Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

An Introduction to Cisco OTV (IOS Advantage Webinar)

5,485
views

Published on

Cisco Overlay Transport Virtualization (OTV), a technology that significantly simplifies Data Center Interconnect (DCI) deployments by extending Ethernet LANs between multiple sites over any network, …

Cisco Overlay Transport Virtualization (OTV), a technology that significantly simplifies Data Center Interconnect (DCI) deployments by extending Ethernet LANs between multiple sites over any network, making multiple data centers look like one logical data center.

We will discuss the OTV architecture in detail, including its many benefits. This session will highlight some key advantages of the new implementation on the Cisco ASR 1000 series router as well as a side-by-side comparison with the current Nexus 7000 implementation.

Published in: Technology, Education

0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,485
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
505
Comments
0
Likes
6
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cisco IOS Advantage Webinars Simplifying Data Center Interconnect with Overlay Transport Virtualization (OTV) Peter Lam Patrick Warichet We’ll get started a few minutes past the top of the hour. Note: you may not hear any audio until we get started.© 2012 Cisco and/or its affiliates. All rights reserved. 1
  • 2.  Speakers  Panelists  Peter Lam  Peter Lam Product Manager,  Anoop Dawani Network Operation System  Mostafa Mansour Group (NOSTG)  Suresh Katukam lamp@cisco.com  Patrick Warichet Technical Manager, Network Operating System Group (NOSTG) pwariche@cisco.com© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  • 3. • Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists• For Webex audio, select COMMUNICATE > Join Audio Broadcast• For Webex call back, click ALLOW Phone button at the bottom of Participants side panel• Where can I get the presentation? https://communities.cisco.com/docs/DOC-28415 Or send email to: ask_iosadvantage@cisco.com• Please fill in Survey at end of event• Join us on April 4 for our next IOS Advantage Webinar: Network Automation Techniques Using Embedded Event Manager (EEM)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  • 4.  OTV General Overview OTV Technical Details LISP General Overview LISP for Inter-DC Workload Mobility© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  • 5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  • 6. Transport dependent Data Center Interconnect (DCI) Bandwidth management Failure containment Complex operations Many Physical Sites One Logical Data Center© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  • 7. OTV delivers a virtual L2 transport over any L3 Infrastructure Overlay - Independent of the Infrastructure O technology and services, flexible over various inter-connect facilities T Transport - Transport services for Layer 2 and Layer 3 Ethernet and IP traffic Virtualization - Provides virtual stateless V multi-access connections. Can be further partitioned into VPNs, VRFs, VLANs© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  • 8. • Seamless workload mobility • Business Continuity • Pool and maximize global resources • Distributed applications© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  • 9. • Applications (running in the VMs) use non-routable traffic e.g. Node Discovery & Heartbeats in clustered Applications • With Virtualization, application members may be distributed across Data-centers • Moving and distributing application members across locations should not break the application Application Traffic (Non Routable) Node Discovery Heartbeats Hypervisor Hypervisor Control Traffic Hypervisor© 2012 Cisco and/or its affiliates. All rights reserved. Network Cisco Public 9
  • 10. EoMPLS Dark Fiber VPLS© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • 11.  Traditional Layer 2 VPN technologies rely on flooding to propagate MAC reachability  The flooding behavior causes failures to propagate to every site in the Layer 2 VPN x2 Site A Site C MAC 1 MAC 1 propagation Site B Our goal… Providing layer 2 connectivity, yet restrict the reach of the unknown unicast flooding domain in order to contain failures and preserve the resiliency© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  • 12.  Before any learning can happen a full mesh of pseudo-wires/ tunnels must be in place  For N sites, there will be N*(N-1)/2 pseudo-wires. Complex to add and remove sites  Head-end replication for multicast and broadcast. Sub-optimal BW utilization Our goal… providing point-to-cloud provisioning and optimal bandwidth utilization in order to reduce cost© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  • 13. • Requires additional protocols (BGP, ICC, EEM) • STP often extended • Malfunctions impact all sites Active Active L2 Site L2 VPN L2 Site Our goal… natively providing automatic detection of multi-homing without the need of extending the STP domains, together with a more efficient load-balancing© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  • 14. Circuits + Data Plane Flooding Packet + Control Protocol Learning Data Data Data Data Center Center Center I Center I II II L3 L3 L2 L2 B B A B C D A B C D A C D A C D Full mesh of circuits (pseudo-wires)  Packet switched connectivity MAC learning based on flooding  MAC learning by control protocol Tunnels and Pseudo-wires  Dynamic Encapsulation Operationally Challenging  Operational simplification Loop prevention and multi-homing Automatic loop prevention & multi- must be provided separately homing Traditional L2 VPNs MAC Routing Cisco Public 14© 2012 Cisco and/or its affiliates. All rights reserved.
  • 15. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  • 16. 4 MAC TABLE Transport MAC TABLE Infrastructure VLAN MAC IF VLAN MAC IF Decap IP A 100 MAC 1 Eth 2 3 5 IP B 100 MAC 1 IP A 2 100 OTV MAC 2 Eth 1 OTV Encap OTV 100 OTV MAC 2 IP A 6Layer 2 MAC 1  MAC 3 IP A  IP B Layer 2 100 MAC 3 IP B MAC 1  MAC 3 IP A  IP B 100 MAC 3 Eth 3Lookup Lookup 100 MAC 4 IP B 100 MAC 4 Eth 4 MAC 1  MAC 3 MAC 1  MAC 3 MAC 1 West East MAC 3 Site Site 1 7 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  • 17. Encapsulation • OTV encapsulation adds 42 Bytes to the packet IP MTU size Outer IP Header and OTV Shim Header in addition to original L2 Header stripped off of the .1Q header • The outer OTV shim header contains information about the overlay (VLAN, overlay number) • The 802.1Q header is removed from the original frame and the VLAN field copied over into the OTV shim header 802.1Q header removed 802.1Q 802.1Q Ether DMAC SMAC Type Ether L2 DMAC SMAC Type IP Header OTV Shim Header CRC 6B 6B 2B 20B 8B 14B* Payload 4B Original L2 Frame* The 4Bytes of .1Q header have already been removed 20B + 8B + 14B* = 42Byte of total overhead © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  • 18. The OTV Control Plane • No unknown unicast flooding • Control Plane Learning with proactive MAC advertisement • Background process with no specific configuration • IS-IS used between OTV Edge Devices. MAC Addresses OTV Advertisements OTV IP A IP B West East IP C OTV South© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  • 19. Neighbor Discovery and Adjacency Formation • Before any MAC address can be advertised the OTV Edge Devices must: Discover each other Build a neighbor relationship with each other • Neighbor Relationship built over a transport infrastructure: Multicast-enabled (all shipping releases) Unicast-only (NX-OS with release 5.2 or higher)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  • 20. Route (MAC) Advertisements (over Multicast Transport) Craft OTV2 update with new MACs VLAN MAC IF Update A OTV 100 Update A 100 100 MAC A MAC B MAC C IP A IP A IP A 6 OTV Update A IP A  G Multicast-enabled Update A IP A  G Transport East West 3 MAC Table 5 MAC Table Encap Decap VLAN MAC IF 100 MAC A IP A VLAN MAC IF 100 MAC A e1/1 4 100 MAC B IP A 100 MAC C IP A 100 MAC B e1/1 Update A IP A  G 100 MAC C e1/1 Update A IP A  G Add MACs learned through OTV 1 Decap New MACs 7 learned in 5 OTV OTV VLAN Update A IP A  G 7 VLAN 100 MAC IF MAC A IP A MAC Table 6 Update A 100 MAC B IP A 100 MAC C IP A South VLAN MAC IF Add MACs 100 MAC A IP A learned 100 MAC B IP A 100 MAC C IP A through OTV © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  • 21. OTV over a Multicast Transport with NX-OS • Minimal configuration required to get OTV up and running Activate the OTV featurefeature otv feature otvotv site-vlan 99 otv site-vlan 99interface Overlay1 Wan facing interface Overlay1 description WEST-DC Interface description EAST-DC otv join-interface e1/1 otv join-interface e1/1.10 otv control-group 239.1.1.1 otv control-group 239.1.1.1 otv data-group 232.192.1.0/24 otv data-group 232.192.1.0/24 otv extend-vlan 100-150 OTV otv extend-vlan 100-150 OTV VLAN extended IP A IP B West East IP C feature otv OTV otv site-vlan 99 interface Overlay1 description SOUTH-DC South otv join-interface Po16 otv control-group 239.1.1.1 otv data-group 232.192.1.0/24 otv extend-vlan 100-150© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  • 22. OTV over a Multicast Transport with IOS-XE • Minimal configuration required to interface Overlay0 description EAST-DC get OTV up and running no ip address otv control-group 239.140.5.1 otv data-group 232.1.1.0/28 otv join-interface TenGig0/0/0 OTV otv vpn-name ASR1K-001 service instance 10 ethernet OTV encapsulation dot1q 10 bridge-domain 10 IP A ! IP B West interface TenGig0/0/0 East ip address 10.10.10.2 255.255.0.0 interface Overlay0 ip pim passive description WEST-DC IP C ip igmp version 3 no ip address OTV otv control-group 239.140.5.1 otv data-group 232.1.1.0/28 otv join-interface TenGig0/0/0 South otv vpn-name ASR1K-001 feature otv service instance 10 ethernet otv site-vlan 99 encapsulation dot1q 10 interface Overlay1 bridge-domain 10 description SOUTH-DC ! otv join-interface Po16 interface TenGig0/0/0 otv control-group 239.140.5.1 ip address 10.10.10.1 255.255.0.0 otv data-group 232.1.1.0/28 ip pim passive otv extend-vlan 10 ip igmp version 3© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  • 23. CLI Verification on NX-OS  Establishment of control plane adjacencies between OTV Edge Devices: dc1-agg-7k1# show otv adjacency Overlay Adjacency database Overlay-Interface Overlay100 : Hostname System-ID Dest Addr Up Time Adj-State dc2-agg-7k1 001b.54c2.efc2 20.11.23.2 6d13h UP dc1-agg-7k2 001b.54c2.e1c3 20.12.23.2 6d13h UP dc3-ASR1K-1 5475.d098.2200 20.13.23.2 6d13h UP  Unicast MAC reachability information: dc1-agg-7k1# show otv route OTV Unicast MAC Routing Table For Overlay100 VLAN MAC-Address Metric Uptime Owner Next-hop(s) ---- -------------- ------ -------- --------- ----------- 2001 0000.0c07.ac01 1 3d15h site Ethernet1/1 2001 0000.1641.d70e 1 3d15h site Ethernet1/2 Local Site 2001 0000.49f3.88ff 42 2d22h overlay dc2-agg-7k1 MAC 2001 0000.49f3.8900 42 2d22h overlay dc2-agg-7k2 Remote Site MAC© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  • 24. CLI Verification on IOS-XE  Verification of the Status on OTV edge interface and control plane adjacencies dc3-ASR1K-1 #show otv summary OTV Configuration Information, Site Bridge-Domain: 10 Overlay VPN Name Control Group Data Group(s) Join Interface State 100 DCI-001 239.140.5.1 232.1.1.0/28 Te0/0/0 UP Total Overlay(s): 1 dc3-ASR1K-1 #show otv adjacency Overlay 100 Adjacency Database Hostname System-ID Dest Addr Up Time State dc2-agg-7k1 001b.54c2.efc2 20.11.23.2 6d13h UP dc1-agg-7k2 001b.54c2.e1c3 20.12.23.2 6d13h UP dc1-agg-7k1 001b.54c2.eed3 20.10.23.1 6d18h UP  Unicast MAC reachability information: dc3-ASR1K-1# show otv route Codes: BD - Bridge-Domain, AD - Admin-Distance, SI - Service Instance, * - Backup Route OTV Unicast MAC Routing Table for Overlay100 Inst VLAN BD MAC Address AD Owner Next Hops(s) ----------------------------------------------------------- Remote Site 0 10 10 0001.cafe.0001 50 ISIS dc2-agg-7k1 MAC Local Site 0 10 10 0000.1234.0001 40 BD Eng Gi0/2/0:SI10 MAC© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  • 25. NX-OS release 5.2 Neighbor Discovery (Unicast-Only Transport) and above • Ideal for connecting two or three sites • With a higher number of sites a multicast transport is the best choice Unicast-only Transport OTV OTVOTV Control Plane OTV Control Plane IP A IP B West East The mechanism The end result  Edge Devices (EDs) register with  Neighbor Discovery is automated an “Adjacency Server” ED by the “Adjacency Server”  EDs receive a full list of Neighbors  All signaling must be replicated for (oNL) from the AS each neighbor  OTV hellos and updates are  Data traffic must also be replicated encapsulated in IP and unicast to at the head-end each neighbor © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  • 26. NX-OS release 5.2 Neighbor Discovery (Unicast-Only Transport) and above • OTV “adjacency server” provides support over unicast core • Adjacency server is a process that can run on any OTV edge device • Advertises IP of each Edge Device (ED) to all other EDs (OTV neighbor list – oNL) Site 2 Site 3 IP C IP B oNL Site 1 Site 1, IP A Site 2, IP B Unicast-Only Site 3, IP C Transport Site 4, IP D IP A Site 5, IP E Adjacency IP E IP D Server Mode * A redundant pair may be configured Site 5 Site 4© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
  • 27. NX-OS release 5.2 MAC Advertisements (Unicast-Only Transport) and above • A single update needs to be created for each destination Edge Device present on the Overlay • Same for the sites’ multicast and broadcast packets to be sent to the other sites 4 VLAN MAC IF 1 100 MAC A IP A 3 New MACs are 100 MAC B IP Alearned on VLAN 100 2 100 MAC C IP A Vlan 100 MAC A 3 Vlan 100 MAC B Core East Vlan 100 MAC C IP A 4 VLAN MAC IF West 100 MAC A IP A OTV update is replicated 3 100 MAC B IP A oNL East, IP B at the head-end 100 MAC C IP A Sout-East, IP C South-East© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
  • 28. NX-OS release 5.2 OTV over an unicast-only transport and above • Establishing a DCI has never been this simplefeature otv feature otvotv site-vlan 99 otv site-vlan 99interface Overlay1 interface Overlay1 description WEST-DC description EAST-DC otv join-interface e1/1 otv join-interface e1/1.10 otv adjacency-server local otv adjacency-server 10.1.1.1 otv extend-vlan 100-150 otv extend-vlan 100-150 OTV OTV feature otv otv site-vlan 99 IP A interface Overlay1 IP B West description SOUTH-DC East otv join-interface Po16 otv adjacency-server 10.1.1.1 otv extend-vlan 100-150 IP C OTV South © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  • 29. Site Independence • OTV is site transparent: no changes to the STP topology • Each site keeps its own STP domain • This functionality is built-in into OTV and no additional configuration is required • An Edge Device will send and receive BPDUs ONLY on the OTV Internal Interfaces OTV OTV L3 L2 The BPDUs The BPDUs stop here stop here© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  • 30. No longer unknown unicast storms across the DCI • No requirements to forward unknown unicast frames • OTV does not forward unknown unicast frames to the overlay. This is achieved without any additional configuration • The assumption here is that the end-points connected to the network are not silent or uni-directional MAC TABLE VLAN MAC IF OTV OTV 100 MAC 1 Eth1 100 MAC 2 IP B L3 No MAC 3 in the - - - L2 MAC Table MAC 1  MAC 3© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  • 31. ARP Neighbor-Discovery (ND) Cache • An ARP cache is maintained by every OTV edge device and is populated by snooping ARP replies • Initial ARP requests are broadcasted to all sites, but subsequent ARP requests are suppressed at the Edge Device and answered locally • ARP traffic spanning multiple sites can thus be significantly reduced 2 ARP 5 ARP reply on reply 4 Subsequent behalf of ARP requests remote server (IP A) (IP A) OTV Transport OTV Network 1 3 First ARP Snoop & request ARP Cache cache (IP A) ARP MAC 1 IP A reply MAC 2 IP B© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  • 32. • The detection of the multi-homing is fully automated and it does not require additional protocols and configuration • The Edge Devices within a site discover each other over the “otv site- vlan” • OTV elects one of the Edge Devices to be the Authoritative Edge Device (AED) for a subset of the extended VLANs • The AED is responsible for: MAC addresses advertisement for its VLANs Forwarding its VLANs’ traffic inside and outside the site AED OTV OTV Internal peering for AED election© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
  • 33. NX-OS release 5.2 Introducing OTV site-identifier and above • All devices on a site must be configured with a common site-identifier • The site-id information is included in the control plane • Makes OTV multi-homing more robust and resilient to user configuration errors Site Adjacency and Overlay Adjacency are now both leveraged for AED election • An overlay will not come up until a site-id is configured Warning: ISSU to 5.2 results in an overlay down condition until site-ids are manually configured Overlay Adjacency NX-OS AED AED OTV OTV feature otv otv site-identifier 0x1 otv site-vlan 99 Site Adjacency IOS-XE otv site-identifier 0x1 otv bridge-domain 99© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  • 34. NX-OS Release 5.2 and above With Mechanism to proactively advertise AED capability I’m not AED Capable AED for VLAN AED for VLAN AED for VLAN AED election begins. Adjacency Up. X, Y, Z A,B,C X, Y, Z Exclude Overlay Adjacency EDs AED election process begins non-AED capable A, B, C• Provides additional resiliency• Avoid single point of failure of OTV OTV site-vlan going down• Proactively inform neighbors about local failures • Join interface down Site Adjacency • Internal Vlans down • AED down or initializing• Vlans are split across EDs as long as • At least one adjacency is up & • EDs are AED capable© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  • 35. NX-OS Release 5.2 and above Things to be aware of... • Site-id is mandatory • If not configured, no overlay will come up • Holds true for single-homed site as well • EDs in same site MUST be configured with same site-id • If mismatch detected, all overlays will come down until this error is fixed • Site-id is not generated by default. • Two formats for site-id • Flat Hexadecimal: <1-ffffffffffff> • MAC address format: nnnn.nnnn.nnnn • Site-id is always displayed in MAC address format (0000.0000.0256)  Site-id “0” is not acceptable© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  • 36. VLAN Splitting between Edge Devices • VLANs are split between the OTV Edge Devices belonging to the same site • Achieved via a very deterministic algorithm (not configurable). In a dual- homed site: Lower IS-IS System-ID (Ordinal 0) = EVEN VLANs Higher IS-IS System-ID (Ordinal 1) = ODD VLANs • Future functionality will allow to tune the behavior NX-OS AED AED OTV-ED# show otv site ODD VLANs EVEN VLANs Site Adjacency Information (Site-VLAN: 1999) OTV OTV (* - this device) Overlay100 Site-Local Adjacencies (Count: 2) Hostname System-ID Ordinal ---------------- ---------------- ------- dc2a-agg-7k2-otv 001b.54c2.e142 0 * dc2a-agg-7k1-otv 0022.5579.0f42 1 IOS-XE ASR1K-ED1# show otv site Site Adjacency Information (Site Bridge-Domain: 10) Overlay0 Site-Local Adjacencies (Count: 2) Hostname System ID Last Change Ordinal AED Enabled Status * ASR1K-ED1 C47D.4FB3.F500 6d22h 1 site overlay ASR1K-ED2 5475.D098.2200 6d22h 0 site overlay© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  • 37. AED and Broadcast Handling • Broadcast reaches all the Edge Devices within the site • Only the AED for that VLAN forwards the traffic to the overlay • All the Edge Devices at the other sites receive the broadcast • Only the AED at the remote sites will forward the packet from the overlay into the site OTV Broadcast OTV Broadcast stops here stops here OTVBcast OTV Core pkt AED AED © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  • 38. AED VM Moves OTV 1 OTV MAC X MAC X West OTV EastMAC X OTV ESXESX MAC X MAC X MAC X AED AED 2.3 OTV OTV AED advertises MAC X 2 MAC X with a metric of zero MAC X OTV East MAC X West OTV ESXESX MAC X MAC X MAC X MAC X AED Server originates a AED detects Gratuitous ARP 2.2 (GARP) frame 2.1 MAC X is now local © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  • 39. 2.4 AED OTV EDs in site West see MAC X advertisement with a OTV better metric from site East and change them to 2 MAC X remote MAC address. MAC X MAC X OTV East West OTV ESXESX MAC X MAC X MAC X MAC X AED 3.2 AED in site West forwards the GARP into the site and the L2 switches update AED OTV their CAM tables OTV 3 MAC X MAC X MAC X MAC X OTV East West OTV ESX MAC XESX MAC X MAC X MAC X AED in site East AED 3.1 forwards the GARP broadcast frame across the overlay © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  • 40. Real Problems Solved by OTV North Data  Extensions over any transport Fault Center Fault Domain Domain  No Re-design required  Failure boundary preservation  Site independence / isolation  Optimal BW utilization (no head-end replication) LAN Extension  Resiliency/multihoming  Built-in end-to-end loop prevention  Multisite connectivity (inter and intra DC)  Scalability Only 5 CLI commands  VLANs, sites, MACs  ARP, broadcasts/floods Fault Fault  Operations simplicity Domain Domain South Data Center© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  • 41. Optimal Routing Challenges • Layer 2 extensions represent a challenge for optimal routing • Challenging placement of Ingress Routing gateway and advertisement of Localization: Clients- routing prefix/subnet Server Hypervisor Hypervisor Egress Routing Localization: Server-Server Egress Routing Localization: Server-Client Server-Client© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  • 42. • Extended VLAN typically has associated HSRP group • Only one HSRP router active, with all servers pointing to HSRP VIP as default gateway • Result: sub-optimal (trombone) routing HSRP Hellos HSRP HSRP HSRP HSRP Active Standby Listen Listen VLAN VLAN 20 10© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
  • 43. FHRP Filtering Solution • Filter FHRP with combination of VACL and MAC route filter • Result: Still have one HSRP group with one VIP, but now have active router at each site for optimal first-hop routing HSRP Hellos HSRP Hellos HSRP Filtering HSRP HSRP HSRP HSRP Active Standby Active ARP Standby reply ARP for HSRP VIP VLAN VLAN 20 10© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  • 44. FHRP Localization – Egress Path Optimization ISP A Layer 3 Core ISP B Data Center Data Center A B HSRP HSRP HSRP HSRP Active Standby HSRP Filtering Active Standby Public Network Agg VLAN A  Asymmetrical flows  No Stateful device Access  Low ingress trafficNode A HA cluster Node A HA cluster Node B Cluster VIP = 10.1.1.100 Preempt Default GW = 10.1.1.1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
  • 45. Ingress Traffic Localization: Client to Server Traffic DCI LAN Extension West East Hypervisor HypervisorChallenge Options• Subnets are spread across locations  DNS Based• Subnet information in the routing tables 1. DNS redirection with ACE/GSS is not specific enough  Routing Based• Routing doesn’t know if a server has 2. Route Injection moved between locations 3. LISP• Traffic may be sent to the location where the application is not available © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  • 46. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
  • 47. Location Identity Separation Protocol What Do We Mean by “Location” and “Identity”? Today’s Internet Behavior Loc/ID “overloaded” semantic Internet x.y.z.1 When the device moves, it gets a new IPv4 or IPv6 address for Device IPv4 or IPv6 its new identity and location address representsidentity and location w.z.y.9 LISP Behavior Loc/ID “split” Internet x.y.z.1 When the device moves, keeps a.b.c.1 its IPv4 or IPv6 address.Device IPv4 or IPv6 It has the same identityaddress represents e.f.g.7 identity only. x.y.z.1 Its location is here! Only the location changes © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
  • 48. A LISP Packet Walk How Does LISP Operate? 3 EID-prefix: 10.1.0.0/24 Mapping Locator-set: Entry 172.16.1.1, priority: 1, weight: 50 (D1) Non-LISP site This policy controlled1 Non-LISP site 172.16.2.1, priority: 1, weight: 50 (D2) by destination site DNS entry: D.abc.com A 10.1.0.1 10.3.0.0/24 LISP site S ITR PiTR 2 172.16.10.1 4.4.4.4 10.3.0.1 -> 10.1.0.1 IP Network 3.3.3.3 EID-to-RLOC 4 mapping 1.1.1.1 2.2.2.2 172.16.10.1 -> 172.16.1.1 10.3.0.1 -> 10.1.0.1 172.16.1.1 172.16.2.1 172.16.3.1 172.16.4.1 ETR 5 West-DC East-DC 10.3.0.1 -> 10.1.0.1 D 10.1.0.0/24 10.2.0.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
  • 49. A LISP Packet Walk 3 EID-prefix: 10.1.0.0/24 How about non-LISP sites? Mapping Locator-set: Entry 172.16.1.1, priority: 1, weight: 50 (D1) 1 DNS entry: 172.16.2.1, priority: 1, weight: 50 (D2) D.abc.com A 10.1.0.1 Non-LISP site Non-LISP site S 2 192.3.0.1 -> 10.1.0.1 PiTR 4.4.4.4 4 3.3.3.3 4.4.4.4- > 172.16.1.1 EID-to-RLOC mapping 192.3.0.1 -> 10.1.0.1 1.1.1.1 2.2.2.2 IP Network 172.16.1.1 172.16.2.1 172.16.3.1 172.16.4.1 ETR 5 West-DC East-DC 192.3.0.1 -> 10.1.0.1 D 10.1.0.0/24 10.2.0.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  • 50. LISP Overview LISP Header Format draft-ietf-lisp-05Outer IP Header(20 Bytes):Router suppliedRLOCsUDP Header(8 Bytes)LISP Header(8 Bytes)Inner IP Header:Host supplied IDs Overall IP MTU Increase: 36 Bytes© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  • 51. LISP Roles and Address Spaces Mapping What are the Different Components Involved? DB EID a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 RLOC w.x.y.1 x.y.w.2 z.q.r.5 d.d.0.0/16 z.q.r.5 LISP Roles EID a.a.a.0/24 b.b.b.0/24 RLOC w.x.y.1 x.y.w.2 c.c.c.0/24 z.q.r.5 EID Space d.d.0.0/16 z.q.r.5 • Tunnel Routers - xTRs EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 • Edge devices in charge c.c.c.0/24 d.d.0.0/16 z.q.r.5 z.q.r.5 of encap/decap ITR • Ingress/Egress Tunnel Non-LISP ALT Routers (ITR/ETR) Prefix Next-hop w.x.y.1 x.y.w.2 e.f.g.h e.f.g.h z.q.r.5 e.f.g.h z.q.r.5 e.f.g.h • EID to RLOC Mapping DB • Contains RLOC to EID PxTR RLOC Space mappings ETR • Distributed across multiple Map Servers (MS) EID Space • MS may connect over an ALT network • Proxy Tunnel Routers - PxTR Address Spaces • EID = End-point Identifier • Coexistence between LISP and non-LISP sites • Host IP or prefix • Ingress/Egress: PiTR, • RLOC = Routing Locator PeTR • IP address of routers in the backbone© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
  • 52. The basics – Registration and Resolution LISP site Mapping Cache Entry (on ITR): 10.1.0.0/16-> (A, B) iTR Map Server / Resolver: 1.1.1.1 Map-Reply 10.1.0.0/16 -> (A, B) A B C DDatabase Mapping Entry (on ETR): eTR eTR eTR eTR Database Mapping Entry (on ETR): 10.1.0.0/16 -> (A, B) 10.2.0.0/16 -> (C, D) West-DC East-DC 10.1.0.0 /16 10.2.0.0/16 Y X Y Z 10.1.0.2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  • 53. Servers Basic LISP Configuration ip lisp map-resolver ip lisp map-server lisp site west-DC authentication-key 0 s3cr3t eid-prefix 10.1.0.0/24 Border Routers Between Backbones ip lisp proxy-itr ip lisp itr map-resolver 3.3.3.3 Non-LISP sites LISP site PiTR iTR 3.3.3.3 Branch Routers 172.16.10.1 ip lisp itr Mapping DB ip lisp itr map-resolver 3.3.3.3 1.1.1.1 2.2.2.2 IP Network DC Aggregation Routers ip lisp etr 172.16.1.1 172.16.2.1 ip lisp database-mapping 10.1.0.0/24 172.16.1.1 … ip lisp database-mapping 10.1.0.0/24 172.16.2.1 … ip lisp etr map-server 1.1.1.1 key s3cr3t ip lisp etr map-server 2.2.2.2 key s3cr3t eTR West-DC East-DC 10.1.0.0/24Usually devices will be configured as iTRs and eTRsto handle traffic in both directionsWe illustrate only one direction for simplicity RLOC EID LISP encap/decap © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
  • 54. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
  • 55. VM-Mobility Scenarios Which technologies, when? Live moves with LAN Extension Cold moves without LAN Extension Non-LISP LISP Site LISP Site Site xTR xTR DR Location or Mapping DB Mapping DB Cloud Provider IP Network DC Internet or Shared WAN OTV LISP-VM (xTR) LISP-VM (xTR) West-DC East-DC West-DC East-DC Routing for extended subnets IP mobility across subnets Active-Active Data Centers Disaster Recovery Distributed Clusters Cloud Bursting Application Members Distributed Application Members in one location Live moves Cold moves© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
  • 56. LISP Sites vs. Data Center Sites With or Without Extended Subnets A B C DWithout Extended SubnetsDifferent subnets  West-DC East-DC 10.1.0.0 /16 10.2.0.0 /16Different LISP sites X Y ZA LISP site = A DC site LISP site LISP siteMove across DC/LISP sites DC site DC siteWith Extended Subnets A B C DSingle subnet Single LISP site OTV West-DC East-DC 10.1.0.0 /16 10.1.0.0 /16One LISP site = X Y ZMultiple DC sites Extended LISP siteMove within a LISP site DC site DC siteand across DC sites © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
  • 57. LISP VM-Mobility - First Hop Routing With Extended Subnets • Consistent GWY-IP and GWY-MAC configured across all sites Consistent HSRP group number across sites  consistent GWY-MAC • Servers can move anywhere and always talk to a local gateway with the same IP/MAC interface vlan 100 interface vlan 100 ip address 10.1.0.5/24 interface vlanaddress 10.1.0.7/24 ip 200 lisp mobility roamer ip address 10.2.0.8/24 roamer lisp mobilityinterface Ethernet2/4 lisp mobility extended-subnet-mode lisp roamer lisp extended-subnet-mode ip address 10.1.0.6/24 hsrp 101 lisp extended-subnet-mode lisp mobility 101 hsrp roamer LAN Ext. hsrp 101 ip 10.1.0.1 ip 10.1.0.1 lisp extended-subnet-mode ip 10.1.0.1 hsrp 101 ip 10.1.0.1 A B C D LISP-VM (xTR) HSRP ActiveHSRP Active West-DC East-DC 10.1.0.0 /24 10.1.0.0 /24 HSRP HSRP ARP ARP GWY-MAC GWY-MAC© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
  • 58. Interfaces N7K-M132XP-12 Other M-series F-series Cards Encap/decap N7K-M132XP-12L Cards (Proxy mode) N7K-M132XP-12 N7K-M132XP-12L    •Only the N7K-M132XP-12 and N7K- M132XP-12L are capable of doing LISP encapsulation •F-Series can leverage N7K-M132XP-12 in Proxy mode to support LISP •Other M-series cards cannot operate in Proxy mode and should not be present in the VDC where LISP is enabled© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
  • 59. Aggregation VDC OTV VDC IP Services, SVIs, LISP OTV Services • OTV must run in a separate VDC in order to support SVIs for IP routing on extended VLANs • LISP runs in the Aggregation VDC, separate from OTV, just like any other IP routing service© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
  • 60. LISP VM IP Address 10.10.10.1 IP_DA = 10.10.10.1 2 1 Ingress Tunnel Router (ITR) 6 IP_DA = 10.10.10.1 IP_DA = B Encap IP_DA = 10.10.10.1 IP_DA = C Prefix Route Locator ISP A (EID) (RLOC) ISP B Data Center A 10.10.10.1 Moved to C, D A, B Data Center B 3 A ETR B 10.10.10.2 A, B C ETR D Decap 7 5 … … IP_DA = 10.10.10.1 Decap IP_DA = 10.10.10.1 10.10.10.5 C, D 10.10.10.6 C, DAgg LAN Extension AggAccess Access 4 VM= 10.10.10.1 VM= 10.10.10.1 © 2012 Cisco and/or itsGW = All rights reserved. Default affiliates. 10.10.10.100 Default GW = 10.10.10.100 Cisco Public 64
  • 61. Where to Deploy LISP and OTV Roles and Places in the Network Mapping Servers/Routers:xTR: Branch Routers @ LISP sites LISP site Distributed across Data •Customer-managed/owned Centers •SP-Managed CE service xTR Non-LISP sites •Customer- managed/ownedPxTR: Border routers @ transit •SP provided Internet / WANpoints Backbone service •Customer backbone routers PxTR •Customer router @ co- location Mapping DB •SP provided router/service Data Center IP Backbone LISP-VM (xTR) OTVLISP-VM xTR: Aggregation routers DC-Aggregation@ Data Center •Customer-managed/owned DC-Access West-DC East-DCOTV: Aggregation routers @Data Center RLOC EID LISP encap/decap •Customer-managed/owned © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
  • 62. LISP-VM-Mobility Router Placement • @ Main Data Centers LISP site • @ Disaster Recover facilities LISP-VM (xTR) DR Location or xTR Cloud Provider • First hop routers for the DC subnets in which the mobile Internet / WAN Backbone hosts reside: Detect host moves Provide a consistent first hop Data Center presence IP Backbone Monitor host liveness LISP-VM (xTR) DC-Aggregation • Usually the Aggregation Switches in the Data Center DC-Access • Customer Managed West-DC East-DC RLOC EID LISP encap/decap© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
  • 63. OTV Router Placement LAN Extension to DR or Cloud facilities is usually not required • @ Main Data Centers only LISP site • Typically not required @ DR Location or xTR Disaster Recover facilities Cloud Provider DC • First hop routers for the Internet / WAN Backbone subnets in which the mobile hosts reside: Connect to the VLANs to be extended Data Center IP Backbone Connect to the IP core OTV OTV DC-Aggregation • Usually the Aggregation Switches in the Data Center DC-Access • Customer Managed West-DC East-DC RLOC EID LISP encap/decap© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
  • 64. PxTR Placement Advertise DC Routes to Non-LISP Sites• PxTR Ideally placed on path between Non-LISP sites non-LISP and LISP sites Provider PxTR• Aggregation points are optimal: Internet / WAN Backbone Border routers between DC core and WAN Internet Routers Private PxTR Customer Routers at Co-location Provider routers (PxTR service) Data Center IP Backbone• PiTRs must be configured to inject routes into the non-LISP network DC-Aggregation Attract traffic from Non-LISP sites Encap and send to the Data Center DC-Access West-DC East-DC RLOC EID LISP encap/decap© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
  • 65. Map Server Placement A daemon on a router LISP site Non-LISP• The Map Server functionality can xTR sites be enabled on any router BGP route-reflectors are a good analogy SP Mapping Internet / WAN Off path is good, but not mandatory Service Backbone• Distribute Map Servers across different locations Private Data Centers (Self managed) Data Center SP Data Centers/Cloud (SP Service) IP Backbone Private Map• Map Server resiliency options: Private Map Server Server DC-Aggregation Clustered and distributed Distributed Database (ALT or IMDB) DC-Access West-DC East-DC RLOC EID LISP encap/decap© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
  • 66. LISP OTV Today: Today: • ISRs • Nexus 7000 • ASR 1000 • ASR 1000 • Nexus 7000 Future: • Catalyst 6500*, 4500* • CRS*, ASR9K*© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
  • 67. • Thank you! • Please complete the post-event survey. • Join us April 4 for our next webinar: Network Automation Techniques Using Embedded Event Manager (EEM) To register, go to www.cisco.com/go/iosadvantage© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 75