LISP - Multiple Service Providers

From IPFlow Netflow Collector

LISP with multiple Service Providers

This is a simple example of LISP (Locator/ID Separation Protocol) configuration on Cisco routers (using Dynamips and GNS3).

Author: Christophe Fillot - 03-Aug-2010

This lab uses Cisco IOS 15.1(1)XB2, which provides MS (Map Server) and MR (Map Resolver) functions. For emulation efficiency, all routers in this lab use the same IOS release, even if they don't require LISP capabilities.

Table of contents

1 Topology 2 IOS configurations 3 ISP routing tables 4 Traffic flow (ISP2)

Topology

IOS configurations

ISP routers

• ISP1 (LISP unaware) (http://www.ipflow.utc.fr/configs/LISP2/ISP1.cfg)
• ISP2 (LISP unaware) (http://www.ipflow.utc.fr/configs/LISP2/ISP2.cfg)
• ISP3 (LISP unaware) (http://www.ipflow.utc.fr/configs/LISP2/ISP3.cfg)
• MS (Map Server), provided by ISP 1 (http://www.ipflow.utc.fr/configs/LISP2/MS1.cfg)
• MR (Map Resolver), provided by ISP 1 (http://www.ipflow.utc.fr/configs/LISP2/MR1.cfg)
• Map Resolver and Map Server, provided by ISP 2 (http://www.ipflow.utc.fr/configs/LISP2/MR_MS_2.cfg)

Customer 1

• CLI1_xTR (Ingress/Egress Tunnel Router) (http://www.ipflow.utc.fr/configs/LISP2/CLI1_xTR.cfg)

Customer 2

• CLI2_xTR (Ingress/Egress Tunnel Router) (http://www.ipflow.utc.fr/configs/LISP2/CLI2_xTR.cfg)

ISP routing tables

We can see that EIDs are not in the ISP routing tables, only the ISP prefixes (50.0.0.0/8, 100.0.0.0/8, 150.0.0.0/8) used for the RLOC namespace are present. Consequently, if new EIDs are added (existing or new customers), there is no increase in ISP routing tables.

ISP1:

ISP1#sh ip route
[...]
      50.0.0.0/8 is variably subnetted, 10 subnets, 4 masks
S        50.0.0.0/8 is directly connected, Null0
C        50.0.0.0/30 is directly connected, FastEthernet1/1
L        50.0.0.1/32 is directly connected, FastEthernet1/1
C        50.0.1.0/30 is directly connected, FastEthernet1/0
L        50.0.1.1/32 is directly connected, FastEthernet1/0
C        50.0.2.0/24 is directly connected, FastEthernet2/0
L        50.0.2.1/32 is directly connected, FastEthernet2/0
C        50.254.0.1/32 is directly connected, Loopback0
O        50.254.0.2/32 [110/2] via 50.0.2.2, 17:18:26, FastEthernet2/0
O        50.254.0.3/32 [110/2] via 50.0.2.3, 17:19:22, FastEthernet2/0
B     100.0.0.0/8 [20/0] via 50.0.0.2, 18:06:26
B     150.0.0.0/8 [20/0] via 50.0.0.2, 18:02:46

ISP2:

ISP2#sh ip route
[...]
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/8 [20/0] via 50.0.0.1, 18:41:59
C        50.0.0.0/30 is directly connected, FastEthernet1/0
L        50.0.0.2/32 is directly connected, FastEthernet1/0
      100.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
S        100.0.0.0/8 is directly connected, Null0
C        100.0.0.0/30 is directly connected, FastEthernet1/1
L        100.0.0.1/32 is directly connected, FastEthernet1/1
C        100.254.0.1/32 is directly connected, Loopback0
B     150.0.0.0/8 [20/0] via 100.0.0.2, 18:38:16

ISP3:

ISP3#sh ip route
[...]
B     50.0.0.0/8 [20/0] via 100.0.0.1, 18:38:42
      100.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        100.0.0.0/8 [20/0] via 100.0.0.1, 18:38:42
C        100.0.0.0/30 is directly connected, FastEthernet1/1
L        100.0.0.2/32 is directly connected, FastEthernet1/1
S     150.0.0.0/8 is directly connected, Null0
      150.0.0.0/16 is variably subnetted, 4 subnets, 2 masks
C        150.0.1.0/30 is directly connected, FastEthernet1/0
L        150.0.1.1/32 is directly connected, FastEthernet1/0
C        150.0.2.0/30 is directly connected, FastEthernet2/0
L        150.0.2.1/32 is directly connected, FastEthernet2/0
      150.254.0.0/32 is subnetted, 2 subnets
C        150.254.0.1 is directly connected, Loopback0
O        150.254.0.2 [110/2] via 150.0.2.2, 18:28:48, FastEthernet2/0

Traffic flow (ISP2)

Netflow is enabled on FastEthernet1/0 and FastEthernet1/1 on ISP2 router.

CLI1_xTR#ping 3.3.3.3 so 1.1.1.1 repeat 10

Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 52/72/92 ms

On ISP 2, the NetFlow cache contains:

ISP2#sh ip cache flow
IP packet size distribution (10186 total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
   .000 .494 .262 .225 .015 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes
  6 active, 65530 inactive, 6806 added
  131053 ager polls, 0 flow alloc failures
  Active flows timeout in 30 minutes
  Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 533256 bytes
  0 active, 16384 inactive, 0 added, 0 added to flow
  0 alloc failures, 0 force free
  1 chunk, 1 chunk added
  last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-BGP           3332      0.0         1    49      0.0       3.0      15.4
UDP-other            8      0.0        16   134      0.0       1.6      15.4
GRE               3460      0.0         1    90      0.0       3.4      15.4          
Total:            6800      0.0         1    72      0.1       3.2      15.4

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Fa1/1         100.0.0.2       Local         100.0.0.1       06 98D2 00B3     2 
Fa1/0         50.254.0.2      Fa1/1         150.254.0.2     2F 0000 0000     3 
Fa1/1         150.254.0.2     Fa1/0         50.254.0.2      2F 0000 0000     3 
Fa1/0         50.0.0.1        Local         50.0.0.2        06 D462 00B3     1
Fa1/1         150.0.1.2       Fa1/0         50.0.1.2        11 0500 10F5    10 
Fa1/0         50.0.1.2        Fa1/1         150.0.1.2       11 0500 10F5    10

The two last lines correspond to tunneled traffic between CLI1_xTR and CLI2_xTR RLOCs.