Create, Maintain And Distribute Decapsulation Filter Lists; Add Or Override Decapsulation Filter List - Cisco ASR 9000 Series Routing Configuration Manual
Aggregation services router
Hide thumbs
Also See for ASR 9000 Series:
- Command reference manual (1138 pages) ,
- Reference manual (696 pages) ,
- Configuration manuallines (694 pages)
Table of Contents
Advertisement
Implementing Data Plane Security
Create, Maintain and Distribute Decapsulation Filter Lists
A Map-Server can be configured to dynamically create, maintain, and distribute decapsulation filter lists, on
a per instance-ID basis, to appropriate LISP devices using the map-server rloc members distribute command
in site configuration mode. When configured:
• The Map-Server allows the establishment of TCP-based LISP reliable transport sessions with appropriate
• The Map-Server creates/maintains lists (per-IID) of LISP site RLOCs (per-IID) based on RLOC addresses
• The Map-Server pushes/updates filters lists over the reliable transport mechanism to established devices
Note
• Data plane security is enabled by the use of the "map-server roc members distribute" command. The
• This feature is used in conjunction with the decapsulation filter rloc source command, configured
This example shows how you can configure the Map-Server to create reliable transport sessions with specific
LISP sites, to dynamically create, maintain, and distribute decapsulation filter lists.
router lisp
locator-set PxTR_set
2001:DB8:E:F::2
exit
!
eid-table vrf 1001 instance-id 1001
map-server rloc members modify-discovered add locator-set PxTR_set
exit
!
---<skip>---
!
map-server rloc members distribute
!
Add or Override Decapsulation Filter List
When a Map-Server is configured to dynamically create, maintain, and distribute a decapsulation filter list,
the decapsulation filter list can be added to or overridden by using the map-server rloc members
modify-discovered command in EID-table configuration mode. Uses may include:
• When a PxTR is included in the architecture, the PITR LISP-encapsulates packets to an ETR – and the
• A PETR can also be configured to filter upon decapsulation, but again, because a PETR does not register
xTRs
of registered LISP sites
optional command "map-server rloc members modified-discovered [add | override] is used to append
to or override the dynamically maintained RLOC filter list.
on (P)xTR devices which are performing the decapsulation
ETR must therefore include the PITR RLOC in its decapsulation filter list. Since PITRs do not register
with Map-Servers, their RLOCs are not automatically included in the decapsulation filter list and must
be added via configuration using this command.
with a Map-Server, it needs a way to obtain the decapsulation filter list. The add form of this command
includes the mechanisms to establish the reliable transport session with the Map-Server for obtaining
the decapsulation filter list on the PETR.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.3.x
Create, Maintain and Distribute Decapsulation Filter Lists
667
- Quick Links:
- Prefix-Set
Hide quick links:
Advertisement
Table of Contents
