What Is LISP Protocol in Networking?
Also known as: LISP Protocol, Locator ID Separation Protocol, Cisco LISP, ENcor exam, CCNP Enterprise
On This Page
Quick Definition
LISP is a way to separate where a device is on a network from what that device is. This helps networks scale and manage mobility. It works like having a home address and a separate forwarding address for mail.
Must Know for Exams
LISP appears in Cisco CCNP Enterprise exams, particularly the 350-401 ENCOR (Implementing Cisco Enterprise Network Core Technologies) exam. The ENCOR exam objectives include understanding network virtualization and overlay technologies, and LISP is a core component of that topic. Cisco expects certified professionals to understand how LISP works, its benefits, and how it fits into the broader SD-Access architecture.
In the exam, you may be asked about the differences between LISP and other overlay technologies like VXLAN and OTV. You may need to know the roles of ITR, ETR, MS/MR (Map Server/Map Resolver), and how the control plane operates. Questions often focus on the control plane and data plane separation.
You might see scenario questions where a network engineer must choose the right technology for a given requirement, and LISP is one of the options. The exam also tests your understanding of LISP mobility, multihoming, and traffic engineering features. You may be asked to identify correct configuration commands or interpret LISP show commands.
Understanding the mapping system and the difference between EID and RLOC is fundamental. Because LISP is a control plane protocol for Cisco SD-Access, questions may link LISP to fabric technology. The exam expects you to know how LISP interacts with other protocols and how it reduces routing table size.
Being familiar with these concepts will help you answer both multiple-choice and simulation-based questions.
Simple Meaning
Imagine you move to a new city but want people to keep sending you letters without giving them your new address every time. You set up a system where everyone sends mail to a central post office, which knows your current location and forwards the mail to you. LISP does something similar for computer networks.
Normally, when data is sent across the internet, the destination IP address tells both who a device is and where it is located. This works fine for small networks, but on a massive scale it becomes inefficient. LISP splits that dual role.
It assigns an Endpoint Identifier (EID) to each device, which is like a permanent ID card or name. It also assigns a Routing Locator (RLOC) to each network attachment point, which is like a temporary home address. When data is sent, it first goes to a mapping system that looks up the current RLOC for the destination EID.
Then the data is tunneled directly to that location. This separation allows devices to move to different networks without changing their IP address. It also reduces the number of routes that core internet routers must remember, because the core only needs to know about locations (RLOCs), not every individual device.
For IT professionals, LISP is a tool for creating more efficient, scalable, and mobile-friendly networks.
Full Technical Definition
LISP is defined in RFC 6830 and related RFCs. It operates as a control plane and data plane protocol that separates the identity of a host (its Endpoint Identifier or EID) from its location (the Routing Locator or RLOC). In traditional IP routing, an IP address serves as both the identity and the locator.
LISP breaks this coupling by introducing two distinct address spaces. EIDs are IP addresses assigned to end-hosts, but they are not used for routing in the global internet core. RLOCs are IP addresses assigned to routers that connect to the global internet.
LISP requires a mapping system that correlates EIDs to RLOCs. This mapping is stored in a distributed database, often using a system like LISP+ALT (Alternative Logical Topology) or LISP-DDT (Delegated Database Tree). When a LISP-capable router, called an Ingress Tunnel Router (ITR), receives a packet destined for an EID, it queries the mapping system to find the corresponding RLOC.
The ITR then encapsulates the original packet with a LISP header and sends it to an Egress Tunnel Router (ETR) that owns the RLOC. The ETR decapsulates the packet and delivers it to the destination host. LISP supports several encapsulation formats, including LISP-over-UDP and LISP-over-GRE.
It also supports features like multihoming, traffic engineering, and mobility. In enterprise networks, LISP can be used for data center interconnect, network virtualization, and seamless roaming. In service provider networks, LISP helps reduce the global routing table size by allowing provider-independent address space to be moved without renumbering.
LISP is a key technology in Cisco's SD-Access architecture, where it provides the control plane for fabric overlay networks.
Real-Life Example
Think about a large office building with hundreds of employees. Each employee has a unique employee ID number that never changes, no matter which desk they sit at. That is like an Endpoint Identifier.
The building also has a mailroom that delivers mail to specific desks based on where people are sitting today. The desk location is like a Routing Locator. When you send an internal letter to a colleague, you do not write their desk number on the envelope.
You write their employee ID. The mailroom looks up where that employee is currently sitting and forwards the letter to that desk. If the employee moves to a different desk, the mailroom updates its records, and all future letters go to the new desk.
LISP does the same for network traffic. Each device has a permanent IP address (EID). When someone sends data to that address, a LISP router looks up where that device is located on the network right now (its RLOC) and forwards the data there.
If the device moves to a different network location, the mapping is updated, and traffic follows seamlessly. This is especially useful for mobile devices, virtual machines in data centers, and remote branch offices.
Why This Term Matters
LISP matters because IP networks currently face serious scaling challenges. The global internet routing table continues to grow, and core routers struggle to keep up. LISP reduces the number of routes that core routers must store by keeping host-specific routes in a separate mapping system.
This makes the internet more efficient and sustainable. For enterprises, LISP enables seamless mobility. Devices can move between different network segments or even different geographic locations without changing their IP address.
This is critical for modern workplaces where employees use laptops and phones that move between offices, home networks, and public Wi-Fi. LISP also simplifies network design. Instead of complex routing policies across multiple sites, networking teams can set up a LISP overlay that handles traffic engineering automatically.
It supports multihoming, which allows a site to connect to multiple internet providers with ease. For data center operators, LISP can be used to manage virtual machine mobility across data centers. When a VM moves, its IP address stays the same, and LISP updates the mapping to point traffic to the new location.
This reduces downtime and simplifies operations. LISP also plays a role in network security. By hiding internal EID address space from the global routing table, it reduces exposure to certain types of attacks.
Overall, LISP is a practical tool for building networks that are scalable, flexible, and ready for future growth.
How It Appears in Exam Questions
Exam questions often start with a scenario. For example: A company wants to allow its virtual machines to move between two data centers without changing their IP addresses. Which technology should be used?
The correct answer would be LISP. Another common pattern is a configuration question where you need to complete a command to enable LISP on a Cisco router. For instance, you might be given a snippet and asked which command configures the router as an ITR.
Troubleshooting questions may show a show lisp session command output and ask you to identify why a remote EID is unreachable. Architecture questions might ask: In LISP, what is the role of the Map Server? or What is the difference between EID and RLOC?
You may also see comparison questions like: Which statement about LISP is true? followed by options that mix up its features with those of other technologies. Some questions focus on the benefits: How does LISP reduce the global routing table size?
The answer involves the separation of identity and location, which removes host-specific routes from the core. There may be questions about the encapsulation used by LISP, asking which protocol and port number it uses (UDP port 4341 for control plane and 4342 for data plane). Be ready for questions that ask how LISP supports mobility, such as: When a host moves to a new site, what must be updated in the LISP mapping system?
The answer is the RLOC mapping for the host's EID. Overall, LISP questions require both conceptual understanding and some operational knowledge.
Study encor
Test your understanding with exam-style practice questions.
Example Scenario
Scenario: A university has two campuses: Campus A and Campus B. They run a network for students and staff. Many users visit both campuses regularly. The network team wants users to keep the same IP address regardless of which campus they connect from. They also want to reduce the size of their routing tables.
Solution: The team decides to implement LISP. They assign each device an Endpoint Identifier (EID) that stays the same. At each campus, they install a LISP router that serves as both an Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR). The ITR at Campus A looks up where a device's EID is located before sending traffic. If a student's laptop moves to Campus B, the LISP mapping system updates the RLOC to the Campus B router. Now, when someone at Campus A sends data to that student, the ITR queries the mapping system, finds the RLOC at Campus B, and tunnels the data there. The student keeps their original IP address throughout. The core routers only need to know about the two campus RLOC addresses, not every device's IP. This simplifies routing and makes the network more flexible for mobile users.
Common Mistakes
Thinking that LISP replaces the entire IP routing infrastructure.
LISP is an overlay technology that works on top of existing IP routing. It does not replace the core routing protocols like BGP or OSPF. It adds a mapping layer that reduces the number of routes those protocols must carry.
Understand LISP as a control plane overlay that works together with existing routing. It complements them, it does not replace them.
Confusing LISP with a routing protocol like OSPF or BGP.
LISP is not a routing protocol. It is a locator/ID separation architecture that uses a mapping system. Routing protocols still determine paths between RLOCs, while LISP maps EIDs to those RLOCs.
Learn that LISP handles the identity-to-location mapping. The underlying routing of packets between RLOCs still requires traditional routing protocols.
Assuming LISP works only with IPv4 addresses.
LISP supports both IPv4 and IPv6 for EIDs and RLOCs. It can map IPv4 EIDs to IPv6 RLOCs and vice versa. This is a key feature for transition scenarios.
Remember that LISP is address-family agnostic. It can work with both IPv4 and IPv6 in different roles.
Thinking LISP encapsulation is the same as VXLAN.
LISP uses its own encapsulation format based on UDP, while VXLAN uses UDP port 4789. LISP encapsulation includes a specific LISP header with instance IDs for network virtualization. VXLAN is primarily for Layer 2 extension, while LISP focuses on control plane separation and mobility.
Study the specific LISP header format and compare it with VXLAN. Know that LISP is used for both control and data plane, whereas VXLAN is primarily data plane.
Exam Trap — Don't Get Fooled
An exam scenario asks: Which protocol is used to transport LISP control plane messages? Some incorrect options may include TCP or GRE. The trap is that LISP control plane uses UDP port 4341, and data plane uses UDP port 4342.
Memorize that LISP uses UDP port 4341 for the control plane (Map Server/Map Resolver) and UDP port 4342 for data plane encapsulation. There is no TCP or GRE in standard LISP. Review the RFC or Cisco documentation to lock this in.
Commonly Confused With
VXLAN is primarily a data plane overlay that extends Layer 2 networks over Layer 3 infrastructure. LISP is a control plane protocol that separates identity and location. While both use encapsulation, VXLAN concentrates on Layer 2 extension, and LISP focuses on routing scalability and mobility.
To connect two data centers as one Layer 2 domain, you would use VXLAN. To allow a host to move between sites while keeping its IP address, you would use LISP.
OTV is a Cisco technology for extending Layer 2 networks across data centers using MAC-in-IP encapsulation. LISP operates at Layer 3 and focuses on IP mobility and routing scalability. OTV is about bridging, while LISP is about routing and mobility.
For stretching a VLAN between data centers, OTV is a choice. For enabling a server to keep its IP address when moving to a different data center, LISP is more appropriate.
BGP is a standard routing protocol used for exchanging routing information between autonomous systems. LISP is not a routing protocol; it is a control plane overlay that uses a mapping system instead of distributing all routes. BGP carries routes to RLOCs, while LISP maps EIDs to RLOCs.
BGP tells routers how to reach a remote site's network. LISP tells routers which device behind that site is associated with which IP address.
Step-by-Step Breakdown
Device sends a packet
A host on the network sends a packet destined for another host's IP address. This IP address is the Endpoint Identifier (EID). The source host sends the packet to its default gateway, which is a LISP-capable router acting as an Ingress Tunnel Router (ITR).
ITR checks the mapping cache
ITR queries the Map Resolver
The ITR sends a Map Request message to a Map Resolver (MR) using the LISP control plane (UDP port 4341). The Map Resolver is a network element that accepts requests and returns the EID-to-RLOC mapping.
Map Resolver retrieves mapping
The Map Resolver queries the distributed mapping database (such as LISP-DDT) to find the authoritative Map Server (MS) for the destination EID. The MS responds with the current RLOC(s) for that EID. This mapping may include multiple RLOCs for multihoming or load balancing.
ITR receives and caches the mapping
The ITR receives the Map Reply and stores the EID-to-RLOC mapping in its local cache with a time-to-live (TTL). The cache allows subsequent packets to the same EID to bypass the query process, improving performance.
ITR encapsulates the packet
Using the RLOC information, the ITR encapsulates the original packet inside a LISP header. The outer IP header uses the ITR's own RLOC as source and the destination RLOC as destination. The LISP header contains the source and destination EIDs along with other fields like the Instance ID for network virtualization.
ETR receives the encapsulated packet
The encapsulated packet travels over the underlying IP network to the Egress Tunnel Router (ETR) at the destination site. The ETR listens on UDP port 4342 for LISP-encapsulated data packets.
ETR decapsulates the packet
The ETR removes the outer IP and LISP headers, revealing the original packet. It then forwards the original packet to the destination host on its local network. The destination host sees the packet as if it came directly from the source host, unaware of the LISP process.
Practical Mini-Lesson
LISP is not a protocol you configure every day in small networks, but for enterprise and service provider environments, it is a powerful tool. To implement LISP, you need to identify which routers will act as ITR/ETR, and which will serve as Map Servers and Map Resolvers. In a typical Cisco network, you run LISP on routers or switches running IOS XE or IOS XR.
Configuration involves entering the lisp control-plane configuration mode. For example, to set up a router as an ITR/ETR, you use commands like router lisp and then specify the EID prefix and RLOC interface. You also need to configure the Map Server and Map Resolver endpoints.
A common choice is to use multiple MS/MR for redundancy. LISP can also integrate with multicast for efficient traffic forwarding. One thing that often goes wrong is forgetting to configure the route import and export policies.
Without proper connectivity between ITR/ETR and the mapping system, LISP fails. Another issue is incorrect mapping TTL values, which can cause stale entries and blackholing. Monitoring is done with commands like show lisp session, show lisp map-cache, and show lisp statistics.
LISP is closely tied to Cisco's SD-Access fabric. In that architecture, LISP handles the control plane, while VXLAN handles the data plane. As a network professional, you should be able to design a LISP overlay that supports mobility, multihoming, and network virtualization.
Understanding LISP also helps you grasp how the internet could evolve toward a more scalable model. If you work with cloud or hybrid networks, LISP can simplify connectivity between on-premises and cloud environments by providing consistent addressing. The key is to remember that LISP is about breaking the identity-location binding to make networks more flexible and efficient.
Memory Tip
LISP separates 'Who you are' (EID) from 'Where you are' (RLOC). Think of it like a phone number that stays the same even when you move to a new city.
Covered in These Exams
Related Glossary Terms
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
Frequently Asked Questions
Is LISP a replacement for BGP?
No, LISP is not a replacement for BGP. LISP works alongside BGP. BGP continues to route traffic between RLOCs, while LISP handles the mapping of EIDs to RLOCs.
What is the difference between LISP control plane and data plane?
The control plane consists of Map Servers and Map Resolvers that handle mapping requests and replies. The data plane includes ITRs and ETRs that encapsulate and decapsulate packets. Control plane messages travel on UDP 4341, data plane on UDP 4342.
Does LISP require special hardware?
LISP can run on standard Cisco routers and switches that support IOS XE or IOS XR. Many Cisco Catalyst 9000 series switches and ASR/ISR routers support LISP. No special hardware beyond what is needed for the network size is required.
Can LISP be used with IPv6?
Yes, LISP supports both IPv4 and IPv6 for EIDs and RLOCs. You can have IPv4 EIDs mapped to IPv6 RLOCs and vice versa. This makes LISP useful for IPv6 transition scenarios.
How does LISP improve network security?
By hiding internal EID address space from the global routing table, LISP reduces exposure to certain scanning and direct attacks. It also enables traffic engineering that can steer traffic through security appliances.
Is LISP used in SD-WAN?
LISP is not typically the primary technology in SD-WAN, but it is a key component in Cisco SD-Access. SD-Access uses LISP for the control plane and VXLAN for the data plane. SD-WAN solutions often use other protocols like OMP (Cisco SD-WAN).
What is the role of an Instance ID in LISP?
The Instance ID in the LISP header allows network virtualization by separating traffic from different tenants or virtual networks. It works similarly to a VLAN ID but operates at Layer 3.
Summary
LISP, the Locator/ID Separation Protocol, is a foundational technology for building scalable, mobile, and efficient networks. By splitting a device's identity (EID) from its location (RLOC), LISP reduces the size of global routing tables and enables seamless mobility without renumbering. In Cisco environments, LISP is a critical component of SD-Access and is tested on the CCNP ENCOR exam.
Understanding its control plane and data plane, the roles of ITR, ETR, Map Server, and Map Resolver, and how it differs from technologies like VXLAN and OTV is essential. For the exam, focus on the UDP ports, encapsulation format, and the benefits of identity/location separation. In real-world IT work, LISP simplifies network design, supports data center mobility, and improves multihoming.
Remember that LISP is an overlay that works with existing routing protocols, not a replacement. With its ability to handle both IPv4 and IPv6 and its support for network virtualization via Instance IDs, LISP is a versatile tool for modern network professionals. Master it to excel in your certification journey and in practical network engineering.