lisp: the next generation networking architecture (ios advantage webinar)

Cisco Public© 2012 Cisco and/or its affiliates. All rights reserved. 1

Cisco IOS Advantage Webinars

LISP - A Next Generation Networking Architecture

Gregg Schudel

We’ll get started a few minutes past the top of the hour.

Note: you may not hear any audio until we get started.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

Speakers

‒ Gregg Schudel

Technical Marketing Engineer, LISP Team

[email protected]

Panelists

‒ Darrel Lewis

Technical Leader, LISP Team

‒ Vince Fuller

Technical Leader, LISP Team

mailto:[email protected]


• Submit questions in Q&A panel and send to “All Panelists”

Avoid CHAT window for better access to panelists

• For Webex audio, select COMMUNICATE > Join Audio Broadcast

• For Webex call back, click ALLOW Phone button at the bottom of Participants side panel

• Where can I get the presentation?

https://communities.cisco.com/docs/DOC-27853

Or send email to: [email protected]

• Please fill in Survey at end of event

• Join us on February 8 for our next IOS Advantage Webinar:

Recommendations for Network Application Identification and Policy




mailto:[email protected]


Session Agenda

LISP Overview

LISP Operations

LISP Use Cases

LISP Status

LISP Summary

LISP References

LISP Overview

LISP Operations

LISP Use Cases

LISP Status

LISP Summary

LISP References


Session Objectives

At the end of this session, you should be able to:

− Understand the level of indirection between EID and RLOCnamespace enabled by LISP

− Understand the Address Family agnostic attributes of LISP

− Understand how the level of indirection and AF agnostic attributes enable other benefits such as inherent multi-homing support with ingress TE, inherent IPv6 transition support, inherent virtualization support, and inherent mobility support

− Understand the five major LISP Use Cases


IP Addressing “Overloaded” Semantics

The IP address is “overloaded” on location and identity

− Today, “addressing follows topology” making efficient aggregation only available for Provider Assigned (PA) addresses

− Ingress Traffic Engineering usually requires Provider Independent (PI) addresses and sometimes the injection of “more specifics” – this limits route aggregation compactness

− IPv6 does not fix this

Route scaling issues drive system (router) costs higher

− Routers require expensive memory in the forwarding plane (FIB)

− Drivers for route scaling are seen in Data Centers and for Mobility (not just the Internet DFZ)

“… routing scalability is the most important problem facing the Internet today and must be solved … ”

Internet Architecture Board (IAB)

October 2006 Workshop (written as RFC 4984)


Locator/ID separation is not new as a concept…

Two basic approaches:

− Translation

IPv4 NAT is a common (but inefficient) way to perform Location and Identity separation

Translation has (well known) drawbacks with referrals

The translation table is limited to the router (local scope)

− Tunnels/Encapsulation (Map & Encap):

Preserves host's packet across the core

Requires a mapping function (e.g. static in the case of GRE tunnels)

A separate Mapping System is key to enabling prefix removal from the core routing table (and minimization of de-aggregation)

− NAT, for example, has a local scope known only to that device

− GRE has static end-points and explicit scope known only to configured sites

− To achieve global scope requires Mapping Database System that can provide on a dynamic basis, EID-to-RLOC relationship information


Locator/ID Split helps resolve route scaling problems

Today’s Internet Behavior

− The “Default Free Zone” (DFZ) contains all types or routes:

Edge (site) routes

Core (Provider) route

More specifics of both types for TE purposes

− In this model, everything goes in the DFZ

Internet

DFZ

Internet

DFZMap SystemLISP

Mapping

System

LISP Behavior

− Locator/ID “split” architecture treats “core” and “site” prefixes differently

− In this model, prefixes describing core topology (locators) go in the DFZ; prefixes describing end sites (EIDs) go in the LISP mapping system


Locator/ID split enables other (more important) benefits…

Internet

Device IPv4 or IPv6

address represents

identity and location

x.y.z.1

When the device moves, it gets

a new IPv4 or IPv6 address for

its new identity and locationw.z.y.9

Device IPv4 or IPv6

address represents

identity only

When the device moves, keeps

its IPv4 or IPv6 address.

It has the same identity

Internet

a.b.c.1

e.f.g.7

Only the location changes

x.y.z.1

x.y.z.1

Today’s Internet Behavior

LISP Behavior


Main attributes of LISP

EID (Endpoint Identifier) is the IP address of a host – just as it is today

RLOC (Routing Locator) is the IP address of the LISP router for the host

EID-to-RLOC mapping is the distributed architecture that maps EIDs to RLOCs

Prefix Next-hopw.x.y.1 e.f.g.h

x.y.w.2 e.f.g.h

z.q.r.5 e.f.g.h

z.q.r.5 e.f.g.h

Non-LISP

RLOC Space

EID-to-RLOC

mapping

xTR

EID SpacexTR

EID RLOCa.a.a.0/24 w.x.y.1

b.b.b.0/24 x.y.w.2

c.c.c.0/24 z.q.r.5

d.d.0.0/16 z.q.r.5

MS/MR

PxTR

xTR


b.b.b.0/24 x.y.w.2

c.c.c.0/24 z.q.r.5

d.d.0.0/16 z.q.r.5


b.b.b.0/24 x.y.w.2

c.c.c.0/24 z.q.r.5

d.d.0.0/16 z.q.r.5

EID Space

Network-based solution

No host changes

Minimal configuration

No DNS changes

Address Family agnostic

Incrementally deployable (support LISP and non-LISP)

Support for mobility


LISP Mapping Resolution – DNS analog…

LISP “Level of Indirection” is analogous to a DNS lookup

DNS resolves IP addresses for URLs

LISP resolves locators for queried identities

host

DNS

Name-to-IP

URL Resolution

LISP

Identity-to-locator

Mapping Resolution

[ who is lisp.cisco.com ] ?

LISP

router

DNS

Server

LISP

Mapping

System

[153.16.5.29, 2610:D0:110C:1::3 ]

[ where is 2610:D0:110C:1::3 ] ?

[ locator is 128.107.81.169 ]

LISP Operations

LISP Overview

LISP Use Cases

LISP Status

LISP Summary

LISP References


LISP IPv4 EID/IPv4 RLOC Header Example

IPv4 Outer Header:

Router supplies

RLOCs

IPv4 Inner Header:

Host supplies

EIDs

LISP

header

UDP

draft-ietf-lisp-19


LISP Encapsulation Combinations – IPv4 and IPv6 Supporteddraft-ietf-lisp-19

IPv4/IPv4

IPv4

Outer

Header

IPv4

Inner

Header

UDP

LISP

IPv4/IPv6

IPv4

Outer

Header

IPv6

Inner

Header

UDP

LISP

IPv6/IPv4

IPv6

Outer

Header

IPv4

Inner

Header

UDP

LISP

IPv6/IPv6

IPv6

Outer

Header

IPv6

Inner

Header

UDP

LISP


LISP Data Plane :: Ingress/Egress Tunnel Router (xTR)

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

packet flow packet flow

ITR – Ingress Tunnel Router• Receives packets from site-facing interfaces

• Encap to remote LISP sites, or native-fwd to

non-LISP sites

ETR – Egress Tunnel Router• Receives packets from core-facing interfaces

• De-cap, deliver packets to local EIDs at site


LISP Data Plane :: Unicast Packet Forwarding

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

PI EID-prefix

2001:db8:1::/48

PI EID-prefix

2001:db8:2::/48

DNS entry:

D.abc.com AAAA 2001:db8:2::1

1

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

2001:db8:1::1 -> 2001:db8:2::12

This policy controlled

by the destination site

EID-prefix: 2001:db8:2::/48

Locator-set:

12.0.0.2, priority: 1, weight: 50 (D1)


Map-Cache Entry

3

2001:db8:1::1 -> 2001:db8:2::1

11.0.0.2 -> 12.0.0.2

4

52001:db8:1::1 -> 2001:db8:2::1

11.0.0.2 -> 12.0.0.2

6

7

2001:db8:1::1 -> 2001:db8:2::1


LISP Control Plane :: Introduction

LISP creates a “level of indirection”

− Decouples host IDENTITY and LOCATION

− Requires dynamic IDENTITY-to-LOCATION mapping resolution

LISP Control Plane Provides On-Demand Mappings

− Control Plane is Out-of-Band

− Map-Resolver and Map-Server (similar to DNS Resolver and DNS Server)

− LISP Control Plane Messages for EID-to-RLOC resolution

− Distributed databases and map-caches hold mappings


LISP Control Plane :: Control Plane Messages

Control Plane EID Registration services

− Map-Register message

Sent by ETR to Map-Server to register its associated EID prefixes

Specifies the RLOC(s) to be used by the Map-Server when forwarding Map-Requests to the ETR

Control Plane “Data-triggered” mapping service

− Map-Request message

Sent by an ITR when it needs for EID/RLOC mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration

− Map-Reply message

Sent by an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress Policy for the requested EID


LISP Control Plane :: Map-Server/Map-Resolver (MS/MR)

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

MR MS

MS – Map-Server• LISP site ETRs Register their EID prefixes

here; requires configured “lisp site” policy,

authentication key

• Injects routes for registered site EID prefixes

into BGP ALT topology

• Receives Map-Requests via ALT and

forwards them to registered ETRs

MR – Map-Resolver• Receives Map-Request from ITR.

• Forwards Map-Request onto ALT topology

• Sends Negative Map-Replies in response

to Map-Requests for non-LISP sites

NOTE:

An MR/MS need not be deployed

as a router. A 1RU server can be

used to implement the LISP

control plane, for example.


LISP Control Plane :: Mapping Database (ETR), Map-Cache (ITR)

MR MS

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

LISP Site Mapping-Database (ETR)

• EID-to-RLOC mappings in all ETRs for local LISP site

• ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs

• ETRs can tailor policy based on Map-Request source

• Decentralization increases attack resiliency

LISP Map Cache (ITR)

• “Lives” on ITRs and only stores mappings for sites to which ITR is currently sending packets.

• Map-Cache populated by sending Map-Requests and receiving Map-Replies from ETRs

• ITRs must respect Map-Reply policy, including TTLs, RLOC up/down status, RLOC priorities/weights


LISP Control Plane :: Map Registration Example

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

PI EID-prefix

2001:db8:1::/48

PI EID-prefix

2001:db8:2::/48

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

66.2.2.2

MR MS

1

12.0.0.2-> 66.2.2.2

LISP Map-Register

(udp 4342)

SHA-2

2001:db8:2::/48

12.0.0.2, 13.0.0.2

Other 2001:db8::/32 sites…

2


LISP Control Plane :: Map Request/Map Reply Example

66.2.2.2

MR MS

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

PI EID-prefix

2001:db8:1::/48

PI EID-prefix

2001:db8:2::/48

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

DNS entry:

D.abc.com AAAA 2001:db8:2::1

1

2001:db8:1::1 -> 2001:db8:2::12

How do I get to

2001:db8:2::1?

3

11.0.0.2-> 66.2.2.2

LISP ECM

(udp 4342)

11.0.0.2 -> 2001:db8:2::1

Map-Request

(udp 4342)

nonce

4

66.2.2.2-> 12.0.0.2

LISP ECM

(udp 4342)

11.0.0.2 -> 2001:db8:2::1

Map-Request

(udp 4342)

nonce

5

12.0.0.2 ->11.0.0.2

Map-Reply

(udp 4342)

nonce

2001:db8:2::/48

12.0.0.2 [1, 50]

13.0.0.2 [1, 50]


Locator-set:



Map-Cache Entry

6


LISP Control Plane :: Proxy Map Reply Example

MR MS

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

PI EID-prefix

2001:db8:1::/48

PI EID-prefix

2001:db8:2::/48

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.25

66.2.2.2->11.0.0.2

Map-Reply

(udp 4342)

nonce

2001:db8:2::/48

12.0.0.2 [1, 50]

13.0.0.2 [1, 50]

66.2.2.2

3

11.0.0.2-> 66.2.2.2

LISP ECM

(udp 4342)

11.0.0.2 -> 2001:db8:2::1

Map-Request

(udp 4342)

nonce


Locator-set:



Map-Cache Entry

6


LISP Control Plane :: Negative Map Reply Example

66.2.2.2

MR MS

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

PI EID-prefix

2001:db8:1::/48

PI EID-prefix

2001:db8:2::/48

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

2001:db8:1::1 -> 2001:db8:f000::11

How do I get to

2001:db8:F000::1?

2

11.0.0.2-> 66.2.2.2

LISP ECM

(udp 4342)

11.0.0.2 -> 2001:db8:f000::1

Map-Request

(udp 4342)

nonce

3

66.2.2.2->11.0.0.2

Negative-Map-Reply

(udp 4342)

nonce

2001:db8:8000::/21

EID-prefix: 2001:8000::/21

forward-native

Map-Cache Entry

4

NOTE:

The actual “covering prefix” returned in an NMR

depends on the number and distribution of EID

prefixes in the Mapping System. The NMR prefix

will cover the shortest prefix that doesn’t cover

any LISP Sites in the Mapping System


LISP Interworking :: Day-One Incremental Deployment

Early Recognition

− LISP will not be widely deployed day-one

− Up-front recognition of an incremental deployment plan

Interworking for:

− LISP-sites to non-LISP sites (e.g. the rest of the Internet)

− non-LISP sites to LISP-sites

Two basic Techniques:

− Proxy ITR (PITR) and Proxy ETR (PETR)

− LISP Network Address Translators (LISP-NAT)

Proxy-ITR/Proxy-ETR are being deployed today

− Infrastructure LISP network entity

− Creates a monetized service opportunity for infrastructure players


IPv6

Internet

LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR)

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

MR MS

PITR PETR

PETR – Proxy ETR

• Allows a LISP Site in one AF [IPv4 or IPv6]

and the opposite RLOC [IPv6 or IPv4] to

reach non-LISP sites in that AF [IPv4 or

IPv6] (AF-hop-over)

• Allows LISP sites with uRPF restrictions to

reach non-LISP sites

PITR – Proxy ITR

• Receives traffic from non-LISP sites and encapsulates it to LISP sites

• Advertises coarse-aggregate EID prefixes

• LISP sites see ingress TE “day-one” (*)


IPv6

Internet

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider X

12.0.0.0/8

Provider Y

13.0.0.0/8

ETR

ITR

ETR

ITR

xTR-1

LISP Site 2

xTR-2

ETR

ITR

ETR

ITR

D

MR MS

PITR PETR

PI EID-prefix

2001:db8:1::/48

PI EID-prefix

2001:db8:2::/48

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

2001:f:f::1 2001:f:e::1

10.9.1.1 12.9.2.1

2001:db8::/32

Non-LISP

v6 Site

2001:d:1::1

2001:d:1::1 -> 2001:db8:2::1

1

2001:d:1::1 -> 2001:db8:2::1

10.9.1.1 -> 12.0.0.2

2

3

2001:d:1::1 -> 2001:db8:2::1

4

2001:db8:2::1 -> 2001:d:1::12001:db8:2::1 -> 2001:d:1::1

12.0.0.2 -> 12.9.2.1

5

6

2001:db8:2::1 -> 2001:d:1::1

LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR)

LISP Use Cases

LISP Overview

LISP Operations

LISP Status

LISP Summary

LISP References


Five Core LISP Use Cases

1. Efficient Multihoming

2. IPv6 Transition Support

3. Efficient Virtualization/Multi-Tenancy

4. Data Center/VM Mobility

5. LISP Mobile-Node


LISP Use Case 1 :: Efficient Multihoming Support

Needs:

‒ Site connectivity to multiple providers

‒ Low OpEx/CapEx

LISP Solution:

‒ LISP provides a streamlined solution for handling multi-provider connectivity and policy without BGP complexity

Benefits:

‒ OpEx-friendly Multi-homing across different providers

‒ Simple policy management

‒ Ingress Traffic Engineering

LISP

routers

LISP

Site

Internet

Applicability:

Branch sites where multihoming is

traditionally too expensive

Useful in all other LISP Use Cases


LISP Use Case 1 :: Efficient Multihoming – example/requirements

Multi-Homed Remote-Sites:

‒ Site connectivity to multiple providers

‒ More than 400 remote sites (some with limited physical access)

‒ Need to be “as robust as possible”

‒ T-1 (~$600/month) + dial-backup cost prohibitive vs. 3G access (~$60/month)

Necessary Features:

‒ IOS Firewall and NAT for Internet Access

‒ Mixed of dynamic (DHCP) and Static Interface IP address (RLOC)

LISP Design:

‒ Private LISP Mapping System (MS/MR) carrying RFC1918 EIDs

‒ ASR1002s (2) at Hub Site

‒ C2811s w/ 3G-HWICs at remote sites (2 each)

‒ NAT to Internet, IOS FW, DHCP

‒ Active/Backup minimum, Active/Active “stretch goal” for WAN utilization


Internet

LISP

Hub Site

Corporate Data Center

Carrier 1

3G

Carrier 2

3G

3G

HWIC

3G

HWIC

LISP Spoke SitesX 400

. . .. . .

Customer

Network

3G

HWIC

3G

HWIC3G

HWIC

3G

HWIC3G

HWIC

3G

HWIC

172.16.1.1172.16.1.5

10.10.1.0/2410.10.0.0/24 10.10.x.0/24 10.10.y.0/24

10.0.0.0/16 ASR 1002 (pair)

• Map-Server/Map-Resolver

for private LISP mapping

• xTR for LISP encap/decap

ISR (2811) (all sites)

• xTR at Remote LISP site

• Dual 3G-HWICs

• RFC1918 EID Space

• DHCP or static RLOCs

• DHCP server for internal hosts

• NAT/IOS FW to Internet

LISP Use Case 1 :: Efficient Multihoming – example/overview


Internet

LISP

Hub Site


Carrier 1

3G

Carrier 2

3G

3G

HWIC

3G

HWIC


. . .. . .

Customer

Network

3G

HWIC

3G

HWIC3G

HWIC

3G

HWIC3G

HWIC

3G

HWIC

172.16.1.1172.16.1.5

10.10.1.0/2410.10.0.0/24 10.10.x.0/24 10.10.y.0/24

10.0.0.0/16

3G

HWIC

3G

HWIC

router lispdatabase-mapping 10.10.1.0/24 ipv4-interface

cell0/0/0 priority 1 weight 50database-mapping 10.10.1.0/24 ipv4-interface

cell0/0/1 priority 1 weight 50ip itrip etrip itr map-resolver 172.16.1.1ip itr map-resolver 172.16.1.5ip etr map-server 172.16.1.1 key *****ip etr map-server 172.16.1.5 key *****

LISP Use Case 1 :: Efficient Multihoming – example/configurations

router lispsite All-Siteseid-prefix 10.0.0.0/16eid-prefix 10.10.0.0/16 accept-more-specificsauthentication-key 0 xxxxxxexit

database-mapping 10.0.0.0/16 172.16.1.5 priority 1 weight 50database-mapping 10.0.0.0/16 172.16.1.1 priority 1 weight 50ipv4 map-serveripv4 map-resolver ipv4 itripv4 etrip itr map-resolver 172.16.1.1ip itr map-resolver 172.16.1.5ip etr map-server 172.16.1.1 key *****ip etr map-server 172.16.1.5 key *****


Internet

LISP

Hub Site


Carrier 1

3G

Carrier 2

3G

3G

HWIC

3G

HWIC


. . .. . .

Customer

Network

3G

HWIC

3G

HWIC3G

HWIC

3G

HWIC3G

HWIC

3G

HWIC

172.16.1.1172.16.1.5

10.10.1.0/2410.10.0.0/24 10.10.x.0/24 10.10.y.0/24

10.0.0.0/16

10.10.0.1 -> 10.0.0.1

10.10.0.1 -> 10.0.0.1

172.17.1.1 -> 172.16.1.1

10.10.0.1

10.0.0.1

172.17.1.1

10.10.0.1 -> 10.0.0.110.0.0.1 -> 10.10.0.1

10. 0.0.1 -> 10.10.0.1

172.16.1.1 -> 172.17.1.1

10.0.0.1 -> 10.10.0.1

1

2

34

5

6

LISP Use Case 1 :: Efficient Multihoming – example/packet flows


Internet

LISP

Hub Site


Carrier 1

3G

Carrier 2

3G

3G

HWIC

3G

HWIC


. . .. . .

Customer

Network

3G

HWIC

3G

HWIC3G

HWIC

3G

HWIC3G

HWIC

3G

HWIC

172.16.1.1172.16.1.5

10.10.1.0/2410.10.0.0/24 10.10.x.0/24 10.10.y.0/24

10.0.0.0/16

3G

HWIC

3G

HWIC

LISP is executed in CEF.

Any CEF process should

be available when LISP

is enabled. Commonly

used CEF functions that

have been tested

include:

Access Control Lists

Network Address Translation

Quality of Service

Flexible NetFlow IPSec

IOS Firewall

IOS Intrusion Protection Srvc

Flexible Packet Matching

12.1.1.5

VzW

Internet

13.1.1.5

10.0.0.0/16

VzW

Cellular0/3/0 Cellular0/3/1

10.10.0.0/24

ip nat inside

ip inspect out

ip access-group 101 in

ip address negotiated

ip verify unicast source reachable-via rx

ip nat outside

LISP Use Case 1 :: Side Note – other IOS feature interactions


Needs:

Rapid IPv6 Deployment

Minimal Infrastructure disruption

LISP Solution:

LISP encapsulation is Address Family agnostic, allowing for IPv6 over an IPv4 core, or IPv4 over an IPv6 core

Benefits:

Accelerated IPv6 adoption

Minimal added configurations

No core network changes

Can be used as a transitional or as a permanent solution

IPv4

Internet

IPv6

Internet

v6

v6v4

PxTR

IPv4 Core

v6

xTRv6 service

IPv4

Internet IPv4

Enterprise

Core

v6v4

v6

v6

islandIPv4 Enterprise

Core

v6

xTRv6

island

xTR

IPv6 Internet

IPv4

access &

Internet

PxTRv6

v6 home

Network

.

v6 home

Network

v6 home

Network

xTR

xTR

xTR

PxTR

PxTR

v6

.v6 site

v6v4

Connecting IPv6 Islands

IPv6 Transition Support

IPv6 Access Support

LISP Use Case 2 :: IPv6 Transition Support


LISP Use Case 2 :: Side Note – IPv6 transition strategies

LISP provides AF “hop-over” support…

If you’re carrying IPv6 packets, you still need to work with IPv6 packets at the receiving site… Essentially, there are 3 ways to do this:

1. Add 6-to-4 translation

support…

2. Add New IPv6 Servers

and infrastructure

3. Dual-stack the

existing infrastructure


LISP Use Case 2 :: IPv6 Transition – example/requirements

IPv6 access to company web site:

Existing IPv4 WAN connectivity available only immediately

Local web site content deployed on new and separate infrastructure

LISP demonstration site acceptable

Necessary Features:

IOS router running LISP capable image

Internal infrastructure (switches, web servers) running dual-stack (IPv4, IPv6)

LISP Design:

Cisco 7200 routers (2) at LISP Site as xTRs

Cisco 3750 switches (2), and Linux servers (2) for web site content

IPv4 and IPv6 EID allocations from LISP Beta Network

(note: could have done a “bring your own” IPv6 PI block)


sjc17-dmza-lisp-sw1

3750

sjc17-dmza-lisp-sw2

3750

SJC17 DMZ

sjc17-dmza-gw1 sjc17-dmza-gw2

sjc17-dmza-lisp-gw1

7200

sjc17-dmza-lisp-gw2

7200

Linux server 1 Linux server 2

vlan vlandot1q

xTR – Cisco 7200

• deployed “On-Path” (in the

natural egress data path)

• advertises in 153.16.5/24 into

OSPF, and 2610:d0:110c::/48

into OSPFv3

• Advertises default-originate to

switchesInternal Switch: Cisco 3750

• 0/0 to GW learned via OSPF,

OSPFv3

Servers: Linux 1RU

• Linux, dual-stacked, running

Apache

DNS lisp6.cisco.com AAAA 2610:d0:110c:1::3AAAA 2610:d0:110c:1::4

DNS lisp4.cisco.com A 153.16.5.29A 153.16.5.30

DNS lisp.cisco.com A 153.16.5.29A 153.16.5.30AAAA 2610:d0:110c:1::3AAAA 2610:d0:110c:1::4

LISP Use Case 2 :: IPv6 Transition – example/overview


OSPF

OSPFv3

sjc17-dmza-lisp-sw1

3750

sjc17-dmza-lisp-sw2

3750

SJC17 DMZ


sjc17-dmza-lisp-gw1

7200

sjc17-dmza-lisp-gw2

7200


vlan vlandot1q

Default Route:

153.16.5.26

2610:d0:110c:1::2

153.16.5.30/29

2610:d0:110c:1::4/64

153.16.5.29/29

2610:d0:110c:1::3/64

Default Route:

153.16.5.25

2610:d0:110c:1::1

153.16.5.26/29

2610:d0:110c:1::2/64

153.16.5.25/29

2610:d0:110c:1::1/64

DNSDNS

L0

128.107.81.169/32

L0

128.107.81.170/32

LISP Use Case 2 :: IPv6 Transition – example/addressing


OSPF

OSPFv3

sjc17-dmza-lisp-sw1

3750

sjc17-dmza-lisp-sw2

3750

SJC17 DMZ


sjc17-dmza-lisp-gw1

7200

sjc17-dmza-lisp-gw2

7200


vlan vlandot1q

! router lispdatabase-mapping 153.16.5.0/24 128.107.81.169 priority 1 weight 50database-mapping 153.16.5.0/24 128.107.81.170 priority 1 weight 50database-mapping 2610:D0:110C::/48 128.107.81.169 priority 1 weight 50database-mapping 2610:D0:110C::/48 128.107.81.170 priority 1 weight 50ipv4 itr map-resolver 173.36.254.164ipv4 itr map-resolver 198.6.255.37ipv4 itripv4 etr map-server 198.6.255.37 key ***********ipv4 etr map-server 173.36.254.164 key ***********ipv4 etripv6 use-petr 69.31.31.98ipv6 use-petr 149.20.48.60ipv6 itr map-resolver 173.36.254.164ipv6 itr map-resolver 198.6.255.37ipv6 itripv6 etr map-server 198.6.255.37 key ***********ipv6 etr map-server 173.36.254.164 key ***********ipv6 etr!ipv6 route ::/0 Null0

IPv6 default to Null0 allows

LISP to process packets

IPv4 default route learned

through OSPF with GWs

LISP Use Case 2 :: IPv6 Transition – example/configurations


OSPF

OSPFv3

sjc17-dmza-lisp-sw1

3750

sjc17-dmza-lisp-sw2

3750

SJC17 DMZ


sjc17-dmza-lisp-gw1

7200

sjc17-dmza-lisp-gw2

7200


vlan vlandot1q

L0

128.107.81.169/32

L0

128.107.81.170/32

Sjc17-dmza-lisp-gw1#show ip lisp databaseLISP ETR IPv4 Mapping Database, LSBs: 0x3, 1 entries

EID-prefix: 153.16.5.0/24128.107.81.169, priority: 1, weight: 50, state: site-self, reachable128.107.81.170, priority: 1, weight: 50, state: site-other, report-reachable

Sjc17-dmza-lisp-gw1#show ipv6 lisp database LISP ETR IPv6 Mapping Database, LSBs: 0x3, 1 entries

EID-prefix: 2610:D0:110C::/48128.107.81.169, priority: 1, weight: 50, state: site-self, reachable128.107.81.170, priority: 1, weight: 50, state: site-other, report-reachable

Sjc17-dmza-lisp-gw1#

LISP Use Case 2 :: IPv6 Transition – example/results


IPv6

Internet

IPv4

Internet

Non-LISP

IPv6 Site

PETRPITR

MSMR

S6

DNS

lisp.cisco.com ????AAAA lisp.cisco.com D6

S6D6

S4

SP1

SP2Cisco

IPv4

IPv4

IPv4/IPv6 Servers

v4Production v4 VIP

xTR

v6Production v6 VIP

v6 all

the way!

S6D6

D4

D6 ???D6 D4

S4D4 S6D6

D6

LISP Use Case 2 :: IPv6 Transition – example/packet flows


LISP Use Case 2 :: IPv6 Transition – other happy customers ;-)

http://honeysuckle.noc.ucla.edu/cgi-bin/smokeping.cgi?target=LISP

Ciscolisp.cisco.com (AAAA: 2610:d0:110c:1::3, ::4)

Facebookwww.lisp6.facebook.com (AAAA: 2610:D0:FACE::9)

Qualcommwww.ipv6.eudora.com (AAAA: 2610:d0:120d::10)

jobs.qualcomm.com (no longer AAAA)

Deutsche Bankwww.ipv6-db.com (AAAA: 2610:d0:2113:3::3)

Munich Airportlisp6.munich-airport.de (AAAA: 2610:d0:211d:1::2)

Isarnetlisp.isarnet.net (AAAA: 2610:d0:211f:fffe::101)

InTouchwww.lisp.intouch.eu (AAAA: 2610:d0:210f:100::101)

World IPv6 Day Sites using LISP

World IPv6 Day Sites Statistics (and current)

http://nanog.org/meetings/nanog50/presentations/Tuesday/NANOG

50.Talk9.lee_nanog50_atlanta_oct2010_007_publish.pdf

Facebook IPv6 Experience with LISP"LISP is the easiest and most painless solution to bring

IPv6 access to our critical Internet facing servers. We

required a few IPv6 addresses, $0 cost and 1/2 hour to

setup. We made no provisions with our

WAN/upstreams and no network infrastructure

changes.”Rick Martin, State Network Engineering Lead, State of Arkansas


LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy Support

Needs:

Integrated Segmentation

Minimal Infrastructure disruption

Global scale and interoperability

LISP Solution:

24-bit LISP Instance-ID segments control plane and data plane, with VRF binding to the Instance-ID

Benefits:

Very high scale tenant segmentation

Global mobility + high scale segmentation integrated in single IP solution

IP-based “overlay” solution, transport independent

No Inter-AS complexity

Applicability:

Multi-provider Core

Encryption can be added

IP Network

West

DC

LISP Site

Legacy

Site

Legacy

Site

Legacy

Site

East

DC

PxTR

Mapping

DB


LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Concepts

Recalling that… LISP is “Locator/ID” separation… and creates two namespaces: EIDs and RLOCs

LISP Virtualization:

- Considers both EID and RLOC namespaces; either or both can be virtualized

- EID virtualization is enabled using LISP Instance-IDs in conjunction with VRFs

- RLOC virtualization is enabled in conjunction with VRFs

- Instance-IDs maintain address space segmentation in both the control plane and data plane

- Instance-IDs are numerical tags defined in the LISP Canonical Address Format (LCAF) draft

a 24-bit unstructured number

Data-plane: in LISP encapsulation header

Control-plane: EID encoded in LCAF format


LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Shared Model

Shared Model – at the device level

- Multiple EID-prefixes are allocated privately using VRFs

- EID lookups are in the VRF associated with an Instance-ID

- All RLOC lookups are in a single table – default

- The Mapping System is part of the locator address space and is shared

• Single RLOC namespace

• Default table or RLOC VRF

To RLOC namespace

To VPNs

(MPLS, 802.1Q,

VRF-Lite, or

separate

networks)

• EID namespace,

VRF Pink, IID 1

• EID namespace,

VRF Blue, IID 2

Default

Pink

Blue


LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Parallel Model

Parallel Model – at the device level

- Multiple EID-prefixes are allocated privately using VRFs

- EID lookups are in the VRF associated with an Instance-ID

- RLOC lookups are in the VRF associated with the locator table

- A Mapping System must be part of each locator address space

• RLOC uses Blue

namespace

To VPNs

(MPLS, 802.1Q,

VRF-Lite, or

separate

networks)

• EID namespace,

VRF Pink, IID 1

• EID namespace,

VRF Blue, IID 2

Default

• RLOC uses Pink

namespace To VPNs (MPLS,

802.1Q, VRF-Lite,

or separate

networks)

Pink

Blue


LISP Use Case 3 :: Efficient Virtualization – example/overview

Loop0172.31.1.12/32

xTR

MS/MR

Gig1/1/0172.16.1.2/30

HQ Site

Loop0172.31.1.2/32

xTR

10.1.2.0/24 10.3.2.0/2410.2.2.0/24

vrf

vrf

vrf

Gig1/1/0172.16.2.2/30

Site-2

Loop0172.31.1.3/32

xTR

10.1.3.0/24 10.3.3.0/2410.2.3.0/24

vrf

vrf

vrf

Gig1/1/0172.16.3.2/30

Site-3

Loop0172.31.1.11/32

xTR

MS/MR

Gig1/1/0172.16.1.6/30

10.1.1.0/24 10.3.1.0/2410.2.1.0/24

vrf

vrf

vrf

TransactionsFinance

SOC


IOS/XE

router lispeid-table default instance-id 0database-mapping 172.31.1.1/32 172.16.1.2 priority 1 weight 50 database-mapping 172.31.1.1/32 172.16.1.6 priority 1 weight 50exit

!eid-table vrf TRANS instance-id 1database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50exit

!eid-table vrf SOC instance-id 2database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50 exit

!eid-table vrf FIN instance-id 3database-mapping 10.3.1.0/24 172.16.1.2 priority 1 weight 50database-mapping 10.3.1.0/24 172.16.1.6 priority 1 weight 50 exit

!

hostname HQ-RTR-1!vrf definition TRANS---<skip>---!vrf definition SOC---<skip>---!vrf definition FIN---<skip>---!interface Loopback0ip address 172.31.1.1 255.255.255.255!interface GigabitEthernet0/0/0ip address 172.16.1.2 255.255.255.252negotiation auto!interface GigabitEthernet0/0/1vrf forwarding TRANSip address 10.1.1.1 255.255.255.0negotiation auto!interface GigabitEthernet0/0/2vrf forwarding SOCip address 10.2.1.1 255.255.255.0negotiation auto!interface GigabitEthernet0/0/3vrf forwarding FINip address 10.3.1.1 255.255.255.0negotiation auto!

Main Configs…

Combo xTR/MS/MR at Hub Site

-- this is the “xTR” part of the config

LISP Use Case 3 :: Efficient Virtualization – example/configurations


router lisp---<continued>---!site All-Sitesauthentication-key secreteid-prefix 172.31.1.0/24 accept-more-specificseid-prefix instance-id 3 10.3.0.0/16 accept-more-specificseid-prefix instance-id 2 10.2.0.0/16 accept-more-specificseid-prefix instance-id 1 10.1.0.0/16 accept-more-specificsexit

!ipv4 map-serveripv4 map-resolveripv4 itr map-resolver 172.16.1.2ipv4 itr map-resolver 172.16.1.6ipv4 itripv4 etr map-server 172.16.1.2 key S3CR3Tipv4 etr map-server 172.16.1.6 key S3CR3Tipv4 etrexit!ip route 0.0.0.0 0.0.0.0 172.16.1.1

IOS/XE


Main Configs…

Combo xTR/MS/MR at Hub Site

-- this is the “MS” part of the config


hostname SITE-2!vrf definition TRANS---<skip>---!vrf definition SOC---<skip>---!vrf definition FIN---<skip>---!interface Loopback0ip address 172.31.1.2 255.255.255.255!interface GigabitEthernet0/0/0ip address 172.16.2.2 255.255.255.252negotiation auto!interface GigabitEthernet0/0/1vrf forwarding TRANSip address 10.1.2.1 255.255.255.0negotiation auto!interface GigabitEthernet0/0/2vrf forwarding SOCip address 10.2.2.1 255.255.255.0negotiation auto!interface GigabitEthernet0/0/3vrf forwarding FINip address 10.3.2.1 255.255.255.0negotiation auto!

router lispeid-table default instance-id 0database-mapping 172.31.1.2/32 172.16.2.2 priority 1 weight 100exit

!eid-table vrf TRANS instance-id 1database-mapping 10.1.2.0/24 172.16.1.2 priority 1 weight 100exit

!eid-table vrf SOC instance-id 2database-mapping 10.2.2.0/24 172.16.1.2 priority 1 weight 100exit

!eid-table vrf FIN instance-id 3database-mapping 10.3.2.0/24 172.16.1.2 priority 1 weight 100exit

!ipv4 itr map-resolver 172.16.1.2ipv4 itr map-resolver 172.16.1.6ipv4 itripv4 etr map-server 172.16.1.2 key S3CR3Tipv4 etr map-server 172.16.1.6 key S3CR3Tipv4 etrexit!ip route 0.0.0.0 0.0.0.0 172.16.2.1

IOS/XE


Spoke Configs…

-- this is the “xTR” part of the config


HQ-RTR-1#ping ?WORD Ping destination address or hostname---<skip>---vrf Select VPN routing instance

HQ-RTR-1#ping vrf SOC 10.2.2.1 source 10.2.1.1 rep 100Type escape sequence to abort.Sending 100, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:Packet sent with a source address of 10.2.1.1 ..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/4 msHQ-RTR-1#--OR--HQ-RTR-1#ping vrf SOCProtocol [ip]:Target IPv6 address: 10.2.2.1Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands? [no]: ySource address or interface: 10.2.1.1---<skip>---Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:Packet sent with a source address of 10.2.1.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 msHQ-RTR-1#

HQ-RTR-1#show ip lisp map-cache eid-table vrf SOCLISP IPv4 Mapping Cache for EID-table vrf SOC (IID 2), 2 entries

0.0.0.0/0, uptime: 00:12:04, expires: never, via static send map-requestNegative cache entry, action: send-map-request

10.2.2.0/24, uptime: 00:09:12, expires: 23:50:40, via map-reply, completeLocator Uptime State Pri/Wgt172.16.2.2 00:09:12 up 1/1

HQ-RTR-1#

IOS/XE

LISP Use Case 3 :: Efficient Virtualization – example/results


LISP Use Case 4 :: Data Center/VM Mobility Support

• Needs:

VM-Mobility extending subnets andacross subnets

Move detection, dynamic EID-to-RLOC mappings, traffic redirection

• LISP Solution:

OTV + LISP for VM-moves extending subnets

LISP for VM-moves across subnets

• Benefits:Seamless, integrated, global workload mobility

Direct Path (no triangulation)

Connections survive across moves

No routing re-convergence, no DNS updates

Global Scalability (cloud bursting)

IPv4/IPv6 Support

ARP elimination

Data

Center 1

Data

Center 2

a.b.c.1

VM

a.b.c.1

VM

VM move

LISP

routerLISP

router

Internet

Applicability:

VM OS agnostic

Services Creation (disaster

recovery, cloud burst, etc.)


LISP Use Case 4 :: Data Center/VM Mobility – example/overview

VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

Server A Moves

Across Subnets

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR


NX-OS

LISP Use Case 4 :: Data Center/VM Mobility – example/configurations

VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

Server A Moves

Across Subnets

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR

feature lisp ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 192.168.13.2 priority 1 weight 50 ip lisp database-mapping 10.1.0.0/16 192.168.13.6 priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco

lisp dynamic-eid LISP_ACROSS_SUBNETdatabase-mapping 10.1.1.0/24 192.168.13.2

priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.13.6

priority 1 weight 50 map-notify-group 239.1.1.11

interface Vlan907 ip address 10.1.1.3/24 lisp mobility LISP_ACROSS_SUBNET ip proxy-arp

hsrp 17 mac-address 0000.0E1D.010C preempt delay minimum 300 priority 190ip 10.1.1.1

feature lisp ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 192.168.13.2 priority 1 weight 50 ip lisp database-mapping 10.1.0.0/16 192.168.13.6priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco





hsrp 17 mac-address 0000.0E1D.010C preempt delay minimum 300 priority 200 ip 10.1.1.1


NX-OS


VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

Server A Moves

Across Subnets

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR














VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

Server A Moves

Across Subnets

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR

NX-OS


feature lisp ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 192.168.13.2 priority 1 weight 50 ip lisp database-mapping 10.1.0.0/16 192.168.13.6priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco













VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

Server A Moves

Across Subnets

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR

NX-OS


feature lisp ip lisp map-resolver ip lisp map-server lisp site BRANCHeid-prefix 10.3.3.0/24authentication-key cisco

lisp site DATA_CENTEReid-prefix 10.1.0.0/16eid-prefix 10.2.0.0/16 eid-prefix 10.1.1.0/24 accept-more-specifics authentication-key cisco

feature lispip lisp itr-etrip lisp database-mapping 10.3.3.0/24 172.16.10.1 priority 1 weight 1ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco


VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

Server A Moves

Across Subnets

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR

NX-OS

LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows

Before Move

10.3.3.3 -> 10.1.1.11

172.16.10.1 -> 192.168.13.6

10.3.3.3 -> 10.1.1.11

10.3.3.3 -> 10.1.1.11

10.1.1.11 -> 10.3.3.3

192.168.13.6 -> 172.16.10.1

10.1.1.11 -> 10.3.3.3

10.1.1.11 -> 10.3.3.3


VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

Server A Moves

Across Subnets

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR

NX-OS


10.4.4.4 -> 10.1.1.11

172.17.4.4 -> 192.168.13.6

10.4.4.4 -> 10.1.1.11

10.4.4.4 -> 10.1.1.11

10.1.1.11 -> 10.4.4.4

10.1.1.11 -> 10.4.4.4

Before Move


VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR

NX-OS


VM Move/LISP Updates

VM1 : 10.1.1.11/24

1: VM-Moves

2: Move detected3: Peer move notify

4: Register /32

5: Map-Notify

previous registrant

6: Peer move notify

7: “SMR” prior talkers

(map-cache entry and

data-driven)

8: Map-Req/Map-Rep

updates map-cache info


VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR

NX-OS


IP Network

10.3.0.3 -> 10.1.1.11

172.16.10.1 -> 192.168.23.2

10.3.3.3 -> 10.1.1.11

10.3.3.3 -> 10.1.1.11

10.1.1.11 -> 10.3.0.3

192.168.23.2 -> 172.16.10.1

10.1.1.11 -> 10.3.0.3

After Move

Same!

New!

10.1.1.11 -> 10.3.3.3


VM-mobxTR

IP Network

Mapping

System10.100.1.1

10.2.0.0/16

East-DC

Non-LISP Site

A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6

VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24

West-DC

10.1.0.0/16

VM3 : 10.2.2.2/24

xTR

LISP Site

10.3.3.0/24

H1 : 10.3.3.3/24

172.16.10.1 172.17.4.4

H2 : 10.4.4.4/24

VM-mobxTR

PxTR

NX-OS


IP Network

After Move

10.4.4.4 -> 10.1.1.11

12172.17.4.4 -> 192.168.23.6

10.4.0.4 -> 10.1.1.11

10.4.4.4 -> 10.1.1.11

10.1.1.11 -> 10.4.4.4

10.1.1.11 -> 10.4.4.4

Same!

New!


LISP Use Case 5 :: LISP Mobile-Node

• Needs:

Mobile devices roaming across any access media without connection reset

Mobile device keeps the same IP address forever

• LISP Solution:

LISP level of indirection separates endpoints and locators

Scalable, host-level registration (1010)

• Benefits:MNs can roam and stay connected

MNs can be servers

MNs roam without DNS changes

MNs can use multiple interfaces

Packet “near-stretch-1” minimizes latency

Applicability:

Android and Linux

IPv4 and IPv6

Static EID: 2610:00d0:xxxx::1/128

Dynamic RLOC

dino.cisco.com

Any 3G/4G

NetworkAny WiFi

Network

Dynamic RLOC


LISP Site

SP WiFi(Operator A)

LISP-MN Mobility: Any Network, Anytime, Anywhere

Mapping

System

3G(Operator A)

StarbucksWiFi

I’m @

Starbucks

I’m @ Operator A

(offload to WiFi)

I’m @ Operator A

(3G)

Data Packets

Control Packets

Session Continuity While Roaming


• A mobility event happens when a locator (or locator set) changes

A LISP-MN device roams to a different network…

A new interface comes up…

• The LISP-MN device:

Registers the new location with the mapping system…

Sends a Solicit-Map-Request (SMR) message to all the LISP sites in the mobile node’s map-cache (sites with which it is communicating)

• The remote LISP site (ITR) upon receiving an SMR…

Sends a new Map-Request for the LISP-MN EID

Update its mappings

Starts encapsulating data to the new location

• The remote LISP site is updated with the location within 3 messages

SMR, Map-Request, Map-Reply

LISP-MN Handoff and/or Locator Set Change


S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

ETR

ITR

ETR

ITR

3G Carrier 2

13.0.0.0/8

3G Carrier 1

12.0.0.0/8

PI EID-prefix

2.0.0.0/24

MR MSMR MS

65.1.1.1 66.2.2.2

Mapping System

10.0.0.2

11.0.0.2

EID-prefix: 3.0.0.3/32

Locator-set:

12.0.0.2, priority: 1, weight: 100

Map-Cache Entry

SP WiFi

14.0.0.0/8

3G12.0.0.2

LISP xTR

LISP-MN EID

3.0.0.3/32




Locator-set:


Map-Cache Entry

S

xTR-1

LISP Site 1

xTR-2

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

ETR

ITR

ETR

ITR

3G Carrier 2

13.0.0.0/8

3G Carrier 1

12.0.0.0/8

PI EID-prefix

2.0.0.0/24

MR MSMR MS

65.1.1.1 66.2.2.2

Mapping System

10.0.0.2

11.0.0.2

SP WiFi

14.0.0.0/8

SMR

LISP xTR

LISP-MN EID

3.0.0.3/32

WiFi14.0.0.2

14.0.0.2-> 66.2.2.2

LISP Map-Register

(udp 4342)

SHA-1

3.0.0.3/32

14.0.0.2

Map-Request

Map-Reply


Locator-set:


Map-Cache Entry


LISP Status

LISP Overview

LISP Operations

LISP Use Cases

LISP Summary

LISP References


LISP Standardization Effort Status

Draft Next Steps/Target

LISP base protocol (draft-ietf-lisp-19) IESG Evaluation…

LISP+ALT (draft-ietf-lisp-alt-10) Approved! Experimental RFC

LISP Map Server (draft-ietf-lisp-ms-14) AD Evaluation…

LISP Interworking (draft-ietf-lisp-interworking-02) AD Evaluation…

LISP Map Versioning (draft-ietf-lisp-map-versioning-06) AD Evaluation…

LISP Multicast (draft-ietf-lisp-multicast-12) IESG Evaluation…

LISP Internet Groper (draft-ietf-lisp-lig-06) Approved! Experimental RFC

LISP Mobile Node (draft-meyer-lisp-mn-06) Proposed for WG adoption (3 prototypes available)

LISP Canonical Address Format (draft-farinacci-lisp-lcaf-06)

Proposed for WG adoption

LISP MIB (draft-ietf-lisp-mib-03) Active…

LISP Deployment (draft-ietf-lisp-deployment-02) Active…

LISP SEC (draft-ietf-lisp-sec-01) Active…

LISP Threats (draft-ietf-lisp-threats-00) Active…

LISP EID Block (draft-ietf-lisp-eid-block-01) Active…IETF LISP WG: http://tools.ietf.org/wg/lisp/


LISP Deployments - International LISP Beta Network

LISP Community Operated

- >4 years operational

- >140+ sites, 26 countries

Nine LISP implementations deployed today

- Cisco: IOS, IOS-XE, NX-OS

- Furukawa Network Solution Corporation FITELnet-G21

- FreeBSD: OpenLISP

- Linux: OpenWrt, Aless, LISPmob

- Android (Gingerbread)

- Plus a few others… ;-)

http://lisp.cisco.com

http://www.lisp6.facebook.com

http://www.lisp.intouch.eu/

http:/lisp.isarnet.net/

and more…


Cisco’s LISP Software Release Strategy – Development Strategy

Early Deployment (ED) software – Engineering Builds

- LISP ED releases available on CCO as “hidden” posts

- Not orderable via the Cisco Global Configuration tool

- Intended only for deployment on LISP nodes

- Not intended nor recommended for production deployment scenarios

- TAC supported (unless deployed in non-LISP environment)

- Refer to LISP Early ED Software Release Product Bulletin for details

Production LISP Deployment Software – Mainline Integration

- LISP production software images available via CCO download

- Orderable via the Cisco Global Configuration tool

- Approved for use in all production deployment scenarios

- TAC supported

Cisco LISP Code: http://lisp.cisco.com


LISP Software Release Strategy – Available Releases!

Cisco Releases- IOS since December 2009… ISR, ISRG2, 7200

- IOS-XE since March 2010… ASR1K

- NX-OS since December 2009… Nexus 7000, UCS C200

- Coming soon… Catalyst 6500, ASR9K, CRS-3, and others…

Other LISP Releases- Furukawa Network Solutions Corp

- FreeBSD

OpenLISP

- Linux

Aless

LISPmob

OpenWrt (coming soon…)

- Android

Gingerbread (coming soon…)

- Other vendors… Check back!!

Cisco LISP Releases: http://lisp.cisco.com

http://www.lisp4.net

http://www.lisp6.net Other LISP Releases:

LISP Summary

LISP Overview

LISP Operations

LISP Use Cases

LISP Status

LISP References


LISP – A Routing Architecture; Not a Feature

Enables IP Number Portability

- With session survivability

- Never change host IP addresses; No renumbering costs

- No DNS “name == EID” binding change

Uses pull vs. push routing

- OSPF and BGP are push models; routing stored in the forwarding plane

- LISP is a pull model; Analogous to DNS; massively scalable

An over-the-top technology

- Address Family agnostic

- Incrementally deployable

- No changes in end systems

Creates a Level of Indirection

- Separates End-Host and Site addresses

Deployment simplicity

- No host changes

- Minimal CPE changes

- Some new core infrastructure components

Enables other interesting features

- Simplified multi-homing with Ingress traffic Engineering – without the need for BGP

- End-host mobility without renumbering

- Address Family agnostic support

An Open Standard

- No Cisco Intellectual Property Rights

LISP References

LISP Overview

LISP Operations

LISP Use Cases

LISP Status

LISP Summary


LISP Information and Mailing Lists

LISP Information

- IETF LISP Working Group http://tools.ietf.org/wg/lisp/

- LISP Beta Network Site http://www.lisp4.net & http://www.lisp6.net

- Cisco LISP Site http://lisp.cisco.com (ipv4 and IPv6)

- Cisco LISP Marketing Site http://www.cisco.com/go/lisp/

LISP Mailing Lists

- IETF LISP Working Group http://tools.ietf.org/wg/lisp/

- LISP Interest (public) [email protected]

- Cisco LISP Questions [email protected]

- LISPmob Questions [email protected]


• Thank you!

• Please complete the post-event survey.

• Join us February 8 for our next webinar:

Recommendations for Network Application Identification and Policy

To register, go to www.cisco.com/go/iosadvantage


Thank you.

lisp: the next generation networking architecture (ios advantage webinar)

Technology

cisco andor

cisco public

lisp mapping system

location lisp behaviorinternet

nonlisp xtrc

major lisp use cases

lisp team technical

main attributes of lisp