© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 LISP – Routing in the Cloud Cisco Public
LISP – Routing in the Cloud LISP Update – 13 September 2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 LISP – Routing in the Cloud
LISP - A Next Generation Routing Architecture
What is LISP? How Does LISP Work? How Customers are Using LISP References
What is LISP?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 LISP – Routing in the Cloud
LISP Overview Identity and Location :: an Overloaded Concept in Routing Today…
IPv4 Internet
Site 1
Site 2
Site 3
eBGP 64.1.0.0/17 64.1.0.0/16
Tier 1 SP 64.1.0.0/17
64.1.0.0/16
Transit SP
Commodity SP eBGP 64.1.128.0/17 64.1.0.0/16
64.1.128.0/17
64.1.0.0/16
13.1.1.2/30
AS 300 13. 0/8
13.0/8
Enterprise
DFZ Routing Table
AS 100 64.1.0.0/16
Identity
AS 200 12. 0/8
12.0/8
12.1.1.2/30 Location
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 LISP – Routing in the Cloud
LISP Overview Identity and Location :: an Overloaded Concept in Routing Today…
IPv4 Internet
Site 1
Site 2
AS 100 64.1.0.0/16
Site 3
Tier 1 SP
AS 200 12. 0/8
12.1.1.2/30
Transit SP
Commodity SP
13.1.1.2/30
AS 300 13. 0/8
Location
Enterprise
Identity
DFZ Routing Table
LISP Mapping System
• What if ID address and Locator address are in different databases?
• This creates a “level of indirection” between ID and LOCATION in the network!
Clear Separation at the Network Layer:: • who/what you are looking for
vs. … • how to best get there
ID/Loc Split is common already. There are two basic approaches:
• Translations (e.g. NAT) vs. …
• Tunnels (e.g. GRE, IPsec, MPLS) Both approaches are limited to local scope
What is needed is Locator/ID Separation on a GLOBAL Scope.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 LISP – Routing in the Cloud
LISP Overview Identity and Location :: an Overloaded Concept in Routing Today…
IPv4 Internet
Site 1
Site 2
AS 100 64.1.0.0/16
Site 3
Tier 1 SP
AS 200 12. 0/8
12.1.1.2/30
Transit SP
Commodity SP
13.1.1.2/30
AS 300 13. 0/8
Location
Enterprise
Identity
DFZ Routing Table
LISP Mapping System
x.x.x.x/25
a.a.
a.a/
27
• Let’s scale the ID address databases to 1010 and allow it to hold any prefix length (even /32’s and /128’s)
• Let’s provide a mechanism to provide on-the-fly resolution of ID and locator (like DNS)
• High scale design, and ability to change locator for fixed ID enables Mobility!
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 LISP – Routing in the Cloud
LISP changes the rou3ng architecture to implement a level of indirec;on between a hosts IDENTITY and its LOCATION in the network
LISP radical changes the current ROUTING Architecture • Radical changes lead to DISRUPTION opportuni3es • LISP allows both SPs and Enterprises to do remarkably different things than tradi3onal approaches allow
• LISP enables NEW services (VPNs, IPv6, Mobility, “cloud”) in one, common, simple architecture
LISP Overview LISP – A Routing Architecture, Not a Feature…
How Does LISP Work?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 LISP – Routing in the Cloud
LISP Operations LISP :: Main Attributes of LISP…
LISP Loc/ID Split namespaces ‒ EID (Endpoint Iden;fier) is the IP address of a host – just as it is today
‒ RLOC (Rou;ng Locator) is the IP address of the LISP router for the host
‒ EID-‐to-‐RLOC mapping is the distributed architecture that maps EIDs to RLOCs
Prefix Next-‐hop w.x.y.1 e.f.g.h x.y.w.2 e.f.g.h z.q.r.5 e.f.g.h z.q.r.5 e.f.g.h
Non-‐LISP
RLOC Space
EID-‐to-‐RLOC mapping
EID Space xTR
xTR
MS/MR
PxTR
xTR
EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5
EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5
EID Space
Network-‐based solu3on No host changes Minimal configura3on
No DNS changes
Address Family agnos3c
Incrementally deployable (support LISP and non-‐LISP)
Support for mobility
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 LISP – Routing in the Cloud
LISP Operations LISP :: Mapping Resolution “Level of Indirection” DNS analog…
LISP “Level of Indirection” is analogous to a DNS lookup ‒ DNS resolves IP addresses for URL Answering the “WHO IS” question
‒ LISP resolves locators for queried identities Answering the “WHERE IS” question
host DNS Name-to-IP URL Resolution
[ who is lisp.cisco.com ] ? DNS Server
[153.16.5.29, 2610:D0:110C:1::3 ]
LISP Identity-to-locator Mapping Resolution
LISP router
LISP Mapping System
[ where is 2610:D0:110C:1::3 ] ?
[ locator is 128.107.81.169 ]
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 LISP – Routing in the Cloud
LISP Operations LISP Data Plane :: Ingress/Egress Tunnel Router (xTR)…
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
packet flow packet flow
ETR – Egress Tunnel Router
‒ Receives packets from core-‐facing interfaces
‒ De-‐cap and deliver packets to local EIDs at site
ITR – Ingress Tunnel Router
‒ Receives packets from site-‐facing interfaces
‒ Encap to remote LISP sites, or na3ve-‐fwd to non-‐LISP sites
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 LISP – Routing in the Cloud
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
packet flow packet flow
LISP Operations LISP Data Plane :: Unicast Packet Flow…
DNS entry: D.abc.com AAAA 2001:db8:2::1
1
2 2001:db8:1::1 -‐> 2001:db8:2::1
This policy controlled by the destination site
2001:db8:1::1 -‐> 2001:db8:2::1 11.0.0.2 -‐> 12.0.0.2
4
5 2001:db8:1::1 -‐> 2001:db8:2::1
11.0.0.2 -‐> 12.0.0.2
6
7
2001:db8:1::1 -‐> 2001:db8:2::1
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
EID-‐prefix: 2001:db8:2::/48
Locator-‐set:
12.0.0.2, priority: 1, weight: 50 (D1)
13.0.0.2, priority: 1, weight: 50 (D2)
Map-‐Cache Entry
3
Notes: ‒ The destination site controls its
ingress policy (active/active in this case)
‒ 5-tuple hash per-flow selects RLOC for encapsulation
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 LISP – Routing in the Cloud
LISP Operations LISP Control Plane :: Introduction…
LISP Control Plane Provides On-Demand Mappings ‒ Control Plane is separate from data plane
‒ Map-‐Resolver and Map-‐Server (similar to DNS Resolver and DNS Server)
‒ LISP Control Plane Messages for EID-‐to-‐RLOC resolu3on
‒ Distributed databases and map-caches hold mappings
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 LISP – Routing in the Cloud
Mapping System
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
packet flow packet flow
MR MS
LISP Operations LISP Control Plane :: Map-Server/Map-Resolver (MS/MR)…
MR – Map-‐Resolver
‒ Receives Map-‐Request from ITR
‒ Forwards Map-‐Request to Mapping System
‒ Sends Nega3ve Map-‐Replies in response to Map-‐Requests for non-‐LISP sites
MS – Map-‐Server
‒ LISP site ETRs register their EID prefixes here; requires configured “lisp site” policy, authen3ca3on key
‒ Receives Map-‐Requests via Mapping System, forwards them to registered ETRs
NOTE: An MR/MS need not be deployed as a
router. Cisco is exploring implementing the LISP control plane on a VM.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 LISP – Routing in the Cloud
Mapping System
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
packet flow packet flow
MR MS
LISP Operations LISP Control Plane :: Mapping Database (ETR), Map-Cache (ITR)…
LISP Map Cache (ITR)
‒ Only stores mappings for sites ITR currently sending packets to
‒ Populated by sending receiving Map-‐Replies from ETRs
‒ ITRs must respect Map-‐Reply policy (TTLs, RLOC up/down status, RLOC priori3es/weights
LISP Site Mapping-‐Database (ETR)
‒ EID-‐to-‐RLOC mappings in all ETRs for local LISP site
‒ ETR is “authorita3ve” for its EIDs, sends Map-‐Replies to ITRs
‒ ETRs can tailor policy based on Map-‐Request source
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 LISP – Routing in the Cloud
LISP Operations LISP Control Plane :: Control Plane Messages…
Control Plane EID Registra3on ‒ Map-‐Register message
Sent by ETR to MS to register its associated EID prefixes
Specifies the RLOC(s) to be used by the MS when forwarding Map-‐Requests to the ETR
Control Plane “Data-‐triggered” mapping service ‒ Map-‐Request message
Sent by an ITR when it needs for EID/RLOC mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expira3on
‒ Map-‐Reply message Sent by an ETR in response to a valid map-‐request to provide the EID/RLOC mapping and site ingress policy for the requested EID
‒ Map-‐No;fy message Sent by Map-‐Server to ETR to acknowledge that its requested EID prefixes were registered successfully
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 LISP – Routing in the Cloud
Mapping System
LISP Operations LISP Control Plane :: Map Registration Example…
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
MR MS
router lisp site Site2
description Site 2 authentication-key S3cr3t
eid-prefix 2001:db8:2::/48 1
LISP Map-‐Register (udp 4342) SHA-‐2
2001:db8:2::/48 12.0.0.2, 13.0.0.2
12.0.0.2-‐> 66.2.2.2
Other 2001:db8::/32 sites… 2
66.2.2.2
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
router lisp database-mapping 2001:db8:2::/48 12.0.0.2 priority 1 weight 50
database-mapping 2001:db8:2::/48 13.0.0.2 priority 1 weight 50 ipv4 itr
ipv4 etr ipv4 itr map-resolver 66.2.2.2 ipv4 etr map-server 66.2.2.2 key S3cr3t
Notes: ‒ The ETR registers for EIDs
that it is authoritative for
‒ The MS is configured for the site EIDs, and must have the same authentication key
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 LISP – Routing in the Cloud
Mapping System
66.2.2.2
LISP Operations LISP Control Plane :: Map-Request/Map-Reply Example…
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
packet flow packet flow
MR MS
DNS entry: D.abc.com AAAA 2001:db8:2::1
1
2
2001:db8:1::1 -‐> 2001:db8:2::1
How do I get to 2001:db8:2::1?
3 11.0.0.2-‐> 66.2.2.2 LISP ECM (udp 4342)
11.0.0.2 -‐> 2001:db8:2::1 Map-‐Request (udp 4342) nonce
EID-‐prefix: 2001:db8:2::/48
Locator-‐set:
12.0.0.2, priority: 1, weight: 50 (D1)
13.0.0.2, priority: 1, weight: 50 (D2)
Map-‐Cache Entry 6
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
4 66.2.2.2-‐> 12.0.0.2 LISP ECM (udp 4342)
11.0.0.2 -‐> 2001:db8:2::1 Map-‐Request (udp 4342) nonce
5
12.0.0.2 -‐>11.0.0.2 Map-‐Reply (udp 4342) nonce
2001:db8:2::/48 12.0.0.2 [1, 50] 13.0.0.2 [1, 50]
Notes: ‒ The IP address in the Map-
Request (2001:db8:2::1 in this case) is the host that the ITR is trying to reach.
‒ The Map-Reply includes the entire prefix (2001:db8:2::/48 in this case) covering the requested host.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 LISP – Routing in the Cloud
Mapping System
66.2.2.2
LISP Operations LISP Control Plane :: Proxy Map-Reply Example…
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
packet flow packet flow
MR MS
2 11.0.0.2 -‐> 66.2.2.2 LISP ECM (udp 4342)
11.0.0.2 -‐> 2001:db8:2::1 Map-‐Request (udp 4342) nonce
EID-‐prefix: 2001:db8:2::/48
Locator-‐set:
12.0.0.2, priority: 1, weight: 50 (D1)
13.0.0.2, priority: 1, weight: 50 (D2)
Map-‐Cache Entry 4
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
3
66.2.2.2 -‐> 11.0.0.2 Map-‐Reply (udp 4342) nonce
2001:db8:2::/48 12.0.0.2 [1, 50] 13.0.0.2 [1, 50]
1
LISP Map-‐Register (udp 4342) SHA-‐2
Proxy Bit set 2001:db8:2::/48 12.0.0.2, 13.0.0.2
12.0.0.2-‐> 66.2.2.2
Notes: ‒ The ETR can register with the
“proxy bit” set.
‒ The Map-Server creates and sends the Map-Rely on behalf of the ETR in this case.
‒ This is useful for LISP-MN cases to reduce control plane messaging (and increase battery life).
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 LISP – Routing in the Cloud
Mapping System
66.2.2.2
LISP Operations LISP Control Plane :: Negative Map-Reply Example…
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
packet flow packet flow
MR MS
1
2001:db8:1::1 -‐> 2001:db7:1::1
How do I get to 2001:db7:1::1?
2 11.0.0.2-‐> 66.2.2.2 LISP ECM (udp 4342)
11.0.0.2 -‐> 2001:db7:1::1 Map-‐Request (udp 4342) nonce
EID-‐prefix: 2001:8000::/21
forward-‐na;ve
Map-‐Cache Entry 4
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
3
66.2.2.2 -‐> 11.0.0.2 Nega;ve-‐Map-‐Reply
(udp 4342) nonce
2001:8000::/21
NOTE: The actual “covering prefix” returned in an NMR depends on the number and distribution of EID
prefixes in the Mapping System. The NMR prefix will cover the shortest prefix that doesn’t cover
any LISP Sites in the Mapping System
Notes: ‒ When an ITR queries for a
destination that is not in the Mapping System, the Map-Resolver returns an NMR.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 LISP – Routing in the Cloud
LISP Operations LISP Control Plane :: Mapping System Scaling…
MR MS MR MS
xTRs
xTRs
xTRs
PxTRs
PxTRs
xTRs
xTRs
xTRs PxTRs
xTRs
xTRs xTRs
xTRs xTRs
xTRs xTRs xTRs
MS/MRs
MS/MRs MS/MRs
MS/MRs
MS/MRs
MS/MRs
MS/MRs MS/MRs
DHT DHT DHT
DHT
DDT – Delegated Distributed Tree
‒ Hierarchy for Instance IDs and for EID Prefixes
‒ DDT Map-‐Resolvers sends (ECM) Map-‐Requests
‒ DDT Nodes Return Map-‐Referral messages
‒ DDT Resolvers resolve the Map-‐Server’s RLOC itera3vely
‒ Conceptually, similar to DNS (IN-‐ADDR hierarchy) but different prefix encoding, messages, etc.
The LISP Beta Network operates this way today…
ALT ALT ALT
ALT
DDT DDT DDT
DDT
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 LISP – Routing in the Cloud
LISP Operations LISP Internetworking :: Day-One Incremental Deployment
Early Recogni3on ‒ LISP will not be widely deployed day-‐one ‒ Up-‐front recogni3on of an incremental deployment plan
Interworking for: ‒ LISP-‐sites to non-‐LISP sites (e.g. the rest of the Internet) ‒ non-‐LISP sites to LISP-‐sites
Proxy-‐ITR/Proxy-‐ETR are deployed today ‒ Infrastructure LISP network en3ty ‒ Creates a mone3zed service opportunity for infrastructure players
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 LISP – Routing in the Cloud
Mapping System
IPv6 Internet
LISP Operations LISP Internetworking :: Day-One Incremental Deployment
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
MR MS
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
PITR PETR
PETR – Proxy ETR
‒ Allows a LISP Site in one AF [IPv4 or IPv6] and the opposite RLOC [IPv6 or IPv4] to reach non-‐ that AF [IPv4 or IPv6] (AF-‐hop-‐over)
‒ Allows LISP sites with uRPF restric3ons to reach non-‐LISP sites
PITR – Proxy ITR
‒ Receives traffic from non-‐LISP sites; encapsulates traffic to LISP sites
‒ Adver3ses coarse-‐aggregate EID prefixes
‒ LISP sites see ingress TE “day-‐one”
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 LISP – Routing in the Cloud
Mapping System
IPv6 Internet
LISP Operations LISP Internetworking :: Day-One Incremental Deployment
PI EID-‐prefix 2001:db8:2::/48
xTR-3
ETR
ITR
xTR-4
ETR
ITR
LISP Site 2 D LISP Site 1 S
xTR-1
ETR
ITR
xTR-2
ETR
ITR
PI EID-‐prefix 2001:db8:1::/48
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider C 12.0.0.0/8
Provider D 13.0.0.0/8
MR MS
10.0.0.2
11.0.0.2
12.0.0.2
13.0.0.2
PITR PETR
2001:f:f::1 2001:f:e::1
2001:db8::/32
Non-‐LISP v6 Site
2001:d:1::1
2001:d:1::1 -‐> 2001:db8:2::1 1
2001:d:1::1 -‐> 2001:db8:2::1 10.9.1.1 -‐> 12.0.0.2
2
3
2001:d:1::1 -‐> 2001:db8:2::1
4
2001:db8:2::1 -‐> 2001:d:1::1
2001:db8:2::1 -‐> 2001:d:1::1
12.0.0.2 -‐> 12.9.2.1
5
6
2001:db8:2::1 -‐> 2001:d:1::1
Notes: ‒ PITRs advertise coarse-
aggregates (2001:db8::/32 in this case) to attract non-LISP traffic and encapsulate it to LISP sites.
‒ PETRs provide LISP to non-LISP AF hop-over (among other services).
How are Customers Using LISP?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 LISP – Routing in the Cloud
LISP Use-Cases Core LISP Use-Cases…
1. Efficient Mul3-‐Homing
2. IPv6 Transi3on Support 3. Efficient Virtualiza3on/VPN
4. Data Center/Host Mobility
5. LISP Mobile-‐Node
These ‘core’ Use-‐Cases highlight func3onality that is integrated in LISP.
All use-‐case :: mul3-‐homing, v6 transi3on, virtualiza3on, and mobility
work together as well
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 LISP – Routing in the Cloud
LISP Use-Cases :: Efficient Multihoming Overview…
Needs: ‒ Site connectivity to multiple providers for
resiliency ‒ Low OpEx/CapEx solution for Ingress TE
LISP Solution: ‒ LISP provides a streamlined solution for
handling multi-provider connectivity and policy without BGP complexities
Benefits: ‒ OpEx-friendly multi-homing across different
providers ‒ Simple policy management ‒ Ingress Traffic Engineering that actually
“works”
Efficient Multihoming
LISP Site
SP AS 200
Internet
SP AS 300
No eBGP
Example: ‒ NJEdge.NET is providing multihoming
services using LISP for 190 educational institutions in New Jersey
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 LISP – Routing in the Cloud
LISP Use-Cases :: IPv6 Transition Support Overview…
Needs: ‒ Rapid IPv6 Deployment ‒ Minimal Infrastructure disruption
LISP Solution: ‒ LISP encapsulation is Address Family
agnostic, allowing for IPv6 over an IPv4 core, or IPv4 over an IPv6 core
Benefits: ‒ Accelerated IPv6 adoption ‒ Minimal added configurations ‒ No core network changes ‒ Can be transitional or permanent
IPv4 Network
IPv6 Network
IPv4 Core
IPv6 Core xTR
xTR
v6
v4
Address Family independence
Examples:
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 LISP – Routing in the Cloud
LISP Use-Cases :: Virtualization Support Overview…
Needs: ‒ Integrated Segmentation ‒ Global scale and interoperability ‒ Minimal Infrastructure disruption
LISP Solution: ‒ 24-bit LISP Instance-ID segments control
plane and data plane
Benefits: ‒ Very high scale tenant segmentation with
Global Scalability ‒ Transport-independent IP-based “overlay” ‒ Virtualization of “ID” and “Locator” space
Efficient Virtualization
Examples: ‒ InTouch in production ‒ AT&T is conducting PoC testing
BLUE MPLS-‐VPN
IP Core PE1
PURPLE MPLS-‐VPN
PE4
PE3 PE2
IPv4
IPv4 IPv4
IPv4
IPv4
xTR
xTR
xTR
xTR xTR
IID 22
IID 33 IID 44
IID 11
IID 33 IID 44
IID 33 IID 44
IID 22 IID 11
IID 22 IID 11
IID 44 IID 33
IID 22 IID 11
IID 44 IID 33
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 LISP – Routing in the Cloud
LISP Use-Cases :: Data Center/Host Mobility Overview…
Needs: ‒ VM-Mobility extending subnets and
across subnets ‒ Move detection, dynamic EID-to-RLOC
mappings, traffic redirection
LISP Solution: ‒ LISP for across subnets moves ‒ Host IP (/32) remains the same
Benefits: ‒ VM/OS agnostic, seamless, integrated,
global workload mobility (cloud bursting) ‒ Direct Path after move (no triangulation) ‒ No IP address changes across move ‒ Connections survive across moves ‒ No routing re-convergence or DNS updates ‒ ARP elimination
Example: ‒ VXnet is providing Disaster Recovery solutions
for financial institutions
Data Center 1
Data Center 2
LISP Site
IP Network
West DC
Legacy Site Legacy Site Legacy Site
East DC
PxTR
Mapping DB
Data Center/Host Mobility
xTR
a.b.c.1
VM
a.b.c.1
VM
VM move
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 LISP – Routing in the Cloud
LISP Use-Cases :: LISP Mobile-Node Overview…
Needs: ‒ Mobile devices roaming across any access media
without connection reset ‒ Mobile device keeps the same IP address forever
LISP Solution: ‒ LISP “level of indirection” splits endpoints and locators ‒ Scalable, host-level registration (1010)
Benefits: ‒ MNs can roam and stay connected ‒ MNs can be servers ‒ MNs roam without DNS changes ‒ MNs can use multiple interfaces ‒ Packet “near-stretch-1” minimizes latency
Sta;c EID: 2610:00d0:xxxx::1/128
Dynamic RLOC
dino.cisco.com
Any 3G/4G Network
Any WiFi Network
Dynamic RLOC
This is a LISP Site!
LISP Status and References
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 LISP – Routing in the Cloud
LISP Status LISP Standardization Status… IETF LISP WG: http://tools.ietf.org/wg/lisp/
Main drafts Completed! RFC #’s soon!
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 LISP – Routing in the Cloud
LISP Status LISP Deployments - International LISP Beta Network…
LISP Community Operated: ‒ More than 4+ Years operational… ‒ More than 200 Sites, 32 countries…
Nine LISP implementations deployed: ‒ Cisco IOS (ISR, ISRG2, 7200) ‒ Cisco IOS-XE (ASR1K) ‒ Cisco NX-OS (N7K, C200) ‒ Cisco IOS-XR (CRS-3) ‒ Furukawa Network Solution Corporation FITELnet-G21 ‒ FreeBSD: OpenLISP ‒ Linux: Aless, LISPmob, OpenWrt ‒ Android (Gingerbread)
and more…
hhp://vinciconsul;ng.com/vxnet
hhp://lisp.cisco.com
hhp://vinciconsul;ng.com/vxnet
hhp://www.lisp.intouch.eu/
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 LISP – Routing in the Cloud
LISP Status LISP Software – Available Releases…
Cisco Releases ‒ NX-OS since December 2009… Nexus 7000, UCS C200 ‒ IOS since December 2009… ISR, ISRG2, 7200 ‒ IOS-XE since March 2010… ASR1K ‒ IOS-XR since March 2012… CRS-3 ‒ Coming soon… ASR9K, and others
Other Releases ‒ Furukawa Network Solutions Corp ‒ FreeBSD :: Open LISP ‒ Linux :: Aless, LISPmob, OpenWrt (coming soon…) ‒ Android :: Gingerbread (coming soon…) ‒ Other vendors… Check the site!
Cisco LISP Releases: http://lisp.cisco.com
Other LISP Releases: http://www.lisp4.net
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 LISP – Routing in the Cloud
LISP References LISP Information and Mailing Lists…
LISP Information ‒ IETF LISP Working Group ……...… http://tools.ietf.org/wg/lisp/ ‒ LISP Beta Network Site …………… http://www.lisp4.net or http://www.lisp6.net ‒ Cisco LISP Site ……………………. http://lisp.cisco.com (IPv4 and IPv6) ‒ Cisco LISP Marketing Site ………... http://www.cisco.com/go/lisp/ ‒ LISP DDT Root ……………………... http://www.ddt-root.org
LISP Mailing Lists ‒ IETF LISP Working Group ………… [email protected] ‒ LISP Interest (public) ………………. [email protected] ‒ Cisco LISP Questions ……………… [email protected] ‒ LISPmob Questions ………………... [email protected]
LISP Summary
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 LISP – Routing in the Cloud
LISP Efficient Multihoming
LISP is an Architecture…
IPv4 Core
IPv4 Core
1. Multihoming 2. IPv6 Transition 3. Virtualization/VPN 4. Mobility
Part of the LISP Solution Space…
v4
IPv4 Network
xTR
xTR
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 LISP – Routing in the Cloud
IPv4 Network
IPv6 Network
LISP IPv6 Transition Support
LISP is an Architecture…
IPv4 Core
IPv6 Core
1. Multihoming 2. IPv6 Transition 3. Virtualization/VPN 4. Mobility
xTR
xTR
Part of the LISP Solution Space…
v6
v4
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 LISP – Routing in the Cloud
IPv4 Network
IPv6 Network
LISP Virtualization/VPN
LISP is an Architecture…
IPv4 Core
1. Multihoming 2. IPv6 Transition 3. Virtualization/VPN 4. Mobility
v6
v4
Part of the LISP Solution Space…
IPv6 Core xTR
xTR
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 LISP – Routing in the Cloud
IPv4 Network
IPv6 Network
LISP Host Mobility
LISP is an Architecture…
IPv4 Core
1. Multihoming 2. IPv6 Transition 3. Virtualization/VPN 4. Mobility
xTR
xTR v6
v4 Server
Server
Part of the LISP Solution Space…
IPv6 Core
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 LISP – Routing in the Cloud
Uses pull vs. push routing ‒ OSPF and BGP are push models;
routing stored in the forwarding plan ‒ LISP is a pull model;
Analogous to DNS; massively scalable
LISP use-cases are complimentary ‒ Simplified multi-homing with Ingress traffic Engineering;
no need for BGP ‒ Address Family agnostic support
‒ Virtualization support
‒ End-host mobility without renumbering An over-the-top technology ‒ Address Family agnostic
‒ Incrementally deployable ‒ End systems can be unaware of LISP
Deployment simplicity ‒ No host changes
‒ Minimal CPE changes ‒ Some new core infrastructure components
Enables IP Number Portability ‒ Never change host IP addresses; No renumbering costs
‒ No DNS “name == EID” binding change ‒ Session survivability
An Open Standard ‒ Being developed in the IETF
‒ No Cisco Intellectual Property Rights
LISP Overview LISP – A Routing Architecture, Not a Feature…
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public LISP – Routing in the Cloud