version 0.2 22 march 2012 - cisco › c › dam › global › hr_hr › assets › ...© 2012 cisco...

Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 2

LISP - innovative mobility w/ Cisco Architectures Gerd Pflueger – Consulting Systems Engineer – Central Europe [email protected]

Version 0.2 22 March 2012

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3

Cisco is developing a new, innnovative routing architecture, which helps w/ the separation of the host addressing from the actual location. Within multiple RFCs the new architecture of LISP (Locator/ID Separation Protocol) was documented and discussed in the IEFT. Beside of countless other functions, like IP address portability, VM mobility or large scale VPN, LISP will allow the following functionality for mobile communication: - simultaneous load balancing and multihoming for ingress and egress communication w/ different media (WLAN, Edge, UMTS, LTE) and - IPv6 mobility - keep IPv6 address even w/ roaming and connecting over IPv4 networks. The presentation will explain the basics on LISP and will discuss the opportunities of LISP with mobile communication. The presenter will show to of the latest use cases from airline industries and automotive communication. He will also demonstrate the actual LISP implementation on an Android mobile.

Cisco Public 4 © 2011 Cisco and/or its affiliates. All rights reserved.

•  What is LISP?

•  Usecases incl. IPv6-Solutions

•  Example - LHSys

•  Example - Car-Communication

•  Example - Android Phone

•  Q&A


Without LISP

§  LISP originally conceived to address Internet Scaling

Many customers have been reques2ng Cisco to look into this issue “…. rou'ng scalability is the most important problem facing the Internet today and must be solved….” A;endees of IAB workshop in October 2006 (wri;en in RFC4984)

LISP – A Solu2on to Real World Problems


•  LISP is completely open Started in the IRTF Currently has an IETF working group No known IPR

•  100s of Researchers and Operators Contributed to Design

•  Multiple Vendors Interested

•  Pilot Network up for nearly 4 years 121 nodes in 25 countries

•  Building a LISP-MN Pilot Network Testing server capabilities on Android phones Experimenting new mapping database systems and security mechanisms


Locator/ID split enables other (more important) benefits…

Internet

Device IPv4 or IPv6 address represents identity and

location

x.y.z.1

When the device moves, it gets a new IPv4 or IPv6 address for its new identity

and location w.z.y.9

Device IPv4 or IPv6 address represents

identity only

When the device moves, keeps its IPv4 or IPv6 address.

It has the same identity

Internet

a.b.c.1 e.f.g.7

Only the location changes

x.y.z.1

x.y.z.1

§  Today’s Internet Behavior

§  LISP Behavior


Prefix Next-hop w.x.y.1 e.f.g.h x.y.w.2 e.f.g.h z.q.r.5 e.f.g.h z.q.r.5 e.f.g.h

MS

ITR

PTR

ETR

ETR

Non-LISP

EID Space

EID Space

RLOC Space

EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5



Map DB

§  EID (Endpoint Identifier) is the host IP address

§  Creates a “Level of indirection” by using two namespaces – EID and RLOC

§  RLOC (Routing Locator) is the infrastructure IP address of the LISP router

§  Mapping Database (M-DB) is the distributed database and policy repository

§ Network-‐based solu


LISP IPv4 EID/IPv4 RLOC Header Example

IPv4 Outer Header: Router supplies RLOCs

IPv4 Inner Header: Host supplies EIDs

LISP header

UDP


LISP Encapsulation Combinations – IPv4 and IPv6 Supported

IPv4/IPv4

IPv4 Outer

Header

IPv4 Inner

Header

UDP LISP

IPv4/IPv6

IPv4 Outer

Header

IPv6 Inner

Header

UDP LISP

IPv6/IPv4

IPv6 Outer

Header

IPv4 Inner

Header

UDP LISP

IPv6/IPv6

IPv6 Outer

Header

IPv6 Inner

Header

UDP LISP


RC 172.16.10.0/24

172.16.20.0/24

10.1.1.0/30 10.2.1.0/30

10.0.0.0/30 .3

.2 .2 .1

.2 .2

Lo0 153.16.1.1/32

RA3

Lo0 153.16.2.1/32

RB3 RA1-xTR

RB1-xTR

.1

.1 RLOC

.1

RLOC

2.0.0.1/8 Lo0

4.0.0.1/8 Lo0 3.0.0.1/8

Lo0

193.159.224.1/24 Lo0

.1 RI-MS/MR

LISP A LISP B

RA2-xTR 10.1.2.0/30

1.0.0.1/8 Lo0

.1

RLOC

.2 10.2.2.0/30 .2 .1

EID-prefixes LISP Site A

172.16.10.0/24 153.16.1.1/32 153.16.1.2/32

EID-prefixes LISP Site B

172.16.20.0/24 153.16.2.1/32

EID (S)

EID (D)

MR - MS

Mapping Database (ETR) and Map Cache (ITR)

10.2.1.1 -> 10.0.0.1 1 LISP Map-Register

153.16.2.1/32

2 MS and MR

on a single router. No ALT advertisement

1

ETR – Registration

153.16.1.1 -> 153.16.2.1 3

How do I get to 153.16.2.1? 4

Map Request

55

10.1.2.1 -> 10.0.0.1 5 LISP ECM to MR

10.1.2.1 -> 153.16.2.1 5 Map-Request to ETR

10.0.0.1 -> 10.2.1.1 6 LISP ECM to ETR

10.1.2.1 -> 153.16.2.1 6 Map-Request to ETR

6

10.2.1.1 -> 10.1.2.1 Map-Reply to iTR

153.16.2.1/32 10.2.1.1 [1,50] 10.2.2.1 [10,50]

7

7

3


RC 172.16.10.0/24

172.16.20.0/24

10.1.1.0/30 10.2.1.0/30

10.0.0.0/30 .3

.2 .2 .1

.2 .2

Lo0 153.16.1.1/32

RA3

Lo0 153.16.2.1/32

RB3 RA1-xTR

RB1-xTR

.1

.1 RLOC

.1

RLOC

2.0.0.1/8 Lo0

4.0.0.1/8 Lo0 3.0.0.1/8

Lo0

193.159.224.1/24 Lo0

.1 RI-MS/MR

LISP A LISP B

RA2-xTR 10.1.2.0/30

1.0.0.1/8 Lo0

.1

RLOC

.2 10.2.2.0/30 .2 .1


172.16.10.0/24 153.16.1.1/32 153.16.1.2/32


172.16.20.0/24 153.16.2.1/32

EID (S)

EID (D)

MR - MS

RC

Unicast Packet Forwarding

This policy controlled by destination site

EID-prefix: 153.16.2.1/32 Locator-set: 10.2.1.1, priority: 1, weight: 50 (D1) 10.2.2.1, priority: 10, weight: 50 (D2)

Mapping Entry

153.16.1.1 -> 153.16.2.1 4

2 3

1

153.16.1.1 -> 153.16.2.1 2

10.1.2.1 -> 10.2.1.1

4

153.16.1.1 -> 153.16.2.1 1 153.16.1.1 -> 153.16.2.1 3

10.1.2.1 -> 10.2.1.1







•  Q&A


IPv6 Transition Support

§  v6-over-v4, v6-over-v6 §  v4-over-v6, v4-over-v4

IPv4 Internet IPv6 Internet

v6

v6 v4 v6

LISP router LISP

router v6 services

VM-Mobility

§  Cloud / Layer 3 VM moves §  Segmentation

Data Center 1

Data Center 2

a.b.c.1 VM

a.b.c.1 VM

VM move

LISP router

LISP router

Internet

VPNs and Segmentation

§  Over-the-Top §  Multi-tenency

HQ LISP Site

Internet

Data Center

User Network

Remote LISP Site

Remote LISP Site Remote

LISP Site Remote

LISP Site . . 10k . .

Efficient Multi-Homing

§  IP Portability §  Ingress Traffic Engineering without BGP

LISP routers

LISP Site

Internet


Needs: − Rapid IPv6 Deployment

− Minimal Infrastructure disruption

LISP Solution: −  LISP encapsulation is Address Family agnostic

IPv6 interconnected over IPv4 core

IPv4 interconnected over IPv6 core

Benefits: − Accelerated IPv6 adoption − Minimal added configurations

− No core network changes − Can be used as a transitional or permanent solution

IPv4 Internet

IPv6 Internet

v6

v6 v4 PxTR

IPv4 Core

v6

xTR v6 service

IPv4 Internet IPv4 Enterprise

Core

v6 v4

v6 island IPv4 Enterprise Core

xTR v6 island

xTR

IPv6 Internet

IPv4 access & Internet

PxTR v6

v6 home Network

.

v6 home Network

v6 home Network

xTR

xTR

xTR

PxTR

PxTR

v6

. v6 site

v6 v4

Connecting IPv6 Islands

IPv6 Service Support

IPv6 Access Support

v6

v6


RC 172.16.10.0/24

172.16.20.0/24

10.1.1.0/30 10.2.1.0/30

10.0.0.0/30 .3

.2 .2

.1 .2

.2

Lo0 153.16.1.1/32

RA3

Lo0 153.16.2.1/32

RB3 RA1-xTR

RB1-xTR

.1

.1 RLOC

.1

RLOC

2.0.0.1/8 Lo0

4.0.0.1/8 Lo0 3.0.0.1/8

Lo0

193.159.224.1/24 Lo0

.1 RI-MS/MR

LISP A LISP B

RA2-xTR 10.1.2.0/30

1.0.0.1/8 Lo0

.1

RLOC

.2 10.2.2.0/30 .2 .1


172.16.10.0/24 153.16.1.1/32 153.16.1.2/32


172.16.20.0/24 153.16.2.1/32

EID (S) EID (D)

MR - MS

hostname RI ip lisp map-resolver ip lisp map-server lisp site LISP-A eid-prefix 153.16.1.0/24 eid-prefix 172.16.10.0/24 authentication-key 3 9125d59c18a9b015 description LISP SITE A lisp site LISP-B eid-prefix 153.16.2.0/24 eid-prefix 172.16.20.0/24 authentication-key 3 9125d59c18a9b015 description LISP SITE B

[email protected]

hostname RA2 ip route 0.0.0.0/0 10.1.2.2 ip route 10.1.1.1/32 10.1.2.2 ip route 153.16.1.0/24 172.16.10.3 ip lisp itr-etr ip lisp database-mapping 153.16.1.0/24 10.1.2.1 priority 1 weight 50 ip lisp database-mapping 172.16.10.0/24 10.1.2.1 priority 1 weight 50 ip lisp database-mapping 153.16.1.0/24 10.1.1.1 priority 1 weight 50 ip lisp database-mapping 172.16.10.0/24 10.1.1.1 priority 1 weight 50 ip lisp itr map-resolver 10.0.0.1 ip lisp etr map-server 10.0.0.1 key 3 9125d59c18a9b015


[email protected]

RC

2010::/48

10.1.1.0/30 10.2.1.0/30 10.0.0.0/30

2010::3

.2 .2 .2

RA3

2020::/48 EID

RB3 RA1-xTR

RB1-xTR

.1 RLOC

.1

RLOC

193.159.224.1/24 Lo0

.1 RI-MS/MR

LISP A LISP B

RA2-xTR 10.1.2.0/30

.1

RLOC

EID

10.2.2.0/30 .2 .1

2010::1

2010::2

2020::2

2020::1

RA2# sh run lisp ip lisp itr-etr ipv6 lisp itr-etr ipv6 lisp database-mapping 2010::0003/128 10.1.1.1 priority 1 weight 50 ipv6 lisp database-mapping 2010::0003/128 10.1.2.1 priority 1 weight 50 ip lisp ... ipv6 lisp itr map-resolver 10.0.0.1 ip lisp itr map-resolver 10.0.0.1 ipv6 lisp etr map-server 10.0.0.1 key 3 9125d59c18a9b015 ip lisp etr map-server 10.0.0.1 key 3 9125d59c18a9b015 RA2#

RI# sh run lisp ipv6 lisp map-resolver ip lisp map-resolver ipv6 lisp map-server ip lisp map-server lisp loc-reach-algorithm rloc-probing lisp site LISP-A eid-prefix 2010::/48 accept-more-specifics eid-prefix 153.16.1.0/24 eid-prefix 172.16.10.0/24 authentication-key 3 9125d59c18a9b015 description LISP SITE A lisp site LISP-B eid-prefix 2020::/48 accept-more-specifics eid-prefix 153.16.2.0/24 eid-prefix 172.16.20.0/24 authentication-key 3 9125d59c18a9b015 description LISP SITE B RI#







•  Q&A


•  Seamless roaming for passenger and LHSys -  Internet Access -  private VPN tunnel (passenger and LHSys)

•  Optimal traffic flow (local breakout, return)

•  Same IP-addr. for plane network (192.168.1.0/24)

•  Unique IP-addr. for plane D-ABFT = 10.11.35.73/32 à EID à NAT/PAT à WiMax-Link-Addr.

•  No additional HW at the plane (!!!)

•  2 x Intel Platform HW: LISP-VM auf ESX or KVM incl. Windows 2008 R2 servers as VM


xTR

PTR

xTR xTR

D-ABFT = 10.11.35.73/32

LHSYS Server

www.yahoo.com

LHSYS FW

Plane Net

xTR IR DB

RLOC (IPv4/IPv6) EID (IPv4/IPv6)

EID (IPv4/IPv6)

RLOC RLOC RLOC

RLOC

EID (IPv4/IPv6)







•  Q&A


•  Multiple IPv6 Networks (/48 and /64) in the car (EIDs)

•  Secure, scalable connection to HQ and to the Internet - secure = integrated encryption, if needed - scalable = 1-2 mio MN per year w/ lifespan of 5-10 years

•  Parallel use of different connections (WiFi, GMS, LTE, …) (RLOCs)

•  Prioritizing of connections (due to speed, cost, …)

•  Shortest Path (limited proxies)

•  Lean client (LISP MN) in the car possible (HW or SW)


PTR

Car DB

Car Apps

Car IPv6 Net = EID

xTR DB

xTR

RLOC (WiFi, GSM, LTE, …)

RLOC

RLOC RLOC

EID

RLOC (IPv4/IPv6) EID (IPv6)

EID







•  Q&A


3G/4G Network WiFi Network

EID: 2610:00d0:xxxx::1/128

64.0.0.1 65.0.0.1

dynamic RLOCs

static EID

dino.cisco.com


This phone is a LISP site!

Map-Server: 64.1.1.1

64.0.0.1

65.0.0.1

wifi

3G

(1) 2 MNs can roam and stay connected (2) MNs can be servers (3) MNs roam without changing DNS entries (4) MNs can use multiple interfaces (5) MNs can control ingress packet policy (6) Faster hand-offs (7) Low battery use by MS proxy-replying (8) And most importantly, packets have stretch of 1 so latency is best for delay sensitive applications

LISP-MN can scale to 1 billion hand-sets!

EID-prefix: 2610:00d0:xxxx::1/128







•  Q&A


• With real implementation experience! • With real deployment experience!

• With real customer engagement!

•  http://www.lisp4.net & http://www.lisp6.net

•  http://lisp.cisco.com

•  [email protected]


•  Platforms to date: ISR, ISRG2, 7200 (IOS) ASR 1K (IOS-XE) Nexus 7K, UCS c200, Titanium PC (NX-OS) NX-OS on VMware and KVM LISP-MN on Nexus 1 and Nexus S phones (Android Gingerbread) LISP-MN on Linux (lispmob.org) – public domain

•  Platforms this year: CRS 3 and ASR 9K (IOS-XR) Catalyst 6K (IOS) Linksys (Linux/OpenWrt) – public domain Cius Tablet (Android Froyo)

LISP Platform Products Shipping

Thank you.

version 0.2 22 march 2012 - cisco › c › dam › global › hr_hr › assets › ...© 2012 cisco...

Documents