BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx

Mobility and Virtualization in the
Data Center with LISP and OTV
BRKDCT-2131
Victor Moreno
Distinguished Engineer

© 2014 Cisco and/or its affiliates. All rights reserved.
BRKDCT-2131 Cisco Public
Agenda
 Mobility and Virtualization in the Data Center
 Introduction to LISP
 LISP Data Center Use Cases
 LAN Extensions: OTV
 LISP + OTV Deployment Considerations
 Summary and Conclusion
Slides Identified with the Book Icon Are
Provided for Your Reference and Will Not
Be Part of the Live Presentation
3

Distributed Data Centers
Distributed Data Center Goals
 Seamless workload mobility
 Distributed applications
 Pool and maximize global resources
 Business Continuity
Interconnect Challenges
 Complex operations
 Transport dependence
 IP subnets and mobility
 Failure containment
Building the Data Center Cloud
Geographically Disperse
Data Centers
4

Connecting Virtualized Data Centers
L2 Domain Elasticity:
Inter-DC:
OTV/VPLS
Intra-DC:
vPC, FabricPath, FEX,
VXLAN
OTV
OTV
Location of compute resources is transparent to the user
VM-awareness:
Port Profiles
OTV
OTV
OTV
IP Mobility:
LISP
Multi-tenancy/segmentation:
Segment-IDs in LISP, FabricPath and OTV
Storage Solutions & Partners:
FCIP, Read/write Acceleration
EMC, NetApp
Network Services
Elasticity:
ACE, GSS, ASA, VSG
5

Agenda
6

IP core
Device IPv4 or IPv6
Address Represents
Identity and Location
Today’s IP Behavior
Loc/ID “Overloaded” Semantic
10.1.0.1 When the Device Moves, It Gets
a New IPv4 or IPv6 Address for
Its New Identity and Location
20.2.0.9
Device IPv4 or IPv6
Address Represents
Identity Only.
When the Device Moves, Keeps
Its IPv4 or IPv6 Address.
It Has the Same Identity
LISP Behavior
Loc/ID “Split”
IP core
1.1.1.1
2.2.2.2
Only the Location Changes
10.1.0.1
10.1.0.1
Its Location Is Here!
Location Identity Separation Protocol
What do we mean by “Location” and “Identity”
7

Non-LISP
site
East-DC
LISP Site
IP Network
ETR
EID-to-RLOC
mapping
5.1.1.1
5.3.3.3
1.1.1.1
5.2.2.2
10.3.0.0/24
10.2.0.0/24
West-DC
PITR
5.4.4.4
10.1.0.0/24
Non-LISP
site
ITR
S
D
DNS Entry:
D.abc.com A 10.2.0.1
1
10.1.0.1 -> 10.2.0.1
2
EID-prefix: 10.2.0.0/24
Locator-set:
2.1.1.1, priority: 1, weight: 50 (D1)
Mapping
Entry
3
This Policy Controlled
by Destination Site
10.1.0.1 -> 10.2.0.1
1.1.1.1 -> 2.1.1.1
4
10.1.0.1 -> 10.2.0.1
5
2.1.1.1 2.1.2.1 3.1.1.1 3.1.2.1
A LISP Packet Walk
How does LISP operate?
8

Non-LISP
Site
East-DC
IP
Network
ETR
EID-to-RLOC
mapping
5.1.1.1
5.3.3.3
5.2.2.2
10.3.0.0/24
10.2.0.0/24
West-DC
PITR
4.4.4.4
Non-LISP
Site
S
D
DNS Entry:
D.abc.com A 10.2.0.1
1
192.3.0.1 -> 10.2.0.1
2
EID-Prefix: 10.2.0.0/24
Locator-Set:
Mapping
Entry
3
192.3.0.1 -> 10.2.0.1
4.4.4.4- > 2.1.2.1
4
192.3.0.1 -> 10.2.0.1
5
2.1.1.1 2.1.2.1 3.1.1.1 3.1.2.1
A LISP Packet Walk
How about Non-LISP Sites?
9

LISP Roles
• Tunnel Routers - xTRs
• Edge devices encap/decap
• Ingress/Egress Tunnel
Routers (ITR/ETR)
• Proxy Tunnel Routers - PxTR
• Coexistence between LISP
and non-LISP sites
• Ingress/Egress: PITR, PETR
• EID to RLOC Mapping DB
• RLOC to EID mappings
• Distributed across multiple
Map Servers (MS)
Address Spaces
• EID = End-point Identifier
• Host IP or prefix
• RLOC = Routing Locator
• IP address of routers in the backbone
Prefix Next-hop
w.x.y.1 e.f.g.h
x.y.w.2 e.f.g.h
z.q.r.5 e.f.g.h
z.q.r.5 e.f.g.h
Mapping
DB
ITR
ETR
Non-LISP
EID Space
EID Space
RLOC Space
EID RLOC
a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID RLOC
a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID RLOC
a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
ALT
PxTR
10
LISP Roles and Address Spaces
 What are the Different Components Involved?

LISP Mapping Database
The Basics – Registration and Resolution
West-DC East-DC
X Z
Y
Y
10.2.0.2
10.2.0.0 /16 10.3.0.0/16
Map Server / Resolver: 5.1.1.1
2.1.1.1 2.1.2.1 3.1.1.1 3.1.2.1
LISP Site
ITR
10.2.0.0/16 -> (2.1.1.1, 2.1.2.1)
Database Mapping Entry (on ETR):
10.3.0.0/16 -> (3.1.1.1, 3.1.2.1)
ETR
ETR ETR
ETR
Map-Reply
10.2.0.0/16 -> (2.1.1.1, 2.1.2.1)
10.2.0.0/16-> (2.1.1.1, 2.1.2.1)
Mapping Cache Entry (on ITR):
11

LISP Mapping Database
Node Resiliency/Clustering
West-DC East-DC
X Z
Y
Y
10.2.0.2
10.2.0.0 /16 10.3.0.0/16
Map Server: 5.1.1.1 Map Server: 5.2.2.2
LISP Site
ITR
Mapping DB
Node Cluster
Map Resolver:9.9.9.9 (Anycast)
10.2.0.0/16 -> (2.1.1.1, 2.1.2.1)
10.3.0.0/16 -> (3.1.1.1, 3.1.2.1)
ETR
ETR ETR
ETR
Map-Reply
10.2.0.0/16 -> (2.1.1.1, 2.1.2.1)
No Synchronization Protocol Between Map
Servers;
ETRs Must Register with All Map Servers
Individually;
ITRs anycast Map Requests
10.2.0.0/16-> (2.1.1.1, 2.1.2.1)
Mapping Cache Entry (on ITR):
2.1.1.1 2.1.2.1 3.1.1.1 3.1.2.1
12

West-DC East-DC
Non-LISP Sites
PITR
LISP Site
IP Network
EID
RLOC LISP Encap/Decap
ITR
Mapping DB
5.1.1.1
5.3.3.3
1.1.1.1
10.2.0.0/24
5.2.2.2
ETR
2.1.1.1 2.1.2.1
Branch Routers
ip lisp itr-etr
ip lisp ITR map-resolver 5.3.3.3
DC Aggregation Routers
ip lisp itr-etr
ip lisp database-mapping 10.2.0.0/24 2.1.1.1 p1 w50
ip lisp database-mapping 10.2.0.0/24 2.1.2.1 p1 w50
ip lisp ETR map-server 5.1.1.1 key s3cr3t
ip lisp ETR map-server 5.2.2.2 key s3cr3t
Border Routers Between Backbones
ip lisp proxy-itr
ip lisp ITR map-resolver 5.3.3.3
Servers
ip lisp map-resolver
ip lisp map-server
lisp site west-DC
authentication-key 0 s3cr3t
eid-prefix 10.2.0.0/24
Usually Devices Will Be Configured as ITRs and ETRs
to Handle Traffic in Both Directions;
We Illustrate Only One Direction for Simplicity
13
Basic LISP Configuration

Location ID/Separation Protocol(LISP)
Next Generation Networking Architecture
Use-Cases
 DCI route optimization/mobility
 Workload Portability to Cloud
 Secure Multi-tenancy across organizations
 Rapid IPv6 Deployment
 Route scaling
Single Network Architecture Delivers:
 VM Mobility (topology independent
addressing)
 Security: VPNs/Multi-tenancy
 Route Scalability (on demand routing)
 IPv6 enablement,
 Routing Policy simplification
Benefits
 Services integrated in a single architecture
 Services can be offered across
organizational boundaries (multiple
providers)
 Very large scale
 Open model to integrate with cloud
orchestrators
Making the Network Cloud-Ready 14

IPv6 Transition Support
 v6-over-v4, v6-over-v6
 v4-over-v6, v4-over-v4
IPv4
Internet
IPv6
Internet
v6
v6
v4
v6
LISP
Router
LISP
Router
v6
Services
Efficient Multi-Homing
 IP Portability
 Ingress Traffic Engineering without BGP
LISP
Routers
LISP
Site
Internet
Host-Mobility
 Cloud / Layer 3 VM moves
 Segmentation
West-DC East-DC
LISP Site
IP Network
Multi-Tenancy and VPNs
 Reduced CapEx/OpEx
 Large scale Segmentation
West-DC East-DC
LISP Site
IP Network
LISP Use Cases
15

Agenda
– Host-Mobility
16

Moving vs. Distributing Workloads
Why do we really need LAN Extensions?
17
 Move workloads with IP mobility solutions: LISP Host Mobility
– IP preservation is the real requirement (LAN extensions not mandatory)
 Distribute workloads with LAN extensions
– Application High Availability with Distributed Clusters
Hypervisor Hypervisor
IP Network
Moving Workloads
Hypervisor Control
Traffic (routable)
O
S
O
S
O
S
Distributed App (GeoCluster)
LAN Extension (OTV)
Non-IP application traffic
(heartbeats)

LISP Host-Mobility
Needs:
•Global IP-Mobility across subnets
•Optimized routing across extended subnet sites
LISP Solution:
•Automated move detection on XTRs
•Dynamically update EID-to-RLOC mappings
•Traffic Redirection on ITRs or PITRs
Benefits:
•Direct Path (no triangulation)
•Connections maintained across move
•No routing re-convergence
•No DNS updates required
•Transparent to the hosts
•Global Scalability (cloud bursting)
•IPv4/IPv6 Support
West-DC East-DC
Non-LISP Sites
PXTR
LISP Site
IP Network
EID
XTR
LAN Extensions
Mapping DB
LISP-VM (XTR)
18

IP Mobility Across Subnets
Disaster Recovery
Cloud Bursting
Host-Mobility Scenarios
Routing for Extended Subnets
Active-Active Data Centers
Distributed Clusters
Moves With LAN Extension
West-DC East-DC
Non-LISP
Site
IP Network
Mapping DB
LISP-VM (XTR)
LAN Extension
LISP Site
XTR
Application Members Distributed
(Broadcasts across sites)
Moves Without LAN Extension
West-DC East-DC
LISP Site
Internet or
Shared WAN
XTR
Mapping DB
DR Location or
Cloud Provider
DC
LISP-VM (XTR)
Application Members in One Location
19

LISP Host-Mobility – Move Detection
 The new xTR checks the source of received traffic
 Configured dynamic-EIDs define which prefixes may roam
Monitor the source of Received Traffic
West-DC East-DC
LISP-VM (xTR)
X Z
Y
Y
Mapping DB
10.2.0.2
10.2.0.0 /16 10.3.0.0/16
5.1.1.1 5.2.2.2
lisp dynamic-eid roamer
database-mapping 10.2.0.0/24 <RLOC-C> p1 w50
database-mapping 10.2.0.0/24 <RLOC-D> p1 w50
map-server 5.1.1.1 key abcd
interface vlan 100
lisp mobility roamer
A B C D
Received a Packet …
… It’s from a “New” Host
… It’s in the Dynamic-EID Allowed Range
…It’s a Move!
Register the /32 with LISP
20

LISP Host-Mobility – Traffic Redirection
 When a host move is detected, updates are triggered:
– The host-to-location mapping in the Database is updated to reflect the new location
– The old ETR is notified of the move
– ITRs are notified to update their Map-caches
 Ingress routers (ITRs or PITRs) now send traffic to the new location
Update Location Mappings for the Host System Wide
West-DC East-DC
LISP-VM (xTR)
X Z
Y
Y
Mapping DB
10.2.0.2
10.2.0.0 /16 10.3.0.0 /16
A B C D
LISP Site
xTR
10.2.0.0/16 – RLOC A, B
10.2.0.2/32 – RLOC C, D
21

Host Mobility without LAN extensions

LISP Host-Mobility – First Hop Routing
 SVI (Interface VLAN x) and HSRP configured as usual
– Consistent GWY-MAC configured across all dynamic subnets
 The lisp mobility <dyn-eid-map> command enables proxy-arp functionality on the SVI
– The LISP-VM router services first hop routing requests for both local and roaming subnets
 Moving hosts always talk to a local gateway with the same MAC
No LAN Extension
West-DC East-DC
LISP-VM (xTR)
A B C D
HSRP
ARP
GWY-MAC
HSRP
ARP
GWY-MAC
interface Ethernet2/4
ip address 10.1.0.6/24
ip proxy-arp
hsrp 101
mac-address 0000.0e1d.010c
ip 10.2.0.1
interface vlan 100
ip proxy-arp
hsrp 101
ip 10.2.0.1
interface vlan 200
ip proxy-arp
hsrp 201
ip 10.3..0.1
interface vlan 100
ip proxy-arp
hsrp 201
ip 10.3.0.1
10.2.0.0 /24 10.3.0.0 /24
10.2.0.2
HSRP Active
HSRP Active
23

Host-Mobility and Multi-homing
ETR Updates – Across LISP Sites
West-DC
East-DC
X
Y
Y
Mapping DB
10.2.0.2
10.2.0.0 /16 10.3.0.0 /16
5.1.1.1 5.2.2.2
A B
C D
Routing Table:
10.3.0.0/16 – Local
10.2.0.0/24 – Null0
10.2.0.2/32 – Local
Routing Table:
10.3.0.0/16 – Local
10.2.0.0/24 – Null0
10.2.0.2/32 – Local
Map-Notify
10.2.0.2/32 <C,D>
1
Routing Table:
10.2.0.0/16 – Local
10.2.0.2/32 – Null0
Routing Table:
10.2.0.0/16 – Local
10.2.0.2/32 – Null0
Map-Notify
10.2.0.2/32 <C,D>
Map-Register
10.2.0.2/32 <C,D>
10.2.0.0/16 – RLOC A, B
10.2.0.2/32 – RLOC C, D
3
7
5
9
2
4
6
8
10
Map-Notify
10.2.0.2/32 <C,D>
Null0 host routes indicate the host is “away”
24

Refreshing the Map Caches
1. ITRs and PITRs with cached mappings continue to
send traffic to the old locators
1. The old xTR knows the host has moved (Null0 route)
2. Old xTR sends Solicit Map Request (SMR)
messages to any encapsulators sending traffic to
the moved host
3. The ITR then initiates a new map request process
4. An updated map-reply is issued from the new
location
5. The ITR Map Cache is updated
 Traffic is now re-directed
 SMRs are an important integrity measure to avoid
unsolicited map responses and spoofing
West-DC East-DC
LISP-VM (xTR)
X Z
Y
Y
Mapping DB
10.2.0.2
10.2.0.0 /16 10.3.0.0 /16
A B C D
LISP site
ITR
10.2.0.2/32 – RLOC C,D
Map Cache @ ITR
10.2.0.0/16 – RLOC A,B
25

Client-server communication established without the need to discover the
workloads in the “home subnet” in West-DC
West-DC
East-DC
X Y
Mapping DB
10.2.0.0 /24
1.1.1.1
2.2.2.1
A B
C D
Routing Table:
10.3.0.0/24 – Local
10.2.0.0/24 – Null0
Routing Table:
10.3.0.0/24 – Local
10.2.0.0/24 – Null0
Routing Table:
10.2.0.0/24 – Local
Routing Table:
10.2.0.0/24 – Local
10.2.0.0/16 – RLOC A, B
10.2.0.8
LISP site
ITR
Map Cache @ ITR
10.2.0.0/16 – RLOC A,B
LISP Mobility Across LISP Sites
Installed by LISP to allow
Proxy-ARP functions when
moving 10.2.0.x workloads
here
10.3.0.0 /24

West-to-East
On-subnet Server-Server Traffic
• Y ARPs for X, /24 Null0 entry for the ‘home
subnet’ triggers proxy-ARP on East DC
xTRs to ensure traffic is steered there
• Note: assumption is that ARP cache on Y is
refreshed after the move
• Traffic to X is LISP encapsulated
 X ARPs for Y, /32 Null0 entry for Y triggers
proxy-ARP on West-DC xTRs to ensure traffic
is steered there
–Note: entry for Y in X ARP cache is cleared by
GARP message originated by West-DC XTRs
 Traffic to Y is LISP encapsulated
West-DC
East-DC
LISP DC xTR
Z
Y
Y
10.2.0.8
A
10.2.0.9
X
B C D
10.2.0.0/24
10.3.0.0/24
West-DC
East-DC
LISP DC xTR
Z
Y
Y
10.2.0.8
A
10.2.0.9
X
B C D
10.2.0.0/24
10.3.0.0/24
East-to-West
BC 10.2.0.9  10.2.0.8 CB 10.2.0.8  10.2.0.9
27

West-DC East-DC
LISP-VM (xTR)
X
Z
Y
A B C D
ip lisp ITR-ETR
ip lisp database-mapping 10.2.0.0/16 <RLOC-A>
ip lisp database-mapping 10.2.0.0/16 <RLOC-B>
database-mapping 10.2.0.0/24 <RLOC-A>
database-mapping 10.2.0.0/24 <RLOC-B>
map-notify-group 239.1.1.1
interface vlan 100
ip address 10.2.0.10 /16
(ip proxy-arp)
hsrp 101
ip 10.2.0.1
Mapping DB
ip lisp ITR-ETR
ip lisp database-mapping 10.3.0.0/16 <RLOC-C>
ip lisp database-mapping 10.3.0.0/16 <RLOC-D>
database-mapping 10.2.0.0/24 <RLOC-C>
database-mapping 10.2.0.0/24 <RLOC-D>
interface vlan 100
ip address 10.3.0.11 /16
(ip proxy-arp)
hsrp 201
ip 10.3.0.1
10.2.0.0 /16 10.3.0.0 /16
LISP Host-Mobility Configuration
Without LAN Extensions
28

MS/MR Deployment across LISP Sites
Recommended Option: co-locate MS/MR functionality on the DC xTR (one per DC site)
LISP site
MS/MR in
West-DC MS/MR in
East-DC
West-DC East-DC
X
Z
Y
10.2.0.0 /24 10.3.0.0 /24
A B C D
10.10.1.0 /24
ip lisp map-server
lisp site BRANCH_1
eid-prefix 10.10.10.0/24
authentication-key abcd
lisp site West-DC
eid-prefix 10.1.0.0/16 accept-more-specifics
lisp site East-DC
ip lisp map-server
lisp site BRANCH_1
eid-prefix 10.10.1.0/24
lisp site West-DC
lisp site East-DC
29

Agenda
30

Moving vs. Distributing Workloads
Why do we really need LAN Extensions?
 Move workloads with IP mobility solutions: LISP Host Mobility
– IP preservation is the real requirement (LAN extensions not mandatory)
 Distribute workloads with LAN extensions
– Application High Availability with Distributed Clusters
IP Network
Moving Workloads
Hypervisor Control
Traffic (routable)
O
S
O
S
O
S
Distributed App (GeoCluster)
LAN Extension (OTV)
Non-IP application traffic
(heartbeats)
31

LAN Extensions Evolution
From Circuits to Packets
 Full mesh of circuits (pseudo-wires)
 MAC learning based on flooding
Failure propagation
Limited information
 Operationally Challenging
Loop prevention and multi-homing must be
provided separately
 Packet switched connectivity
 MAC learning by control protocol
Failure containment
Rich information
 Operational simplification
Automatic loop prevention & multi-homing
B
A C D B
A C D
L2
L3
DC-
1
DC-
2
Circuits + Data Plane Flooding Packet Switching + Control Protocol
B
A C D B
A C D
L2
L3
DC-
1
DC-
2
Traditional L2 VPNs MAC Routing
32

Overlay Transport Virtualization (OTV)
 Ethernet LAN Extension over any Network
– Works over dark fiber, MPLS, or IP
– Multi-data center scalability
 Simplified Configuration & Operation
– Seamless overlay - No network re-design
– Single touch site configuration
 High Resiliency
– Failure domain isolation
– Seamless Multi-homing
 Maximizes available bandwidth
– Automated multi-pathing
– Optimal multicast replication
Simplifying LAN Extensions
Many Physical Sites –
One Logical Data Center
Any Workload, Anytime, Anywhere
Unleashing the Full Potential of Compute Virtualization
33

Ingress Routing Challenge in DCI
 A subnet traditionally implies location
 Yet we use LAN extensions to stretch
subnets across locations
– Location semantics of subnets are lost
 Traditional routing relies on the location
semantics of the subnet
– Can’t tell if a server is at the East or West
location of the subnet
 More granular (host level) information is
required
– LISP provides host level location
semantics
Extending Subnets Creates a Routing Challenge
West-DC East-DC
IP Network
LAN Extension
LISP site
XTR
34

Host Mobility in Extended Subnets

LISP Host-Mobility – First Hop Routing
 Consistent GWY-IP and GWY-MAC configured across all sites
– Consistent HSRP group number across sites  consistent GWY-MAC
 Servers can move anywhere and always talk to a local gateway with the same IP/MAC
With Extended Subnets
West-DC East-DC
LISP-VM (xTR)
A B C D
HSRP
ARP
GWY-MAC
HSRP
ARP
GWY-MAC
HSRP Active
HSRP Active
10.2.0.0 /24 10.2.0.0 /24
LAN Ext.
interface Ethernet2/4
lisp extended-subnet-mode
hsrp 101
ip 10.2.0.1
interface vlan 100
hsrp 101
ip 10.2.0.1
interface vlan 200
hsrp 101
ip 10.2.0.1
interface vlan 100
hsrp 101
ip 10.2.0.1
36

Host-Mobility and Multi-homing
ETR updates – Extended Subnets
West-DC
East-DC
X
Y
Y
Mapping DB
10.2.0.2
10.2.0.0 /16 10.2.0.0 /16
5.1.1.1 5.2.2.2
A B C D
Routing Table:
10.2.0.0/16 – Local
10.2.0.0/24 – Null0
10.2.0.2/32 – Local
Routing Table:
10.2.0.0/16 – Local
10.2.0.0/24 – Null0
10.2.0.2/32 – Local
Map-Notify
10.2.0.2/32 <C,D>
Routing Table:
10.2.0.0/16 – Local
10.2.0.0/24 – Null0
10.2.0.2/32 – Null0
Routing Table:
10.2.0.0/16 – Local
10.2.0.0/24 – Null0
10.2.0.2/32 – Null0
Map-Register
10.2.0.2/32 <C,D>
10.2.0.0/16 – RLOC A, B
10.2.0.2/32 – RLOC C, D
3
5
3
2
4
6
4
Map-Notify
10.2.0.2/32 <C,D>
OTV
4
1
10.2.0.0 /24 is the dyn-EID
Null0 host routes indicate the host is “awa
37

Refreshing the Map Caches
1. ITRs and PITRs with cached mappings continue to
send traffic to the old locators
1. The old xTR knows the host has moved (Null0 route)
2. Old xTR sends Solicit Map Request (SMR)
messages to any encapsulators sending traffic to the
moved host
3. The ITR then initiates a new map request process
4. An updated map-reply is issued from the new
location
5. The ITR Map Cache is updated
 Traffic is now re-directed
 SMRs are an important integrity measure to avoid
unsolicited map responses and spoofing
West-DC East-DC
LISP-VM (xTR)
X Z
Y
Y
Mapping DB
10.2.0.2
10.2.0.0 /16 10.2.0.0 /16
A B C D
LISP site
ITR
10.2.0.2/32 – RLOC C,D
Map Cache @ ITR
10.2.0.3/32 – RLOC A,B
10.2.0.2/32 – RLOC A,B
OTV
38

West-DC East-DC
LISP-VM (xTR)
X
Z
Y
10.2.0.0/16
1.1.1.1 2.2.2.2
A B C D
LAN Ext.
ip lisp ITR-ETR
database-mapping 10.2.0.0/24 <RLOC-A> …
interface vlan 100
ip address 10.2.0.10 /16
hsrp 101
ip 10.2.0.1
Mapping DB
ip lisp ITR-ETR
interface vlan 100
ip address 10.2.0.11 /16
hsrp 101
ip 10.2.0.1
LISP VM-Mobility Configuration
With Extended Subnets  “extended-subnet-mode”
40

Off-subnet Client-Server Traffic
 Clients (192.168.0.1 & 192.168.2.1
communicate with Server 10.2.0.2
 Client-server traffic is LISP encapsulated
at the ITRs or PITRs
– Client-to-server:
 to ETRs C or D
– Server-to-client:
 to ETR (F) for LISP sites
 to PETR (G) for non-LISP sites
 Server-Server off-subnet traffic across sites
is also LISP encapsulated
All Off-Subnet/Off-Site Traffic Is LISP Encapsulated
West-DC East-DC
LISP-VM (xTR)
X
Y
Y
Mapping DB
10.2.0.2
10.2.0.0 /16 10.3.0.0 /16
A B C D
LISP Site
xTR
F
CLIENT
10.1.0.1
Non-LISP Sites
PxTR
G
CLIENT
192.168.2.1
192.168.2.1  10.2.0.2
10.1.0.1  10.2.0.2
10.1.0.1  10.2.0.2
192.168.2.1  10.2.0.2
FC 10.1.0.1  10.2.0.2
GD 192.168.2.1  10.2.0.2
41

On-subnet Server-Server Traffic
On Subnet Traffic Across L3 Boundaries
 Live moves and cluster member dispersion
 Traffic between X & Y uses the LAN
Extension
 Link-local-multicast handled by the LAN
Extension
 Cold moves, no application dispersion
 X- Y traffic is sent to the LISP-VM router
& LISP encapsulated
 Need LAN extensions for link-local
multicast traffic
With LAN Extension Without LAN Extensions
West-DC
East-DC
LISP-VM (xTR)
Z
Y
Y
10.2.0.2
A
10.2.0.0/16
LAN Ext.
B C D
10.2.0.3  10.2.0.2
West-DC
East-DC
LISP-VM (xTR)
Z
Y
Y
10.2.0.2
A
10.2.0.3
X
Mapping DB
B C D
BC 10.2.0.3  10.2.0.2
10.2.0.0/16
10.3.0.0/16
10.2.0.3
X
42

Agenda
– Multi-Tenancy
43

LISP Multi-Tenancy
High Level View
Needs:
• Integrated Segmentation
• Ease of operations
• Global Scale and interoperability
LISP Solution:
• Traffic (control & data) is “colored” (tagged) with an instance-ID
• Mappings are also “colored” in DB and caches
• On xTRs use VRFs as map cache contexts
Benefits:
• Very high scale tenant segmentation
• Distributed/on-demand/no-adjacencies
• Global mobility + high scale segmentation integrated in a single
IP solution
• IP based solution, transport independent
• No Inter-AS complexity
• Overlay solution is transparent to the core
West-DC East-DC
Non-
LISP
Sites
PxTR
LISP Site
IP Network
EID
xTR
xTR
Mapping DB
Instance IP Location
Red A East
Blue A West
Yellow C (Move) East  West
44

Network Virtualization in LISP
LISP Multi-tenancy
Virtualized Map Cache (xTRs):
 Mappings cached in different VRFs per instance-id
 Interoperable with other VRF features/solutions
“Colored” Traffic:
 Instance-ID tag in LISP data header
 Instance-ID encoded in LISP control packets
Instance EID IP Location
Green A East
Blue A West
Yellow C East  West
Virtualized Mapping Service:
 EID entries with instance-id semantics
 Control packets also contain instance-id
semantics
GD | Instance1 1.1.0.1  10.2.0.2
GE | Instance2 1.1.0.1  10.2.0.2
GF | Instance3 1.1.0.1  10.2.0.2
To MPLS VPNs,
VRF-lite or separate
networks
To LISP
“Colored” Map
Requests/Replies
Single RLOC space shared by multiple instances
45

LISP Virtualization
Shared Model
47
 Shared Model – at the device level
- Multiple EID-prefixes are allocated privately using VRFs
- EID lookups are in the VRF associated with an Instance-ID
- All RLOC lookups are in a single table – default
- The Mapping System is part of the locator address space and is shared
• Single RLOC namespace
• Default table or RLOC VRF
To RLOC namespace
To VPNs
(MPLS, 802.1Q,
VRF-Lite, or
separate
networks)
• EID namespace,
VRF Pink, IID 1
• EID namespace,
VRF Blue, IID 2
Default
Pink
Blue

LISP Virtualization
Parallel Model
48
 Parallel Model – at the device level
- Multiple EID-prefixes are allocated privately using VRFs
- EID lookups are in the VRF associated with an Instance-ID
- RLOC lookups are in the VRF associated with the locator table
- A Mapping System must be part of each locator address space
• RLOC uses Blue
namespace
To VPNs
(MPLS, 802.1Q,
VRF-Lite, or
separate
networks)
• EID namespace,
VRF Pink, IID 1
• EID namespace,
VRF Blue, IID 2
Default
• RLOC uses Pink
namespace To VPNs (MPLS,
802.1Q, VRF-Lite,
or separate
networks)
Pink
Blue

West-DC East-DC
LISP-VM (xTR)
X
Z
Y
A B C D
vrf context BLUE
ip lisp ITR-ETR
lisp instance-id 102
ip lisp locator-vrf RED
interface vlan 100
vrf member BLUE
ip address 10.2.0.10 /16
hsrp 101
ip 10.2.0.1 Mapping DB
vrf context BLUE
ip lisp ITR-ETR
ip lisp locator-vrf RED
interface vlan 100
vrf member BLUE
ip address 10.3.0.11 /16
hsrp 101
ip 10.3.0.1
10.2.0.0 /16 10.3.0.0 /16
LISP Mobility in multiple VRFs Configuration
Shared mode LISP Virtualization
49

West-DC East-DC
LISP-VM (xTR)
X
Z
Y
A B C D
vrf context BLUE
ip lisp ITR-ETR
ip lisp locator-vrf BLUE
interface vlan 100
vrf member BLUE
ip address 10.2.0.10 /16
hsrp 101
ip 10.2.0.1 Mapping DB
vrf context BLUE
ip lisp ITR-ETR
ip lisp locator-vrf BLUE
interface vlan 100
vrf member BLUE
ip address 10.3.0.11 /16
hsrp 101
ip 10.3.0.1
10.2.0.0 /16 10.3.0.0 /16
LISP Mobility in multiple VRFs Configuration
Parallel mode LISP Virtualization
50

West-DC East-DC
LISP-VM (xTR)
X
Z
Y
A B C D
Mapping DB
10.2.0.0 /16 10.3.0.0 /16
LISP Multi-tenant + Mobility Configuration
ip lisp map-server
lisp site BRANCH_1
eid-prefix 10.10.1.0/24
lisp site West-DC
eid-prefix 10.2.0.0/16 instance-id 102 accept-more-specifics
lisp site East-DC
eid-prefix 10.3.0.0/16
51

Segmentation End-to-end
LISP-VRF Integration
Enterprise
Remote Site
B
Legend:
EIDs -> Green
Locators -> Red
LISP encap/decap
A
LISP Multi-Tenancy Instances 0,101,102
VRF-Lite / EVN
(or MPLS VPN)
xTR11 xTR203
MS/MR Doctor
Corp-A101
User
Finance
Corp-A102 User
Global
Corp-A User
Enterprise WAN
Enterprise
Core
servers
Global
VRF- Corp-A101
VRF-Corp-A102
Global
VRF- Corp-A101
VRF-Corp-A102
AB | Instance 101
AB | Instance 102
S  D in Corp-A101
S  D in Corp-A102
AB | Instance 0 S  D in Global
Single RLOC space
shared by multiple
instances
VRF-Lite / EVN
(or MPLS VPN)
52

Agenda
54

LISP Host-Mobility – Router Placement
 @ Main Data Centers
 @ Disaster Recover facilities
 Ideally: First hop routers for the subnets
in which the mobile hosts reside:
– Detect host moves
– Provide a consistent first hop presence
– Could also be the second hop
 Usually the Aggregation Switches in the
Data Center
 Customer Managed West-DC
Internet / WAN
Backbone
Data Center
IP
Backbone
EID
DC-Aggregation
DC-Access
East-DC
LISP Site
XTR
LISP-VM (XTR)
DR Location or
Cloud Provider
DC
LISP-VM (XTR)
55

OTV Router Placement
 @ Main Data Centers only
 Typically not required @ Disaster
Recover facilities
 First hop routers for the subnets in
which the mobile hosts reside:
– Connect to the VLANs to be extended
– Connect to the IP core
 Usually the Aggregation Switches in
the Data Center
 Customer Managed West-DC
Internet / WAN
Backbone
Data
Center IP
Backbone
EID
DC-Aggregation
DC-Access
East-DC
LISP Site
XTR
OTV
DR Location or
Cloud Provider
DC
OTV
LAN Extension to DR or Cloud
Facilities Is Usually Not
Required
56

West-DC
Data Center
IP
Backbone
DC-Aggregation
DC-Access
East-DC
PxTR Placement
 PXTR Ideally placed on path between
non-LISP and LISP sites
 Aggregation points are optimal:
– Border routers between DC core and WAN
– Internet Routers
– Customer Routers at Co-location
– Provider routers (PXTR service)
 PITRs must be configured to inject routes
into the non-LISP network
– Attract traffic from Non-LISP sites
– Encap and send to the Data Center
Advertise DC Routes to Non-LISP Sites
Internet / WAN
Backbone
Private PXTR
EID
Non-LISP Sites
Provider PXTR
57

West-DC
Data Center
IP
Backbone
East-DC
PxTR Placement
 PxTR on path between non-LISP and LISP
sites (ideal)
– 1. Border routers between DC core and WAN
 Internet Routers
 Customer Routers at Co-location
– 2. Provider routers (PXTR service)
 PxTRs at LISP sites (tromboning)
– 3. PXTR at Data Center edge
– 4. PxTR at regional hub branch
 PITRs must be configured to inject routes
into the non-LISP network
– Attract traffic from Non-LISP sites
– Encap and send to the Data Center
Advertise DC Routes to Non-LISP Sites
Internet / WAN
Backbone
Private PXTR
EID
Non-LISP Sites
Provider PXTR
LISP Site
XTR/PXTR
PXTR
1
2
3
4
1
2
3
4
58

Map Server Placement
 The Map Server functionality can be
enabled on any router
– BGP route-reflectors are a good analogy
– Off path is good, but not mandatory
 Distribute Map Servers across different
locations
– Private Data Centers (Self managed)
– SP Data Centers/Cloud (SP Service)
 Map Server resiliency options:
– Clustered and distributed
– Distributed Database (DDT)
A Daemon on a Router
West-DC
Internet / WAN
Backbone
Data Center
IP
Backbone
EID
Non-LISP
Sites
DC-Aggregation
DC-Access
East-DC
LISP Site
XTR
SP Mapping
Service
Private Map
Server
Private Map
Server
59

Agenda
– Stateful Services Considerations
65

Live Moves or Cold Moves
 Live (hot) Moves preserve existing connections and state
– e.g. vMotion, Cluster failover
– Requires synchronous storage and network policy replication  Distance limitations
 Cold Moves bring machines down and back up elsewhere
– e.g. Site Recovery Manager
– No state preservation: less constrained by distances or services capabilities
IP Network
Moving Workloads
Hypervisor Control
Traffic (routable)
Mobility across PODs within a site or across different locations
66

Cisco Confidential
© 2010 Cisco and/or its affiliates. All rights reserved. 67
Services - Live Moves
Redirection of established flows:
- Extended Clusters
- Cluster or LISP based re-direction
Services – Cold Moves
LISP LISP
LAN Extension
LAN Extension
LAN Extension
LAN Extension
DC1 DC2
IP preservation  Uniform Policies
LISP LISP
DC1 DC2
Established after the move
Established before the move

Cold Moves / Disaster Recovery
 Independent FW & SLB cluster in each
location
– LAN extensions not required
 New state created after moves
– No state synchronization
 LISP steers traffic to different locations
 Disaster recovery
 Cold workload relocation
Localized FW & SLB Clusters
LISP LISP
DC1 DC2
SLB cluster SLB cluster
FW cluster FW cluster
68

Live Moves
 FW cluster extended across locations
– LAN extensions for heartbeats, state sync and
redirection within the cluster
 FW state is synchronized across all cluster
members
 All members active
 LISP steers traffic to different locations
– Flows existing prior to the move will be
redirected within the FW cluster (over the LAN
extension)
– New flows will be instantiated on the FWs at
the new site
Extended Firewall Clusters – All Active
LISP LISP
LAN Extension
LAN Extension
LAN Extension
LAN Extension
DC1 DC2
Extended cluster
70

SLB Virtual-IP (VIP) Failover
 VIP is active at one location at a time
 VIP location is advertised in LISP
 VIP may failover on failure or change active
device on machine moves
– VIP becomes active at a new site
 VIP activity is detected by the VM-mobility
logic
 VIP location is updated in LISP on failover
LISP
LAN Extension
LISP
LAN Extension
VIP VIP
DC1 DC2
72

Inserting Firewalls in routed mode
 XTR is not the first hop router
 LISP host-mobility functionality is split to
two places:
– XTR  LISP registration/encap/decap
– 1st Hop router  Move detection, map notification
to XTR, proxy default GWY
 The XTR LISP registers host mappings in
the dynamic-eid range
Traffic is Decapsulated Before Being Handed off to the FWs
L3 Core
R1: 1st Hop
Router
R3: 3rd Hop
Router (XTR)
“roamer”
(lands in a
foreign network)
R2: 2nd Hop
Router
(FW)
Dynamic
routes
LISP encap/decap
LISP signaling
Move Detection
Host route injection
Default GWY proxy
73

LISP-Host Mobility Multi-hop ESM
L3 Core
LISP
encap/decap
LISP
Registration/
Notifications
L3 Core
LISP
encap/decap
“roamer”
(lands in a foreign
network)
Map-Register
EID-Notify
Map-Notify
Extended LAN (east-west traffic)
Map-Notify
EID-Notify
1
2
2
3
4
5

LISP-HM Multi-hop ESM Configuration
@FHR
lisp dynamic-eid foo
database-mapping <eid-prefix> <xtr-rloc> priority <p> weight <w>
eid-notify <xtr-address-1> key <key-value>…
eid-notify <xtr-address-n> key <key-value>
LISP
encap/decap
FHR
XTR1
“roamer”
(lands in a foreign
network)
LISP
Registrations
@ XTR
ip lisp itr-etr
lisp dynamic-eid foo
database-mapping <eid-prefix> <xtr-rloc> priority <p> weight <w>
map-server <map-server-address>
eid-notify authentication-key <key-value>
LISP
Notifications
XTRn
L3 Core

Summary and Conclusions
 LISP provides an effective solution for host mobility
 Some applications may require LAN extensions in combination with host
mobility
 LISP consolidates many network services in one architecture:
– Mobility, network segmentation, traffic engineering
– Enhanced scalability
 Location Identity Separation opens many opportunities in the Data Center
space
77

IPv4 Network
IPv6 Network
LISP is an Architecture…
IPv4 Core
1. Multihoming
2. IPv6 Transition
3. Virtualization/VPN
4. Mobility
xTR
xTR
v6
v4
IPv6 Core
• Part of the LISP Solution Space…
LISP Host Mobility Support
78

LISP References
80
 LISP Information
– Cisco LISP Site ……………………. http://lisp.cisco.com (IPv4 and IPv6)
– Cisco LISP Marketing Site ………... http://www.cisco.com/go/lisp/
– LISP Beta Network Site …………… http://www.lisp4.net or http://www.lisp6.net
– LISP DDT Root ……………………... http://www.ddt-root.org
– IETF LISP Working Group ……...… http://tools.ietf.org/wg/lisp/
 LISP Mailing Lists
– Cisco LISP Questions ……………… lisp-support@cisco.com
– IETF LISP Working Group ………… lisp@ietf.org
– LISP Interest (public) ………………. lisp-interest@puck.nether.net
– LISPmob Questions ………………... users@lispmob.org

Call to Action…
Visit the World of Solutions:-
 Cisco Campus
 Walk-in Labs
 Technical Solutions Clinics
 Meet the Engineer
 Lunch Time Table Topics, held in the main Catering Hall
 Recommended Reading: For reading material and further resources for this
session, please visit www.pearson-books.com/CLMilan2014
81

 Complete your online session
evaluation
 Complete four session evaluations
and the overall conference evaluation
to receive your Cisco Live T-shirt
Complete Your Online Session Evaluation
82

BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx

BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx

Recommended

Recommended

More Related Content

Similar to BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx

Similar to BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx (20)

Recently uploaded

Recently uploaded (20)

BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx