Cisco Public© 2012 Cisco and/or its affiliates. All rights reserved. 1
Cisco IOS Advantage Webinars
LISP - A Next Generation Networking Architecture
Gregg Schudel
We’ll get started a few minutes past the top of the hour.
Note: you may not hear any audio until we get started.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Speakers
‒ Gregg Schudel
Technical Marketing Engineer, LISP Team
Panelists
‒ Darrel Lewis
Technical Leader, LISP Team
‒ Vince Fuller
Technical Leader, LISP Team
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
• Submit questions in Q&A panel and send to “All Panelists”
Avoid CHAT window for better access to panelists
• For Webex audio, select COMMUNICATE > Join Audio Broadcast
• For Webex call back, click ALLOW Phone button at the bottom of Participants side panel
• Where can I get the presentation?
https://communities.cisco.com/docs/DOC-27853
Or send email to: [email protected]
• Please fill in Survey at end of event
• Join us on February 8 for our next IOS Advantage Webinar:
Recommendations for Network Application Identification and Policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Session Agenda
LISP Overview
LISP Operations
LISP Use Cases
LISP Status
LISP Summary
LISP References
LISP Overview
LISP Operations
LISP Use Cases
LISP Status
LISP Summary
LISP References
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Session Objectives
At the end of this session, you should be able to:
− Understand the level of indirection between EID and RLOCnamespace enabled by LISP
− Understand the Address Family agnostic attributes of LISP
− Understand how the level of indirection and AF agnostic attributes enable other benefits such as inherent multi-homing support with ingress TE, inherent IPv6 transition support, inherent virtualization support, and inherent mobility support
− Understand the five major LISP Use Cases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
IP Addressing “Overloaded” Semantics
The IP address is “overloaded” on location and identity
− Today, “addressing follows topology” making efficient aggregation only available for Provider Assigned (PA) addresses
− Ingress Traffic Engineering usually requires Provider Independent (PI) addresses and sometimes the injection of “more specifics” – this limits route aggregation compactness
− IPv6 does not fix this
Route scaling issues drive system (router) costs higher
− Routers require expensive memory in the forwarding plane (FIB)
− Drivers for route scaling are seen in Data Centers and for Mobility (not just the Internet DFZ)
“… routing scalability is the most important problem facing the Internet today and must be solved … ”
Internet Architecture Board (IAB)
October 2006 Workshop (written as RFC 4984)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Locator/ID separation is not new as a concept…
Two basic approaches:
− Translation
IPv4 NAT is a common (but inefficient) way to perform Location and Identity separation
Translation has (well known) drawbacks with referrals
The translation table is limited to the router (local scope)
− Tunnels/Encapsulation (Map & Encap):
Preserves host's packet across the core
Requires a mapping function (e.g. static in the case of GRE tunnels)
A separate Mapping System is key to enabling prefix removal from the core routing table (and minimization of de-aggregation)
− NAT, for example, has a local scope known only to that device
− GRE has static end-points and explicit scope known only to configured sites
− To achieve global scope requires Mapping Database System that can provide on a dynamic basis, EID-to-RLOC relationship information
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Locator/ID Split helps resolve route scaling problems
Today’s Internet Behavior
− The “Default Free Zone” (DFZ) contains all types or routes:
Edge (site) routes
Core (Provider) route
More specifics of both types for TE purposes
− In this model, everything goes in the DFZ
Internet
DFZ
Internet
DFZMap SystemLISP
Mapping
System
LISP Behavior
− Locator/ID “split” architecture treats “core” and “site” prefixes differently
− In this model, prefixes describing core topology (locators) go in the DFZ; prefixes describing end sites (EIDs) go in the LISP mapping system
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Locator/ID split enables other (more important) benefits…
Internet
Device IPv4 or IPv6
address represents
identity and location
x.y.z.1
When the device moves, it gets
a new IPv4 or IPv6 address for
its new identity and locationw.z.y.9
Device IPv4 or IPv6
address represents
identity only
When the device moves, keeps
its IPv4 or IPv6 address.
It has the same identity
Internet
a.b.c.1
e.f.g.7
Only the location changes
x.y.z.1
x.y.z.1
Today’s Internet Behavior
LISP Behavior
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Main attributes of LISP
EID (Endpoint Identifier) is the IP address of a host – just as it is today
RLOC (Routing Locator) is the IP address of the LISP router for the host
EID-to-RLOC mapping is the distributed architecture that maps EIDs to RLOCs
Prefix Next-hopw.x.y.1 e.f.g.h
x.y.w.2 e.f.g.h
z.q.r.5 e.f.g.h
z.q.r.5 e.f.g.h
Non-LISP
RLOC Space
EID-to-RLOC
mapping
xTR
EID SpacexTR
EID RLOCa.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
MS/MR
PxTR
xTR
EID RLOCa.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID RLOCa.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID Space
Network-based solution
No host changes
Minimal configuration
No DNS changes
Address Family agnostic
Incrementally deployable (support LISP and non-LISP)
Support for mobility
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
LISP Mapping Resolution – DNS analog…
LISP “Level of Indirection” is analogous to a DNS lookup
DNS resolves IP addresses for URLs
LISP resolves locators for queried identities
host
DNS
Name-to-IP
URL Resolution
LISP
Identity-to-locator
Mapping Resolution
[ who is lisp.cisco.com ] ?
LISP
router
DNS
Server
LISP
Mapping
System
[153.16.5.29, 2610:D0:110C:1::3 ]
[ where is 2610:D0:110C:1::3 ] ?
[ locator is 128.107.81.169 ]
LISP Operations
LISP Overview
LISP Use Cases
LISP Status
LISP Summary
LISP References
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
LISP IPv4 EID/IPv4 RLOC Header Example
IPv4 Outer Header:
Router supplies
RLOCs
IPv4 Inner Header:
Host supplies
EIDs
LISP
header
UDP
draft-ietf-lisp-19
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
LISP Encapsulation Combinations – IPv4 and IPv6 Supporteddraft-ietf-lisp-19
IPv4/IPv4
IPv4
Outer
Header
IPv4
Inner
Header
UDP
LISP
IPv4/IPv6
IPv4
Outer
Header
IPv6
Inner
Header
UDP
LISP
IPv6/IPv4
IPv6
Outer
Header
IPv4
Inner
Header
UDP
LISP
IPv6/IPv6
IPv6
Outer
Header
IPv6
Inner
Header
UDP
LISP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
LISP Data Plane :: Ingress/Egress Tunnel Router (xTR)
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
packet flow packet flow
ITR – Ingress Tunnel Router• Receives packets from site-facing interfaces
• Encap to remote LISP sites, or native-fwd to
non-LISP sites
ETR – Egress Tunnel Router• Receives packets from core-facing interfaces
• De-cap, deliver packets to local EIDs at site
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
LISP Data Plane :: Unicast Packet Forwarding
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
PI EID-prefix
2001:db8:1::/48
PI EID-prefix
2001:db8:2::/48
DNS entry:
D.abc.com AAAA 2001:db8:2::1
1
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
2001:db8:1::1 -> 2001:db8:2::12
This policy controlled
by the destination site
EID-prefix: 2001:db8:2::/48
Locator-set:
12.0.0.2, priority: 1, weight: 50 (D1)
13.0.0.2, priority: 1, weight: 50 (D2)
Map-Cache Entry
3
2001:db8:1::1 -> 2001:db8:2::1
11.0.0.2 -> 12.0.0.2
4
52001:db8:1::1 -> 2001:db8:2::1
11.0.0.2 -> 12.0.0.2
6
7
2001:db8:1::1 -> 2001:db8:2::1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
LISP Control Plane :: Introduction
LISP creates a “level of indirection”
− Decouples host IDENTITY and LOCATION
− Requires dynamic IDENTITY-to-LOCATION mapping resolution
LISP Control Plane Provides On-Demand Mappings
− Control Plane is Out-of-Band
− Map-Resolver and Map-Server (similar to DNS Resolver and DNS Server)
− LISP Control Plane Messages for EID-to-RLOC resolution
− Distributed databases and map-caches hold mappings
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
LISP Control Plane :: Control Plane Messages
Control Plane EID Registration services
− Map-Register message
Sent by ETR to Map-Server to register its associated EID prefixes
Specifies the RLOC(s) to be used by the Map-Server when forwarding Map-Requests to the ETR
Control Plane “Data-triggered” mapping service
− Map-Request message
Sent by an ITR when it needs for EID/RLOC mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration
− Map-Reply message
Sent by an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress Policy for the requested EID
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
LISP Control Plane :: Map-Server/Map-Resolver (MS/MR)
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
MR MS
MS – Map-Server• LISP site ETRs Register their EID prefixes
here; requires configured “lisp site” policy,
authentication key
• Injects routes for registered site EID prefixes
into BGP ALT topology
• Receives Map-Requests via ALT and
forwards them to registered ETRs
MR – Map-Resolver• Receives Map-Request from ITR.
• Forwards Map-Request onto ALT topology
• Sends Negative Map-Replies in response
to Map-Requests for non-LISP sites
NOTE:
An MR/MS need not be deployed
as a router. A 1RU server can be
used to implement the LISP
control plane, for example.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
LISP Control Plane :: Mapping Database (ETR), Map-Cache (ITR)
MR MS
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
LISP Site Mapping-Database (ETR)
• EID-to-RLOC mappings in all ETRs for local LISP site
• ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs
• ETRs can tailor policy based on Map-Request source
• Decentralization increases attack resiliency
LISP Map Cache (ITR)
• “Lives” on ITRs and only stores mappings for sites to which ITR is currently sending packets.
• Map-Cache populated by sending Map-Requests and receiving Map-Replies from ETRs
• ITRs must respect Map-Reply policy, including TTLs, RLOC up/down status, RLOC priorities/weights
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
LISP Control Plane :: Map Registration Example
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
PI EID-prefix
2001:db8:1::/48
PI EID-prefix
2001:db8:2::/48
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
66.2.2.2
MR MS
1
12.0.0.2-> 66.2.2.2
LISP Map-Register
(udp 4342)
SHA-2
2001:db8:2::/48
12.0.0.2, 13.0.0.2
Other 2001:db8::/32 sites…
2
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
LISP Control Plane :: Map Request/Map Reply Example
66.2.2.2
MR MS
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
PI EID-prefix
2001:db8:1::/48
PI EID-prefix
2001:db8:2::/48
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
DNS entry:
D.abc.com AAAA 2001:db8:2::1
1
2001:db8:1::1 -> 2001:db8:2::12
How do I get to
2001:db8:2::1?
3
11.0.0.2-> 66.2.2.2
LISP ECM
(udp 4342)
11.0.0.2 -> 2001:db8:2::1
Map-Request
(udp 4342)
nonce
4
66.2.2.2-> 12.0.0.2
LISP ECM
(udp 4342)
11.0.0.2 -> 2001:db8:2::1
Map-Request
(udp 4342)
nonce
5
12.0.0.2 ->11.0.0.2
Map-Reply
(udp 4342)
nonce
2001:db8:2::/48
12.0.0.2 [1, 50]
13.0.0.2 [1, 50]
EID-prefix: 2001:db8:2::/48
Locator-set:
12.0.0.2, priority: 1, weight: 50 (D1)
13.0.0.2, priority: 1, weight: 50 (D2)
Map-Cache Entry
6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
LISP Control Plane :: Proxy Map Reply Example
MR MS
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
PI EID-prefix
2001:db8:1::/48
PI EID-prefix
2001:db8:2::/48
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.25
66.2.2.2->11.0.0.2
Map-Reply
(udp 4342)
nonce
2001:db8:2::/48
12.0.0.2 [1, 50]
13.0.0.2 [1, 50]
66.2.2.2
3
11.0.0.2-> 66.2.2.2
LISP ECM
(udp 4342)
11.0.0.2 -> 2001:db8:2::1
Map-Request
(udp 4342)
nonce
EID-prefix: 2001:db8:2::/48
Locator-set:
12.0.0.2, priority: 1, weight: 50 (D1)
13.0.0.2, priority: 1, weight: 50 (D2)
Map-Cache Entry
6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
LISP Control Plane :: Negative Map Reply Example
66.2.2.2
MR MS
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
PI EID-prefix
2001:db8:1::/48
PI EID-prefix
2001:db8:2::/48
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
2001:db8:1::1 -> 2001:db8:f000::11
How do I get to
2001:db8:F000::1?
2
11.0.0.2-> 66.2.2.2
LISP ECM
(udp 4342)
11.0.0.2 -> 2001:db8:f000::1
Map-Request
(udp 4342)
nonce
3
66.2.2.2->11.0.0.2
Negative-Map-Reply
(udp 4342)
nonce
2001:db8:8000::/21
EID-prefix: 2001:8000::/21
forward-native
Map-Cache Entry
4
NOTE:
The actual “covering prefix” returned in an NMR
depends on the number and distribution of EID
prefixes in the Mapping System. The NMR prefix
will cover the shortest prefix that doesn’t cover
any LISP Sites in the Mapping System
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
LISP Interworking :: Day-One Incremental Deployment
Early Recognition
− LISP will not be widely deployed day-one
− Up-front recognition of an incremental deployment plan
Interworking for:
− LISP-sites to non-LISP sites (e.g. the rest of the Internet)
− non-LISP sites to LISP-sites
Two basic Techniques:
− Proxy ITR (PITR) and Proxy ETR (PETR)
− LISP Network Address Translators (LISP-NAT)
Proxy-ITR/Proxy-ETR are being deployed today
− Infrastructure LISP network entity
− Creates a monetized service opportunity for infrastructure players
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
IPv6
Internet
LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR)
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
MR MS
PITR PETR
PETR – Proxy ETR
• Allows a LISP Site in one AF [IPv4 or IPv6]
and the opposite RLOC [IPv6 or IPv4] to
reach non-LISP sites in that AF [IPv4 or
IPv6] (AF-hop-over)
• Allows LISP sites with uRPF restrictions to
reach non-LISP sites
PITR – Proxy ITR
• Receives traffic from non-LISP sites and encapsulates it to LISP sites
• Advertises coarse-aggregate EID prefixes
• LISP sites see ingress TE “day-one” (*)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
IPv6
Internet
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
Provider X
12.0.0.0/8
Provider Y
13.0.0.0/8
ETR
ITR
ETR
ITR
xTR-1
LISP Site 2
xTR-2
ETR
ITR
ETR
ITR
D
MR MS
PITR PETR
PI EID-prefix
2001:db8:1::/48
PI EID-prefix
2001:db8:2::/48
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
2001:f:f::1 2001:f:e::1
10.9.1.1 12.9.2.1
2001:db8::/32
Non-LISP
v6 Site
2001:d:1::1
2001:d:1::1 -> 2001:db8:2::1
1
2001:d:1::1 -> 2001:db8:2::1
10.9.1.1 -> 12.0.0.2
2
3
2001:d:1::1 -> 2001:db8:2::1
4
2001:db8:2::1 -> 2001:d:1::12001:db8:2::1 -> 2001:d:1::1
12.0.0.2 -> 12.9.2.1
5
6
2001:db8:2::1 -> 2001:d:1::1
LISP Interworking :: Proxy Ingress/Egress Tunnel Routers (PITR/PETR)
LISP Use Cases
LISP Overview
LISP Operations
LISP Status
LISP Summary
LISP References
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Five Core LISP Use Cases
1. Efficient Multihoming
2. IPv6 Transition Support
3. Efficient Virtualization/Multi-Tenancy
4. Data Center/VM Mobility
5. LISP Mobile-Node
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
LISP Use Case 1 :: Efficient Multihoming Support
Needs:
‒ Site connectivity to multiple providers
‒ Low OpEx/CapEx
LISP Solution:
‒ LISP provides a streamlined solution for handling multi-provider connectivity and policy without BGP complexity
Benefits:
‒ OpEx-friendly Multi-homing across different providers
‒ Simple policy management
‒ Ingress Traffic Engineering
LISP
routers
LISP
Site
Internet
Applicability:
Branch sites where multihoming is
traditionally too expensive
Useful in all other LISP Use Cases
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
LISP Use Case 1 :: Efficient Multihoming – example/requirements
Multi-Homed Remote-Sites:
‒ Site connectivity to multiple providers
‒ More than 400 remote sites (some with limited physical access)
‒ Need to be “as robust as possible”
‒ T-1 (~$600/month) + dial-backup cost prohibitive vs. 3G access (~$60/month)
Necessary Features:
‒ IOS Firewall and NAT for Internet Access
‒ Mixed of dynamic (DHCP) and Static Interface IP address (RLOC)
LISP Design:
‒ Private LISP Mapping System (MS/MR) carrying RFC1918 EIDs
‒ ASR1002s (2) at Hub Site
‒ C2811s w/ 3G-HWICs at remote sites (2 each)
‒ NAT to Internet, IOS FW, DHCP
‒ Active/Backup minimum, Active/Active “stretch goal” for WAN utilization
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Internet
LISP
Hub Site
Corporate Data Center
Carrier 1
3G
Carrier 2
3G
3G
HWIC
3G
HWIC
LISP Spoke SitesX 400
. . .. . .
Customer
Network
3G
HWIC
3G
HWIC3G
HWIC
3G
HWIC3G
HWIC
3G
HWIC
172.16.1.1172.16.1.5
10.10.1.0/2410.10.0.0/24 10.10.x.0/24 10.10.y.0/24
10.0.0.0/16 ASR 1002 (pair)
• Map-Server/Map-Resolver
for private LISP mapping
• xTR for LISP encap/decap
ISR (2811) (all sites)
• xTR at Remote LISP site
• Dual 3G-HWICs
• RFC1918 EID Space
• DHCP or static RLOCs
• DHCP server for internal hosts
• NAT/IOS FW to Internet
LISP Use Case 1 :: Efficient Multihoming – example/overview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Internet
LISP
Hub Site
Corporate Data Center
Carrier 1
3G
Carrier 2
3G
3G
HWIC
3G
HWIC
LISP Spoke SitesX 400
. . .. . .
Customer
Network
3G
HWIC
3G
HWIC3G
HWIC
3G
HWIC3G
HWIC
3G
HWIC
172.16.1.1172.16.1.5
10.10.1.0/2410.10.0.0/24 10.10.x.0/24 10.10.y.0/24
10.0.0.0/16
3G
HWIC
3G
HWIC
router lispdatabase-mapping 10.10.1.0/24 ipv4-interface
cell0/0/0 priority 1 weight 50database-mapping 10.10.1.0/24 ipv4-interface
cell0/0/1 priority 1 weight 50ip itrip etrip itr map-resolver 172.16.1.1ip itr map-resolver 172.16.1.5ip etr map-server 172.16.1.1 key *****ip etr map-server 172.16.1.5 key *****
LISP Use Case 1 :: Efficient Multihoming – example/configurations
router lispsite All-Siteseid-prefix 10.0.0.0/16eid-prefix 10.10.0.0/16 accept-more-specificsauthentication-key 0 xxxxxxexit
database-mapping 10.0.0.0/16 172.16.1.5 priority 1 weight 50database-mapping 10.0.0.0/16 172.16.1.1 priority 1 weight 50ipv4 map-serveripv4 map-resolver ipv4 itripv4 etrip itr map-resolver 172.16.1.1ip itr map-resolver 172.16.1.5ip etr map-server 172.16.1.1 key *****ip etr map-server 172.16.1.5 key *****
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Internet
LISP
Hub Site
Corporate Data Center
Carrier 1
3G
Carrier 2
3G
3G
HWIC
3G
HWIC
LISP Spoke SitesX 400
. . .. . .
Customer
Network
3G
HWIC
3G
HWIC3G
HWIC
3G
HWIC3G
HWIC
3G
HWIC
172.16.1.1172.16.1.5
10.10.1.0/2410.10.0.0/24 10.10.x.0/24 10.10.y.0/24
10.0.0.0/16
10.10.0.1 -> 10.0.0.1
10.10.0.1 -> 10.0.0.1
172.17.1.1 -> 172.16.1.1
10.10.0.1
10.0.0.1
172.17.1.1
10.10.0.1 -> 10.0.0.110.0.0.1 -> 10.10.0.1
10. 0.0.1 -> 10.10.0.1
172.16.1.1 -> 172.17.1.1
10.0.0.1 -> 10.10.0.1
1
2
34
5
6
LISP Use Case 1 :: Efficient Multihoming – example/packet flows
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Internet
LISP
Hub Site
Corporate Data Center
Carrier 1
3G
Carrier 2
3G
3G
HWIC
3G
HWIC
LISP Spoke SitesX 400
. . .. . .
Customer
Network
3G
HWIC
3G
HWIC3G
HWIC
3G
HWIC3G
HWIC
3G
HWIC
172.16.1.1172.16.1.5
10.10.1.0/2410.10.0.0/24 10.10.x.0/24 10.10.y.0/24
10.0.0.0/16
3G
HWIC
3G
HWIC
LISP is executed in CEF.
Any CEF process should
be available when LISP
is enabled. Commonly
used CEF functions that
have been tested
include:
Access Control Lists
Network Address Translation
Quality of Service
Flexible NetFlow IPSec
IOS Firewall
IOS Intrusion Protection Srvc
Flexible Packet Matching
12.1.1.5
VzW
Internet
13.1.1.5
10.0.0.0/16
VzW
Cellular0/3/0 Cellular0/3/1
10.10.0.0/24
ip nat inside
ip inspect out
ip access-group 101 in
ip address negotiated
ip verify unicast source reachable-via rx
ip nat outside
LISP Use Case 1 :: Side Note – other IOS feature interactions
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Needs:
Rapid IPv6 Deployment
Minimal Infrastructure disruption
LISP Solution:
LISP encapsulation is Address Family agnostic, allowing for IPv6 over an IPv4 core, or IPv4 over an IPv6 core
Benefits:
Accelerated IPv6 adoption
Minimal added configurations
No core network changes
Can be used as a transitional or as a permanent solution
IPv4
Internet
IPv6
Internet
v6
v6v4
PxTR
IPv4 Core
v6
xTRv6 service
IPv4
Internet IPv4
Enterprise
Core
v6v4
v6
v6
islandIPv4 Enterprise
Core
v6
xTRv6
island
xTR
IPv6 Internet
IPv4
access &
Internet
PxTRv6
v6 home
Network
.
v6 home
Network
v6 home
Network
xTR
xTR
xTR
PxTR
PxTR
v6
.v6 site
v6v4
Connecting IPv6 Islands
IPv6 Transition Support
IPv6 Access Support
LISP Use Case 2 :: IPv6 Transition Support
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
LISP Use Case 2 :: Side Note – IPv6 transition strategies
LISP provides AF “hop-over” support…
If you’re carrying IPv6 packets, you still need to work with IPv6 packets at the receiving site… Essentially, there are 3 ways to do this:
1. Add 6-to-4 translation
support…
2. Add New IPv6 Servers
and infrastructure
3. Dual-stack the
existing infrastructure
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
LISP Use Case 2 :: IPv6 Transition – example/requirements
IPv6 access to company web site:
Existing IPv4 WAN connectivity available only immediately
Local web site content deployed on new and separate infrastructure
LISP demonstration site acceptable
Necessary Features:
IOS router running LISP capable image
Internal infrastructure (switches, web servers) running dual-stack (IPv4, IPv6)
LISP Design:
Cisco 7200 routers (2) at LISP Site as xTRs
Cisco 3750 switches (2), and Linux servers (2) for web site content
IPv4 and IPv6 EID allocations from LISP Beta Network
(note: could have done a “bring your own” IPv6 PI block)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
sjc17-dmza-lisp-sw1
3750
sjc17-dmza-lisp-sw2
3750
SJC17 DMZ
sjc17-dmza-gw1 sjc17-dmza-gw2
sjc17-dmza-lisp-gw1
7200
sjc17-dmza-lisp-gw2
7200
Linux server 1 Linux server 2
vlan vlandot1q
xTR – Cisco 7200
• deployed “On-Path” (in the
natural egress data path)
• advertises in 153.16.5/24 into
OSPF, and 2610:d0:110c::/48
into OSPFv3
• Advertises default-originate to
switchesInternal Switch: Cisco 3750
• 0/0 to GW learned via OSPF,
OSPFv3
Servers: Linux 1RU
• Linux, dual-stacked, running
Apache
DNS lisp6.cisco.com AAAA 2610:d0:110c:1::3AAAA 2610:d0:110c:1::4
DNS lisp4.cisco.com A 153.16.5.29A 153.16.5.30
DNS lisp.cisco.com A 153.16.5.29A 153.16.5.30AAAA 2610:d0:110c:1::3AAAA 2610:d0:110c:1::4
LISP Use Case 2 :: IPv6 Transition – example/overview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
OSPF
OSPFv3
sjc17-dmza-lisp-sw1
3750
sjc17-dmza-lisp-sw2
3750
SJC17 DMZ
sjc17-dmza-gw1 sjc17-dmza-gw2
sjc17-dmza-lisp-gw1
7200
sjc17-dmza-lisp-gw2
7200
Linux server 1 Linux server 2
vlan vlandot1q
Default Route:
153.16.5.26
2610:d0:110c:1::2
153.16.5.30/29
2610:d0:110c:1::4/64
153.16.5.29/29
2610:d0:110c:1::3/64
Default Route:
153.16.5.25
2610:d0:110c:1::1
153.16.5.26/29
2610:d0:110c:1::2/64
153.16.5.25/29
2610:d0:110c:1::1/64
DNSDNS
L0
128.107.81.169/32
L0
128.107.81.170/32
LISP Use Case 2 :: IPv6 Transition – example/addressing
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
OSPF
OSPFv3
sjc17-dmza-lisp-sw1
3750
sjc17-dmza-lisp-sw2
3750
SJC17 DMZ
sjc17-dmza-gw1 sjc17-dmza-gw2
sjc17-dmza-lisp-gw1
7200
sjc17-dmza-lisp-gw2
7200
Linux server 1 Linux server 2
vlan vlandot1q
! router lispdatabase-mapping 153.16.5.0/24 128.107.81.169 priority 1 weight 50database-mapping 153.16.5.0/24 128.107.81.170 priority 1 weight 50database-mapping 2610:D0:110C::/48 128.107.81.169 priority 1 weight 50database-mapping 2610:D0:110C::/48 128.107.81.170 priority 1 weight 50ipv4 itr map-resolver 173.36.254.164ipv4 itr map-resolver 198.6.255.37ipv4 itripv4 etr map-server 198.6.255.37 key ***********ipv4 etr map-server 173.36.254.164 key ***********ipv4 etripv6 use-petr 69.31.31.98ipv6 use-petr 149.20.48.60ipv6 itr map-resolver 173.36.254.164ipv6 itr map-resolver 198.6.255.37ipv6 itripv6 etr map-server 198.6.255.37 key ***********ipv6 etr map-server 173.36.254.164 key ***********ipv6 etr!ipv6 route ::/0 Null0
IPv6 default to Null0 allows
LISP to process packets
IPv4 default route learned
through OSPF with GWs
LISP Use Case 2 :: IPv6 Transition – example/configurations
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
OSPF
OSPFv3
sjc17-dmza-lisp-sw1
3750
sjc17-dmza-lisp-sw2
3750
SJC17 DMZ
sjc17-dmza-gw1 sjc17-dmza-gw2
sjc17-dmza-lisp-gw1
7200
sjc17-dmza-lisp-gw2
7200
Linux server 1 Linux server 2
vlan vlandot1q
L0
128.107.81.169/32
L0
128.107.81.170/32
Sjc17-dmza-lisp-gw1#show ip lisp databaseLISP ETR IPv4 Mapping Database, LSBs: 0x3, 1 entries
EID-prefix: 153.16.5.0/24128.107.81.169, priority: 1, weight: 50, state: site-self, reachable128.107.81.170, priority: 1, weight: 50, state: site-other, report-reachable
Sjc17-dmza-lisp-gw1#show ipv6 lisp database LISP ETR IPv6 Mapping Database, LSBs: 0x3, 1 entries
EID-prefix: 2610:D0:110C::/48128.107.81.169, priority: 1, weight: 50, state: site-self, reachable128.107.81.170, priority: 1, weight: 50, state: site-other, report-reachable
Sjc17-dmza-lisp-gw1#
LISP Use Case 2 :: IPv6 Transition – example/results
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
IPv6
Internet
IPv4
Internet
Non-LISP
IPv6 Site
PETRPITR
MSMR
S6
DNS
lisp.cisco.com ????AAAA lisp.cisco.com D6
S6D6
S4
SP1
SP2Cisco
IPv4
IPv4
IPv4/IPv6 Servers
v4Production v4 VIP
xTR
v6Production v6 VIP
v6 all
the way!
S6D6
D4
D6 ???D6 D4
S4D4 S6D6
D6
LISP Use Case 2 :: IPv6 Transition – example/packet flows
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
LISP Use Case 2 :: IPv6 Transition – other happy customers ;-)
http://honeysuckle.noc.ucla.edu/cgi-bin/smokeping.cgi?target=LISP
Ciscolisp.cisco.com (AAAA: 2610:d0:110c:1::3, ::4)
Facebookwww.lisp6.facebook.com (AAAA: 2610:D0:FACE::9)
Qualcommwww.ipv6.eudora.com (AAAA: 2610:d0:120d::10)
jobs.qualcomm.com (no longer AAAA)
Deutsche Bankwww.ipv6-db.com (AAAA: 2610:d0:2113:3::3)
Munich Airportlisp6.munich-airport.de (AAAA: 2610:d0:211d:1::2)
Isarnetlisp.isarnet.net (AAAA: 2610:d0:211f:fffe::101)
InTouchwww.lisp.intouch.eu (AAAA: 2610:d0:210f:100::101)
World IPv6 Day Sites using LISP
World IPv6 Day Sites Statistics (and current)
http://nanog.org/meetings/nanog50/presentations/Tuesday/NANOG
50.Talk9.lee_nanog50_atlanta_oct2010_007_publish.pdf
Facebook IPv6 Experience with LISP"LISP is the easiest and most painless solution to bring
IPv6 access to our critical Internet facing servers. We
required a few IPv6 addresses, $0 cost and 1/2 hour to
setup. We made no provisions with our
WAN/upstreams and no network infrastructure
changes.”Rick Martin, State Network Engineering Lead, State of Arkansas
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy Support
Needs:
Integrated Segmentation
Minimal Infrastructure disruption
Global scale and interoperability
LISP Solution:
24-bit LISP Instance-ID segments control plane and data plane, with VRF binding to the Instance-ID
Benefits:
Very high scale tenant segmentation
Global mobility + high scale segmentation integrated in single IP solution
IP-based “overlay” solution, transport independent
No Inter-AS complexity
Applicability:
Multi-provider Core
Encryption can be added
IP Network
West
DC
LISP Site
Legacy
Site
Legacy
Site
Legacy
Site
East
DC
PxTR
Mapping
DB
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Concepts
Recalling that… LISP is “Locator/ID” separation… and creates two namespaces: EIDs and RLOCs
LISP Virtualization:
- Considers both EID and RLOC namespaces; either or both can be virtualized
- EID virtualization is enabled using LISP Instance-IDs in conjunction with VRFs
- RLOC virtualization is enabled in conjunction with VRFs
- Instance-IDs maintain address space segmentation in both the control plane and data plane
- Instance-IDs are numerical tags defined in the LISP Canonical Address Format (LCAF) draft
a 24-bit unstructured number
Data-plane: in LISP encapsulation header
Control-plane: EID encoded in LCAF format
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Shared Model
Shared Model – at the device level
- Multiple EID-prefixes are allocated privately using VRFs
- EID lookups are in the VRF associated with an Instance-ID
- All RLOC lookups are in a single table – default
- The Mapping System is part of the locator address space and is shared
• Single RLOC namespace
• Default table or RLOC VRF
To RLOC namespace
To VPNs
(MPLS, 802.1Q,
VRF-Lite, or
separate
networks)
• EID namespace,
VRF Pink, IID 1
• EID namespace,
VRF Blue, IID 2
Default
Pink
Blue
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
LISP Use Case 3 :: Efficient Virtualization/Multi-Tenancy – Parallel Model
Parallel Model – at the device level
- Multiple EID-prefixes are allocated privately using VRFs
- EID lookups are in the VRF associated with an Instance-ID
- RLOC lookups are in the VRF associated with the locator table
- A Mapping System must be part of each locator address space
• RLOC uses Blue
namespace
To VPNs
(MPLS, 802.1Q,
VRF-Lite, or
separate
networks)
• EID namespace,
VRF Pink, IID 1
• EID namespace,
VRF Blue, IID 2
Default
• RLOC uses Pink
namespace To VPNs (MPLS,
802.1Q, VRF-Lite,
or separate
networks)
Pink
Blue
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
LISP Use Case 3 :: Efficient Virtualization – example/overview
Loop0172.31.1.12/32
xTR
MS/MR
Gig1/1/0172.16.1.2/30
HQ Site
Loop0172.31.1.2/32
xTR
10.1.2.0/24 10.3.2.0/2410.2.2.0/24
vrf
vrf
vrf
Gig1/1/0172.16.2.2/30
Site-2
Loop0172.31.1.3/32
xTR
10.1.3.0/24 10.3.3.0/2410.2.3.0/24
vrf
vrf
vrf
Gig1/1/0172.16.3.2/30
Site-3
Loop0172.31.1.11/32
xTR
MS/MR
Gig1/1/0172.16.1.6/30
10.1.1.0/24 10.3.1.0/2410.2.1.0/24
vrf
vrf
vrf
TransactionsFinance
SOC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
IOS/XE
router lispeid-table default instance-id 0database-mapping 172.31.1.1/32 172.16.1.2 priority 1 weight 50 database-mapping 172.31.1.1/32 172.16.1.6 priority 1 weight 50exit
!eid-table vrf TRANS instance-id 1database-mapping 10.1.1.0/24 172.16.1.2 priority 1 weight 50database-mapping 10.1.1.0/24 172.16.1.6 priority 1 weight 50exit
!eid-table vrf SOC instance-id 2database-mapping 10.2.1.0/24 172.16.1.2 priority 1 weight 50database-mapping 10.2.1.0/24 172.16.1.6 priority 1 weight 50 exit
!eid-table vrf FIN instance-id 3database-mapping 10.3.1.0/24 172.16.1.2 priority 1 weight 50database-mapping 10.3.1.0/24 172.16.1.6 priority 1 weight 50 exit
!
hostname HQ-RTR-1!vrf definition TRANS---<skip>---!vrf definition SOC---<skip>---!vrf definition FIN---<skip>---!interface Loopback0ip address 172.31.1.1 255.255.255.255!interface GigabitEthernet0/0/0ip address 172.16.1.2 255.255.255.252negotiation auto!interface GigabitEthernet0/0/1vrf forwarding TRANSip address 10.1.1.1 255.255.255.0negotiation auto!interface GigabitEthernet0/0/2vrf forwarding SOCip address 10.2.1.1 255.255.255.0negotiation auto!interface GigabitEthernet0/0/3vrf forwarding FINip address 10.3.1.1 255.255.255.0negotiation auto!
Main Configs…
Combo xTR/MS/MR at Hub Site
-- this is the “xTR” part of the config
LISP Use Case 3 :: Efficient Virtualization – example/configurations
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
router lisp---<continued>---!site All-Sitesauthentication-key secreteid-prefix 172.31.1.0/24 accept-more-specificseid-prefix instance-id 3 10.3.0.0/16 accept-more-specificseid-prefix instance-id 2 10.2.0.0/16 accept-more-specificseid-prefix instance-id 1 10.1.0.0/16 accept-more-specificsexit
!ipv4 map-serveripv4 map-resolveripv4 itr map-resolver 172.16.1.2ipv4 itr map-resolver 172.16.1.6ipv4 itripv4 etr map-server 172.16.1.2 key S3CR3Tipv4 etr map-server 172.16.1.6 key S3CR3Tipv4 etrexit!ip route 0.0.0.0 0.0.0.0 172.16.1.1
IOS/XE
LISP Use Case 3 :: Efficient Virtualization – example/configurations
Main Configs…
Combo xTR/MS/MR at Hub Site
-- this is the “MS” part of the config
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
hostname SITE-2!vrf definition TRANS---<skip>---!vrf definition SOC---<skip>---!vrf definition FIN---<skip>---!interface Loopback0ip address 172.31.1.2 255.255.255.255!interface GigabitEthernet0/0/0ip address 172.16.2.2 255.255.255.252negotiation auto!interface GigabitEthernet0/0/1vrf forwarding TRANSip address 10.1.2.1 255.255.255.0negotiation auto!interface GigabitEthernet0/0/2vrf forwarding SOCip address 10.2.2.1 255.255.255.0negotiation auto!interface GigabitEthernet0/0/3vrf forwarding FINip address 10.3.2.1 255.255.255.0negotiation auto!
router lispeid-table default instance-id 0database-mapping 172.31.1.2/32 172.16.2.2 priority 1 weight 100exit
!eid-table vrf TRANS instance-id 1database-mapping 10.1.2.0/24 172.16.1.2 priority 1 weight 100exit
!eid-table vrf SOC instance-id 2database-mapping 10.2.2.0/24 172.16.1.2 priority 1 weight 100exit
!eid-table vrf FIN instance-id 3database-mapping 10.3.2.0/24 172.16.1.2 priority 1 weight 100exit
!ipv4 itr map-resolver 172.16.1.2ipv4 itr map-resolver 172.16.1.6ipv4 itripv4 etr map-server 172.16.1.2 key S3CR3Tipv4 etr map-server 172.16.1.6 key S3CR3Tipv4 etrexit!ip route 0.0.0.0 0.0.0.0 172.16.2.1
IOS/XE
LISP Use Case 3 :: Efficient Virtualization – example/configurations
Spoke Configs…
-- this is the “xTR” part of the config
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
HQ-RTR-1#ping ?WORD Ping destination address or hostname---<skip>---vrf Select VPN routing instance
HQ-RTR-1#ping vrf SOC 10.2.2.1 source 10.2.1.1 rep 100Type escape sequence to abort.Sending 100, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:Packet sent with a source address of 10.2.1.1 ..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/4 msHQ-RTR-1#--OR--HQ-RTR-1#ping vrf SOCProtocol [ip]:Target IPv6 address: 10.2.2.1Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands? [no]: ySource address or interface: 10.2.1.1---<skip>---Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:Packet sent with a source address of 10.2.1.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 msHQ-RTR-1#
HQ-RTR-1#show ip lisp map-cache eid-table vrf SOCLISP IPv4 Mapping Cache for EID-table vrf SOC (IID 2), 2 entries
0.0.0.0/0, uptime: 00:12:04, expires: never, via static send map-requestNegative cache entry, action: send-map-request
10.2.2.0/24, uptime: 00:09:12, expires: 23:50:40, via map-reply, completeLocator Uptime State Pri/Wgt172.16.2.2 00:09:12 up 1/1
HQ-RTR-1#
IOS/XE
LISP Use Case 3 :: Efficient Virtualization – example/results
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
LISP Use Case 4 :: Data Center/VM Mobility Support
• Needs:
VM-Mobility extending subnets andacross subnets
Move detection, dynamic EID-to-RLOC mappings, traffic redirection
• LISP Solution:
OTV + LISP for VM-moves extending subnets
LISP for VM-moves across subnets
• Benefits:Seamless, integrated, global workload mobility
Direct Path (no triangulation)
Connections survive across moves
No routing re-convergence, no DNS updates
Global Scalability (cloud bursting)
IPv4/IPv6 Support
ARP elimination
Data
Center 1
Data
Center 2
a.b.c.1
VM
a.b.c.1
VM
VM move
LISP
routerLISP
router
Internet
Applicability:
VM OS agnostic
Services Creation (disaster
recovery, cloud burst, etc.)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
LISP Use Case 4 :: Data Center/VM Mobility – example/overview
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
Server A Moves
Across Subnets
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/configurations
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
Server A Moves
Across Subnets
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
feature lisp ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 192.168.13.2 priority 1 weight 50 ip lisp database-mapping 10.1.0.0/16 192.168.13.6 priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco
lisp dynamic-eid LISP_ACROSS_SUBNETdatabase-mapping 10.1.1.0/24 192.168.13.2
priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.13.6
priority 1 weight 50 map-notify-group 239.1.1.11
interface Vlan907 ip address 10.1.1.3/24 lisp mobility LISP_ACROSS_SUBNET ip proxy-arp
hsrp 17 mac-address 0000.0E1D.010C preempt delay minimum 300 priority 190ip 10.1.1.1
feature lisp ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 192.168.13.2 priority 1 weight 50 ip lisp database-mapping 10.1.0.0/16 192.168.13.6priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco
lisp dynamic-eid LISP_ACROSS_SUBNETdatabase-mapping 10.1.1.0/24 192.168.13.2
priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.13.6
priority 1 weight 50 map-notify-group 239.1.1.11
interface Vlan907 ip address 10.1.1.2/24 lisp mobility LISP_ACROSS_SUBNET ip proxy-arp
hsrp 17 mac-address 0000.0E1D.010C preempt delay minimum 300 priority 200 ip 10.1.1.1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/configurations
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
Server A Moves
Across Subnets
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
feature lisp ip lisp itr-etrip lisp database-mapping 10.2.0.0/16 192.168.23.2 priority 1 weight 50 ip lisp database-mapping 10.2.0.0/16 192.168.23.6 priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco
lisp dynamic-eid LISP_ACROSS_SUBNETdatabase-mapping 10.1.1.0/24 192.168.23.2
priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.23.6
priority 1 weight 50 map-notify-group 239.1.1.12
interface Vlan907 ip address 10.2.2.2/24 lisp mobility LISP_ACROSS_SUBNET ip proxy-arp
hsrp 17 mac-address 0000.0E1D.010C preempt delay minimum 300 priority 200 ip 10.2.2.1
feature lisp ip lisp itr-etrip lisp database-mapping 10.2.0.0/16 192.168.23.2 priority 1 weight 50 ip lisp database-mapping 10.2.0.0/16 192.168.23.6 priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco
lisp dynamic-eid LISP_ACROSS_SUBNETdatabase-mapping 10.1.1.0/24 192.168.23.2
priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.23.6
priority 1 weight 50 map-notify-group 239.1.1.12
interface Vlan907 ip address 10.2.2.3/24 lisp mobility LISP_ACROSS_SUBNET ip proxy-arp
hsrp 17 mac-address 0000.0E1D.010C preempt delay minimum 300 priority 190ip 10.2.2.1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
Server A Moves
Across Subnets
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/configurations
feature lisp ip lisp itr-etrip lisp database-mapping 10.1.0.0/16 192.168.13.2 priority 1 weight 50 ip lisp database-mapping 10.1.0.0/16 192.168.13.6priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco
lisp dynamic-eid LISP_ACROSS_SUBNETdatabase-mapping 10.1.1.0/24 192.168.13.2
priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.13.6
priority 1 weight 50 map-notify-group 239.1.1.11
interface Vlan907 ip address 10.1.1.2/24 lisp mobility LISP_ACROSS_SUBNET ip proxy-arp
hsrp 17 mac-address 0000.0E1D.010C preempt delay minimum 300 priority 200 ip 10.1.1.1
feature lisp ip lisp itr-etrip lisp database-mapping 10.2.0.0/16 192.168.23.2 priority 1 weight 50 ip lisp database-mapping 10.2.0.0/16 192.168.23.6 priority 1 weight 50 ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco
lisp dynamic-eid LISP_ACROSS_SUBNETdatabase-mapping 10.1.1.0/24 192.168.23.2
priority 1 weight 50 database-mapping 10.1.1.0/24 192.168.23.6
priority 1 weight 50 map-notify-group 239.1.1.12
interface Vlan907 ip address 10.2.2.3/24 lisp mobility LISP_ACROSS_SUBNET ip proxy-arp
hsrp 17 mac-address 0000.0E1D.010C preempt delay minimum 300 priority 190ip 10.2.2.1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
Server A Moves
Across Subnets
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/configurations
feature lisp ip lisp map-resolver ip lisp map-server lisp site BRANCHeid-prefix 10.3.3.0/24authentication-key cisco
lisp site DATA_CENTEReid-prefix 10.1.0.0/16eid-prefix 10.2.0.0/16 eid-prefix 10.1.1.0/24 accept-more-specifics authentication-key cisco
feature lispip lisp itr-etrip lisp database-mapping 10.3.3.0/24 172.16.10.1 priority 1 weight 1ip lisp itr map-resolver 10.100.1.1ip lisp etr map-server 10.100.1.1 key cisco
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
Server A Moves
Across Subnets
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows
Before Move
10.3.3.3 -> 10.1.1.11
172.16.10.1 -> 192.168.13.6
10.3.3.3 -> 10.1.1.11
10.3.3.3 -> 10.1.1.11
10.1.1.11 -> 10.3.3.3
192.168.13.6 -> 172.16.10.1
10.1.1.11 -> 10.3.3.3
10.1.1.11 -> 10.3.3.3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
Server A Moves
Across Subnets
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows
10.4.4.4 -> 10.1.1.11
172.17.4.4 -> 192.168.13.6
10.4.4.4 -> 10.1.1.11
10.4.4.4 -> 10.1.1.11
10.1.1.11 -> 10.4.4.4
10.1.1.11 -> 10.4.4.4
Before Move
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows
VM Move/LISP Updates
VM1 : 10.1.1.11/24
1: VM-Moves
2: Move detected3: Peer move notify
4: Register /32
5: Map-Notify
previous registrant
6: Peer move notify
7: “SMR” prior talkers
(map-cache entry and
data-driven)
8: Map-Req/Map-Rep
updates map-cache info
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows
IP Network
10.3.0.3 -> 10.1.1.11
172.16.10.1 -> 192.168.23.2
10.3.3.3 -> 10.1.1.11
10.3.3.3 -> 10.1.1.11
10.1.1.11 -> 10.3.0.3
192.168.23.2 -> 172.16.10.1
10.1.1.11 -> 10.3.0.3
After Move
Same!
New!
10.1.1.11 -> 10.3.3.3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
VM-mobxTR
IP Network
Mapping
System10.100.1.1
10.2.0.0/16
East-DC
Non-LISP Site
A: 192.168.13.2 B: 192.168.13.6 C: 192.168.23.2 D: 192.168.23.6
VM2 : 10.1.1.12/24 VM1 : 10.1.1.11/24
West-DC
10.1.0.0/16
VM3 : 10.2.2.2/24
xTR
LISP Site
10.3.3.0/24
H1 : 10.3.3.3/24
172.16.10.1 172.17.4.4
H2 : 10.4.4.4/24
VM-mobxTR
PxTR
NX-OS
LISP Use Case 4 :: Data Center/VM Mobility – example/packet flows
IP Network
After Move
10.4.4.4 -> 10.1.1.11
12172.17.4.4 -> 192.168.23.6
10.4.0.4 -> 10.1.1.11
10.4.4.4 -> 10.1.1.11
10.1.1.11 -> 10.4.4.4
10.1.1.11 -> 10.4.4.4
Same!
New!
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
LISP Use Case 5 :: LISP Mobile-Node
• Needs:
Mobile devices roaming across any access media without connection reset
Mobile device keeps the same IP address forever
• LISP Solution:
LISP level of indirection separates endpoints and locators
Scalable, host-level registration (1010)
• Benefits:MNs can roam and stay connected
MNs can be servers
MNs roam without DNS changes
MNs can use multiple interfaces
Packet “near-stretch-1” minimizes latency
Applicability:
Android and Linux
IPv4 and IPv6
Static EID: 2610:00d0:xxxx::1/128
Dynamic RLOC
dino.cisco.com
Any 3G/4G
NetworkAny WiFi
Network
Dynamic RLOC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
LISP Site
SP WiFi(Operator A)
LISP-MN Mobility: Any Network, Anytime, Anywhere
Mapping
System
3G(Operator A)
StarbucksWiFi
I’m @
Starbucks
I’m @ Operator A
(offload to WiFi)
I’m @ Operator A
(3G)
Data Packets
Control Packets
Session Continuity While Roaming
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
• A mobility event happens when a locator (or locator set) changes
A LISP-MN device roams to a different network…
A new interface comes up…
• The LISP-MN device:
Registers the new location with the mapping system…
Sends a Solicit-Map-Request (SMR) message to all the LISP sites in the mobile node’s map-cache (sites with which it is communicating)
• The remote LISP site (ITR) upon receiving an SMR…
Sends a new Map-Request for the LISP-MN EID
Update its mappings
Starts encapsulating data to the new location
• The remote LISP site is updated with the location within 3 messages
SMR, Map-Request, Map-Reply
LISP-MN Handoff and/or Locator Set Change
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
ETR
ITR
ETR
ITR
3G Carrier 2
13.0.0.0/8
3G Carrier 1
12.0.0.0/8
PI EID-prefix
2.0.0.0/24
MR MSMR MS
65.1.1.1 66.2.2.2
Mapping System
10.0.0.2
11.0.0.2
EID-prefix: 3.0.0.3/32
Locator-set:
12.0.0.2, priority: 1, weight: 100
Map-Cache Entry
SP WiFi
14.0.0.0/8
3G12.0.0.2
LISP xTR
LISP-MN EID
3.0.0.3/32
LISP-MN Handoff and/or Locator Set Change
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
EID-prefix: 3.0.0.3/32
Locator-set:
12.0.0.2, priority: 1, weight: 100
Map-Cache Entry
S
xTR-1
LISP Site 1
xTR-2
Provider A
10.0.0.0/8
Provider B
11.0.0.0/8
ETR
ITR
ETR
ITR
3G Carrier 2
13.0.0.0/8
3G Carrier 1
12.0.0.0/8
PI EID-prefix
2.0.0.0/24
MR MSMR MS
65.1.1.1 66.2.2.2
Mapping System
10.0.0.2
11.0.0.2
SP WiFi
14.0.0.0/8
SMR
LISP xTR
LISP-MN EID
3.0.0.3/32
WiFi14.0.0.2
14.0.0.2-> 66.2.2.2
LISP Map-Register
(udp 4342)
SHA-1
3.0.0.3/32
14.0.0.2
Map-Request
Map-Reply
EID-prefix: 3.0.0.3/32
Locator-set:
14.0.0.2, priority: 1, weight: 100
Map-Cache Entry
LISP-MN Handoff and/or Locator Set Change
LISP Status
LISP Overview
LISP Operations
LISP Use Cases
LISP Summary
LISP References
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
LISP Standardization Effort Status
Draft Next Steps/Target
LISP base protocol (draft-ietf-lisp-19) IESG Evaluation…
LISP+ALT (draft-ietf-lisp-alt-10) Approved! Experimental RFC
LISP Map Server (draft-ietf-lisp-ms-14) AD Evaluation…
LISP Interworking (draft-ietf-lisp-interworking-02) AD Evaluation…
LISP Map Versioning (draft-ietf-lisp-map-versioning-06) AD Evaluation…
LISP Multicast (draft-ietf-lisp-multicast-12) IESG Evaluation…
LISP Internet Groper (draft-ietf-lisp-lig-06) Approved! Experimental RFC
LISP Mobile Node (draft-meyer-lisp-mn-06) Proposed for WG adoption (3 prototypes available)
LISP Canonical Address Format (draft-farinacci-lisp-lcaf-06)
Proposed for WG adoption
LISP MIB (draft-ietf-lisp-mib-03) Active…
LISP Deployment (draft-ietf-lisp-deployment-02) Active…
LISP SEC (draft-ietf-lisp-sec-01) Active…
LISP Threats (draft-ietf-lisp-threats-00) Active…
LISP EID Block (draft-ietf-lisp-eid-block-01) Active…IETF LISP WG: http://tools.ietf.org/wg/lisp/
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
LISP Deployments - International LISP Beta Network
LISP Community Operated
- >4 years operational
- >140+ sites, 26 countries
Nine LISP implementations deployed today
- Cisco: IOS, IOS-XE, NX-OS
- Furukawa Network Solution Corporation FITELnet-G21
- FreeBSD: OpenLISP
- Linux: OpenWrt, Aless, LISPmob
- Android (Gingerbread)
- Plus a few others… ;-)
http://lisp.cisco.com
http://www.lisp6.facebook.com
http://www.lisp.intouch.eu/
http:/lisp.isarnet.net/
and more…
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Cisco’s LISP Software Release Strategy – Development Strategy
Early Deployment (ED) software – Engineering Builds
- LISP ED releases available on CCO as “hidden” posts
- Not orderable via the Cisco Global Configuration tool
- Intended only for deployment on LISP nodes
- Not intended nor recommended for production deployment scenarios
- TAC supported (unless deployed in non-LISP environment)
- Refer to LISP Early ED Software Release Product Bulletin for details
Production LISP Deployment Software – Mainline Integration
- LISP production software images available via CCO download
- Orderable via the Cisco Global Configuration tool
- Approved for use in all production deployment scenarios
- TAC supported
Cisco LISP Code: http://lisp.cisco.com
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
LISP Software Release Strategy – Available Releases!
Cisco Releases- IOS since December 2009… ISR, ISRG2, 7200
- IOS-XE since March 2010… ASR1K
- NX-OS since December 2009… Nexus 7000, UCS C200
- Coming soon… Catalyst 6500, ASR9K, CRS-3, and others…
Other LISP Releases- Furukawa Network Solutions Corp
- FreeBSD
OpenLISP
- Linux
Aless
LISPmob
OpenWrt (coming soon…)
- Android
Gingerbread (coming soon…)
- Other vendors… Check back!!
Cisco LISP Releases: http://lisp.cisco.com
http://www.lisp4.net
http://www.lisp6.net Other LISP Releases:
LISP Summary
LISP Overview
LISP Operations
LISP Use Cases
LISP Status
LISP References
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
LISP – A Routing Architecture; Not a Feature
Enables IP Number Portability
- With session survivability
- Never change host IP addresses; No renumbering costs
- No DNS “name == EID” binding change
Uses pull vs. push routing
- OSPF and BGP are push models; routing stored in the forwarding plane
- LISP is a pull model; Analogous to DNS; massively scalable
An over-the-top technology
- Address Family agnostic
- Incrementally deployable
- No changes in end systems
Creates a Level of Indirection
- Separates End-Host and Site addresses
Deployment simplicity
- No host changes
- Minimal CPE changes
- Some new core infrastructure components
Enables other interesting features
- Simplified multi-homing with Ingress traffic Engineering – without the need for BGP
- End-host mobility without renumbering
- Address Family agnostic support
An Open Standard
- No Cisco Intellectual Property Rights
LISP References
LISP Overview
LISP Operations
LISP Use Cases
LISP Status
LISP Summary
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
LISP Information and Mailing Lists
LISP Information
- IETF LISP Working Group http://tools.ietf.org/wg/lisp/
- LISP Beta Network Site http://www.lisp4.net & http://www.lisp6.net
- Cisco LISP Site http://lisp.cisco.com (ipv4 and IPv6)
- Cisco LISP Marketing Site http://www.cisco.com/go/lisp/
LISP Mailing Lists
- IETF LISP Working Group http://tools.ietf.org/wg/lisp/
- LISP Interest (public) [email protected]
- Cisco LISP Questions [email protected]
- LISPmob Questions [email protected]
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
• Thank you!
• Please complete the post-event survey.
• Join us February 8 for our next webinar:
Recommendations for Network Application Identification and Policy
To register, go to www.cisco.com/go/iosadvantage
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Thank you.