Successfully reported this slideshow.

Advances in LISP: Current Deployments to Future Innovations TechAdvantage Webinar

6,958 views

Published on

The Locator/ID separation protocol (LISP) implements a "level of indirection" that enables a new IP routing architecture by separating IP addresses into two namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) making up the global routing system. By separating EIDs and RLOCs to create an overlay network, LISP inherently enables numerous benefits within a single protocol, including: Low OpEx multihoming with ingress traffic engineering; address family independence for efficient IPv4 and IPv6 support; high-scale Virtualization/Multi-tenancy support; and Data Center/Cloud Host Mobility support, including session persistence across mobility events.



The first part of the webinar provides a brief LISP progress report including IETF LISP standardization initiatives as well as Cisco LISP initiatives. We'll then review, in detail, the broad LISP use-cases, and focuses on specific production deployment examples highlighting each use-case.

Listen to the WebEx: https://cisco.webex.com/cisco/onstage/g.php?t=a&d=201502266

Published in: Technology
  • Be the first to comment

Advances in LISP: Current Deployments to Future Innovations TechAdvantage Webinar

  1. 1. Cisco TechAdvantage Webinars Advances in LISP: Current Deployments to Future Innovations Gregg Schudel and Marco Pessi We’ll get started a few minutes past the top of the hour. Note: you may not hear any audio until we get started. © 2013 Cisco and/or its affiliates. All rights reserved. Follow us @GetYourBuildOn 1
  2. 2. •  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists •  For WebEx audio, select COMMUNICATE > Join Audio Broadcast •  For WebEx call back, click ALLOW phone button at the bottom of participants side panel •  Where can I get the presentation? Or send email to: ask_techadvantage@cisco.com •  Please complete the post-event survey •  Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage © 2013 Cisco and/or its affiliates. All rights reserved. 2
  3. 3. Speakers Panelists Marc Portoles Comeras Software Engineer mportole@cisco.com Johnson Leong Gregg Schudel Marco Pessi Technical Marketing Engineer gschudel@cisco.com Technical Marketing Engineer mpessi@cisco.com © 2013 Cisco and/or its affiliates. All rights reserved. Software Engineer joleong@cisco.com 3
  4. 4. •  LISP Perspectives -  Where are we today? -  What observations can we make today? •  LISP Customer Deployment Use Cases -  Multihoming and Multi-Address Family -  Virtualization/Multitenancy -  Datacenter/Host Mobility •  Wrap-up © 2013 Cisco and/or its affiliates. All rights reserved. 4
  5. 5. Advances in LISP: Current Deployments to Future Innovations © 2013 Cisco and/or its affiliates. All rights reserved. 5
  6. 6. •  LISP has come a long way since 2006 IETF… -  when a small group of Cisco engineers and industry researchers began discussing ID/Location split -  when Cisco engineers began developing the LISP protocol RFCs   Locator/ID  Separa2on  Protocol  (LISP)     RFC  6830   LISP  Map  Server   RFC  6833   LISP  Interworking   RFC  6832   LISP  Mul2cast   RFC  6831   -  RFC 6830-6836, RFC 7052 LISP  Internet  Groper   RFC  6835   -  Initial IETF LISP WG focus was on routing table scaling -  Going forward, IETF LISP WG focus now moving to LISP use cases LISP  Map  Versioning   RFC  6834   LISP+ALT   RFC  6836   LISP  MIB   RFC  7052   •  8 IETFs RFCs published during 2013 •  Most importantly, we have very significant customer deployments -  Wide range of customers :: both Enterprise and Service Provider space -  Wide range of use cases :: Internet VPNs, Multi-homing, IPv6 Transition, Data Center Host Mobility © 2013 Cisco and/or its affiliates. All rights reserved. 6
  7. 7. •  LISP is a transformative technology -  LISP adds significant new capabilities and reduces complexities! -  Customers have new options for building and operating networks •  LISP deployments are now moving beyond ‘early adopters’ -  Large number of customers deploying LISP in production -  Large scale and wide diversity of of LISP deployments -  Customer commitment to and reliance on LISP in their business models •  LISP engages a broad range of new participation in networking -  Open standard, and control plane/data plane separation enables… o  Universities and researchers to experiment on new and novel design concepts o  Easy and effective Integration with software defined networking initiatives o  Open source code implementations and wide hardware/device support from new vendors © 2013 Cisco and/or its affiliates. All rights reserved. 7
  8. 8. Advances in LISP: Current Deployments to Future Innovations © 2013 Cisco and/or its affiliates. All rights reserved. 8
  9. 9. © 2013 Cisco and/or its affiliates. All rights reserved. 9
  10. 10. •  Increased Resiliency -  Access link, router, or upstream provider network failures should not interrupt service •  Increased Bandwidth -  Usually cheaper to add a 2nd link rather than buying a ‘step increase’ in existing access bandwidth -  Adding bandwidth via a 2nd link gives other benefits over simply increasing single link bandwidth -  But this extra bandwidth has to be useable – need to have the ability to effect ingress traffic usage •  Increased Responsiveness -  Potentially, can serve customers better with diverse links •  Increased Market Opportunities -  IPv6 opportunities for new growth -  Serve customers “not in your physical plant footprint” © 2013 Cisco and/or its affiliates. All rights reserved. 10
  11. 11. •  Market Segment -  Over the Top Service Provider for State of New Jersey Educational Entities (K-12, universities, colleges) Customer Site: http://njedge.net •  LISP Services -  BGP-free Multihoming -  IPv6 Internet Access Customer Site: http://lisp.njedge.net Customer Case Study: http://lisp.cisco.com -  Host Mobility Disaster-Recovery (adding now…) -  Inter-Departmental VPNs (adding next…) © 2013 Cisco and/or its affiliates. All rights reserved. 11
  12. 12. Before LISP, constituent members were faced with… Many more features be added here... Some.. can v6 •  Configuration complexity… •  Uneven multihoming load shares… IPv6 Internet Facebook Google Some.. They wanted: v4 50%/50% They got: 90%/10% ? 80%/20% ? Never 50%/50% Constituent Member Topologies… Default Route CPE Member 1 IPv4 Internet BGP CPE CPE BGP CPE Member 3 CPE . . . Member 2 © 2013 Cisco and/or its affiliates. All rights reserved. Tier 1 SP2 Tier 1 SP1 Default Route Or BGP router  bgp  100    bgp  router-­‐id  172.16.2.1    bgp  asnota2on  dot    no  bgp  default  ipv4-­‐unicast    bgp  log-­‐neighbor-­‐changes    neighbor  1 More… 72.16.2.1  remote-­‐as  300  <==  eBGP  to  SP1      neighbor  172.16.1.2  remote-­‐as  400  <==  eBGP  to  SP2     !   v6  address-­‐family  ipv4      no  synchroniza2on      redistribute  ospf  route-­‐map  populate-­‐default      neighbor  172.16.1.2  ac2vate      neighbor  172.16.1.2  route-­‐map  filter-­‐out  out      neighbor  172.16.1.2  route-­‐map  filter-­‐in  in      neighbor  172.16.1.2  maximum-­‐prefix  450000  90      neighbor  172.16.2.1  ac2vate      neighbor  172.16.2.1  route-­‐map  filter-­‐out  out      neighbor  172.16.2.1  route-­‐map  filter-­‐in  in      neighbor  172.16.2.1  maximum-­‐prefix  450000  90   More…    no  auto-­‐summary      exit-­‐address-­‐family   v4  !   ip  bgp-­‐community  new-­‐format   ip  community-­‐list  Transitutlist  permit  100:123   standard  o !   SP route-­‐map  populate-­‐default  permit  10    set  origin  igp    set  community  100:123   Commodity !   route-­‐map  filter-­‐out  permit  10   SP  match  community  outlist   !   route-­‐map  filter-­‐in  permit  10    match  community  inlist   !   Member N 12
  13. 13. By deploying LISP… •  Configuration simplicity… More… v6 Some.. v6 NJEDge.Net LISP Network IPv6 Internet NJEDge.Net LISP Network Facebook MS/MR PxTR MS/MR Google Some.. v4 router  lisp   PxTR    locator-­‐set  Site3          172.16.1.2  priority  1  weight  More… 50          172.16.2.2  priority  1  weight  50  v4        exit   Transit    !   SP    eid-­‐table  default  instance-­‐id  0          database-­‐mapping  10.1.1.0/24  locator-­‐set  Site3       SP2exit   Commodity  !   SP  ipv4  itr    ipv4  etr    ipv4  itr  map-­‐resolver  172.17.1.1   Default BGP  ipv4  etr  map-­‐server  172.17.1.1  key  s3cr3t   Route CPE  ipv4  use-­‐petr  10.5.5.5     xTR  !   Member N IPv4 Internet Constituent Member Topologies… Default Route xTR CPE Member 1 Default Default Route Route Or BGP Default Route BGP CPE xTR CPE xTR CPE xTR Member 3 Member 3 . . . Member 2 © 2013 Cisco and/or its affiliates. All rights reserved. Tier 1 Tier 1 SP1 13
  14. 14. By deploying LISP… •  Configuration simplicity… •  Even multihoming load sharing… Non-LISP-to-LISP Some.. v6 NJEDge.Net LISP Network NJEDge.Net LISP Network IPv6 Internet Facebook MS/MR PxTR MS/MR PxTR Google Some.. v4 IPv4 EID Aggregate IPv4 Internet Advertisement Default Route xTR CPE LISP-to-LISP Member 1 Default Default Route Route Or BGP More… v4 Transit SP Tier 1 SP2 Tier 1 SP1 Commodity SP Default Route BGP CPE xTR CPE xTR Default BGP Route CPE xTR Member 3 Member 3 CPE xTR . . . Member 2 © 2013 Cisco and/or its affiliates. All rights reserved. More… v6 Member N 14
  15. 15. Some.. v6 NJEDge.Net LISP Network NJEDge.Net is now adding IPv6 for its members! IPv6 EID Aggregate Advertisement More… v6 Facebook MS/MR PxTR MS/MR PxTR Google Some.. v4 Non-LISP-to-LISP IPv4 Internet Default Route LISP-to-LISP xTR CPE IPv6 EIDs Member 1 Default Default Route Route Or BGP More… v4 Transit SP Tier 1 SP2 Tier 1 SP1 Commodity SP Default Route BGP CPE xTR Member 2 CPE xTR Default BGP Route CPE xTR Member 3 Member 3 CPE xTR . . . IPv6 EIDs © 2013 Cisco and/or its affiliates. All rights reserved. NJEDge.Net LISP Network IPv6 Internet IPv6 EIDs Member N IPv6 EIDs 15
  16. 16. •  Deployment Details -  ASR1Ks as MSMRs -  ASR9Ks as PxTRs (90G Internet capacity) •  Key LISP Benefits ü  No BGP to configure or complexities for customers to manage This opens the door for “best” access! •  Broadband now useable •  Higher speeds, lower costs •  Backup link diversity ü  No complex configurations ü  Optimized and predictable Ingress load balancing * ü  Cost Savings by reducing OPEX and CAPEX ü  LISP offers non disruptive transition approach which does not affect end system and allows for incremental deployment ü  Disaster Recovery for Critical Applications introduces Increased Complexity * Traditional BGP-based multihoming and load balancing is especially challenging (and often unpredictable during failure events). LISP always is predictable. © 2013 Cisco and/or its affiliates. All rights reserved. 16
  17. 17. •  LISP with MPLS results in an “ideal” deployment environment -  Locator/ID split “idealizes” a pure “RLOC core” and “EID Overlay” -  Enabler for many high-payoff benefits •  Flexible Overlay Virtual Network Overlay Control Plane (LISP Mapping System) Service = Virtual Network (VN) -  High Capacity Resilient Fabric -  Intelligent Packet Handling -  Programmable & Manageable © 2013 Cisco and/or its affiliates. All rights reserved. Edge Devices (CEs) Hosts (end-points) •  Robust Underlay/Fabric Underlay Network -  Virtualization -  Mobility – Track end-point attach at edges LISP Encapsulation Edge Device (CE) -  Scale – Reduce core state -  Distribute and partition state to network edge -  Flexibility/Programmability -  Reduced number of touch points Underlay Control Plane (BGP) 17
  18. 18. •  Enterprise Customer Deployment Examples: -  IPv6 over IPv4 MPLS VPN o  Immediate ability to deploy IPv6 enterprise network without core involvement -  Multihoming over two separate MPLS VPN service provider networks o  LISP control plane automatically handles disjointed locator space -  Virtualization over existing MPLS VPN * o  Immediate ability to deploy virtualization over the top of MPLS network without core involvement •  Service Provider Customer Deployment Examples: -  NNI for 3rd-party MPLS provider access * o  Simplified NNI solution that enables uniform service levels “everywhere” * Covered in the virtualization/multitenancy section of this presentation. © 2013 Cisco and/or its affiliates. All rights reserved. 18
  19. 19. CE1#show ip route ---<skip>--10.0.0.0/8 is subnetted, 9 subnets O IA 10.1.0.0/24 [110/11] via 172.16.6.1, 00:29:49, Ethernet1/0 O IA 10.1.2.0/24 [110/11] via 172.16.6.1, 00:29:49, Ethernet1/1 ---<skip>--B 10.3.0.0/24 [20/11] via 12.3.0.2, 00:12:01 B 10.3.1.0/24 [20/11] via 12.3.0.2, 00:12:01 ---<more>--12.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 12.1.0.2/30 is directly connected, Ethernet0/0 B 12.1.0.8/30 [20/11] via 12.3.0.1, 00:12:01 IPv4 ---<more>--CE1# 1: Existing IPv4 MPLS PE-­‐CE  links   (RLOCs!!)   IGP Blue   Site  1   eBGP IPv4 PE1 IPv4 Purple   Site  1   Purple   Site  2   IPv4 CE1 CE1 IPv4 PE2#show ip route vrf BLUE IPv4 ---<skip>--10.0.0.0/8 is subnetted, 9 subnets Blue     B 10.1.0.0/24 [20/11] via 12.1.0.2, 00:17:55 B 10.1.2.0/24 [20/11] via 12.1.0.2, 00:17:55 MPLS-­‐VPN   B 10.3.0.0/24 [20/11] via 12.3.0.2, 00:12:01 B 10.3.1.0/24 [20/11] via 12.3.0.2, 00:12:01 ---<more>---Purple   12.0.0.0/8 is variably subnetted, 5 subnets, 2 masks MPLS-­‐VPN   C 12.1.0.0/30 is directly connected, Ethernet1/0 L 12.1.0.1/32 is directly connected, Ethernet1/0 ---<more>--PE2# Blue   Site  2   © 2013 Cisco and/or its affiliates. All rights reserved. CE2 CE2 Customer   Prefixes   (EIDs!!)   PE4 PE-­‐CE  links   (RLOCs!!)   PE3 PE2 IPv4 Customer   Prefixes   (EIDs!!)   IPv4 IPv4 SP MPLS CE3 IPv4 Blue   Site  3   19
  20. 20. CE1#show ip route ---<skip>--10.0.0.0/8 is subnetted, 9 subnets O IA 10.1.0.0/24 [110/11] via 172.16.6.1, 00:29:49, Ethernet1/0 O IA 10.1.2.0/24 [110/11] via 172.16.6.1, 00:29:49, Ethernet1/1 ---<skip>--12.0.0.0/8 is variably subnetted, 5 subnets, 2 masks denyCEIDs out 12.1.0.2/30 is directly connected, Ethernet0/0 B 12.1.0.8/30 [20/11] via 12.3.0.1, 00:12:01 ---<more>--IPv4 CE1# 1: Existing IPv4 MPLS – Add LISP! ✗ route-map IGP Blue   Site  1   eBGP IPv4 CE1 Purple   Site  1   IPv4 PE1 CE1 Blue     MPLS-­‐VPN   Blue   Site  2   CE2 xTR PE4 PE-­‐CE  links   (RLOCs!!)   PE3 PE2 IPv4 CE2 PE2#show ip route vrf BLUE ---<skip>--Purple   12.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 12.1.0.0/30 is directly connected, Ethernet1/0 MPLS-­‐VPN   L 12.1.0.1/32 is directly connected, Ethernet1/0 ---<more>--PE2# IPv4 PE-­‐CE  links  (RLOCs!!)   Purple   Site  2   IPv4 MSMR xTR IPv4 This  sites  Prefixes  (EIDs!!)   IPv4 IPv4 SP MPLS CE3 xTR IPv4 Blue   Site  3   Note: LISP can be enabled on CE or PE devices! © 2013 Cisco and/or its affiliates. All rights reserved. 20
  21. 21. CE1#show ip lisp map-cache LISP IPv4 Mapping 1: Existing IPv4 MPLS – Add LISP! Cache for EID-table default (IID 0), 12 entries ✗ route-map IGP Blue   Site  1   eBGP IPv4 Other  site   EIDs!!   PE-­‐CE  link  (RLOC!!)   Purple   Site  2   ✗ route-map deny EIDs out CE1 IPv4 IPv4 PE1 MSMR xTR IPv4 Purple   Site  1   0.0.0.0/0, uptime: 6w0d, expires: never, via static send map-request Negative cache entry, action: send-map-request 10.3.0.0/24, uptime: 00:00:06, expires: 23:59:46, via map-reply, complete deny EIDs out Uptime Locator State Pri/Wgt 12.3.0.2 00:00:06 up 1/100 ---<more>--IPv4 CE1# CE1 Blue     MPLS-­‐VPN   PE3 PE2 Blue   Site  2   CE2 xTR PE4 Purple   MPLS-­‐VPN   IPv4 IPv4 CE2 IPv4 IPv4 SP MPLS CE3 xTR IPv4 Blue   Site  3   Note: LISP can be enabled on CE or PE devices! © 2013 Cisco and/or its affiliates. All rights reserved. 21
  22. 22. CE1#show run | begin router lisp ---<skip>--router lisp eid-table default instance-id 0 database-mapping 2001:db8:a:a::/64 12.1.0.2 pri 1 wei 100 exit ! ipv6 itr map-resolver 12.1.0.2 ipv6 itr deny EIDsetr map-server 12.1.0.2 key ce1-xtr ipv6 out ipv6 etr exit IPv4 ! ---<more>--CE1# 2: Add IPv6 over IPv4 MPLS with LISP ✗ route-map IGP IPv6 Blue   Site  1   eBGP IPv4 CE1 IPv4 PE1 MSMR xTR IPv4 Purple   Site  1   IPv4 Blue     MPLS-­‐VPN   CE1 PE2#show Blue % Specified IPv6 routing table does not exist PE2# PE3 PE2 IPv6 IPv4 Blue   Site  2   © 2013 Cisco and/or its affiliates. All rights reserved. CE2 xTR IPv4 IPv4 SP MPLS Purple   Site  2   CE2 PE4 Purple   MPLS-­‐VPN   ipv6 route vrf IPv4 IPv6  EIDs!!   IPv6  Not   Enabled!   CE3 xTR IPv4 IPv6 Blue   Site  3   22
  23. 23. CE1#ping 2001:db8:b:b::1 so 2001:db8:a:a::1 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 2001:db8:b:b::1, timeout is 2 seconds: Packet sent with a source address of 2001:db8:a:a::1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms CE1# 2: Add IPv6 over IPv4 MPLS with LISP ✗ route-map deny EIDs out IGP IPv6 Blue   Site  1   CE1#show ipv6 lisp map-cache LISP IPv6 Mapping Cache for EID-table default (IID 0), 3 entries eBGP IPv4 CE1 Purple   Site  1   Purple   Site  2   IPv4 PE1 MSMR xTR IPv4 IPv4 ::/0, uptime: 6w0d, expires: never, via static send map-request IPv4 Negative cache entry, action: send-map-request 2001:DB8:B:B::/64, uptime: 00:01:17, expires: 23:58:36, via map-reply, complete Locator Uptime State Pri/Wgt 12.3.0.2 00:00:06 up 1/100 IPv4 CE2 ---<more>--CE1# CE1 Blue     MPLS-­‐VPN   IPv4 Blue   Site  2   © 2013 Cisco and/or its affiliates. All rights reserved. CE2 xTR PE-­‐CE  links  RLOCs!!   PE4 Purple   MPLS-­‐VPN   IPv4 PE3 PE2 IPv6 Other  site  EIDs!!   IPv4 IPv4 SP MPLS CE3 xTR IPv4 IPv6 Blue   Site  3   23
  24. 24. •  Customer Example :: Cisco IT – IPv6-over-IPv4 MPLS Current Remote Office xTR 8 Offices, ~1900 employees ~1375 IPv6 devices Planned Deployments (Q1- CY14) 80+ additional offices Proxy Aggregate BW L3 MPLS VPN PxTR, MSMR © 2013 Cisco and/or its affiliates. All rights reserved. 24
  25. 25. •  Customer Example :: “Home Router Market” (Europe) UP: xMbps DN: yMbps §  Multihoming by bundling multiple access technologies SP Broadband Core –  4G+xDSL §  Higher BW, and resiliency 1 §  Load Sharing PxTR EID (Lo0) 10.1.1.x/32 .10 Customer 192.168.1.0/24 2 UP: aMbps DN: bMbps © 2013 Cisco and/or its affiliates. All rights reserved. LTE Cloud Internet –  Bandwidth and link conditions §  Better user experience §  Subscriber traffic NAT’d to EID loopback –  Common configuration on all CE §  Supports DHCP (RLOC) §  LISP hidden from customer 25
  26. 26. •  Locator/ID separation creates two namespaces: EIDs and RLOCs -  EID space is the overlay of Enterprise prefixes -  RLOC space is the underlay network connectivity •  Fundamental principal of ALL network: connectivity must exist between sites MSMR RTR •  LISP supports sites being connected to locator spaces that have no connectivity to each other! -  In LISP, this is known as a “disjointed RLOC set” IPv4 Internet 0.0.0.0/0 MPLS VPN Core xTR xTR xTR xTR xTR xTR © 2013 Cisco and/or its affiliates. All rights reserved. xTR IPv6 Internet ::/0 xTR 26
  27. 27. xTR4 10.0.4.0/30 EID – 4.4.4.0/24 EID – 4:4:4::/48 IPv4 Internet 0.0.0.0/0 (scope 1) IPv6 Internet ::/0 (scope 2) 10.1.1.0/30 EID – 1.1.1.0/24 EID – 1:1:1::/48 xTR1 10.1.1.0/30 EID – 1.1.1.0/24 EID – 1:1:1::/48 © 2013 Cisco and/or its affiliates. All rights reserved. MPLS SP 2 IPv4 VPN 10.2.0.0/16 (scope 2) Internet (scope 1) xTR1 MPLS SP 1 IPv4 VPN 10.1.0.0/16 (scope 1) MPLS IPv4 VPN (scope 2) xTR6 10:0:6::/64 EID – 6.6.6.0/24 EID – 6:6:6::/48 One obvious example of disjointed RLOC spaces is for IPv4 and IPv6 attached sites xTR2 10.2.1.0/30 EID – 2.2.2.0/24 EID – 2:2:2::/48 xTR2 10.2.1.0/30 EID – 2.2.2.0/24 EID – 2:2:2::/48 The same situation occurs for distinct core networks of the same address family. Two MPLS VPN cores, for example, exhibit disjointed RLOC properties. 27
  28. 28. ! router lisp locator-set rtr-set1 10.1.3.1 priority 1 weight 1 exit ! locator-set rtr-set2 10.2.3.1 priority 1 weight 1 exit ! locator-scope s1 rtr-locator-set rtr-set1 rloc-prefix 10.1.0.0/16 exit ! locator-scope s2 rtr-locator-set rtr-set2 rloc-prefix 10.2.0.0/16 exit ! ---<etc.>--- MSMR RTR Core 2 10.2.0.0/16 Core 1 10.1.0.0/16 xTR xTR ! router lisp locator-set setALL 10.1.3.1 priority 1 weight 1 10.2.3.1 priority 1 weight 1 exit ! map-request itr-rlocs setALL eid-table default instance-id 0 map-cache 0.0.0.0/0 map-request map-cache ::/0 map-request exit ! ---<etc.>--- xTR xTR xTR xTR No changes are made to the CE devices!! © 2013 Cisco and/or its affiliates. All rights reserved. 28
  29. 29. © 2013 Cisco and/or its affiliates. All rights reserved. 29
  30. 30. •  Virtualization of the DEVICE level -  Virtual Routing and Forwarding (VRF) tables segment Layer 3 routing tables -  VRFs are used to virtualize the component resources -  Virtualization secures movement of traffic between networks and enhances security policy options •  Virtualization of the PATH level -  VRFs assist in path isolation -  Single-hop (hop-by-hop) -  Multi-hop (over-the-top) 802.1q, DLCI, VPI/VCI PW, EVN GRE, MPLS, etc. #1 LISP use case!! VRF-1 IP VRF-2 Global © 2013 Cisco and/or its affiliates. All rights reserved. 30
  31. 31. •  Recalling that… LISP is “Locator/ID” separation… and creates two namespaces: EIDs and RLOCs… LISP can virtualize both EID and RLOC namespaces, or both! •  Two models of operation are defined: Shared and Parallel -  Shared Model Virtualization: o  Virtualizes the EID namespaces o  Binds EID namespace privately defined using a VRF to an Instance-ID o  Uses a common (shared) RLOC (locator) address space o  The Mapping System is also part of the locator namespaces and is shared -  Parallel Model Virtualization: o  Virtualizes the RLOC (locator) namespaces o  One or more EID instances may share a virtualized RLOC namespace o  A Mapping System must also be part of each locator namespaces is shared © 2013 Cisco and/or its affiliates. All rights reserved. 31
  32. 32. •  Market Segment IPv6 Internet X Y -  SMB customers, 2 to 15 sites -  IPv6 Access/Core, IPv4 Customer space X SONY Bit-Drive Services •  LISP Services -  GETVPN+LISP (encrypted VPN) Y IPv4 Internet Data Center Host/Cloud Service (Virtualized) GW IID X MS/MR -  IPv4, IPv6 Internet Access PxTR KS xTR IID Y -  Multitenant Data Center (web, mail, etc.) GETVPN+LISP SMB X Site 1 xTR IPv4/IPv6 EID Space © 2013 Cisco and/or its affiliates. All rights reserved. SMB X Site 2 GETVPN+LISP TEK/LISP IID X TEK/LISP IID Y xTR IPv4/IPv6 EID Space SMB X Site 3 xTR IPv4/IPv6 EID Space SMB Y Site 1 xTR IPv4/IPv6 EID Space SMB Y Site 2 xTR IPv4/IPv6 EID Space SMB Y Site 10 ... xTR IPv4/IPv6 EID Space ... 32
  33. 33. Cisco Products: • SONY bit-drive LISP infrastructure ­ ASR1Ks for Proxy Systems ­ ISRG2s for Mapping Systems ­ ASR1Ks for NAT Devices Shared LISP infrastructure Multi-tenant/Virtualized ­ ISRG2s for Key Servers • Customer CE Devices ­ C890Js Subscribers, per end-site LISP-based Services Benefits: •  •  •  •  Broadband circuits (<$) Multihoming (<$) IPv6 Core, IPv4 and IPv6 EIDs Creates a private network (w/o MPLS $) Customer Site: http://www.bit-drive.ne.jp/vpn/cisco_series/ © 2013 Cisco and/or its affiliates. All rights reserved. 33
  34. 34. •  Multitenancy Customer Networks: •  IPv4, IPv6.. •  LISP Instance-IDs (IIDs) provide segmentation •  Add GETVPN for encryption, per-customer (simple!) Location Y Group A Network Group B Network Location X Group A Device Group B Device GM   IID 1 xTR   xTR   Group C Network Group N Network Group N Device IID n SP1 CE Device xTR SP1 SP2 Group A Network Group B Network IID 3 IID n Core Network Access Flexibility: •  One or multiple WAN connections •  One or multiple CE devices… •  IPv4 and/or IPv6… •  Multiple SP Cores… SP1 © 2013 Cisco and/or its affiliates. All rights reserved. MPLS VPN CE Device xTR . . IID 1 IID 2 IID 3 . . Group B Device GM   IID 2 Group C Device Group A Device MPLS Core Network . . Group C Device Group C Network . . Group N Device Group N Network No need for multiple MPLS VRFs for traffic segmentation. •  LISP encapsulates all traffic into the “RLOC namespace” •  LISP Instance-IDs (IIDs) provide segmentation 34
  35. 35. •  Multitenancy Location Y Group A Network Group B Network Group A Device Group B Device GM   IID 1 xTR   xTR   Group C Device Group N Device . . IID 1 IID 2 IID n LISP0.1   To Enterprise Internal Networks CE Device xTR Segmentation by physical, Layer 2, or Layer 3 means (e.g. 802.1Q, EVN, physically separate networks) Group A Network Group B Network IID 3 MPLS VPN IID n . . LISP0.2   CE Device xTR LISP0.3   Group C Device VRF B, IID 2 ID 3 C, I Default Group C Network . To IPv4 or IPv6 Core . RLOC Group N namespace Device VRF © 2013 Cisco and/or its affiliates. All rights reserved. Group B Device GM   IID 2 . . Group N Network Group A Device MPLS Core Network IID 3 Group C Network Location X Group N Network •  Single RLOC namespace •  Default table (or RLOC VRF) 35
  36. 36. •  Multitenancy Location Y Group A Network Group B Network Group A Device Group B Device GM   IID 1 xTR   IID 2 IID 3 Group C Network Group C Device . . Group N Network © 2013 Cisco and/or its affiliates. All rights reserved. Group N Device . . IID n CE Device xTR ! router lisp Location X locator-set CE 10.2.2.2 priority 1 weight A100 Group Device MPLS Core exit Group A Network Network ! eid-table vrf GROUPA instance-id 1 Group B GM   database-mapping 192.168.16.0/24 locator-set CE Device Group B xTR   IID 1 database-mapping 1:1:16::/64 locator-set CE Network IID 2 exit IID 3 MPLS VPN ! Group C . . Device eid-table vrf IID n GROUPB instance-id 2 C Group CE Device Network database-mapping 192.168.16.0/24 locator-set CE xTR database-mapping 2:2:16::/64 locator-set CE . . exit Group N Device ! Group N eid-table vrf GROUPC instance-id 3 Network database-mapping 192.168.16.0/24 locator-set CE database-mapping 3:3:16::/64 locator-set CE exit ! 36
  37. 37. •  LISP and encryption (IOS) -  Recalling that… LISP is “Locator/ID” separation… and creates two namespaces: EIDs and RLOCs -  LISP provides two ways to apply a crypto map Use-Case Vanilla IPsec GETVPN Comments LISP Default Model crypto-map on RLOC ✔ ✔ LISP encap first, then encryption based on RLOC crypto-map on LISP0 ✔ ✔ Encryption first based on EID, then LISP encap LISP Virtualization crypto-map on RLOC ✔ ✔ LISP encap first, then encryption based on RLOC crypto-map on LISP0.x ✔ ✔ Encryption first based on EID, then LISP encap See: lisp.cisco.com for the GETVPN+LISP Configuration Guide! © 2013 Cisco and/or its affiliates. All rights reserved. 37
  38. 38. •  Group Domain of Interpretation (GDOI) RFC 6407 -  “Stateless” IPsec -  Traffic encryption keys computed on Key Server, distributed to all Group Members -  Better scaling than vanilla IPsec Group Policy Key Server Key Server • Validate Group Members • Manage Security Policy • Create Group Keys • Distribute Policy / Keys Routing Domain Key Encryption Key (KEK) Traffic Encryption Key (TEK) Group Member GET VPN Group Member Group Member • Encryption Devices • Route Between Secure / Unsecure Regions • Multicast Participation © 2013 Cisco and/or its affiliates. All rights reserved. Group Member Group Member 38
  39. 39. •  Multitenancy Location Y Group A Network Group B Network Group A Device Group B Device GM   IID 1 xTR   IID 2 IID 3 Group C Network Group C Device . . Group N Network © 2013 Cisco and/or its affiliates. All rights reserved. Group N Device . . IID n CE Device xTR ! interface LISP0 Location X ! interface LISP0.1 Group A Device MPLS Core ip mtu 1456 ipv6 mtu 1456 Network ipv6 crypto map MAP-V6-0001 GM   crypto map MAP-V4-0001 Group B Device xTR   IID 1 ! IID 2 interface LISP0.2 IID 3 MPLS VPN ip mtu 1456 Group C . . Device ipv6 mtu 1456 IID n CE Device ipv6 crypto map MAP-V6-0002 xTR crypto map MAP-V4-0002 . . ! Group N Device interface LISP0.3 ip mtu 1456 ipv6 mtu 1456 ipv6 crypto map MAP-V6-0003 crypto map MAP-V4-0003 ! Group A Network Group B Network Group C Network Group N Network 39
  40. 40. •  LISP Services -  Reduce complexity of provisioning and managing 3rd-party NNI connections -  QoS, Multicast, IPv4/IPv6 for ALL customers -  PE customer VRF routing table size reduction -  3rd party SP core isolation Mapping System CE   LISP control plane ASBR-A1 CE   xTR   PxTR   SP MPLS VRF ASBR-P1 Partner VRF PxTR   ASBR-A2 Mapping System xTR   ASBR-P2 LISP Domain LISP Encapsulated traffic “Important” use-case due to the “simplification” it enables, and also for the additional “features” it enables once deployed. © 2013 Cisco and/or its affiliates. All rights reserved. 40
  41. 41. © 2013 Cisco and/or its affiliates. All rights reserved. 41
  42. 42. Mobility = Flexibility IP Portability = Simplicity •  Mobility in the DC allows business continuity during network failover, maintenance and migration: active-active DC, Disaster Recovery, Hybrid Cloud, DC migration •  Mobility with IP Address Retention… •  Is transparent to clients, applications and allows keeping existing network policies •  Server Virtualization…enables virtual server mobility Original DC A.B.C.D © 2013 Cisco and/or its affiliates. All rights reserved. Service Provider DC or Disaster Recovery DC or New DC … A.B.C.D 42
  43. 43. Live Moves With LAN Extension Cold Moves Without LAN Extension LISP Site LISP Site XTR   XTR   IPv4 Network Mapping DB DR Location or Cloud Provider DC Mapping DB IPv4 Network LAN Extension LISP-­‐VM   (XTR)   West-DC •  Routing for Extended Subnets East-DC LISP-­‐VM   (XTR)   West-DC East-DC •  IP Mobility Across Subnets Active-Active Data Centers DC Migration Distributed Data Centers Disaster Recovery / Cloud Bursting / Hybrid Cloud •  Application Members Distributed •  Application Members In One Home Location •  Seamless Workload Mobility © 2013 Cisco and/or its affiliates. All rights reserved. 43 43
  44. 44. •  Existing LISP adopters •  New LISP customers LISP sites Non LISP remote sites Enable VM Mobility in DC Sites Standalone VM Mobility Use Case Natural, simple evolution of existing LISP infrastructure Minimal, DC only, intrusion Phased, operationally light, incremental approach Interworking with existing routing protocols MSMR   Mapping DB West-DC © 2013 Cisco and/or its affiliates. All rights reserved. East-DC West-DC MSMR   MSMR   East-DC 44
  45. 45. Client Site LISP Encapsulated Traffic •  Most firewalls cannot inspect LISP data traffic (ZBF LISP WAN or Internet West-DC © 2013 Cisco and/or its affiliates. All rights reserved. Inspection: 1HCY14) East-DC 45
  46. 46. Example: Extended LAN between DCs Client Site •  Most firewalls cannot inspect LISP data traffic (ZBF LISP WAN or Internet Inspection: 1HCY14) •  Stateful devices like firewalls and BidirectionalTraffic load balancers need to inspect the traffic in both directions LAN Extension West-DC © 2013 Cisco and/or its affiliates. All rights reserved. East-DC 46
  47. 47. Example: Extended LAN between DCs Client Site •  Most firewalls cannot inspect LISP data traffic (ZBF LISP Inspection: 1HCY14) WAN or Internet •  Stateful devices like firewalls and BidirectionalTraffic load balancers need to inspect Return Traffic One-Way Traffic LAN Extension the traffic in both directions After the silver VM moves to EastDC across the LAN extension, West-DC East-DC firewalls on each DC see traffic only in one direction © 2013 Cisco and/or its affiliates. All rights reserved. 47
  48. 48. Client Site ? West-DC © 2013 Cisco and/or its affiliates. All rights reserved. •  Client traffic to moved workload is blackholed or not optimized after WAN or Internet the move East-DC 48
  49. 49. Client Site Tenant 1 Client Site Tenant 1 •  Server Zone Segmentation Client Site Tenant 2 WAN Tenant 1 WAN Tenant 2 Client Site Tenant 2 front-end/back-end servers Internal firewall inspects inter-zone traffic VLAN or VRF Lite •  Tenant (or service) Segmentation FW Context Tenant 1 FW Context Tenant 2 Each tenant use a private VPN Dedicated firewall (context) per tenant •  Associate Zones to single tenant (or service) West-DC © 2013 Cisco and/or its affiliates. All rights reserved. Tenant VRF “merges” server zone VRFs Example: Two tenant –Three zone •  Scale from tens (enterprise) to thousands tenants (service provider) IaaS Virtualization 49
  50. 50. LISP Client Site RLOC EID PITR   PETR   LISP Encap/Decap ...   Non LISP Client Site Tunnel Router (xTR): H/W encap/decap (HW capable) and registration (control-plane) of the mobile subnet in the MS WAN or Internet FHR   FHR   DC-1 © 2013 Cisco and/or its affiliates. All rights reserved. •  In a typical deployment, MSMR and TR functions coexist ETR   ITR   MSMR   Mapping DB FHR   DC-2 support VM Mobility Map Server/Resolver (MSMR) LISP Device ETR   ITR   •  There are minimal changes to existing LISP functions to FHR   and are distributed (HA) on the same devices in one or all data center locations router lisp ! [MSMR portion] site WESTEAST-DC authentication-key L15P43V3R eid-prefix 172.71.64.0/20 accept-more-specifics exit ! ipv4 map-server ipv4 map-resolver exit 50
  51. 51. LISP Client Site RLOC EID PITR   PETR   LISP Encap/Decap ...   Non LISP Client Site •  First Hop Router is a control-plane function for scalable, dynamic detection and signaling of a “silent” host •  LISP Single-Hop Mobility implements FHR and xTR in the LISP Device same devices WAN or Internet •  LISP Multi-Hop Mobility implements FHR and xTR in two distinct devices, allowing multiple L3 hops in between: ETR   ITR   FHR   FHR   DC-1 © 2013 Cisco and/or its affiliates. All rights reserved. ETR   ITR   MSMR   Mapping DB -  Less stringent H/W capability requirements -  Insertion of L3 stateful devices (non LISP capable) -  Multiple points in the network capable of injecting LISP mobile information and “influence” traffic routing FHR   FHR   DC-2 51
  52. 52. LISP Client Site RLOC EID PITR   PETR   LISP Encap/Decap ...   Non LISP Client Site •  The signaling of the mobile VM location initiated by a FHR discovery, happens on both axes: E-W: local and remote peers LISP Device N-S: FHR à xTR à MSMR à xTR à FHR WAN or Internet ETR   ITR   FHR   FHR   DC-1 ETR   ITR   MSMR   Mapping DB FHR   DC-2 LAN Extension © 2013 Cisco and/or its affiliates. All rights reserved. FHR   router lisp locator-set DC2 10.10.3.1 priority 1 weight 5 10.10.4.1 priority 1 weight 5 exit eid-table default instance-id 3333 dynamic-eid VM database-mapping 172.71.73.0/24 locator-set DC2 map-notify-group 230.23.3.1 eid-notify 10.10.1.1 key DC2-XTR exit ! [..] ! interface GigabitEthernet0/0 ip address 172.71.73.3 255.255.255.0 standby 0 ip 172.71.73.1 lisp mobility VM lisp extended-subnet-mode ! 52
  53. 53. Regional Site RLOC Non LISP Client Site EID LISP Encap/Decap ...   •  The signaling of the mobile VM location initiated by a FHR discovery, happens on both axes: E-W: local and remote peers LISP Device S-N: FHR à xTR à MSMR à xTR à FHR WAN •  FHR can be deployed as a LISP standalone function, for the simplest LISP DC mobility solution Host Route Injection Host Route Injection FHR   FHR   DC-1 FHR   FHR   DC-2 LAN Extension © 2013 Cisco and/or its affiliates. All rights reserved. 53
  54. 54. •  Web Server Backup Service Cold Move – Across Subnet Mode Single server machine needs to move to LISP Service Provider DC for scheduled maintenance or DR •  NAT Support Firewalls with 1:1 NAT acting as server gateway are typically deployed on original site Host presence detection on original site on public prefix Public IP address moves to LISP Service Provider DC More… v6 Some.. v6 NJEDge.Net LISP Network IPv6 Internet Facebook Google IPv4 EID Aggregate IPv4 Internet Advertisement CPE xTR Non-LISP-to-LISP Some v4 Commodity SP Member N BGP CPE xTR Member 3 Member 2 LISP-to-LISP CPE xTR . . . 2 Member 1 Transit SP Default Route Default Route BGP CPE xTR MS/MR PxTR Tier 1 SP2 Tier 1 SP1 Default Default Route Route Or BGP 172.31.255.10 XTR 1:1 NAT Member N 172.31.255.0/24 192.168.0.0/24 192.168.0.10 © 2013 Cisco and/or its affiliates. All rights reserved. 54
  55. 55. •  Before LISP: Big-Bang Approach Perform a bulk migration with high risk Take longer to start moving servers WAN Longer storage migration cycle that requires keeping a large data set in synch over WAN ASR1K L3 L3 L2 L2 Brownfield Customer DC Any VLAN and Any STP Greenfield IBM DC Any VLAN and Any STP Bulk Migration Shared or Migration WAN 10.1.1.5 © 2013 Cisco and/or its affiliates. All rights reserved. 10.1.1.6 10.1.1.0/24 55
  56. 56. •  With LISP: WAN ASR1K ETR   MSMR   L3 L2 Brownfield Customer DC Any VLAN and Any STP 10.1.1.5 © 2013 Cisco and/or its affiliates. All rights reserved. 10.1.1.6 Greenfield IBM DC LISP ASM Incremental Server Migration L3 L2 Any VLAN and Any STP Can perform the server migration in smaller waves (lower risk) and faster, as soon as the server data is available on IBM DC The amount of data to be kept in synch is minimized, reducing risk and WAN requirements Path optimization from the user to the application is possible, eliminating latency concerns and reducing WAN bandwidth requirements Simplicity: Repeatable, easy to implement with pre-defined price •  IBM SO UK Reduced the Migration Window from years to weeks (95%) 10.1.1.5 56
  57. 57. •  Brownfield DC: Non intrusive ASR1000 placement (on-astick), configured as LISP PxTR Mapping System:! 10.1.1.0 à 2.2.2.2! à 3.3.3.3! WAN 3.3.3.3 2.2.2.2 ASR1K PxTR   ETR   No changes in routing advertisement (mobile aggregate subnet) L2 Brownfield Customer DC Any VLAN and Any STP 10.1.1.5 © 2013 Cisco and/or its affiliates. All rights reserved. 10.1.1.6 •  Greenfield DC: ASR1K ETR   MSMR   L3 5.5.5.5 4.4.4.4 Greenfield IBM DC LISP Mapping System (MSMR) LISP xTR with ASM Mobility (Dynamic EID) for the migrating prefix L3 L2 Any VLAN and Any STP LISP Dynamic EID: 10.1.1.0/24 57
  58. 58. •  Dynamic Granular Migration: WAN 3.3.3.3 2.2.2.2 ASR1K PxTR   ETR   GARP Any VLAN and Any STP •  Dynamic Path Optimization: ASR1K L2 Brownfield Customer DC 5.5.5.5 4.4.4.4 ETR   MSMR   L3 As soon as server is enabled in Greenfield DC, it is discovered by IP/ARP traffic and registered into LISP Mapping System Mapping System:! 10.1.1.0 à 2.2.2.2! à 3.3.3.3! 10.1.1.5 à 4.4.4.4! à 5.5.5.5! ! Greenfield IBM DC L3 L2 Any VLAN and Any STP Client traffic is steered to new Greenfield location Return traffic can be symmetric to allow external firewalls in Brownfield DC Intra-subnet traffic from Brownfield DC is routed (GARP+LISP) to Greenfield DC IP/ARP 10.1.1.5 © 2013 Cisco and/or its affiliates. All rights reserved. 10.1.1.6 LISP Dynamic EID: 10.1.1.0/24 10.1.1.5 58
  59. 59. Challenges Use Case: DC to Cloud IP Mobility •  Simple, Fast, Transparent Benefit: Simplified Application Deployment to the Cloud Cloud Provider Data Center CSR 1000V VPC/ vDC Application Onboarding •  Consistency with DC Network Features Solutions •  LISP for VM Mobility DC •  Routing WAN Router •  NAT, DHCP Benefits Switches ASR Servers •  Simpler App Integration CSR 1000V LISP protocol © 2013 Cisco and/or its affiliates. All rights reserved. •  Dynamic infrastructure VPC/ vDC •  Consistent Management 59
  60. 60. Client Site A •  Active-active DC Solution with ASR1000, Client Site B RLOC LISP+OTV Client Site C EID LISP Encap/Decap ...   LISP Device VPLS VM Move Event West-DC East-DC Incremental Phases… © 2013 Cisco and/or its affiliates. All rights reserved. 60
  61. 61. Client Site A •  Active-active DC Solution with ASR1000, RLOC LISP+OTV •  Phase 1: DC only Client Site B Client Site C EID LISP Encap/Decap ...   LISP Device OTV for intra-VLAN, LISP for inter-VLAN VPLS xTR   MSMR   xTR   MSMR   xTR   MSMR   VM Move Event West-DC Phase 1 of 3 © 2013 Cisco and/or its affiliates. All rights reserved. 10.227.41.7 East-DC 10.227.43.9 61
  62. 62. Client Site A •  Active-active DC Solution with ASR1000, Client Site B RLOC LISP+OTV Client Site C EID LISP Encap/Decap •  Phase 1: DC only ...   LISP Device OTV for intra-VLAN, LISP for inter-VLAN VPLS Host Route Injection Use redistribution for client traffic optimization: East-DC Hosts xTR   MSMR   !redistribute connected ! West !redistribute lisp connectedàEIGRP … xTR   tag=100 MSMR   West-DC Hosts xTR   MSMR   10.227.41.0/24 ! East VM Move Event West-DC Phase 1 of 3 © 2013 Cisco and/or its affiliates. All rights reserved. … (LISPàEIGRP) 10.227.41.7/32 tag=200 10.227.41.7 East-DC 10.227.43.9 62
  63. 63. Client Site A •  Active-active DC Solution with ASR1000, DC Hosts Regional Hub Client Site B staticàEIGRP … tag=330 10.227.41.0/24 RLOC LISP+OTV Client Site C PxTR   EID LISP Encap/Decap •  Phase 1: DC only ...   LISP Device OTV for intra-VLAN, LISP for inter-VLAN VPLS Use redistribution for client traffic optimization: xTR   MSMR   !redistribute connected ! West !redistribute lisp xTR   MSMR   xTR   MSMR   ! East •  Phase 2: regional sites as LISP Proxy DC Ingress Traffic Engineering 10.227.41.0 10.227.41.0 VM Move Event West-DC East-DC Phase 2 of 3 © 2013 Cisco and/or its affiliates. All rights reserved. 63
  64. 64. Client Site A •  Active-active DC Solution with ASR1000, Client Site B RLOC LISP+OTV xTR   EID Client Site C xTR   xTR   LISP Encap/Decap •  Phase 1: DC only ...   LISP Device OTV for intra-VLAN, LISP for inter-VLAN VPLS Use redistribution for client traffic optimization: xTR   MSMR   !redistribute connected ! West !redistribute lisp xTR   MSMR   xTR   MSMR   ! East •  Phase 2: regional sites as LISP Proxy DC Ingress Traffic Engineering VM Move Event •  Phase 3: all client sites become xTR Full Traffic Optimization West-DC East-DC Future Proof Phase 3 of 3 © 2013 Cisco and/or its affiliates. All rights reserved. 64
  65. 65. Client Site A •  Incrementally, each client site: RLOC enables LISP (cookie-cutter config) à Traffic to other LISP sites (like DC) will use LISP transport xTR   EID LISP Encap/Decap ...   LISP Device Advertises its connected subnets into EIGRP with a specific tag à to allow automated filtering by other LISP sites xTR   MSMR   •  Each new xTR, including DC xTRs: Automatically filters out new LISP subnets as described for Phase 2 à return traffic will use LISP transport Migration to Phase 3 © 2013 Cisco and/or its affiliates. All rights reserved. router eigrp 100 distribute-list route-map FILTER-DC in West-DC ! route-map FILTER-DC deny 10 match tag 100 match tag 200 ! [..] route-map FILTER-DC permit 90 ! xTR   MSMR   router lisp locator-set CLIENT ipv4-interface GigabitEthernet0/0 p 1 w 10 exit ! eid-table default instance-id 5473 Client Site B ipv4 route-import database connected routemap LOCAL locator-set CLIENT Site C Client xTR   exit ! xTR   ipv4 itr ipv4 etr map-server 10.10.1.10 key L15P43V3R ipv4 etr map-server 10.10.2.20 key L15P43V3R VPLS ipv4 etr map-server 10.20.0.10 key L15P43V3R ipv4 etr exit ! xTR   ip route 0.0.0.0 0.0.0.0 10.0.9.1 MSMR   router eigrp 100 redistribute connected route-map TAG-OUT distribute-list route-map FILTER-DC in ! route-map FILTER-DC deny 10 match tag 100 match VM Move Event tag 200 ! route-map FILTER-DC permit 90 East-DC ! route-map TAG-OUT permit 10 set tag 100 ! route-map LOCAL permit 10 ! 65
  66. 66. Non-LISP Client Site RLOC EID •  Multi-Hop Mobility with Virtualized First Hop Router as gateway for each Server Zone Non Cisco router LISP Encap/Decap ...   LISP Device Private WAN •  Internal non-Cisco Firewall as inter zone router xTR   MSMR   xTR   MSMR   FHR   FHR   FHR   xTR   MSMR   ~ 1000 mobile servers 70 VRFs xTR   MSMR   FHR   FHR   FHR   DR Move Event West-DC (PRIMARY) © 2013 Cisco and/or its affiliates. All rights reserved. East-DC (BACKUP) 66
  67. 67. Non-LISP Client Site RLOC EID •  Multi-Hop Mobility with Virtualized First Hop Router as gateway for each Server Zone LISP Encap/Decap ...   LISP Device Private WAN •  Internal non-Cisco Firewall as inter zone router •  Both DC Firewalls see bidirectional traffic xTR   MSMR   Host Route Injection xTR   MSMR   East-DC Hosts LISPàOSPF … next-hop=xTR 10.0.1.67/32 next-hop=FHRs 10.0.1.0/24 (static) FHR   FHR   FHR   10.0.2.0/24 10.0.3.0/24 … xTR   MSMR   Host Route Injection (static) … next-hop=xTR 10.0.0.0/16 next-hop=FHRs 10.0.1.67/32 LISPàOSPF FHR   FHR   FHR   DR Move Event West-DC (PRIMARY) xTR   MSMR   … East-DC Hosts 10.0.1.67 East-DC (BACKUP) 10.0.3.81 © 2013 Cisco and/or its affiliates. All rights reserved. 67
  68. 68. Non-LISP Client Site RLOC EID •  Multi-Hop Mobility with Virtualized First Hop Router as gateway for each Server Zone LISP Encap/Decap ...   LISP Device Private WAN •  Internal non-Cisco Firewall as inter zone router •  Both DC Firewalls see bidirectional traffic xTR   MSMR   Host Route Injection xTR   MSMR   •  Traffic is locally routed when needed East-DC Hosts … 10.0.3.81/32 LISPàOSPF … next-hop=xTR 10.0.1.67/32 next-hop=FHRs 10.0.1.0/24 (static) FHR   FHR   FHR   10.0.2.0/24 10.0.3.0/24 … xTR   MSMR   Host Route Injection next-hop=FHRs 10.0.1.67/32 LISPàOSPF 10.0.3.81/32 … … East-DC Hosts 10.0.1.67 East-DC (BACKUP) 10.0.3.81 © 2013 Cisco and/or its affiliates. All rights reserved. (static) … next-hop=xTR 10.0.0.0/16 FHR   FHR   FHR   DR Move Event West-DC (PRIMARY) xTR   MSMR   DR Move Event 10.0.3.81 68
  69. 69. Non-LISP Client Site RLOC EID •  Multi-Hop Mobility with Virtualized First Hop Router as gateway for each Server Zone LISP Encap/Decap ...   Host Route Injection LISP Device WAN •  Internal non-Cisco Firewall as inter zone router •  Both DC Firewalls see bidirectional traffic Host Route Injection Server Presence Polling xTR   MSMR   xTR   MSMR   East-DC Hosts xTR   MSMR   (LISPàOSPF) … xTR   next-hop=FHR 10.0.1.67/32 MSMR   •  Traffic is locally routed when needed •  Ingress Path Optimization is more efficient than LSB RHI in terms of mobility capacity and host route pollution FHR   FHR   FHR   FHR   FHR   FHR   DR Move Event West-DC (PRIMARY) 10.0.1.67 East-DC (BACKUP) 10.0.3.81 © 2013 Cisco and/or its affiliates. All rights reserved. 69
  70. 70. •  RAD: Resilient Active Datacenters •  Seamless Mobility with Session Survivability: Compute Cisco UCS Storage EMC VPLEX NetApp Metrocluster Networking Cisco OTV/LISP Virtualization VMWare Microsoft Hyper-V Security Cisco ASA Clustering https://www2.wwt.com/resilient-active-datacenters © 2013 Cisco and/or its affiliates. All rights reserved. 70
  71. 71. Advances in LISP: Current Deployments to Future Innovations © 2013 Cisco and/or its affiliates. All rights reserved. 71
  72. 72. •  LISP Software – Available Releases… (http://lisp.cisco.com) NX-OS IOS IOS-XE IOS-XR Software First Available: 12/2009 First Available: 12/2009 Current Main: 6.1(4a) or 6.2(2a) Current Main: 15.4(1)T Current Eng: 15.3(3)XB12 First Available: 03/2010 Current Main: 15.3(3)S Current Eng: 15.3(3)S1xb First Available: 03/2012 Current Main: 4.3.2 Platforms Nexus 7000 M1-32 linecard ISR (1800/2800/3800) ISRG2 (800/1900/2900/3900) Catalyst 6500 ASR1K CSR1000V ASR9k Roles: ITR/ETR/MS/MR/PITR/PETR AF: EID-v4/v6, RLOC-v4 Virtualization: Shared/Parallel Mobility: ASM/ESM OTV Multicast: yes Roles: ITR/ETR/MS/MR/PITR/PETR AF: EID-v4/v6, RLOC-v4/v6 Virtualization: Shared/Parallel Mobility: ASM/ESM Roles: ITR/ETR/MS/MR/PITR/PETR AF: EID-v4/v6, RLOC-v4/v6 Virtualization: Shared/Parallel Mobility: ASM/ESM OTV Multicast: roadmap Nov 2014 Roles: PITR/PETR AF: EID-v4/v6, RLOC-v4 Virtualization: Shared/Parallel Mobility: roadmap Features © 2013 Cisco and/or its affiliates. All rights reserved. Multicast: roadmap March 2014 Multicast: roadmap March 2014 72
  73. 73. LISP – A Routing Architecture, Not a Feature… §  pull vs. push routing §  LISP use-cases are complimentary ‒  OSPF and BGP are push models; routing stored in the forwarding plane ‒  Simplified multi-homing with Ingress traffic Engineering; no need for BGP ‒  LISP is a pull model; Analogous to DNS; massively scalable ‒  Address Family agnostic support §  An over-the-top technology ‒  Address Family agnostic ‒  Incrementally deployable ‒  End systems can be unaware of LISP §  Deployment simplicity ‒  No host changes ‒  Minimal CPE changes ‒  Some new core infrastructure components © 2013 Cisco and/or its affiliates. All rights reserved. ‒  Virtualization support ‒  End-host mobility without renumbering §  Enables IP Number Portability ‒  Never change host IP’s; No renumbering costs ‒  No DNS changes; “name == EID” binding ‒  Session survivability §  An Open Standard ‒  Being developed in the IETF ‒  No Cisco Intellectual Property Rights 73
  74. 74. 1.  Multihoming •  The LISP Solution Space IPv4 Core xTR IPv4 Network xTR IPv4 Core v4 LISP is an Architecture… © 2013 Cisco and/or its affiliates. All rights reserved. 74
  75. 75. 1.  Multihoming 2.  IPv6 Transition •  The LISP Solution Space IPv6 Network IPv6 Core xTR v6 IPv4 Network xTR IPv4 Core v4 LISP is an Architecture… © 2013 Cisco and/or its affiliates. All rights reserved. 75
  76. 76. 1.  Multihoming 2.  IPv6 Transition 3.  Virtualization/VPN •  The LISP Solution Space IPv6 Network IPv6 Core xTR v6 IPv4 Network xTR IPv4 Core v4 LISP is an Architecture… © 2013 Cisco and/or its affiliates. All rights reserved. 76
  77. 77. 1.  2.  3.  4.  •  The LISP Solution Space IPv6 Network Multihoming IPv6 Transition Virtualization/VPN Mobility IPv6 Core xTR v6 IPv4 Network xTR IPv4 Core v4 LISP is an Architecture… © 2013 Cisco and/or its affiliates. All rights reserved. 77
  78. 78. §  LISP Information Cisco LISP Site ……………………. http://lisp.cisco.com (IPv4 and IPv6) LISP Beta Network Site …………… http://www.lisp4.net or http://www.lisp6.net LISP DDT Root ……………………... http://www.ddt-root.org IETF LISP Working Group ……...… http://tools.ietf.org/wg/lisp/ §  LISP Mailing Lists Cisco LISP Questions ……………… lisp-support@cisco.com IETF LISP Working Group ………… lisp@ietf.org LISPmob Questions ………………... users@lispmob.or © 2013 Cisco and/or its affiliates. All rights reserved. 78
  79. 79. •  Thank you! •  Please complete the post-event survey •  Join us for upcoming webinars: Register: www.cisco.com/go/techadvantage Follow us © 2013 Cisco and/or its affiliates. All rights reserved. @GetYourBuildOn 79

×