using lisp to solve today's ip host mobility challenges (ios advantage webinar)

© 2012 Cisco and/or its affiliates. All rights reserved. 1

Cisco IOS Advantage Webinars Using LISP to Solve Today's IP Host Mobility Challenges

Victor Moreno and Darrel Lewis

We’ll get started a few minutes past the top of the hour.

Note: you may not hear any audio until we get started.


Register for a Techtorial Session: http://www.ciscolive.com/london/registration-packages/

•  TECIPM-3191 - Advanced LISP Techtorial

Other Techtorial Sessions from Cisco Software Experts Session Number Advanced Network Automation TECNMS-3601 Application Awareness in the Network; the Route to Application Visibility and Control TECRST-2672 Converged Access: Wired/Wireless System Architecture, Design and Operations TECCRS-2678 Enterprise QoS Design Strategy TECRST-2501 IPv6 for Dummies: An Introduction to IPv6 TECMPL-2192 IPv6 Security TECRST-2680 Scaling the IP NGN with Unified MPLS TECNMS-3601 Software Defined Networking and Use Cases TECSPG-2667 Understanding and Deploying IP Multicast Networks TECIMP-1008


Panelists

Darrel Lewis Technical Leader

Engineering [email protected]

Speakers

Victor Moreno Distinguished Engineer

Technical Marketing [email protected]

Max Ardica

Technical Leader Engineering

[email protected]

Gregg Schudel Engineer

Technical Marketing [email protected]

Arnel Dionisio Technical Leader


Solomon Rajkumar SW Development Engineer



•  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists

•  Please complete the post-event survey

•  For Webex audio, select COMMUNICATE > Join Audio Broadcast

•  Where can I get the presentation? Or send email to: [email protected]

•  Join us November 7th for our next TechAdvantage Webinar: Media Services Proxy (MSP) for Enhanced Media Awareness and Building Plug-And-Play Media Networks www.cisco.com/go/iosadvantage

•  For Webex call back, click ALLOW phone button at the bottom of participants side panel


  Host Mobility Business Drivers   What is LISP?   How Does LISP Work?   How are Customers Using LISP?   LISP Host Mobility

– Fundamentals – Across Subnets

– Extending Subnets – Customer Example

  LISP Status and References   LISP Summary


Legacy IT model: Client/Server

Emerging IT model: Mobile/Cloud

Client Server

M

M

M

M

M M

M C

C

C

C

C C

C

Attributes: •  Simple •  Secure •  Static

Attributes: •  Connected •  Scalable •  Multi-tenant


Distributed Data Center Goals:

•  Seamless workload mobility between mul3ple datacenters

•  Distributed applica3ons closer to end users

•  Pool and maximize global compute resources

•  Ensure business con3nuity with workload mobility and distributed deployments

Geographically Dispersed

Data Centers


•  Today’s networks aren’t designed for mobility •  IP addresses are statically assigned to devices, access points, or services.

•  Connecting resources on different private networks and public networks with different owners is challenging

•  Movement between networks means device, service or network element connectivity necessarily always lost.

•  Today’s networks can’t scale

•  Cloud, mobility and Internet of things are overextending the ability of today’s routers to route data packets.

•  Mobility of devices and/or network elements leads to a ballooning of the amount of information stored in routing tables.

•  Today’s networks require new security models

•  In a world of multiple devices and multi-tenancy it’s not feasible to manually build every needed virtual private network

Mobility, Scalability and Interconnection Issues Must Be Solved Together


Use-cases   Global Workload Mobility   Workload Portability to Cloud

  Secure Multi-tenancy across organizations

  Rapid IPv6 Deployment

  LISP (Location / ID Separation Protocol) is an addressing architecture and set of protocols comprising an Endpoint Identifier (defining who a user is) and a Routing Locator (defining where the user is connected).

  LISP separates the identity of the device or access point from where the device is located enabling Internet services to remain continually connected when users move around or change devices.

Benefits   Mobility IP address Portability

  Scalability On-Demand Route lookup

  Security Tenant ID based Segmentation

  Address Family Independence

Evolving the World’s Networks for the Cloud Era

Overview

© 2010 Cisco and/or its affiliates. All rights reserved. 11 11

Continuous Operation

Distributed Clusters with Network Stability, accelerate Disaster Recovery

Business Goals LISP Enables Business Benefits

Global Availability

Respond to Change Add Capacity at will for peaks, on-demand additions in private or public cloud

Application Resiliency

Compute Workloads Anywhere, beyond a single physical data center or organization

Geo Diversity

Dynamic Business Flexibility

© 2010 Cisco and/or its affiliates. All rights reserved. 12 12

New Services Creation Unleash Compute Virtualization

Business Goals LISP Enables Business Benefits

Maximize Asset Utilization

Reduce Expenses Simplify Inter-site Change Management

Faster Service TTM

Employ Idle Resources

Workload Migration and Server Consolidation

Lower Cost of Managing


Mobility

Applicability   Active-Active Data Centers

  Data Center Disaster Recovery   Workload Portability to Cloud (aka Bursting)

  Federated Cloud open connectivity

  Topology independent addressing   Overlay solution   IPv4 or IPv6 agnostic

Benefits

  Integrated Mobility

  Mobility across organizations (SPs, Cloud Providers)

  IPv4, IPv6 or a combination   Optimal traffic path (no triangulation)

Provider A Provider B

Primary DC Secondary DC

Overview

Evolving the World’s Networks for the Cloud Era


IPv4 Internet Site 1

Site 2

Site 3

Tier 1 SP

Transit SP

Commodity SP

AS 300 13. 0/8

DFZ Routing

Table

AS 101 64.1.0.0/16

AS 200 12. 0/8

Locators

IDs

East-DC

64.2.0.0/16 64.1.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30 13.1.1.6/30 13.1.1.2/30

AS 102 64.2.0.0/16

eBGP 64.1.0.0/17 64.1.0.0/16

eBGP 64.2.128.0/17

64.2.0.0/16

64.1.0.12/32

eBGP 64.1.128.0/17

64.1.0.0/16 eBGP

64.2.0.0/17 64.2.0.0/16



Site 2

Site 3

Tier 1 SP

Transit SP

Commodity SP

AS 300 13. 0/8

AS 101 64.1.0.0/16

AS 200 12. 0/8

Locators

East-DC

64.2.0.0/16 64.1.0.0/16

West-DC 64.1.0.12/32

12.1.1.2/30 12.1.1.6/30 13.1.1.6/30 13.1.1.2/30

AS 102 64.1.0.0/16

Clear Separation at the Network Layer:: • who/what you are looking for

vs. … • how to best get there

ID/Loc Split is common already! Two basic approaches:

• Translations (e.g. NAT) vs. …

• Tunnels (e.g. GRE, IPsec, MPLS) Both approaches are limited to local scope

What is needed is Locator/ID Separation on a GLOBAL Scope.

• What if ID address and Locator address are in different databases?

• This creates a “level of indirection” between ID and LOCATION in the network!

DFZ Routing

Table LISP

Mapping System

IDs



Site 2

Site 3

Tier 1 SP

Transit SP

Commodity SP

AS 300 13. 0/8

AS 101 64.1.0.0/16

AS 200 12. 0/8

Locators

East-DC

64.2.0.0/16 64.1.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30 13.1.1.6/30 13.1.1.2/30

AS 102 64.2.0.0/16

LISP Mapping System

•  Let’s scale the ID address databases to 1010 and allow it to hold any prefix length (even /32’s and /128’s)

•  Let’s provide a mechanism to provide on-the-fly resolution of ID and locator (like DNS)

• High scale design, and ability to change locator for fixed ID enables Mobility!

DFZ Routing

Table

IDs

Note: Loc/ID Split enables “Mobility” But, can’t we handle “mobility” today, for example, with something like Global Site Selector (GSS)?   GSS uses DNS

•  what do you do for all the applications that have hard-coded IP address?

•  How do you move “existing flows” without rebuilding TCP sessions?

  DNS is an “application” •  Using DNS for “routing” is never a good idea •  If DNS goes down, routing goes down.

64.1.0.12/32


LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its LOCATION in the network

LISP radical changes the current ROUTING Architecture •  Radical changes lead to DISRUPTION opportunities •  LISP allows both SPs and Enterprises to do remarkably different things

than traditional approaches allow •  LISP enables NEW services (VPNs, IPv6, Mobility, “cloud”) in one,

common, simple architecture


  LISP Loc/ID Split namespaces ‒ EID (Endpoint Iden>fier) is the IP address of a host – just as it is today

‒ RLOC (Rou>ng Locator) is the IP address of the LISP router for the host

‒ EID-‐to-‐RLOC mapping is the distributed architecture that maps EIDs to RLOCs

Prefix Next-‐hop w.x.y.1 e.f.g.h x.y.w.2 e.f.g.h z.q.r.5 e.f.g.h z.q.r.5 e.f.g.h

Non-‐LISP

RLOC Space

EID-‐to-‐RLOC mapping

EID Space xTR

xTR

MS/MR

PxTR

xTR

EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5

EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5

EID Space

 Network-‐based solu3on  No host changes  Minimal configura3on  No DNS changes

 Address Family agnos3c   Incrementally deployable (support LISP and non-‐LISP)

  Support for mobility


  LISP “Level of Indirection” is analogous to a DNS lookup ‒  DNS resolves IP addresses for URL Answering the “WHO IS” question

‒  LISP resolves locators for queried identities Answering the “WHERE IS” question

host DNS Name-to-IP URL Resolution

[ who is lisp.cisco.com ] ? DNS Server

[153.16.5.29, 2610:D0:110C:1::3 ]

LISP Identity-to-locator Mapping Resolution

LISP router

LISP Mapping System

[ where is 2610:D0:110C:1::3 ] ?

[ locator is 128.107.81.169 ]


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30

PI EID-prefix 32.1.1.0/24

LISP Site 2

D

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

S 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR


ETR – Egress Tunnel Router ‒  Receives packets from core-

facing interfaces

‒  De-cap packets, deliver to local EIDs at site

ITR – Ingress Tunnel Router ‒  Receives packets from site-

facing interfaces

‒  Encap to remote LISP sites, or native-fwd to non-LISP sites

packet flow


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site 2

D

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

S 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR


DNS entry: D.abc.com A 64.1.0.12

1

2 32.1.1.32 -> 64.1.0.12

EID-prefix: 64.1.0.0/16 Locator-set: 12.1.1.2, priority: 1, weight: 50 12.1.1.6, priority: 1, weight: 50

Map-Cache Entry

3

This policy controlled by the destination site

32.1.1.32 -> 64.1.0.12 10.0.0.2 -> 12.1.1.6

4

5

32.1.1.32 -> 64.1.0.12 10.0.0.2 -> 12.1.1.6

6

7 32.1.1.32 -> 64.1.0.12

Notes: ‒  The destination site controls its

ingress policy (active/active in this case)

‒  5-tuple hash per-flow selects RLOC for encapsulation


  LISP Control Plane Provides On-Demand Mappings ‒ Control Plane is separate from data plane ‒ Map-Resolver and Map-Server (similar to DNS Resolver and DNS Server) ‒ LISP Control Plane Messages for EID-to-RLOC resolution ‒ Distributed databases and map-caches hold mappings


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site 2

D

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

S 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR


Mapping System

MR MS

MR – Map-Resolver ‒  Receives Map-Request from

ITRs

‒  Forwards Map-Request to Map-Servers

‒  Sends Negative Map-Replies for Map-Requests for non-LISP sites

MS – Map-Server ‒  LISP site ETRs register their

EID prefixes here; requires “lisp site” policy, authentication key

‒  Receives Map-Requests via Mapping System; forwards Map-Requests to registered ETRs


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site 2

D

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

S 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR


Mapping System

MR MS

Map Cache (ITR) ‒  Stores mappings for sites ITR

currently sending packets to

‒  Populated by receiving Map-Replies for its Map-Requests

‒  ITRs must respect Map-Reply policy (TTLs, RLOC up/down status, RLOC priorities/weights

Mapping-Database (ETR) ‒  EID-to-RLOC mappings in all

ETRs for local LISP site

‒  ETR authoritative for site EIDs sends Map-Replies to ITRs

‒  ETRs can tailor policy based on Map-Request source


  Control Plane “EID Registration” ‒ Map-Register message

Sent by ETR to MS to register its associated EID prefixes Specifies the RLOC(s) to be used by the MS when forwarding Map-Requests to the ETR

  Control Plane “Data-triggered” mapping service ‒ Map-Request message

Sent by an ITR when it needs for EID/RLOC mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration (Solicit Map-Request (SMR))

‒ Map-Reply message Sent by an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress policy for the requested EID

‒ Map-Notify message Sent by Map-Server to ETR to acknowledge that its requested EID prefixes were registered successfully


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site 2

D

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

S 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR


Mapping System

MR MS

1

LISP Map-Register (udp 4342)

SHA-2 64.1.0.0/16

12.1.1.2, 12.1.1.6

12.1.1.6-> 66.2.2.2

Other sites… 2

Notes: ‒  The ETR registers the EIDs

that it is authoritative for

‒  The MS is configured for the site EIDs, and must have the same authentication key

66.2.2.2


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site 2

D

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

S 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR


Mapping System

MR MS

66.2.2.2

DNS entry: D.abc.com A 64.1.0.12

1

2 32.1.1.32 -> 64.1.0.12

How do I get to 64.1.0.12?

3 11.0.0.2-> 66.2.2.2 LISP ECM (udp 4342)

11.0.0.2 -> 64.1.0.12 Map-Request

(udp 4342) nonce

Notes: ‒  Encapsulated Control Message

(ECM) header is used between an xTR and the Mapping System

‒  The IP address in the Map-Request (64.1.0.12 in this case) is the host that the ITR is trying to reach.

‒  The Map-Reply includes the entire prefix (64.1.0.0/16 in this case) covering the requested host.

4 66.2.2.2 -> 12.1.1.6 LISP ECM (udp 4342)

11.0.0.2 -> 64.1.0.12 Map-Request

(udp 4342) nonce

5 12.1.1.6 -> 11.0.0.2 Map-Reply (udp 4342)

nonce 64.1.0.0/16

12.1.1.2 [1, 50] 12.1.1.6 [1, 50]

EID-prefix: 64.1.0.0/16 Locator-set: 12.1.1.2, priority: 1, weight: 50 12.1.1.6, priority: 1, weight: 50

Map-Cache Entry 6



East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site 2

D

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

S 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR


Mapping System

MR MS

66.2.2.2

64.1.0.12 has moved away…

2 11.0.0.2-> 66.2.2.2 LISP ECM (udp 4342)

11.0.0.2 -> 64.1.0.12 Map-Request

(udp 4342) nonce

Notes: ‒  Solicit Map Request is sent in

order to inform ITR’s that their Map-Cache might be out of date

Map-Reply sent… 4

12.1.1.6 -> 11.0.0.2 Map-Reply (udp 4342)

nonce 64.1.0.12/32

12.1.1.2 [1, 50] 12.1.1.6 [1, 50]

1 12.1.1.6 -> 11.0.0.2

Map-Request (udp 4342)

Nonce 64.1.0.12/32

Solicit Map Reqst

3 66.2.2.2 -> 11.0.0.2 LISP ECM (udp 4342)

11.0.0.2 -> 64.1.0.12 Map-Request

(udp 4342) nonce


1.  Efficient Multi-Homing 2.  IPv6 Transition Support 3.  Efficient Virtualization/VPN 4.  Data Center/Host Mobility 5.  LISP Mobile-Node These ‘core’ Use-Cases highlight

functionality that is integrated in LISP. All use-case :: multi-homing, v6

transition, virtualization, and mobility work together as well


  Needs:   Host-Mobility extending subnets and

across subnets   Move detection, dynamic EID-to-RLOC

mappings, traffic redirection

  LISP Solution:   LISP for across subnets moves   Host IP (/32) remains the same

  Benefits:   VM/OS agnostic, seamless, integrated,

global workload mobility (cloud bursting)   Direct Path after move (no triangulation)   No IP address changes across move   Connections survive across moves   No routing re-convergence or DNS updates   ARP elimination

  Example: VXNet is providing Disaster Recovery and Workload mobility solutions to NYC financial institutions

LISP Site

IP Network

West DC

Legacy Site Legacy Site Legacy Site

East DC

PxTR Mapping

DB

Data Center/Host Mobility

xTR

a.b.c.1

VM

a.b.c.1

VM

VM move


Moves With LAN Extension

West-DC East-DC

Non-LISP Site

IP Network Mapping DB

LISP-‐VM (XTR)

LAN Extension

LISP Site

XTR

 Rou3ng for Extended Subnets Active-Active Data Centers Distributed Data Centers

 Applica3on Members Distributed Broadcasts across sites

 IP Mobility Across Subnets Disaster Recovery Cloud Bursting

 Applica3on Members In One Loca3on

West-DC East-DC

Moves Without LAN Extension LISP Site

Internet or Shared WAN

XTR

DR Location or Cloud

Provider DC

LISP-‐VM (XTR)

Mapping DB


1.  Detect the host move a)  For any host, without agents on the host or protocols b)  Without dependence on any hypervisor

2.  Register the new host location with the Mapping System

3.  Notify other xTRs/PITRs of the move a)  Update routing tables at old sites b)  Update LISP Map-Caches


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.2.0.0/24

ip lisp itr-etr ip lisp database-mapping 64.1.0.0/16 12.1.1.2 pri 1 wei 50 ip lisp database-mapping 64.1.0.0/16 12.1.1.6 pri 1 wei 50 ip lisp itr map-resolver 66.2.2.2 ip lisp etr map-server 66.2.2.2 key some-key-DC lisp dynamic-eid WEBINAR_MOB_ASM database-mapping 64.1.0.0/24 12.1.1.2 pri 1 wei 50 database-mapping 64.1.0.0/24 12.1.1.6 pri 1 wei 50 map-notify-group 239.1.1.1 interface vlan 100 ip address 64.1.0.2/24 lisp mobility WEBINAR_MOB_ASM ip proxy-arp hsrp 101 mac-address 0000.0e1d.010c ip 64.1.0.1


The 64.1.0.0/24 from the entire /16 is configured as able to “roam” in this case


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.2.0.0/24





East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.2.0.0/24

router lisp site Site1 authentication-key some-key-1 eid-prefix 32.1.1.0/24 site DC-1 authentication-key some-key-DC eid-prefix 64.1.0.0/16 accept-more-specifics eid-prefix 64.2.0.0/16 !

router lisp database-mapping 32.1.1.0/24 10.0.0.2 priority 1 weight 50 database-mapping 32.1.1.0/24 11.0.0.2 priority 1 weight 50

ipv4 itr ipv4 etr ipv4 itr map-resolver 66.2.2.2 ipv4 etr map-server 66.2.2.2 key some-key-1


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.2.0.0/24

64.1.0.12/32 64.1.0.12/32

1

3

Routing Table: 64.2.0.0/24 – Local 64.1.0.12/32 – Local

Map-Notify 64.1.0.12/32 13.1.1.2/13.1.1.6

4

Map-Register 64.1.0.12/32 13.1.1.2/13.1.1.6

5


2

64.1.0.0/16 – 12.1.1.2/12.1.1.6 64.2.0.0/16 – 13.1.1.2/13.1.1.6 64.1.0.12/32 – 13.1.1.2/13.1.1.6

6

Map-Notify 64.1.0.12/32 13.1.1.2/13.1.1.6

7

Routing Table: 64.1.0.0/24 – Local 64.1.0.12/32 – Null0

8

9

Map-Notify 64.1.0.12/32 13.1.1.2/13.1.1.6


10


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.2.0.0/24

10.0.0.2

11.0.0.2

1.  ITRs, PITRs with cached mappings continue to send traffic to the old locators until updated

Old DC xTR site knows the host has moved (/32 Null0 route)

2.  Old DC xTR sends Solicit Map Request (SMR) messages to any encapsulators sending traffic to “it” for the moved host

1

2

3.  SMR causes ITR to initiate a new map-request/map-reply process

3 map-request

4.  Map-Reply updates map-cache with new location

64.1.0.0/16 – 12.1.1.2/12.1.1.6 64.2.0.0/16 – 13.1.1.2/13.1.1.6 64.1.0.12/32 – 13.1.1.2/13.1.1.6 4

5.  Traffic now flows to the HOST at its NEW location

5


  Not necessarily for moving workloads: Can be solved with IP mobility solutions: LISP Host Mobility

  Application High Availability Distributed Clusters e.g. Node Discovery & Heartbeats in Clustered Applications

Hypervisor Hypervisor IP Network

Moving Workloads

Hypervisor Control Traffic (routable)

IP Network

OS OS OS Distributed App (GeoCluster)

LAN Extension (OTV)

Non-IP application traffic

(heartbeats)


  A subnet usually implies location

  Yet we use LAN extensions to stretch subnets across locations

Location semantics of subnets are lost

  Traditional routing relies on the location semantics of the subnet

Can’t tell if a server is at the East or West location of the subnet

  More granular (host level) information is required

LISP provides host level location semantics West-DC East-DC

IP Network

LAN Extension

LISP site

XTR


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.1.0.0/24

LAN Extension (OTV)

ip lisp itr-etr ip lisp database-mapping 64.1.0.0/16 12.1.1.2 pri 1 wei 50 ip lisp database-mapping 64.1.0.0/16 12.1.1.6 pri 1 wei 50 ip lisp itr map-resolver 66.2.2.2 ip lisp etr map-server 66.2.2.2 key some-key-DC lisp dynamic-eid WEBINAR_MOB_ESM database-mapping 64.1.0.0/24 12.1.1.2 pri 1 wei 50 database-mapping 64.1.0.0/24 12.1.1.6 pri 1 wei 50 map-notify-group 239.1.1.1 interface vlan 100 ip address 64.1.0.3/24 lisp mobility WEBINAR_MOB_ESM lisp extended-subnet-mode hsrp 101 ip 64.1.0.1



The 64.1.0.0/24 from the entire /16 is on the interface as well. This will be “extended” to the other DC


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.1.0.0/24

LAN Extension (OTV)

3.7



Notice that a 64.1.0.0/24 is “extended” from the other DC in this case.


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.1.0.0/24

LAN Extension (OTV)




East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.1.0.0/24

LAN Extension (OTV)

router lisp database-mapping 32.1.1.0/24 10.0.0.2 priority 1 weight 50 database-mapping 32.1.1.0/24 11.0.0.2 priority 1 weight 50

ipv4 itr ipv4 etr ipv4 itr map-resolver 66.2.2.2 ipv4 etr map-server 66.2.2.2 key some-key-1

router lisp site Site1 authentication-key some-key-1 eid-prefix 32.1.1.0/24 site DC authentication-key some-key-DC eid-prefix 64.1.0.0/16 accept-more-specifics eid-prefix 64.2.0.0/16 !


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR 32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.1.0.0/24

LAN Extension (OTV)

64.1.0.12/32 64.1.0.12/32

LISP Site DC-1

Map-Notify 64.1.0.12/32 13.1.1.2/13.1.1.6

Map-Register 64.1.0.12/32 13.1.1.2/13.1.1.6

5

64.1.0.0/16 – 12.1.1.2/12.1.1.6 64.1.0.12/32 – 12.1.1.2/12.1.1.6 64.2.0.0/16 – 13.1.1.2/13.1.1.6

6


4

Map-Notify 64.1.0.12/32 13.1.1.2/13.1.1.6

Note: •  Null0 host routes indicate the

host is “away” •  64.1.0.0/24 is configured as

the dynamic-EID range


4 Routing Table: 64.1.0.0/24 – Local 64.1.0.12/32 – Null0

2


4

1 3

64.1.0.12/32 – Null0

64.1.0.12/32 – 13.1.1.2/13.1.1.6

64.1.0.12/32 – Local 64.1.0.12/32 – Local

64.1.0.12/32 – Null0


East-DC

64.2.0.0/16

West-DC

12.1.1.2/30 12.1.1.6/30


LISP Site DC-1

LISP Site 1

xTR-1 ETR

ITR

xTR-2

ETR

ITR

64.1.0.12/32

32.1.1.32

10.0.0.2

11.0.0.2

xTR-2 ETR

ITR xTR-1

ETR

ITR

64.1.0.0/16

Mapping System

MR MS

64.1.0.12/32

13.1.1.6/30 13.1.1.2/30

LISP Site DC-2

xTR-4 ETR

ITR xTR-3 ETR

ITR

66.2.2.2

64.1.0.0/24 64.1.0.0/24

1.  ITRs, PITRs with cached mappings continue to send traffic to the old locators until updated

Old DC xTR site knows the host has moved (/32 Null0 route)

2.  Old DC xTR sends Solicit Map Request (SMR) messages to any encapsulators sending traffic to “it” for the moved host

3.  SMR causes ITR to initiate a new map-request/map-reply process

3

4.  Map-Reply updates map-cache with new location

64.1.0.0/16 – 12.1.1.2/12.1.1.6 64.1.0.12/32 – 12.1.1.2/12.1.1.6 64.2.0.0/16 – 13.1.1.2/13.1.1.6

4

5.  Traffic now flows to the HOST at its NEW location

1

2

map-request

5

64.1.0.12/32 – 12.1.1.2/12.1.1.6 64.1.0.12/32 – 13.1.1.2/13.1.1.6


Customer-‐A MPLS-‐VPN

MPLS Core

PE5 PE6

Blue/DC 1 (Loca>on 1)

CE5 CE6


CE7 CE8

ITR/ETR

Customer-‐A Site 4

PE4

Customer-‐A Site 3 PE3

MS/MR MS/MR


PE2


CE2

ITR/ETR

LAN Extension (OTV)

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR 172.18.0.0/16 172.17.0.0/16

DYNAMIC EID 172.17.0.0/24



MPLS Core

PE5 PE6


CE5 CE6


CE7 CE8

ITR/ETR


PE4


MS/MR MS/MR


PE2


CE2

ITR/ETR

LAN Extension (OTV)

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR

EID 172.16.1.0/24

RLOC GE0/0/0 10.1.1.2/30

RLOC GE0/0/0 10.1.5.1

RLOC GE0/0/0 10.1.6.1

router lisp eid-‐table default instance-‐id 0 database-‐mapping 172.16.1.0/24 10.1.1.2 pri 1 wei 100 exit ! ipv4 itr ipv4 etr ipv4 itr map-‐resolver 10.1.5.1 ipv4 etr map-‐server 10.1.5.1 key s3cr3t ipv4 itr map-‐resolver 10.1.6.1 ipv4 etr map-‐server 10.1.6.1 key s3cr3t !

IOS

172.18.0.0/16 172.17.0.0/16


IOS

router lisp ! site DCs authen>ca>on-‐key DCs3cr3t eid-‐prefix 172.17.0.0/16 accept-‐more-‐specifics eid-‐prefix 172.18.0.0/16 exit ! site Site-‐1 authen>ca>on-‐key s3cr3t eid-‐prefix 172.16.1.0/24 exit ! -‐-‐<more sites>-‐-‐-‐ ipv4 map-‐server ipv4 map-‐resolver exit !



MPLS Core

PE5 PE6


CE5 CE6


CE7 CE8

ITR/ETR


PE4


MS/MR MS/MR


PE2


CE2

ITR/ETR

LAN Extension (OTV)

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR

RLOC-A 10.2.5.1

RLOC-B 10.2.5.5

RLOC-C 10.2.6.1

RLOC-D 10.2.6.5

ip lisp itr-‐etr ip lisp database-‐mapping 172.18.0.0/16 10.2.6.1 p 1 w 50 ip lisp database-‐mapping 172.18.0.0/16 10.2.6.5 p 1 w 50 ip lisp itr map-‐resolver 10.1.5.1 ip lisp itr map-‐resolver 10.1.6.1 ip lisp etr map-‐server 10.1.5.1 key DCs3cr3t ip lisp etr map-‐server 10.1.6.1 key DCs3cr3t lisp dynamic-‐eid CUST-‐A-‐ROAM database-‐mapping 172.17.0.0/24 10.2.6.1 p 1 w 50 database-‐mapping 172.17.0.0/24 10.2.6.5 p 1 w 50 map-‐no>fy-‐group 239.1.1.1

interface vlan 100 ip address 172.17.0.4/24 (or 172.17.0.5/24) lisp mobility CUST-‐A-‐ROAM lisp extended-‐subnet-‐mode hsrp 101 preempt delay reload 300 (one side only) priority 130 (or 120) ip 172.17.0.1

NX-‐OS

ip lisp itr-‐etr ip lisp database-‐mapping 172.17.0.0/16 10.2.5.1 p 1 w 50 ip lisp database-‐mapping 172.17.0.0/16 10.2.5.5 p 1 w 50 ip lisp itr map-‐resolver 10.1.5.1 ip lisp itr map-‐resolver 10.1.6.1 ip lisp etr map-‐server 10.1.5.1 key DCs3cr3t ip lisp etr map-‐server 10.1.6.1 key DCs3cr3t lisp dynamic-‐eid CUST-‐A-‐ROAM database-‐mapping 172.17.0.0/24 10.2.5.1 p 1 w 50 database-‐mapping 172.17.0.0/24 10.2.5.5 p 1 w 50 map-‐no>fy-‐group 239.1.1.1

interface vlan 100 ip address 172.17.0.2/24 (or 172.17.0.3/24) lisp mobility CUST-‐A-‐ROAM lisp extended-‐subnet-‐mode hsrp 101 preempt delay reload 300 (one side only) priority 130 (or 120) ip 172.17.0.1

NX-‐OS

172.18.0.0/16 172.17.0.0/16




MPLS Core

PE5 PE6


CE5 CE6


CE7 CE8

ITR/ETR


PE4


MS/MR MS/MR


PE2


CE2

ITR/ETR

LAN Extension (OTV)

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR

RLOC-A 10.2.5.1

RLOC-B 10.2.5.5

RLOC-C 10.2.6.1

RLOC-D 10.2.6.5

EID 172.16.1.0/24

RLOC GE0/0/0 10.1.1.2/30

172.17.0.12/32

the server is here

EID-‐prefix: 172.17.0.12/32 Locator-‐set: 10.2.5.1, priority: 1, weight: 50 10.2.5.5, priority: 1, weight: 50

map-cache

172.18.0.0/16 172.17.0.0/16




MPLS Core

PE5 PE6


CE5 CE6


CE7 CE8

ITR/ETR


PE4


MS/MR MS/MR


PE2


CE2

ITR/ETR

LAN Extension (OTV)

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR

RLOC-A 10.2.5.1

RLOC-B 10.2.5.5

RLOC-C 10.2.6.1

RLOC-D 10.2.6.5

EID 172.16.1.0/24

RLOC GE0/0/0 10.1.1.2/30

172.17.0.12/32

the server moves here

172.18.0.0/16 172.17.0.0/16


EID-‐prefix: 172.17.0.12/32 Locator-‐set: 10.2.5.1, priority: 1, weight: 50 10.2.5.5, priority: 1, weight: 50

map-cache

10.2.6.1, priority: 1, weight: 50 10.2.6.5, priority: 1, weight: 50


  Cisco Releases NX-OS since December 2009… Nexus 7000, UCS C200 IOS since December 2009… ISR, ISRG2, 7200 IOS-XE since March 2010… ASR1K IOS-XR since March 2012… CRS-3 Coming soon… ASR9K, and others

  Other Releases Furukawa Network Solutions Corp FreeBSD :: Open LISP Linux :: Aless, LISPmob, OpenWrt (coming soon…) Android :: Gingerbread (coming soon…) Other vendors… Check the site!

Cisco LISP Releases: http://lisp.cisco.com

Other LISP Releases: http://www.lisp4.net


  LISP Information IETF LISP Working Group …………..… http://tools.ietf.org/wg/lisp/ LISP Beta Network Site ………………… http://www.lisp4.net or http://www.lisp6.net Cisco LISP Site ………………………… http://lisp.cisco.com (IPv4 and IPv6) Cisco LISP Marketing Site …………….. http://www.cisco.com/go/lisp/ LISP DDT Root ………………………..… http://www.ddt-root.org

  LISP Host Mobility Information LISP Host Mobility Configuration Guide …. http://lisp.cisco.com/lisp_down.html

  LISP Mailing Lists IETF LISP Working Group ………… [email protected] Cisco LISP Questions ……………… [email protected] LISPmob Questions ………………... [email protected]


1.  Multihoming

2.  IPv6 Transition

3.  Virtualization/VPN

4.  Mobility

LISP is an Architecture…

IPv4 Core

IPv4 Core

v4

IPv4 Network

xTR

xTR


1.  Multihoming



4.  Mobility


IPv4 Network

IPv6 Network

IPv4 Core

IPv6 Core xTR

xTR v6

v4


1.  Multihoming



4.  Mobility


IPv4 Network

IPv6 Network

IPv4 Core v6

v4

IPv6 Core xTR

xTR


  Deployment simplicity ‒  No host changes ‒  Minimal CPE changes

‒  Some new core infrastructure components

  LISP use-cases are complimentary ‒  Simplified multi-homing with Ingress traffic

Engineering; no need for BGP

‒  Address Family agnostic support

‒  Virtualization support ‒  End-host mobility without renumbering

  An Open Standard ‒  No Cisco Intellectual Property Rights

  Enables IP Number Portability ‒  With session survivability ‒  Never change host IP addresses; No renumbering costs

‒  No DNS “name == EID” binding change

  Uses pull vs. push routing ‒  OSPF and BGP are push models;

routing stored in the forwarding plan

‒  LISP is a pull model; Analogous to DNS; massively scalable

  Can be used over any IP network ‒  Address Family agnostic

‒  Incrementally deployable

‒  End systems can be unaware of LISP


•  Thank you! •  Please complete the post-event survey.

•  Join us November 7th for our next webinar: Media Services Proxy (MSP) for Enhanced Media Awareness and building Plug-And-Play Media Networks To register, go to www.cisco.com/go/iosadvantage

using lisp to solve today's ip host mobility challenges (ios advantage webinar)

Technology

cisco andor

media networks

public networks

lisp work

mobility ip addresses

seamless workload mobility

worlds networks

todays networks arent