Cisco IOS Advantage WebinarsLISP - A Next GenerationNetworking ArchitectureGregg SchudelWe’ll get started a few minutes pa...
 Speakers                                                  Panelists          ‒ Gregg Schudel                           ...
• Submit questions in Q&A panel and send to       “All Panelists”              Avoid CHAT window for better access to pane...
Session Agenda         LISP Overview         LISP Operations         LISP Use Cases         LISP Status         LISP ...
LISP Overview   LISP Operations   LISP Use Cases   LISP Status   LISP Summary   LISP References
Session Objectives         At the end of this session, you should be able to:                      − Understand the level...
IP Addressing “Overloaded” Semantics   The IP address is “overloaded” on    location and identity           − Today, “add...
Locator/ID separation is not new as a concept…         Two basic approaches:                − Translation                ...
Locator/ID Split helps resolve route scaling problems     Today’s Internet Behavior                                      ...
Locator/ID split enables other (more important) benefits…     Today’s Internet Behavior                                  ...
Main attributes of LISP                                                                                               EID ...
LISP Mapping Resolution – DNS analog…          LISP “Level of Indirection” is analogous to a DNS lookup                   ...
LISP OverviewLISP Operations   LISP Use Cases   LISP Status   LISP Summary   LISP References
draft-ietf-lisp-19   LISP IPv4 EID/IPv4 RLOC Header Example           IPv4 Outer Header:              Router supplies     ...
draft-ietf-lisp-19   LISP Encapsulation Combinations – IPv4 and IPv6 Supported          IPv4                              ...
LISP Data Plane :: Ingress/Egress Tunnel Router (xTR)      ITR – Ingress Tunnel Router                                    ...
LISP Data Plane :: Unicast Packet Forwarding                                                                     Map-Cache...
LISP Control Plane :: Introduction         LISP creates a “level of indirection”                      − Decouples host ID...
LISP Control Plane :: Control Plane Messages         Control Plane EID Registration services                      − Map-R...
LISP Control Plane :: Map-Server/Map-Resolver (MS/MR)              NOTE:An MR/MS need not be deployedas a router. A 1RU se...
LISP Control Plane :: Mapping Database (ETR), Map-Cache (ITR)                                                             ...
LISP Control Plane :: Map Registration Example                                                                     2      ...
LISP Control Plane :: Map Request/Map Reply Example                                                                     3 ...
LISP Control Plane :: Proxy Map Reply Example                                                               3             ...
LISP Control Plane :: Negative Map Reply Example                                                                   2      ...
LISP Interworking :: Day-One Incremental Deployment         Early Recognition                      − LISP will not be wid...
LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR)                                                      ...
LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR)                                                      ...
LISP Overview   LISP OperationsLISP Use Cases   LISP Status   LISP Summary   LISP References
Five Core LISP Use Cases          1. Efficient Multihoming          2. IPv6 Transition Support          3. Efficient Virtu...
LISP Use Case 1 :: Efficient Multihoming Support      Needs:                ‒ Site connectivity to multiple providers    ...
LISP Use Case 1 :: Efficient Multihoming – example/requirements      Multi-Homed Remote-Sites:                ‒      Site...
LISP Use Case 1 :: Efficient Multihoming – example/overview                                                               ...
LISP Use Case 1 :: Efficient Multihoming – example/configurations                                                         ...
LISP Use Case 1 :: Efficient Multihoming – example/packet flows                                                           ...
LISP Use Case 1 :: Side Note – other IOS feature interactions                                                             ...
LISP Use Case 2 :: IPv6 Transition Support                                                            Connecting IPv6 Isla...
LISP Use Case 2 :: Side Note – IPv6 transition strategies       LISP provides AF “hop-over” support…       If you’re car...
LISP Use Case 2 :: IPv6 Transition – example/requirements      IPv6 access to company web site:                 Existing ...
LISP Use Case 2 :: IPv6 Transition – example/overview                                                                     ...
LISP Use Case 2 :: IPv6 Transition – example/addressing                                                                   ...
LISP Use Case 2 :: IPv6 Transition – example/configurations                                                               ...
LISP Use Case 2 :: IPv6 Transition – example/results                                                                      ...
LISP Use Case 2 :: IPv6 Transition – example/packet flows                                                                 ...
LISP Use Case 2 :: IPv6 Transition – other happy customers ;-) World IPv6 Day Sites using LISP Cisco         lisp.cisco.co...
LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy Support     Needs:                                             ...
LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Concepts         Recalling that… LISP is “Locator/ID” separat...
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)
Upcoming SlideShare
Loading in …5
×

LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)

9,166 views

Published on

LISP implements a new routing architecture that utilizes a "level of indirection" to separate an IP address into two namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system.

In addition to helping solve routing scalability issues, LISP provides many other benefits, including: Low OpEx multihoming with ingress traffic engineering; efficient IPv6 Transition support; high-scale Virtualization/Multi-tenancy support; Data Center/VM-mobility support, including session persistence across mobility events; and seamless mobile node support.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
9,166
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
260
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

LISP: The Next Generation Networking Architecture (IOS Advantage Webinar)

  1. 1. Cisco IOS Advantage WebinarsLISP - A Next GenerationNetworking ArchitectureGregg SchudelWe’ll get started a few minutes past the top of the hour.Note: you may not hear any audio until we get started.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  2. 2.  Speakers  Panelists ‒ Gregg Schudel ‒ Darrel Lewis Technical Marketing Engineer, LISP Team Technical Leader, LISP Team gschudel@cisco.com ‒ Vince Fuller Technical Leader, LISP Team© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  3. 3. • Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists• For Webex audio, select COMMUNICATE > Join Audio Broadcast• For Webex call back, click ALLOW Phone button at the bottom of Participants side panel• Where can I get the presentation? https://communities.cisco.com/docs/DOC-27853 Or send email to: ask_iosadvantage@cisco.com• Please fill in Survey at end of event• Join us on February 8 for our next IOS Advantage Webinar: Recommendations for Network Application Identification and Policy© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  4. 4. Session Agenda  LISP Overview  LISP Operations  LISP Use Cases  LISP Status  LISP Summary  LISP References© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  5. 5. LISP Overview LISP Operations LISP Use Cases LISP Status LISP Summary LISP References
  6. 6. Session Objectives  At the end of this session, you should be able to: − Understand the level of indirection between EID and RLOC namespace enabled by LISP − Understand the Address Family agnostic attributes of LISP − Understand how the level of indirection and AF agnostic attributes enable other benefits such as inherent multi-homing support with ingress TE, inherent IPv6 transition support, inherent virtualization support, and inherent mobility support − Understand the five major LISP Use Cases© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  7. 7. IP Addressing “Overloaded” Semantics  The IP address is “overloaded” on location and identity − Today, “addressing follows topology” making efficient aggregation only available for Provider Assigned (PA) addresses − Ingress Traffic Engineering usually requires Provider Independent (PI) addresses and sometimes the injection of “more specifics” – this limits route aggregation compactness − IPv6 does not fix this  Route scaling issues drive system (router) costs higher − Routers require expensive memory in the forwarding plane (FIB) “… routing scalability is the most − Drivers for route scaling are seen in Data important problem facing the Internet Centers and for Mobility (not just the today and must be solved … ” Internet DFZ) Internet Architecture Board (IAB) October 2006 Workshop (written as RFC 4984)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  8. 8. Locator/ID separation is not new as a concept…  Two basic approaches: − Translation IPv4 NAT is a common (but inefficient) way to perform Location and Identity separation Translation has (well known) drawbacks with referrals The translation table is limited to the router (local scope) − Tunnels/Encapsulation (Map & Encap): Preserves hosts packet across the core Requires a mapping function (e.g. static in the case of GRE tunnels)  A separate Mapping System is key to enabling prefix removal from the core routing table (and minimization of de-aggregation) − NAT, for example, has a local scope known only to that device − GRE has static end-points and explicit scope known only to configured sites − To achieve global scope requires Mapping Database System that can provide on a dynamic basis, EID-to-RLOC relationship information© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  9. 9. Locator/ID Split helps resolve route scaling problems  Today’s Internet Behavior DFZ − The “Default Free Zone” (DFZ) contains all types or routes: Edge (site) routes Internet Core (Provider) route More specifics of both types for TE purposes − In this model, everything goes in the DFZ  LISP Behavior LISP Map System DFZ Mapping − Locator/ID “split” architecture treats System “core” and “site” prefixes differently − In this model, prefixes describing core topology (locators) go in the DFZ; Internet prefixes describing end sites (EIDs) go in the LISP mapping system© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  10. 10. Locator/ID split enables other (more important) benefits…  Today’s Internet Behavior Internet x.y.z.1 Device IPv4 or IPv6 When the device moves, it gets address represents a new IPv4 or IPv6 address for identity and location w.z.y.9 its new identity and location  LISP Behavior Internet x.y.z.1 Device IPv4 or IPv6 a.b.c.1 When the device moves, keeps address represents e.f.g.7 its IPv4 or IPv6 address. identity only x.y.z.1 It has the same identity Only the location changes© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  11. 11. Main attributes of LISP EID a.a.a.0/24 RLOC w.x.y.1 b.b.b.0/24 x.y.w.2 MS/MR c.c.c.0/24 d.d.0.0/16 z.q.r.5 z.q.r.5 EID RLOC EID Space a.a.a.0/24 b.b.b.0/24 w.x.y.1 x.y.w.2 c.c.c.0/24 z.q.r.5  EID (Endpoint Identifier) is the IP d.d.0.0/16 z.q.r.5 address of a host – just as it is today EID a.a.a.0/24 b.b.b.0/24 RLOC w.x.y.1 x.y.w.2 Non-LISP xTR c.c.c.0/24 d.d.0.0/16 z.q.r.5 z.q.r.5  RLOC (Routing Locator) is the IP EID-to- address of the LISP router for the host Prefix Next-hop w.x.y.1 x.y.w.2 e.f.g.h e.f.g.h RLOC z.q.r.5 z.q.r.5 e.f.g.h e.f.g.h mapping  EID-to-RLOC mapping is the PxTR distributed architecture that maps RLOC Space EIDs to RLOCs xTR EID Space xTR  Network-based solution  Address Family agnostic  No host changes  Incrementally deployable  Minimal configuration (support LISP and non-LISP)  No DNS changes  Support for mobility© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  12. 12. LISP Mapping Resolution – DNS analog… LISP “Level of Indirection” is analogous to a DNS lookup  DNS resolves IP addresses for URLs [ who is lisp.cisco.com ] ? DNS DNS host Server Name-to-IP [153.16.5.29, 2610:D0:110C:1::3 ] URL Resolution  LISP resolves locators for queried identities [ where is 2610:D0:110C:1::3 ] ? LISP LISP LISP Mapping Identity-to-locator router [ locator is 128.107.81.169 ] System Mapping Resolution© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  13. 13. LISP OverviewLISP Operations LISP Use Cases LISP Status LISP Summary LISP References
  14. 14. draft-ietf-lisp-19 LISP IPv4 EID/IPv4 RLOC Header Example IPv4 Outer Header: Router supplies RLOCs UDP LISP header IPv4 Inner Header: Host supplies EIDs© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  15. 15. draft-ietf-lisp-19 LISP Encapsulation Combinations – IPv4 and IPv6 Supported IPv4 IPv4 Outer Outer Header Header UDP UDP LISP LISP IPv4 Inner Header IPv6 Inner IPv4/IPv4 Header IPv4/IPv6 IPv6 Outer Header IPv6 Outer UDP Header LISP UDP LISP IPv6 Inner IPv4 Header Inner Header IPv6/IPv6 IPv6/IPv4© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  16. 16. LISP Data Plane :: Ingress/Egress Tunnel Router (xTR) ITR – Ingress Tunnel Router ETR – Egress Tunnel Router • Receives packets from site-facing interfaces • Receives packets from core-facing interfaces • Encap to remote LISP sites, or native-fwd to • De-cap, deliver packets to local EIDs at site non-LISP sites Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR ITR packet flow packet flow S ETR ETR ITR ITR D Provider B Provider Y xTR-2 xTR-2 11.0.0.0/8 13.0.0.0/8 LISP Site 1 LISP Site 2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  17. 17. LISP Data Plane :: Unicast Packet Forwarding Map-Cache Entry EID-prefix: 2001:db8:2::/48 Locator-set: 12.0.0.2, priority: 1, weight: 50 (D1) This policy controlled by the destination site 13.0.0.2, priority: 1, weight: 50 (D2) PI EID-prefix PI EID-prefix 3 2001:db8:1::/48 2001:db8:2::/48 Provider A Provider X 2001:db8:1::1 -> 2001:db8:2::1 xTR-1 xTR-12 2001:db8:1::1 -> 2001:db8:2::1 10.0.0.0/8 12.0.0.0/8 7 ETR 6 ETR ITR 10.0.0.2 12.0.0.2 ITR 11.0.0.2 -> 12.0.0.2 2001:db8:1::1 -> 2001:db8:2::1 5 S ETR 11.0.0.2 13.0.0.2 ETR ITR ITR D Provider B Provider Y xTR-2 xTR-2 11.0.0.0/8 4 13.0.0.0/81 11.0.0.2 -> 12.0.0.2 DNS entry: Site 1 LISP 2001:db8:1::1 -> 2001:db8:2::1 LISP Site 2 D.abc.com AAAA 2001:db8:2::1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  18. 18. LISP Control Plane :: Introduction  LISP creates a “level of indirection” − Decouples host IDENTITY and LOCATION − Requires dynamic IDENTITY-to-LOCATION mapping resolution  LISP Control Plane Provides On-Demand Mappings − Control Plane is Out-of-Band − Map-Resolver and Map-Server (similar to DNS Resolver and DNS Server) − LISP Control Plane Messages for EID-to-RLOC resolution − Distributed databases and map-caches hold mappings© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  19. 19. LISP Control Plane :: Control Plane Messages  Control Plane EID Registration services − Map-Register message Sent by ETR to Map-Server to register its associated EID prefixes Specifies the RLOC(s) to be used by the Map-Server when forwarding Map-Requests to the ETR  Control Plane “Data-triggered” mapping service − Map-Request message Sent by an ITR when it needs for EID/RLOC mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration − Map-Reply message Sent by an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress Policy for the requested EID© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  20. 20. LISP Control Plane :: Map-Server/Map-Resolver (MS/MR) NOTE:An MR/MS need not be deployedas a router. A 1RU server can be MR MS used to implement the LISP control plane, for example. Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR ITR S ETR MS – Map-Server ETR MR – Map-Resolver • LISP site ETRs Register their EID prefixes ITR ITR here; requires configured “lisp site” policy, D • Receives Map-Request from ITR. B xTR-2 Provider Provider Y xTR-2 authentication key • Forwards Map-Request onto ALT topology 11.0.0.0/8 13.0.0.0/8 • Injects routes for registered site EID prefixes • Sends Negative Map-Replies in response into BGP ALT topology to Map-Requests for non-LISP sites LISP Site 1 LISP Site 2 • Receives Map-Requests via ALT and forwards them to registered ETRs© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  21. 21. LISP Control Plane :: Mapping Database (ETR), Map-Cache (ITR) LISP Site Mapping-Database (ETR) MR MS • EID-to-RLOC mappings in all ETRs for local LISP site • ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs • ETRs can tailor policy based on Map-Request source • Decentralization increases attack resiliency Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR ITR S ETR LISP Map Cache (ITR) ETR ITR ITR D • “Lives” on ITRs and only stores mappings for sites to which Provider Y ITR is currently sending packets. B xTR-2 Provider 13.0.0.0/8 xTR-2 11.0.0.0/8 • Map-Cache populated by sending Map-Requests and receiving Map-Replies from ETRs LISP Site 1 • ITRs must respect Map-Reply policy, including TTLs, RLOC LISP Site 2 up/down status, RLOC priorities/weights© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  22. 22. LISP Control Plane :: Map Registration Example 2 Other 2001:db8::/32 sites… 1 MR MS 12.0.0.2-> 66.2.2.2 LISP Map-Register (udp 4342) 66.2.2.2 SHA-2 2001:db8:2::/48 PI EID-prefix 12.0.0.2, 13.0.0.2 PI EID-prefix 2001:db8:1::/48 2001:db8:2::/48 Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR 10.0.0.2 12.0.0.2 ITR S ETR 11.0.0.2 13.0.0.2 ETR ITR ITR D Provider B Provider Y xTR-2 xTR-2 11.0.0.0/8 13.0.0.0/8 LISP Site 1 LISP Site 2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  23. 23. LISP Control Plane :: Map Request/Map Reply Example 3 4 11.0.0.2-> 66.2.2.2 66.2.2.2-> 12.0.0.2 LISP ECM MR MS LISP ECM (udp 4342) (udp 4342) 11.0.0.2 -> 2001:db8:2::1 11.0.0.2 -> 2001:db8:2::1 Map-Request 66.2.2.2 Map-Request (udp 4342) (udp 4342) nonce nonce PI EID-prefix PI EID-prefix 2001:db8:1::/48 Map-Cache Entry 2001:db8:2::/48 6 EID-prefix: 2001:db8:2::/48 Provider A Provider X xTR-1 xTR-12 2001:db8:1::1 -> 2001:db8:2::1 10.0.0.0/8 Locator-set: 12.0.0.0/8 ETR ETR 12.0.0.2, priority: 1, weight: 50 (D1) ITR 10.0.0.2 12.0.0.2 ITR 13.0.0.2, priority: 1, weight: 50 (D2) S ETR 11.0.0.2 5 13.0.0.2 ETR ITR ITR D Provider B 12.0.0.2 ->11.0.0.2 Provider Y xTR-2 Map-Reply xTR-2 11.0.0.0/8 13.0.0.0/8 (udp 4342) How do I get to nonce1 2001:db8:2::1? 2001:db8:2::/48 DNS entry: Site 1 LISP 12.0.0.2 [1, 50] LISP Site 2 13.0.0.2 [1, 50] D.abc.com AAAA 2001:db8:2::1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  24. 24. LISP Control Plane :: Proxy Map Reply Example 3 11.0.0.2-> 66.2.2.2 LISP ECM MR MS (udp 4342) 11.0.0.2 -> 2001:db8:2::1 Map-Request 66.2.2.2 (udp 4342) nonce PI EID-prefix PI EID-prefix 2001:db8:1::/48 Map-Cache Entry 2001:db8:2::/48 6 EID-prefix: 2001:db8:2::/48 Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 Locator-set: 12.0.0.0/8 ETR ETR 12.0.0.2, priority: 1, weight: 50 (D1) ITR 10.0.0.2 12.0.0.2 ITR 13.0.0.2, priority: 1, weight: 50 (D2) S ETR 11.0.0.2 13.0.0.2 ETR ITR 5 ITR D Provider B Provider Y xTR-2 66.2.2.2->11.0.0.2 xTR-2 11.0.0.0/8 13.0.0.0/8 Map-Reply (udp 4342) nonce LISP Site 1 2001:db8:2::/48 LISP Site 2 12.0.0.2 [1, 50] 13.0.0.2 [1, 50]© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  25. 25. LISP Control Plane :: Negative Map Reply Example 2 NOTE: The actual “covering prefix” returned in an NMR 11.0.0.2-> 66.2.2.2 depends on the number and distribution of EID LISP ECM MR MS prefixes in the Mapping System. The NMR prefix (udp 4342) will cover the shortest prefix that doesn’t cover any LISP Sites in the Mapping System 11.0.0.2 -> 2001:db8:f000::1 Map-Request 66.2.2.2 3 (udp 4342) nonce 66.2.2.2->11.0.0.2 PI EID-prefix Negative-Map-Reply PI EID-prefix 2001:db8:1::/48 (udp 4342) 2001:db8:2::/48 nonce 2001:db8:8000::/21 Provider A Provider X xTR-1 xTR-11 2001:db8:1::1 -> 2001:db8:f000::1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR 10.0.0.2 Map-Cache Entry ITR 12.0.0.2 EID-prefix: 2001:8000::/21 4 forward-native S ETR 11.0.0.2 13.0.0.2 ETR ITR ITR D Provider B Provider Y xTR-2 xTR-2 11.0.0.0/8 13.0.0.0/8 How do I get to 2001:db8:F000::1? LISP Site 1 LISP Site 2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  26. 26. LISP Interworking :: Day-One Incremental Deployment  Early Recognition − LISP will not be widely deployed day-one − Up-front recognition of an incremental deployment plan  Interworking for: − LISP-sites to non-LISP sites (e.g. the rest of the Internet) − non-LISP sites to LISP-sites  Two basic Techniques: − Proxy ITR (PITR) and Proxy ETR (PETR) − LISP Network Address Translators (LISP-NAT)  Proxy-ITR/Proxy-ETR are being deployed today − Infrastructure LISP network entity − Creates a monetized service opportunity for infrastructure players© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  27. 27. LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR) MR MS IPv6 Internet PITR PETR Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 ETR ETR ITR ITR SPITR – Proxy ITR ETR PETR – Proxy ETR ETR ITR • Receives traffic from non-LISP sites and ITR D • Allows a LISP Site in one AF [IPv4 or IPv6] encapsulates it to LISP sites B Provider Provider Y xTR-2 and the 13.0.0.0/8 RLOC [IPv6 or IPv4] to opposite xTR-2 11.0.0.0/8 • Advertises coarse-aggregate EID prefixes reach non-LISP sites in that AF [IPv4 or IPv6] (AF-hop-over) •LISP Site 1 LISP sites see ingress TE “day-one” (*) LISP Site 2 • Allows LISP sites with uRPF restrictions to reach non-LISP sites© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  28. 28. LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR) 1 Non-LISP 2001:d:1::1 MR2001:db8:2::1 -> MS v6 Site 2001:d:1::1 6 2001:db8::/32 2001:db8:2::1 -> 2001:d:1::1 2001:f:f::1 2001:f:e::1 PI EID-prefix IPv6 PI EID-prefix 2001:db8:1::/48 Internet 2001:db8:2::/48 PITR PETR 2001:d:1::1 -> 2001:db8:2::1 Provider A Provider X xTR-1 xTR-1 10.0.0.0/8 12.0.0.0/8 3 ETR 10.9.1.1 12.9.2.1 ETR ITR 10.0.0.2 12.0.0.2 ITR 10.9.1.1 -> 12.0.0.2 2001:d:1::1 -> 2001:db8:2::1 S ETR 11.0.0.2 2 12.0.0.2 -> 12.9.2.1 13.0.0.2 ETR ITR 2001:db8:2::1 -> 2001:d:1::1 ITR 2001:db8:2::1 -> 2001:d:1::1 D Provider B Provider Y xTR-2 5 xTR-2 11.0.0.0/8 13.0.0.0/8 4 LISP Site 1 LISP Site 2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  29. 29. LISP Overview LISP OperationsLISP Use Cases LISP Status LISP Summary LISP References
  30. 30. Five Core LISP Use Cases 1. Efficient Multihoming 2. IPv6 Transition Support 3. Efficient Virtualization/Multi-Tenancy 4. Data Center/VM Mobility 5. LISP Mobile-Node© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  31. 31. LISP Use Case 1 :: Efficient Multihoming Support  Needs: ‒ Site connectivity to multiple providers ‒ Low OpEx/CapEx Internet  LISP Solution: LISP LISP Site routers ‒ LISP provides a streamlined solution for handling multi-provider connectivity and policy without BGP complexity Applicability:  Branch sites where multihoming is  Benefits: traditionally too expensive ‒ OpEx-friendly Multi-homing across  Useful in all other LISP Use Cases different providers ‒ Simple policy management ‒ Ingress Traffic Engineering© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  32. 32. LISP Use Case 1 :: Efficient Multihoming – example/requirements  Multi-Homed Remote-Sites: ‒ Site connectivity to multiple providers ‒ More than 400 remote sites (some with limited physical access) ‒ Need to be “as robust as possible” ‒ T-1 (~$600/month) + dial-backup cost prohibitive vs. 3G access (~$60/month)  Necessary Features: ‒ IOS Firewall and NAT for Internet Access ‒ Mixed of dynamic (DHCP) and Static Interface IP address (RLOC)  LISP Design: ‒ Private LISP Mapping System (MS/MR) carrying RFC1918 EIDs ‒ ASR1002s (2) at Hub Site ‒ C2811s w/ 3G-HWICs at remote sites (2 each) ‒ NAT to Internet, IOS FW, DHCP ‒ Active/Backup minimum, Active/Active “stretch goal” for WAN utilization© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  33. 33. LISP Use Case 1 :: Efficient Multihoming – example/overview 10.0.0.0/16 ASR 1002 (pair) • Map-Server/Map-Resolver Corporate Data Center for private LISP mapping • xTR for LISP encap/decap LISP Hub Site Customer Network 172.16.1.5 172.16.1.1 ISR (2811) (all sites) • xTR at Remote LISP site • Dual 3G-HWICs Internet • RFC1918 EID Space Carrier 2 • DHCP or static RLOCs Carrier 1 3G 3G • DHCP server for internal hosts • NAT/IOS FW to Internet 3G 3G 3G 3G 3G 3G 3G 3G HWIC HWIC HWIC HWIC HWIC HWIC HWIC HWIC . . . LISP Spoke Sites . . . X 400 10.10.0.0/24 10.10.1.0/24 10.10.x.0/24 10.10.y.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  34. 34. LISP Use Case 1 :: Efficient Multihoming – example/configurations 10.0.0.0/16 router lisp Corporate Data Center site All-Sites eid-prefix 10.0.0.0/16 eid-prefix 10.10.0.0/16 accept-more-specifics LISP authentication-key 0 xxxxxx Hub Site Customer exit database-mapping 10.0.0.0/16 172.16.1.5 priority 1 weight 50 Network database-mapping 10.0.0.0/16 172.16.1.1 priority 1 weight 50 ipv4 map-server 172.16.1.5 172.16.1.1 ipv4 map-resolver ipv4 itr ipv4 etr ip itr map-resolver 172.16.1.1 ip itr map-resolver 172.16.1.5 Internet ip etr map-server 172.16.1.1 key ***** ip etr map-server 172.16.1.5 key ***** Carrier 1 Carrier 2 3G 3G router lisp 3G 3G 3G 3G 3G 3G 3G 3G HWIC HWIC database-mapping 10.10.1.0/24 ipv4-interface HWIC HWIC HWIC HWIC HWIC HWIC cell0/0/0 priority 1 weight 50 database-mapping 10.10.1.0/24 ipv4-interface cell0/0/1 priority 1 weight 50 ... ip itr ... LISP Spoke Sites ip etr X 400 ip itr map-resolver 172.16.1.1 ip itr map-resolver 172.16.1.5 10.10.0.0/24 10.10.1.0/24 10.10.x.0/24 10.10.y.0/24 ip etr map-server 172.16.1.1 key ***** ip etr map-server 172.16.1.5 key *****© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  35. 35. LISP Use Case 1 :: Efficient Multihoming – example/packet flows 10.0.0.0/16 Corporate Data Center 10.0.0.1 LISP 4 Hub Site 10.10.0.1 10.0.0.1 -> Customer Network -> 10.0.0.1 10.10.0.1 3 172.16.1.5 172.16.1.1 5 172.16.1.1 -> 172.17.1.1 10. 0.0.1 -> 10.10.0.1 Internet 172.17.1.1 -> 172.16.1.1 2 10.10.0.1 -> 10.0.0.1 Carrier 1 Carrier 2 3G 3G 6 3G 3G 3G 3G 3G 3G 3G 3G HWIC HWIC HWIC HWIC HWIC HWIC HWIC HWIC10.0.0.1 -> 10.10.0.1 172.17.1.1 . . . LISP Spoke Sites . . . X 400 10.10.0.0/24 10.10.1.0/24 10.10.0.1 -> 10.0.0.1 1 10.10.x.0/24 10.10.y.0/24 10.10.0.1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  36. 36. LISP Use Case 1 :: Side Note – other IOS feature interactions 10.0.0.0/16 LISP is executed in CEF. Corporate Data Center Any CEF process should Cellular0/3/0 Cellular0/3/1 be available when LISP 10.0.0.0/16 LISP is enabled. Commonly Hub Site12.1.1.5 ip address negotiated Customer used CEF functions that ip inspectNetwork out have been tested ip nat outside 172.16.1.5 13.1.1.5 172.16.1.1 ip access-group 101 in include:  Access Control Lists  Network Address Translation Internet Internet inside ip nat  Quality of Service ip verify unicast source reachable-via rx  Flexible NetFlow VzW Carrier 2  IPSec Carrier 1 10.10.0.0/24 VzW 3G  IOS Firewall 3G  IOS Intrusion Protection Srvc  Flexible Packet Matching 3G 3G 3G 3G 3G 3G 3G 3G HWIC HWIC HWIC HWIC HWIC HWIC HWIC HWIC . . . LISP Spoke Sites . . . X 400 10.10.0.0/24 10.10.1.0/24 10.10.x.0/24 10.10.y.0/24© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  37. 37. LISP Use Case 2 :: IPv6 Transition Support Connecting IPv6 Islands v6  Needs: v6 Rapid IPv6 Deployment IPv4 Enterprise IPv4 island Core Internet xTR IPv4 Enterprise Minimal Infrastructure disruption v6 xTR Core island v4 v6  LISP Solution: v6 LISP encapsulation is Address Family IPv6 Transition Support agnostic, allowing for IPv6 over an IPv4 v6 core, or IPv4 over an IPv6 core PxTR v4 v6 IPv4 Core  Benefits: IPv6 Internet v6 service IPv4 xTR Internet Accelerated IPv6 adoption v6 Minimal added configurations IPv6 Access Support No core network changes xTR v6 home Network v4 v6 v6 Can be used as a transitional or as a PxTR v6 home v6 permanent solution PxTR IPv4 xTR Network v6 site access & . Internet . PxTR IPv6 Internet v6 home xTR Network© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  38. 38. LISP Use Case 2 :: Side Note – IPv6 transition strategies  LISP provides AF “hop-over” support…  If you’re carrying IPv6 packets, you still need to work with IPv6 packets at the receiving site… Essentially, there are 3 ways to do this:1. Add 6-to-4 translation 2. Add New IPv6 Servers 3. Dual-stack the support… and infrastructure existing infrastructure © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  39. 39. LISP Use Case 2 :: IPv6 Transition – example/requirements  IPv6 access to company web site: Existing IPv4 WAN connectivity available only immediately Local web site content deployed on new and separate infrastructure LISP demonstration site acceptable  Necessary Features: IOS router running LISP capable image Internal infrastructure (switches, web servers) running dual-stack (IPv4, IPv6)  LISP Design: Cisco 7200 routers (2) at LISP Site as xTRs Cisco 3750 switches (2), and Linux servers (2) for web site content IPv4 and IPv6 EID allocations from LISP Beta Network (note: could have done a “bring your own” IPv6 PI block)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
  40. 40. LISP Use Case 2 :: IPv6 Transition – example/overview SJC17 DMZ sjc17-dmza-gw1 sjc17-dmza-gw2 xTR – Cisco 7200 • deployed “On-Path” (in the natural egress data path) • advertises in 153.16.5/24 into sjc17-dmza-lisp-gw1 OSPF, and 2610:d0:110c::/48 sjc17-dmza-lisp-gw2 7200 7200 into OSPFv3 Internal Switch: Cisco 3750 • Advertises default-originate to • 0/0 to GW learned via OSPF, switches OSPFv3 sjc17-dmza-lisp-sw1 sjc17-dmza-lisp-sw2 3750 vlan dot1q vlan 3750 Servers: Linux 1RU • Linux, dual-stacked, running Apache DNS lisp.cisco.com A 153.16.5.29 A 153.16.5.30 AAAA 2610:d0:110c:1::3 AAAA 2610:d0:110c:1::4 Linux server 1 Linux server 2 DNS lisp4.cisco.com A 153.16.5.29 A 153.16.5.30 DNS lisp6.cisco.com AAAA 2610:d0:110c:1::3 AAAA 2610:d0:110c:1::4© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  41. 41. LISP Use Case 2 :: IPv6 Transition – example/addressing SJC17 DMZ sjc17-dmza-gw1 sjc17-dmza-gw2 128.107.81.169/32 128.107.81.170/32 L0 L0 sjc17-dmza-lisp-gw1 sjc17-dmza-lisp-gw2 7200 7200 OSPF OSPFv3 sjc17-dmza-lisp-sw1 sjc17-dmza-lisp-sw2 153.16.5.25/29 3750 vlan dot1q vlan 3750 153.16.5.26/29 2610:d0:110c:1::1/64 2610:d0:110c:1::2/64 153.16.5.29/29 153.16.5.30/29 DNS 2610:d0:110c:1::3/64 DNS 2610:d0:110c:1::4/64 Default Route: Default Route: 153.16.5.25 Linux server 1 Linux server 2 153.16.5.26 2610:d0:110c:1::1 2610:d0:110c:1::2© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
  42. 42. LISP Use Case 2 :: IPv6 Transition – example/configurations SJC17 DMZ sjc17-dmza-gw1 sjc17-dmza-gw2 ! router lisp database-mapping 153.16.5.0/24 128.107.81.169 priority 1 weight 50 database-mapping 153.16.5.0/24 128.107.81.170 sjc17-dmza-lisp-gw1 priority sjc17-dmza-lisp-gw2 1 weight 50 7200 7200 database-mapping 2610:D0:110C::/48 128.107.81.169 priority 1 weight 50 OSPF database-mapping 2610:D0:110C::/48 128.107.81.170 OSPFv3 priority 1 weight 50 ipv4 itr map-resolver 173.36.254.164 ipv4 itr map-resolver 198.6.255.37 ipv4 itr ipv4 etr map-server 198.6.255.37 key *********** sjc17-dmza-lisp-sw1 sjc17-dmza-lisp-sw2 ipv4 etr map-server 173.36.254.164 key *********** 3750 vlan dot1q ipv4 etr vlan 3750 ipv6 use-petr 69.31.31.98 ipv6 use-petr 149.20.48.60 ipv6 itr map-resolver 173.36.254.164 ipv6 itr map-resolver 198.6.255.37 ipv6 itr ipv6 etr map-server 198.6.255.37 key *********** ipv6 etr map-server 173.36.254.164 key *********** IPv6 default to Null0 allows ipv6 etr LISP to processserver 1 Linux packets Linux server 2 ! ipv6 route ::/0 Null0 IPv4 default route learned through OSPF with GWs© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  43. 43. LISP Use Case 2 :: IPv6 Transition – example/results SJC17 DMZ sjc17-dmza-gw1 sjc17-dmza-gw2 128.107.81.169/32 128.107.81.170/32 L0 L0 sjc17-dmza-lisp-gw1 sjc17-dmza-lisp-gw2 7200 7200 OSPF Sjc17-dmza-lisp-gw1#show ip lisp database OSPFv3 LISP ETR IPv4 Mapping Database, LSBs: 0x3, 1 entries EID-prefix: 153.16.5.0/24 sjc17-dmza-lisp-sw1 sjc17-dmza-lisp-sw2 128.107.81.169, priority: 1, weight: 50, state: site-self, reachable 3750 vlan 3750 weight: vlan state: site-other, report-reachable 128.107.81.170, priority: 1, dot1q 50, Sjc17-dmza-lisp-gw1#show ipv6 lisp database LISP ETR IPv6 Mapping Database, LSBs: 0x3, 1 entries EID-prefix: 2610:D0:110C::/48 128.107.81.169, priority: 1, weight: 50, state: site-self, reachable Linux server 1 Linux server 2 128.107.81.170, priority: 1, weight: 50, state: site-other, report-reachable Sjc17-dmza-lisp-gw1#© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
  44. 44. LISP Use Case 2 :: IPv6 Transition – example/packet flows Non-LISP IPv6 S6D6 IPv6 Site Internet S6 MS PETR lisp.cisco.com ???? AAAA lisp.cisco.com D6 MR PITR D6 ??? S4 SP1 D6  D4 IPv4 IPv4 xTR Cisco SP2 S4D4 S6D6 Internet DNS IPv4 D4 S6D6 v6 all the way!Production v6 VIP v6 Production v4 VIP v4 D6 IPv4/IPv6 Servers© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
  45. 45. LISP Use Case 2 :: IPv6 Transition – other happy customers ;-) World IPv6 Day Sites using LISP Cisco lisp.cisco.com (AAAA: 2610:d0:110c:1::3, ::4) Facebook www.lisp6.facebook.com (AAAA: 2610:D0:FACE::9) Qualcomm www.ipv6.eudora.com (AAAA: 2610:d0:120d::10) jobs.qualcomm.com (no longer AAAA) Deutsche Bank www.ipv6-db.com (AAAA: 2610:d0:2113:3::3) Munich Airport lisp6.munich-airport.de (AAAA: 2610:d0:211d:1::2) Isarnet lisp.isarnet.net (AAAA: 2610:d0:211f:fffe::101) InTouch www.lisp.intouch.eu (AAAA: 2610:d0:210f:100::101) World IPv6 Day Sites Statistics (and current) http://honeysuckle.noc.ucla.edu/cgi-bin/smokeping.cgi?target=LISP "LISP is the easiest and most painless solution to bring Facebook IPv6 Experience with LISP IPv6 access to our critical Internet facing servers. We http://nanog.org/meetings/nanog50/presentations/Tuesday/NANOG required a few IPv6 addresses, $0 cost and 1/2 hour to 50.Talk9.lee_nanog50_atlanta_oct2010_007_publish.pdf setup. We made no provisions with our WAN/upstreams and no network infrastructure© 2012 Cisco and/or its affiliates. All rights reserved. changes.” Cisco Public 49 Rick Martin, State Network Engineering Lead, State of Arkansas
  46. 46. LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy Support  Needs: Legacy Legacy Legacy Site Site Site Integrated Segmentation Minimal Infrastructure disruption LISP Site PxTR Global scale and interoperability Mapping IP Network DB  LISP Solution: 24-bit LISP Instance-ID segments control plane and data plane, with VRF binding to the Instance-ID West East DC DC  Benefits: Very high scale tenant segmentation Applicability: Global mobility + high scale segmentation integrated in single IP solution  Multi-provider Core IP-based “overlay” solution, transport  Encryption can be added independent No Inter-AS complexity© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  47. 47. LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Concepts  Recalling that… LISP is “Locator/ID” separation… and creates two namespaces: EIDs and RLOCs  LISP Virtualization: - Considers both EID and RLOC namespaces; either or both can be virtualized - EID virtualization is enabled using LISP Instance-IDs in conjunction with VRFs - RLOC virtualization is enabled in conjunction with VRFs - Instance-IDs maintain address space segmentation in both the control plane and data plane - Instance-IDs are numerical tags defined in the LISP Canonical Address Format (LCAF) draft a 24-bit unstructured number Data-plane: in LISP encapsulation header Control-plane: EID encoded in LCAF format© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51

×