a specific eid-table or the entire router lisp tag.
 Note | The TTL propagation is turned on automatically. |
How to Configure Site ID Qualification
Configuring Site ID Qualification
site A
conf t
router lisp
site A
site-id 1
authentication-key key1
eid-prefix 1.2.0.0/16 accept-more-specifics
site B
conf t
router lisp
site A
site-id 1
authentication-key key2
eid-prefix 1.2.0.0/16 accept-more-specifics
Example: Site ID Qualification
When a site ID registration is received, the map server searches for the longest matching configured prefix. If the resulting prefix is less specific than the registration and does not have "accept-more-specifics" keyword, the registration is rejected; otherwise it is authenticated using the key of the site associated with the prefix. In this example "lazy" map server configuration is used so that an ETR can register any prefix with the map server.
Lazy Map Server Configuration:
Note | Setup a new MSMR that has the same lazy configuration for two different sites. |
enable conf t router lisp locator-table default site A site-id 100 authentication-key key1 eid-prefix 0.0.0.0/0 accept-more-specifics eid-prefix 2000:AAAA:BBBB::/96 accept-more-specifics exit ! site B site-id 200 authentication-key key2 eid-prefix 0.0.0.0/0 accept-more-specifics eid-prefix 10.0.0.0/8 accept-more-specifics eid-prefix 21.0.0.0/8 accept-more-specifics eid-prefix 2000:BBBB:AAAA::/96 accept-more-specifics exit ipv4 map-server ipv4 map-resolver ipv6 map-server ipv6 map-resolver exit
How to Disable TTL Propagation
Note | The TTL propagation can be disabled for a specific EID-table or an entire router LISP tag. |
- Disabling TTL Propagation for EID-Table
- Disabling TTL Propagation for Router LISP Tag
- Verifying TTL Propagate Disable
Disabling TTL Propagation for EID-Table
enable configure terminal router lisp eid-table default instance-id 0 disable-ttl-propagate end
Disabling TTL Propagation for Router LISP Tag
enable configure terminal router lisp disable-ttl-propagate end
Verifying TTL Propagate Disable
Perform this task to verify the TTL Propagate Disable feature which is enabled automatically in the LISP network. In this example, a LISP site uses a single edge router that functions as both ITR and ETR (known as an xTR). Routing Locators (RLOCs) are in IPv4. EID prefixes are in both IPv4 and IPv6. The LISP site registers to two map server/map resolver (MSMR) devices in the network core. The topology used in verifying TTL Propagate Disable is as shown in the figure below.
The components as shown in the topology are described below:
- xTR1 and xTR2 are xTRs for 2 LISP sites.
- Core1 and Core 2 are routing locators (RLOCs) core routers with no LISP configuration.
- New MSMR is a map-server and map-resolver with reliable map-registration support, whereas Old MSMR does not support reliable map-registration.
- PxTR1 works as a Proxy Ingress Tunnel Router (PITR) and Proxy Egress Tunnel Router (PETR) between the network with 10.0.0.0/8 prefix and the LISP sites.
- Only static routing protocols are used in this setup to reduce control traffic.
Note | An IPv6 EID and IPv4 RLOC traceroute output will hide the middle hops between ITR and ETR even when TTL propagation is not disabled. |
After disabling TTL propagation, an IPv4 EID over IPv4 RLOC traceroute output appears as below on Host A:
Device# traceroute 192.168.0.22 Type escape sequence to abort. Tracing the route to 192.168.0.22 VRF info: (vrf in name/id, vrf out name/id) 1 203.0.113.11 1 msec 1 msec 0 msec 2 10.40.40.21 1 msec 1 msec 1 msec 3 192.168.0.22 0 msec 2 msec *
Additional References for TTl Propagate Disable and Site-ID Qualification
Related Documents
|
Document Title |
Location |
|---|---|
|
Cisco IOS commands |
|
|
LISP commands |
Standards and RFCs
|
Standard/RFC |
Title |
|---|---|
|
RFC 6830 |
The Locator/ID Separation Protocol (LISP) |
Technical Assistance
|
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for TTL Propagate Disable and Site-ID Qualification
|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
TTL Propagate Disable and Site-ID Qualification |
Cisco IOS XE Denali 16.2 |
The TTL Propagate Disable feature supports disabling of the TTL (Time-To-Live) propagation for implementing the traceroute tool in a LISP network when RLOC and EID belong to different address-family. The Site ID Qualification feature supports Endpoint Identifier (EID) prefix registration by multiple LISP sites. The following commands were modified: disable-ttl-propagate, eid-prefix, eid-table, router lisp, site-id, traceroute. |
Feedback