An Introduction to Cisco OTV (IOS Advantage Webinar)

7,853 views

Published on

Cisco Overlay Transport Virtualization (OTV), a technology that significantly simplifies Data Center Interconnect (DCI) deployments by extending Ethernet LANs between multiple sites over any network, making multiple data centers look like one logical data center.

We will discuss the OTV architecture in detail, including its many benefits. This session will highlight some key advantages of the new implementation on the Cisco ASR 1000 series router as well as a side-by-side comparison with the current Nexus 7000 implementation.

Published in: Technology, Education

An Introduction to Cisco OTV (IOS Advantage Webinar)

  1. 1. Cisco IOS Advantage Webinars Simplifying Data Center Interconnect with Overlay Transport Virtualization (OTV) Peter Lam Patrick Warichet We’ll get started a few minutes past the top of the hour. Note: you may not hear any audio until we get started.© 2012 Cisco and/or its affiliates. All rights reserved. 1
  2. 2.  Speakers  Panelists  Peter Lam  Peter Lam Product Manager,  Anoop Dawani Network Operation System  Mostafa Mansour Group (NOSTG)  Suresh Katukam lamp@cisco.com  Patrick Warichet Technical Manager, Network Operating System Group (NOSTG) pwariche@cisco.com© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  3. 3. • Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists• For Webex audio, select COMMUNICATE > Join Audio Broadcast• For Webex call back, click ALLOW Phone button at the bottom of Participants side panel• Where can I get the presentation? https://communities.cisco.com/docs/DOC-28415 Or send email to: ask_iosadvantage@cisco.com• Please fill in Survey at end of event• Join us on April 4 for our next IOS Advantage Webinar: Network Automation Techniques Using Embedded Event Manager (EEM)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  4. 4.  OTV General Overview OTV Technical Details LISP General Overview LISP for Inter-DC Workload Mobility© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  5. 5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  6. 6. Transport dependent Data Center Interconnect (DCI) Bandwidth management Failure containment Complex operations Many Physical Sites One Logical Data Center© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  7. 7. OTV delivers a virtual L2 transport over any L3 Infrastructure Overlay - Independent of the Infrastructure O technology and services, flexible over various inter-connect facilities T Transport - Transport services for Layer 2 and Layer 3 Ethernet and IP traffic Virtualization - Provides virtual stateless V multi-access connections. Can be further partitioned into VPNs, VRFs, VLANs© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  8. 8. • Seamless workload mobility • Business Continuity • Pool and maximize global resources • Distributed applications© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  9. 9. • Applications (running in the VMs) use non-routable traffic e.g. Node Discovery & Heartbeats in clustered Applications • With Virtualization, application members may be distributed across Data-centers • Moving and distributing application members across locations should not break the application Application Traffic (Non Routable) Node Discovery Heartbeats Hypervisor Hypervisor Control Traffic Hypervisor© 2012 Cisco and/or its affiliates. All rights reserved. Network Cisco Public 9
  10. 10. EoMPLS Dark Fiber VPLS© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  11. 11.  Traditional Layer 2 VPN technologies rely on flooding to propagate MAC reachability  The flooding behavior causes failures to propagate to every site in the Layer 2 VPN x2 Site A Site C MAC 1 MAC 1 propagation Site B Our goal… Providing layer 2 connectivity, yet restrict the reach of the unknown unicast flooding domain in order to contain failures and preserve the resiliency© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  12. 12.  Before any learning can happen a full mesh of pseudo-wires/ tunnels must be in place  For N sites, there will be N*(N-1)/2 pseudo-wires. Complex to add and remove sites  Head-end replication for multicast and broadcast. Sub-optimal BW utilization Our goal… providing point-to-cloud provisioning and optimal bandwidth utilization in order to reduce cost© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  13. 13. • Requires additional protocols (BGP, ICC, EEM) • STP often extended • Malfunctions impact all sites Active Active L2 Site L2 VPN L2 Site Our goal… natively providing automatic detection of multi-homing without the need of extending the STP domains, together with a more efficient load-balancing© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  14. 14. Circuits + Data Plane Flooding Packet + Control Protocol Learning Data Data Data Data Center Center Center I Center I II II L3 L3 L2 L2 B B A B C D A B C D A C D A C D Full mesh of circuits (pseudo-wires)  Packet switched connectivity MAC learning based on flooding  MAC learning by control protocol Tunnels and Pseudo-wires  Dynamic Encapsulation Operationally Challenging  Operational simplification Loop prevention and multi-homing Automatic loop prevention & multi- must be provided separately homing Traditional L2 VPNs MAC Routing Cisco Public 14© 2012 Cisco and/or its affiliates. All rights reserved.
  15. 15. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  16. 16. 4 MAC TABLE Transport MAC TABLE Infrastructure VLAN MAC IF VLAN MAC IF Decap IP A 100 MAC 1 Eth 2 3 5 IP B 100 MAC 1 IP A 2 100 OTV MAC 2 Eth 1 OTV Encap OTV 100 OTV MAC 2 IP A 6Layer 2 MAC 1  MAC 3 IP A  IP B Layer 2 100 MAC 3 IP B MAC 1  MAC 3 IP A  IP B 100 MAC 3 Eth 3Lookup Lookup 100 MAC 4 IP B 100 MAC 4 Eth 4 MAC 1  MAC 3 MAC 1  MAC 3 MAC 1 West East MAC 3 Site Site 1 7 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  17. 17. Encapsulation • OTV encapsulation adds 42 Bytes to the packet IP MTU size Outer IP Header and OTV Shim Header in addition to original L2 Header stripped off of the .1Q header • The outer OTV shim header contains information about the overlay (VLAN, overlay number) • The 802.1Q header is removed from the original frame and the VLAN field copied over into the OTV shim header 802.1Q header removed 802.1Q 802.1Q Ether DMAC SMAC Type Ether L2 DMAC SMAC Type IP Header OTV Shim Header CRC 6B 6B 2B 20B 8B 14B* Payload 4B Original L2 Frame* The 4Bytes of .1Q header have already been removed 20B + 8B + 14B* = 42Byte of total overhead © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  18. 18. The OTV Control Plane • No unknown unicast flooding • Control Plane Learning with proactive MAC advertisement • Background process with no specific configuration • IS-IS used between OTV Edge Devices. MAC Addresses OTV Advertisements OTV IP A IP B West East IP C OTV South© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  19. 19. Neighbor Discovery and Adjacency Formation • Before any MAC address can be advertised the OTV Edge Devices must: Discover each other Build a neighbor relationship with each other • Neighbor Relationship built over a transport infrastructure: Multicast-enabled (all shipping releases) Unicast-only (NX-OS with release 5.2 or higher)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  20. 20. Route (MAC) Advertisements (over Multicast Transport) Craft OTV2 update with new MACs VLAN MAC IF Update A OTV 100 Update A 100 100 MAC A MAC B MAC C IP A IP A IP A 6 OTV Update A IP A  G Multicast-enabled Update A IP A  G Transport East West 3 MAC Table 5 MAC Table Encap Decap VLAN MAC IF 100 MAC A IP A VLAN MAC IF 100 MAC A e1/1 4 100 MAC B IP A 100 MAC C IP A 100 MAC B e1/1 Update A IP A  G 100 MAC C e1/1 Update A IP A  G Add MACs learned through OTV 1 Decap New MACs 7 learned in 5 OTV OTV VLAN Update A IP A  G 7 VLAN 100 MAC IF MAC A IP A MAC Table 6 Update A 100 MAC B IP A 100 MAC C IP A South VLAN MAC IF Add MACs 100 MAC A IP A learned 100 MAC B IP A 100 MAC C IP A through OTV © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  21. 21. OTV over a Multicast Transport with NX-OS • Minimal configuration required to get OTV up and running Activate the OTV featurefeature otv feature otvotv site-vlan 99 otv site-vlan 99interface Overlay1 Wan facing interface Overlay1 description WEST-DC Interface description EAST-DC otv join-interface e1/1 otv join-interface e1/1.10 otv control-group 239.1.1.1 otv control-group 239.1.1.1 otv data-group 232.192.1.0/24 otv data-group 232.192.1.0/24 otv extend-vlan 100-150 OTV otv extend-vlan 100-150 OTV VLAN extended IP A IP B West East IP C feature otv OTV otv site-vlan 99 interface Overlay1 description SOUTH-DC South otv join-interface Po16 otv control-group 239.1.1.1 otv data-group 232.192.1.0/24 otv extend-vlan 100-150© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  22. 22. OTV over a Multicast Transport with IOS-XE • Minimal configuration required to interface Overlay0 description EAST-DC get OTV up and running no ip address otv control-group 239.140.5.1 otv data-group 232.1.1.0/28 otv join-interface TenGig0/0/0 OTV otv vpn-name ASR1K-001 service instance 10 ethernet OTV encapsulation dot1q 10 bridge-domain 10 IP A ! IP B West interface TenGig0/0/0 East ip address 10.10.10.2 255.255.0.0 interface Overlay0 ip pim passive description WEST-DC IP C ip igmp version 3 no ip address OTV otv control-group 239.140.5.1 otv data-group 232.1.1.0/28 otv join-interface TenGig0/0/0 South otv vpn-name ASR1K-001 feature otv service instance 10 ethernet otv site-vlan 99 encapsulation dot1q 10 interface Overlay1 bridge-domain 10 description SOUTH-DC ! otv join-interface Po16 interface TenGig0/0/0 otv control-group 239.140.5.1 ip address 10.10.10.1 255.255.0.0 otv data-group 232.1.1.0/28 ip pim passive otv extend-vlan 10 ip igmp version 3© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  23. 23. CLI Verification on NX-OS  Establishment of control plane adjacencies between OTV Edge Devices: dc1-agg-7k1# show otv adjacency Overlay Adjacency database Overlay-Interface Overlay100 : Hostname System-ID Dest Addr Up Time Adj-State dc2-agg-7k1 001b.54c2.efc2 20.11.23.2 6d13h UP dc1-agg-7k2 001b.54c2.e1c3 20.12.23.2 6d13h UP dc3-ASR1K-1 5475.d098.2200 20.13.23.2 6d13h UP  Unicast MAC reachability information: dc1-agg-7k1# show otv route OTV Unicast MAC Routing Table For Overlay100 VLAN MAC-Address Metric Uptime Owner Next-hop(s) ---- -------------- ------ -------- --------- ----------- 2001 0000.0c07.ac01 1 3d15h site Ethernet1/1 2001 0000.1641.d70e 1 3d15h site Ethernet1/2 Local Site 2001 0000.49f3.88ff 42 2d22h overlay dc2-agg-7k1 MAC 2001 0000.49f3.8900 42 2d22h overlay dc2-agg-7k2 Remote Site MAC© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  24. 24. CLI Verification on IOS-XE  Verification of the Status on OTV edge interface and control plane adjacencies dc3-ASR1K-1 #show otv summary OTV Configuration Information, Site Bridge-Domain: 10 Overlay VPN Name Control Group Data Group(s) Join Interface State 100 DCI-001 239.140.5.1 232.1.1.0/28 Te0/0/0 UP Total Overlay(s): 1 dc3-ASR1K-1 #show otv adjacency Overlay 100 Adjacency Database Hostname System-ID Dest Addr Up Time State dc2-agg-7k1 001b.54c2.efc2 20.11.23.2 6d13h UP dc1-agg-7k2 001b.54c2.e1c3 20.12.23.2 6d13h UP dc1-agg-7k1 001b.54c2.eed3 20.10.23.1 6d18h UP  Unicast MAC reachability information: dc3-ASR1K-1# show otv route Codes: BD - Bridge-Domain, AD - Admin-Distance, SI - Service Instance, * - Backup Route OTV Unicast MAC Routing Table for Overlay100 Inst VLAN BD MAC Address AD Owner Next Hops(s) ----------------------------------------------------------- Remote Site 0 10 10 0001.cafe.0001 50 ISIS dc2-agg-7k1 MAC Local Site 0 10 10 0000.1234.0001 40 BD Eng Gi0/2/0:SI10 MAC© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  25. 25. NX-OS release 5.2 Neighbor Discovery (Unicast-Only Transport) and above • Ideal for connecting two or three sites • With a higher number of sites a multicast transport is the best choice Unicast-only Transport OTV OTVOTV Control Plane OTV Control Plane IP A IP B West East The mechanism The end result  Edge Devices (EDs) register with  Neighbor Discovery is automated an “Adjacency Server” ED by the “Adjacency Server”  EDs receive a full list of Neighbors  All signaling must be replicated for (oNL) from the AS each neighbor  OTV hellos and updates are  Data traffic must also be replicated encapsulated in IP and unicast to at the head-end each neighbor © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  26. 26. NX-OS release 5.2 Neighbor Discovery (Unicast-Only Transport) and above • OTV “adjacency server” provides support over unicast core • Adjacency server is a process that can run on any OTV edge device • Advertises IP of each Edge Device (ED) to all other EDs (OTV neighbor list – oNL) Site 2 Site 3 IP C IP B oNL Site 1 Site 1, IP A Site 2, IP B Unicast-Only Site 3, IP C Transport Site 4, IP D IP A Site 5, IP E Adjacency IP E IP D Server Mode * A redundant pair may be configured Site 5 Site 4© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
  27. 27. NX-OS release 5.2 MAC Advertisements (Unicast-Only Transport) and above • A single update needs to be created for each destination Edge Device present on the Overlay • Same for the sites’ multicast and broadcast packets to be sent to the other sites 4 VLAN MAC IF 1 100 MAC A IP A 3 New MACs are 100 MAC B IP Alearned on VLAN 100 2 100 MAC C IP A Vlan 100 MAC A 3 Vlan 100 MAC B Core East Vlan 100 MAC C IP A 4 VLAN MAC IF West 100 MAC A IP A OTV update is replicated 3 100 MAC B IP A oNL East, IP B at the head-end 100 MAC C IP A Sout-East, IP C South-East© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
  28. 28. NX-OS release 5.2 OTV over an unicast-only transport and above • Establishing a DCI has never been this simplefeature otv feature otvotv site-vlan 99 otv site-vlan 99interface Overlay1 interface Overlay1 description WEST-DC description EAST-DC otv join-interface e1/1 otv join-interface e1/1.10 otv adjacency-server local otv adjacency-server 10.1.1.1 otv extend-vlan 100-150 otv extend-vlan 100-150 OTV OTV feature otv otv site-vlan 99 IP A interface Overlay1 IP B West description SOUTH-DC East otv join-interface Po16 otv adjacency-server 10.1.1.1 otv extend-vlan 100-150 IP C OTV South © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  29. 29. Site Independence • OTV is site transparent: no changes to the STP topology • Each site keeps its own STP domain • This functionality is built-in into OTV and no additional configuration is required • An Edge Device will send and receive BPDUs ONLY on the OTV Internal Interfaces OTV OTV L3 L2 The BPDUs The BPDUs stop here stop here© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  30. 30. No longer unknown unicast storms across the DCI • No requirements to forward unknown unicast frames • OTV does not forward unknown unicast frames to the overlay. This is achieved without any additional configuration • The assumption here is that the end-points connected to the network are not silent or uni-directional MAC TABLE VLAN MAC IF OTV OTV 100 MAC 1 Eth1 100 MAC 2 IP B L3 No MAC 3 in the - - - L2 MAC Table MAC 1  MAC 3© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  31. 31. ARP Neighbor-Discovery (ND) Cache • An ARP cache is maintained by every OTV edge device and is populated by snooping ARP replies • Initial ARP requests are broadcasted to all sites, but subsequent ARP requests are suppressed at the Edge Device and answered locally • ARP traffic spanning multiple sites can thus be significantly reduced 2 ARP 5 ARP reply on reply 4 Subsequent behalf of ARP requests remote server (IP A) (IP A) OTV Transport OTV Network 1 3 First ARP Snoop & request ARP Cache cache (IP A) ARP MAC 1 IP A reply MAC 2 IP B© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  32. 32. • The detection of the multi-homing is fully automated and it does not require additional protocols and configuration • The Edge Devices within a site discover each other over the “otv site- vlan” • OTV elects one of the Edge Devices to be the Authoritative Edge Device (AED) for a subset of the extended VLANs • The AED is responsible for: MAC addresses advertisement for its VLANs Forwarding its VLANs’ traffic inside and outside the site AED OTV OTV Internal peering for AED election© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
  33. 33. NX-OS release 5.2 Introducing OTV site-identifier and above • All devices on a site must be configured with a common site-identifier • The site-id information is included in the control plane • Makes OTV multi-homing more robust and resilient to user configuration errors Site Adjacency and Overlay Adjacency are now both leveraged for AED election • An overlay will not come up until a site-id is configured Warning: ISSU to 5.2 results in an overlay down condition until site-ids are manually configured Overlay Adjacency NX-OS AED AED OTV OTV feature otv otv site-identifier 0x1 otv site-vlan 99 Site Adjacency IOS-XE otv site-identifier 0x1 otv bridge-domain 99© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  34. 34. NX-OS Release 5.2 and above With Mechanism to proactively advertise AED capability I’m not AED Capable AED for VLAN AED for VLAN AED for VLAN AED election begins. Adjacency Up. X, Y, Z A,B,C X, Y, Z Exclude Overlay Adjacency EDs AED election process begins non-AED capable A, B, C• Provides additional resiliency• Avoid single point of failure of OTV OTV site-vlan going down• Proactively inform neighbors about local failures • Join interface down Site Adjacency • Internal Vlans down • AED down or initializing• Vlans are split across EDs as long as • At least one adjacency is up & • EDs are AED capable© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  35. 35. NX-OS Release 5.2 and above Things to be aware of... • Site-id is mandatory • If not configured, no overlay will come up • Holds true for single-homed site as well • EDs in same site MUST be configured with same site-id • If mismatch detected, all overlays will come down until this error is fixed • Site-id is not generated by default. • Two formats for site-id • Flat Hexadecimal: <1-ffffffffffff> • MAC address format: nnnn.nnnn.nnnn • Site-id is always displayed in MAC address format (0000.0000.0256)  Site-id “0” is not acceptable© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  36. 36. VLAN Splitting between Edge Devices • VLANs are split between the OTV Edge Devices belonging to the same site • Achieved via a very deterministic algorithm (not configurable). In a dual- homed site: Lower IS-IS System-ID (Ordinal 0) = EVEN VLANs Higher IS-IS System-ID (Ordinal 1) = ODD VLANs • Future functionality will allow to tune the behavior NX-OS AED AED OTV-ED# show otv site ODD VLANs EVEN VLANs Site Adjacency Information (Site-VLAN: 1999) OTV OTV (* - this device) Overlay100 Site-Local Adjacencies (Count: 2) Hostname System-ID Ordinal ---------------- ---------------- ------- dc2a-agg-7k2-otv 001b.54c2.e142 0 * dc2a-agg-7k1-otv 0022.5579.0f42 1 IOS-XE ASR1K-ED1# show otv site Site Adjacency Information (Site Bridge-Domain: 10) Overlay0 Site-Local Adjacencies (Count: 2) Hostname System ID Last Change Ordinal AED Enabled Status * ASR1K-ED1 C47D.4FB3.F500 6d22h 1 site overlay ASR1K-ED2 5475.D098.2200 6d22h 0 site overlay© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  37. 37. AED and Broadcast Handling • Broadcast reaches all the Edge Devices within the site • Only the AED for that VLAN forwards the traffic to the overlay • All the Edge Devices at the other sites receive the broadcast • Only the AED at the remote sites will forward the packet from the overlay into the site OTV Broadcast OTV Broadcast stops here stops here OTVBcast OTV Core pkt AED AED © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  38. 38. AED VM Moves OTV 1 OTV MAC X MAC X West OTV EastMAC X OTV ESXESX MAC X MAC X MAC X AED AED 2.3 OTV OTV AED advertises MAC X 2 MAC X with a metric of zero MAC X OTV East MAC X West OTV ESXESX MAC X MAC X MAC X MAC X AED Server originates a AED detects Gratuitous ARP 2.2 (GARP) frame 2.1 MAC X is now local © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  39. 39. 2.4 AED OTV EDs in site West see MAC X advertisement with a OTV better metric from site East and change them to 2 MAC X remote MAC address. MAC X MAC X OTV East West OTV ESXESX MAC X MAC X MAC X MAC X AED 3.2 AED in site West forwards the GARP into the site and the L2 switches update AED OTV their CAM tables OTV 3 MAC X MAC X MAC X MAC X OTV East West OTV ESX MAC XESX MAC X MAC X MAC X AED in site East AED 3.1 forwards the GARP broadcast frame across the overlay © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  40. 40. Real Problems Solved by OTV North Data  Extensions over any transport Fault Center Fault Domain Domain  No Re-design required  Failure boundary preservation  Site independence / isolation  Optimal BW utilization (no head-end replication) LAN Extension  Resiliency/multihoming  Built-in end-to-end loop prevention  Multisite connectivity (inter and intra DC)  Scalability Only 5 CLI commands  VLANs, sites, MACs  ARP, broadcasts/floods Fault Fault  Operations simplicity Domain Domain South Data Center© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  41. 41. Optimal Routing Challenges • Layer 2 extensions represent a challenge for optimal routing • Challenging placement of Ingress Routing gateway and advertisement of Localization: Clients- routing prefix/subnet Server Hypervisor Hypervisor Egress Routing Localization: Server-Server Egress Routing Localization: Server-Client Server-Client© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  42. 42. • Extended VLAN typically has associated HSRP group • Only one HSRP router active, with all servers pointing to HSRP VIP as default gateway • Result: sub-optimal (trombone) routing HSRP Hellos HSRP HSRP HSRP HSRP Active Standby Listen Listen VLAN VLAN 20 10© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
  43. 43. FHRP Filtering Solution • Filter FHRP with combination of VACL and MAC route filter • Result: Still have one HSRP group with one VIP, but now have active router at each site for optimal first-hop routing HSRP Hellos HSRP Hellos HSRP Filtering HSRP HSRP HSRP HSRP Active Standby Active ARP Standby reply ARP for HSRP VIP VLAN VLAN 20 10© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  44. 44. FHRP Localization – Egress Path Optimization ISP A Layer 3 Core ISP B Data Center Data Center A B HSRP HSRP HSRP HSRP Active Standby HSRP Filtering Active Standby Public Network Agg VLAN A  Asymmetrical flows  No Stateful device Access  Low ingress trafficNode A HA cluster Node A HA cluster Node B Cluster VIP = 10.1.1.100 Preempt Default GW = 10.1.1.1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
  45. 45. Ingress Traffic Localization: Client to Server Traffic DCI LAN Extension West East Hypervisor HypervisorChallenge Options• Subnets are spread across locations  DNS Based• Subnet information in the routing tables 1. DNS redirection with ACE/GSS is not specific enough  Routing Based• Routing doesn’t know if a server has 2. Route Injection moved between locations 3. LISP• Traffic may be sent to the location where the application is not available © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  46. 46. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
  47. 47. Location Identity Separation Protocol What Do We Mean by “Location” and “Identity”? Today’s Internet Behavior Loc/ID “overloaded” semantic Internet x.y.z.1 When the device moves, it gets a new IPv4 or IPv6 address for Device IPv4 or IPv6 its new identity and location address representsidentity and location w.z.y.9 LISP Behavior Loc/ID “split” Internet x.y.z.1 When the device moves, keeps a.b.c.1 its IPv4 or IPv6 address.Device IPv4 or IPv6 It has the same identityaddress represents e.f.g.7 identity only. x.y.z.1 Its location is here! Only the location changes © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
  48. 48. A LISP Packet Walk How Does LISP Operate? 3 EID-prefix: 10.1.0.0/24 Mapping Locator-set: Entry 172.16.1.1, priority: 1, weight: 50 (D1) Non-LISP site This policy controlled1 Non-LISP site 172.16.2.1, priority: 1, weight: 50 (D2) by destination site DNS entry: D.abc.com A 10.1.0.1 10.3.0.0/24 LISP site S ITR PiTR 2 172.16.10.1 4.4.4.4 10.3.0.1 -> 10.1.0.1 IP Network 3.3.3.3 EID-to-RLOC 4 mapping 1.1.1.1 2.2.2.2 172.16.10.1 -> 172.16.1.1 10.3.0.1 -> 10.1.0.1 172.16.1.1 172.16.2.1 172.16.3.1 172.16.4.1 ETR 5 West-DC East-DC 10.3.0.1 -> 10.1.0.1 D 10.1.0.0/24 10.2.0.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
  49. 49. A LISP Packet Walk 3 EID-prefix: 10.1.0.0/24 How about non-LISP sites? Mapping Locator-set: Entry 172.16.1.1, priority: 1, weight: 50 (D1) 1 DNS entry: 172.16.2.1, priority: 1, weight: 50 (D2) D.abc.com A 10.1.0.1 Non-LISP site Non-LISP site S 2 192.3.0.1 -> 10.1.0.1 PiTR 4.4.4.4 4 3.3.3.3 4.4.4.4- > 172.16.1.1 EID-to-RLOC mapping 192.3.0.1 -> 10.1.0.1 1.1.1.1 2.2.2.2 IP Network 172.16.1.1 172.16.2.1 172.16.3.1 172.16.4.1 ETR 5 West-DC East-DC 192.3.0.1 -> 10.1.0.1 D 10.1.0.0/24 10.2.0.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  50. 50. LISP Overview LISP Header Format draft-ietf-lisp-05Outer IP Header(20 Bytes):Router suppliedRLOCsUDP Header(8 Bytes)LISP Header(8 Bytes)Inner IP Header:Host supplied IDs Overall IP MTU Increase: 36 Bytes© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  51. 51. LISP Roles and Address Spaces Mapping What are the Different Components Involved? DB EID a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 RLOC w.x.y.1 x.y.w.2 z.q.r.5 d.d.0.0/16 z.q.r.5 LISP Roles EID a.a.a.0/24 b.b.b.0/24 RLOC w.x.y.1 x.y.w.2 c.c.c.0/24 z.q.r.5 EID Space d.d.0.0/16 z.q.r.5 • Tunnel Routers - xTRs EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 • Edge devices in charge c.c.c.0/24 d.d.0.0/16 z.q.r.5 z.q.r.5 of encap/decap ITR • Ingress/Egress Tunnel Non-LISP ALT Routers (ITR/ETR) Prefix Next-hop w.x.y.1 x.y.w.2 e.f.g.h e.f.g.h z.q.r.5 e.f.g.h z.q.r.5 e.f.g.h • EID to RLOC Mapping DB • Contains RLOC to EID PxTR RLOC Space mappings ETR • Distributed across multiple Map Servers (MS) EID Space • MS may connect over an ALT network • Proxy Tunnel Routers - PxTR Address Spaces • EID = End-point Identifier • Coexistence between LISP and non-LISP sites • Host IP or prefix • Ingress/Egress: PiTR, • RLOC = Routing Locator PeTR • IP address of routers in the backbone© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
  52. 52. The basics – Registration and Resolution LISP site Mapping Cache Entry (on ITR): 10.1.0.0/16-> (A, B) iTR Map Server / Resolver: 1.1.1.1 Map-Reply 10.1.0.0/16 -> (A, B) A B C DDatabase Mapping Entry (on ETR): eTR eTR eTR eTR Database Mapping Entry (on ETR): 10.1.0.0/16 -> (A, B) 10.2.0.0/16 -> (C, D) West-DC East-DC 10.1.0.0 /16 10.2.0.0/16 Y X Y Z 10.1.0.2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  53. 53. Servers Basic LISP Configuration ip lisp map-resolver ip lisp map-server lisp site west-DC authentication-key 0 s3cr3t eid-prefix 10.1.0.0/24 Border Routers Between Backbones ip lisp proxy-itr ip lisp itr map-resolver 3.3.3.3 Non-LISP sites LISP site PiTR iTR 3.3.3.3 Branch Routers 172.16.10.1 ip lisp itr Mapping DB ip lisp itr map-resolver 3.3.3.3 1.1.1.1 2.2.2.2 IP Network DC Aggregation Routers ip lisp etr 172.16.1.1 172.16.2.1 ip lisp database-mapping 10.1.0.0/24 172.16.1.1 … ip lisp database-mapping 10.1.0.0/24 172.16.2.1 … ip lisp etr map-server 1.1.1.1 key s3cr3t ip lisp etr map-server 2.2.2.2 key s3cr3t eTR West-DC East-DC 10.1.0.0/24Usually devices will be configured as iTRs and eTRsto handle traffic in both directionsWe illustrate only one direction for simplicity RLOC EID LISP encap/decap © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
  54. 54. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
  55. 55. VM-Mobility Scenarios Which technologies, when? Live moves with LAN Extension Cold moves without LAN Extension Non-LISP LISP Site LISP Site Site xTR xTR DR Location or Mapping DB Mapping DB Cloud Provider IP Network DC Internet or Shared WAN OTV LISP-VM (xTR) LISP-VM (xTR) West-DC East-DC West-DC East-DC Routing for extended subnets IP mobility across subnets Active-Active Data Centers Disaster Recovery Distributed Clusters Cloud Bursting Application Members Distributed Application Members in one location Live moves Cold moves© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
  56. 56. LISP Sites vs. Data Center Sites With or Without Extended Subnets A B C DWithout Extended SubnetsDifferent subnets  West-DC East-DC 10.1.0.0 /16 10.2.0.0 /16Different LISP sites X Y ZA LISP site = A DC site LISP site LISP siteMove across DC/LISP sites DC site DC siteWith Extended Subnets A B C DSingle subnet Single LISP site OTV West-DC East-DC 10.1.0.0 /16 10.1.0.0 /16One LISP site = X Y ZMultiple DC sites Extended LISP siteMove within a LISP site DC site DC siteand across DC sites © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
  57. 57. LISP VM-Mobility - First Hop Routing With Extended Subnets • Consistent GWY-IP and GWY-MAC configured across all sites Consistent HSRP group number across sites  consistent GWY-MAC • Servers can move anywhere and always talk to a local gateway with the same IP/MAC interface vlan 100 interface vlan 100 ip address 10.1.0.5/24 interface vlanaddress 10.1.0.7/24 ip 200 lisp mobility roamer ip address 10.2.0.8/24 roamer lisp mobilityinterface Ethernet2/4 lisp mobility extended-subnet-mode lisp roamer lisp extended-subnet-mode ip address 10.1.0.6/24 hsrp 101 lisp extended-subnet-mode lisp mobility 101 hsrp roamer LAN Ext. hsrp 101 ip 10.1.0.1 ip 10.1.0.1 lisp extended-subnet-mode ip 10.1.0.1 hsrp 101 ip 10.1.0.1 A B C D LISP-VM (xTR) HSRP ActiveHSRP Active West-DC East-DC 10.1.0.0 /24 10.1.0.0 /24 HSRP HSRP ARP ARP GWY-MAC GWY-MAC© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 58

×