• Like

Thanks for flagging this SlideShare!

Oops! An error has occurred.

LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)

  • 7,488 views
Published

LISP implements a new routing architecture that utilizes a "level of indirection" to separate an IP address into two namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and …

LISP implements a new routing architecture that utilizes a "level of indirection" to separate an IP address into two namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system.

In addition to helping solve routing scalability issues, LISP provides many other benefits, including: Low OpEx multihoming with ingress traffic engineering; efficient IPv6 Transition support; high-scale Virtualization/Multi-tenancy support; Data Center/VM-mobility support, including session persistence across mobility events; and seamless mobile node support.

Published in Technology , Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
7,488
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
188
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cisco IOS Advantage WebinarsLISP - A Next GenerationNetworking ArchitectureGregg SchudelWe’ll get started a few minutes past the top of the hour.Note: you may not hear any audio until we get started.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  • 2.  Speakers  Panelists ‒ Gregg Schudel ‒ Darrel Lewis Technical Marketing Engineer, LISP Team Technical Leader, LISP Team gschudel@cisco.com ‒ Vince Fuller Technical Leader, LISP Team© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  • 3. • Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists• For Webex audio, select COMMUNICATE > Join Audio Broadcast• For Webex call back, click ALLOW Phone button at the bottom of Participants side panel• Where can I get the presentation? https://communities.cisco.com/docs/DOC-27853 Or send email to: ask_iosadvantage@cisco.com• Please fill in Survey at end of event• Join us on February 8 for our next IOS Advantage Webinar: Recommendations for Network Application Identification and Policy© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  • 4. Session Agenda  LISP Overview  LISP Operations  LISP Use Cases  LISP Status  LISP Summary  LISP References© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  • 5. LISP Overview LISP Operations LISP Use Cases LISP Status LISP Summary LISP References
  • 6. Session Objectives  At the end of this session, you should be able to: − Understand the level of indirection between EID and RLOC namespace enabled by LISP − Understand the Address Family agnostic attributes of LISP − Understand how the level of indirection and AF agnostic attributes enable other benefits such as inherent multi-homing support with ingress TE, inherent IPv6 transition support, inherent virtualization support, and inherent mobility support − Understand the five major LISP Use Cases© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  • 7. IP Addressing “Overloaded” Semantics  The IP address is “overloaded” on location and identity − Today, “addressing follows topology” making efficient aggregation only available for Provider Assigned (PA) addresses − Ingress Traffic Engineering usually requires Provider Independent (PI) addresses and sometimes the injection of “more specifics” – this limits route aggregation compactness − IPv6 does not fix this  Route scaling issues drive system (router) costs higher − Routers require expensive memory in the forwarding plane (FIB) “… routing scalability is the most − Drivers for route scaling are seen in Data important problem facing the Internet Centers and for Mobility (not just the today and must be solved … ” Internet DFZ) Internet Architecture Board (IAB) October 2006 Workshop (written as RFC 4984)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  • 8. Locator/ID separation is not new as a concept…  Two basic approaches: − Translation IPv4 NAT is a common (but inefficient) way to perform Location and Identity separation Translation has (well known) drawbacks with referrals The translation table is limited to the router (local scope) − Tunnels/Encapsulation (Map & Encap): Preserves hosts packet across the core Requires a mapping function (e.g. static in the case of GRE tunnels)  A separate Mapping System is key to enabling prefix removal from the core routing table (and minimization of de-aggregation) − NAT, for example, has a local scope known only to that device − GRE has static end-points and explicit scope known only to configured sites − To achieve global scope requires Mapping Database System that can provide on a dynamic basis, EID-to-RLOC relationship information© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  • 9. Locator/ID Split helps resolve route scaling problems  Today’s Internet Behavior DFZ − The “Default Free Zone” (DFZ) contains all types or routes: Edge (site) routes Internet Core (Provider) route More specifics of both types for TE purposes − In this model, everything goes in the DFZ  LISP Behavior LISP Map System DFZ Mapping − Locator/ID “split” architecture treats System “core” and “site” prefixes differently − In this model, prefixes describing core topology (locators) go in the DFZ; Internet prefixes describing end sites (EIDs) go in the LISP mapping system© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  • 10. Locator/ID split enables other (more important) benefits…  Today’s Internet Behavior Internet x.y.z.1 Device IPv4 or IPv6 When the device moves, it gets address represents a new IPv4 or IPv6 address for identity and location w.z.y.9 its new identity and location  LISP Behavior Internet x.y.z.1 Device IPv4 or IPv6 a.b.c.1 When the device moves, keeps address represents e.f.g.7 its IPv4 or IPv6 address. identity only x.y.z.1 It has the same identity Only the location changes© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • 11. Main attributes of LISP EID a.a.a.0/24 RLOC w.x.y.1 b.b.b.0/24 x.y.w.2 MS/MR c.c.c.0/24 d.d.0.0/16 z.q.r.5 z.q.r.5 EID RLOC EID Space a.a.a.0/24 b.b.b.0/24 w.x.y.1 x.y.w.2 c.c.c.0/24 z.q.r.5  EID (Endpoint Identifier) is the IP d.d.0.0/16 z.q.r.5 address of a host – just as it is today EID a.a.a.0/24 b.b.b.0/24 RLOC w.x.y.1 x.y.w.2 Non-LISP xTR c.c.c.0/24 d.d.0.0/16 z.q.r.5 z.q.r.5  RLOC (Routing Locator) is the IP EID-to- address of the LISP router for the host Prefix Next-hop w.x.y.1 x.y.w.2 e.f.g.h e.f.g.h RLOC z.q.r.5 z.q.r.5 e.f.g.h e.f.g.h mapping  EID-to-RLOC mapping is the PxTR distributed architecture that maps RLOC Space EIDs to RLOCs xTR EID Space xTR  Network-based solution  Address Family agnostic  No host changes  Incrementally deployable  Minimal configuration (support LISP and non-LISP)  No DNS changes  Support for mobility© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  • 12. LISP Mapping Resolution – DNS analog… LISP “Level of Indirection” is analogous to a DNS lookup  DNS resolves IP addresses for URLs [ who is lisp.cisco.com ] ? DNS DNS host Server Name-to-IP [153.16.5.29, 2610:D0:110C:1::3 ] URL Resolution  LISP resolves locators for queried identities [ where is 2610:D0:110C:1::3 ] ? LISP LISP LISP Mapping Identity-to-locator router [ locator is 128.107.81.169 ] System Mapping Resolution© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  • 13. LISP OverviewLISP Operations LISP Use Cases LISP Status LISP Summary LISP References
  • 14. draft-ietf-lisp-19 LISP IPv4 EID/IPv4 RLOC Header Example IPv4 Outer Header: Router supplies RLOCs UDP LISP header IPv4 Inner Header: Host supplies EIDs© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  • 15. draft-ietf-lisp-19 LISP Encapsulation Combinations – IPv4 and IPv6 Supported IPv4 IPv4 Outer Outer Header Header UDP UDP LISP LISP IPv4 Inner Header IPv6 Inner IPv4/IPv4 Header IPv4/IPv6 IPv6 Outer Header IPv6 Outer UDP Header LISP UDP LISP IPv6 Inner IPv4 Header Inner Header IPv6/IPv6 IPv6/IPv4© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  • 16. LISP Data Plane :: Ingress/Egress Tunnel Router (xTR) ITR – Ingress Tunnel Router ETR – Egress Tunnel Router • Receives packets from site-facing interfaces • Receives packets from core-facing interfaces • Encap to remote LISP sites, or native-fwd to • De-cap, deliver packets to local EIDs at site non-LISP sites Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR ITR packet flow packet flow S ETR ETR ITR ITR D Provider B Provider Y xTR-2 xTR-2 11.0.0.0/8 13.0.0.0/8 LISP Site 1 LISP Site 2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  • 17. LISP Data Plane :: Unicast Packet Forwarding Map-Cache Entry EID-prefix: 2001:db8:2::/48 Locator-set: 12.0.0.2, priority: 1, weight: 50 (D1) This policy controlled by the destination site 13.0.0.2, priority: 1, weight: 50 (D2) PI EID-prefix PI EID-prefix 3 2001:db8:1::/48 2001:db8:2::/48 Provider A Provider X 2001:db8:1::1 -> 2001:db8:2::1 xTR-1 xTR-12 2001:db8:1::1 -> 2001:db8:2::1 10.0.0.0/8 12.0.0.0/8 7 ETR 6 ETR ITR 10.0.0.2 12.0.0.2 ITR 11.0.0.2 -> 12.0.0.2 2001:db8:1::1 -> 2001:db8:2::1 5 S ETR 11.0.0.2 13.0.0.2 ETR ITR ITR D Provider B Provider Y xTR-2 xTR-2 11.0.0.0/8 4 13.0.0.0/81 11.0.0.2 -> 12.0.0.2 DNS entry: Site 1 LISP 2001:db8:1::1 -> 2001:db8:2::1 LISP Site 2 D.abc.com AAAA 2001:db8:2::1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  • 18. LISP Control Plane :: Introduction  LISP creates a “level of indirection” − Decouples host IDENTITY and LOCATION − Requires dynamic IDENTITY-to-LOCATION mapping resolution  LISP Control Plane Provides On-Demand Mappings − Control Plane is Out-of-Band − Map-Resolver and Map-Server (similar to DNS Resolver and DNS Server) − LISP Control Plane Messages for EID-to-RLOC resolution − Distributed databases and map-caches hold mappings© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  • 19. LISP Control Plane :: Control Plane Messages  Control Plane EID Registration services − Map-Register message Sent by ETR to Map-Server to register its associated EID prefixes Specifies the RLOC(s) to be used by the Map-Server when forwarding Map-Requests to the ETR  Control Plane “Data-triggered” mapping service − Map-Request message Sent by an ITR when it needs for EID/RLOC mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration − Map-Reply message Sent by an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress Policy for the requested EID© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  • 20. LISP Control Plane :: Map-Server/Map-Resolver (MS/MR) NOTE:An MR/MS need not be deployedas a router. A 1RU server can be MR MS used to implement the LISP control plane, for example. Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR ITR S ETR MS – Map-Server ETR MR – Map-Resolver • LISP site ETRs Register their EID prefixes ITR ITR here; requires configured “lisp site” policy, D • Receives Map-Request from ITR. B xTR-2 Provider Provider Y xTR-2 authentication key • Forwards Map-Request onto ALT topology 11.0.0.0/8 13.0.0.0/8 • Injects routes for registered site EID prefixes • Sends Negative Map-Replies in response into BGP ALT topology to Map-Requests for non-LISP sites LISP Site 1 LISP Site 2 • Receives Map-Requests via ALT and forwards them to registered ETRs© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  • 21. LISP Control Plane :: Mapping Database (ETR), Map-Cache (ITR) LISP Site Mapping-Database (ETR) MR MS • EID-to-RLOC mappings in all ETRs for local LISP site • ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs • ETRs can tailor policy based on Map-Request source • Decentralization increases attack resiliency Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR ITR S ETR LISP Map Cache (ITR) ETR ITR ITR D • “Lives” on ITRs and only stores mappings for sites to which Provider Y ITR is currently sending packets. B xTR-2 Provider 13.0.0.0/8 xTR-2 11.0.0.0/8 • Map-Cache populated by sending Map-Requests and receiving Map-Replies from ETRs LISP Site 1 • ITRs must respect Map-Reply policy, including TTLs, RLOC LISP Site 2 up/down status, RLOC priorities/weights© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  • 22. LISP Control Plane :: Map Registration Example 2 Other 2001:db8::/32 sites… 1 MR MS 12.0.0.2-> 66.2.2.2 LISP Map-Register (udp 4342) 66.2.2.2 SHA-2 2001:db8:2::/48 PI EID-prefix 12.0.0.2, 13.0.0.2 PI EID-prefix 2001:db8:1::/48 2001:db8:2::/48 Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR 10.0.0.2 12.0.0.2 ITR S ETR 11.0.0.2 13.0.0.2 ETR ITR ITR D Provider B Provider Y xTR-2 xTR-2 11.0.0.0/8 13.0.0.0/8 LISP Site 1 LISP Site 2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  • 23. LISP Control Plane :: Map Request/Map Reply Example 3 4 11.0.0.2-> 66.2.2.2 66.2.2.2-> 12.0.0.2 LISP ECM MR MS LISP ECM (udp 4342) (udp 4342) 11.0.0.2 -> 2001:db8:2::1 11.0.0.2 -> 2001:db8:2::1 Map-Request 66.2.2.2 Map-Request (udp 4342) (udp 4342) nonce nonce PI EID-prefix PI EID-prefix 2001:db8:1::/48 Map-Cache Entry 2001:db8:2::/48 6 EID-prefix: 2001:db8:2::/48 Provider A Provider X xTR-1 xTR-12 2001:db8:1::1 -> 2001:db8:2::1 10.0.0.0/8 Locator-set: 12.0.0.0/8 ETR ETR 12.0.0.2, priority: 1, weight: 50 (D1) ITR 10.0.0.2 12.0.0.2 ITR 13.0.0.2, priority: 1, weight: 50 (D2) S ETR 11.0.0.2 5 13.0.0.2 ETR ITR ITR D Provider B 12.0.0.2 ->11.0.0.2 Provider Y xTR-2 Map-Reply xTR-2 11.0.0.0/8 13.0.0.0/8 (udp 4342) How do I get to nonce1 2001:db8:2::1? 2001:db8:2::/48 DNS entry: Site 1 LISP 12.0.0.2 [1, 50] LISP Site 2 13.0.0.2 [1, 50] D.abc.com AAAA 2001:db8:2::1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  • 24. LISP Control Plane :: Proxy Map Reply Example 3 11.0.0.2-> 66.2.2.2 LISP ECM MR MS (udp 4342) 11.0.0.2 -> 2001:db8:2::1 Map-Request 66.2.2.2 (udp 4342) nonce PI EID-prefix PI EID-prefix 2001:db8:1::/48 Map-Cache Entry 2001:db8:2::/48 6 EID-prefix: 2001:db8:2::/48 Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 Locator-set: 12.0.0.0/8 ETR ETR 12.0.0.2, priority: 1, weight: 50 (D1) ITR 10.0.0.2 12.0.0.2 ITR 13.0.0.2, priority: 1, weight: 50 (D2) S ETR 11.0.0.2 13.0.0.2 ETR ITR 5 ITR D Provider B Provider Y xTR-2 66.2.2.2->11.0.0.2 xTR-2 11.0.0.0/8 13.0.0.0/8 Map-Reply (udp 4342) nonce LISP Site 1 2001:db8:2::/48 LISP Site 2 12.0.0.2 [1, 50] 13.0.0.2 [1, 50]© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  • 25. LISP Control Plane :: Negative Map Reply Example 2 NOTE: The actual “covering prefix” returned in an NMR 11.0.0.2-> 66.2.2.2 depends on the number and distribution of EID LISP ECM MR MS prefixes in the Mapping System. The NMR prefix (udp 4342) will cover the shortest prefix that doesn’t cover any LISP Sites in the Mapping System 11.0.0.2 -> 2001:db8:f000::1 Map-Request 66.2.2.2 3 (udp 4342) nonce 66.2.2.2->11.0.0.2 PI EID-prefix Negative-Map-Reply PI EID-prefix 2001:db8:1::/48 (udp 4342) 2001:db8:2::/48 nonce 2001:db8:8000::/21 Provider A Provider X xTR-1 xTR-11 2001:db8:1::1 -> 2001:db8:f000::1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR 10.0.0.2 Map-Cache Entry ITR 12.0.0.2 EID-prefix: 2001:8000::/21 4 forward-native S ETR 11.0.0.2 13.0.0.2 ETR ITR ITR D Provider B Provider Y xTR-2 xTR-2 11.0.0.0/8 13.0.0.0/8 How do I get to 2001:db8:F000::1? LISP Site 1 LISP Site 2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  • 26. LISP Interworking :: Day-One Incremental Deployment  Early Recognition − LISP will not be widely deployed day-one − Up-front recognition of an incremental deployment plan  Interworking for: − LISP-sites to non-LISP sites (e.g. the rest of the Internet) − non-LISP sites to LISP-sites  Two basic Techniques: − Proxy ITR (PITR) and Proxy ETR (PETR) − LISP Network Address Translators (LISP-NAT)  Proxy-ITR/Proxy-ETR are being deployed today − Infrastructure LISP network entity − Creates a monetized service opportunity for infrastructure players© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  • 27. LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR) MR MS IPv6 Internet PITR PETR Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR ITR SPITR – Proxy ITR ETR PETR – Proxy ETR ETR ITR • Receives traffic from non-LISP sites and ITR D • Allows a LISP Site in one AF [IPv4 or IPv6] encapsulates it to LISP sites B Provider Provider Y xTR-2 and the 13.0.0.0/8 RLOC [IPv6 or IPv4] to opposite xTR-2 11.0.0.0/8 • Advertises coarse-aggregate EID prefixes reach non-LISP sites in that AF [IPv4 or IPv6] (AF-hop-over) •LISP Site 1 LISP sites see ingress TE “day-one” (*) LISP Site 2 • Allows LISP sites with uRPF restrictions to reach non-LISP sites© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  • 28. LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR) 1 Non-LISP 2001:d:1::1 MR2001:db8:2::1 -> MS v6 Site 2001:d:1::1 6 2001:db8::/32 2001:db8:2::1 -> 2001:d:1::1 2001:f:f::1 2001:f:e::1 PI EID-prefix IPv6 PI EID-prefix 2001:db8:1::/48 Internet 2001:db8:2::/48 PITR PETR 2001:d:1::1 -> 2001:db8:2::1 Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 3 ETR 10.9.1.1 12.9.2.1 ETR ITR 10.0.0.2 12.0.0.2 ITR 10.9.1.1 -> 12.0.0.2 2001:d:1::1 -> 2001:db8:2::1 S ETR 11.0.0.2 2 12.0.0.2 -> 12.9.2.1 13.0.0.2 ETR ITR 2001:db8:2::1 -> 2001:d:1::1 ITR 2001:db8:2::1 -> 2001:d:1::1 D Provider B Provider Y xTR-2 5 xTR-2 11.0.0.0/8 13.0.0.0/8 4 LISP Site 1 LISP Site 2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  • 29. LISP Overview LISP OperationsLISP Use Cases LISP Status LISP Summary LISP References
  • 30. Five Core LISP Use Cases 1. Efficient Multihoming 2. IPv6 Transition Support 3. Efficient Virtualization/Multi-Tenancy 4. Data Center/VM Mobility 5. LISP Mobile-Node© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  • 31. LISP Use Case 1 :: Efficient Multihoming Support  Needs: ‒ Site connectivity to multiple providers ‒ Low OpEx/CapEx Internet  LISP Solution: LISP LISP Site routers ‒ LISP provides a streamlined solution for handling multi-provider connectivity and policy without BGP complexity Applicability:  Branch sites where multihoming is  Benefits: traditionally too expensive ‒ OpEx-friendly Multi-homing across  Useful in all other LISP Use Cases different providers ‒ Simple policy management ‒ Ingress Traffic Engineering© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  • 32. LISP Use Case 1 :: Efficient Multihoming – example/requirements  Multi-Homed Remote-Sites: ‒ Site connectivity to multiple providers ‒ More than 400 remote sites (some with limited physical access) ‒ Need to be “as robust as possible” ‒ T-1 (~$600/month) + dial-backup cost prohibitive vs. 3G access (~$60/month)  Necessary Features: ‒ IOS Firewall and NAT for Internet Access ‒ Mixed of dynamic (DHCP) and Static Interface IP address (RLOC)  LISP Design: ‒ Private LISP Mapping System (MS/MR) carrying RFC1918 EIDs ‒ ASR1002s (2) at Hub Site ‒ C2811s w/ 3G-HWICs at remote sites (2 each) ‒ NAT to Internet, IOS FW, DHCP ‒ Active/Backup minimum, Active/Active “stretch goal” for WAN utilization© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  • 33. LISP Use Case 1 :: Efficient Multihoming – example/overview 10.0.0.0/16 ASR 1002 (pair) • Map-Server/Map-Resolver Corporate Data Center for private LISP mapping • xTR for LISP encap/decap LISP Hub Site Customer Network 172.16.1.5 172.16.1.1 ISR (2811) (all sites) • xTR at Remote LISP site • Dual 3G-HWICs Internet • RFC1918 EID Space Carrier 2 • DHCP or static RLOCs Carrier 1 3G 3G • DHCP server for internal hosts • NAT/IOS FW to Internet 3G 3G 3G 3G 3G 3G 3G 3G HWIC HWIC HWIC HWIC HWIC HWIC HWIC HWIC . . . LISP Spoke Sites . . . X 400 10.10.0.0/24 10.10.1.0/24 10.10.x.0/24 10.10.y.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  • 34. LISP Use Case 1 :: Efficient Multihoming – example/configurations 10.0.0.0/16 router lisp Corporate Data Center site All-Sites eid-prefix 10.0.0.0/16 eid-prefix 10.10.0.0/16 accept-more-specifics LISP authentication-key 0 xxxxxx Hub Site Customer exit database-mapping 10.0.0.0/16 172.16.1.5 priority 1 weight 50 Network database-mapping 10.0.0.0/16 172.16.1.1 priority 1 weight 50 ipv4 map-server 172.16.1.5 172.16.1.1 ipv4 map-resolver ipv4 itr ipv4 etr ip itr map-resolver 172.16.1.1 ip itr map-resolver 172.16.1.5 Internet ip etr map-server 172.16.1.1 key ***** ip etr map-server 172.16.1.5 key ***** Carrier 1 Carrier 2 3G 3G router lisp 3G 3G 3G 3G 3G 3G 3G 3G HWIC HWIC database-mapping 10.10.1.0/24 ipv4-interface HWIC HWIC HWIC HWIC HWIC HWIC cell0/0/0 priority 1 weight 50 database-mapping 10.10.1.0/24 ipv4-interface cell0/0/1 priority 1 weight 50 ... ip itr ... LISP Spoke Sites ip etr X 400 ip itr map-resolver 172.16.1.1 ip itr map-resolver 172.16.1.5 10.10.0.0/24 10.10.1.0/24 10.10.x.0/24 10.10.y.0/24 ip etr map-server 172.16.1.1 key ***** ip etr map-server 172.16.1.5 key *****© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  • 35. LISP Use Case 1 :: Efficient Multihoming – example/packet flows 10.0.0.0/16 Corporate Data Center 10.0.0.1 LISP 4 Hub Site 10.10.0.1 10.0.0.1 -> Customer Network -> 10.0.0.1 10.10.0.1 3 172.16.1.5 172.16.1.1 5 172.16.1.1 -> 172.17.1.1 10. 0.0.1 -> 10.10.0.1 Internet 172.17.1.1 -> 172.16.1.1 2 10.10.0.1 -> 10.0.0.1 Carrier 1 Carrier 2 3G 3G 6 3G 3G 3G 3G 3G 3G 3G 3G HWIC HWIC HWIC HWIC HWIC HWIC HWIC HWIC10.0.0.1 -> 10.10.0.1 172.17.1.1 . . . LISP Spoke Sites . . . X 400 10.10.0.0/24 10.10.1.0/24 10.10.0.1 -> 10.0.0.1 1 10.10.x.0/24 10.10.y.0/24 10.10.0.1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  • 36. LISP Use Case 1 :: Side Note – other IOS feature interactions 10.0.0.0/16 LISP is executed in CEF. Corporate Data Center Any CEF process should Cellular0/3/0 Cellular0/3/1 be available when LISP 10.0.0.0/16 LISP is enabled. Commonly Hub Site12.1.1.5 ip address negotiated Customer used CEF functions that ip inspectNetwork out have been tested ip nat outside 172.16.1.5 13.1.1.5 172.16.1.1 ip access-group 101 in include:  Access Control Lists  Network Address Translation Internet Internet inside ip nat  Quality of Service ip verify unicast source reachable-via rx  Flexible NetFlow VzW Carrier 2  IPSec Carrier 1 10.10.0.0/24 VzW 3G  IOS Firewall 3G  IOS Intrusion Protection Srvc  Flexible Packet Matching 3G 3G 3G 3G 3G 3G 3G 3G HWIC HWIC HWIC HWIC HWIC HWIC HWIC HWIC . . . LISP Spoke Sites . . . X 400 10.10.0.0/24 10.10.1.0/24 10.10.x.0/24 10.10.y.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  • 37. LISP Use Case 2 :: IPv6 Transition Support Connecting IPv6 Islands v6  Needs: v6 Rapid IPv6 Deployment IPv4 Enterprise IPv4 island Core Internet xTR IPv4 Enterprise Minimal Infrastructure disruption v6 xTR Core island v4 v6  LISP Solution: v6 LISP encapsulation is Address Family IPv6 Transition Support agnostic, allowing for IPv6 over an IPv4 v6 core, or IPv4 over an IPv6 core PxTR v4 v6 IPv4 Core  Benefits: IPv6 Internet v6 service IPv4 xTR Internet Accelerated IPv6 adoption v6 Minimal added configurations IPv6 Access Support No core network changes xTR v6 home Network v4 v6 v6 Can be used as a transitional or as a PxTR v6 home v6 permanent solution PxTR IPv4 xTR Network v6 site access & . Internet . PxTR IPv6 Internet v6 home xTR Network© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  • 38. LISP Use Case 2 :: Side Note – IPv6 transition strategies  LISP provides AF “hop-over” support…  If you’re carrying IPv6 packets, you still need to work with IPv6 packets at the receiving site… Essentially, there are 3 ways to do this:1. Add 6-to-4 translation 2. Add New IPv6 Servers 3. Dual-stack the support… and infrastructure existing infrastructure © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  • 39. LISP Use Case 2 :: IPv6 Transition – example/requirements  IPv6 access to company web site: Existing IPv4 WAN connectivity available only immediately Local web site content deployed on new and separate infrastructure LISP demonstration site acceptable  Necessary Features: IOS router running LISP capable image Internal infrastructure (switches, web servers) running dual-stack (IPv4, IPv6)  LISP Design: Cisco 7200 routers (2) at LISP Site as xTRs Cisco 3750 switches (2), and Linux servers (2) for web site content IPv4 and IPv6 EID allocations from LISP Beta Network (note: could have done a “bring your own” IPv6 PI block)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
  • 40. LISP Use Case 2 :: IPv6 Transition – example/overview SJC17 DMZ sjc17-dmza-gw1 sjc17-dmza-gw2 xTR – Cisco 7200 • deployed “On-Path” (in the natural egress data path) • advertises in 153.16.5/24 into sjc17-dmza-lisp-gw1 OSPF, and 2610:d0:110c::/48 sjc17-dmza-lisp-gw2 7200 7200 into OSPFv3 Internal Switch: Cisco 3750 • Advertises default-originate to • 0/0 to GW learned via OSPF, switches OSPFv3 sjc17-dmza-lisp-sw1 sjc17-dmza-lisp-sw2 3750 vlan dot1q vlan 3750 Servers: Linux 1RU • Linux, dual-stacked, running Apache DNS lisp.cisco.com A 153.16.5.29 A 153.16.5.30 AAAA 2610:d0:110c:1::3 AAAA 2610:d0:110c:1::4 Linux server 1 Linux server 2 DNS lisp4.cisco.com A 153.16.5.29 A 153.16.5.30 DNS lisp6.cisco.com AAAA 2610:d0:110c:1::3 AAAA 2610:d0:110c:1::4© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  • 41. LISP Use Case 2 :: IPv6 Transition – example/addressing SJC17 DMZ sjc17-dmza-gw1 sjc17-dmza-gw2 128.107.81.169/32 128.107.81.170/32 L0 L0 sjc17-dmza-lisp-gw1 sjc17-dmza-lisp-gw2 7200 7200 OSPF OSPFv3 sjc17-dmza-lisp-sw1 sjc17-dmza-lisp-sw2 153.16.5.25/29 3750 vlan dot1q vlan 3750 153.16.5.26/29 2610:d0:110c:1::1/64 2610:d0:110c:1::2/64 153.16.5.29/29 153.16.5.30/29 DNS 2610:d0:110c:1::3/64 DNS 2610:d0:110c:1::4/64 Default Route: Default Route: 153.16.5.25 Linux server 1 Linux server 2 153.16.5.26 2610:d0:110c:1::1 2610:d0:110c:1::2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
  • 42. LISP Use Case 2 :: IPv6 Transition – example/configurations SJC17 DMZ sjc17-dmza-gw1 sjc17-dmza-gw2 ! router lisp database-mapping 153.16.5.0/24 128.107.81.169 priority 1 weight 50 database-mapping 153.16.5.0/24 128.107.81.170 sjc17-dmza-lisp-gw1 priority sjc17-dmza-lisp-gw2 1 weight 50 7200 7200 database-mapping 2610:D0:110C::/48 128.107.81.169 priority 1 weight 50 OSPF database-mapping 2610:D0:110C::/48 128.107.81.170 OSPFv3 priority 1 weight 50 ipv4 itr map-resolver 173.36.254.164 ipv4 itr map-resolver 198.6.255.37 ipv4 itr ipv4 etr map-server 198.6.255.37 key *********** sjc17-dmza-lisp-sw1 sjc17-dmza-lisp-sw2 ipv4 etr map-server 173.36.254.164 key *********** 3750 vlan dot1q ipv4 etr vlan 3750 ipv6 use-petr 69.31.31.98 ipv6 use-petr 149.20.48.60 ipv6 itr map-resolver 173.36.254.164 ipv6 itr map-resolver 198.6.255.37 ipv6 itr ipv6 etr map-server 198.6.255.37 key *********** ipv6 etr map-server 173.36.254.164 key *********** IPv6 default to Null0 allows ipv6 etr LISP to processserver 1 Linux packets Linux server 2 ! ipv6 route ::/0 Null0 IPv4 default route learned through OSPF with GWs© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  • 43. LISP Use Case 2 :: IPv6 Transition – example/results SJC17 DMZ sjc17-dmza-gw1 sjc17-dmza-gw2 128.107.81.169/32 128.107.81.170/32 L0 L0 sjc17-dmza-lisp-gw1 sjc17-dmza-lisp-gw2 7200 7200 OSPF Sjc17-dmza-lisp-gw1#show ip lisp database OSPFv3 LISP ETR IPv4 Mapping Database, LSBs: 0x3, 1 entries EID-prefix: 153.16.5.0/24 sjc17-dmza-lisp-sw1 sjc17-dmza-lisp-sw2 128.107.81.169, priority: 1, weight: 50, state: site-self, reachable 3750 vlan 3750 weight: vlan state: site-other, report-reachable 128.107.81.170, priority: 1, dot1q 50, Sjc17-dmza-lisp-gw1#show ipv6 lisp database LISP ETR IPv6 Mapping Database, LSBs: 0x3, 1 entries EID-prefix: 2610:D0:110C::/48 128.107.81.169, priority: 1, weight: 50, state: site-self, reachable Linux server 1 Linux server 2 128.107.81.170, priority: 1, weight: 50, state: site-other, report-reachable Sjc17-dmza-lisp-gw1#© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
  • 44. LISP Use Case 2 :: IPv6 Transition – example/packet flows Non-LISP IPv6 S6D6 IPv6 Site Internet S6 MS PETR lisp.cisco.com ???? AAAA lisp.cisco.com D6 MR PITR D6 ??? S4 SP1 D6  D4 IPv4 IPv4 xTR Cisco SP2 S4D4 S6D6 Internet DNS IPv4 D4 S6D6 v6 all the way!Production v6 VIP v6 Production v4 VIP v4 D6 IPv4/IPv6 Servers© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
  • 45. LISP Use Case 2 :: IPv6 Transition – other happy customers ;-) World IPv6 Day Sites using LISP Cisco lisp.cisco.com (AAAA: 2610:d0:110c:1::3, ::4) Facebook www.lisp6.facebook.com (AAAA: 2610:D0:FACE::9) Qualcomm www.ipv6.eudora.com (AAAA: 2610:d0:120d::10) jobs.qualcomm.com (no longer AAAA) Deutsche Bank www.ipv6-db.com (AAAA: 2610:d0:2113:3::3) Munich Airport lisp6.munich-airport.de (AAAA: 2610:d0:211d:1::2) Isarnet lisp.isarnet.net (AAAA: 2610:d0:211f:fffe::101) InTouch www.lisp.intouch.eu (AAAA: 2610:d0:210f:100::101) World IPv6 Day Sites Statistics (and current) http://honeysuckle.noc.ucla.edu/cgi-bin/smokeping.cgi?target=LISP "LISP is the easiest and most painless solution to bring Facebook IPv6 Experience with LISP IPv6 access to our critical Internet facing servers. We http://nanog.org/meetings/nanog50/presentations/Tuesday/NANOG required a few IPv6 addresses, $0 cost and 1/2 hour to 50.Talk9.lee_nanog50_atlanta_oct2010_007_publish.pdf setup. We made no provisions with our WAN/upstreams and no network infrastructure© 2012 Cisco and/or its affiliates. All rights reserved. changes.” Cisco Public 49 Rick Martin, State Network Engineering Lead, State of Arkansas
  • 46. LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy Support  Needs: Legacy Legacy Legacy Site Site Site Integrated Segmentation Minimal Infrastructure disruption LISP Site PxTR Global scale and interoperability Mapping IP Network DB  LISP Solution: 24-bit LISP Instance-ID segments control plane and data plane, with VRF binding to the Instance-ID West East DC DC  Benefits: Very high scale tenant segmentation Applicability: Global mobility + high scale segmentation integrated in single IP solution  Multi-provider Core IP-based “overlay” solution, transport  Encryption can be added independent No Inter-AS complexity© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  • 47. LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Concepts  Recalling that… LISP is “Locator/ID” separation… and creates two namespaces: EIDs and RLOCs  LISP Virtualization: - Considers both EID and RLOC namespaces; either or both can be virtualized - EID virtualization is enabled using LISP Instance-IDs in conjunction with VRFs - RLOC virtualization is enabled in conjunction with VRFs - Instance-IDs maintain address space segmentation in both the control plane and data plane - Instance-IDs are numerical tags defined in the LISP Canonical Address Format (LCAF) draft a 24-bit unstructured number Data-plane: in LISP encapsulation header Control-plane: EID encoded in LCAF format© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  • 48. LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Shared Model  Shared Model – at the device level - Multiple EID-prefixes are allocated privately using VRFs - EID lookups are in the VRF associated with an Instance-ID - All RLOC lookups are in a single table – default - The Mapping System is part of the locator address space and is shared To VPNs • EID namespace,(MPLS, 802.1Q, VRF Pink, IID 1 VRF-Lite, or To RLOC namespace separate networks) Pink Blue • Single RLOC namespace Default • Default table or RLOC VRF • EID namespace, VRF Blue, IID 2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
  • 49. LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Parallel Model  Parallel Model – at the device level - Multiple EID-prefixes are allocated privately using VRFs - EID lookups are in the VRF associated with an Instance-ID - RLOC lookups are in the VRF associated with the locator table - A Mapping System must be part of each locator address space To VPNs • EID namespace, • RLOC uses Pink(MPLS, 802.1Q, VRF Pink, IID 1 namespace To VPNs (MPLS, VRF-Lite, or 802.1Q, VRF-Lite, separate or separate networks) networks) Pink Blue Default • EID namespace, • RLOC uses Blue VRF Blue, IID 2 namespace© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  • 50. LISP Use Case 3 :: Efficient Virtualization – example/overview 10.1.1.0/24 10.3.1.0/24 Finance Transactions 10.2.1.0/24 vrf vrf vrf SOC Loop0 Loop0 xTR xTR 172.31.1.12/32 172.31.1.11/32 MS/MR MS/MR Gig1/1/0 Gig1/1/0 HQ Site 172.16.1.2/30 172.16.1.6/30 Gig1/1/0 Gig1/1/0 Loop0 172.16.2.2/30 172.16.3.2/30 Loop0 172.31.1.2/32 172.31.1.3/32 xTR xTR Site-2 vrf vrf Site-3 vrf vrf vrf vrf 10.2.2.0/24 10.2.3.0/24 10.1.2.0/24 10.3.2.0/24 10.1.3.0/24 10.3.3.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
  • 51. IOS/XE LISP Use Case 3 :: Efficient Virtualization – example/configurations hostname HQ-RTR-1 Main Configs… ! Combo xTR/MS/MR at Hub Site vrf definition TRANS ---<skip>--- -- this is the “xTR” part of the config ! vrf definition SOC ---<skip>--- ! vrf definition FIN ---<skip>--- ! interface Loopback0 ip address 172.31.1.1 255.255.255.255 ! router lisp interface GigabitEthernet0/0/0 eid-table default instance-id 0 ip address 172.16.1.2 255.255.255.252 database-mapping 172.31.1.1/32 172.16.1.2 priority 1 weight 50 negotiation auto database-mapping 172.31.1.1/32 172.16.1.6 priority 1 weight 50 ! exit interface GigabitEthernet0/0/1 ! vrf forwarding TRANS eid-table vrf TRANS instance-id 1 ip address 10.1.1.1 255.255.255.0 database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50 negotiation auto database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50 ! exit interface GigabitEthernet0/0/2 ! vrf forwarding SOC eid-table vrf SOC instance-id 2 ip address 10.2.1.1 255.255.255.0 database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50 negotiation auto database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50 ! exit interface GigabitEthernet0/0/3 ! vrf forwarding FIN eid-table vrf FIN instance-id 3 ip address 10.3.1.1 255.255.255.0 database-mapping 10.3.1.0/24 172.16.1.2 priority 1 weight 50 negotiation auto database-mapping 10.3.1.0/24 172.16.1.6 priority 1 weight 50 ! exit !© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
  • 52. IOS/XE LISP Use Case 3 :: Efficient Virtualization – example/configurations Main Configs… Combo xTR/MS/MR at Hub Site -- this is the “MS” part of the config router lisp ---<continued>--- ! site All-Sites authentication-key secret eid-prefix 172.31.1.0/24 accept-more-specifics eid-prefix instance-id 3 10.3.0.0/16 accept-more-specifics eid-prefix instance-id 2 10.2.0.0/16 accept-more-specifics eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics exit ! ipv4 map-server ipv4 map-resolver ipv4 itr map-resolver 172.16.1.2 ipv4 itr map-resolver 172.16.1.6 ipv4 itr ipv4 etr map-server 172.16.1.2 key S3CR3T ipv4 etr map-server 172.16.1.6 key S3CR3T ipv4 etr exit ! ip route 0.0.0.0 0.0.0.0 172.16.1.1© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
  • 53. IOS/XE LISP Use Case 3 :: Efficient Virtualization – example/configurations hostname SITE-2 Spoke Configs… ! -- this is the “xTR” part of the config vrf definition TRANS ---<skip>--- ! vrf definition SOC ---<skip>--- ! router lisp vrf definition FIN eid-table default instance-id 0 ---<skip>--- database-mapping 172.31.1.2/32 172.16.2.2 priority 1 weight 100 ! exit interface Loopback0 ! ip address 172.31.1.2 255.255.255.255 eid-table vrf TRANS instance-id 1 ! database-mapping 10.1.2.0/24 172.16.1.2 priority 1 weight 100 interface GigabitEthernet0/0/0 exit ip address 172.16.2.2 255.255.255.252 ! negotiation auto eid-table vrf SOC instance-id 2 ! database-mapping 10.2.2.0/24 172.16.1.2 priority 1 weight 100 interface GigabitEthernet0/0/1 exit vrf forwarding TRANS ! ip address 10.1.2.1 255.255.255.0 eid-table vrf FIN instance-id 3 negotiation auto database-mapping 10.3.2.0/24 172.16.1.2 priority 1 weight 100 ! exit interface GigabitEthernet0/0/2 ! vrf forwarding SOC ipv4 itr map-resolver 172.16.1.2 ip address 10.2.2.1 255.255.255.0 ipv4 itr map-resolver 172.16.1.6 negotiation auto ipv4 itr ! ipv4 etr map-server 172.16.1.2 key S3CR3T interface GigabitEthernet0/0/3 ipv4 etr map-server 172.16.1.6 key S3CR3T vrf forwarding FIN ipv4 etr ip address 10.3.2.1 255.255.255.0 exit negotiation auto ! ! ip route 0.0.0.0 0.0.0.0 172.16.2.1© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
  • 54. IOS/XE LISP Use Case 3 :: Efficient Virtualization – example/resultsHQ-RTR-1#ping ? WORD Ping destination address or hostname ---<skip>--- vrf Select VPN routing instanceHQ-RTR-1#ping vrf SOC 10.2.2.1 source 10.2.1.1 rep 100Type escape sequence to abort.Sending 100, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:Packet sent with a source address of 10.2.1.1..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/4 msHQ-RTR-1#--OR-- HQ-RTR-1#show ip lisp map-cache eid-table vrf SOCHQ-RTR-1#ping vrf SOC LISP IPv4 Mapping Cache for EID-table vrf SOC (IID 2), 2 entriesProtocol [ip]:Target IPv6 address: 10.2.2.1 0.0.0.0/0, uptime: 00:12:04, expires: never, via static send map-requestRepeat count [5]: Negative cache entry, action: send-map-requestDatagram size [100]: 10.2.2.0/24, uptime: 00:09:12, expires: 23:50:40, via map-reply, completeTimeout in seconds [2]: Locator Uptime State Pri/WgtExtended commands? [no]: y 172.16.2.2 00:09:12 up 1/1Source address or interface: 10.2.1.1 HQ-RTR-1#---<skip>---Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:Packet sent with a source address of 10.2.1.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 msHQ-RTR-1# its affiliates. All rights reserved. © 2012 Cisco and/or Cisco Public 58
  • 55. LISP Use Case 4 :: Data Center/VM Mobility Support • Needs: Data Internet Data VM-Mobility extending subnets and Center 1 Center 2 across subnets LISP LISP Move detection, dynamic EID-to-RLOC router VM move router mappings, traffic redirection VM VM • LISP Solution: a.b.c.1 a.b.c.1 OTV + LISP for VM-moves extending subnets Applicability: LISP for VM-moves across subnets  VM OS agnostic • Benefits:  Services Creation (disaster Seamless, integrated, global workload mobility recovery, cloud burst, etc.) Direct Path (no triangulation) Connections survive across moves No routing re-convergence, no DNS updates Global Scalability (cloud bursting) IPv4/IPv6 Support ARP elimination© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
  • 56. LISP Use Case 4 :: Data Center/VM Mobility – example/overview H1 : 10.3.3.3/24 Non-LISP H2 : 10.4.4.4/24 Site LISP Site 10.3.3.0/24 xTR PxTR Mapping 10.100.1.1 System 172.16.10.1 172.17.4.4 IP Network A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6 VM-mob VM-mob xTR xTR 10.1.0.0/16 10.2.0.0/16 West-DC East-DC Server A Moves Across Subnets VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
  • 57. feature lisp feature lispip lisp itr-etr ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 192.168.13.2 ip lisp database-mapping 10.1.0.0/16 192.168.13.2 NX-OSpriority 1 weight 50 priority 1 weight 50ip lisp database-mapping 10.1.0.0/16 192.168.13.6 ip lisp database-mapping 10.1.0.0/16 192.168.13.6priority 1 weight 50 priority 1 weight 50 LISP Use Case 4 :: Data Center/VM Mobility – example/configurationsip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco ip lisp itr map-resolver 10.100.1.1 ip lisp etr map-server 10.100.1.1 key ciscolisp dynamic-eid LISP_ACROSS_SUBNET lisp dynamic-eid LISP_ACROSS_SUBNET database-mapping 10.3.3.3/24 H1 : 10.1.1.0/24 192.168.13.2 database-mapping 10.1.1.0/24 192.168.13.2 : 10.4.4.4/24 Non-LISP H2priority 1 weight 50 priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.13.6 Site database-mapping 10.1.1.0/24 192.168.13.6priority 1 weight 50 priority 1 weight 50 LISP Site map-notify-group 239.1.1.11 map-notify-group 239.1.1.11 10.3.3.0/24interface Vlan907 interface Vlan907 ip address 10.1.1.2/24 xTR PxTR ip address 10.1.1.3/24 Mapping lisp mobility LISP_ACROSS_SUBNET lisp mobility LISP_ACROSS_SUBNET ip proxy-arp ip proxy-arp 10.100.1.1 System 172.16.10.1 172.17.4.4 hsrp 17 hsrp 17 mac-address 0000.0E1D.010C mac-address 0000.0E1D.010C preempt delay minimum 300 IP Network preempt delay minimum 300 priority 200 priority 190 ip 10.1.1.1 ip 10.1.1.1 A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6 VM-mob VM-mob xTR xTR 10.1.0.0/16 10.2.0.0/16 West-DC East-DC Server A Moves Across Subnets VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
  • 58. feature lisp feature lisp ip lisp itr-etr ip lisp itr-etr ip lisp database-mapping 10.2.0.0/16 192.168.23.2 NX-OS ip lisp database-mapping 10.2.0.0/16 192.168.23.2 priority 1 weight 50 priority 1 weight 50 ip lisp database-mapping 10.2.0.0/16 192.168.23.6 ip lisp database-mapping 10.2.0.0/16 192.168.23.6 priority 1 weight 50 priority 1 weight 50 LISP Use Case 4 :: Data Center/VM Mobility – example/configurations ip lisp itr map-resolver 10.100.1.1 ip lisp itr map-resolver 10.100.1.1 ip lisp etr map-server 10.100.1.1 key cisco ip lisp etr map-server 10.100.1.1 key cisco lisp dynamic-eid LISP_ACROSS_SUBNET lisp dynamic-eid LISP_ACROSS_SUBNET database-mapping 10.1.1.0/24 192.168.23.2 database-mapping 10.1.1.0/24 192.168.23.2 H1 priority 1 weight 50 : 10.3.3.3/24 Non-LISP H2 : 10.4.4.4/24 priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.23.6 Site database-mapping 10.1.1.0/24 192.168.23.6 priority 1 weight 50 priority 1 weight 50 LISP Site map-notify-group 239.1.1.12 map-notify-group 239.1.1.12 10.3.3.0/24 Vlan907 interface interface Vlan907 ip address 10.2.2.2/24 ip address 10.2.2.3/24 lisp mobility LISP_ACROSS_SUBNET xTR PxTR lisp mobility LISP_ACROSS_SUBNET Mapping ip proxy-arp ip proxy-arp 10.100.1.1 System 172.16.10.1 172.17.4.4 hsrp 17 hsrp 17 mac-address 0000.0E1D.010C mac-address 0000.0E1D.010C preempt delay minimum 300 preempt delay minimum 300 priority 200 IP Network priority 190 ip 10.2.2.1 ip 10.2.2.1 A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6 VM-mob VM-mob xTR xTR 10.1.0.0/16 10.2.0.0/16 West-DC East-DC Server A Moves Across Subnets VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
  • 59. feature lisp feature lispip lisp itr-etr ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 192.168.13.2 NX-OS ip lisp database-mapping 10.2.0.0/16 192.168.23.2priority 1 weight 50 priority 1 weight 50ip lisp database-mapping 10.1.0.0/16 192.168.13.6 ip lisp database-mapping 10.2.0.0/16 192.168.23.6priority 1 weight 50 priority 1 weight 50 LISP Use Case 4 :: Data Center/VM Mobility – example/configurationsip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco ip lisp itr map-resolver 10.100.1.1 ip lisp etr map-server 10.100.1.1 key ciscolisp dynamic-eid LISP_ACROSS_SUBNET lisp dynamic-eid LISP_ACROSS_SUBNET database-mapping 10.1.1.0/24 192.168.13.2 database-mapping 10.1.1.0/24 192.168.23.2 Non-LISP H2 : 10.4.4.4/24priority 1 weight : 10.3.3.3/24 H1 50 priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.13.6 Site database-mapping 10.1.1.0/24 192.168.23.6priority 1 weight 50 priority 1 weight 50 LISP Site map-notify-group 239.1.1.11 map-notify-group 239.1.1.12 10.3.3.0/24interface Vlan907 interface Vlan907 ip address 10.1.1.2/24 ip address 10.2.2.3/24 xTR lisp mobility LISP_ACROSS_SUBNET PxTR lisp mobility LISP_ACROSS_SUBNET Mapping ip proxy-arp ip proxy-arp 10.100.1.1 System 172.16.10.1 172.17.4.4 hsrp 17 hsrp 17 mac-address 0000.0E1D.010C mac-address 0000.0E1D.010C preempt delay minimum 300 preempt delay minimum 300 priority 200 IP Network priority 190 ip 10.1.1.1 ip 10.2.2.1 A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6 VM-mob VM-mob xTR xTR 10.1.0.0/16 10.2.0.0/16 West-DC East-DC Server A Moves Across Subnets VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
  • 60. NX-OS LISP Use Case 4 :: Data Center/VM Mobility – example/configurations H1 : 10.3.3.3/24 Non-LISP H2 : 10.4.4.4/24 Site LISP Site 10.3.3.0/24 xTR PxTR Mapping 10.100.1.1 System 172.16.10.1 172.17.4.4 IP Network feature lisp ip lisp itr-etr A: 192.168.13.2 B: 192.168.13.6 ip lisp database-mapping 10.3.3.0/24 172.16.10.1 C: 192.168.23.2 D: 192.168.23.6 priority 1 weight 1 ip lisp itr map-resolver 10.100.1.1 VM-mob feature lisp VM-mob ip lisp etr map-server 10.100.1.1 key cisco ip lisp map-resolver xTR ip lisp map-server xTR lisp site BRANCH eid-prefix 10.3.3.0/24 authentication-key cisco 10.1.0.0/16 lisp site DATA_CENTER 10.2.0.0/16 eid-prefix 10.1.0.0/16 West-DC eid-prefix 10.2.0.0/16 East-DC eid-prefix 10.1.1.0/24 accept-more-specifics Server A Moves authentication-key cisco Across Subnets VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
  • 61. NX-OS LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows H1 : 10.3.3.3/24 Before Move Non-LISP H2 : 10.4.4.4/24 Site 10.3.3.3 -> 10.1.1.11 LISP Site 10.3.3.0/24 10.1.1.11 -> 10.3.3.3 xTR PxTR Mapping 10.100.1.1 System 172.16.10.1 172.17.4.4 172.16.10.1 -> 192.168.13.6 10.3.3.3 -> 10.1.1.11 IP Network 192.168.13.6 -> 172.16.10.1 A: 192.168.13.2 10.1.1.11 -> 10.3.3.3B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6 VM-mob VM-mob xTR xTR 10.3.3.3 -> 10.1.1.11 10.1.0.0/16 10.1.1.11 -> 10.3.3.3 10.2.0.0/16 West-DC East-DC Server A Moves Across Subnets VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
  • 62. NX-OS LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows H1 : 10.3.3.3/24 Before Move Non-LISP H2 : 10.4.4.4/24 Site 10.4.4.4 -> 10.1.1.11 LISP Site 10.3.3.0/24 10.1.1.11 -> 10.4.4.4 xTR PxTR Mapping 10.100.1.1 System 172.16.10.1 172.17.4.4 172.17.4.4 -> 192.168.13.6 IP Network 10.4.4.4 -> 10.1.1.11 A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6 VM-mob VM-mob xTR xTR 10.4.4.4 -> 10.1.1.11 10.1.0.0/16 10.1.1.11 -> 10.4.4.4 10.2.0.0/16 West-DC East-DC Server A Moves Across Subnets VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
  • 63. NX-OS LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows H1 : 10.3.3.3/24 VM Move/LISP Updates Non-LISP H2 : 10.4.4.4/24 Site LISP Site 10.3.3.0/24 8: Map-Req/Map-Rep updates map-cache info xTR PxTR Mapping 10.100.1.1 System 172.16.10.1 172.17.4.4 7: “SMR” prior talkers (map-cache entry and data-driven) IP Network 4: Register /32 A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6 5: Map-Notify previous registrant VM-mob VM-mob 6: Peer move notify xTR xTR 3: Peer move notify 2: Move detected 10.1.0.0/16 10.2.0.0/16 West-DC East-DC VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24 1: VM-Moves© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
  • 64. NX-OS LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows H1 : 10.3.3.3/24 After Move Non-LISP H2 : 10.4.4.4/24 Site 10.3.3.3 -> 10.1.1.11 Same! LISP Site 10.3.3.0/24 10.1.1.11 -> 10.3.3.3 xTR PxTR Mapping 10.100.1.1 System 172.16.10.1 172.17.4.4 172.16.10.1 -> 192.168.23.2 New! IP Network 10.3.3.3 -> 10.1.1.11 A: 192.168.13.2 B: 192.168.13.6172.16.10.1 C: 192.168.23.2 192.168.23.2 -> D: 192.168.23.6 10.1.1.11 -> 10.3.0.3 VM-mob VM-mob xTR xTR 10.3.0.3 -> 10.1.1.11 10.1.0.0/16 10.2.0.0/16 10.1.1.11 -> 10.3.0.3 West-DC East-DC VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
  • 65. NX-OS LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows H1 : 10.3.3.3/24 After Move Non-LISP H2 : 10.4.4.4/24 Site 10.4.4.4 -> 10.1.1.11 Same! LISP Site 10.1.1.11 -> 10.4.4.4 10.3.3.0/24 xTR PxTR Mapping 10.100.1.1 System 172.16.10.1 172.17.4.4 172.17.4.4 -> 192.168.23.6 New! 12 10.4.0.4 -> 10.1.1.11 IP Network A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6 VM-mob VM-mob xTR xTR 10.4.4.4 -> 10.1.1.11 10.1.0.0/16 10.1.1.11 -> 10.4.4.4 10.2.0.0/16 West-DC East-DC VM3 : 10.2.2.2/24 VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
  • 66. LISP Use Case 5 :: LISP Mobile-Node • Needs: Any 3G/4G Any WiFi Mobile devices roaming across any Network Network access media without connection reset Mobile device keeps the same IP address Dynamic Dynamic forever RLOC RLOC • LISP Solution: dino.cisco.com LISP level of indirection separates endpoints and locators Static EID: 2610:00d0:xxxx::1/128 Scalable, host-level registration (1010) Applicability: • Benefits: MNs can roam and stay connected  Android and Linux MNs can be servers  IPv4 and IPv6 MNs roam without DNS changes MNs can use multiple interfaces Packet “near-stretch-1” minimizes latency© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
  • 67. LISP-MN Mobility: Any Network, Anytime, Anywhere Session Continuity While Roaming LISP Site Mapping I’m @ Operator A System (3G) I’m @ Operator A I’m @ (offload to WiFi) Starbucks Starbucks 3G WiFi (Operator A) SP WiFi (Operator A) Data Packets Control Packets© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
  • 68. LISP-MN Handoff and/or Locator Set Change • A mobility event happens when a locator (or locator set) changes A LISP-MN device roams to a different network… A new interface comes up… • The LISP-MN device: Registers the new location with the mapping system… Sends a Solicit-Map-Request (SMR) message to all the LISP sites in the mobile node’s map-cache (sites with which it is communicating) • The remote LISP site (ITR) upon receiving an SMR… Sends a new Map-Request for the LISP-MN EID Update its mappings Starts encapsulating data to the new location • The remote LISP site is updated with the location within 3 messages SMR, Map-Request, Map-Reply© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
  • 69. LISP-MN Handoff and/or Locator Set Change MR MS Mapping System MR MS 65.1.1.1 66.2.2.2 PI EID-prefix 2.0.0.0/24 3G Carrier 1 Provider A xTR-1 12.0.0.0/8 10.0.0.0/8 12.0.0.2 ETR 3G ITR 10.0.0.2 LISP-MN EID S ETR 11.0.0.2 3G Carrier 2 3.0.0.3/32 ITR 13.0.0.0/8 xTR-2 Provider B 11.0.0.0/8 LISP xTR LISP Site 1 SP WiFi Map-Cache Entry 14.0.0.0/8 EID-prefix: 3.0.0.3/32 Locator-set: 12.0.0.2, priority: 1, weight: 100© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
  • 70. LISP-MN Handoff and/or Locator Set Change 14.0.0.2-> 66.2.2.2 LISP Map-Register MR MS Mapping System MR MS (udp 4342) SHA-1 3.0.0.3/32 65.1.1.1 66.2.2.2 14.0.0.2 PI EID-prefix 2.0.0.0/24 Map-Request 3G Carrier 1 Provider A xTR-1 12.0.0.0/8 10.0.0.0/8 ETR Map-Reply ITR 10.0.0.2 S ETR 11.0.0.2 3G Carrier 2 ITR 13.0.0.0/8 xTR-2 Provider B 14.0.0.2 11.0.0.0/8 WiFi SMR LISP Site 1 SP WiFi Map-Cache Entry 14.0.0.0/8 LISP-MN EID 3.0.0.3/32 EID-prefix: 3.0.0.3/32 Locator-set: 12.0.0.2, priority: 1, weight: 100 14.0.0.2,© 2012 Cisco and/or its affiliates. All rights reserved. LISP xTR Cisco Public 74
  • 71. LISP Overview LISP Operations LISP Use CasesLISP Status LISP Summary LISP References
  • 72. LISP Standardization Effort Status Draft Next Steps/Target LISP base protocol (draft-ietf-lisp-19) IESG Evaluation… LISP+ALT (draft-ietf-lisp-alt-10) Approved! Experimental RFC LISP Map Server (draft-ietf-lisp-ms-14) AD Evaluation… LISP Interworking (draft-ietf-lisp-interworking-02) AD Evaluation… LISP Map Versioning (draft-ietf-lisp-map-versioning-06) AD Evaluation… LISP Multicast (draft-ietf-lisp-multicast-12) IESG Evaluation… LISP Internet Groper (draft-ietf-lisp-lig-06) Approved! Experimental RFC LISP Mobile Node (draft-meyer-lisp-mn-06) Proposed for WG adoption (3 prototypes available) LISP Canonical Address Format (draft-farinacci-lisp-lcaf- Proposed for WG adoption 06) LISP MIB (draft-ietf-lisp-mib-03) Active… LISP Deployment (draft-ietf-lisp-deployment-02) Active… LISP SEC (draft-ietf-lisp-sec-01) Active… LISP Threats (draft-ietf-lisp-threats-00) Active… LISP EID Block (draft-ietf-lisp-eid-block-01) Active… IETF LISP WG: http://tools.ietf.org/wg/lisp/© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
  • 73. LISP Deployments - International LISP Beta Network  LISP Community Operated - >4 years operational - >140+ sites, 26 countries  Nine LISP implementations deployed today - Cisco: IOS, IOS-XE, NX-OS - Furukawa Network Solution Corporation FITELnet-G21 - FreeBSD: OpenLISP http://www.lisp.intouch.eu/ - Linux: OpenWrt, Aless, LISPmob http://lisp.cisco.com - Android (Gingerbread) http://www.lisp6.facebook.com - Plus a few others… ;-) http:/lisp.isarnet.net/ and more…© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
  • 74. Cisco’s LISP Software Release Strategy – Development Strategy  Early Deployment (ED) software – Engineering Builds - LISP ED releases available on CCO as “hidden” posts - Not orderable via the Cisco Global Configuration tool - Intended only for deployment on LISP nodes - Not intended nor recommended for production deployment scenarios - TAC supported (unless deployed in non-LISP environment) - Refer to LISP Early ED Software Release Product Bulletin for details  Production LISP Deployment Software – Mainline Integration - LISP production software images available via CCO download - Orderable via the Cisco Global Configuration tool - Approved for use in all production deployment scenarios - TAC supported Cisco LISP Code: http://lisp.cisco.com© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
  • 75. LISP Software Release Strategy – Available Releases!  Cisco Releases Cisco LISP Releases: http://lisp.cisco.com - IOS since December 2009… ISR, ISRG2, 7200 - IOS-XE since March 2010… ASR1K - NX-OS since December 2009… Nexus 7000, UCS C200 - Coming soon… Catalyst 6500, ASR9K, CRS-3, and others…  Other LISP Releases Other LISP Releases: http://www.lisp4.net - Furukawa Network Solutions Corp http://www.lisp6.net - FreeBSD OpenLISP - Linux Aless LISPmob OpenWrt (coming soon…) - Android Gingerbread (coming soon…) - Other vendors… Check back!!© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
  • 76. LISP Overview LISP Operations LISP Use Cases LISP StatusLISP Summary LISP References
  • 77. LISP – A Routing Architecture; Not a Feature  Enables IP Number Portability  Creates a Level of Indirection - With session survivability - Separates End-Host and Site addresses - Never change host IP addresses; No renumbering costs  Deployment simplicity - No DNS “name == EID” binding change - No host changes - Minimal CPE changes  Uses pull vs. push routing - Some new core infrastructure - OSPF and BGP are push models; components routing stored in the forwarding plane - LISP is a pull model; Analogous to DNS;  Enables other interesting features massively scalable - Simplified multi-homing with Ingress traffic Engineering – without the need for BGP  An over-the-top technology - End-host mobility without renumbering - Address Family agnostic - Address Family agnostic support - Incrementally deployable - No changes in end systems  An Open Standard - No Cisco Intellectual Property Rights© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
  • 78. LISP Overview LISP Operations LISP Use Cases LISP Status LISP SummaryLISP References
  • 79. LISP Information and Mailing Lists  LISP Information - IETF LISP Working Group http://tools.ietf.org/wg/lisp/ - LISP Beta Network Site http://www.lisp4.net & http://www.lisp6.net - Cisco LISP Site http://lisp.cisco.com (ipv4 and IPv6) - Cisco LISP Marketing Site http://www.cisco.com/go/lisp/  LISP Mailing Lists - IETF LISP Working Group http://tools.ietf.org/wg/lisp/ - LISP Interest (public) lisp-interest@puck.nether.net - Cisco LISP Questions lisp-support@cisco.com - LISPmob Questions users@lispmob.org© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
  • 80. • Thank you! • Please complete the post-event survey. • Join us February 8 for our next webinar: Recommendations for Network Application Identification and Policy To register, go to www.cisco.com/go/iosadvantage© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
  • 81. Thank you.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 85