• Save
Disaster management using lisp
 

Disaster management using lisp

on

  • 582 views

Cisco Theater presentation from Emc World 2013

Cisco Theater presentation from Emc World 2013

Statistics

Views

Total Views
582
Views on SlideShare
582
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Speaker notes:.Developer notes:.
  • Speaker notes:.Developer notes:.
  • Speaker notes:.Developer notes:.
  • FHRP IsolationThe last capability introduced by OTV is to filter FHRP (HSRP, VRRP, etc.) messages across the logical overlay. This is usually required to allow for the existence of the same default gateway in different locations and optimize the outbound traffic flows (server to client direction). This slide shows the deployment of independent default gateways in each data center site, to optimize and localize routing of outbound traffic flows.The filtering of FHRP messages across the overlay is a critical functionality to be enabled, because it allows applying the same FHRP configuration in different sites: the end result is that the same default gateway is available (i.e. characterized by the same virtual IP and virtual MAC addresses) in each data center. The main advantage is that if a host is moved between sites (for example as a consequence of vMotion), the outbound communication from the device can be established right away without requiring a refresh of the host ARP table information. Note that this mechanism control and improve the return traffic from the server to outside the world. The ingress traffic keeps going via the original DC.This assumes there is no statefull device concerned by the session.Note: OTV will provide a single command to enable the HSRP filtering functionality discussed above. However, this is not available in the first OTV software release; an alternative configuration (leveraging MAC access-control lists) can be implemented in the interim to achieve the same result

Disaster management using lisp Disaster management using lisp Presentation Transcript

  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Disaster Management Using LISPBrian FarnhamCo-Sponsoredby Intel®
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2InternetDevice IPv4 or IPv6 addressrepresents identity andlocationToday’s Internet BehaviorLoc/ID “overloaded” semanticx.y.z.1 When the device moves, it gets a new IPv4or IPv6 address for its new identity andlocationw.z.y.9Device IPv4 or IPv6address representsidentity only.When the device moves, keeps its IPv4 orIPv6 address.It has the same identityLISP BehaviorLoc/ID “split”Interneta.b.c.1e.f.g.7Only the location changesx.y.z.1x.y.z.1Its location is here!Location Identity Separation ProtocolWhat do we mean by “location” and “identity”?
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3A LISP Packet WalkHow Does LISP Operate?Non-LISP siteEast-DCLISP siteIP NetworkETREID-to-RLOCmapping172.16.1.1 172.16.2.11.1.1.13.3.3.3172.16.10.12.2.2.210.2.0.0/24172.16.3.1 172.16.4.110.1.0.0/24West-DCPiTR4.4.4.410.3.0.0/24Non-LISP siteITRSDDNS entry:D.abc.com A 10.1.0.1110.3.0.1 -> 10.1.0.12EID-prefix: 10.1.0.0/24Locator-set:172.16.1.1, priority: 1, weight: 50 (D1)172.16.2.1, priority: 1, weight: 50 (D2)MappingEntry3This policy controlledby destination site10.3.0.1 -> 10.1.0.1172.16.10.1 -> 172.16.1.1410.3.0.1 -> 10.1.0.15
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4LISP Roles• Tunnel Routers - xTRs• Edge devices in charge ofencap/decap• Ingress/Egress Tunnel Routers(ITR/ETR)• EID to RLOC Mapping DB• Contains RLOC to EID mappings• Distributed across multiple MapServers (MS)• MS may connect over an ALTnetwork• Proxy Tunnel Routers - PxTR• Coexistence between LISP and non-LISP sites• Ingress/Egress: PiTR, PeTRAddress Spaces• EID = End-point Identifier• Host IP or prefix• RLOC = Routing Locator• IP address of routers in the backbonePrefix Next-hopw.x.y.1 e.f.g.hx.y.w.2 e.f.g.hz.q.r.5 e.f.g.hz.q.r.5 e.f.g.hMapping DBITRETRNon-LISPEID SpaceEID SpaceRLOC SpaceEID RLOCa.a.a.0/24 w.x.y.1b.b.b.0/24 x.y.w.2c.c.c.0/24 z.q.r.5d.d.0.0/16 z.q.r.5EID RLOCa.a.a.0/24 w.x.y.1b.b.b.0/24 x.y.w.2c.c.c.0/24 z.q.r.5d.d.0.0/16 z.q.r.5EID RLOCa.a.a.0/24 w.x.y.1b.b.b.0/24 x.y.w.2c.c.c.0/24 z.q.r.5d.d.0.0/16 z.q.r.5ALTPxTRLISP Roles and Address SpacesWhat are the Different Components Involved?
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5LISP Mapping DatabaseThe basics – Registration and ResolutionWest-DC East-DCX ZYY10.1.0.210.1.0.0 /16 10.2.0.0/16Map Server / Resolver:1.1.1.1A B C DLISP siteiTR10.1.0.0/16 -> (A, B)Database Mapping Entry (on ETR):10.2.0.0/16 -> (C, D)Database Mapping Entry (on ETR):eTReTR eTReTRMap-Reply10.1.0.0/16 -> (A, B)10.1.0.0/16-> (A, B)Mapping Cache Entry (on ITR):
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6• The new xTR checks the source of received traffic• Configured dynamic-EIDs define which prefixes may roamWest-DC East-DCLISP-VM (xTR)X ZYYMapping DB10.1.0.210.1.0.0 /16 10.2.0.0/161.1.1.1 2.2.2.2lisp dynamic-eid roamerdatabase-mapping 10.1.0.0/24 <RLOC-C> …database-mapping 10.1.0.0/24 <RLOC-D>map-server 1.1.1.1 key abcdinterface vlan 100lisp mobility roamerA B C DReceived a packet …… it’s from a “new” host… it’s in the dynamic-EID allowed range…It’s a move!Register the /32 with LISPLISP VM-Mobility – Move DetectionMonitor the Source of Received Traffic
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7• When a host move is detected, updates are triggered:The host-to-location mapping in the Database is updated to reflect the new locationThe old eTR is notified of the moveiTRs are notified to update their Map-caches• Ingress routers (iTRs or PiTRs) now send traffic to the new location• Transparent to the underlying routing and to the hostWest-DC East-DCLISP-VM (xTR)X ZYYMapping DB10.1.0.210.1.0.0 /16 10.2.0.0 /16A B C DLISP sitexTR10.1.0.0/16 – RLOC A, B10.1.0.2/32 – RLOC C, DLISP VM-Mobility – Traffic RedirectionUpdate location mappings for the host system wide
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8Routing for extended subnetsActive-Active Data CentersDistributed ClustersIP mobility across subnetsDisaster RecoveryCloud BurstingLive moves with LAN Extension Cold moves without LAN ExtensionWest-DC East-DCNon-LISPsiteIP NetworkMapping DBLISP-VM (xTR)LAN ExtensionLISP sitexTRWest-DC East-DCLISP siteInternet or SharedWANxTRMapping DBDR Location or CloudProvider DCLISP-VM (xTR)Application Members DistributedLive movesApplication Members in one locationCold movesLAN ExtensionVM-Mobility ScenariosWhich technologies, when?
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9• Layer 2 extensions represent a challenge for optimal routing• Challenging placement of gateway and advertisement of routing prefix/subnetWANPath OptimizationOptimal Routing Challenges9HSRPActiveHSRPStandbyHSRP FilterHSRPActiveHSRPStandbyEast-West /Server-ServerEgress:South-North /Server-ClientEgress:South-North /Server-ClientIngress:North-South /Client-ServerIngress:North-South /Client-Server
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialLocation ID/Separation Protocol(LISP)Next Generation Networking ArchitectureUse-cases DCI route optimization/mobility Workload Portability to Cloud Secure Multi-tenancy across organizations Rapid IPv6 Deployment Route scaling Single network architecture delivers: VM Mobility (topology independent addressing) Security: VPNs/Multi-tenancy Route Scalability (on demand routing) IPv6 enablement, Routing Policy simplificationBenefits Services integrated in a single architecture Services can be offered across organizational boundaries(multiple providers) Very large scale Open model to integrate with cloud orchestrators
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11Bullet Slide• Bullet copy• Bullet copy• Bullet copy
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12• Bullet copy• Bullet copy• Bullet copy• Bullet copy• Bullet copy• Bullet copy• Bullet copyHeavy Bullet Slide
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13Segue Slide
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14• Twitter: @ciscoDC• Facebook.com/CiscoDC• Video: http://www.youtubecisco.com/datacenter• Cisco blog: http://blogs.cisco.com/datacenter• Slideshare: http://slideshare.com/CiscoDataCenterIn Collaboration with Intel®Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
  • © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15