10 fn tut3

2,286 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,286
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
41
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

10 fn tut3

  1. 1. LISP - A Next Generation Networking Architecture
  2. 2. Session Objectives  At the end of this session, you should be able to: – Understand the scalability issues facing the Internet today – Describe how LISP helps solve key scaling issues, and enable interesting new functionalities – Describe the LISP data plane and control plane mechanisms – Understand the basic LISP configuration requirements – Understand Cisco‟s contributions and plans for LISP BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2
  3. 3. Agenda  LISP Overview  LISP Operations  LISP Example  LISP Use Cases  LISP Initiatives  LISP Summary  Additional Material BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3
  4. 4. LISP Overview Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  5. 5. LISP Overview Why was LISP developed?  LISP originally conceived to address Internet Scaling What causes scaling issues? − IP addresses denote both location and identity today − Overloaded IP address semantic makes efficient routing impossible − IPv6 does not fix this Why are scaling issues bad? “… routing scalability is the most − Routers require tons of expensive memory important problem facing the Internet to hold the Internet Routing Table in the today and must be solved … ” forwarding plane of a router − It‟s expensive for network builders/operators Internet Architecture Board (IAB) October 2006 Workshop (written as RFC 4984) − Replacing equipment for the wrong reason (to hold the routing table rather than implementing new features…) − It‟s not environmentally GREEN  BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 5
  6. 6. LISP Overview What Pollutes the Internet Today? Before Loc/ID Split Internet Provider Z Provider D 10.1.1.0/24 Provider C 15/8 10/8 10.1.1.0/24 15/8 Provider W Provider H Provider G Provider X Provider A Provider Y 12.0.0.0/8 Provider B 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 15.0.0.0/8 R1 R2 R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, can get de-aggregated by multi-homing BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 6
  7. 7. LISP Overview What Pollutes the Internet Today? Before Loc/ID Split Internet Provider Z Provider D 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 10.1.1.0/24 15/8 Provider W Provider H Provider G Provider X Provider A Provider Y 12.0.0.0/8 Provider B 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 15.0.0.0/8 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 R1 R2 R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 7
  8. 8. LISP Overview Why does LISP solve this problem?  Locator/Identity Split creates a “Level of Indirection” by using two namespaces – hosts and locators  This level of indirection allows you to remove host prefixes from the underlying core (Internet) routing system and move them in another system (database): Think “DNS” here: DNS is a Name-to-IP Address lookup… LISP involves an host-to-locator lookup…  Isn‟t this just a case of “moving the problem”? Fast memory used in the “forwarding plane” of routers is very expensive (and consumers a lot of power) Server Memory is very cheap Moves problem from the “forwarding plane” to the “off-line control plane” where significantly greater scale at much lower cost can be achieved BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 8
  9. 9. LISP Overview Why does Locator/ID Separation solve this problem? Before Loc/ID Split Internet Provider Z Provider D 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 15/8 10.1.1.0/24 Some-Core-Rtr# show ip route bgp Provider W Provider H ---<skip>--- Provider G is 10.0.0.0/8 variably subnetted, 98 subnets, 6 masks B 10.0.0.0/8 [20/0] via 128.223.3.9, 3d19h B 10.1.1.0/24 [20/0] viaProvider X 3d19h 128.223.3.9, Provider A B Provider Y 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 12.0.0.0/8 Provider B ---<skip>--- 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 12.0.0.0/8 is variably subnetted, 29 subnets, 6 masks B 12.1.0.0/16 [20/0] via 128.223.3.9, 3d19h B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h ---<skip>--- 13.0.0.0/8 is variably subnetted, 13 subnets, 4 masks B 13.0.0.0/8 [20/0] via 128.223.3.9, 14:00:10 B 13.0.0.0/10 [20/0] via 128.223.3.9, 5d23h 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 ---<skip>--- 15.0.0.0/8 B 15.0.0.0/8 [20/0] via 128.223.3.9, 1d17h ---<skip>--- 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 many many more...... R1 R2 Some-Core-Rtr# R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 9
  10. 10. LISP Overview Why does Locator/ID Separation solve this problem? After New “EID” Namespace Loc/ID B 10.1.1.0/24 [20/0] via 128.223.3.9, 3d19h Split Internet Provider Z B 15.0.0.0/8 [20/0] via Provider D 1d17h 128.223.3.9, 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 15/8 10.1.1.0/24 Some-Core-Rtr# show ip route bgp Provider W Provider H ---<skip>--- Provider G is 10.0.0.0/8 variably subnetted, 98 subnets, 6 masks B 10.0.0.0/8 [20/0] via 128.223.3.9, 3d19h B 10.1.1.0/24 [20/0] viaProvider X 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 3d19h 128.223.3.9, Provider A Provider Y ---<skip>--- B 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 12.0.0.0/8 Provider B ---<skip>--- 12.0.0.0/8 is variably subnetted, 29 subnets, 6 masks 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 B 12.0.0.0/8 is variably via 128.223.3.9, 3d19h 6 masks 12.1.0.0/16 [20/0] subnetted, 29 subnets, B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h 12.1.0.0/16 ---<skip>--- B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h ---<skip>--- 13.0.0.0/8 is variably subnetted, 13 subnets, 4 masks B 13.0.0.0/8 is [20/0] via 128.223.3.9, subnets, 4 masks 13.0.0.0/8 variably subnetted, 13 14:00:10 B 13.0.0.0/10 [20/0] via 128.223.3.9, 14:00:10 13.0.0.0/8 [20/0] via 128.223.3.9, 5d23h ---<skip>--- B 13.0.0.0/10 [20/0] via 128.223.3.9, 5d23h 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 ---<skip>--- 15.0.0.0/8 B 15.0.0.0/8 [20/0] via 128.223.3.9, 1d17h ---<skip>--- 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 many many more...... R1 R2 Some-Core-Rtr# R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 10
  11. 11. LISP Overview Protocol Ground Rules and Attributes  Various Loc/ID split schemes have been studied for >15 years but no one implemented or tested any of them…  Cisco decided to put some effort into this and undertook the process of writing code and developing standards to test concepts.  The result is: LISP – the “Locator/ID Separation Protocol”  LISP “Attributes”  LISP “Ground Rules” Designed for router encapsulation Network-based solution Designed for Locator Reachability No host changes Support Unicast and Multicast Data No new addressing to site devices; Support for IPv4 IPv6 EIDs (hosts) and minimal configuration changes RLOCs (locators) Incrementally deployable; interoperable with existing Internet BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 11
  12. 12. LISP Overview LISP Header Format draft-ietf-lisp-07 Outer Header: Router supplies RLOCs UDP LISP header Inner Header: Host supplies EIDs BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 12
  13. 13. LISP Overview LISP Data Plane Concepts  Network-based “Map and Encap” approach Requires the fewest changes to existing systems – only the CPE No changes in hosts, DNS, or Core infrastructure New Mapping Service required for EID-to-RLOC mapping resolution 7. Application peer-to-peer communications 7. Application 6. Presentation 6. Presentation 5. Session 5. Session source destination host peer-to-peer communications host 4. Transport 4. Transport 3. Network (host) 3. Network (host) 3. Network (host) (LISP UDP) (LISP UDP) (LISP UDP) 3. Network (host) 3. Network (LISP) 3. Network (LISP) 3. Network (LISP) 3. Network (host) 2. Data Link 2. Data Link 2. Data Link 2. Data Link 2. Data Link 1. Physical 1. Physical 1. Physical 1. Physical 1. Physical LISP LISP En-cap ITR ETR De-cap Internet packets packets BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 13
  14. 14. LISP Overview MTU Issues?  Like all other encapsulation or tunneling protocols, LISP adds to the packet length, resulting in potential fragmentation issues  Three methods are accounted for in the specification 1. “Don‟t Care” – Avoid fragmentation, don‟t do PMTUD, and assume Core MTU is always greater than access MTU 2. Stateless – ITR fragments, then encapsulates; destination host reassembles 3. Stateful – Avoid fragmentation; run PMTUD between ITR and ETR  Experience shows which mechanisms are necessary Years of experience with IPSec and GRE can inform decisions and approaches for LISP deployment BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 14
  15. 15. LISP Overview LISP and MTU…  See additional details about MTU in the “Additional Material” section at the end of this presentation BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 15
  16. 16. LISP Overview Now that we have LISP, what else can we do?  Level of Indirection allows us to: Keep either the EID fixed while changing the RLOC Create separate namespace with different allocation properties  By keeping EIDs fixed… You don‟t have to renumber You can keep TCP connections established across moves  By allowing RLOCs to change… Now sites can change service providers Now hosts can move Roaming hand-sets Relocating Virtual Machines Relocating Infrastructure into a Cloud  More on this later in the “Use Cases” section… BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 16
  17. 17. LISP Operations Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  18. 18. LISP Operations LISP Components – Ingress/Egress Tunnel Router (xTR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR ITR – Ingress Tunnel Router ETR – Egress Tunnel Router • Receives packets from site-facing • Receives packets from core-facing interfaces interfaces • Encaps to remote LISP site or natively • De-caps and delivers to local EIDs at forwards to non-LISP site the site BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 18
  19. 19. LISP Operations Data Plane – Overview  On-Demand, Cache-based The FIB only contains active map-cache entries  Dynamic Encapsulation No hard tunnel state like GRE  Over-the-Top (CE-based) The “core network” (I.e. Internet) doesn‟t see LISP at Layer 3 BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 19
  20. 20. LISP Operations Data Plane Example – Unicast Packet Forwarding PI EID-prefix PI EID-prefix 2.0.0.0/24 3.0.0.0/24 ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 2.0.0.2 -> 3.0.0.3 11.0.0.1 -> 12.0.0.2 11.0.0.1 -> 12.0.0.2 DNS entry: 2.0.0.2 -> 3.0.0.3 2.0.0.2 -> 3.0.0.3 2.0.0.2 -> 3.0.0.3 D.abc.com A 3.0.0.3 EID-prefix: 3.0.0.0/24 Legend: Mapping Locator-set: EIDs -> Green Entry 12.0.0.2, priority: 1, weight: 50 (D1) This policy controlled Locators -> Red Physical link 13.0.0.2, priority: 1, weight: 50 (D2) by destination site BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 20
  21. 21. LISP Operations Control Plane – Overview  Distributed “Mapping Database” and “Map Cache”  Map-Servers and Map-Resolvers Provide the service interface for LISP sites into the mapping database  LISP+ALT Designed for a modular, scalable mapping service BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 21
  22. 22. LISP Operations LISP Components – Map-Server/Map-Resolver (MS/MR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR MR – Map-Resolver MS – Map-Server • Receives Map-Request encapsulated • LISP ETRs Register here; requires from ITR configured “lisp site” policy, key • De-caps Map-Request, forwards thru • Injects routes for registered LISP sites service interface onto the ALT topology into ALT thru ALT service interface • Sends Negative Map-Replies in response • Receives Map-Requests via ALT; en- to Map-Requests for non-LISP sites caps Map-Requests to registered ETRs BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 22
  23. 23. LISP Operations LISP Components – LISP-ALT Topology (ALT) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 ITR ALT – Alternative 11.0.0.0/8 13.0.0.0/8 Topology ETR • Advertises EID-prefixes in Alternate BGP topology over GRE • Service interface for Map-Requests and Map-Replies • Devices with ALT service interface include: MS, MR, xTR, PxTR • ALT-only router aggregates ALT peering connections and can be off-the-shelf gear, a router, commodity Linux host, etc. BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 23
  24. 24. LISP Operations Control Plane – Mapping Database & Map Cache LISP Mapping-Database ALT ALT • EID-to-RLOC mappings in all ETRs for each LISP site • ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs MR ALT ALT MS • ETRs can tailor policy based on Map-Request source ITR ETR Provider A Provider X • Decentralization increases attack resiliency S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR LISP Map Cache • “Lives” on ITRs • Map-Cache populated by Map-Replies from ETRs • Stored in ITRs – only for sites to which they are currently sending packets • ITRs must respect policy of Map-Reply mapping data including TTLs, RLOC up/down status, RLOC priorities/weights BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 24
  25. 25. LISP Operations Control Plane – Control Plane Mechanisms  Control Plane EID Registration Map-Register messages Sent by an ETR to a Map-Server to register its associated EID prefixes Specifies the RLOC(s) to be used by the Map-Server when forwarding Map-Requests to the ETR  Control Plane “Data-triggered” mapping service Map-Request messages Sent from an ITR when it needs an EID mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration Map-Reply messages Sent from an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress Policy for the requested EID BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 25
  26. 26. LISP Operations Control Plane Example – ETR Registration Other 3/8 sites… ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 12.0.0.2-> 66.2.2.2 LISP Map-Register [1] (udp 4342) 3.0.0.0/8 3.0.0.0/8 SHA-1 [3] MS advertises [2] ALT advertise throughout into ALT Including to BGP over GRE Legend: EIDs -> Green Map-Resolver Locators -> Red BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 26
  27. 27. LISP Operations Control Plane Example – Map Request ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 2.0.0.2 -> 3.0.0.3 How do I get DNS entry: to 3.0.0.3? [2] [3] [4] 11.0.0.1 -> 65.1.1.1 66.2.2.2 -> 12.0.0.2 D.abc.com A 3.0.0.3 LISP ECM 11.0.0.1 -> 3.0.0.3 LISP ECM (udp 4342) Map-Request (udp 4342) [5] (udp 4342) 11.0.0.1 -> 3.0.0.3 11.0.0.1 -> 3.0.0.3 Legend: nonce Map-Request Map-Request EIDs -> Green [1] (udp 4342) (udp 4342) Locators -> Red nonce nonce BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 27
  28. 28. LISP Operations Control Plane Example – Map Reply ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR EID-prefix: 3.0.0.0/24 12.0.0.2 ->11.0.0.1 Mapping Locator-set: Map-Reply [6] (udp 4342) Entry 12.0.0.2, priority: 1, weight: 50 (D1) nonce Legend: EIDs -> Green 13.0.0.2, priority: 1, weight: 50 (D2) 3.0.0.0/24 Locators -> Red 12.0.0.2 [1, 50] 13.0.0.2 [1, 50] BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 28
  29. 29. LISP Operations Locator Liveliness fix  Today if a connection goes down, the route for that connection point is withdrawn from the underlying routing table Without  As consequence of adding the “level of indirection” with LISP, we no longer have direct access to “end-point” liveliness EIDs are removed from DFZ and placed in “”off-line” control plane  Thus, we need new mechanisms to provide liveliness information BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 29
  30. 30. LISP Operations Locator Liveliness  We need a way to quickly detect when an RLOC is down to provide fast switchover…  We need recent up-status for an RLOC so that the switchover picks a working path… Existence of a route to an RLOC does not give up-status Requires a keep-alive mechanisms S1 D1 S S2 ? D2 D  Data Plane vs. Control Plane “N” times “M” control plane messages does not scale Determine the best approach for fast switchover Trade off message overhead vs. fast convergence BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 30
  31. 31. LISP Operations Locator Liveliness Solves More  Use the Routing Table when you can Scalability Cases  Use ICMP if you can In the data plane  Use Locator-Status-Bits (LSB) In the data plane  Use Echo-Nonce In the data plane for RLOC bi-directional flows  Use TCP-Counts Trade off message overhead vs. fast  Use RLOC-Probing In the control plane, from each source-site to each destination-site ETR BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 31
  32. 32. LISP Overview Locator Liveliness  See additional details about Locator Liveliness in the “Additional Material” section at the end of this presentation BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 32
  33. 33. LISP Operations Interworking Mechanisms  Early Recognition – LISP will not be widely deployed day-one  Interworking for: LISP-capable sites to non-LISP sites (i.e. the rest of the Internet) non-LISP sites to LISP-capable sites  Two basic Techniques LISP Network Address Translators (LISP-NAT) Proxy Ingress Tunnel Routers Proxy Egress Tunnel Routers  Proxy-ITR/Proxy-ETR have the most promise Infrastructure LISP network entity Creates a monetized service opportunity for infrastructure players BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 33
  34. 34. LISP Operations LISP Components – Proxy ITR/ETR (PITR/PETR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR PITR – Proxy ITR PETR – Proxy ETR • Receives traffic from non-LISP sites; • Allows IPv6 LISP sites with IPv4 RLOCs encapsulates traffic to LISP sites to reach IPv6 LISP sites that only have • Advertises coarse-aggregate EID prefixes IPv6 RLOCs • LISP sites see benefits of ingress TE • Allows LISP sites with uRPF restrictions “day-one” to reach non-LISP sites BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 34
  35. 35. LISP Operations Interworking Mechanisms – PITR Example [1] [2] 65.1.1.1 - 2.1.1.1 65.9.1.1 - 66.1.1.1 65.1.1.1 - 2.1.1.1 Non-LISP EID Non-LISP LISP Site 2.1.0.0/16 Site Site 65.1.0.0/16 PITR BGP Advertise: 2.0.0.0/8 Non-LISP PITR Non-LISP LISP EID Site BGP Advertise: Site Site 2.2.0.0/16 65.2.0.0/16 2.0.0.0/8 65.0.0.0/12 66.0.0.0/12 PITR BGP Advertise: Non-LISP 2.0.0.0/8 Non-LISP Internet LISP EID Site Site [3] Site 2.3.0.0/16 65.3.0.0/16 65.1.1.1 - 2.1.1.1 Legend: LISP Sites - EIDs non-LISP Sites - RLOCs Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 35
  36. 36. LISP Operations Interworking Mechanisms – PETR Example [2] [1] 65.10.1.1 - 66.1.1.1 ip lisp use-petr 65.10.1.1 65.1.1.1 - 2.1.1.1 65.1.1.1 - 2.1.1.1 Non-LISP EID Non-LISP LISP Site 2.1.0.0/16 65.1.0.0/16 Site PETR Site Non-LISP PITR Non-LISP LISP EID Site BGP Advertise: Site Site 2.2.0.0/16 65.2.0.0/16 2.0.0.0/8 65.0.0.0/12 66.0.0.0/12 PITR BGP Advertise: Non-LISP 2.0.0.0/8 Non-LISP Internet LISP EID Site Site Site 2.3.0.0/16 65.3.0.0/16 [3] [4] 65.1.1.1 - 2.1.1.1 65.9.2.1 - 66.1.1.1 65.1.1.1 - 2.1.1.1 Legend: LISP Sites - EIDs non-LISP Sites - RLOCs Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 36
  37. 37. LISP Operations Practical Security Mechanisms  ETRs… SHA-1 HMAC shared-key authentication between ETR and Map-Server to register EIDs into the mapping system Additional policy and security configured on map-server  ITRs… Will not accept unsolicited Map-Replies, and only accepts a Map-Reply that matches Map-Request nonce Will not accept coarser EID-prefixes  ALT BGP is secured with peer authentication sBGP can be added later when implement  Others… Map-Requests rate-limited Map-Replies could carry public keys ITR could encrypt encapsulated data with ESP headers BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 37
  38. 38. LISP Operations Management of LISP  Data Plane Management Ping, traceroute of EIDs S1 D1 Ping, traceroute of RLOCs S2 D2  Control Plane Management LISP Internet Groper (LIG) (like “dig” for DNS)  Device Management show and debug commands MIB coming… BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 38
  39. 39. LISP Operations Management of LISP  LISP Internet Groper (LIG) Fetches an EID-to-RLOC database mapping entry Both router and host lig implementations available titanium-dino# lig dmm-xtr-2.lisp4.net Send map-request to 128.223.156.35 for 153.16.12.1 ... Received map-reply from 128.223.156.23 with rtt 0.040508 secs Map-cache entry for dmm-xtr-2.lisp4.net EID 153.16.12.1: 153.16.12.0/24, uptime: 00:00:01, expires: 23:59:58, via map-reply, auth Locator Uptime State Priority/ Data Control Weight in/out in/out 128.223.156.23 00:00:01 up 1/100 0/0 0/0 titanium-dino# lig self6 Send loopback map-request to 128.223.156.35 for 2610:d0:2105:: ... Received map-reply from 173.8.188.25 with rtt 0.260715 secs Map-cache entry for EID 2610:d0:2105::: 2610:d0:2105::/48, uptime: 00:00:01, expires: 23:59:58, via map-reply, self Locator Uptime State Priority/ Data Control Weight in/out in/out 173.8.188.25 00:00:01 up 1/33 0/0 0/0 173.8.188.26 00:00:01 up 1/33 0/0 0/0 173.8.188.27 00:00:01 up 1/33 0/0 0/0 2002:ad08:bc19::1 00:00:01 up 2/0 0/0 0/0 BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 39
  40. 40. LISP Operations Management of LISP xTR(config)# ip lisp ? alt-vrf Activate LISP-ALT functionality in VRF database-mapping Configures Locator addresses for an ETR etr Configures a LISP Egress Tunnel Router (ETR) itr Configures a LISP Ingress Tunnel Router (ITR) locator-down Manually set locator status to down map-cache Configures static EID-to-RLOC mappings for an ITR map-cache-limit Configures maximum size of map-cache map-request-source Configures source address for Map-Request message path-mtu-discovery Path MTU discovery proxy-etr Configures a LISP Proxy Engress Tunnel Router (PETR) proxy-itr Configures a LISP Proxy Ingress Tunnel Router (PITR) use-petr Encapsulate to Proxy ETR when matching forward-native entry xTR# show ip lisp ? database Show EID-prefixes configured for this site forwarding LISP forwarding module show commands map-cache Display EID-to-RLOC cache mapping in this ITR statistics Display LISP address family statistics | Output modifiers cr xTR# debug lisp ? control-plane LISP control plane debug categories detail Enable LISP detailed debugging filter Specify a filter for LISP debug output forwarding LISP forwarding related debug commands BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 40
  41. 41. LISP Example Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  42. 42. LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! interface Loopback0 ip address 153.16.21.1 255.255.255.255 ! interface FastEthernet0/0 ip address 128.223.156.222 255.255.255.0 ! interface FastEthernet0/0/0 ip address 153.16.21.17 255.255.255.240 ! ip lisp database-mapping 153.16.21.0/24 128.223.156.222 priority 1 weight 100 ip lisp itr map-resolver 128.223.156.139 ip lisp itr ip lisp etr map-server 128.223.156.139 key 6 #%$^%## ip lisp etr ! ip route 0.0.0.0 0.0.0.0 128.223.156.1 ! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 42
  43. 43. LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! interface Loopback0 ip address 153.16.40.1 255.255.255.255 ! interface FastEthernet0/0 ip address 217.41.8.65 255.255.255.0 ! interface FastEthernet0/0/0 ip address 153.16.40.2 255.255.255.240 ! ip lisp database-mapping 153.16.40.0/24 217.41.88.65 priority 1 weight 100 ip lisp itr map-resolver 193.0.0.170 ip lisp itr ip lisp etr map-server 193.0.0.170 key 6 #%$^%## ip lisp etr ! ip route 0.0.0.0 0.0.0.0 217.41.88.1 ! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 43
  44. 44. LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! hostname arin-mrmr ! ---skip--- ! lisp site dmm-isr hostname ripe-mrmr eid-prefix 153.16.21.0/24 route-tag 1234567890 ! authentication-key 3 #%$^%## ---skip--- description dmm-isr lisp site simlo ! eid-prefix 153.16.40.0/24 route-tag 1234567890 ---skip--- authentication-key 3 #%$^%## description simlo ! ---skip--- BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 44
  45. 45. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# show ip lisp database LISP ETR IPv4 Mapping Database, LSBs: 0x1 EID-prefix: 153.16.21.0/28 128.223.156.222, priority: 1, weight: 100, state: up, local dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 1 entries 0.0.0.0/0, uptime: 00:01:15, expires: never, via static dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 45
  46. 46. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR dmm-isr# show ip lisp site dmm-isr LISP Site Registration Information for VRF default * = truncated IPv6 address 128.223.156.139 153.16.40.0/24 Site name: dmm-isr 153.16.21.0/24 Description: none configured Allowed configured locators: any 193.0.0.170 Allowed EID-prefixes: EID-prefix: 2610:d0:1209::/48 Currently registered: yes First registered: 1w5d Last registered: 00:00:17 Who last registered: 128.223.156.222 Routing table tag: 0x499602d2 Registered locators: 128.223.156.222 (up) EID-prefix: 153.16.21.0/28 Currently registered: yes First registered: 1w5d Last registered: 00:00:17 Who last registered: 128.223.156.222 Routing table tag: 0x499602d2 Registered locators: 128.223.156.222 (up) dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 46
  47. 47. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# lig self Mapping information for EID 153.16.21.0 from 128.223.156.222 with RTT 0 msecs 153.16.21.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:00 up 1/100 dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 2 entries 0.0.0.0/0, uptime: 00:01:15, expires: never, via static 153.16.21.0/24, uptime: 00:00:02, expires: 23:59:57, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:02 up 1/100 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 47
  48. 48. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# lig 153.16.40.1 Mapping information for EID 153.16.40.1 from 217.41.88.65 with RTT 404 msecs 153.16.40.0/24, uptime: 00:00:00, expires: 1d00h, via map-reply, complete Locator Uptime State Pri/Wgt 217.41.88.65 00:00:00 up 1/100 dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 3 entries 0.0.0.0/0, uptime: 00:00:13, expires: never, via static 153.16.21.0/24, uptime: 00:00:10, expires: 23:59:49, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:10 up 1/100 153.16.40.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt 217.41.88.65 00:00:00 up 1/100 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 48
  49. 49. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# show ip lisp Ingress Tunnel Router (ITR): enabled Egress Tunnel Router (ETR): enabled ITR Map-Resolver: 128.223.156.139 ETR Map-Server(s): 128.223.156.139 (00:00:07) ETR accept mapping data: enabled, verify enabled ETR map-cache TTL: 24 hours Locator Status Algorithms: RLOC-probe algorithm: enabled Static mappings configured: 0 Map-cache limit: 1000 Map-cache activity check period: 60 secs Map-cache size: 3 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 49
  50. 50. LISP Use Cases Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  51. 51. LISP Use Cases Enterprise Use Case 1 – Low OpEx Multi-Homing  Active/active multi-homing Low-OpEx switchover (no BGP)  More efficient bandwidth use by site Use all the bandwidth you pay for Provider A Provider B 10.0.0.0/8 11.0.0.0/8  New link revenue for ISP At the benefit of keeping site‟s routes out of their resources  Decoupling addressing from ISP S1 S2 Site has flexibility to change providers 2.0.0.0/8 Raises the bar for ISPs, better for consumer sites BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 51
  52. 52. LISP Use Cases Enterprise Use Case 2 – Dynamic Roaming and VPNs Engineering is using global PI addresses Boston San Francisco Engineering Marketing Core is using global 2.1.0.0/16 10.2.0.0/16 PA addresses Enterprise Core 65.0.0.0/8 Los Angeles New York Engineering Marketing 2.2.0.0/16 10.1.0.0/16 65.5.1.1 65.5.2.2 Marketing is using 2.2.0.0/16 - Dallas private addresses (65.4.1.1, 65.4.2.2) (65.5.1.1, 65.5.2.2) Engineering Dynamic creation of a site is 2.2.0.0/16 An engineering site moves done by simply registering EID-to-RLOC mapping to the Mapping Database System BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 52
  53. 53. LISP Use Cases Service Provider Use Case 1 – Multi-Family Address Support  The Internet core is not dual-stack, deal with it IPv6-only Site IPv6-only Site 2610:d0:1::/48 2610:d0:2::/48 IPv4 Internet Core LISP Site LISP Site PxTR PxTR Dual Stack Dual Stack Dual-Stack ISP 240.1.0.0/16 65.4.0.0/16 2610:d0:1::/48 2001:1:2::/48 LISP Site Non-LISP Site TCP-over-IPv6 Connection dino-unix.lisp6.net ipv6.google.com BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 53
  54. 54. LISP Use Cases Service Provider Use Case 2 – Multi-Family Address Support  A possible cable company… IPv6 core; They can‟t upgrade residential on IPv4 IPv4-only Server Site IPv6 Cable Core Network IPv4-only 2.1.0.0/16 Residential Site LISP Site 192.168.1.0/24 PxTR LISP Site PxTR IPv4-only Dual-Stack Region Server Site 65.4.0.0/16 Non-LISP Site IPv6 path IPv4 path BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 54
  55. 55. LISP Use Cases Data Center Use Case 1 – Virtual Machine Mobility 2.2.0.0/16 - A’ 3.1.1.1/32 - A’ 3.1.0.0/16 - A Data Center RLOC A RLOC A’ A A’ 3.1.1.254/24 3.1.11.254/24 2.2.2.254/24 2.2.22.254/24 S1 S2 S3 S4 3.1.1.1/24 3.1.11.2/24 2.2.2.3/24 2.2.22.4/24 S1 moves L3 Router LISP Router BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 55
  56. 56. LISP Use Cases Data Center Use Case 2 – Load Balancing the SLBs Array of Servers VIPs Array of SLBs EIDs - RLOC-sets ETR ETR ETR ETR ITR ITR ITR Data Center ITR VIPs are EIDs Internet L3 Router LISP Router Any brand Server Load Balancer Servers BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 56
  57. 57. LISP Use Cases LISP Mobile Code Use Case –  What if 2 Mobile Hand-sets could roam and keep a TCP connection established?  What if 2 Mobile Hand-sets could LISP-encapsulate to each other with a path-stretch of 1?  What if you could put up server functionality on your Mobile Hand-set?  What if your Mobile Hand-set could use all radios at the same time? BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 57
  58. 58. LISP Use Cases LISP Mobile Code Use Case – This is a LISP site! EID-prefix: 2001:xxxx:yyyy::1/128 wifi 64.0.0.1 Map-Server: 64.1.1.1 3G 65.0.0.1 Can set ingress packet policy! Green x.x.x.x - EID Red x.x.x.x - Locator (RLOC) BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 58
  59. 59. LISP Use Cases LISP Mobile Code Use Case –  Run lightweight variant of LISP on the MN draft-meyer-lisp-mn-01.txt  EID can be burned into the SIM Can be either an IPv4 or probably an IPv6 address Will be yours forever – it‟s your “Network Name”  Your DHCP address is your MN‟s RLOC  MN carries Map-Server RLOC while roaming  When you get a new DHCP address: Register the new RLOC(s) to Map-Server(es) Update ITR/PITR caches BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 59
  60. 60. LISP Use Cases LISP Mobile Code Use Case – Can it scale?  Leave RLOCs alone, they map to underlying physical topology There is absolutely no more-specific state in the core for LISP MNs (or any other LISP site for that matter…)  LISP MN EID more-specific state only in Map-Server Map-Server is control-plane home agent Map-Server already has covering route; no more-specifics in the ALT  The only other place for more-specific state is in devices that cache (ITRs and PITRs) How bad can this be? BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 60
  61. 61. LISP Use Cases LISP Mobile Code Use Case – Back-of-the-Envelop Calculation  Assume a map-cache entry is 1000-bytes • 1000-bytes is fairly fat and can be optimized  1M entries (LISP MNs) per ITR requires 1GB of memory (cheap!)  10M entries (LISP MNs) requires 10GB of memory (simple!)  Deploy 100 ITRs at 10M entries each – that‟s 1B LISP MNs 100 ITRs is not unreasonable since good use-experience forces shortest exit Each ITR can hold 10M phones!  This is achievable since granular state is only where you need it and no where else! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 61
  62. 62. LISP Initiatives Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
  63. 63. LISP Initiatives Standardization Status Fall 2008 1st IETF WG 2nd BOF San Francisco Minneapolis IETF 2nd IETF WG Oct 2006: 2007 Summer 2008 Stockholm IAB Routing WS LISP in RRG 1st BOF Dublin IETF 3rd IETF WG Hiroshima 2006 2007 2008 2009 2010 Spring 2009: Fall 2010: More Drafts IETF WG Completes Jan 2007: June 2007: Fall 2007: LISP-MS Beijing First Drafts 2nd Set Drafts 3rd Set Drafts LISP-LIG Main LISP LISP-ALT LISP-IW LISP-CONS Summer 2009: Summer 2009: LISP-NERD LISP-MN Loc-Reach-Algs Implemented RRG Effort IETF Effort BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 63
  64. 64. LISP Initiatives What’s Cisco Doing in LISP?  Cisco LISP Prototype Implementation Started at Prague IETF, Mar 07; Deployed Pilot Network, July 07 Since then, 220 releases of experimental code  Cisco LISP Product Implementations Phase 1 (December 24, 2009) − ISR, ISR-G2, 7200 (xTR) Phase 2 (March 31, 2010) − ISR, ISR-G2, 7200 (xTR, PxTR, ALT) [IOS 15.1(1)XB1] − ASR 1000 (xTR, PxTR, ALT) [IOS-XE 2.5.1] Available Now! − Nexus 7000 (xTR, PxTR, MS/MR) [NX-OS 5.1(1.13)] − UCS C200 (MS/MR) [NX-OS 5.1(1.13)] Phase 3 (June 30, 2010) • External LISP Efforts − More LISP! – FreeBSD OpenLISP http://gforge.info.ucl.ac.be/projects/openlisp/ – Open Source LIG Diagnostic Tool http://www.github.com/davidmeyer/lig BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 64
  65. 65. LISP Initiatives LISP Network – Goals for the LISP Network  Conduct Experiments Provide course-adjustments for protocol architecture  Test Multiple Implementations  Prove ALT Topology maps to EID Address Allocation Delegations  Emulate MSP Business Models  Protocol Learning Tool for Users  Test bed for building Management Tools BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 65
  66. 66. BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 66
  67. 67. BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 67
  68. 68. LISP Initiatives LISP Network – Gaining LISP management experience BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 68
  69. 69. Summary Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 69

×