Usage Guidelines

The ipv6 alt-vrf command is required for all LISP devices that are connected to the ALT for exchange of LISP control plane messages for IPv6 EID mapping resolution. The VRF instance specified using the ipv6 alt-vrf command is used to segment EID prefixes from the global table and must be configured to enable the IPv6 address family (use the ipv4 alt-vrf command to enable the IPv4 address family).

Additionally, you must use the ipv6 alt-vrf command (or ipv4 alt-vrf command for IPv4 EID mapping resolution) when configuring any LISP device as a map resolver (MR), map server (MS), or proxy ingress tunnel router (PITR). For these LISP devices, configuring the ipv6 alt-vrf or ipv4 alt-vrf command is required regardless whether the device is connected to an ALT for the exchange of map requests or is configured as a stand-alone MR, MS, PITR, or any combination of the three (such as when a LISP MS/MR device has full knowledge of the LISP mapping system for a private LISP deployment and is not connected to any ALT).

• Send map requests directly over the LISP ALT using the VRF instance specified when configuring this command—the ITR sends map requests directly over the ALT (without the additional LISP ECM header). The destination of the map request is the EID being queried. For this option, use the ipv6 alt-vrf command

When using the ALT, you must configure the correct address family (IPv6 or IPv4) for resolving EID-to-RLOC mappings. If an IPv4 EID mapping is required, configure the ipv6 alt-vrf command and specify a VRF that enables the IPv6 address-family and connects to an IPv6-capable ALT.

Note

Before this command is used, the referenced VRF must already have been created using the vrf definition command. In addition, the corresponding configurations for connecting the LISP device to the ALT, including the GRE tunnel interfaces and any routing associated with the VRF (static or dynamic) must also have been created.

Usage Guidelines

Use this command to enable the router to perform IPv6 LISP Egress Tunnel Router (ETR) functionality. A router configured as an IPv6 ETR is typically configured with the database-mapping command so that the ETR knows what IPv6 EID-prefix blocks and corresponding locators are used for the LISP site. The ETR should be configured to register with a map server with the ipv6 etr map-server command, or to use static LISP endpoint identifier-to-routing locator (EID-to-RLOC) mappings with the map-cache command in order to participate in LISP networking.

Note	A device configured as an ETR can also be configured as an Ingress Tunnel Router (ITR). However, the LISP architecture does not require this and ETR and ITR functionality can occur in different devices.

Usage Guidelines

If an ETR receives a map-request message that contains mapping data for the invoking IPv6 source-EID's packet, the ETR, by default, ignores the mapping data. However, if you configure the ipv6 etr accept-map-request-mapping command, the ETR will cache the mapping data in its map cache and immediately use it for forwarding packets.

If you enter the verify keyword, the ETR still caches the mapping data but will not use it for forwarding packets until the ETR can send its own map request to one of the locators from the mapping data record, and receives the same data in a map-reply message.

If this command is enabled and then later disabled, issuing the command clear map-cache is required to clear any map-cache entries that are in the “tentative” state. Map-cache entries can remain in the “tentative” state for up to one minute so you might want to clear these entries manually when this command is removed.

Usage Guidelines

Use this command to change the default value associated with the Time-to-Live (TTL) field in IPv6 map-reply messages. Entering this command changes the default TTL that remote ITRs will cache and use for your site’s IPv4 endpoint identifier (EID) prefix. The default value is 1440 minutes (24 hours), and the minimum value is 60 minutes.

Usage Guidelines

Use the ipv6 etr map-server command to configure the IPv4 or IPv6 locator of the map server to which the ETR will register for its IPv6 EIDs. A password used for a SHA-1 HMAC hash that is included in the header of the Map-Register message is provided with the key keyword. You can configure the ETR to register with at most two map servers. Once the ETR registers with the map servers, the map servers will begin to advertise the IPv6 EID-prefix blocks and RLOCs for the LISP site.

The password used for the SHA-1 HMAC may be entered in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify 0. To enter an AES encrypted password, specify 6.

Caution

Map server authentication keys entered in cleartext form will remain in cleartext form and be displayed in the configuration in cleartext form unless the Cisco IOS Encrypted Preshared Key feature is enabled. The Encrypted Preshared Key feature allows you to securely store plain text passwords in type 6 (AES) encryption format in NVRAM. To enable this feature, use the key config-key password-encryption and password encryption aes commands. For additional information on the Encrypted Preshared Key feature and its usage see: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml .

Caution

If you enable the Encrypted Preshared Key feature and then remove it, all type 6 encrypted keys immediately become unusable because the primary key is deleted—type 6 passwords cannot be unencrypted and used by the router. A warning message displays that details this and confirms the primary key deletion.

Note	The map server must be preconfigured with IPv6 EID prefixes that match the IPv6 EID prefixes configured on this ETR using the database-mapping command, and a password matching the one provided with the key keyword on this ETR.

Usage Guidelines

Use this command to enable the router to perform IPv6 LISP ITR functionality.

When a router is configured as an ITR, if a packet is received for which no IPv6 destination address prefix match exists in the routing table and for which the source address of the packet matches an IPv6 EID-prefix block configured using the database-mapping or map-cache command, then the packet is a candidate for LISP routing. In this case, the ITR sends LISP map request to the map resolver configured by the ipv6 itr map-resolver command. Next, the ITR caches the resultant IPv6 endpoint identifier-to-routing locator (EID-to-RLOC) mapping information returned by the associated map-reply in its map-cache. Subsequent packets destined to the same IPv6 EID-prefix block are then LISP-encapsulated according to this IPv6 EID-to-RLOC mapping entry.

Note	Devices are often configured as an ITR and as an Egress Tunnel Router (ETR). However, the LISP architecture does not require this and the functionality can occur in a different device.

Usage Guidelines

This command configures the locator to be used by a LISP ITR to reach the configured map resolver when sending a map request for IPv6 EID-to-RLOC mapping resolution.

When a LISP ITR needs to resolve an IPv6 EID-to-RLOC mapping for a destination EID, it can be configured to send a map request message either to a map resolver configured using the ipv6 itr map-resolver command, or directly over the LISP Alternative Logical Topology (ALT) using the ipv6 alt-vrf command. When a map resolver is used, map requests are sent to the map resolver with the additional LISP Encapsulated Control Message (ECM) header that includes the map resolver RLOC as its destination address. When the ALT is used, map requests are sent directly over the ALT without the additional LISP ECM header (the destination of the map request is the EID being queried).

Usage Guidelines

Use this command to control the maximum number of IPv6 LISP map-cache entries allowed to be stored on the router. The optional reserve-list keyword can be configured to guarantee that the referenced IPv6 EID prefixes are always stored by the router.

LISP map-cache entries are added dynamically or statically. Dynamic entries are added when a valid map-reply message is returned for a map-request message generated in response to a cache-miss lookup. Static IPv6 entries are added via the map-cache command. Whether a new map-cache entry is stored depends on the following conditions.

Dynamic map-cache entries are always added until the default or configured cache-limit is reached. After the default or configured cache-limit is reached, unless the optional reserve-list is configured, no further dynamic entries are added and no further map requests are generated in response to cache-miss lookups until a free position is available. Existing dynamic IPv6 map-cache entries can time out due to inactivity or can be removed by the administrator via the clear ipv6 lisp map-cache command to create a free position in the map-cache. When the optional reserve-list is configured, a map request will be generated and a new dynamic map-cache entry will be added for IPv6 EID-prefixes found in the prefix-list referenced by the reserve-list keyword. In this case, a new entry will replace an existing dynamic entry such that the cache-limit is maintained. The dynamic entry deleted will be either a non-reserve idle map-cache entry, non-reserve active map-cache entry, reserve idle map-cache entry, or reserve active map-cache entry (in that order, whichever is available first for deletion). Idle map-cache entries are those that have seen no activity in the last 10 minutes.

Static map-cache entries are always added, even if the addition of the static entry exceeds the default or configured cache-limit. If the current map-cache contains dynamic entries, the addition of a new static entry will replace an existing dynamic entry so that the cache-limit is maintained. The dynamic entry deleted will be either a non-reserve idle map-cache entry, non-reserve active map-cache entry, reserve idle map-cache entry, or reserve active map-cache entry (in that order, whichever is available first for deletion). Idle map-cache entries are defined as having no activity in the last 10 minutes.

Caution

Static map-cache entries count against the default or configured cache-limit. Since static entries are always added, static entries can be added beyond the default or configured cache limit. If the number of static entries configured exceeds the default or configured cache-limit, no dynamic entries can be added.

Note

If you enter the reserve-list keyword, be sure that the prefix list includes entries that match all entries for which you expect to receive a map reply, including the “more-specifics”. This can be ensured by appending "le 128" to the end of all prefix-list entries for IPv6 prefixes. For example, if you want to match on any “more specific”s to 2001:DDB8:BB::/48, you specify ipv6 prefix-list lisp-list seq 5 permit 2001:DB8:BB::/48 le 128 in order to cover all replies within this range.

Note	Theshow ipv6 lisp map-cache detail command provides additional details about the EID-to-RLOC mapping entries stored in the LISP map-cache, including whether the prefix is covered by the reserve list prefix list.

Usage Guidelines

An ITR forwards LISP packets based on endpoint identifier-to-routing locator (EID-to-RLOC) mapping policy data obtained from destination Egress Tunnel Routers (ETRs) and stored in its local map cache. If the map cache does not contain an entry for the destination prefix, the map resolution process is executed in order to build the map-cache entry. Even though this process takes a small amount of time, upon router reload it may be undesirable to wait for data-driven events to cause map-cache entries to be built.

The LISP map-cache persistence feature periodically stores dynamically learned remote EID map-cache entries to a file located in flash. When the router reloads, it checks for these files and uses the list of remote EIDs to prime the map cache after reboot. This ensures that packet loss after an xTR comes up is minimal because data-driven triggers are not required to re-populate the map-cache for previously active EID prefixes.

Note	The remote EID prefixes listed in the stored file are used to trigger map requests. The map replies that return based on these map-requests are what prime the map cache. In this way, the map-cache always contains fresh information upon reload.

Use the ipv4 map-cache-persistent command to control how often, in minutes, the ITR or PITR should save dynamically learned IPv6 map-cache entries to a file in flash. By default, map-cache persistence is set at 10 minutes. Use the no form of the command to disable LISP map-cache persistence. Alternatively, if the default value is changed, you can use the default form of this command to return the save interval setting to the default value.

Note	Use show run | include persistent command to determine the current state of this feature. If this command returns nothing, then map-cache persistence is enabled and set to the default value. Other output results are self explanatory.

Usage Guidelines

Use this command to configure the IPv6 source address to be used by the Ingress Tunnel Router (ITR) for LISP IPv6 map-request messages. Typically, a locator address configured using the database-mapping command is used as the source address for LISP IPv6 map-request messages. There are cases, however, where you may want to configure the specified source address for these map-request messages. For example, when the ITR is behind a network address translation (NAT) device, you should specify a source address that matches the NAT configuration to properly allow for return traffic.

Usage Guidelines

Use this command to enable the router to perform IPv6 LISP map-resolver functionality. A LISP map-resolver is deployed as a LISP infrastructure component.

A map-resolver receives LISP encapsulated control messages (ECMs) containing map requests from LISP Ingress Tunnel Routers (ITRs) directly over the underlying locator-based network. The map resolver decapsulates these messages and forwards them on the LISP Alternative Logical Topology (ALT) topology, where they are then delivered either to an Egress Tunnel Router (ETR) that is directly connected to the LISP ALT and that is authoritative for the endpoint identifier (EID) being queried by the map request, or to the map server that is injecting EID-prefixes into the LISP ALT on behalf of the authoritative ETR.

Map-resolvers also send negative map replies directly back to an Ingress Tunnel Router (ITR) in response to queries for non-LISP addresses.

Note	For a router configured as an IPv6 map resolver, you must configure the ipv6 alt-vrf command regardless whether the device is connected to an ALT for the exchange of map requests or is configured as a standalone map resolver. Refer to the ipv6 alt-vrf command for related configuration information.

Usage Guidelines

Use this command to enable the router to perform IPv6 LISP map-server functionality. A LISP map server is deployed as a LISP Infrastructure component. LISP site commands are configured on the map server for a LISP Egress Tunnel Router (ETR) that registers to the map server. The authentication key on the map server must match the one configured on the ETR. A map server receives map-register control packets from ETRs. A map server configured with a service interface to the LISP Alternative Logical Topology (ALT) injects aggregates for the registered EID prefixes into the LISP ALT.

The map server also receives map-request control packets from the LISP ALT, which it then forwards as a LISP encapsulated control messages (ECMs) to the registered ETR that is authoritative for the EID prefix being queried. The ETR returns a map-reply message directly back to the Ingress Tunnel Router (ITR).

Note	For a router configured as an IPv6 map server, you must configure the ipv6 alt-vrf command regardless whether the device is connected to an ALT for the exchange of map requests or is configured as a standalone map server. Refer to the ipv6 alt-vrf command for related configuration information.

Usage Guidelines

By IPv6 standards requirements, LISP always participates in IPv6 PMTUD and LISP is capable of adjusting the MTU used on a per-destination locator basis. Incoming IPv6 ICMP “Packet Too Big” messages are processed and maintained by LISP on a per-destination locator basis. The MTU setting for a destination locator will be updated according to the ICMP message as long as the requested new MTU is lower than the existing MTU but is still within the configured min and max MTU boundaries.

Note	IPv6 PMTUD cannot be disabled for LISP.

Usage Guidelines

Use this command to enable IPv6 LISP PETR functionality on the router. PETR functionality is a special case of Egress Tunnel Router (ETR) functionality where the router accepts LISP-encapsulated packets from an Ingress Tunnel Router (ITR) or PITR that are destined to non-LISP sites, decapsulates them, and then forwards them natively toward the non-LISP destination.

PETR services may be necessary in several cases. For example, by default, when a LISP site forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site endpoint identifiers (EIDs). If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF) the packets are considered to be spoofed and dropped because EIDs are not advertised in the provider default free zone (DFZ).

Instead of natively forwarding packets intended for non-LISP sites, the ITR encapsulates the packets (using the site locator as the source address and the PETR as the destination address) so that packets destined for LISP sites will follow normal LISP forwarding processes and be sent directly to the destination ETR. As a second example, suppose a LISP IPv6 (EID) site wants to communicate with a non-LISP IPv6 site and some portion of the intermediate network does not support an IPv6 (it is IPv4 only). Assuming that the PETR has both IPv4 and IPv6 connectivity, the ITR can LISP-encapsulate the ipv6 proxy-etr 63 Cisco IOS LISP Command Reference IPv6 EIDs with IPv4 locators destined for the PETR, which decapsulates the packets and forwards them natively to the non-LISP IPv6 site over its IPv6 connection. That is, the use of the PETR effectively allows the LISP sites packets to traverse (hop over) the IPv4 portion of the network using the LISP mixed protocol encapsulation support.

Note	A router that is configured as an ETR performs a check to verify that the LISP packet inner header destination address is within the address range of a local EID prefix, whereas a router configured as a PETR does not perform this check.

Note	An ITR or PITR that requires the use of IPv6 PETR services must be configured to forward IPv6 EID packets to the PETR using the ipv6 use-petr command.

Usage Guidelines

Use this command to enable IPv6 LISP Proxy Ingress Tunnel Router (PITR) functionality on the router. PITR functionality is a special case of Ingress Tunnel Router (ITR) functionality where the router receives native packets from non-LISP sites that are destined for LISP sites, encapsulates them, and forwards them to the Egress Tunnel Router (ETR) that is authoritative for the destination LISP site endpoint identifier (EID).

PITR services are required to provide interconnectivity between non-LISP sites and LISP sites. For example, when connected to the Internet, a PITR acts as a gateway between the legacy Internet and the LISP enabled network. To accomplish this, the PITR must advertise one or more highly aggregated EID prefixes on behalf of LISP sites into the underlying DFZ (i.e. Internet) and act as an ITR for traffic received from the public Internet.

If you configure the ipv6 proxy-itr command to enable PITR services, the PITR creates LISP-encapsulated packets when it sends a data packet to a LISP site, sends a data probe, or sends a map-request message. The outer (LISP) header address-family and source address are determined as follows:

• When the locator-hash function returns a destination (RLOC) in the following ways:

  • When a destination RLOC is returned within the IPv6 address family, then the address ipv6-local-locator value is used as the source address from the locator namespace.
  • When a destination RLOC is returned within the IPv4 address-family (assuming the optional address ipv4-local-locator is entered), it will be used as a source locator for encapsulation.

• When configuring a router as a LISP PITR, you must configure the ipv6 alt-vrf command (or ipv4 alt-vrf command for IPv4 EID mapping) regardless whether the device is connected to an ALT for the exchange of map requests or is configured as a standalone PITR on the same device as a LISP MS/MR.

Note

A router cannot be configured to perform ITR and PITR functions at the same time. It must be configured for one or the other purpose. A router that is configured as an ITR performs a check to verify that the source of any packet intended for LISP encapsulation is within the address range of a local EID prefix, whereas a router configured as a PITR does not perform this check. If a router is configured as an ITR using the ipv6 itr command and an attempt is made to also configure PITR functionality, an error indicating that ITR functionality must first be disabled is issued.

Note

When a device is configured as a non-ALT-connected PITR, it must also be configured with information defining the extent of the LISP EID space it is proxying for. This can be done using either static map-cache entries incorporating the map-request keyword, or by importing RIB routes using the ipv6 route-import map-cache command. The use of either method provides information to the non-ALT-connected PITR that allows it to send Map-Requests for destinations in order to determine their IPv4 EID-to-RLOC mappings, or negative-mapping results.

Usage Guidelines

When the ipv6 route-import database command is used with the optional route-map keyword and map-name argument, it specifies that imported IPv6 prefixes should be filtered according to the specified route map name and associated with the specified locator set.

When the ipv6 route-import database command is used without the optional route-map keyword, it specifies that all imported IPv6 prefixes should be filtered and associated with the specified locator set.

Usage Guidelines

When a device is configured as a PITR, it must be informed about the extent of the IPv6 LISP EID space for which it is proxying to provide a means for signaling the LISP control plane process (map-request generation) for populating the PITR IPv6 LISP map cache when it receives traffic.

If the PITR is configured to connect to an ALT infrastructure (see the ipv6 alt-vrf command), it will have full knowledge of the LISP IPv6 EID address space for which it is proxying. However, when a PITR is configured to use a map resolver for map-cache resolution, the LISP EID space for which it is proxying must be defined for the PITR to send map request messages for destinations needed to determine IPv6 EID-to-RLOC mappings or negative mapping results.

The ipv6 route-import map-cache command provides a simple mechanism to define the extent of IPv6 LISP EID space for the PITR by taking advantage of the existing static, the connected, the Interior Gateway Protocol (IGP) dynamic routing protocols (EIGRP, OSPF, OSPFv3), and RIP or the Border Gateway Protocol (BGP)-based routing infrastructure. (Prior to the ipv6 route-import map-cache command, static map-cache entries with the map-request keyword were required in order to drive the LISP control plane.)

The type of IPv6 LISP EID space can be configured using the ipv6 route-import map-cache command with the protocol argument to import all appropriate IPv6 EID prefixes. In both cases, an optional route-map keyword can be added to provide filtering to selective import-appropriate EID prefixes. The route-map keyword can match on any useful criteria such as community, tag, or local preference.

Note	If the ipv6 route-import map-cache command is configured to use BGP and then BGP is removed (using the no router bgp autonomous-system-number command), the corresponding ipv6 route-import map-cache bgp configuration is not automatically removed.

Note	See the clear ipv6 lisp route-import command for information about reimporting prefixes.

Usage Guidelines

When the ipv6 route-import map-cache command is configured, it may also be desired to configure a limit on the number of EID prefixes that can be imported by the PITR. This can be accomplished by configuring the ipv6 route-import maximum-prefix command. When the optional threshold value is specified, expressed as a percentage of the maximum limit, a warning message is generated when the number of IPv6 prefixes exceeds the threshold percentage. The warning-only keyword permits all prefixes to be imported but alerts the user when the threshold is exceeded.

Usage Guidelines

When a change occurs on an Egress Tunnel Router (ETR) for some attribute of an IPv6 EID prefix configured using the database-mapping command such as an associated RLOC, priority, or weight, the ETR will automatically attempt to inform all LISP sites with which it has recently been communicating of this change. The ETR informs the other xTRs (with which it has recently been communicating) by sending a map request with the SMR bit in the header set to on to the RLOC addresses of those other xTRs. The ETR obtains the RLOC addresses by reviewing its own IPv6 LISP map cache, which contains these entries for the most recent conversations.

When an xTR receives the SMR map-request message from the ETR, the default response of the xTRs is to send a new map-request message with the SMR bit cleared through the Mapping System (such as through the configured map resolver) to get an up-to-date mapping for the EID indicated in the SMR map request.

After the map reply is received by the ETR for the new map request, the xTR has an updated cache entry representing the changed state of the ETR that initially sent the SMR map request (as will all other xTRs that completed the SMR map-request process).

By default, xTRs process and respond to any map-request message that has the SMR bit set to on. Use the ipv6 solicit-map-request ignore command to disable this behavior, causing xTRs to ignore all map-request messages that have the SMR bit set to on. To restore SMR map-request handling capabilities, use the no form of this command.

Note	A LISP ITR responds to an SMR map request only when it has an existing IPv4 map-cache entry for the EID in the SMR map request. If it does not have an entry, the SMR map request is ignored.

Usage Guidelines

Use the ipv6 use-petr command to enable an Ingress Tunnel Router (ITR) or Proxy Ingress Tunnel Router (PITR) to use IPv6 PETR services. When the use of PETR services is enabled, instead of natively forwarding LISP endpoint identifier (EID) (source) packets destined to non-LISP sites, these packets are LISP-encapsulated and forwarded to the PETR. Upon receiving these packets, the PETR de-encapsulates them and then forwards them natively toward the non-LISP destination. An ITR or PITR can be configured to use PETR services.

PETR services may be necessary in several cases:

1. By default when a LISP site forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of an EID. When the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF) or an anti-spoofing access list, it may consider these packets to be spoofed and drop them since EIDs are not advertised in the provider core network. In this case, instead of natively forwarding packets destined to non-LISP sites, the ITR encapsulates these packets using its site locator(s) as the source address and the PETR as the destination address. (Note that packets destined for LISP sites will follow normal LISP forwarding processes and be sent directly to the destination ETR as normal.)

   Note

   The use of the ipv6 use-petr command does not change LISP-to-LISP or non-LISP-to-non-LISP forwarding behavior. LISP EID packets destined for LISP sites will follow normal LISP forwarding processes and be sent directly to the destination ETR as normal. Non-LISP-to-non-LISP packets are never candidates for LISP encapsulation and are always forwarded natively according to normal processes.

2. When a LISP IPv4 (EID) site needs to connect to a non-LISP IPv4 site and the ITR locators or some portion of the intermediate network does not support IPv4 (it is IPv6 only), the PETR can be used to traverse (hop over) the address family incompatibility, assuming that the PETR has both IPv4 and IPv6 connectivity. The ITR in this case can LISP-encapsulate the IPv4 EIDs with IPv6 locators destined for the PETR, which de-encapsulates the packets and forwards them natively to the non-LISP IPv4 site over its IPv4 connection. In this case, the use of the PETR effectively allows the LISP device to traverse the IPv6 portion of a network using the LISP mixed protocol encapsulation support.

   Note	Because LISP supports mixed protocol encapsulations, the locator specified for the PETR in this case can either be an IPv4 or IPv6 address.

Up to eight PETR locators can be entered per address family. When multiple entries are made, the packet forwarding behavior is as follows:

• When multiple PETRs are configured using the ipv6 use-petr command by itself (that is, without the optional priority and weight configurations), packets are sent to each PETR based on hash-based load sharing.

• When multiple PETRs are configured using the ipv6 use-petr command and including the optional priority and weight configurations, packets are sent to each PETR according the normal LISP priority and weight load sharing algorithms. The priority configuration is used to determine load-sharing among PETR resources when multiple PETRs are specified. The weight configuration is used to determine how to loadshare traffic between multiple PETRs of identical priority when multiple PETRs are specified. The value represents the percentage of traffic to be load-shared.

Note

The use of the ipv6 use-petr command by itself (that is, without the optional priority and weight configurations) and with the optional priority and weight configurations at the same time is not permitted. Only one method may be used. If the ipv6 use-petr command is already configured without priority and weight , adding an additional PETR entry that includes priority and weight is not permitted. All entries that do not include priority and weight must first be removed prior to adding any entries that include priority and weight .