1 LISP Flow Mapping User Guide
2 ============================
7 Locator/ID Separation Protocol
8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10 `Locator/ID Separation Protocol
11 (LISP) <http://tools.ietf.org/html/rfc6830>`__ is a technology that
12 provides a flexible map-and-encap framework that can be used for overlay
13 network applications such as data center network virtualization and
14 Network Function Virtualization (NFV).
16 LISP provides the following name spaces:
18 - `Endpoint Identifiers
19 (EIDs) <http://tools.ietf.org/html/rfc6830#page-6>`__
22 (RLOCs) <http://tools.ietf.org/html/rfc6830#section-3>`__
24 In a virtualization environment EIDs can be viewed as virtual address
25 space and RLOCs can be viewed as physical network address space.
27 The LISP framework decouples network control plane from the forwarding
30 - A data plane that specifies how the virtualized network addresses are
31 encapsulated in addresses from the underlying physical network.
33 - A control plane that stores the mapping of the virtual-to-physical
34 address spaces, the associated forwarding policies and serves this
35 information to the data plane on demand.
37 Network programmability is achieved by programming forwarding policies
38 such as transparent mobility, service chaining, and traffic engineering
39 in the mapping system; where the data plane elements can fetch these
40 policies on demand as new flows arrive. This chapter describes the LISP
41 Flow Mapping project in OpenDaylight and how it can be used to enable
42 advanced SDN and NFV use cases.
44 LISP data plane Tunnel Routers are available at
45 `OpenOverlayRouter.org <http://www.openoverlayrouter.org/>`__ in the open source community on
46 the following platforms:
54 For more details and support for LISP data plane software please visit
55 `the OOR web site <http://www.openoverlayrouter.org/>`__.
57 LISP Flow Mapping Service
58 ~~~~~~~~~~~~~~~~~~~~~~~~~
60 The LISP Flow Mapping service provides LISP Mapping System services.
61 This includes LISP Map-Server and LISP Map-Resolver services to store
62 and serve mapping data to data plane nodes as well as to OpenDaylight
63 applications. Mapping data can include mapping of virtual addresses to
64 physical network address where the virtual nodes are reachable or hosted
65 at. Mapping data can also include a variety of routing policies
66 including traffic engineering and load balancing. To leverage this
67 service, OpenDaylight applications and services can use the northbound
68 REST API to define the mappings and policies in the LISP Mapping
69 Service. Data plane devices capable of LISP control protocol can
70 leverage this service through a southbound LISP plugin. LISP-enabled
71 devices must be configured to use this OpenDaylight service as their Map
72 Server and/or Map Resolver.
74 The southbound LISP plugin supports the LISP control protocol
75 (Map-Register, Map-Request, Map-Reply messages), and can also be used to
76 register mappings in the OpenDaylight mapping service.
78 LISP Flow Mapping Architecture
79 ------------------------------
81 The following figure shows the various LISP Flow Mapping modules.
83 .. figure:: ./images/ODL_lfm_Be_component.jpg
84 :alt: LISP Mapping Service Internal Architecture
86 LISP Mapping Service Internal Architecture
88 A brief description of each module is as follows:
90 - **DAO (Data Access Object):** This layer separates the LISP logic
91 from the database, so that we can separate the map server and map
92 resolver from the specific implementation of the mapping database.
93 Currently we have an implementation of this layer with an in-memory
94 HashMap, but it can be switched to any other key/value store and you
95 only need to implement the ILispDAO interface.
97 - **Map Server:** This module processes the adding or registration of
98 authentication tokens (keys) and mappings. For a detailed
99 specification of LISP Map Server, see
100 `LISP <http://tools.ietf.org/search/rfc6830>`__.
102 - **Map Resolver:** This module receives and processes the mapping
103 lookup queries and provides the mappings to requester. For a detailed
104 specification of LISP Map Server, see
105 `LISP <http://tools.ietf.org/search/rfc6830>`__.
107 - **RPC/RESTCONF:** This is the auto-generated RESTCONF-based
108 northbound API. This module enables defining key-EID associations as
109 well as adding mapping information through the Map Server. Key-EID
110 associations and mappings can also be queried via this API.
112 - **GUI:** This module enables adding and querying the mapping service
113 through a GUI based on ODL DLUX.
115 - **Neutron:** This module implements the OpenDaylight Neutron Service
116 APIs. It provides integration between the LISP service and the
117 OpenDaylight Neutron service, and thus OpenStack.
119 - **Java API:** The API module exposes the Map Server and Map Resolver
120 capabilities via a Java API.
122 - **LISP Proto:** This module includes LISP protocol dependent data
123 types and associated processing.
125 - **In Memory DB:** This module includes the in memory database
126 implementation of the mapping service.
128 - **LISP Southbound Plugin:** This plugin enables data plane devices
129 that support LISP control plane protocol (see
130 `LISP <http://tools.ietf.org/search/rfc6830>`__) to register and
131 query mappings to the LISP Flow Mapping via the LISP control plane
136 Configuring LISP Flow Mapping
137 -----------------------------
139 In order to use the LISP mapping service for registering EID to RLOC
140 mappings from northbound or southbound, keys have to be defined for the
141 EID prefixes first. Once a key is defined for an EID prefix, it can be
142 used to add mappings for that EID prefix multiple times. If the service
143 is going to be used to process Map-Register messages from the southbound
144 LISP plugin, the same key must be used by the data plane device to
145 create the authentication data in the Map-Register messages for the
146 associated EID prefix.
148 The ``etc/custom.properties`` file in the Karaf distribution allows
149 configuration of several OpenDaylight parameters. The LISP service has
150 the following properties that can be adjusted:
152 **lisp.smr** (default: *false*)
153 Enables/disables the `Solicit-Map-Request
154 (SMR) <http://tools.ietf.org/html/rfc6830#section-6.6.2>`__
155 functionality. SMR is a method to notify changes in an EID-to-RLOC
156 mapping to "subscribers". The LISP service considers all
157 Map-Request’s source RLOC as a subscriber to the requested EID
158 prefix, and will send an SMR control message to that RLOC if the
161 **lisp.elpPolicy** (default: *default*)
162 Configures how to build a Map-Reply southbound message from a
163 mapping containing an Explicit Locator Path (ELP) RLOC. It is used
164 for compatibility with dataplane devices that don’t understand the
165 ELP LCAF format. The *default* setting doesn’t alter the mapping,
166 returning all RLOCs unmodified. The *both* setting adds a new RLOC
167 to the mapping, with a lower priority than the ELP, that is the next
168 hop in the service chain. To determine the next hop, it searches the
169 source RLOC of the Map-Request in the ELP, and chooses the next hop,
170 if it exists, otherwise it chooses the first hop. The *replace*
171 setting adds a new RLOC using the same algorithm as the *both*
172 setting, but using the origin priority of the ELP RLOC, which is
173 removed from the mapping.
175 **lisp.lookupPolicy** (default: *northboundFirst*)
176 Configures the mapping lookup algorithm. When set to
177 *northboundFirst* mappings programmed through the northbound API
178 will take precedence. If no northbound programmed mappings exist,
179 then the mapping service will return mappings registered through the
180 southbound plugin, if any exists. When set to
181 *northboundAndSouthbound* the mapping programmed by the northbound
182 is returned, updated by the up/down status of these mappings as
183 reported by the southbound (if existing).
185 **lisp.mappingMerge** (default: *false*)
186 Configures the merge policy on the southbound registrations through
187 the LISP SB Plugin. When set to *false*, only the latest mapping
188 registered through the SB plugin is valid in the southbound mapping
189 database, independent of which device it came from. When set to
190 *true*, mappings for the same EID registered by different devices
191 are merged together and a union of the locators is maintained as the
192 valid mapping for that EID.
194 Textual Conventions for LISP Address Formats
195 --------------------------------------------
197 In addition to the more common IPv4, IPv6 and MAC address data types,
198 the LISP control plane supports arbitrary `Address Family
199 Identifiers <http://www.iana.org/assignments/address-family-numbers>`__
200 assigned by IANA, and in addition to those the `LISP Canoncal Address
201 Format (LCAF) <https://tools.ietf.org/html/draft-ietf-lisp-lcaf>`__.
203 The LISP Flow Mapping project in OpenDaylight implements support for
204 many of these different address formats, the full list being summarized
205 in the following table. While some of the address formats have well
206 defined and widely used textual representation, many don’t. It became
207 necessary to define a convention to use for text rendering of all
208 implemented address types in logs, URLs, input fields, etc. The below
209 table lists the supported formats, along with their AFI number and LCAF
210 type, including the prefix used for disambiguation of potential overlap,
213 +------------------+----------+----------+----------+----------------------------------+
214 | Name | AFI | LCAF | Prefix | Text Rendering |
215 +==================+==========+==========+==========+==================================+
216 | **No Address** | 0 | - | no: | No Address Present |
217 +------------------+----------+----------+----------+----------------------------------+
218 | **IPv4 Prefix** | 1 | - | ipv4: | 192.0.2.0/24 |
219 +------------------+----------+----------+----------+----------------------------------+
220 | **IPv6 Prefix** | 2 | - | ipv6: | 2001:db8::/32 |
221 +------------------+----------+----------+----------+----------------------------------+
222 | **MAC Address** | 16389 | - | mac: | 00:00:5E:00:53:00 |
223 +------------------+----------+----------+----------+----------------------------------+
224 | **Distinguished | 17 | - | dn: | stringAsIs |
226 +------------------+----------+----------+----------+----------------------------------+
227 | **AS Number** | 18 | - | as: | AS64500 |
228 +------------------+----------+----------+----------+----------------------------------+
229 | **AFI List** | 16387 | 1 | list: | {192.0.2.1,192.0.2.2,2001:db8::1 |
231 +------------------+----------+----------+----------+----------------------------------+
232 | **Instance ID** | 16387 | 2 | - | [223] 192.0.2.0/24 |
233 +------------------+----------+----------+----------+----------------------------------+
234 | **Application | 16387 | 4 | appdata: | 192.0.2.1!128!17!80-81!6667-7000 |
236 +------------------+----------+----------+----------+----------------------------------+
237 | **Explicit | 16387 | 10 | elp: | {192.0.2.1→192.0.2.2\|lps→192.0. |
238 | Locator Path** | | | | 2.3} |
239 +------------------+----------+----------+----------+----------------------------------+
240 | **Source/Destina | 16387 | 12 | srcdst: | 192.0.2.1/32\|192.0.2.2/32 |
243 +------------------+----------+----------+----------+----------------------------------+
244 | **Key/Value | 16387 | 15 | kv: | 192.0.2.1⇒192.0.2.2 |
245 | Address Pair** | | | | |
246 +------------------+----------+----------+----------+----------------------------------+
247 | **Service Path** | 16387 | N/A | sp: | 42(3) |
248 +------------------+----------+----------+----------+----------------------------------+
250 Table: LISP Address Formats
252 Please note that the forward slash character ``/`` typically separating
253 IPv4 and IPv6 addresses from the mask length is transformed into ``%2f``
259 In this section we will discuss two types of Karaf commands: built-in,
260 and LISP specific. Some built-in commands are quite useful, and are
261 needed for the tutorial, so they will be discussed here. A reference of
262 all LISP specific commands, added by the LISP Flow Mapping project is
263 also included. They are useful mostly for debugging.
265 Useful built-in commands
266 ~~~~~~~~~~~~~~~~~~~~~~~~
269 Lists all available command, with a short description of each.
271 ``help <command_name>``
272 Show detailed help about a specific command.
274 ``feature:list [-i]``
275 Show all locally available features in the Karaf container. The
276 ``-i`` option lists only features that are currently installed. It
277 is possible to use ``| grep`` to filter the output (for all
278 commands, not just this one).
280 ``feature:install <feature_name>``
281 Install feature ``feature_name``.
283 ``log:set <level> <class>``
284 Set the log level for ``class`` to ``level``. The default log level
285 for all classes is INFO. For debugging, or learning about LISP
286 internals it is useful to run
287 ``log:set TRACE org.opendaylight.lispflowmapping`` right after Karaf
291 Outputs the log file to the console, and returns control to the
295 Continuously shows log output, requires ``Ctrl+C`` to return to the
298 LISP specific commands
299 ~~~~~~~~~~~~~~~~~~~~~~
301 The available lisp commands can always be obtained by
302 ``help mappingservice``. Currently they are:
304 ``mappingservice:addkey``
305 Add the default password ``password`` for the IPv4 EID prefix
306 0.0.0.0/0 (all addresses). This is useful when experimenting with
307 southbound devices, and using the REST interface would be combersome
310 ``mappingservice:mappings``
311 Show the list of all mappings stored in the internal non-persistent
312 data store (the DAO), listing the full data structure. The output is
313 not human friendly, but can be used for debugging.
315 LISP Flow Mapping Karaf Features
316 --------------------------------
318 LISP Flow Mapping has the following Karaf features that can be installed
319 from the Karaf console:
321 ``odl-lispflowmapping-msmr``
322 This includes the core features required to use the LISP Flow
323 Mapping Service such as mapping service and the LISP southbound
326 ``odl-lispflowmapping-ui``
327 This includes the GUI module for the LISP Mapping Service.
329 ``odl-lispflowmapping-neutron``
330 This is the experimental Neutron provider module for LISP mapping
336 This section provides a tutorial demonstrating various features in this
337 service. We have included tutorials using two forwarding platforms:
339 1. Using `Open Overlay Router (OOR) <https://github.com/OpenOverlayRouter/oor#overview>`__
341 2. Using `FD.io <https://wiki.fd.io/view/ONE>`__
343 Both have different approaches to create the overlay but ultimately do the
344 same job. Details of both approaches have been explained below.
346 Creating a LISP overlay with OOR
347 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
349 This section provides instructions to set up a LISP network of three
350 nodes (one "client" node and two "server" nodes) using OOR as data
351 plane LISP nodes and the LISP Flow Mapping project from OpenDaylight as
352 the LISP programmable mapping system for the LISP network.
357 The steps shown below will demonstrate setting up a LISP network between
358 a client and two servers, then performing a failover between the two
364 - **OpenDaylight Boron**
368 - **The Postman Chrome App**: the most convenient way to follow along
369 this tutorial is to use the `Postman
370 App <https://www.getpostman.com/apps>`__
371 to edit and send the requests. The project git repository hosts a
372 collection of the requests that are used in this tutorial in the
373 ``resources/tutorial/OOR/Beryllium_Tutorial.json.postman_collection``
374 file. You can import this file to Postman by clicking *Import* at the
375 top, choosing *Download from link* and then entering the following
377 `<https://git.opendaylight.org/gerrit/gitweb?p=lispflowmapping.git;a=blob_plain;f=resources/tutorial/OOR/Beryllium_Tutorial.json.postman_collection;hb=refs/heads/stable/boron>`__.
378 Alternatively, you can save the file on your machine, or if you have
379 the repository checked out, you can import from there. You will need
380 to create a new Postman Environment and define some variables within:
381 ``controllerHost`` set to the hostname or IP address of the machine
382 running the OpenDaylight instance, and ``restconfPort`` to 8181, if you didn’t
383 modify the default controller settings.
385 - **OOR version 1.0 or later** The README.md lists the dependencies needed
386 to build it from source.
388 - **A virtualization platform**
393 The three LISP data plane nodes and the LISP mapping system are assumed
394 to be running in Linux virtual machines, which have the ``eth0``
395 interface in NAT mode to allow outside internet access and ``eth1``
396 connected to a host-only network, with the following IP addresses
397 (please adjust configuration files, JSON examples, etc. accordingly if
398 you’re using another addressing scheme):
400 +--------------------------+--------------------------+--------------------------+
401 | Node | Node Type | IP Address |
402 +==========================+==========================+==========================+
403 | **controller** | OpenDaylight | 192.168.16.11 |
404 +--------------------------+--------------------------+--------------------------+
405 | **client** | OOR | 192.168.16.30 |
406 +--------------------------+--------------------------+--------------------------+
407 | **server1** | OOR | 192.168.16.31 |
408 +--------------------------+--------------------------+--------------------------+
409 | **server2** | OOR | 192.168.16.32 |
410 +--------------------------+--------------------------+--------------------------+
411 | **service-node** | OOR | 192.168.16.33 |
412 +--------------------------+--------------------------+--------------------------+
414 Table: Nodes in the tutorial
416 The figure below gives a sketch of network topology that will be used in the tutorial.
418 .. figure:: ./images/tutorial_architecture_diagram.png
419 :alt: Network architecture of the tutorial
421 In LISP terminology **client**, **server1** and **server2** are mobile nodes (MN in OOR),
422 **controller** is a MS/MR and **service-node** is a RTR.
426 While the tutorial uses OOR as the data plane, it could be any
427 LISP-enabled hardware or software router (commercial/open source).
432 The below steps use the command line tool cURL to talk to the LISP Flow
433 Mapping RPC REST API. This is so that you can see the actual request
434 URLs and body content on the page.
436 1. Install and run OpenDaylight Boron release on the controller VM.
437 Please follow the general OpenDaylight Boron Installation Guide
438 for this step. Once the OpenDaylight controller is running install
439 the *odl-lispflowmapping-msmr* feature from the Karaf CLI:
443 feature:install odl-lispflowmapping-msmr
445 It takes quite a while to load and initialize all features and their
446 dependencies. It’s worth running the command ``log:tail`` in the
447 Karaf console to see when the log output is winding down, and
448 continue with the tutorial after that.
450 2. Install OOR on the **client**, **server1**, **server2**, and
451 **service-node** VMs following the installation instructions `from
453 file <https://github.com/OpenOverlayRouter/oor#software-prerequisites>`__.
455 3. Configure the OOR installations from the previous step. Take a look
456 at the ``oor.conf.example`` to get a general idea of the structure
457 of the conf file. First, check if the file ``/etc/oor.conf`` exists.
458 If the file doesn't exist, create the file ``/etc/oor.conf``. Set the
459 EID in ``/etc/oor.conf`` file from the IP address space selected
460 for your virtual/LISP network. In this tutorial the EID of the
461 **client** is set to 1.1.1.1/32, and that of **server1** and
462 **server2** to 2.2.2.2/32.
464 4. Set the RLOC interface to ``eth1`` in each ``oor.conf`` file. LISP
465 will determine the RLOC (IP address of the corresponding VM) based
468 5. Set the Map-Resolver address to the IP address of the
469 **controller**, and on the **client** the Map-Server too. On
470 **server1** and **server2** remove the Map-Server configuration, so
471 that it doesn’t interfere with the mappings on the controller, since
472 we’re going to program them manually.
474 6. Modify the "key" parameter in each ``oor.conf`` file to a
475 key/password of your choice (*password* in this tutorial).
479 The ``resources/tutorial/OOR`` directory in the *stable/boron*
480 branch of the project git repository has the files used in the
482 in <https://git.opendaylight.org/gerrit/gitweb?p=lispflowmapping.git;a=tree;f=resources/tutorial/OOR;hb=refs/heads/stable/boron>`__,
483 so you can just copy the files to ``/etc/oor.conf`` on the
484 respective VMs. You will also find the JSON files referenced
485 below in the same directory.
487 7. Define a key and EID prefix association in OpenDaylight using the
488 RPC REST API for the **client** EID (1.1.1.1/32) to allow
489 registration from the southbound. Since the mappings for the server
490 EID will be configured from the REST API, no such association is
491 necessary. Run the below command on the **controller** (or any
492 machine that can reach **controller**, by replacing *localhost* with
493 the IP address of **controller**).
497 curl -u "admin":"admin" -H "Content-type: application/json" -X PUT \
498 http://localhost:8181/restconf/config/odl-mappingservice:mapping-database/virtual-network-identifier/0/authentication-key/ipv4:1.1.1.1%2f32/ \
501 where the content of the *add-key.json* file is the following:
506 "authentication-key": {
507 "eid-uri": "ipv4:1.1.1.1/32",
509 "address-type": "ietf-lisp-address-types:ipv4-prefix-afi",
510 "ipv4-prefix": "1.1.1.1/32"
513 "key-string": "password",
519 8. Verify that the key is added properly by requesting the following
524 curl -u "admin":"admin" -H "Content-type: application/json" -X GET \
525 http://localhost:8181/restconf/config/odl-mappingservice:mapping-database/virtual-network-identifier/0/authentication-key/ipv4:1.1.1.1%2f32/
527 The output the above invocation should look like this:
532 "authentication-key":[
534 "eid-uri":"ipv4:1.1.1.1/32",
536 "ipv4-prefix":"1.1.1.1/32",
537 "address-type":"ietf-lisp-address-types:ipv4-prefix-afi"
540 "key-string":"password"
547 9. Run the ``oor`` OOR daemon on all VMs:
553 For more information on accessing OOR logs, take a look at
554 `OOR README <https://github.com/OpenOverlayRouter/oor#readme>`__
555 10. The **client** OOR node should now register its EID-to-RLOC
556 mapping in OpenDaylight. To verify you can lookup the corresponding
557 EIDs via the REST API
561 curl -u "admin":"admin" -H "Content-type: application/json" -X GET \
562 http://localhost:8181/restconf/operational/odl-mappingservice:mapping-database/virtual-network-identifier/0/mapping/ipv4:1.1.1.1%2f32/southbound/
564 An alternative way for retrieving mappings from OpenDaylight using the
565 southbound interface is using the
566 ```lig`` <https://github.com/davidmeyer/lig>`__ open source tool.
568 11. Register the EID-to-RLOC mapping of the server EID 2.2.2.2/32 to the
569 controller, pointing to **server1** and **server2** with a higher
570 priority for **server1**
574 curl -u "admin":"admin" -H "Content-type: application/json" -X PUT \
575 http://localhost:8181/restconf/config/odl-mappingservice:mapping-database/virtual-network-identifier/0/mapping/ipv4:2.2.2.2%2f32/northbound/ \
578 where the *mapping.json* file looks like this:
584 "eid-uri": "ipv4:2.2.2.2/32",
585 "origin": "northbound",
588 "action": "NoAction",
589 "authoritative": true,
591 "address-type": "ietf-lisp-address-types:ipv4-prefix-afi",
592 "ipv4-prefix": "2.2.2.2/32"
596 "locator-id": "server1",
599 "multicastPriority": 255,
600 "multicastWeight": 0,
601 "localLocator": true,
605 "address-type": "ietf-lisp-address-types:ipv4-afi",
606 "ipv4": "192.168.16.31"
610 "locator-id": "server2",
613 "multicastPriority": 255,
614 "multicastWeight": 0,
615 "localLocator": true,
619 "address-type": "ietf-lisp-address-types:ipv4-afi",
620 "ipv4": "192.168.16.32"
628 Here the priority of the second RLOC (192.168.16.32 - **server2**)
629 is 2, a higher numeric value than the priority of 192.168.16.31,
630 which is 1. This policy is saying that **server1** is preferred to
631 **server2** for reaching EID 2.2.2.2/32. Note that lower priority
632 value has higher preference in LISP.
634 12. Verify the correct registration of the 2.2.2.2/32 EID:
638 curl -u "admin":"admin" -H "Content-type: application/json" -X GET \
639 http://localhost:8181/restconf/config/odl-mappingservice:mapping-database/virtual-network-identifier/0/mapping/ipv4:2.2.2.2%2f32/northbound/
641 13. Now the LISP network is up. To verify, log into the **client** VM
642 and ping the server EID:
648 14. Let’s test fail-over now. Suppose you had a service on **server1**
649 which became unavailable, but **server1** itself is still reachable.
650 LISP will not automatically fail over, even if the mapping for
651 2.2.2.2/32 has two locators, since both locators are still reachable
652 and uses the one with the higher priority (lowest priority value).
653 To force a failover, we need to set the priority of **server2** to a
654 lower value. Using the file mapping.json above, swap the priority
655 values between the two locators (lines 14 and 28 in *mapping.json*)
656 and repeat the request from step 11. You can also repeat step 12 to
657 see if the mapping is correctly registered. If you leave the ping
658 on, and monitor the traffic using wireshark, you can see that the
659 ping traffic to 2.2.2.2 will be diverted from the **server1** RLOC
660 to the **server2** RLOC.
662 With the default OpenDaylight configuration the failover should be
663 near instantaneous (we observed 3 lost pings in the worst case),
664 because of the LISP `Solicit-Map-Request (SMR)
665 mechanism <http://tools.ietf.org/html/rfc6830#section-6.6.2>`__ that
666 can ask a LISP data plane element to update its mapping for a
667 certain EID (enabled by default). It is controlled by the
668 ``lisp.smr`` variable in ``etc/custom.porperties``. When enabled,
669 any mapping change from the RPC interface will trigger an SMR packet
670 to all data plane elements that have requested the mapping in the
671 last 24 hours (this value was chosen because it’s the default TTL of
672 Cisco IOS xTR mapping registrations). If disabled, ITRs keep their
673 mappings until the TTL specified in the Map-Reply expires.
675 15. To add a service chain into the path from the client to the server,
676 we can use an Explicit Locator Path, specifying the **service-node**
677 as the first hop and **server1** (or **server2**) as the second hop.
678 The following will achieve that:
682 curl -u "admin":"admin" -H "Content-type: application/json" -X PUT \
683 http://localhost:8181/restconf/config/odl-mappingservice:mapping-database/virtual-network-identifier/0/mapping/ipv4:2.2.2.2%2f32/northbound/ \
686 where the *elp.json* file is as follows:
692 "eid-uri": "ipv4:2.2.2.2/32",
693 "origin": "northbound",
696 "action": "NoAction",
697 "authoritative": true,
699 "address-type": "ietf-lisp-address-types:ipv4-prefix-afi",
700 "ipv4-prefix": "2.2.2.2/32"
707 "multicastPriority": 255,
708 "multicastWeight": 0,
709 "localLocator": true,
713 "address-type": "ietf-lisp-address-types:explicit-locator-path-lcaf",
714 "explicit-locator-path": {
717 "hop-id": "service-node",
718 "address": "192.168.16.33",
723 "address": "192.168.16.31",
735 After the mapping for 2.2.2.2/32 is updated with the above, the ICMP
736 traffic from **client** to **server1** will flow through the
737 **service-node**. You can confirm this in the OOR logs, or by
738 sniffing the traffic on either the **service-node** or **server1**.
739 Note that service chains are unidirectional, so unless another ELP
740 mapping is added for the return traffic, packets will go from
741 **server1** to **client** directly.
743 16. Suppose the **service-node** is actually a firewall, and traffic is
744 diverted there to support access control lists (ACLs). In this
745 tutorial that can be emulated by using ``iptables`` firewall rules
746 in the **service-node** VM. To deny traffic on the service chain
747 defined above, the following rule can be added:
751 iptables -A OUTPUT --dst 192.168.16.31 -j DROP
753 The ping from the **client** should now have stopped.
755 In this case the ACL is done on the destination RLOC. There is an
756 effort underway in the OOR community to allow filtering on EIDs,
757 which is the more logical place to apply ACLs.
759 17. To delete the rule and restore connectivity on the service chain,
760 delete the ACL by issuing the following command:
764 iptables -D OUTPUT --dst 192.168.16.31 -j DROP
766 which should restore connectivity.
769 Creating a simple LISP overlay with FD.io
770 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
772 In this section, we use the Overlay Network Engine (ONE) project in FD.io
773 to facilitate fully scripted setup and testing of a LISP/VXLAN-GPE network.
774 Overlay Network Engine (ONE) is a `FD.io <https://fd.io/>`__ project that enables programmable
775 dynamic software defined overlays. Details about this project can be
776 found in `ONE wiki <https://wiki.fd.io/view/ONE>`__.
778 The steps shown below will demonstrate setting up a LISP network between
779 a client and a server using VPP. We demonstrate how to use VPP lite to
780 build a IP4 LISP overlay on an Ubuntu host using namespaces and af_packet
781 interfaces. All configuration files used in the tutorials can be found
782 `here <https://gerrit.fd.io/r/gitweb?p=one.git;a=tree;f=tutorial;hb=HEAD>`__.
787 - **OpenDaylight Boron**
789 - **The Postman Chrome App**: Please follow the instructions_ and import
790 postman collection from the following URL: `<https://git.opendaylight.org/gerrit/gitweb?p=lispflowmapping.git;a=blob;f=resources/tutorial/FD_io/lfm_vpp.postman_collection.json;hb=HEAD>`__.
792 - **Vagrant** (optional): Download it from `Vagrant website <https://www.vagrantup.com/downloads.html>`__
793 and follow the setup instructions.
798 Unlike the case with OOR, we use network namespace functionality of Linux
799 to create the overlay in this case. The following table contains ip addresses
800 of nodes in the overlay topology used in the tutorial. Our objective will be to
801 create this topology and be able to ping from client to server through an
802 intermediary hop, **service node**, which is a ``rtr node`` providing the
803 service of re-encapsulation. So, all the packets from client to server
804 will be through this **service node**.
806 +--------------------------+--------------------------+--------------------------+
807 | Node | Node Type | IP Address |
808 +==========================+==========================+==========================+
809 | **controller** | OpenDaylight | 6.0.3.100 |
810 +--------------------------+--------------------------+--------------------------+
811 | **client** | VPP | 6.0.2.2 |
812 +--------------------------+--------------------------+--------------------------+
813 | **server** | VPP | 6.0.4.4 |
814 +--------------------------+--------------------------+--------------------------+
815 | **service node** | VPP | 6.0.3.3 |
816 +--------------------------+--------------------------+--------------------------+
818 Table: Nodes in the tutorial
820 The figure below gives a sketch of network topology that will be used in the tutorial.
822 .. figure:: ./images/one_ODL_architecture.png
823 :alt: Network architecture of the tutorial for FD.io
828 Follow the instructions below sequentially.
830 1. Pull the VPP code anonymously using:
833 git clone https://gerrit.fd.io/r/vpp
835 2. Then, use the vagrant file from repository to build virtual machine
836 with proper environment.
839 cd vpp/build-root/vagrant/
843 3. In case there is any error from ``vagrant up``, try ``vargant ssh``. if
844 it works, no worries. If it still doesn't work, you can try any Ubuntu virtual
845 machine. Or sometimes there is an issue with the Vagrant properly copying
846 the VPP repo code from the host VM after the first installation. In that
847 case ``/vpp`` doesn't exist. In both cases, follow the instructions
850 1. Clone the code in ``/`` directory. So, the codes will be in ``/vpp``.
852 2. Run the following commands:
858 make V=0 PLATFORM=vpp TAG=vpp install-deb
859 sudo dpkg -i /vpp/build-root/*.deb
861 Alternative and more detailed build instructions can be found in
862 `VPP's wiki <https://wiki.fd.io/view/VPP/Build,_install,_and_test_images>`__
863 4. By now, you should have a Ubuntu VM with VPP repository in ``/vpp``
864 with ``sudo`` access. Now, we need VPP Lite build. The following commands
869 export PLATFORM=vpp_lite
872 Successful build create the binary in ``/vpp/build-root/install-vpp_lite_debug-native/vpp/bin``
874 5. Install bridge-utils and ethtool if needed by using following commands:
877 sudo apt-get install bridge-utils ethtool
879 6. Now, install and run OpenDaylight Boron release on the VM. Please
880 follow the general OpenDaylight Boron Installation Guide for this
881 step from :ref:`install_odl`. Before running OpenDaylight, we need
882 to change the configuration for RTR to work. Update ``etc/custom.properties``
883 with the ``lisp.elpPolicy`` to be replace.
886 lisp.elpPolicy = replace
888 Then, run OpenDaylight. For details regarding configuring LISP
889 Flow Mapping, please take a look at :ref:`lfm_config`.
890 Once the OpenDaylight controller is running install the *odl-lispflowmapping-msmr*
891 feature from the Karaf CLI:
895 feature:install odl-lispflowmapping-msmr
897 It may take quite a while to load and initialize all features and their
898 dependencies. It’s worth running the command ``log:tail`` in the
899 Karaf console to see when the log output is winding down, and
900 continue with the tutorial after that.
902 7. For setting up VPP, get the files from ``resources/tutorial/FD_io``
903 folder of the lispflowmapping repo. The files can also be found `here
904 <https://git.opendaylight.org/gerrit/gitweb?p=lispflowmapping.git;a=tree;f=resources/tutorial/FD_io;hb=refs/heads/stable/boron>`__.
905 Copy the ``vpp1.config``, ``vpp2.config`` and ``rtr.config`` files in
908 8. In this example, VPP doesn't make any southbound map registers to OpenDaylight.
909 So, we add the mappings directly from northbound. For that, we need
910 to add the mappings to OpenDaylight via RESTCONF API.
912 Register EID-to-RLOC mapping of the Client EID 6.0.2.0/24.
915 curl -u "admin":"admin" -H "Content-type: application/json" -X PUT \
916 http://localhost:8181/restconf/config/odl-mappingservice:mapping-database/virtual-network-identifier/0/mapping/ipv4:6.0.2.0%2f24/northbound/ \
919 Content of epl1.json:
925 "eid-uri": "ipv4:6.0.2.0/24",
926 "origin": "northbound",
929 "action": "NoAction",
930 "authoritative": true,
932 "address-type": "ietf-lisp-address-types:ipv4-prefix-afi",
933 "ipv4-prefix": "6.0.2.0/24"
940 "multicastPriority": 255,
941 "multicastWeight": 0,
942 "localLocator": true,
946 "address-type": "ietf-lisp-address-types:explicit-locator-path-lcaf",
947 "explicit-locator-path": {
951 "address": "6.0.3.3",
952 "lrs-bits": "lookup rloc-probe strict"
956 "address": "6.0.3.1",
957 "lrs-bits": "lookup strict"
969 Similarly add EID-to-RLOC mapping of the Server EID 6.0.4.0/24.
972 curl -u "admin":"admin" -H "Content-type: application/json" -X PUT \
973 http://localhost:8181/restconf/config/odl-mappingservice:mapping-database/virtual-network-identifier/0/mapping/ipv4:6.0.4.0%2f24/northbound/ \
976 Content of elp2.json:
982 "eid-uri": "ipv4:6.0.4.0/24",
983 "origin": "northbound",
986 "action": "NoAction",
987 "authoritative": true,
989 "address-type": "ietf-lisp-address-types:ipv4-prefix-afi",
990 "ipv4-prefix": "6.0.4.0/24"
997 "multicastPriority": 255,
998 "multicastWeight": 0,
999 "localLocator": true,
1000 "rlocProbed": false,
1003 "address-type": "ietf-lisp-address-types:explicit-locator-path-lcaf",
1004 "explicit-locator-path": {
1008 "address": "6.0.3.3",
1009 "lrs-bits": "lookup rloc-probe strict"
1013 "address": "6.0.3.2",
1014 "lrs-bits": "lookup strict"
1025 The JSON files regarding these can be found in `here
1026 <https://git.opendaylight.org/gerrit/gitweb?p=lispflowmapping.git;a=tree;f=resources/tutorial/FD_io;hb=refs/heads/stable/boron>`__.
1027 Even though there is no southbound registration for mapping to OpenDaylight, using
1028 northbound policy we can specify mappings, when Client requests for
1029 the Server eid, Client gets a reply from OpenDaylight.
1031 9. Assuming all files have been created and OpenDaylight has been configured as
1032 explained above, execute the host script you've created or the ``topology_setup.sh``
1033 script from `here <https://git.opendaylight.org/gerrit/gitweb?p=lispflowmapping.git;a=tree;f=resources/tutorial/FD_io;hb=refs/heads/stable/boron>`__.
1035 10. If all goes well, you can now test connectivity between the namespaces with:
1038 sudo ip netns exec vpp-ns1 ping 6.0.4.4
1040 11. Traffic and control plane message exchanges can be checked with a wireshark
1041 listening on the odl interface.
1042 12. .. important:: Delete the topology by running the ``topology_setup.sh`` with ``clean`` argument.
1045 sudo ./topology_setup.sh clean
1047 LISP Flow Mapping Support
1048 -------------------------
1050 For support the lispflowmapping project can be reached by emailing the
1051 developer mailing list: lispflowmapping-dev@lists.opendaylight.org or on
1052 the #opendaylight-lispflowmapping IRC channel on irc.freenode.net.
1054 Additional information is also available on the `Lisp Flow Mapping
1055 wiki <https://wiki.opendaylight.org/view/OpenDaylight_Lisp_Flow_Mapping:Main>`__
1057 Clustering in LISP Flow Mapping
1058 -------------------------------
1060 Documentation regarding setting up a 3-node OpenDaylight cluster is
1061 described at following `odl wiki
1062 page <https://wiki.opendaylight.org/view/Running_and_testing_an_OpenDaylight_Cluster#Three-node_cluster>`__.
1064 To turn on clustering in LISP Flow Mapping it is necessary:
1066 - run script **deploy.py** script. This script is in
1067 `integration-test <https://git.opendaylight.org/gerrit/integration/test>`__
1068 project placed at *tools/clustering/cluster-deployer/deploy.py*. A
1069 whole deploy.py command can looks like:
1073 <div class="informalexample">
1075 | {path\_to\_integration\_test\_project}/tools/clustering/cluster-deployer/**deploy.py**
1076 | --**distribution** {path\_to\_distribution\_in\_zip\_format}
1077 | --**rootdir** {dir\_at\_remote\_host\_where\_copy\_odl\_distribution}
1078 | --**hosts** {ip1},{ip2},{ip3}
1080 | --**template** lispflowmapping
1082 | --**user** {user\_name\_of\_remote\_hosts}
1083 | --**password** {password\_to\_remote\_hosts}
1089 | Running this script will cause that specified **distribution** to be
1090 deployed to remote **hosts** specified through their IP adresses with
1091 using credentials (**user** and **password**). The distribution will
1092 be copied to specified **rootdir**. As part of the deployment, a
1093 **template** which contains a set of controller files which are
1094 different from standard ones. In this case it is specified in
1095 | *{path\_to\_integration\_test\_project}/tools/clustering/cluster-deployer/lispflowmapping*
1097 | Lispflowmapping templates are part of integration-test project. There
1098 are 5 template files:
1100 - akka.conf.template
1102 - jolokia.xml.template
1104 - module-shards.conf.template
1106 - modules.conf.template
1108 - org.apache.karaf.features.cfg.template
1110 After copying the distribution, it is unzipped and started on all of
1111 specified **hosts** in cluster aware manner.
1116 It is necessary to have:
1118 - **unzip** program installed on all of the host
1120 - set all remote hosts /etc/sudoers files to not **requiretty** (should
1121 only matter on debian hosts)