《LISP 架构演进 - 支持 SD 访问的新功能.pdf》由会员分享,可在线阅读,更多相关《LISP 架构演进 - 支持 SD 访问的新功能.pdf(199页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveSandeep JosephTechnical Marketing EngineerSession ID BRKENS-2828Features and Capabilities Deep DiveLISP Architecture Evolution 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive3Who is your Speaker?Currently working as a Technical Marketing EngineerWorked
2、 with Wireless Business unit in the past.Based out of Cisco Bangalore Focus on Enterprise networks and AutomationCCIE R&S/WirelessBRKENS-2828 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter y
3、our personal notes hereCisco Webex App 5Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces wi
4、ll be moderated by the speaker until June 9,2023.12345https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENS-2828Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroductionLISP overview and registrationLISP Pub/SubLISP First Packet Loss/ForwardingLIS
5、P Default-ETR(Border Convergence)LISP Fabric InternetLISP Fabric ExtranetBRKENS-28286SD-Access Architecture Evolution 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSD-Access Architecture EvolutionMultiple enhancements,capabilities,and features have been added to the LISP
6、 control plane protocol.These functionalities in LISP have expanded the use cases and solutions provided by SD-Access.8BRKENS-2828What is It?Terminology 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTerminologyLISP and SD-Access10BRKENS-2828LISP TerminologyLISP Terminolo
7、gySDSD-Access TerminologyAccess TerminologyMap-Server(MS)Map-Resolver(MR)Control Plane NodesIngress Tunnel Router(ITR)Egress Tunnel Router(ETR)xTR(ITR|ETR)Edge NodesProxy Ingress Tunnel Router(PITR)Proxy Egress Tunnel Router(PETR)PxTR(PITR|PETR)Border NodesInstance ID(IID)VN/VRFAbout LISPA Brief LIS
8、P Review 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLocator/ID Separation Protocol(LISP)Routing ArchitectureSeparates(abstracts)location and identity Control Plane ProtocolMapping system that correlates location and identityData Plane ProtocolEncapsulation method12BRK
9、ENS-2828What is It?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLocator/ID Separation Protocol(LISP)LocationLocationRLOC Routing LocatorIdentityIdentityEID Endpoint IdentifierGoalGoalMap EID-to-RLOC13BRKENS-2828Further DetailsL0:192.168.30.6172.16.132.1012001:db8:101aab
10、b.cc00.1e00L0:192.168.30.5User 1172.16.132.2022001:db8:202aabb.cc00.2000User 2EID-to-RLOC MappingEIDRLOC172.16.132.101192.168.30.5172.16.132.202192.168.30.62001:db8:101192.168.30.52001:db8:202192.168.30.6aabb.cc00.1e00192.168.30.5aabb.cc00.2000192.168.30.6EIDRLOCEIDRLOC172.16.132.101192.168.30.52001
11、:db8:101192.168.30.5aabb.cc00.1e00192.168.30.5 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy LISP?Pull ModelNo massive routing tables“DNS”for routingConversational learning ScalabilityPurpose built for scale Address-Family supportIPv4,IPv6 and MAC address family14BRK
12、ENS-2828Wired and Wireless unificationWLC participates in LISP control plane communication Wired and Wireless endpoints have policy applied at same point in the network Host MobilityNative support for this capabilityWired and WirelessExtensibilityLISP Canonical Address Format(LCAF)allows for encodin
13、g of additional information beyond simply Address-Families.RFC 8060 LISP Canonical Address Format(LCAF)LISP Reliable Registration&LISP Static Reliable Registration LISP Static Reliable RegistrationSection AgendaLISP Reliable RegistrationLISP Reliable Registration LISP Reliable Registration-Introduct
14、ionIntroductionLISP Static Reliable Registration LISP Static Reliable Registration IntroductionIntroductionLISP Static Reliable Registration LISP Static Reliable Registration-Packet FlowPacket Flow 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Reliable RegistrationL
15、ISP Map-Registrations are carried over a UDP channel.17BRKENS-2828EnhancementLISP Map-Registrations can be carried over a TCP channel.LISP Map-Replies and Map-Notifies still occur over a UDP channel.Further DetailsThis capability is enabled by default on all code versions IOS 15.6(2)T The connection
16、 with the LISP Map-Server(MS)is initiated by the xTR when the first local database entry is created on the xTR.An endpoint connected to the xTR generates traffic and is detected by the xTR.That first endpoints EID is put in the LISP database and then UDP registered,kickstarting the Reliable Registra
17、tion TCP Session.LISP Locator-Sets 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Reliable RegistrationThis is also known as a LISP session.show lisp sessionshow lisp sessionWhen the Edge Node sends a LISP Map-Registration,it conveys its Loopback 0 IP address.When th
18、e Control Plane Node receives the LISP Map-Registrations,it creates a TCP listening socket for that Loopback 0 IP address.This process is referred to as UDP Bootstrapping.18BRKENS-2828TCP Session Creation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP UDP Bootstrappi
19、ngBRKENS-2828UDP-Based Map-RegistrationTCP Session CreationUDP-Based Map-Reply(ACK)Reliable Registration StartsTCP SYNTCP SYN-ACKTCP ACKRegistration RefreshSend RegistrationsRegistrations ACKEdge NodeControl Plane Node19 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP
20、 Reliable RegistrationLISP Reliable Registration has been in code since Cisco IOS Release 15M&T.This capability is in the code itself.There is nothing to configure to enable this feature.This feature is enabled by default.Set-and-forget.20BRKENS-2828Key Takeaway 2023 Cisco and/or its affiliates.All
21、rights reserved.Cisco Public#CiscoLiveLISP Reliable RegistrationVerificationBRKENS-2828Control Plane Node#show lisp siteLISP Site Registration Information*=Some locators are down or unreachable#=Some registrations are sourced by reliable transportSite Name Last Up Who Last Inst EID PrefixRegister Re
22、gistered ID site_ucinever no -4099 0.0.0.0/0never no -4099 172.16.112.0/2415:06:49 yes#192.168.10.5:28458 4099 172.16.112.101/3215:06:37 yes#192.168.10.6:30839 4099 172.16.112.202/3215:02:07 yes#192.168.10.7:47638 4099 172.16.115.1/3221:32:59 yes#192.168.10.5:28458 4099 172.16.115.5/3215:02:07 yes#1
23、92.168.10.7:47638 4099 172.16.115.7/3215:02:11 yes#192.168.10.8:14563 4099 172.16.115.8/3215:02:07 yes#192.168.10.7:47638 4099 172.16.132.0/2415:02:30 yes#192.168.10.3:18075 4099 198.51.100.0/24Reliable Transport IndicatorRegistered over a TCP Session21LISP Static Reliable RegistrationLISP Reliable
24、Registration LISP Reliable Registration-IntroductionIntroductionLISP Static Reliable Registration LISP Static Reliable Registration IntroductionIntroductionLISP Static Reliable Registration LISP Static Reliable Registration-Packet FlowPacket Flow 2023 Cisco and/or its affiliates.All rights reserved.
25、Cisco Public#CiscoLiveLISP Static Reliable RegistrationTo open a TCP listening socket,the Control Plane Node needs to know the Loopback 0 IP address of Edge Nodes.Without an endpoint or if the endpoint is silent,there is nothing to register with the Control Plane Node to start the UDP Bootstrapping.
26、With endpoint dependencies,the TCP session will eventually be torn down if there is no endpoint.The TCP session would need to be rebuilt again once torn down.23BRKENS-2828Current Challenges 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Static Reliable RegistrationBo
27、rder Nodes only register prefixes if:They are connected to an SD-Access Transit.They are configured as Internal-Only or Anywhere.Multicast is enabled in the SD-Access overlay.Without one of these,there is simply nothing for the Border Node to register.24BRKENS-2828Current Challenges 2023 Cisco and/o
28、r its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Static Reliable RegistrationCreate a static TCP session between the Edge Nodes and the Control Plane Nodes without an endpoint dependency.Create a static TCP session between the Border Nodes and the Control Plane Nodes without SD-Access
29、 Transit,overlay multicast,or Border-Node-type dependencies.Once prerequisite configuration exists on the Fabric Devices,the TCP session is brought up and remains up,with the dependencies listed above.25BRKENS-2828Enhancement 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv
30、eLISP Static Reliable RegistrationA Distinguished Name(DN)can be encoded as the EID-record in a LISP map-registration.This is called LISP Distinguished Name(DN)encoding.The DN is a string of characters that are encoded in ASCII character-set.26BRKENS-2828How Does It Work?SD-Access ImplementationUse
31、a DN-encoded message to do a LISP Map-Registration.This is called a DN Bootstrap Message.This is referred to as DN Bootstrapping or Static Reliable Registration.DN Bootstrap Message ExampleLocatorEIDPriorityWeightLoopback 0 IP AddressDefault-DN-String1010 2023 Cisco and/or its affiliates.All rights
32、reserved.Cisco Public#CiscoLiveLISP DN BootstrappingBRKENS-2828UDP-Based Map-Registration DNTCP Session CreationUDP-Based Map-Reply(ACK)TCP SYNTCP SYN-ACKTCP ACKlocator default-set configured on IOS XE 17.4.x or laterTCP Session Established before first endpoint is onboarded to the networkEdge NodeC
33、ontrol Plane Node27 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Static Reliable RegistrationLISP Static Reliable Registration has been in code since Cisco IOS XE Release 17.4.x.This capability is in the code itself.This feature is enabled by default through SDA au
34、tomation on the Cisco DNAC.This feature is enabled by default through SDA automation on the Cisco DNAC.The SDA APP provisions the necessary configuration.The SDA APP provisions the necessary configuration.Set-and-forget.28BRKENS-2828Key TakeawayLISP Static Reliable RegistrationLISP Reliable Registra
35、tion LISP Reliable Registration-IntroductionIntroductionLISP Static Reliable Registration LISP Static Reliable Registration IntroductionIntroductionLISP Static Reliable Registration LISP Static Reliable Registration-Packet FlowPacket Flow 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pu
36、blic#CiscoLiveLISP Static Reliable RegistrationTopology for This SectionBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.5No Hosts Need forStatic Reliable RegistrationNo Hosts Need forStatic Reliable RegistrationL0:192.168.10.830 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi
37、c#CiscoLiveLISP Static Reliable RegistrationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.5L0:192.168.10.8etr map-server configuredlocator default-set configuredNo Hosts Need forStatic Reliable RegistrationNo Hosts Need forStatic Reliable Registrationetr map-server configuredlocator default
38、-set configuredetr map-server configuredlocator default-set configured31 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Static Reliable RegistrationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.5L0:192.168.10.8instance-id configuredeid-table association conf
39、iguredNo Hosts Need forStatic Reliable RegistrationNo Hosts Need forStatic Reliable Registrationinstance-id configuredeid-table association configuredinstance-id configuredeid-table association configured32 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Static Reliab
40、le RegistrationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.5DN Bootstrap RegistrationL0:192.168.10.8No Hosts Need forStatic Reliable RegistrationNo Hosts Need forStatic Reliable Registration33 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Static Reliable
41、RegistrationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.5UDP Map-Notify(ACK)L0:192.168.10.8No Hosts Need forStatic Reliable RegistrationNo Hosts Need forStatic Reliable Registration34 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Static Reliable Registrat
42、ionBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.5TCP Session EstablishmentL0:192.168.10.8No Hosts Need forStatic Reliable RegistrationNo Hosts Need forStatic Reliable Registration35LISP Pub/SubLISP Pub/SubSection AgendaIntroductionPacket Flow LISP/BGPPacket Flow LISP Pub/SubLISP Publish/Su
43、bscribeIntroductionIntroductionPacket Flow LISP/BGPPacket Flow LISP Pub/Sub 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPReleased circa 2017An instant classicReliable and StableBGP TransportSD-Access Control Plane ProtocolsLISP Pub/SubReleased in 2022An instant
44、masterpieceReliable and StableNative LISP Transport Highly ExtensibleBRKENS-282838 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubLISP Pub/Sub is new control plane protocol for SD-Access.It is a signaling protocol to carry information such as as prefix to RLOC
45、 mappings,and other data.LISP Pub/Sub provides the capability to selectively push information.39BRKENS-2828Architecture IntroductionArchitecture Use CasesLISP Pub/Sub removes the dependency of BGP to propagate information within the Fabric Site.LISP Pub/Sub adds new features and capabilities because
46、 of the information it can carry.2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubExtensibilityLISP Pub/Sub builds a new framework for LISP infrastructure.LISP Pub/Sub architecture is a building block for other features and capabilities:LISP Dynamic Default Bord
47、er NodeLISP Backup Internet LISP First-Packet ForwardingLISP Extranet40BRKENS-2828What Challenges are We Solving?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubDistribution of Prefixes in LISP/BGPCurrent Method:Exporting LISP registrations to the RIB(Control P
48、lane)Redistribute into BGP(Control Plane)Advertise via BGP(Control Plane)Import BGP into LISP Map-Cache(Border)This has limitations based on the protocol used for distribution such as:The address-families that are supported by the other routing protocol(BGP)The convergence mechanisms and timers by t
49、he other routing protocol(BGP)41BRKENS-2828What Challenges are We Solving?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Publish/SubscribeForwarding PathHow do we populate map-cache on the Border Node?LISP must have a map-cache entry to have a forwarding-path.42BRKEN
50、S-2828Why are We Solving Distribution of Prefixes?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Control PlaneLISP was a fully pull-base protocol100%on-demand using map-request/map-reply method.If a device needed a map-cache entry,it had to ask for it every time.Ther
51、e was no native push mechanism in the LISP protocol.With BGP,LISP only knows the prefixes,not full EID-to-RLOC mappings.BGP populates map-cache with an incomplete entryMap-cache is fully resolved through map-requestsThis mean additional control plane protocol messages.43BRKENS-2828Before LISP Pub/Su
52、b 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGP Control PlaneReliance on BGPReliance on BGPTo push LISP Site-Registration table to another device,another protocol was needed.BGP was used as that transportThis created an underlying reliance on BGP.44BRKENS-2828Be
53、fore LISP Pub/SubEBGPIBGPRoute-ReflectEBGPMap-RegistrationImport into map-cacheroute-import database bgpEBGPRoute-ReflectImport into map-cacheSite-1Site-1Site-1Site-2Map-RegistrationDCroute-import database bgp 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/Sub Co
54、ntrol PlaneSubscriptionThe process LISP devices use to express interest for a certain portion of information within the mapping system.PublicationThe information that the mapping system sends to the Subscriber(the LISP device).45BRKENS-2828Basic Definitions Part 1 2023 Cisco and/or its affiliates.Al
55、l rights reserved.Cisco Public#CiscoLiveLISP Pub/Sub Control PlaneSubscribersBorder Nodes,Edge nodesBorder is a IID subscriberEdge is a Policy subscriberThe border nodes subscription is also known as LISP Instance-ID(IID)Table Subscription.The LISP device expresses interest in receiving updates for
56、all registrations for given IID table.More specifically,the IID Table Subscriptions are per instance-ID and per address family(AF)within that instance-ID.The Fabric edge node subscription is known as policy-based subscription(the availability of a default border)PublishersControl Plane Nodes46BRKENS
57、-2828Basic Definitions Part 2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/Sub Control PlaneThe Control Plane Node notifies Border Nodes about mapping changes along with additional details associated with those mappings.LISP Pub/Sub uses native LISP,devoid of e
58、xternal protocol such as BGP,to propagate the prefixes and full mapping information.47BRKENS-2828The Architecture EvolutionEBGPMap registrationImport into map-cacheSite-1Site-1Site-1Site-2DCLISP Pub/SubMap registrationLISP Pub/SubImport to map-cacheVxLANVxLANImport to databaseImport to database 2023
59、 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRequires IOS XE 17.6.x or later.For new Fabric Sites,LISP Pub/Sub should ideally be used.Unless the new Fabric Sites are connected to an existing SD-Access Transit that is using LISP/BGP.However,once SD-Access Transit
60、 LISP Pub/Sub Migration is released,LISP Pub/Sub should be your default selection.All sites connected to an SD-Access Transit must use the same control plane protocol.Migration from LISP/BGP to LISP Pub/Sub is not currently possible.LISP Pub/Sub is for Greenfield sites only.48BRKENS-2828Consideratio
61、ns 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubLISP Pub/Sub is like a SD-Access Fabric cheat code.Why?It unlocks capabilities:First packet forwardingDynamic Default Border NodeSD-Access Transit Backup InternetLISP ExtranetLISP Pub/Sub is set-and-forget.49BR
62、KENS-2828Key TakeawayLISP Publish/SubscribeIntroductionIntroductionPacket Flow LISP/BGPPacket Flow LISP Pub/Sub 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.1
63、6.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 251 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:1
64、92.168.10.2User 1User 2Devices are booted up.Devices are configured.52 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7St
65、atic Reliable RegistrationEstablishmentL0:192.168.10.2User 1User 253 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7BGP
66、AdjacenciesEstablishedL0:192.168.10.2User 1User 254 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1
67、User 2Signs of LifeSigns of Life55 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2Create LISP
68、Database EntryCreate LISPDatabase Entry56 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2Regi
69、ster LISP Database entries with all Control Plane Nodes57 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2
70、User 1User 2BGP AdvertisementIP AddressRoute-DistinguisherAddress-Family172.16.112.101/321:4099VPNv4172.16.112.202/321:4099VPNv458 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8
71、172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2LISP Map-Cache EntryInstance-ID Address-FamilyEIDRLOCAction4099IPv4172.16.112.101/32?Send Map-Request4099IPv4172.16.112.202/32?Send Map-RequestCreate Incomplete LISP Map-Cache EntryCreate Incomplete LISP Map-Cache E
72、ntry59 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2PingSourceDestination10.20.30.25172.16.
73、112.10110.20.30.2560 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2LISP Map-RequestInstance-
74、ID Address-FamilyEIDRLOC4099IPv4172.16.112.101/32?61 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User
75、1User 2LISP Map-ReplyInstance-ID Address-FamilyEIDRLOC4099IPv4172.16.112.101/32192.168.10.562 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.16
76、8.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2Create Complete LISP Map-Cache EntryLISP Map-CacheInstance-ID Address-FamilyEIDRLOC4099IPv4172.16.112.101/32192.168.10.563 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP/BGPRegistration and AdvertisementBRKENS-2828L0:19
77、2.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 210.20.30.25Encapsulated Fabric PacketInner SourceInner Destination Outer Source Outer Destination10.20.30.25172.16.112.101192.168.10.7192.168.10.564LISP Publish/SubscribeIntro
78、ductionIntroductionPacket Flow LISP/BGPPacket Flow LISP Pub/Sub 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubTopology for This SectionBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168
79、.10.2User 1User 266 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2Devices are booted up.De
80、vices are configured.67 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7Static Reliable RegistrationEstablishmentL0:192
81、.168.10.2User 1User 268 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2IID Table Subscripti
82、on RequestInstance-ID Address-Family4099IPv469 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1Use
83、r 2Signs of LifeSigns of Life70 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2Create LISPD
84、atabase EntryCreate LISPDatabase Entry71 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2Reg
85、ister LISP Database entries with all Control Plane NodesInstance-ID Address-FamilyEIDRLOC4099IPv4172.16.112.101/32192.168.10.5Instance-ID Address-FamilyEIDRLOC4099IPv4172.16.112.202/32192.168.10.672 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration a
86、nd PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2IID Table PublicationInstance-ID Address-FamilyEIDRLOC4099IPv4172.16.112.101/32192.168.10.54099IPv4172.16.112.202/32192.168.10.673 2023 Cisco and
87、/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2LISP Map-Cache EntryInstance-ID Address-FamilyEIDRLOC4099I
88、Pv4172.16.112.101/32192.168.10.54099IPv4172.16.112.202/32192.168.10.6Create Complete LISP Map-Cache EntryCreate Complete LISP Map-Cache Entry74 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.6L0:192.168.10.1
89、L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2PingSourceDestination10.20.30.25172.16.112.10110.20.30.2575 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubRegistration and PublicationBRKENS-2828L0:192.168.10.
90、6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.112.202L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 210.20.30.25Encapsulated Fabric PacketInner SourceInner Destination Outer Source Outer Destination10.20.30.25172.16.112.101192.168.10.7192.168.10.576LISP First Packet Lossor First Packe
91、t ForwardingIntroductionIntroductionPacket FlowThe default behavior of LISP is to drop packets until map-cache is resolved.From the perspective of CEF,this is referred to as“action signal”“action signal”.LISP First-Packet LossCurrent Behavior in LISP/BGPCurrent ChallengesEndpoints need to communicat
92、e data in order to be detected by the xTR.Once detected,the endpoint is registered with the MS.The MSMR publishes the registration to an external border.The Edges need to do a lookup with the MS/MR to populate the map-cache.This creates delays that are particularly noticed in VOIP clients as the fir
93、st packets are“lost.”The behavior of LISP is changed to forward the packets and do a map-resolution at the same time.From the perspective of CEF,this is referred to“action“action signal+fwdsignal+fwd”LISP First-Packet LossBehavior Change in LISP Pub/SubSolution OverviewThe first packets are directly
94、 encapsulated and sent to the PxTR.This creates a temporary suboptimal path.xTR1-PxTR-xTR2However,a a path,even if suboptimal,is better than nono path.Once the map-resolution comes back from the MR,the map-cache is updated(complete)on the xTR.Packets are then forward over the optimal path,directly b
95、etween the xTRs.xTR1-xTR2First packet loss is supported with Pub/Sub.This capability is in the code itself.There is nothing to configure to enabled this feature.This feature is enabled by default.LISP First-Packet LossImportant NotesLISP First Packet LossIntroductionPacket FlowPacket Flow 2023 Cisco
96、 and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirst Packet LossBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.113.101L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 282 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv
97、eFirst Packet LossBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101172.16.113.101L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2IID-Subscription83Instance-ID Address-FamilyEIDRLOC4099IPv4172.16.112.101/32192.168.10.54099IPv4172.16.113.101/32192.168.10.6 2023 Cisco and/
98、or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirst Packet LossBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2CEF-Signal+FWDMap request/response84Decap/encap172.16.113.101 2023 Cisco and/or its affiliates.A
99、ll rights reserved.Cisco Public#CiscoLiveFirst Packet LossBRKENS-2828L0:192.168.10.6L0:192.168.10.1L0:192.168.10.8172.16.112.101L0:192.168.10.5L0:192.168.10.7L0:192.168.10.2User 1User 2CEF RLOC-user2-192.168.10.685172.16.113.101LISP Dynamic Default Border NodeSection AgendaIntroductionDynamic Soluti
100、on LISP Pub/SubLow-Level WalkthroughPacket FlowLISP Dynamic Default Border NodeIntroductionIntroductionDynamic SolutionLow-Level WalkthroughPacket Flow 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDynamic Default Border Node-IntroductionLoss of Default Route Loss of Def
101、ault Route If a Border Nodes losses the default route,it can take minutes for the network to converge.Note:This a common routing challenge that is not specific to SD-Access LISP Fabric.Potential Ways to Solve For Potential Ways to Solve For Loss of Default Route in LISP/BGPLoss of Default Route in L
102、ISP/BGPBidirectional Forwarding Detection(BFD)Per-VRF IBGP between redundant Border Nodes EEM scripts tracking state of EBGP Peers88BRKENS-2828Note:Convergence of the network after a Border Node reload is the responsibility of the IGP in the underlay.Current Network Challenges 2023 Cisco and/or its
103、affiliates.All rights reserved.Cisco Public#CiscoLiveDynamic Default Border Node-IntroductionA Fabric Gateway of Last Resort(external border)is needed in order reach destinations outside the Fabric SiteEdge Nodes must be configured to know how to reach the Fabric gateway of last resort.xTRs must be
104、configured so that they know about Proxy ETRs in the Fabric Site.There are two methods by which to accomplish this:Statically LISP/BGPDynamically -LISP Pub/Sub89BRKENS-2828LISP Forwarding LogicLISP Dynamic Default Border NodeIntroductionIntroductionDynamic SolutionDynamic SolutionLow-Level Walkthrou
105、ghPacket Flow 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDynamic Solution Dynamic Default Border NodeImplement LISP to monitor for the presence or absence of the default route Border Nodes.Do this on a per-VRF basis.Call this device the Default-ETR.Provide a method fo
106、r the Border Nodes to registered the state of the default route to the Control Plane Nodes.Dynamically program this default route state information into map-cache on the Edge Nodes.91BRKENS-2828Solution 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDynamic Solution Defau
107、lt-ETRDefault-ETRThe Default-ETR is a Border Node deployed as External-Only or Anywhere.The Default-ETR is functionally the same thing as a PETR but with added capabilities.Unknown-EID Map-Reply(UMR)Contains a list of RLOCs for devices that have registered as the Default-ETR(external borders).A UMR
108、is similar to an NMR and has the same 15-minute time-to-live(TTL).92BRKENS-2828Definition of Terms Part 1 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUnknown-EID Map-Reply(UMR)with list of Default-ETRsDynamic Solution Forwarding LogicBRKENS-2828Destination IP=208.67.22
109、0.220(Internet Destination)Map-Request:208.67.220.220Destination IP=208.67.220.220(Subsequent Packets)HostxTRMS/MRPxTRSignal LISPPopulate Map-Cache with list of Default-ETRsEncapsulate and send to Default-ETR93LISP Dynamic Default Border NodeIntroductionIntroductionStatic SolutionDynamic SolutionLow
110、Low-Level WalkthroughLevel WalkthroughPacket Flow 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDynamic Solution Dynamic Default Border NodeRegistrationRegistrationA Border Node tracks the state of the default route for a given VRF.A Border Node then notifies the Control
111、 Plane Node of the state of the default route.DeDe-prioritizationprioritizationA Border Node notifies the Control Plane Node of the loss of the default route.The Border Node registers itself with the Control Plane Node with a LISP Priority of 255.A LISP Priority of 255 indicates the Border Node cann
112、ot be used as a Fabric gateway of last resort.95BRKENS-2828Definition of Terms 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Default-ETRRegistration and De-prioritizationBRKENS-2828Map-Registration Default-ETRPriority 10 Weight 10MS/MRxTRPxTRDefault-ETR 192.168.10.7
113、 added to remote-locator-set tableReceive Default RouteDefault-ETR=192.168.10.7|Priority 10 Weight 10locator-set DEFAULT_ETR_LOCATORipv4 interface Loopback 0 priority 10 weight 10interface loopback 0Ip address 192.168.10.7 255.255.255.255Default-ETR=192.168.10.7|Priority 255 Weight 10De-prioritizati
114、on Map-RegistrationPriority 255 Weight 10Lose Default Route96LISP Fabric InternetSection AgendaIntroductionRemote Internet Packet FlowBackup Internet Packet FlowBRKE9LISP Backup&Remote Internet IntroductionIntroductionRemote Internet-Packet FlowBackup Internet Packet FlowLoop Prevention 2023 Cisco a
115、nd/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Backup Internet-IntroductionDynamic Default Border Node Border Convergence within a single Fabric Site.Results in the removal of using use-petr within the Fabric Site.Backup InternetBackup InternetEssentially Border Convergence acro
116、ss an SD-Access Transit.Results in the removal of using use-petr within the Fabric Domain.LISP Backup Internet builds on top of Dynamic Default Border Node feature.LISP fabric internet introduces constructs called Domain-ID and Multi-homing ID which are used for loop prevention.99BRKENS-2828Comparis
117、on of FunctionalityLISP Remote Internet IntroductionRemote Internet Remote Internet-Packet FlowPacket FlowBackup Internet Packet FlowLoop Prevention 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Remote Internet with Border ConvergenceRemote InternetIn a multisite-fa
118、bric deployment using SDA transit.A site uses the internet access of a remote site.Topology DescriptionTwo Fabric Sites connected to an SD-Access Transit.Fabric Site-10 has two Border Nodes without direct Internet access.Fabric Site-30 has two Border Nodes with direct Internet access.Fabric Site-10
119、uses LISP Remote Internet available through the SD-Access Transit.WalkthroughIn Fabric Site-30,Border Node#4 loses its direct Internet access.101BRKENS-2828WalkthroughWalkthrough 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Remote Internet with Border Co
120、nvergenceTopology and DescriptionBRKENS-2828Two Fabric Sites connected to an SD-Access Transit.Fabric Site 30 has local Internet.Fabric Site 30 is sharing Internet access with the deployment.InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#3Border Node#4Edge Node#1SD-Access
121、TransitEIDRLOCFabric(priority)0.0.0.0/0Border node#330(10)0.0.0.0/0Border node#430(10)EIDRLOC0.0.0.0/0Border node#10.0.0.0/0Border node#2102 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Remote Internet with Border ConvergenceBRKENS-2828Border Node#1 uses
122、 Internet available through Fabric Site 30.Either of the Border Nodes in Fabric Site 30 will be used.InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#3Border Node#4Edge Node#1SD-Access Transit103 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge
123、 Node#1LISP Remote Internet with Border ConvergenceBRKENS-2828Border Node#1 uses Internet available through Fabric Site 30.Either of the Border Nodes in Fabric Site 30 will be used.Border Node#2 uses Internet available through Fabric Site 30.Either of the Border Nodes in Fabric Site 30 will be used.
124、InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#3Border Node#4Edge Node#1SD-Access Transit104 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Remote Internet with Border ConvergenceBRKENS-2828Border Node#1 uses Internet available t
125、hrough Fabric Site 30.Either of the Border Nodes in Fabric Site 30 will be used.Border Node#2 uses Internet available through Fabric Site 30.Either of the Border Node in Fabric Site 30 will be used.Edge Node#1 in Fabric Site 10 will use either Border Node within the Site to reach the Internet.Intern
126、etFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#3Border Node#4Edge Node#1SD-Access TransitEIDRLOC0.0.0.0/0Border node#10.0.0.0/0Border node#2105 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Remote Internet with Border ConvergenceBRKEN
127、S-2828Border Node#2 in Fabric Site 30 loses the default route.InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#3Border Node#4Edge Node#1SD-Access TransitEIDRLOCFabric(priority)0.0.0.0/0Border node#330(10)0.0.0.0/0Border node#430(255)106 2023 Cisco and/or its affiliates.All r
128、ights reserved.Cisco Public#CiscoLiveFabric Site 30InternetEdge Node#1LISP Remote Internet with Border ConvergenceBRKENS-2828Both Border Nodes in Fabric Site 10 will use Border Node#1 in Fabric Site 30 to reach the Internet.Fabric Site 10Border Node#1Border Node#2Border Node#3Border Node#4Edge Node#
129、1SD-Access Transit107 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFabric Site 30InternetEdge Node#1LISP Remote Internet with Border ConvergenceBRKENS-2828Edge Node#1 in Fabric Site 10 will continue to use either site-local Border Node to reach the Internet.Fabric Site
130、10Border Node#1Border Node#2Border Node#3Border Node#4Edge Node#1SD-Access TransitEIDRLOC0.0.0.0/0Border node#10.0.0.0/0Border node#2108LISP Backup Internet IntroductionRemote Internet-Packet FlowBackup Internet Backup Internet Packet FlowPacket FlowLoop Prevention 2023 Cisco and/or its affiliates.A
131、ll rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Backup Internet with Border ConvergenceTopology and DescriptionBRKENS-2828Two Fabric Sites connected to an SD-Access Transit.Both Fabric Sites have local Internet.Both Sites are sharing Internet access.InternetFabric Site 30Fabric Site 10Borde
132、r Node#1Border Node#2Border Node#1Border Node#2Edge Node#1SD-Access TransitTransit Control Plane Node#1Transit Control Plane Node#2Internet110 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Backup Internet with Border ConvergenceBRKENS-2828Edge Node#1 will
133、 initially use either site-local Border Node to reach the Internet.InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#1Border Node#2Edge Node#1SD-Access TransitTransit Control Plane Node#1Transit Control Plane Node#2InternetEIDRLOCP-PrimaryB-Backup0.0.0.0/0Borde node#1P,B0.0.0
134、.0/0Border node#2P,B111 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Backup Internet with Border ConvergenceBRKENS-2828Border Node#2 in Fabric Site 10 loses the default route.InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#1Bord
135、er Node#2Edge Node#1SD-Access TransitTransit Control Plane Node#1Transit Control Plane Node#2InternetEIDRLOCP-PrimaryB-Backup0.0.0.0/0Borde node#1P,B0.0.0.0/0Border node#2B112 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Backup Internet with Border Conve
136、rgenceBRKENS-2828Edge Node#1 will only use Border Node#1 in in Fabric Site 10 to reach the Internet.InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#1Border Node#2Edge Node#1SD-Access TransitTransit Control Plane Node#1Transit Control Plane Node#2InternetEIDRLOCP-PrimaryB-Ba
137、ckup0.0.0.0/0Borde node#1P,B0.0.0.0/0Border node#2B113 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Backup Internet with Border ConvergenceBRKENS-2828Border Node#2 in Fabric Site 10 loses the default route.Border Node#1 in Fabric Site 10 also loses the d
138、efault route.InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#1Border Node#2Edge Node#1SD-Access TransitTransit Control Plane Node#1Transit Control Plane Node#2InternetEIDRLOCP-PrimaryB-Backup0.0.0.0/0Borde node#1B0.0.0.0/0Border node#2B114 2023 Cisco and/or its affiliates.A
139、ll rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Backup Internet with Border ConvergenceBRKENS-2828The Border Nodes in Fabric Site 10 will use the Border Nodes in Site 30 for Internet Access.Either of the Border Nodes in Fabric Site 30 will be used.InternetFabric Site 30Fabric Site 10Border
140、Node#1Border Node#2Border Node#1Border Node#2Edge Node#1InternetSD-Access TransitTransit Control Plane Node#1Transit Control Plane Node#2EIDRLOCP-PrimaryB-Backup0.0.0.0/0Borde node#1B0.0.0.0/0Border node#2B115 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP
141、 Backup Internet with Border ConvergenceBRKENS-2828Edge Node#1 in Fabric Site 10 will use both site-local Border Nodes for Internet Access.InternetFabric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#1Border Node#2Edge Node#1InternetSD-Access TransitTransit Control Plane Node#1Transit C
142、ontrol Plane Node#2EIDRLOCP-PrimaryB-Backup0.0.0.0/0Borde node#1B0.0.0.0/0Border node#2B116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEdge Node#1LISP Backup Internet with Border ConvergenceBRKENS-2828Border Node#2 in Fabric Site 30 loses the default route.InternetFab
143、ric Site 30Fabric Site 10Border Node#1Border Node#2Border Node#1Border Node#2SD-Access TransitTransit Control Plane Node#1Transit Control Plane Node#2InternetEIDRLOCP-PrimaryB-Backup0.0.0.0/0Borde node#1B0.0.0.0/0Border node#2B117 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cis
144、coLiveFabric Site 30InternetEdge Node#1LISP Backup Internet with Border ConvergenceBRKENS-2828Border Nodes in Fabric Site 10 will use Border Node#1 in Fabric Site 30 to reach the Internet.Fabric Site 10Border Node#1Border Node#2Border Node#1Border Node#2InternetSD-Access TransitTransit Control Plane
145、 Node#1Transit Control Plane Node#2EIDRLOCP-PrimaryB-Backup0.0.0.0/0Borde node#1B0.0.0.0/0Border node#2B118 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFabric Site 30InternetEdge Node#1LISP Backup Internet with Border ConvergenceBRKENS-2828Edge Node#1 in Fabric Site 10
146、 will continue to use either site-local Border Node to reach the Internet.Fabric Site 10Border Node#1Border Node#2Border Node#1Border Node#2InternetSD-Access TransitTransit Control Plane Node#1Transit Control Plane Node#2EIDRLOCP-PrimaryB-Backup0.0.0.0/0Borde node#1B0.0.0.0/0Border node#2B119 2023 C
147、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Backup Internet with Border ConvergenceIn summary,local Internet is preferred over Backup Internet within the Fabric Site.If local Internet is down for the site,then explore other options provided by other fabric sites(Backup
148、Internet).In Fabric Site-10,Border Node#2 loses its direct Internet access.Border Node#2 will use site-local Border Node#1 for Internet access.Note:Reachability between the Border Nodes cannot be via an Internet link.In Fabric Site-10,if Border Node#1 and Border Node#2 both lose their direct Interne
149、t access,only then they will use Backup Internet provide by other Fabric Sites.120BRKENS-2828Internet Preference Logic Key TakeawayLISP Backup Internet-Loop Prevention IntroductionRemote Internet-Packet FlowBackup Internet Packet FlowLoop PreventionLoop Prevention 2023 Cisco and/or its affiliates.Al
150、l rights reserved.Cisco Public#CiscoLiveLoop Prevention IntroductionThe Control Plane Node does not participate in the loop prevention process.It acts like a route reflector.It simply publishes the registrations to the interested subscribers.The responsibility for the consumption of publications and
151、 loop prevention belongs to Border Nodes.The key to this loop prevention is to avoid redistribution of a prefix back to where it previously traversed.Think of this as“LISP Split-Horizon.”122BRKENS-2828Simplified Problem Statement 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc
152、oLiveLISP Publication and RegistrationSimplified Problem StatementBRKENS-2828SD-Access TransitRegister Aggregate PrefixLocatorEID192.168.10.7 172.16.112.0/241Register Aggregate PrefixLocatorEID192.168.30.7 172.16.132.0/241Fabric Site 10VRF CAMPUS172.16.112.0/24Fabric Site 30VRF CAMPUS172.16.132.0/24
153、Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Control Plane Node#1Control Plane Node#1Border Node#2192.168.10.8123 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Publication and RegistrationSimplified Problem S
154、tatementBRKENS-2828SD-Access TransitFabric Site 10VRF CAMPUS172.16.112.0/24Fabric Site 30VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Control Plane Node#1Control Plane Node#12Publish Aggregate PrefixLocatorEID192.168.10.7 172.16.112.0/24192.1
155、68.30.7 172.16.132.0/242Publish Aggregate PrefixLocatorEID192.168.10.7 172.16.112.0/24192.168.30.7 172.16.132.0/24Border Node#4192.168.30.8Border Node#2192.168.10.8124 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Publication and RegistrationSimplified Problem State
156、mentBRKENS-2828SD-Access TransitBorder Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Control Plane Node#1Control Plane Node#133Register Aggregate PrefixBorder Node#4192.168.30.8Border Node#2192.168.10.8VRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24LocatorEID192.168.10.7
157、172.16.132.0/24LocatorEID192.168.30.7 172.16.112.0/24Register Aggregate Prefix125 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Publication and RegistrationSimplified Problem StatementBRKENS-2828SD-Access TransitBorder Node#1192.168.10.7Transit Control Plane Node#1B
158、order Node#3192.168.30.7Border Node#4192.168.30.8Control Plane Node#1Control Plane Node#1Border Node#2192.168.10.8Fabric Site 10VRF CAMPUS172.16.112.0/24Fabric Site 30VRF CAMPUS172.16.132.0/24Publish Aggregate PrefixLocatorEID192.168.10.7 172.16.132.0/24444Publish Aggregate PrefixLocatorEID192.168.3
159、0.7 172.16.112.0/24444126 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Publication and RegistrationSimplified Problem StatementBRKENS-2828SD-Access TransitBorder Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Control
160、 Plane Node#1Control Plane Node#1Border Node#2192.168.10.8Fabric Site 10VRF CAMPUS172.16.112.0/24Fabric Site 30VRF CAMPUS172.16.132.0/24Register Aggregate PrefixLocatorEID192.168.10.8 172.16.132.0/245Register Aggregate PrefixLocatorEID192.168.30.8 172.16.112.0/2455LocatorEID192.168.10.8 172.16.132.0
161、/245LocatorEID192.168.10.7 172.16.112.0/2455Register Aggregate PrefixRegister Aggregate Prefix55LocatorEID192.168.10.8 172.16.132.0/24LocatorEID192.168.30.8 172.16.112.0/24127 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Loop prevention-IntroductionLISP introduces
162、constructs called Domain-ID and Multihoming ID which are used for loop prevention.128BRKENS-2828Comparison of Functionality 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain-ID and LISP Multihoming-IDLISP Prefix Re-originationA Border Node receives publications f
163、rom Site-Local Control Plane Nodes and registers them with the Transit Control Plane Nodes.A Border Node receive publications from Transit Control Plane Nodes and registers them with Site-Local Control Plane Nodes.For prefix re-origination the node needs to insert prefix into the LISP databaseFor da
164、ta path forwarding the prefix need to placed in the map-cache.129BRKENS-2828Definition of Terms Part 1 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain-ID and LISP Multihoming-IDLISP DomainLISP Domain-IDIDIdentifies the Fabric Site of origin.Border Nodes,Control
165、 Plane Nodes,and Edge Nodes within a Fabric Site will have the same Domain-ID.Transit Control Plane Nodes will also have a unique Domain-ID different from any other Fabric Site.Immutable AttributeDomain-ID is unchanged as publications traverse Fabric Sites,Registrations,and Publications.130BRKENS-28
166、28Definition of Terms Part 2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain-ID and LISP Multihoming-IDLISP Multihoming-ID(MH-ID)Identifies Border Nodes within a given Fabric Site.Only Border Nodes connected to an SD-Access Transit will have a MH-ID.Border Node
167、s within the same Fabric Site will have the same Domain-ID and MH-ID.The MH-ID is rewritten by each Border Node during prefix re-origination.131BRKENS-2828Definition of Terms Part 3 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Backup InternetBorder Nodes do not re-
168、originate publications to the Control Plane Node in the same domain where they learned it from.132BRKENS-2828Loop Prevent Rule Set 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubTopology for This SectionBorder Nodes do not re-originate publications to the Cont
169、rol Plane Node in the same domain where they learned it from.(Basically,LISP Split Horizon)BRKENS-2828Domain ID:10Domain ID:10Domain ID:10Domain ID:10Publish Aggregate PrefixDomain IDEID10172.16.112.0/24VRF CAMPUS172.16.112.0/24133Fabric Site 10 2023 Cisco and/or its affiliates.All rights reserved.C
170、isco Public#CiscoLiveLISP Pub/SubTopology for This SectionIf the received publication has Domain-ID 10,it is not registered back to a Control Plane Node with Domain-ID 10.BRKENS-2828Domain ID:10Domain ID:10Domain ID:10Domain ID:10Register Aggregate PrefixDomain IDEID10172.16.132.0/24Fabric Site 10VR
171、F CAMPUS172.16.112.0/24134 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Pub/SubTopology for This SectionIf the received publication has Domain-ID 10,it is not registered back to a Control Plane Node with Domain-ID 10.BRKENS-2828Domain ID:10Domain ID:10Domain ID:10D
172、omain ID:10Register Aggregate PrefixDomain IDEID10172.16.132.0/24Fabric Site 10VRF CAMPUS172.16.112.0/24135 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain-ID and LISP Multihoming-IDBorder Nodes do not re-originate publications sourced with the same MH-ID as it
173、self.(Basically,LISP AS-Path)Publications with the same MH-ID are not imported into the LISP database.This solves for when there are multiple Border Nodes in a fabric site.If a Border Node receives a publication with the same MH-ID as itself.This indicates the prefix is from a registration from its
174、peer Border Node within the same site.Publications with the same RLOC as the receiving PxTR are not imported into LISP map-cache.This indicates the prefix is the devices own registration.136BRKENS-2828Loop Prevention Rule Set Part 2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C
175、iscoLiveLISP Domain ID and Multihoming IDFull Topology For this SectionBRKENS-2828SD-Access TransitFabric Site 10D-ID/MH-ID 10VRF CAMPUS172.16.112.0/24Fabric Site 30D-ID/MH-ID 30VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#2Border Node#3192.168.30.7Border Node#4192.16
176、8.30.8Border Node#2192.168.10.8Control Plane Node#1Control Plane Node#2Control Plane Node#2Control Plane Node#1Transit Control Plane Node#1Edge Node#1192.168.10.5Edge Node#1192.168.30.5137 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDReg
177、istration and PublicationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.112.0/24Fabric Site 30VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Register Aggregate PrefixFabric Site 10D-ID/MH-ID 10Fab
178、ric Site 30D-ID/MH-ID 30LocatorEIDMH-ID/D-ID192.168.10.7 172.16.112.0/2410138 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and PublicationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Border N
179、ode#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Register Aggregate PrefixLocatorEIDMH-ID/D-ID192.168.10.7 172.16.112.0/2410Register Aggregate PrefixLocatorEIDMH-ID/D-ID192.168.10.8172.16.112.0/2410Fabric Site 10D-ID/MH-ID 10Fabr
180、ic Site 30D-ID/MH-ID 30139 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and PublicationBRKENS-2828SD-Access TransitFabric Site 10VRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plan
181、e Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Register Aggregate PrefixRegister Aggregate PrefixRegister Aggregate PrefixLocatorEIDMH-ID/D-ID192.168.30.7 172.16.132.0/2430Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30LocatorEIDMH-ID/D-ID192.168.10.7 172.1
182、6.112.0/2410LocatorEIDMH-ID/D-ID192.168.10.8172.16.112.0/2410140 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and PublicationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane
183、 Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Register Aggregate PrefixRegister Aggregate PrefixRegister Aggregate PrefixRegister Aggregate PrefixLocatorEIDMH-ID/D-ID192.168.30.8 172.16.132.0/2430Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30LocatorEIDMH-I
184、D/D-ID192.168.30.7 172.16.132.0/2430LocatorEIDMH-ID/D-ID192.168.10.7 172.16.112.0/2410LocatorEIDMH-ID/D-ID192.168.10.8172.16.112.0/2410VRF CAMPUS172.16.112.0/24141 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and Publication
185、BRKENS-2828SD-Access TransitVRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Fabric Site 10D-I
186、D/MH-ID 10Fabric Site 30D-ID/MH-ID 30VRF CAMPUS172.16.112.0/24142 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and PublicationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plan
187、e Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Fabric Site 1
188、0D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30VRF CAMPUS172.16.112.0/24143 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and PublicationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control
189、Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merged Lo
190、cator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30VRF CAMPUS172.16.112.0/24144 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and
191、 PublicationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merge
192、d Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/2
193、4Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30VRF CAMPUS172.16.112.0/24145 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and PublicationBRKENS-2828SD-Access TransitBorder Node#1192.168.10.7Transit Control Plane Node#
194、1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merged Locator Recor
195、dEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Merged Locator RecordEID192.168.10.7192.168.10.8172.16.112.0/24192.168.30.7192.168.30.8172.16.132.0/24Fabric Site 30D-ID/MH-ID 30Fabric Site 10D-ID/MH-ID 10VRF CAMPUS172.16.132.0/24VRF CAMPUS172.16.112.0/24146 2023 Cis
196、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistration and PublicationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.112.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192
197、.168.10.8Merged Locator RecordEIDMH-ID/D-ID192.168.10.7192.168.10.8172.16.112.0/2410192.168.30.7192.168.30.8172.16.132.0/2430Merged Locator RecordEIDMH-ID/D-ID192.168.10.7192.168.10.8172.16.112.0/2410192.168.30.7192.168.30.8172.16.132.0/2430Merged Locator RecordEIDMH-ID/D-ID192.168.10.7192.168.10.81
198、72.16.112.0/2410192.168.30.7192.168.30.8172.16.132.0/2430Merged Locator RecordEIDMH-ID/D-ID192.168.10.7192.168.10.8172.16.112.0/2410192.168.30.7192.168.30.8172.16.132.0/2430Control Plane Node#1Control Plane Node#2Control Plane Node#2Control Plane Node#1Fabric Site 30D-ID/MH-ID 30Fabric Site 10D-ID/M
199、H-ID 10VRF CAMPUS172.16.132.0/24147 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistrationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3
200、192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Control Plane Node#1Control Plane Node#2Control Plane Node#2Control Plane Node#1Register PrefixLocatorEIDDomain-IDMH-ID192.168.10.7172.16.132.0/243010Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30148 2023 Cisco and/or its affiliat
201、es.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistrationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Cont
202、rol Plane Node#1Control Plane Node#2Control Plane Node#2Control Plane Node#1Register PrefixLocatorEIDDomain-IDMH-ID192.168.10.8172.16.132.0/243010Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30149 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Mu
203、ltihoming IDRegistrationBRKENS-2828SD-Access TransitVRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Control Plane Node#1Control Plane Node#2Control Plane Node#2Control Pl
204、ane Node#1Register PrefixLocatorEIDDomain-IDMH-ID192.168.30.7172.16.112.0/241030Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30150 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistrationBRKENS-2828SD-Access TransitFabric Site 10
205、VRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Control Plane Node#1Control Plane Node#2Control Plane Node#2Control Plane Node#1Register PrefixLocatorEIDDomain-IDMH-ID192
206、.168.30.8172.16.112.0/241030Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30151 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDRegistrationBRKENS-2828SD-Access TransitFabric Site 10VRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Bo
207、rder Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Control Plane Node#1Control Plane Node#2Control Plane Node#2Control Plane Node#1Register PrefixLocatorEIDDomain-IDMH-ID192.168.10.7172.16.132.0/243010Register PrefixLocatorEI
208、DDomain-IDMH-ID192.168.10.8172.16.132.0/243010Register PrefixLocatorEIDDomain-IDMH-ID192.168.30.7172.16.112.0/241030Register PrefixLocatorEIDDomain-IDMH-ID192.168.30.8172.16.112.0/241030Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30152 2023 Cisco and/or its affiliates.All rights reserved.Cis
209、co Public#CiscoLiveLISP Domain ID and Multihoming IDPublicationBRKENS-2828SD-Access TransitFabric Site 10VRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border Node#2192.168.10.8Control Plane Nod
210、e#1Control Plane Node#2Control Plane Node#2Control Plane Node#1Merged Locator RecordEIDDomain-IDMH-ID192.168.10.7192.168.10.8172.16.132.0/243010Merged Locator RecordEIDDomain-IDMH-ID192.168.30.7192.168.30.8172.16.112.0/241030Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30153 2023 Cisco and/or
211、 its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Domain ID and Multihoming IDPublication ProcessingBRKENS-2828SD-Access TransitVRF CAMPUS172.16.112.0/24VRF CAMPUS172.16.132.0/24Border Node#1192.168.10.7Transit Control Plane Node#1Border Node#3192.168.30.7Border Node#4192.168.30.8Border
212、 Node#2192.168.10.8Control Plane Node#1Control Plane Node#2Control Plane Node#2Control Plane Node#1Merged Locator RecordEIDDomain-IDMH-ID192.168.10.7192.168.10.8172.16.132.0/243010Same MH-ID:Do Not overwrite existing LISP Database EntrySame RLOC:Do not import into LISP Map-CacheSame MH-ID:Do Not ove
213、rwrite existing LISP Database EntrySame RLOC:Do not import into LISP Map-CacheMerged Locator RecordEIDDomain-IDMH-ID192.168.30.7192.168.30.8172.16.112.0/241030Fabric Site 10D-ID/MH-ID 10Fabric Site 30D-ID/MH-ID 30154 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Dom
214、ain-ID and LISP Multihoming-IDThey prevents loops.It is fully automated by Cisco DNA Center.Set-and-forget.155BRKENS-2828Key TakeawayLISP Extranet 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSD-Access LISP Extranet Endpoints in an SD-Access Fabric Site are in an overla
215、y Virtual Network(VRF Routing Table)Endpoints need access to Internet and critical Shared Services such as DHCP,DNS,and AD.Shared Services are located outside the Fabric Site,usually in a Data Center.Shared Services are generally in the GRT although may be in a dedicated Shared Services VRF.VRF rout
216、e leaking is needed to leak Fabric Virtual Networks to the Shared Services routing table.This configuration is done manually outside of the Fabric(think“fusion router”).157BRKENS-2828 Current Network Challenges 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSD-Access LISP
217、 ExtranetLISP Extranet provides flexible,and scalable method for providing access to Shared Services and access to the Internet to endpoints inside the Fabric.This simplifies SD-Access Fabric deployments by providing a policy-based method of VRF leaking.LISP Extranet helps avoiding route-leaking out
218、side Fabric Site by addressing the leaking natively in LISP.158BRKENS-2828 Solution Introduction 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSD-Access LISP Extranet Provider Virtual NetworkProvider Virtual NetworkContains a shared services resources such as DHCP,DNS,or
219、 even Internet.Subscriber Virtual Network Subscriber Virtual Network Contain endpoints,hosts,and users that need to access shared services resources.Extranet PolicyExtranet PolicyDescribes the relationship between a Provider Virtual Network and one or more Subscriber Virtual Networks.159BRKENS-2828
220、Definition of Terms 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSD-Access LISP Extranet Allows communication from the Subscriber Virtual Networks to the Provider Virtual Network.Allows communication from the Provider Virtual Network to the Subscriber Virtual Networks.D
221、enies Subscriber to Subscriber communicationContains a single Provider Virtual NetworkContains one or more Subscriber Virtual Networks160BRKENS-2828 Extranet Policy Details 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSD-Access LISP ExtranetA Provider Virtual Network in
222、 one Policy cannot be a Subscriber Virtual Network in another Policy.A Subscriber Virtual Network in one Policy cannot be a Provider Virtual network in another Policy.A Virtual Network can be a Provider in only one Policy.Virtual Networks can be a Subscriber in one or more Policies.Provider to Provi
223、der communication is not supported.Subscriber to Subscriber communication is not supported.Extranet is not meant to leak Fabric VRF to Fabric VRF.If two devices inside the Fabric need to communicate with one another,put them in the same Virtual Network.161BRKENS-2828 Considerations 2023 Cisco and/or
224、 its affiliates.All rights reserved.Cisco Public#CiscoLiveSD-Access LISP ExtranetAdvantagesRoute Leaking using Route Targets is complexManual ConfigurationsFusion resource considerationFusion throughput is a bottleneck(Eg:Firewalls)Supported on LISP Pub/Sub enabled Fabric SitesSupported Starting Cis
225、co DNA Center release:2.3.4.xCatalyst IOS XE Version:IOS XE 17.9.1 and above(All devices in Fabric Site)BRKENS-2828 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access Topology for This SectionBRKENS-2828 L0:192.168.30.6L0:192.168.30.1172.16.132.101172.
226、16.132.202L0:192.168.30.5L0:192.168.30.7L0:192.168.30.2User 1User 2Data CenterDNS77.77.77.77L0:192.168.10.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access Simplified TopologyBRKENS-2828 L0:192.168.30.1L0:192.168.30.5Data CenterDNS77.77.77.77172.16.
227、132.101User 1Fabric Site 30VRF CAMPUS172.16.132.0/24Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099Map-Register 77.77.77.0/24L0:192.168.10.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access Simpli
228、fied TopologyBRKENS-2828 L0:192.168.30.1L0:192.168.30.5Data Center172.16.132.101User 1Fabric Site 30VRF CAMPUS172.16.132.0/24Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099Routing TablePrefixInstance-IDGlobal Routing Table77.77.77.0/244097VRF CAM
229、PUS172.16.132.1014099PrefixRLOCInstance-ID172.16.132.0/24Lookup inInstance-id 40994097172.16.132.101/32192.168.30.54099DNS77.77.77.77L0:192.168.10.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5User 1Sour
230、ceDestination172.16.132.10177.77.77.77DNS172.16.132.101DNS77.77.77.77Data CenterRouting TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.10.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKE
231、NS-2828 L0:192.168.30.1L0:192.168.10.8L0:192.168.30.5Instance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestUser 1172.16.132.101DNS77.77.77.77Data CenterRouting TableInstance-IDExtranet policyGlobal Routing Table4097P-VNVRF CAMPUS4099S-VNRouting TableExtranet RelationshipInstance-IDGlo
232、bal Routing TableProvider4097VRF CAMPUSSubscriber4099 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5Instance-ID Address-FamilyEIDRLOCEncapsulation-IID4099IPv477.77.77.0/24192.168.30.84097LISP Map-ReplyUser
233、 1172.16.132.101DNS77.77.77.77Data CenterRouting TablePrefixInstance-IDGlobal Routing Table77.77.77.0/244097VRF CAMPUS172.16.132.1014099Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.10.8 2023 Cisco and/or its affiliates.All rights res
234、erved.Cisco Public#CiscoLiveLISP Extranet DC access Control Plane Node Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1Instance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestEIDRLOCInstance-IDAddress-Family172.16.132.0/24-4099IPv4172.16.132.101/32192.168.30.540
235、99IPv4172.16.132.202/32192.168.30.64099IPv4LISP Site Table Subscriber Instance-ID 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access Control Plane Node Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1Instance-ID Address-FamilyE
236、IDRLOC4099IPv477.77.77.77?LISP Map-RequestEIDRLOCInstance-IDAddress-Family172.16.132.0/24-4099IPv4172.16.132.101/32192.168.30.54099IPv4172.16.132.202/32192.168.30.64099IPv4LISP Site Table Subscriber Instance-ID 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet
237、DC access Control Plane Node Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1Instance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestLISP Site Table Subscriber Instance-IDEIDRLOCInstance-IDAddress-Family172.16.132.0/24-4099IPv4172.16.132.101/32192.168.30.54099IP
238、v4172.16.132.202/32192.168.30.64099IPv4 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access Control Plane Node Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1EIDRLOCInstance-IDAddress-Family77.77.77.0/2477.77.77.0/24 4097IPv4In
239、stance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestLISP Site Table Provider Instance-ID 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5Instance-ID Address-FamilyEIDRLOCEncapsulation-IID4099I
240、Pv477.77.77.0/24192.168.30.84097LISP Map-ReplyUser 1172.16.132.101DNS77.77.77.77Data CenterL0:192.168.30.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5User 1Inner SourceInner Destination Outer Source Out
241、er DestinationIID172.16.132.10177.77.77.77192.168.30.5192.168.30.84097Encapsulated Fabric Packet172.16.132.101DNS77.77.77.77Data CenterRouting TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.30.8 2023 Cisco and/or its affiliates.All rights rese
242、rved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5User 1SourceDestination172.16.132.10177.77.77.77Native IP Packet172.16.132.101DNS77.77.77.77Data CenterL0:192.168.30.8Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSu
243、bscriber4099 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5User 1SourceDestination77.77.77.77172.16.132.101Native IP PacketInternet Server77.77.77.77172.16.132.101Data CenterRouting TableExtranet Relations
244、hipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.30.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5User 1Instance-ID Address-FamilyEIDRLOC4097IPv4172.16.132.101?LISP Map-Re
245、questInternet Server77.77.77.77172.16.132.101PrefixRLOCInstance-ID172.16.132.0/24Look-up 40994097172.16.132.101/32192.168.30.54099Data CenterRouting TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.30.8 2023 Cisco and/or its affiliates.All right
246、s reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5User 1Inner SourceInner Destination Outer Source Outer DestinationIID77.77.77.77172.16.132.101192.168.30.8192.168.30.54099Encapsulated Fabric Packet172.16.132.101DNS77.77.77.77Data CenterRouting TableE
247、xtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.30.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet DC access BRKENS-2828 L0:192.168.30.1L0:192.168.30.5User 1SourceDestination77.77.77.77172.16.132.101DNS resp
248、onse172.16.132.101DNS77.77.77.77Data CenterRouting TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.30.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessSimplified TopologyBRKENS-2828 L0:19
249、2.168.30.1L0:192.168.30.5InternetInternet Server77.77.77.77172.16.132.101User 1Fabric Site 30VRF CAMPUS172.16.132.0/24Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099Default-ETR registrationRouting TablePrefixInstance-IDRLOC(PRI)Global Routing Tab
250、le0.0.0.0/04097192.168.30.8(10)VRF CAMPUS0.0.0.0/04099192.168.30.8(255)L0:192.168.30.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessBRKENS-2828 L0:192.168.30.1L0:192.168.30.5User 1InternetSourceDestination172.16.132.10177.77.77.77PingInterne
251、t Server77.77.77.77172.16.132.101Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.30.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessBRKENS-2828 L0:192.168.30.1L0:192.168.30.5Inte
252、rnetInstance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestUser 1Internet Server77.77.77.77172.16.132.101Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099L0:192.168.30.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi
253、c#CiscoLiveLISP Extranet Internet AccessBRKENS-2828 L0:192.168.30.1L0:192.168.30.5InternetInstance-ID Address-FamilyEIDRLOCEncapsulation-IID4099IPv40.0.0.0/1192.168.30.84097LISP Map-ReplyUser 1Internet Server77.77.77.77172.16.132.101Routing TableExtranet RelationshipInstance-IDGlobal Routing TablePr
254、ovider4097VRF CAMPUSSubscriber4099L0:192.168.30.8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessControl Plane Node Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1Instance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?L
255、ISP Map-RequestEIDRLOCInstance-IDAddress-Family172.16.132.0/24-4099IPv4172.16.132.101/32192.168.30.54099IPv4172.16.132.202/32192.168.30.64099IPv4LISP Site Table Subscriber Instance-ID 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessControl Plan
256、e Node Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1Instance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestEIDRLOCInstance-IDAddress-Family172.16.132.0/24-4099IPv4172.16.132.101/32192.168.30.54099IPv4172.16.132.202/32192.168.30.64099IPv4LISP Site Table Subsc
257、riber Instance-ID 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessControl Plane Node Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1Instance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestLISP Site Table S
258、ubscriber Instance-IDEIDRLOCInstance-IDAddress-Family172.16.132.0/24-4099IPv4172.16.132.101/32192.168.30.54099IPv4172.16.132.202/32192.168.30.64099IPv4 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP ExtranetControl Plane Node Table WalksBRKENS-2828 L0:192.168.30.1L0:
259、192.168.30.5172.16.132.101User 1EIDRLOCInstance-IDAddress-Family172.16.130.0/24-4097IPv4Instance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestLISP Site Table Provider Instance-ID 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP ExtranetControl Plane Node
260、 Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1RLOCPriorityWeightInstance-IDDomain-IDMH-IDCodes192.168.30.80Primary in use,Backup not available192.168.30.82551040993030(None)LISP Default-ETR Table 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public
261、#CiscoLiveLISP ExtranetControl Plane Node Table WalksBRKENS-2828 L0:192.168.30.1L0:192.168.30.5172.16.132.101User 1Instance-ID Address-FamilyEIDRLOC4099IPv477.77.77.77?LISP Map-RequestProv/SubSourceInstance-IDEID PrefixProviderDefault ETR Reg V44097-ProviderConfig4097172.16.130.0/24SubscriberConfig4
262、099172.16.132.0/24LISP Extranet Policy Table 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP ExtranetBRKENS-2828 L0:192.168.30.1L0:192.168.30.8L0:192.168.30.5InternetInstance-ID Address-FamilyEIDRLOCEncapsulation-IID4099IPv40.0.0.0/1192.168.30.84097LISP Map-ReplyUser
263、1Internet Server77.77.77.77172.16.132.101Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP ExtranetBRKENS-2828 L0:192.168.30.1L0:192.168.30.8L0:192.168.30.5InternetUser
264、 1Inner SourceInner Destination Outer Source Outer Destination Encapsulation-IID172.16.132.10177.77.77.77192.168.30.5192.168.30.84097Encapsulated Fabric PacketInternet Server77.77.77.77172.16.132.101Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099
265、 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessBRKENS-2828 L0:192.168.30.1L0:192.168.30.8L0:192.168.30.5InternetUser 1SourceDestination172.16.132.10177.77.77.77Native IP PacketInternet Server77.77.77.77172.16.132.101Routing TableExtranet Rela
266、tionshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessBRKENS-2828 L0:192.168.30.1L0:192.168.30.8L0:192.168.30.5InternetUser 1SourceDestination77.77.77.77172.16.132.101Native
267、IP PacketInternet Server77.77.77.77172.16.132.101Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessBRKENS-2828 L0:192.168.30.1L0:192.168.30.8L0:
268、192.168.30.5InternetUser 1Instance-ID Address-FamilyEIDRLOC4097IPv4172.16.132.101?LISP Map-RequestInternet Server77.77.77.77172.16.132.101PrefixRLOCInstance-ID172.16.132.0/24Look-up 40994097172.16.132.101/32192.168.30.54099Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097
269、VRF CAMPUSSubscriber4099 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet AccessBRKENS-2828 L0:192.168.30.1L0:192.168.30.8L0:192.168.30.5InternetUser 1Inner SourceInner Destination Outer Source Outer Destination Encapsulation-IID77.77.77.77172.16.132.
270、101192.168.30.8192.168.30.54099Encapsulated Fabric PacketInternet Server77.77.77.77172.16.132.101Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLISP Extranet Internet Acc
271、essBRKENS-2828 L0:192.168.30.1L0:192.168.30.8L0:192.168.30.5User 1InternetSourceDestination77.77.77.77172.16.132.101PingInternet Server77.77.77.77172.16.132.101Routing TableExtranet RelationshipInstance-IDGlobal Routing TableProvider4097VRF CAMPUSSubscriber4099 2023 Cisco and/or its affiliates.All r
272、ights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!197BRKENS-2828 These points help you get on the leaderboard and increase your chances of win
273、ning daily and grand prizesAttendees will also earn 100 points in theCisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL Thank you#CiscoLive