Friday 6 August 2021

LISP - OMP - BGP EVPN Interoperability - Part VI: LISP Control-Plane - Registering External IP Prefixes

 

Introduction

 

This chapter introduces how Border-PxTR-13 registers the external IP prefix 172.16.30.0/24 received as a BGP update from vEdge-1 to MapSrv-22 using LISP Map-register messages. Chapter 2 explains the LISP RLOC-to-EID mapping process in detail so this chapter just briefly recaps the operation. Figure 5-1 illustrates the overall process. vEdge-1 sends a BGP Update message where it describes the NLRI for prefix 172.16.30.0/24. Border-PxTR-13 first imports the information into the LISP processes. Next, it sends a LISP Map-Register message to MapSrv-22. In addition to IP prefix information, the Map-Register message carries Locator Record information that describes the destination IP address used in the outer IP header (tunnel header) when devices route IP packets towards the advertised subnet.  



Figure 5-1: Overall Control-Plane Operation: OMP to LISP

 

Phases 1-2: OMP to BGP in vEdge-1

 

Capture 5-1 shows the BGP Update message from vEdge-1 to Border-PxTR-13. The Route-Origin BGP extended community attribute carries the Site-Id of advertising device vEdge-1. BGP uses this attribute for preventing other edge devices from advertising the route back to SD-WAN edge devices.

 

Internet Protocol Version 4, Src: 172.16.10.1, Dst: 172.16.10.13

Transmission Control Protocol, Src Port: 51909, Dst Port: 179, Seq: 39, Ack: 39, Len: 66

Border Gateway Protocol - UPDATE Message

    Marker: ffffffffffffffffffffffffffffffff

    Length: 66

    Type: UPDATE Message (2)

    Withdrawn Routes Length: 0

    Total Path Attribute Length: 39

    Path attributes

        Path Attribute - ORIGIN: INCOMPLETE

        Path Attribute - AS_PATH: 65100

        Path Attribute - NEXT_HOP: 172.16.10.1

        Path Attribute - MULTI_EXIT_DISC: 1000

        Path Attribute - EXTENDED_COMMUNITIES

            Flags: 0xc0, Optional, Transitive, Complete

            Type Code: EXTENDED_COMMUNITIES (16)

            Length: 8

            Carried extended communities: (1 community)

                Route Origin: 0:10 [Transitive 2-Octet AS-Specific]

                    Type: Transitive 2-Octet AS-Specific (0x00)

                    Subtype (AS2): Route Origin (0x03)

                    2-Octet AS: 0

                    4-Octet AN: 10

    Network Layer Reachability Information (NLRI)

        172.16.30.0/24

            NLRI prefix length: 24

            NLRI prefix: 172.16.30.0

Capture 5-1: BGP Update from vEdge-1 to Border-PxTR-13.

 

Phase 3: LISP Map-Register to MapSrv-22 from Border-PxTR-13

 

Capture 5-1 shows the LISP Map-Register message from Border-PxTR-13 to MapSrv-22. This message is the first one and that is why it uses unreliable transport protocol UDP. The mapping process follows the basic procedures where Border-PxTR-13 starts a TCP three-way handshake process to open the TCP connection with MapSrv-22. I have explained the complete Map-Register process in chapter 2. If we compare the LISP EID-to-RLOC registration processes to the operation of OMP, we can notice lots of similarities. The later highlighted section in capture 5-2 shows the Locator Record 1. It describes the public IP address used in the tunneling header as a destination IP address. In other words, the Locator Record section describes the location just like we describe the device location in OMP TLOC Routes (Public IP used by device). The first highlighted section Mapping Record, in turn, describes the IP Prefix and its LISP Instance-Id (Virtual Network) just like OMP Service Route. The main difference is that LISP sends information within one message while OMP uses separate messages.

 

Internet Protocol Version 4, Src: 192.168.0.13, Dst: 192.168.0.22

User Datagram Protocol, Src Port: 4342, Dst Port: 4342

Locator/ID Separation Protocol

    0011 .... .... .... .... .... = Type: Map-Register (3)

    .... 1... .... .... .... .... = P bit (Proxy-Map-Reply): Set

    .... .0.. .... .... .... .... = S bit (LISP-SEC capable): Not set

    .... ..1. .... .... .... .... = I bit (xTR-ID present): Set

    .... ...0 .... .... .... .... = R bit (Built for an RTR): Not set

    .... .... 0000 0000 0000 000. = Reserved bits: 0x0000

    .... .... .... .... .... ...1 = M bit (Want-Map-Notify): Set

    Record Count: 1

    Nonce: 0x54faec8822e5bc8b

    Key ID: 0x0001

    Authentication Data Length: 20

    Authentication Data: 25292a07c6b2deac2811fdb92b9ff9e9d9e57b74

    Mapping Record 1, EID Prefix: [100] 172.16.30.0/24, TTL: 1440, Action: No-Action, Authoritative

        Record TTL: 1440

        Locator Count: 1

        EID Mask Length: 24

        000. .... .... .... = Action: No-Action (0)

        ...1 .... .... .... = Authoritative bit: Set

        .... .000 0000 0000 = Reserved: 0x000

        0000 .... .... .... = Reserved: 0x0

        .... 0000 0000 0000 = Mapping Version: 0

        EID Prefix AFI: LISP Canonical Address Format (LCAF) (16387)

        EID Prefix: [100] 172.16.30.0

            LCAF: Instance ID: 100, Address: 172.16.30.0

                LCAF Header: 00000220000a

                Instance ID: 100

                Address AFI: IPv4 (1)

                Address: 172.16.30.0

        Locator Record 1, Local RLOC: 192.168.0.13, Reachable, Priority/Weight: 1/1, Multicast Priority/Weight: 1/1

            Priority: 1

            Weight: 1

            Multicast Priority: 1

            Multicast Weight: 1

            Flags: 0x0005

            AFI: IPv4 (1)

            Locator: 192.168.0.13

    xTR-ID: efd8cace5906016ad7c49f5f5cc352db

    Site-ID: 0000000000000000

Capture 5-2: LISP Map-Register Message from Border-PxTR-13 to MapSrv-22.

 

Example 5-1 shows the VRF 100_NWKT specific BRIB entry about subnet 172.16.30.0/24. Not that the Route-Origin extended BGP community is encoded as Site-of-Origin (SoO).

 

Border-PxTR-13#sh bgp vrf 100_NWKT 172.16.30.0

BGP routing table entry for 1:100:172.16.30.0/24, version 3

Paths: (1 available, best #1, table 100_NWKT)

  Advertised to update-groups:

     2

  Refresh Epoch 1

  65100

    172.16.10.1 (via vrf 100_NWKT) from 172.16.10.1 (10.100.100.101)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Extended Community: SoO:0:10 RT:1:100

      mpls labels in/out 17/nolabel

      rx pathid: 0, tx pathid: 0x0

Example 5-1: Border-PxTR-13’s BGP Table.

 

Example 5-2 verifies that the route is imported into the RIB of Border-PxTR-13.

 

Border-PxTR-13#sh ip route vrf 100_NWKT 172.16.30.0

 

Routing Table: 100_NWKT

Routing entry for 172.16.30.0/24

  Known via "bgp 65010", distance 20, metric 1000

  Tag 65100, type external

  Redistributing via lisp

  Last update from 172.16.10.1 00:07:16 ago

  Routing Descriptor Blocks:

  * 172.16.10.1, from 172.16.10.1, 00:07:16 ago

      Route metric is 1000, traffic share count is 1

      AS Hops 1

      Route tag 65100

      MPLS label: none

Example 5-2: Border-PxTR-13’s RIB.

 

Example 5-3 shows that Border-PxTR-13 has installed the IP prefix 172.16.30.0/24 to its LISP process. Remember that the locator-ser RLOC-SET1 defines the Locator IP address. You can find the RLOC-SET1 configuration from Appendix A of chapter 1.

 

Border-PxTR-13#show lisp instance-id 100 ipv4 database 172.16.30.0/24

LISP ETR IPv4 Mapping Database for EID-table vrf 100_NWKT (IID 100), LSBs: 0x1

Entries total 2, no-route 0, inactive 0

 

172.16.30.0/24, route-import, inherited from default locator-set RLOC-SET1

  Locator       Pri/Wgt  Source     State

  192.168.0.13    1/1    cfg-intf   site-self, reachable

Example 5-3: Border-PxTR-13’s LISP Mapping Database.


Example 5-4 shows that MapSrv-22 has installed the information into its LISP Mapping Database.

  

MapSrv-22#show lisp site 172.16.30.0/24 instance-id 100

LISP Site Registration Information

 

Site name: Network-Times

Allowed configured locators: any

Requested EID-prefix:

 

  EID-prefix: 172.16.30.0/24 instance-id 100

    First registered:     00:48:51

    Last registered:      00:48:32

    Routing table tag:    0

    Origin:               Configuration, accepting more specifics

    Merge active:         No

    Proxy reply:          Yes

    TTL:                  1d00h

    State:                complete

    Registration errors:

      Authentication failures:   0

      Allowed locators mismatch: 0

    ETR 192.168.0.13, last registered 00:48:32, proxy-reply, map-notify

                      TTL 1d00h, no merge, hash-function sha1, nonce 0x54FAEC88-0x22E5BC8B

                      state complete, no security-capability

                      xTR-ID 0xEFD8CACE-0x5906016A-0xD7C49F5F-0x5CC352DB

                      site-ID unspecified

                      sourced by reliable transport

      Locator       Local  State      Pri/Wgt  Scope

      192.168.0.13  yes    up           1/1    IPv4 none

 

Example 5-4: MapSrv-22’s LISP Mapping Database.

 

In order to advertise internal IP Prefixes to Border-PxTR-13, MapSrv-22 exports all LISP Mapping information to the BGP process. This means that also the external IP prefix 172.16.30.0/24 will be exported to the BGP process. For this reason, we are using route maps to permit only the LISP domain internal networks to be advertised to Border-PxTR-13. We can see from the example 5-5 that subnet 172.16.30.0/24 is not advertised to any peer. You can find MapSrv-22’s configuration from the Appendix A of chapter one.

 

MapSrv-22#sh ip bgp vpnv4 vrf 100_NWKT 172.16.30.0/24

BGP routing table entry for 1:100:172.16.30.0/24, version 5

Paths: (1 available, best #1, table 100_NWKT)

  Not advertised to any peer

  Refresh Epoch 1

  65100

    192.168.0.13 (metric 3) (via default) from 192.168.0.13 (192.168.0.13)

      Origin incomplete, metric 1000, localpref 100, valid, internal, best

      Extended Community: SoO:0:10 RT:1:100

      mpls labels in/out nolabel/17

      rx pathid: 0, tx pathid: 0x0

Example 5-5: MapSrv-22’s BGP Table.


Summary

Figure 5-2 summarizes the End-to-End Control-Plane operation. Edge-xTR-11 learns the IP address of EP1 from the ingress GARP message (1). It sends the host-specific EID-to-RLOC information to MapSrv-22 using LISP Map-Register messages (2). LISP Mapping Server publishes mapping information only when separately asked with LISP Map-Request messages. That is why MapSrv-22 exports the information to the BGP process and advertises the aggregate 172.16.30.0/24 to Border-PxTR-13 as VPNv4 NLRI (3). The VPNv4 NLRI is needed because we need to differentiate routes belonging to separate VRFs/Tenants. Border-PxTR-13 advertises the NLRI as IPv4 Unicast route to vEdge-1 (4). It then advertises the information to vSmart as OMP Service (5), which in turn, forwards information to vEdge-2 (6). vEdge-2 exports the route to the BGP process and sends a BGP Update message to Border-Leaf-13 as IPv4 Unicast NLRI (7). Border-Leaf-13 sends the BGP Update message to its iBGP peer Spine-1 as L2VPN EVPN NLRI (8), which forwards the message retaining the Next-Hop Path Attribute installed by Border-Leaf-13 to Leaf-11 (9). As the last step, Leaf-11 installs the information to its BGP table as an L3 entry. The process is the almost same concerning EP3’s IP address propagation. The first difference is that Border-PxTR-13 doesn’t use BGP for advertising NLRI to MapSrv-22. Instead, it imports BGP routes to LISP and sends LISP Map-Register messages to MapSrv-22. Besides, MapSrv-22 doesn’t forward information to Edge-xTR-11 automatically.



Figure 5-2: End-to-End Control-Plane Protocols.

 

The Next chapter goes through the whole Data-Plane operation when EP3 in Datacenter pings EP1 in Campus Fabric.

Posted by at
Labels: ,

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)