- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
01-LISP配置
本章节下载: 01-LISP配置 (565.00 KB)
目 录
设备各款型对于本节所描述的特性支持情况有所不同,详细差异信息如下:
|
型号 |
特性 |
描述 |
|
ICG2000D |
LISP |
不支持 |
|
ICG 3000S |
支持 |
|
|
ICG3000F/3000F-DP |
支持 |
|
|
ICG 5000G/5000T |
支持 |
|
|
ICG 6000 |
支持 |
LISP(Locator/ID Separation Protocol,位置/ID分离协议)协议提供了一种新型的网络架构,把IP地址分为两个独立的地址空间:
· EID(Endpoint Identifier,节点标识符)地址空间:通信节点的主机地址。
· RLOC(Routing Locator,路由标识符)地址空间:LISP路由器的地址。
RLOC用来表明位置,定义了设备如何接入网络,如何能被找到;EID用来表明位置,定义了设备是谁,属于什么组织。站点发出的数据包被打上两层包头,内部包头为EID,外部包头为RLOC,设备依靠RLOC地址将数据包发送出去,到目的设备后去掉外部RLOC包头,根据EID将数据包送到目的站点,这种模式称为映射与封装机制。由于这种机制采用的是两层封装的方式,大部分网络设备无需做很多改动,只需网络边缘的路由器支持数据包的封装和解封装即可。
LISP协议具有下列优点:
· 可解决当前Internet网络过大,路由表过多的问题;
· 通信终端位置发生变化,其EID地址可以保持不变,可实现园区内的移动办公;
· 可实现跨三层的虚拟机迁移,同时解决迁移后访问路径的优化问题;
· 可实现虚拟化/多租户。
图1-1 LISP协议设计示意图
如图1-1所示:
· 核心网络:使用PA(Provider Allocated,分发提供者)地址,用于核心网的路由。
· 客户网络:内部使用PI(Provider Independent,独立提供者)地址,既作为主机的标识符也用于内部的路由寻址。
· ITR(Ingress Tunnel Router,入方向隧道路由器):接收到从终端发送来的报文,对报文进行LISP封装,通过LISP隧道发送给远端的ETR设备。
· ETR(Egress Tunnel Router,出方向隧道路由器):接收到ITR发送过来的LISP数据报文,解除LISP封装,然后将此报文按照EID地址进行转发。
· xTR:同时支持ITR和ETR功能的设备,称为xTR。
· FHR(First Hop Router,第一跳路由器):在大二层网络下的多跳迁移场景中,主机直连的路由器称为第一跳路由器,负责迁移主机发现,并通知Site GW xTR设备。
· Site GW xTR:在大二层网络下的多跳迁移场景中,站点网关xTR设备负责数据包的封装和解封装。
目前只实现了4O4(IPv4 to IPv4)的封装。
LISP数据平面主要进行隧道封装,即对原始的IP报文进行UDP封装,并添加LISP头信息,共增加长度36~56字节,协议可以支持4O4/4O6/6O4/6O6封装。具体的报文头如图1-2所示。
LISP控制平面主要进行映射信息控制。
基本概念:
· Mapping-Database:EID地址与RLOC地址的映射关系,每个LISP站点的所有ETR上都维护有本站点的EID-to-RLOC映射关系。
· MS(Map Server,映射服务器):负责接收ETR发送的注册报文,维护映射关系。
· MR(Map Resolver,映射解答者):负责处理请求报文。
MS和MR为同一台设备。
LISP协议报文为UDP报文,端口号为4342。LISP协议报文共分为下面几种:
· Map-Request:请求报文。ITR通过发送请求报文向MR或者ETR请求EID-to-RLOC映射。请求报文的UDP目的端口号为4342,源端口号随机生成。
· Map-Reply:应答报文。ETR通过回应应答报文来响应请求报文。应答报文的UDP源端口号为4342,目的端口号为请求报文源端口号。
· Map-Register:注册报文。ETR周期性地向MS发送注册报文,将本站点的EID-to-RLOC映射关系向MS注册。注册报文的UDP目的端口号为4342,源端口号随机生成。
· ECM(Encapsulated Control Message,封装控制信息):隧道封装报文。当ITR发送请求报文给MR,或者MS转发请求报文给ETR时,使用ECM封装。即在原请求报文的外层,再添加一层LISP封装,外层的源地址、目的地址都是全局RLOC地址,UDP目的端口号为4342,源端口号为随机生成。
· Map-Notify:通知报文。当ETR发送注册报文给MS,MS收到之后会回应通知报文给ETR,用于通知ETR注册报文已经收到并处理。
· Map-ACK:确认报文。ETR收到通知报文之后,向MS回应确认报文,通知MS已经收到此通知报文。
注册过程如下:
(1) ETR周期性地将本站点的EID-to-RLOC映射信息通过注册报文向MS注册;
(2) MS收到注册报文,记录对应站点的映射关系。
请求过程如下:
(1) 主机通过DNS服务器得到要通信的对端的IP地址,并将报文发送给ITR;
(2) ITR检查源地址为EID地址,并且本地没有对应的映射关系,于是向MR发送请求报文,此请求报文被封装在ECM报文中发送给MR;
(3) MR收到ECM报文后进行解封装,然后将请求报文转给MS处理;
(4) MS根据本地注册的映射关系,将此请求报文重新进行ECM封装,并发送给对应的ETR处理;
(5) ETR收到此请求报文,解开ECM封装,根据本地维护的映射关系,向ITR回应应答报文;
(6) ITR收到应答报文,根据应答报文中的信息,维护映射关系;
(7) ITR下一次再收到主机发送的数据报文时,便可根据映射关系将数据报文进行LISP封装,发送到ETR处理了。
设备各款型对于本节所描述的特性支持情况有所不同,详细差异信息如下:
|
型号 |
特性 |
描述 |
|
ICG2000D |
LISP对多实例的支持 |
不支持 |
|
ICG 3000S |
支持 |
|
|
ICG3000F/3000F-DP |
支持 |
|
|
ICG 5000G/5000T |
支持 |
|
|
ICG 6000 |
支持 |
LISP网络支持多实例。当不同租户的流量需要在不同的站点之间扩展时,可以采用多个实例来实现。每个实例使用实例ID来唯一标识。如图1-3中定义了三个LISP实例。
多实例实现了以下功能:
· LISP的控制报文和数据报文中都可以携带24位的实例ID,通过实例实现了虚拟化;
· 不同租户的控制信息和数据流被实例ID标记,映射关系在数据库和缓存中同样被标记;
· 实例ID可以映射为VRF的实例ID。在边缘设备上通过VRF实现不同缓存;
· LISP支持两级虚拟化,EID和RLOC可以分别映射不同的实例ID。
支持不同子网下的虚拟机迁移。例如,在数据中心的灾备模式下使用。
图1-4 跨网段虚拟机迁移应用场景示意图
在大二层网络下的虚拟机迁移以及虚拟机多跳迁移,需要与EVI结合使用。例如,在双活数据中心中使用。
图1-5 同网段虚拟机迁移应用场景示意图
与LISP相关的协议规范有:
· RFC 6830:The Locator/ID Separation Protocol(LISP)
· RFC 6833:Locator/ID Separation Protocol (LISP) Map-Server Interface
· RFC 6835:The Locator/ID Separation Protocol Internet Groper(LIG)
表1-1 LISP配置任务简介
|
配置任务 |
说明 |
详细配置 |
|
|
配置LISP的基本功能 |
使能LISP功能 |
必选 |
|
|
配置LISP支持多实例 |
可选 |
||
|
配置ITR/ETR功能 |
必选 |
||
|
配置MR功能 |
必选 |
||
|
配置MS功能 |
必选 |
||
|
配置LISP的映射信息控制 |
配置ETR接受请求报文中的映射信息 |
可选 |
|
|
配置映射缓存表项的存活时间 |
可选 |
||
|
配置映射缓存表项的最大个数 |
可选 |
||
|
配置允许注册的RLOC地址 |
可选 |
||
|
配置虚拟机迁移 |
可选 |
||
在配置LISP的基本功能之前,需完成以下任务:
· 配置链路层协议
· 配置接口的网络层地址,使相邻节点的网络层可达
表1-2 使能LISP功能
|
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
使能LISP功能,并进入LISP视图 |
lisp |
缺省情况下,LISP功能处于关闭状态 |
表1-3 配置LISP支持多实例
|
操作 |
命令 |
说明 |
|
进入系统视图 |
system-view |
- |
|
进入LISP视图 |
lisp |
- |
|
创建LISP-VRF,并进入LISP-VRF视图 |
vrf vrf-name |
缺省情况下,不存在LISP-VRF |
设备同时使能ITR/ETR功能之后,即为xTR。
表1-4 配置ITR/ETR功能
|
操作 |
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
|
进入LISP视图或LISP-VRF视图 |
进入LISP视图 |
lisp |
- |
|
进入LISP-VRF视图 |
lisp |
||
|
vrf vrf-name |
|||
|
使能IPv4 ETR功能 |
etr |
缺省情况下,IPv4 ETR功能处于关闭状态 |
|
|
使能IPv4 ITR功能 |
itr |
缺省情况下,IPv4 ITR功能处于关闭状态 |
|
|
配置LISP的EID-to-RLOC映射关系 |
database-mapping eid-prefix prefix-length locator priority priority weight weight |
缺省情况下,未配置LISP的EID-to-RLOC映射关系 |
|
|
(可选)配置EID-to-RLOC数据库中的RLOC地址不可达 |
locator-down eid-prefix prefix-length locator |
缺省情况下,未配置EID-to-RLOC数据库中的RLOC地址不可达 |
|
|
配置IPv4 ETR所使用的MS服务器地址 |
etr map-server map-server-address authentication-mode none [ proxy-reply ] etr map-server map-server-address authentication-mode sha-1 authentication-key { ciphertext | plaintext } string [ proxy-reply ] |
缺省情况下,未配置IPv4 ETR所使用的MS服务器地址 最多允许配置2个MS地址 |
|
|
配置IPv4 ITR所使用的MR服务器地址 |
itr map-resolver map-resolver-address |
缺省情况下,未配置IPv4 ITR所使用的MR服务器地址 最多允许配置2个MR地址 |
|
|
(可选)配置IPv4 ITR能够接收的应答报文中的最短前缀长度,或者IPv4 ETR能够接收的请求报文中mapping-data的最短前缀长度 |
shortest-eid-prefix-length prefix-length |
缺省情况下,最短前缀长度为16 |
|
|
(可选)配置EID前缀的实例ID |
xtr instance-id instance-id |
缺省情况下,EID前缀实例ID为0 |
|
表1-5 配置MR功能
|
操作 |
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
|
进入LISP视图或LISP-VRF视图 |
进入LISP视图 |
lisp |
- |
|
进入LISP-VRF视图 |
lisp |
||
|
vrf vrf-name |
|||
|
使能IPv4 MR功能 |
map-resolver |
缺省情况下,IPv4 MR功能处于关闭状态 |
|
表1-6 配置LISP MS功能
|
操作 |
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
|
进入LISP视图或LISP-VRF视图 |
进入LISP视图 |
lisp |
- |
|
进入LISP-VRF视图 |
lisp |
||
|
vrf vrf-name |
|||
|
使能IPv4 MS功能 |
map-server |
缺省情况下,IPv4 MS功能处于关闭状态 |
|
|
创建站点,并进入站点视图 |
site site-name |
缺省情况下,不存在站点 |
|
|
(可选)配置站点的描述信息 |
description text |
缺省情况下,站点未配置描述信息 |
|
|
(可选)配置站点的认证模式 |
authentication-mode sha-1 authentication-key { ciphertext | plaintext } string authentication-mode none |
缺省情况下,未配置站点的认证模式 认证密码需要与ETR上配置的认证密码相同 |
|
|
配置站点允许的EID前缀 |
eid-prefix eid-prefix prefix-len [ instance-id id ] [ accept-more-specifics ] |
缺省情况下,未配置站点允许的EID前缀 此EID前缀需要与ETR上配置的database-mapping命令中的EID前缀一致 MS必须和xtr instance-id命令配置相同的instance ID |
|
在实际应用中,有时候需要对LISP的EID-to-RLOC映射信息进行更为精确的控制以满足复杂网络环境的需要。
在配置之前,需完成以下任务:
· 配置接口的网络层地址,使相邻节点网络层可达
· 配置LISP的基本功能
ITR在发送请求报文时,如果自身也是ETR,可以将自身的映射信息携带在请求报文中。ETR可以选择直接接受并缓存请求报文中的映射信息,这样可以加快缓存速度。
表1-7 配置ETR接受请求报文中的映射信息
|
操作 |
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
|
进入LISP视图或LISP-VRF视图 |
进入LISP视图 |
lisp |
- |
|
进入LISP-VRF视图 |
lisp |
||
|
vrf vrf-name |
|||
|
配置ETR接受请求报文中的映射信息 |
etr accept-map-request-mapping [ verify ] |
缺省情况下,ETR不接受请求报文中的映射信息 |
|
ETR向MS发送注册报文,或者回应ITR的映射请求发送应答报文时,会指定映射缓存表项的存活时间。ITR建立映射缓存表项时,将根据ETR上的值来设置。
表1-8 配置映射缓存表项的存活时间
|
操作 |
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
|
进入LISP视图或LISP-VRF视图 |
进入LISP视图 |
lisp |
- |
|
进入LISP-VRF视图 |
lisp |
||
|
vrf vrf-name |
|||
|
配置映射缓存表项的存活时间 |
etr map-cache-ttl ttl |
缺省情况下,映射缓存表项的存活时间为1440分钟 |
|
为了控制映射缓存表的规模,可以设置映射缓存表项的最大个数。
表1-9 配置映射缓存表项的最大个数
|
操作 |
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
|
进入LISP视图或LISP-VRF视图 |
进入LISP视图 |
lisp |
- |
|
进入LISP-VRF视图 |
lisp |
||
|
vrf vrf-name |
|||
|
配置映射缓存表项的最大个数 |
map-cache-limit cache-limit |
缺省情况下,映射缓存表项的最大个数没有限制 |
|
本特性在MS上进行配置。
配置本特性后,MS在收到注册报文时,只有在RLOC地址列表中的RLOC地址才能够注册成功。
表1-10 配置允许注册的RLOC地址
|
操作 |
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
|
进入LISP视图或LISP-VRF视图 |
进入LISP视图 |
lisp |
- |
|
进入LISP-VRF视图 |
lisp |
||
|
vrf vrf-name |
|||
|
进入站点视图 |
site site-name |
- |
|
|
配置允许注册的RLOC地址 |
allowed-locator rloc-address |
缺省情况下,允许所有的RLOC地址注册 MS上最多可以配置8个允许的RLOC地址 |
|
在配置虚拟机迁移功能之前,需完成以下任务:
· 配置接口的网络层地址,使相邻节点网络层可达
· 配置LISP的基本功能
表1-11 配置虚拟机迁移
|
操作 |
命令 |
说明 |
|
|
进入系统视图 |
system-view |
- |
|
|
进入LISP视图或LISP-VRF视图 |
进入LISP视图 |
lisp |
- |
|
进入LISP-VRF视图 |
lisp |
||
|
vrf vrf-name |
|||
|
创建dynamic-EID检测策略,并进入dynamic-EID视图 |
dynamic-eid dynamic-eid-name |
缺省情况下,不存在dynamic-EID检测策略 |
|
|
配置动态EID空间的EID与RLOC的映射关系 |
database-mapping eid-prefix prefix-length locator priority priority weight weight |
缺省情况下,未配置动态EID空间的EID与RLOC的映射关系 |
|
|
配置动态EID空间的MS服务器地址 |
map-server map-server-address authentication-mode none [ proxy-reply ] map-server map-server-address authentication-mode sha-1 authentication-key { ciphertext | plaintext } string [ proxy-reply ] |
缺省情况下,未配置动态EID空间下的MS服务器地址 最多允许配置2个MS服务器 |
|
|
(可选)配置Map-Notify报文的组播组地址 |
map-notify-group map-notify-group-address |
缺省情况下,未配置Map-Notify报文的组播组地址 |
|
|
配置允许迁移的dynamic-EID范围 |
roaming-eid-prefix eid-prefix prefix-length |
缺省情况下,允许迁移的dynamic-EID范围为0.0.0.0/0 |
|
|
(可选)在第一跳路由器上开启发送动态EID信息的功能并配置认证模式 |
eid-notify xtr-address authentication-mode { none | sha-1 authentication-key { ciphertext | plaintext } string } |
缺省情况下,第一跳路由器上没有开启发送动态EID信息的功能 |
|
|
(可选)在xTR设备上开启接收动态EID信息的功能并配置认证模式 |
eid-notify authentication-mode { none | sha-1 authentication-key { ciphertext | plaintext } string } |
缺省情况下,xTR设备上没有开启接收动态EID信息的功能 |
|
|
进入接口视图 |
interface interface-type interface-number |
- |
|
|
配置接口下指定的dynamic-EID检测策略 |
lisp mobility dynamic-eid-name |
缺省情况下,接口下没有指定dynamic-EID策略 |
|
|
(可选)使能网段扩展能力 |
lisp extended-subnet-mode |
缺省情况下,网段扩展能力处于关闭状态 |
|
LIG(LISP Internet Groper)是一种探测解析机制。LIG给管理员提供一个CLI命令,让用户可以在没有数据发送的情况下,通过命令行在设备上建立映射信息。
LIG通过触发一次Map请求和应答过程,获取一个EID/RLOC数据库映射表项,并将结果显示给用户,请求的EID可以是路由器或主机的EID,主要应用在下面两个场景:
(1) 获取特定EID在映射数据库中的映射信息;
(2) 确认站点是否成功向MS注册。
在任意视图下执行lig命令可以用来查询EID数据库映射关系。
表1-12 查询EID数据库映射关系
|
操作 |
命令 |
说明 |
|
查询EID数据库映射关系 |
lig { destination-eid | hostname | self } [ count count ] [ source source-eid ] [ to map-resolver ] [ timer timeout ] [ vrf vrf-name ] |
在任意视图下执行 |
在完成上述配置后,在任意视图下执行display命令可以显示配置后LISP的运行情况,通过查看显示信息验证配置的效果。
在用户视图下执行reset命令可以清除LISP的相关信息。
表1-13 LISP显示和维护
|
命令 |
|
|
显示IPv4 LISP的配置状态信息 |
display lisp ipv4 |
|
显示IPv4 LISP的本地EID前缀信息 |
display lisp ipv4 database [ destination-eid-prefix [ prefix-length ] ] [ default | vrf vrf-name ] |
|
显示IPv4 LISP的map-cache表项信息 |
display lisp ipv4 map-cache [ destination-eid-prefix [ prefix-length ] ] [ default | vrf vrf-name ] [ verbose ] |
|
显示IPv4 LISP的data-cache表项信息 |
display lisp ipv4 data-cache [ destination- eid ] [ default | vrf vrf-name ] |
|
显示IPv4 LISP的统计信息 |
display lisp ipv4 statistics [ default | vrf vrf-name ] |
|
显示IPv4 LISP的站点信息 |
display lisp site [ destination-eid-prefix [ prefix-length ] | name site-name ] [ default | vrf vrf-name ] [ verbose ] |
|
显示LISP dynamic-EID检测策略和检测到的动态EID信息 |
display lisp dynamic-eid [ name dynamic-eid-name ] [ default | vrf vrf-name ] [ verbose ] |
|
清除IPv4 LISP的data-cache表项信息 |
reset lisp ipv4 data-cache [ default | vrf vrf-name ] [ destination-eid ] |
|
清除IPv4 LISP的动态map-cache表项信息 |
reset lisp ipv4 map-cache [ default | vrf vrf-name ] [ destination-eid-prefix [ prefix-length ] ] |
|
清除IPv4 LISP的统计信息 |
reset lisp ipv4 statistics [ default | vrf vrf-name ] |
|
清除IPv4 LISP的站点信息 |
reset lisp site [ name site-name ] [ default | vrf vrf-name ] |
|
清除检测到的动态EID信息 |
reset lisp dynamic-eid [ default | vrf vrf-name ] [ eid-prefix ] |
所有设备都使能LISP功能后可以互通。其中,Router A和Router C作为xTR,Router B作为MR/MS。
图1-6 LISP基本功能配置组网图
(1) 配置各接口的IP地址(略)
(2) 配置动态路由协议,使各RLOC地址之间的路由相通(略)
(3) 使能LISP功能
# 配置Router A,使能xTR功能。
<RouterA> system-view
[RouterA] lisp
[RouterA-lisp] itr
[RouterA-lisp] itr map-resolver 192.168.1.2
[RouterA-lisp] etr
[RouterA-lisp] database-mapping 10.1.1.0 24 192.168.1.1 priority 1 weight 1
[RouterA-lisp] etr map-server 192.168.1.2 authentication-mode sha-1 authentication-key plaintext 123456
[RouterA-lisp] quit
# 查看Router A的IPv4 LISP的配置状态信息。
[RouterA] display lisp ipv4
LISP IP Configuration Information for Public VRF (iid 0)
Ingress Tunnel Router (ITR): enabled
Egress Tunnel Router (ETR): enabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
Locator VRF: default
LISP-NAT Interworking: disabled
ITR send Map-Request: disabled
ITR send Data-Probe: disabled
LISP ALT-VRF: not configured
ETR glean mapping: disabled, verify disabled
ETR accept mapping data: disabled, verify disabled
ETR Map-Cache TTL: 1440 minutes
Shortest EID-prefix allowed: /16
Locator Reachability Algorithms:
Echo-nonce algorithm: disabled
TCP-counts algorithm: disabled
RLOC-probe algorithm: disabled
Static mappings configured: 0
Map-Cache limit: 0xFFFFFFFF
Map-Cache size: 0
Map-Resolver (MR): disabled
Map-Server (MS): disabled
# 查看Router A的LISP ETR上配置的本地IPv4 EID前缀信息。
[RouterA] display lisp ipv4 database
LISP ETR IP Mapping Database for Public VRF (iid 0), 1 entries
EID-prefix: 10.1.1.0/24, instance-id: 0, LSBs: 0x00000001, Sync Flags: 0x0001
Locator: 192.168.1.1, priority: 1, weight: 1
Uptime: 00:00:20, state: up, local
Data in/out: 0/0
# 配置Router B,使能MR/MS功能。
<RouterB> system-view
[RouterB] lisp
[RouterB-lisp] map-resolver
[RouterB-lisp] map-server
[RouterB-lisp] site A
[RouterB-lisp-site-A] authentication-mode sha-1 authentication-key plaintext 123456
[RouterB-lisp-site-A] eid-prefix 10.1.1.0 24
[RouterB-lisp-site-A] quit
[RouterB-lisp] site C
[RouterB-lisp-site-C] authentication-mode sha-1 authentication-key plaintext 123456
[RouterB-lisp-site-C] eid-prefix 20.1.1.0 24
[RouterB-lisp-site-C] quit
[RouterB-lisp] quit
# 查看Router B的IPv4 LISP的配置状态信息。
[RouterB] display lisp ipv4
LISP IP Configuration Information for Public VRF (iid 0)
Ingress Tunnel Router (ITR): disabled
Egress Tunnel Router (ETR): disabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
Locator VRF: default
LISP-NAT Interworking: disabled
ITR send Map-Request: disabled
ITR send Data-Probe: disabled
LISP ALT-VRF: not configured
ETR glean mapping: disabled, verify disabled
ETR accept mapping data: disabled, verify disabled
ETR Map-Cache TTL: 1440 minutes
Shortest EID-prefix allowed: /16
Locator Reachability Algorithms:
Echo-nonce algorithm: disabled
TCP-counts algorithm: disabled
RLOC-probe algorithm: disabled
Static mappings configured: 0
Map-Cache limit: 0xFFFFFFFF
Map-Cache size: 0
Map-Resolver (MR): enabled
Map-Server (MS): enabled
# 查看Router B的LISP站点信息。
[RouterB] display lisp site
LISP Site Registration Information for Public VRF
Site Name Last Actively Who last EID-prefix Inst
Registered Registered Registered ID
A never no -- 10.1.1.0/24 0
C never no -- 20.1.1.0/24 0
# 配置Router C,使能xTR功能。
<RouterC> system-view
[RouterC] lisp
[RouterC-lisp] itr
[RouterC-lisp] itr map-resolver 192.168.1.2
[RouterC-lisp] etr
[RouterC-lisp] database-mapping 20.1.1.0 24 192.168.2.2 priority 1 weight 1
[RouterC-lisp] etr map-server 192.168.1.2 authentication-mode sha-1 authentication-key plaintext 123456
[RouterC-lisp] quit
# 查看Router C的IPv4 LISP的配置状态信息。
[RouterC] display lisp ipv4
LISP IP Configuration Information for Public VRF (iid 0)
Ingress Tunnel Router (ITR): enabled
Egress Tunnel Router (ETR): enabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
Locator VRF: default
LISP-NAT Interworking: disabled
ITR send Map-Request: disabled
ITR send Data-Probe: disabled
LISP ALT-VRF: not configured
ETR glean mapping: disabled, verify disabled
ETR accept mapping data: disabled, verify disabled
ETR Map-Cache TTL: 1440 minutes
Shortest EID-prefix allowed: /16
Locator Reachability Algorithms:
Echo-nonce algorithm: disabled
TCP-counts algorithm: disabled
RLOC-probe algorithm: disabled
Static mappings configured: 0
Map-Cache limit: 0xFFFFFFFF
Map-Cache size: 0
Map-Resolver (MR): disabled
Map-Server (MS): disabled
# 查看Router C的LISP ETR上配置的本地IPv4 EID前缀信息。
[RouterC] display lisp ipv4 database
LISP ETR IP Mapping Database for Public VRF (iid 0), 1 entries
EID-prefix: 20.1.1.0/24, instance-id: 0, LSBs: 0x00000001, Sync Flags: 0x0001
Locator: 192.168.2.2, priority: 1, weight: 1
Uptime: 00:00:09, state: up, local
Data in/out: 0/0
# 等系统稳定后,查看Router B上的站点信息。
[RouterB] display lisp site
LISP Site Registration Information for Public VRF
Site Name Last Actively Who last EID-prefix Inst
Registered Registered Registered ID
A 00:00:09 yes 192.168.1.1 10.1.1.0/24 0
C 00:00:23 yes 192.168.2.2 20.1.1.0/24 0
# 此时,在Router A上指定EID地址Ping Router C的EID地址。
[RouterA] ping -a 10.1.1.1 20.1.1.1
Ping 20.1.1.1 (20.1.1.1) from 10.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
56 bytes from 20.1.1.1: icmp_seq=0 ttl=254 time=3.364 ms
56 bytes from 20.1.1.1: icmp_seq=0 ttl=254 time=2.079 ms
56 bytes from 20.1.1.1: icmp_seq=0 ttl=254 time=2.019 ms
# 在Router A上查看IPv4 LISP动态和静态的map-cache表项信息。
[RouterA] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
20.1.1.0/24, uptime: 01:48:31, expires: 22:11:29, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.2.2 01:48:31 up 1/1 6/7 1/0
# 在Router C上查看IPv4 LISP动态和静态的map-cache表项信息。
[RouterC] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
10.1.1.0/24, uptime: 00:00:13, expires: 23:59:47, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.1.1 00:00:13 up 1/1 0/0 1/0
· 存在两个LISP实例,用来实现不同租户流量在不同的站点之间的扩展。
· 所有设备都使能LISP功能。其中,Router A和Router C作为xTR,Router B作为MR/MS。
图1-7 LISP多实例配置组网图
(1) 配置各接口的IP地址、配置VPN(略)
(2) 配置接口多实例
# 在Router A上配置接口VPN。
<RouterA> system-view
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] ip binding vpn-instance 1
[RouterA-GigabitEthernet1/0/1] ip add 10.1.1.1 24
[RouterA-GigabitEthernet1/0/1] quit
[RouterA] interface gigabitethernet 1/0/2
[RouterA-GigabitEthernet1/0/2] ip binding vpn-instance 2
[RouterA-GigabitEthernet1/0/2] ip add 11.1.1.1 24
[RouterA-GigabitEthernet1/0/2] quit
[RouterA] interface gigabitethernet 1/0/3
[RouterA-GigabitEthernet1/0/3] ip binding vpn-instance locator
[RouterA-GigabitEthernet1/0/3] ip add 12.1.1.1 24
[RouterA-GigabitEthernet1/0/3] quit
# 在Router C上配置接口VPN。
<RouterC> system-view
[RouterC] interface gigabitethernet 1/0/1
[RouterC-GigabitEthernet1/0/1] ip binding vpn-instance 1
[RouterC-GigabitEthernet1/0/1] ip add 14.1.1.1 24
[RouterC-GigabitEthernet1/0/1] quit
[RouterC] interface gigabitethernet 1/0/2
[RouterC-GigabitEthernet1/0/2] ip binding vpn-instance 2
[RouterC-GigabitEthernet1/0/2] ip add 15.1.1.1 24
[RouterC-GigabitEthernet1/0/2] quit
[RouterC] interface gigabitethernet 1/0/3
[RouterC-GigabitEthernet1/0/3] ip binding vpn-instance locator
[RouterC-GigabitEthernet1/0/3] ip add 13.1.1.1 24
[RouterC-GigabitEthernet1/0/3] quit
(3) 配置LISP多实例
# 在Router A上启动LISP。
[RouterA] lisp
[RouterA-lisp] vrf 1
[RouterA-lisp-vrf-1] itr
[RouterA-lisp-vrf-1] etr
[RouterA-lisp-vrf-1] locator-vrf vrf locator
[RouterA-lisp-vrf-1] xtr instance-id 1
[RouterA-lisp-vrf-1] database-mapping 10.1.1.0 24 12.1.1.1 priority 10 weight 10
[RouterA-lisp-vrf-1] itr map-resolver 12.1.1.2
[RouterA-lisp-vrf-1] etr map-server 12.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[RouterA-lisp-vrf-1] quit
[RouterA-lisp] vrf 2
[RouterA-lisp-vrf-2] itr
[RouterA-lisp-vrf-2] etr
[RouterA-lisp-vrf-2] locator-vrf vrf locator
[RouterA-lisp-vrf-2] xtr instance-id 2
[RouterA-lisp-vrf-2] database-mapping 11.1.1.0 24 12.1.1.1 priority 10 weight 10
[RouterA-lisp-vrf-2] itr map-resolver 12.1.1.2
[RouterA-lisp-vrf-2] etr map-server 12.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[RouterA-lisp-vrf-2] quit
# 在Router B上启动LISP。
<RouterB> system-view
[RouterB] lisp
[RouterB-lisp] map-resolver
[RouterB-lisp] map-server
[RouterB-lisp] site 123
[RouterB-lisp-site-123] authentication-mode sha-1 authentication-key plaintext abc
[RouterB-lisp-site-123] eid-prefix 10.1.1.0 24 instance-id 1
[RouterB-lisp-site-123] eid-prefix 11.1.1.0 24 instance-id 2
[RouterB-lisp-site-123] eid-prefix 14.1.1.0 24 instance-id 1
[RouterB-lisp-site-123] eid-prefix 15.1.1.0 24 instance-id 2
# 在Router C上启动LISP。
[RouterC] lisp
[RouterC-lisp] vrf 1
[RouterC-lisp-vrf-1] itr
[RouterC-lisp-vrf-1] etr
[RouterC-lisp-vrf-1] locator-vrf vrf locator
[RouterC-lisp-vrf-1] xtr instance-id 1
[RouterC-lisp-vrf-1] database-mapping 14.1.1.0 24 13.1.1.1 priority 10 weight 10
[RouterC-lisp-vrf-1] itr map-resolver 12.1.1.2
[RouterC-lisp-vrf-1] etr map-server 12.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[RouterC-lisp-vrf-1] quit
[RouterC-lisp] vrf 2
[RouterC-lisp-vrf-2] itr
[RouterC-lisp-vrf-2] etr
[RouterC-lisp-vrf-2] locator-vrf vrf locator
[RouterC-lisp-vrf-2] xtr instance-id 2
[RouterC-lisp-vrf-2] database-mapping 15.1.1.0 24 13.1.1.1 priority 10 weight 10
[RouterC-lisp-vrf-2] itr map-resolver 12.1.1.2
[RouterC-lisp-vrf-2] etr map-server 12.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[RouterC-lisp-vrf-2] quit
# 在Router A上ping IID1下地址。
[RouterA] ping –vpn-instance 1 –a 10.1.1.1 14.1.1.1
Ping 14.1.1.1 (14.1.1.1) from 10.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
56 bytes from 14.1.1.1: icmp_seq=2 ttl=254 time=1.582 ms
56 bytes from 14.1.1.1: icmp_seq=3 ttl=254 time=2.199 ms
56 bytes from 14.1.1.1: icmp_seq=4 ttl=254 time=1.976 ms
[RouterA] display lisp ipv4 map-cache
LISP IP Mapping Cache for VRF 1 (iid 1), 1 entries
14.1.1.0/24, uptime: 00:04:16, expires: 23:56:44, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
13.1.1.1 00:03:16 up 10/10 0/5 0/0
# 在Router A上ping IID2下地址。
[RouterA] ping –vpn-instance 2 –a 11.1.1.1 15.1.1.1
Ping 15.1.1.1 (15.1.1.1) from 11.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
56 bytes from 15.1.1.1: icmp_seq=2 ttl=254 time=1.582 ms
56 bytes from 15.1.1.1: icmp_seq=3 ttl=254 time=2.199 ms
56 bytes from 15.1.1.1: icmp_seq=4 ttl=254 time=1.976 ms
[RouterA] display lisp ipv4 map-cache
LISP IP Mapping Cache for VRF 2 (iid 2), 1 entries
15.1.1.0/24, uptime: 00:04:16, expires: 23:56:44, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
13.1.1.1 00:03:16 up 10/10 0/5 0/0
· 对于每个EDI地址空间存在两个宿主(xTR),通过多路径来进行负载分担。
· 所有设备都使能LISP功能。其中,Router 1A、Router 2A、Router 1C和Router 2C作为xTR,Router B作为MR/MS。
图1-8 LISP支持多宿主配置组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Router 1A |
GE1/0/1 |
12.1.1.1/24 |
Router B |
GE1/0/1 |
12.1.1.2/24 |
|
Router 2A |
GE1/0/1 |
22.1.1.1/24 |
|
GE1/0/2 |
22.1.1.2/24 |
|
Router 1C |
GE1/0/1 |
33.1.1.1/24 |
|
GE1/0/3 |
33.1.1.2/24 |
|
Router 2C |
GE1/0/1 |
13.1.1.1/24 |
|
GE1/0/4 |
13.1.1.2/24 |
(1) 配置各接口的IP地址(略)
(2) 配置动态路由协议,使各RLOC地址之间的路由相通(略)
(3) 使能LISP功能
# 在Router 1A上启动LISP,配置xTR功能。
<Router1A> system-view
[Router1A] lisp
[Router1A-lisp] itr
[Router1A-lisp] etr
[Router1A-lisp] database-mapping 10.1.1.0 24 12.1.1.1 priority 10 weight 10
[Router1A-lisp] database-mapping 10.1.1.0 24 22.1.1.1 priority 10 weight 10
[Router1A-lisp] itr map-resolver 12.1.1.2
[Router1A-lisp] itr map-resolver 22.1.1.2
[Router1A-lisp] etr map-server 12.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[Router1A-lisp] etr map-server 22.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[Router1A-lisp] quit
# 在Router 2A上启动LISP,配置xTR功能。
<Router2A> system-view
[Router2A] lisp
[Router2A-lisp] itr
[Router2A-lisp] etr
[Router2A-lisp] database-mapping 10.1.1.0 24 12.1.1.1 priority 10 weight 10
[Router2A-lisp] database-mapping 10.1.1.0 24 22.1.1.1 priority 10 weight 10
[Router2A-lisp] itr map-resolver 12.1.1.2
[Router2A-lisp] itr map-resolver 22.1.1.2
[Router2A-lisp] etr map-server 12.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[Router2A-lisp] etr map-server 22.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[Router2A-lisp] quit
# 在Router B上启动LISP,配置MR/MS功能。
[RouterB] lisp
[RouterB-lisp] map-resolver
[RouterB-lisp] map-server
[RouterB-lisp] site 123
[RouterB-lisp-site-123] authentication-mode sha-1 authentication-key plaintext abc
[RouterB-lisp-site-123] eid-prefix 10.1.1.0 24
[RouterB-lisp-site-123] eid-prefix 11.1.1.0 24
[RouterB-lisp-site-123] quit
[RouterB-lisp] quit
# 在Router 1C上启动LISP,配置xTR功能。
<Router1C> system-view
[Router1C] lisp
[Router1C-lisp] itr
[Router1C-lisp] etr
[Router1C-lisp] database-mapping 11.1.1.0 24 13.1.1.1 priority 10 weight 10
[Router1C-lisp] database-mapping 11.1.1.0 24 33.1.1.1 priority 10 weight 10
[Router1C-lisp] itr map-resolver 13.1.1.2
[Router1C-lisp] itr map-resolver 33.1.1.2
[Router1C-lisp] etr map-server 13.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[Router1C-lisp] etr map-server 33.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[Router1C-lisp] quit
# 在Router 2C上启动LISP,配置xTR功能。
<Router2C> system-view
[Router2C] lisp
[Router2C-lisp] itr
[Router2C-lisp] etr
[Router2C-lisp] database-mapping 11.1.1.0 24 13.1.1.1 priority 10 weight 10
[Router2C-lisp] database-mapping 11.1.1.0 24 33.1.1.1 priority 10 weight 10
[Router2C-lisp] itr map-resolver 13.1.1.2
[Router2C-lisp] itr map-resolver 33.1.1.2
[Router2C-lisp] etr map-server 13.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[Router2C-lisp] etr map-server 33.1.1.2 authentication-mode sha-1 authentication-key plaintext abc
[Router2C-lisp] quit
# 在Router 1A上指定EID地址Ping Router 1C的EID地址。
[Router1A] ping –a 10.1.1.1 11.1.1.1
Ping 11.1.1.1 (11.1.1.1) from 10.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
56 bytes from 11.1.1.1: icmp_seq=2 ttl=254 time=1.582 ms
56 bytes from 11.1.1.1: icmp_seq=3 ttl=254 time=2.199 ms
56 bytes from 11.1.1.1: icmp_seq=4 ttl=254 time=1.976 ms
[Router1A] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
11.1.1.0/24, uptime: 00:04:16, expires: 23:56:44, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
13.1.1.1 00:03:16 up 10/10 0/5 0/0
33.1.1.1 00:03:16 up 10/10 0/0 0/0
· 虚拟机VM需要在不同网段之间迁移,迁移后需要保证IP地址不变,并且可以正常工作;
· 所有设备都使能LISP功能。其中,Router A、Router C和Router D作为xTR,Router B作为MR/MS。
图1-9 LISP跨网段虚拟机迁移配置组网图
(1) 配置各接口的IP地址(略)
(2) 配置动态路由协议,使各RLOC地址之间的路由相通(略)
(3) 配置LISP迁移
# 配置Router A。
<RouterA> system-view
[RouterA] lisp
[RouterA-lisp] itr
[RouterA-lisp] etr
[RouterA-lisp] database-mapping 10.10.10.0 24 192.168.1.1 priority 1 weight 1
[RouterA-lisp] itr map-resolver 192.168.1.2
[RouterA-lisp] etr map-server 192.168.1.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterA-lisp] dynamic-eid de1
[RouterA-lisp-dynamic-eid-de1] database-mapping 10.10.10.0 24 192.168.1.1 priority 1 weight 1
[RouterA-lisp-dynamic-eid-de1] map-server 192.168.1.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterA-lisp-dynamic-eid-de1] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] lisp mobility de1
[RouterA-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 10.10.10.10
[RouterA-GigabitEthernet1/0/1] proxy-arp enable
[RouterA-GigabitEthernet1/0/1] quit
# 配置Router B。
<RouterB> system-view
[RouterB] lisp
[RouterB-lisp] map-server
[RouterB-lisp] map-resolver
[RouterB-lisp] site DC
[RouterB-lisp-site-DC] eid-prefix 10.10.10.0 24 accept-more-specifics
[RouterB-lisp-site-DC] eid-prefix 20.20.20.0 24
[RouterB-lisp-site-DC] authentication-mode sha-1 authentication-key plaintext aaa
[RouterB-lisp-site-DC] quit
[RouterB-lisp] site client
[RouterB-lisp-site-client] eid-prefix 30.30.30.0 24
[RouterB-lisp-site-client] authentication-mode sha-1 authentication-key plaintext aaa
[RouterB-lisp-site-client] quit
[RouterB-lisp] quit
# 配置Router C。
<RouterC> system-view
[RouterC-lisp] itr
[RouterC-lisp] etr
[RouterC-lisp] database-mapping 20.20.20.0 24 192.168.2.3 priority 1 weight 1
[RouterC-lisp] itr map-resolver 192.168.2.2
[RouterC-lisp] etr map-server 192.168.2.2 authentication-mode sha-1 authentication-key p
laintext aaa
[RouterC-lisp] dynamic-eid de1
[RouterC-lisp-dynamic-eid-de1] database-mapping 10.10.10.0 24 192.168.2.3 priority 1 weight 1
[RouterC-lisp-dynamic-eid-de1] map-server 192.168.2.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterC-lisp-dynamic-eid-de1] interface gigabitethernet 1/0/1
[RouterC-GigabitEthernet1/0/1] lisp mobility de1
[RouterC-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 20.20.20.20
[RouterC-GigabitEthernet1/0/1] proxy-arp enable
[RouterC-GigabitEthernet1/0/1] quit
# 配置Router D。
<RouterD> system-view
[RouterD] lisp
[RouterD-lisp] itr
[RouterD-lisp] etr
[RouterD-lisp] database-mapping 30.30.30.0 24 192.168.3.4 priority 1 weight 1
[RouterD-lisp] itr map-resolver 192.168.3.2
[RouterD-lisp] etr map-server 192.168.3.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterD-lisp] quit
# 在Router B上查看注册信息。
[RouterB] display lisp site
LISP Site Registration Information for public VRF
Site Name Last Actively Who last EID-prefix Inst
Registered Registered Registered ID
DC 00:00:41 yes 192.168.1.1 10.10.10.0/24-0 0
00:00:32 yes 192.168.2.3 20.20.20.0/24 0
client 00:00:25 yes 192.168.3.4 30.30.30.0/24 0
# 远端LISP站点主机30.30.30.4上,ping DC1中主机10.10.10.3可以通,表明能够正常通信。
# 在Router D上查看映射缓存。
[RouterD] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
10.10.10.0/24, uptime: 01:48:31, expires: 22:11:29, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.1.1 01:48:31 up 1/1 6/7 1/0
进行虚拟机迁移,将DC1中主机10.10.10.3迁移至DC2中。
# 在Router C上查看检测到的动态EID信息。
[RouterC] display lisp dynamic-eid verbose
LISP dynamic EID information for public VRF
Dynamic EID name: de1
Database-mapping EID-prefix: 10.10.10.0/24, instance-id: 0, LSBs: 0x00000001
Locator: 192.168.2.3, Priority: 1, Weight: 1
Uptime: 00:00:15, State: up, local
Registering more-specific dynamic-EIDs
Map servers: 192.168.2.2
Site-based multicast Map-Notify group: none configured
Roaming dynamic EIDs allowed: 0.0.0.0/0
Number of roaming dynamic EIDs discovered: 1
Last dynamic EID discovered: 10.10.10.3, 00:00:15 ago
Roaming dynamic EIDs:
10.10.10.3, GigabitEthernet1/0/1, uptime: 00:00:15
discovered by: ip packet reception
# 在Router B上查看注册信息。
[RouterB] display lisp site
LISP Site Registration Information for public VRF
Site Name Last Actively Who last EID-prefix Inst
Registered Registered Registered ID
DC 00:00:41 yes 192.168.1.1 10.10.10.0/24-1 0
00:00:32 yes 192.168.2.3 20.20.20.0/24 0
client 00:00:25 yes 192.168.3.4 30.30.30.0/24 0
# 远端LISP站点主机30.30.30.4上,ping主机10.10.10.3可以通,表明能够正常通信。
# 在Router D上查看映射缓存。
[RouterD] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
10.10.10.0/24, uptime: 01:48:31, expires: 22:11:29, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.1.1 01:48:31 up 1/1 6/7 1/0
10.10.10.3/32, uptime: 01:48:31, expires: 22:11:29, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.2.3 00:01:31 up 1/1 3/3 1/0
· 在Router A、Router B、Router C和Router D上使能LISP;
· 所有设备都使能LISP功能。其中,Router A、Router C和Router D作为xTR,Router B作为MR/MS。
图1-10 LISP同网段虚拟机迁移配置组网图
(1) 配置各接口的地址(略)
(2) EVI配置(略)
(3) 配置动态路由协议,使各RLOC地址之间的路由相通(略)
(4) 配置LISP迁移
# 配置Router A。
<RouterA> system-view
[RouterA] lisp
[RouterA-lisp] itr
[RouterA-lisp] etr
[RouterA-lisp] database-mapping 10.10.10.0 24 192.168.1.1 priority 1 weight 1
[RouterA-lisp] database-mapping 10.10.10.0 24 192.168.2.3 priority 1 weight 1
[RouterA-lisp] itr map-resolver 192.168.1.2
[RouterA-lisp] etr map-server 192.168.1.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterA-lisp] dynamic-eid de1
[RouterA-lisp-dynamic-eid-de1] database-mapping 10.10.10.0 24 192.168.1.1 priority 1 weight 1
[RouterA-lisp-dynamic-eid-de1] map-server 192.168.1.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterA-lisp-dynamic-eid-de1] map-notify-group 239.0.0.2
[RouterA-lisp-dynamic-eid-de1] interface vlan-interface 1
[RouterA-vlan-interface1] lisp mobility de1
[RouterA-vlan-interface1] lisp extended-subnet-mode
[RouterA-vlan-interface1] quit
# 配置Router B。
<RouterB> system-view
[RouterB] lisp
[RouterB-lisp] map-server
[RouterB-lisp] map-resolver
[RouterB-lisp] site DC
[RouterB-lisp-site-DC] eid-prefix 10.10.10.0 24 accept-more-specifics
[RouterB-lisp-site-DC] authentication-mode sha-1 authentication-key plaintext aaa
[RouterB-lisp-site-DC] quit
[RouterB-lisp] site client
[RouterB-lisp-site-client] eid-prefix 30.30.30.0 24
[RouterB-lisp-site-client] authentication-mode sha-1 authentication-key plaintext aaa
[RouterB-lisp-site-client] quit
[RouterB-lisp] quit
# 配置Router C。
<RouterC> system-view
[RouterC] lisp
[RouterC-lisp] itr
[RouterC-lisp] etr
[RouterC-lisp] database-mapping 10.10.10.0 24 192.168.1.1 priority 1 weight 1
[RouterC-lisp] database-mapping 10.10.10.0 24 192.168.2.3 priority 1 weight 1
[RouterC-lisp] itr map-resolver 192.168.2.2
[RouterC-lisp] etr map-server 192.168.2.2 authentication-mode sha-1 authentication-key p
laintext aaa
[RouterC-lisp] dynamic-eid de1
[RouterC-lisp-dynamic-eid-de1] database-mapping 10.10.10.0 24 192.168.2.3 priority 1 weight 1
[RouterC-lisp-dynamic-eid-de1] map-server 192.168.2.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterC-lisp-dynamic-eid-de1] map-notify-group 239.0.0.2
[RouterC-lisp-dynamic-eid-de1] interface vlan-interface 1
[RouterC-vlan-interface1] lisp mobility de1
[RouterC-vlan-interface1] lisp extended-subnet-mode
[RouterC-vlan-interface1] quit
# 配置Router D。
<RouterD> system-view
[RouterD] lisp
[RouterD-lisp] itr
[RouterD-lisp] etr
[RouterD-lisp] database-mapping 30.30.30.0 24 192.168.3.4 priority 1 weight 1
[RouterD-lisp] itr map-resolver 192.168.3.2
[RouterD-lisp] etr map-server 192.168.3.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterD-lisp] quit
# 在Router B上查看注册信息。
[RouterB] display lisp site verbose
LISP Site Registration Information for public VRF
Site name: DC
Description: none configured
Allowed configured locators: any
Configured EID-prefix: 10.10.10.0/24, instance-id: 0
More-specifics registered: 1
Currently registered: yes
First registered: 00:35:22
Last registered: 00:00:25
Who last registered: 192.168.1.1
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: yes
Registered TTL: 1440 minutes
Registered locators:
192.168.1.1 (LR), priority: 1, weight: 1
192.168.2.3 (-), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
More-specific EID-prefix: 10.10.10.3/32, instance-id: 0
Currently registered: yes
First registered: 00:02:10
Last registered: 00:00:25
Who last registered: 192.168.1.1
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: yes
Registered TTL: 1440 minutes
Registered locators:
192.168.1.1 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
Site name: client
Description: none configured
Allowed configured locators: any
Configured EID-prefix: 30.30.30.0/24, instance-id: 0
More-specifics registered: 1
Currently registered: yes
First registered: 00:35:22
Last registered: 00:00:25
Who last registered: 192.168.3.4
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: no
Registered TTL: 1440 minutes
Registered locators:
192.168.3.4 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
# Router A上查看动态EID信息。
[RouterA] display lisp dynamic-eid verbose
LISP dynamic EID information for public VRF
Dynamic EID name: de1
Database-mapping EID-prefix: 10.10.10.0/24, instance-id: 0, LSBs: 0x00000001
Locator: 192.168.1.1, Priority: 1, Weight: 1
Uptime: 00:00:15, State: up, local
Registering more-specific dynamic-EIDs
Map servers: 192.168.1.2
Site-based multicast Map-Notify group: 239.0.0.2
Roaming dynamic EIDs allowed: 0.0.0.0/0
Number of roaming dynamic EIDs discovered: 1
Last dynamic EID discovered: 10.10.10.3, 00:00:15 ago
Roaming dynamic EIDs:
10.10.10.3, GigabitEthernet1/0/1, uptime: 00:00:15
discovered by: ip packet reception
# 远端LISP站点主机30.30.30.4上,ping DC1中主机10.10.10.3可以通,表明能够正常通信。
# 在Router D上查看映射缓存。
[RouterD] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
10.10.10.3/32, uptime: 01:48:31, expires: 22:11:29, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.1.1 00:01:31 up 1/1 3/3 1/0
进行虚拟机迁移,将DC1中主机10.10.10.3 迁移至DC2中。
# 在Router C上查看检测到的动态EID信息。
[RouterC-lisp] display lisp dynamic-eid verbose
LISP dynamic EID information for public VRF
Dynamic EID name: de1
Database-mapping EID-prefix: 10.10.10.0/24, instance-id: 0, LSBs: 0x00000001
Locator: 192.168.2.3, Priority: 1, Weight: 1
Uptime: 00:00:15, State: up, local
Registering more-specific dynamic-EIDs
Map servers: 192.168.2.2
Site-based multicast Map-Notify group: 239.0.0.2
Roaming dynamic EIDs allowed: 0.0.0.0/0
Number of roaming dynamic EIDs discovered: 1
Last dynamic EID discovered: 10.10.10.3, 00:00:15 ago
Roaming dynamic EIDs:
10.10.10.3, GigabitEthernet1/0/1, uptime: 00:00:15
discovered by: ip packet reception
# Router B上查看注册信息。
<RouterB> display lisp site verbose
LISP Site Registration Information for public VRF
Site name: DC
Description: none configured
Allowed configured locators: any
Configured EID-prefix: 10.10.10.0/24, instance-id: 0
More-specifics registered: 1
Currently registered: yes
First registered: 00:35:22
Last registered: 00:00:25
Who last registered: 192.168.1.1
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: yes
Registered TTL: 1440 minutes
Registered locators:
192.168.1.1 (LR), priority: 1, weight: 1
192.168.2.3 (-), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
More-specific EID-prefix: 10.10.10.3/32, instance-id: 0
Currently registered: yes
First registered: 00:02:10
Last registered: 00:00:25
Who last registered: 192.168.2.3
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: yes
Registered TTL: 1440 minutes
Registered locators:
192.168.2.3 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
Site name: client
Description: none configured
Allowed configured locators: any
Configured EID-prefix: 30.30.30.0/24, instance-id: 0
More-specifics registered: 1
Currently registered: yes
First registered: 00:35:22
Last registered: 00:00:25
Who last registered: 192.168.3.4
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: no
Registered TTL: 1440 minutes
Registered locators:
192.168.3.4 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
# 远端LISP站点主机30.30.30.4上,ping DC1中主机10.10.10.3可以通,表明能够正常通信。
# 在Router D上查看映射缓存。
[RouterD] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
10.10.10.3/32, uptime: 01:48:31, expires: 22:11:29, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.2.3 00:01:31 up 1/1 3/3 1/0
· 在Router A、Router B、Router C、Router D、FHR A和FHR B上使能LISP;
· Router A、Router C和Router D作为xTR,Router B作为MR/MS,FHR A和FHR B作为第一跳路由器。
图1-11 LISP同网段虚拟机多跳迁移配置组网图
(1) 配置各接口的地址(略)
(2) 配置EVI(略)
(3) 配置动态路由协议,使各RLOC地址之间的路由相通(略)
(4) 在Site DC内配置动态路由协议,使各EID地址在站点内相通(略)
(5) 在Router A上配置静态路由40.40.40.0/24,出接口是GE1/0/1
(6) 在FHR A上配置静态缺省路由0.0.0.0/0,下一跳是Router A的地址10.10.10.1
(7) 配置LISP迁移
# 配置Router A。
<RouterA> system-view
[RouterA] lisp
[RouterA-lisp] itr
[RouterA-lisp] etr
[RouterA-lisp] itr map-resolver 192.168.1.2
[RouterA-lisp] etr map-server 192.168.1.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterA-lisp] dynamic-eid de1
[RouterA-lisp-dynamic-eid-de1] database-mapping 40.40.40.0 24 192.168.1.1 priority 1 weight 1
[RouterA-lisp-dynamic-eid-de1] map-server 192.168.1.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterA-lisp-dynamic-eid-de1] eid-notify authentication-mode none
[RouterA-lisp-dynamic-eid-de1] quit
[RouterA-lisp] quit
# 配置Router B。
<RouterB> system-view
[RouterB] lisp
[RouterB-lisp] map-server
[RouterB-lisp] map-resolver
[RouterB-lisp] site DC
[RouterB-lisp-site-DC] eid-prefix 40.40.40.0 24 accept-more-specifics
[RouterB-lisp-site-DC] authentication-mode sha-1 authentication-key plaintext aaa
[RouterB-lisp-site-DC] quit
[RouterB-lisp] site client
[RouterB-lisp-site-client] eid-prefix 30.30.30.0 24
[RouterB-lisp-site-client] authentication-mode sha-1 authentication-key plaintext aaa
[RouterB-lisp-site-client] quit
[RouterB-lisp] quit
# 配置Router C。
<RouterC> system-view
[RouterC] lisp
[RouterC-lisp] itr
[RouterC-lisp] etr
[RouterC-lisp] itr map-resolver 192.168.2.2
[RouterC-lisp] etr map-server 192.168.2.2 authentication-mode sha-1 authentication-key p
laintext aaa
[RouterC-lisp] dynamic-eid de1
[RouterC-lisp-dynamic-eid-de1] database-mapping 40.40.40.0 24 192.168.2.3 priority 1 weight 1
[RouterC-lisp-dynamic-eid-de1] map-server 192.168.2.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterC-lisp-dynamic-eid-de1] eid-notify authentication-mode none
[RouterC-lisp-dynamic-eid-de1] quit
[RouterC-lisp] quit
# 配置Router D。
<RouterD> system-view
[RouterD] lisp
[RouterD-lisp] itr
[RouterD-lisp] etr
[RouterD-lisp] database-mapping 30.30.30.0 24 192.168.3.4 priority 1 weight 1
[RouterD-lisp] itr map-resolver 192.168.3.2
[RouterD-lisp] etr map-server 192.168.3.2 authentication-mode sha-1 authentication-key plaintext aaa
[RouterD-lisp] quit
# 配置FHR A。
<FHRA> system-view
[FHRA] lisp
[FHRA-lisp] etr
[FHRA-lisp] dynamic-eid de1
[FHRA-lisp-dynamic-eid-de1] database-mapping 40.40.40.0 24 1.1.1.1 priority 1 weight 1
[FHRA-lisp-dynamic-eid-de1] eid-notify 10.10.10.1 authentication-mode none
[FHRA-lisp-dynamic-eid-de1] map-notify-group 239.0.0.2
[FHRA-lisp-dynamic-eid-de1] interface gigabitethernet 1/0/1
[FHRA-GE1/0/1] lisp mobility de1
[FHRA-GE1/0/1] lisp extended-subnet-mode
[FHRA-GE1/0/1] quit
# 配置FHR B。
<FHRB> system-view
[FHRB] lisp
[FHRB-lisp] etr
[FHRB-lisp] dynamic-eid de1
[FHRB-lisp-dynamic-eid-de1] database-mapping 40.40.40.0 24 2.2.2.2 priority 1 weight 1
[FHRB-lisp-dynamic-eid-de1] eid-notify 20.20.20.1 authentication-mode none
[FHRB-lisp-dynamic-eid-de1] map-notify-group 239.0.0.2
[FHRB-lisp-dynamic-eid-de1] interface gigabitethernet 1/0/1
[FHRB-GE1/0/1] lisp mobility de1
[FHRB-GE1/0/1] lisp extended-subnet-mode
[FHRB-GE1/0/1] quit
# 在Router B上查看注册信息。
[RouterB] display lisp site verbose
LISP Site Registration Information for public VRF
Site name: DC
Description: none configured
Allowed configured locators: any
Configured EID-prefix: 40.40.40.0/24, instance-id: 0
More-specifics registered: 1
Currently registered: yes
First registered: 00:35:22
Last registered: 00:00:25
Who last registered: 192.168.1.1
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: yes
Registered TTL: 1440 minutes
Registered locators:
192.168.1.1 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
More-specific EID-prefix: 40.40.40.3/32, instance-id: 0
Currently registered: yes
First registered: 00:02:10
Last registered: 00:00:25
Who last registered: 192.168.1.1
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: yes
Registered TTL: 1440 minutes
Registered locators:
192.168.1.1 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
Site name: client
Description: none configured
Allowed configured locators: any
Configured EID-prefix: 30.30.30.0/24, instance-id: 0
More-specifics registered: 0
Currently registered: yes
First registered: 00:35:22
Last registered: 00:00:25
Who last registered: 192.168.3.4
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: no
Registered TTL: 1440 minutes
Registered locators:
192.168.3.4 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
# 在Router A上查看动态EID信息。
[RouterA] display lisp dynamic-eid verbose
LISP dynamic EID information for public VRF
Dynamic EID name: de1
Database-mapping EID-prefix: 40.40.40.0/24, instance-id: 0, LSBs: 0x00000001
Locator: 192.168.1.1, Priority: 1, Weight: 1
Uptime: 00:00:15, State: up, local
Registering more-specific dynamic-EIDs
Map servers: 192.168.1.2
Site-based multicast Map-Notify group: 239.0.0.2
Roaming dynamic EIDs allowed: 0.0.0.0/0
Number of roaming dynamic EIDs discovered: 1
Last dynamic EID discovered: 40.40.40.3, 00:00:15 ago
Roaming dynamic EIDs:
40.40.40.3, GigabitEthernet1/0/1, uptime: 00:00:15
discovered by: Eid-Notify
EID-Notify Locators:
1.1.1.1
# 在FHR A上查看动态EID信息。
[FHRA] display lisp dynamic-eid verbose
LISP dynamic EID information for public VRF
Dynamic EID name: de1
Database-mapping EID-prefix: 40.40.40.0/24, instance-id: 0, LSBs: 0x00000001
Locator: 192.168.1.1, Priority: 1, Weight: 1
Uptime: 00:00:15, State: up, local
Registering more-specific dynamic-EIDs
Map servers: 192.168.1.2
Site-based multicast Map-Notify group: 239.0.0.2
Roaming dynamic EIDs allowed: 0.0.0.0/0
Number of roaming dynamic EIDs discovered: 1
Last dynamic EID discovered: 40.40.40.3, 00:00:15 ago
Roaming dynamic EIDs:
40.40.40.3, NULL0, uptime: 00:00:15
discovered by: ip packet reception
# 远端LISP站点主机30.30.30.4上,ping DC1中主机40.40.40.3可以通,表明能够正常通信。
# 在Router D上查看映射缓存。
[RouterD] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
40.40.40.3/32, uptime: 01:48:31, expires: 22:11:29, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.1.1 00:01:31 up 1/1 3/3 1/0
进行虚拟机迁移,将DC1中主机40.40.40.3 迁移至DC2中。
# 在Router C上查看检测到的动态EID信息。
[RouterC] display lisp dynamic-eid verbose
LISP dynamic EID information for public VRF
Dynamic EID name: de1
Database-mapping EID-prefix: 40.40.40.0/24, instance-id: 0, LSBs: 0x00000001
Locator: 192.168.2.3, Priority: 1, Weight: 1
Uptime: 00:00:15, State: up, local
Registering more-specific dynamic-EIDs
Map servers: 192.168.2.2
Site-based multicast Map-Notify group: 239.0.0.2
Roaming dynamic EIDs allowed: 0.0.0.0/0
Number of roaming dynamic EIDs discovered: 1
Last dynamic EID discovered: 40.40.40.3, 00:00:15 ago
Roaming dynamic EIDs:
40.40.40.3, GigabitEthernet1/0/1, uptime: 00:00:15
discovered by: Eid-Notify
EID-Notify Locators:
2.2.2.2
# 在FHR B上查看检测到的动态EID信息。
[FHRB] display lisp dynamic-eid verbose
LISP dynamic EID information for public VRF
Dynamic EID name: de1
Database-mapping EID-prefix: 40.40.40.0/24, instance-id: 0, LSBs: 0x00000001
Locator: 192.168.2.3, Priority: 1, Weight: 1
Uptime: 00:00:15, State: up, local
Registering more-specific dynamic-EIDs
Map servers: 192.168.2.2
Site-based multicast Map-Notify group: 239.0.0.2
Roaming dynamic EIDs allowed: 0.0.0.0/0
Number of roaming dynamic EIDs discovered: 1
Last dynamic EID discovered: 40.40.40.3, 00:00:15 ago
Roaming dynamic EIDs:
40.40.40.3, NULL0, uptime: 00:00:15
discovered by: ip packet reception
# Router B上查看注册信息。
[RouterB] display lisp site verbose
LISP Site Registration Information for public VRF
Site name: DC
Description: none configured
Allowed configured locators: any
Configured EID-prefix: 40.40.40.0/24, instance-id: 0
More-specifics registered: 1
Currently registered: yes
First registered: 00:35:22
Last registered: 00:00:25
Who last registered: 192.168.1.1
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: yes
Registered TTL: 1440 minutes
Registered locators:
192.168.2.3 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
More-specific EID-prefix: 40.40.40.3/32, instance-id: 0
Currently registered: yes
First registered: 00:02:10
Last registered: 00:00:25
Who last registered: 192.168.2.3
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: yes
Registered TTL: 1440 minutes
Registered locators:
192.168.2.3 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
Site name: client
Description: none configured
Allowed configured locators: any
Configured EID-prefix: 30.30.30.0/24, instance-id: 0
More-specifics registered: 1
Currently registered: yes
First registered: 00:35:22
Last registered: 00:00:25
Who last registered: 192.168.3.4
Routing table tag: 0
Proxy Replying: no
Wants Map-Notifications: no
Registered TTL: 1440 minutes
Registered locators:
192.168.3.4 (LR), priority: 1, weight: 1
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
# 远端LISP站点主机30.30.30.4上,ping DC1中主机40.40.40.3可以通,表明能够正常通信。
# 在Router D上查看映射缓存。
[RouterD] display lisp ipv4 map-cache
LISP IP Mapping Cache for Public VRF (iid 0), 1 entries
40.40.40.3/32, uptime: 01:48:31, expires: 22:11:29, via map-reply
Locator Uptime State Priority/ Data Control
Weight in/out in/out
192.168.2.3 00:01:31 up 1/1 3/3 1/0
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
