LISP Canonical Address Format (LCAF)

LISP Canonical Address Applications The following sections define the LCAF for the currently defined set of Type values.

Segmentation Using LISP When multiple organizations inside of a LISP site are using private addresses as EID prefixes, their address spaces must remain segregated due to possible address duplication. An Instance ID in the address encoding can aid in making the entire AFI-based address unique. Another use for the Instance ID LISP Canonical Address Format is when creating multiple segmented VPNs inside of a LISP site where keeping EID-prefix-based subnets is desirable. Instance ID LISP Canonical Address Format:

IID mask-len:: if the AFI is set to 0, then this format is not encoding an extended EID prefix, but rather an Instance ID range where the 'IID mask-len' indicates the number of high-order bits used in the Instance ID field for the range. The low-order bits of the Instance ID field must be 0.
Length:: length in bytes starting and including the byte after this Length field.
Instance ID:: the low-order 24 bits that can go into a LISP data header when the I bit is set. See for details. The reason for the length difference is so that the maximum number of instances supported per mapping system is 2^32, while conserving space in the LISP data header. This comes at the expense of limiting the maximum number of instances per xTR to 2^24. If an xTR is configured with multiple Instance IDs where the value in the high-order 8 bits is the same, then the low-order 24 bits MUST be unique.
AFI = x:: x can be any AFI value from .

This LISP Canonical Address Type can be used to encode either EID or RLOC addresses. Usage: When used as a lookup key, the EID is regarded as an extended- EID in the mapping system. This encoding is used in EID-records in Map-Request, Map-Reply, Map-Register, and Map-Notify messages. When LISP Delegated Database Tree (LISP-DDT) is used as the mapping system mechanism, extended EIDs are used in Map-Referral messages.

Carrying AS Numbers in the Mapping Database When an Autonomous System (AS) number is stored in the LISP Mapping Database System for either policy or documentation reasons, it can be encoded in a LISP Canonical Address. AS Number LISP Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
AS Number:: the 32-bit AS number of the autonomous system that has been assigned to either the EID or RLOC that follows.
AFI = x:: x can be any AFI value from .

The AS Number LCAF Type can be used to encode either EID or RLOC addresses. The former is used to describe the LISP-ALT AS number the EID prefix for the site is being carried for. The latter is used to describe the AS that is carrying RLOC based prefixes in the underlying routing system. Usage: This encoding can be used in EID-records or RLOC-records in Map-Request, Map-Reply, Map-Register, and Map-Notify messages. When LISP-DDT is used as the mapping system mechanism, extended EIDs are used in Map-Referral messages.

Convey Application-Specific Data When a locator-set needs to be conveyed based on the type of application or the Per-Hop Behavior (PHB) of a packet, the Application Data LCAF Type can be used. Application Data LISP Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
IP TOS, IPv6 TC, or Flow Label:: this field stores the 8-bit IPv4 TOS field used in an IPv4 header, the 8-bit IPv6 Traffic Class or Flow Label used in an IPv6 header.
Local Port/Remote Port Ranges:: these fields are from the TCP, UDP, or Stream Control Transmission Protocol (SCTP) transport header. A range can be specified by using a lower value and an upper value. When a single port is encoded, the lower and upper value fields are the same.
AFI = x:: x can be any AFI value from .

The Application Data LCAF Type is used for an EID encoding when an ITR wants a locator-set for a specific application. When used for an RLOC encoding, the ETR is supplying a locator-set for each specific application is has been configured to advertise. Usage: This encoding can be used in EID-records in Map-Request, Map-Reply, Map-Register, and Map-Notify messages. When LISP-DDT is used as the mapping system mechanism, extended EIDs are used in Map-Referral messages. This LCAF Type is used as a lookup key to the mapping system that can return a longest-match or exact- match entry.

Generic Database Mapping Lookups When the LISP Mapping Database System holds information accessed by a generic formatted key (where the key is not the usual IPv4 or IPv6 address), an opaque key may be desirable. Opaque Key LISP Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Key Field Num:: the value of this field is the number of "Key" sub-fields minus 1, the Key field can be broken up into. So, if this field has a value of 0, there is one sub-field in the "Key". The width of the sub-fields are fixed length. So, for a key size of 8 bytes, with a Key Field Num of 3, four sub-fields of 2 bytes each in length are allowed. Allowing for a reasonable number of 16 sub-field separators, valid values range from 0 to 15.
Key Wildcard Fields:: describes which fields in the key are not used as part of the key lookup. This wildcard encoding is a bitfield. Each bit is a don't-care bit for a corresponding field in the key. Bit 0 (the low-order bit) in this bitfield corresponds the first field, the low-order field in the key, bit 1 the second field, and so on. When a bit is set in the bitfield, it is a don't-care bit and should not be considered as part of the database lookup. When the entire 16 bits are set to 0, then all bits of the key are used for the database lookup.
Key:: the variable length key used to do a LISP Mapping Database System lookup. The length of the key is the value n (as shown above).

NAT Traversal Scenarios When a LISP system is conveying global-address and mapped-port information when traversing through a NAT device, the NAT-Traversal LCAF Type is used. See for details. NAT-Traversal Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
MS UDP Port Number:: this is the UDP port number of the Map-Server and is set to 4342.
ETR UDP Port Number:: this is the port number returned to a LISP system that was copied from the source port from a packet that has flowed through a NAT device.
AFI = x:: x can be any AFI value from .
Global ETR RLOC Address:: this is an address known to be globally unique built by NAT-traversal functionality in a LISP router.
MS RLOC Address:: this is the address of the Map-Server used in the destination RLOC of a packet that has flowed through a NAT device.
Private ETR RLOC Address:: this is an address known to be a private address inserted in this LCAF by a LISP router that resides on the private side of a NAT device.
RTR RLOC Address:: this is an encapsulation address used by an Ingress Tunnel Router (ITR) or Proxy Ingress Tunnel Router (PITR) that resides behind a NAT device. This address is known to have state in a NAT device so packets can flow from it to the LISP ETR behind the NAT. There can be one or more NAT Re-encapsulating Tunnel Router (RTR) addresses supplied in these set of fields. The number of RTRs encoded is determined by parsing each field. When there are no RTRs supplied, the RTR fields can be omitted and reflected by the LCAF length field or an AFI of 0 can be used to indicate zero RTRs encoded.

Usage: This encoding can be used in Info-Request and Info-Reply messages. The mapping system does not store this information. The information is used by an xTR and Map-Server to convey private and public address information when traversing NAT and firewall devices. Care should be taken to protect privacy against the adverse use of a Global or Private ETR RLOC Address by ensuring policy controls are used during EID registrations that use this LCAF Type in RLOC- records. Refer to the use-case documents for additional information.

PETR Admission Control Functionality When a public Proxy Egress Tunnel Router (PETR) device wants to verify who is encapsulating to it, it can check for a specific nonce value in the LISP-encapsulated packet. To convey the nonce to admitted ITRs or PITRs, this LCAF is used in a Map-Register or Map- Reply locator-record. Nonce Locator Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Reserved:: must be set to zero and ignored on receipt.
Nonce:: a nonce value returned by an ETR in a Map-Reply locator-record to be used by an ITR or PITR when encapsulating to the locator address encoded in the AFI field of this LCAF Type. This nonce value is inserted in the nonce field in the LISP header encapsulation.
AFI = x:: x can be any AFI value from .

Multicast Group Membership Information Multicast group information can be published in the mapping database. So a lookup on a group address EID can return a replication list of RLOC group addresses or RLOC unicast addresses. The intent of this type of unicast replication is to deliver packets to multiple ETRs at receiver LISP multicast sites. The locator-set encoding for this EID-record Type can be a list of ETRs when they each register with "Merge Semantics". The encoding can be a typical AFI-encoded locator address. When an RTR list is being registered (with multiple levels according to ), the Replication List Entry LCAF Type is used for locator encoding. This LCAF encoding can be used to send broadcast packets to all members of a subnet when an EID is away from its home subnet location. Multicast Info Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Reserved:: must be set to zero and ignored on receipt.
Instance ID:: the low-order 24 bits that can go into a LISP data header when the I bit is set. See for details. The use of the Instance ID in this LCAF Type is to associate a multicast forwarding entry for a given VPN. The Instance ID describes the VPN and is registered to the mapping database system as a 3-tuple of (Instance ID, S-prefix, G-prefix).
Source MaskLen:: the mask length of the source prefix that follows. The length is the number of high-order mask bits set.
Group MaskLen:: the mask length of the group prefix that follows. The length is the number of high-order mask bits set.
AFI = x:: x can be any AFI value from . When a specific address family has a multicast address semantic, this field must be either a group address or a broadcast address.
Source/Subnet Address:: the source address or prefix for encoding an (S,G) multicast entry.
Group Address:: the group address or group prefix for encoding (S,G) or (*,G) multicast entries.

Usage: This encoding can be used in EID-records in Map-Request, Map- Reply, Map-Register, and Map-Notify messages. When LISP-DDT is used as the mapping system mechanism, extended EIDs are used in Map-Referral messages.

Traffic Engineering Using Re-encapsulating Tunnels For a given EID lookup into the mapping database, this LCAF can be returned to provide a list of locators in an explicit re-encapsulation path. See for details. Explicit Locator Path (ELP) Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Rsvd3:: this field is reserved for future use and MUST be transmitted as 0 and ignored on receipt.
Lookup bit (L):: this is the Lookup bit used to indicate to the user of the ELP not to use this address for encapsulation but to look it up in the mapping database system to obtain an encapsulating RLOC address.
RLOC Probe bit (P):: this is the RLOC Probe bit that means the Reencap Hop allows RLOC-probe messages to be sent to it. When the P bit is set to 0, RLOC-probes must not be sent. When a Reencap Hop is an anycast address then multiple physical Reencap Hops are using the same RLOC address. In this case, RLOC-probes are not needed because when the closest RLOC address is not reachable, another RLOC address can be reachable.
Strict bit (S):: this is the Strict bit, which means the associated Reencap Hop is required to be used. If this bit is 0, the re-encapsulator can skip this Reencap Hop and go to the next one in the list.
AFI = x:: x can be any AFI value from . When a specific AFI has its own encoding of a multicast address, this field must be either a group address or a broadcast address.

Usage: This encoding can be used in RLOC-records in Map-Request, Map- Reply, Map-Register, and Map-Notify messages. This encoding does not need to be understood by the mapping system for mapping database lookups, since this LCAF Type is not a lookup key.

Storing Security Data in the Mapping Database When a locator in a locator-set has a security key associated with it, this LCAF will be used to encode key material. See for details. Security Key Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Key Count:: the Key Count field declares the number of Key sections included in this LCAF. A Key section is made up of Key Length and Key Material fields.
Rsvd3:: this field is reserved for future use and MUST be transmitted as 0 and ignored on receipt.
Key Algorithm:: the Key Algorithm field identifies the key's cryptographic algorithm and specifies the format of the Public Key field. Refer to the and use cases for definitions of this field.
Rsvd4:: this field is reserved for future use and MUST be transmitted as 0 and ignored on receipt.
R bit:: this is the Revoke bit and, if set, it specifies that this key is being revoked.
Key Length:: this field determines the length in bytes of the Key Material field.
Key Material:: the Key Material field stores the key material. The format of the key material stored depends on the Key Algorithm field.
AFI = x:: x can be any AFI value from . This is the locator address that owns the encoded security key.

Usage: This encoding can be used in EID-records or RLOC-records in Map-Request, Map-Reply, Map-Register, and Map-Notify messages. When LISP-DDT is used as the mapping system mechanism, extended EIDs are used in Map-Referral messages.

Source/Destination 2-Tuple Lookups When both a source and destination address of a flow need consideration for different locator-sets, this 2-tuple key is used in EID fields in LISP control messages. When the Source/Dest key is registered to the mapping database, it can be encoded as a source- prefix and destination-prefix. When the Source/Dest is used as a key for a mapping database lookup, the source and destination come from a data packet. Source/Dest Key Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Reserved:: must be set to zero and ignored on receipt.
Source-ML:: the mask length of the source prefix that follows. The length is the number of high-order mask bits set.
Dest-ML:: the mask length of the destination prefix that follows. The length is the number of high-order mask bits set.
AFI = x:: x can be any AFI value from .
AFI = y:: y can be any AFI value from . When a specific address family has a multicast address semantic, this field must be either a group address or a broadcast address.

Replication List Entries for Multicast Forwarding The Replication List Entry LCAF Type is an encoding for a locator being used for unicast replication according to the specification in . This locator encoding is pointed to by a Multicast Info LCAF Type and is registered by Re-encapsulating Tunnel Routers (RTRs) that are participating in an overlay distribution tree. Each RTR will register its locator address and its configured level in the distribution tree. Replication List Entry Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Rsvd3/Rsvd4:: must be set to zero and ignored on receipt.
Level Value:: this value is associated with the level within the overlay distribution tree hierarchy where the RTR resides. The level numbers are ordered from lowest value being close to the ITR (meaning that ITRs replicate to level-0 RTRs) and higher levels are further downstream on the distribution tree closer to ETRs of multicast receiver sites.
AFI = x:: x can be any AFI value from . A specific AFI has its own encoding of either a unicast or multicast locator address. For efficiency reasons, all RTR/ETR entries for the same level should be combined by a Map-Server to avoid searching through the entire multilevel list of locator entries in a Map-Reply message.

Usage: This encoding can be used in RLOC-records in Map-Request, Map- Reply, Map-Register, and Map-Notify messages.

Data Model Encoding This Type allows a JSON data model to be encoded as either an EID or an RLOC. JSON Data Model Type Address Format:

Length:: length in bytes starting and including the byte after this Length field.
B bit:: indicates that the JSON field is binary encoded according to when the bit is set to 1. Otherwise, the encoding is based on text encoding according to .
JSON length:: length in octets of the following JSON binary/text encoding field.
JSON binary/text encoding:: a variable-length field that contains either binary or text encodings.
AFI = x:: x can be any AFI value from . A specific AFI has its own encoding of either a unicast or multicast locator address. All RTR/ETR entries for the same level should be combined by a Map-Server to avoid searching through the entire multilevel list of locator entries in a Map-Reply message.

Usage: An example mapping is an EID-record encoded as a distinguished-name "cpe-router" and an RLOC-record encoded as a JSON string "{ "router-address" : "1.1.1.1", "router-mask" : "8" }".

Encoding Key/Value Address Pairs The Key/Value pair is, for example, useful for attaching attributes to other elements of LISP packets, such as EIDs or RLOCs. When attaching attributes to EIDs or RLOCs, it's necessary to distinguish between the element that should be used as EID or RLOC and, hence, as the key for lookups and additional attributes. This is especially the case when the difference cannot be determined from the Types of the elements, such as when two IP addresses are being used. Key/Value Address Pair Address Format:

Length:: length in bytes starting and including the byte after this Length field.
AFI = x:: x is the "Address as Key" AFI that can have any value from . A specific AFI has its own encoding of either a unicast or a multicast locator address. All RTR/ETR entries for the same level should be combined by a Map-Server to avoid searching through the entire multilevel list of locator entries in a Map-Reply message.
Address as Key:: AFI-encoded address that will be attached with the attributes encoded in "Address as Value", which follows this field.
AFI = y:: y is the "Address of Value" AFI that can have any value from . A specific AFI has its own encoding of either a unicast or a multicast locator address. All RTR/ETR entries for the same level should be combined by a Map-Server to avoid searching through the entire multilevel list of locator entries in a Map-Reply message.
Address as Value:: AFI-encoded address that will be the attribute address that goes along with "Address as Key" which precedes this field.

Multiple Data-Planes Overlays are becoming popular in many parts of the network, which has created an explosion of data-plane encapsulation headers. Since the LISP mapping system can hold many types of address formats, it can represent the encapsulation format supported by an RLOC as well. When an encapsulator receives a Map-Reply with an Encapsulation Format LCAF Type encoded in an RLOC-record, it can select an encapsulation format, that it can support, from any of the encapsulation protocols that have the bit set to 1 in this LCAF Type. Encapsulation Format Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Reserved-for-Future-Encapsulations:: must be set to zero and ignored on receipt. This field will get bits allocated to future encapsulations, as they are created.
U:: The RLOCs listed in the AFI-encoded addresses in the next longword can accept Generic UDP Encapsulation (GUE) using destination UDP port 6080 .
G:: The RLOCs listed in the AFI-encoded addresses in the next longword can accept Geneve encapsulation using destination UDP port 6081 .
N:: The RLOCs listed in the AFI-encoded addresses in the next longword can accept NV-GRE (Network Virtualization - Generic Routing Encapsulation) using IPv4/IPv6 protocol number 47 .
v:: The RLOCs listed in the AFI-encoded addresses in the next longword can accept VXLAN-GPE (Generic Protocol Extension) encapsulation using destination UDP port 4790 .
V:: The RLOCs listed in the AFI-encoded addresses in the next longword can accept Virtual eXtensible Local Area Network (VXLAN) encapsulation using destination UDP port 4789 .
l:: The RLOCs listed in the AFI-encoded addresses in the next longword can accept Layer 2 LISP encapsulation using destination UDP port 8472 .
L:: The RLOCs listed in the AFI-encoded addresses in the next longword can accept Layer 3 LISP encapsulation using destination UDP port 4341 .

Usage: This encoding can be used in RLOC-records in Map-Request, Map-Reply, Map-Register, and Map-Notify messages.

Applications for AFI List LCAF Type

Binding IPv4 and IPv6 Addresses When header translation between IPv4 and IPv6 is desirable, a LISP Canonical Address can use the AFI List LCAF Type to carry a variable number of AFIs in one LCAF AFI. Address Binding LISP Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.

This type of address format can be included in a Map-Request when the address is being used as an EID, but the LISP Mapping Database System lookup destination can use only the IPv4 address. This is so a Mapping Database Service Transport System, such as LISP-ALT , can use the Map-Request destination address to route the control message to the desired LISP site. Usage: This encoding can be used in EID-records or RLOC-records in Map-Request, Map-Reply, Map-Register, and Map-Notify messages. See the other subsections in this section for specific use cases.

Layer 2 VPNs When Media Access Control (MAC) addresses are stored in the LISP Mapping Database System, the AFI List LCAF Type can be used to carry AFI 6. MAC Address LISP Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.

This address format can be used to connect Layer 2 domains together using LISP over an IPv4 or IPv6 core network to create a Layer 2 VPN. In this use case, a MAC address is being used as an EID, and the locator-set that this EID maps to can be an IPv4 or IPv6 RLOC, or even another MAC address being used as an RLOC. See for how Layer 2 VPNs operate when doing EID mobility. Care should be taken to protect privacy against the adverse use of a Layer 2 MAC address by ensuring policy controls are used during EID registrations that use AFI=6 encodings in RLOC-records. Refer to the use-case documents for additional information.

ASCII Names in the Mapping Database If DNS names or URIs are stored in the LISP Mapping Database System, the AFI List LCAF Type can be used to carry an ASCII string. ASCII LISP Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.

An example for using DNS names is when an ETR registers a mapping with an EID-record encoded as (AFI=1, 10.0.0.0/8) with an RLOC-record (AFI=17, "router.abc.com").

Using Recursive LISP Canonical Address Encodings When any combination of above is desirable, the AFI List LCAF Type value can be used to carry within the LCAF AFI another LCAF AFI (for example, Application-Specific Data in ). Recursive LISP Canonical Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Length2:: length in bytes starting and including the byte after this Length2 field.

This format could be used by a Mapping Database Service Transport System, such as LISP-ALT , where the AFI=1 IPv4 address is used as an EID and placed in the Map-Request destination address by the sending LISP system. The ALT system can deliver the Map-Request to the LISP destination site independent of the Application Data LCAF Type AFI payload values. When this AFI is processed by the destination LISP site, it can return different locator-sets based on the type of application or level of service that is being requested.

Compatibility Mode Use Case A LISP system should use the AFI List LCAF Type format when sending to LISP systems that do not support a particular LCAF Type used to encode locators. This allows the receiving system to be able to parse a locator address for encapsulation purposes. The list of AFIs in an AFI List LCAF Type has no semantic ordering and a receiver should parse each AFI element no matter what the ordering. Compatibility Mode Address Format:

Length:: length in bytes starting and including the byte after this Length field.
Length2:: length in bytes starting and including the byte after this Length2 field.

If a system does not recognized the Geo-Coordinates LCAF Type that is accompanying a locator address, an encoder can include the Geo- Coordinates LCAF Type embedded in an AFI List LCAF Type where the AFI in the Geo-Coordinates LCAF Type is set to 0 and the AFI encoded next in the list is encoded with a valid AFI value to identify the locator address. A LISP system is required to support the AFI List LCAF Type to use this procedure. It would skip over 10 bytes of the Geo-Coordinates LCAF Type to get to the locator address encoding (an IPv4 locator address). A LISP system that does support the Geo-Coordinates LCAF Type can support parsing the locator address within the Geo- Coordinates LCAF Type encoding or in the locator encoding that follows in the AFI List LCAF Type.

Value	LISP LCAF Type Name	Reference
0	Null Body
1	AFI List
2	Instance ID
3	AS Number
4	Application Data
5	Deprecated
6	Opaque Key
7	NAT-Traversal
8	Nonce Locator
9	Multicast Info
10	Explicit Locator Path
11	Security Key
12	Source/Dest Key
13	Replication List Entry
14	JSON Data Model
15	Key/Value Address Pair
16	Encapsulation Format