SlideShare une entreprise Scribd logo

LISP Update

Swiss IPv6 Council
Swiss IPv6 Council

Eine Präsentation über LISP, Routing Architektur und Protokoll-Set. Unter anderem geeignet für IPv6 Einführung. Präsentation stammt von Cisco.

1  sur  43
Télécharger pour lire hors ligne
LISP – Routing in the Cloud LISP Update – 13 September 2012 LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Public 1
LISP - A Next Generation Routing Architecture   What is LISP?   How Does LISP Work?   How Customers are Using LISP   References LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
What is LISP?
LISP Overview Identity and Location :: an Overloaded Concept in Routing Today… DFZ Routing Table Site 1 eBGP   64.1.0.0/17   AS  200   12.0/8   Enterprise 64.1.0.0/16   12.  0/8   64.1.0.0/17   Tier 1 SP 64.1.0.0/16   Site 2 AS  100   12.1.1.2/30   Location 64.1.0.0/16   13.1.1.2/30   IPv4  Internet   Identity AS  300   13.0/8   13.  0/8   Site 3 64.1.0.0/16   eBGP   Commodity SP 64.1.128.0/17   64.1.128.0/17   Transit SP 64.1.0.0/16   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
LISP Overview Identity and Location :: an Overloaded Concept in Routing Today… •  What if ID address and LISP DFZ Routing Locator address are in different databases? Mapping Table •  This creates a “level of System indirection” between ID and Site 1 LOCATION in the network! Enterprise AS  200   12.  0/8   Clear Separation at the Network Layer:: Tier 1 SP •  who/what you are looking for Site 2 vs. … AS  100   12.1.1.2/30   •  how to best get there Location 64.1.0.0/16   13.1.1.2/30   IPv4  Internet   Identity ID/Loc Split is common already. There are AS  300   two basic approaches: 13.  0/8   •  Translations (e.g. NAT) Site 3 Commodity SP vs. … •  Tunnels (e.g. GRE, IPsec, MPLS) Transit SP Both approaches are limited to local scope What is needed is Locator/ID Separation on a GLOBAL Scope. LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
LISP Overview Identity and Location :: an Overloaded Concept in Routing Today… •  Let’s scale the ID address LISP DFZ Routing databases to 1010 and allow it to hold any prefix length Mapping Table (even /32’s and /128’s) System a.a.a.a/27   x.x.x.x/25   •  Let’s provide a mechanism to Site 1 provide on-the-fly resolution of ID and locator (like DNS) AS  200   •  High Enterprise and ability scale design, 12.  0/8   to change locator for fixed ID enables Mobility! Tier 1 SP Site 2 AS  100   12.1.1.2/30   Location 64.1.0.0/16   13.1.1.2/30   IPv4  Internet   Identity AS  300   13.  0/8   Site 3 Commodity SP Transit SP LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
LISP Overview LISP – A Routing Architecture, Not a Feature… LISP  changes  the  rou3ng  architecture  to  implement  a  level  of  indirec;on   between  a  hosts  IDENTITY  and  its  LOCATION  in  the  network     LISP  radical  changes  the  current  ROUTING  Architecture   •  Radical  changes  lead  to  DISRUPTION  opportuni3es   •  LISP  allows  both  SPs  and  Enterprises  to  do  remarkably  different   things  than  tradi3onal  approaches  allow   •  LISP  enables  NEW  services  (VPNs,  IPv6,  Mobility,  “cloud”)  in  one,   common,  simple  architecture     LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
How Does LISP Work?
LISP Operations LISP :: Main Attributes of LISP…   LISP Loc/ID Split namespaces EID a.a.a.0/24  RLOC   w.x.y.1 b.b.b.0/24 x.y.w.2 ‒  EID  (Endpoint  Iden;fier)  is  the  IP  address  of  a   c.c.c.0/24 z.q.r.5 MS/MR   d.d.0.0/16 z.q.r.5 EID  Space   host  –  just  as  it  is  today   EID  RLOC   a.a.a.0/24 w.x.y.1 ‒  RLOC  (Rou;ng  Locator)  is  the  IP  address  of   b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 xTR   d.d.0.0/16 z.q.r.5 Non-­‐LISP   the  LISP  router  for  the  host   Prefix        Next-­‐hop   EID-­‐to-­‐RLOC   ‒  EID-­‐to-­‐RLOC  mapping  is  the  distributed   w.x.y.1 x.y.w.2 z.q.r.5  e.f.g.h    e.f.g.h    e.f.g.h   mapping   architecture  that  maps  EIDs  to  RLOCs   z.q.r.5  e.f.g.h   PxTR   RLOC  Space     Network-­‐based  solu3on     Address  Family  agnos3c   xTR   EID  Space   xTR     No  host  changes     Incrementally  deployable     Minimal  configura3on   (support  LISP  and  non-­‐LISP)     No  DNS  changes     Support  for  mobility   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
LISP Operations LISP :: Mapping Resolution “Level of Indirection” DNS analog…   LISP “Level of Indirection” is analogous to a DNS lookup ‒  DNS resolves IP addresses for URL Answering the “WHO IS” question   [ who is lisp.cisco.com ] ? DNS DNS host Server Name-to-IP URL Resolution [153.16.5.29,  2610:D0:110C:1::3  ] ‒  LISP resolves locators for queried identities Answering the “WHERE IS” question   [ where is 2610:D0:110C:1::3  ] ? LISP LISP LISP Identity-to-locator Mapping router Mapping Resolution System [ locator is 128.107.81.169 ] LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
LISP Operations LISP Data Plane :: Ingress/Egress Tunnel Router (xTR)… ITR  –  Ingress  Tunnel  Router   ‒  Receives  packets  from  site-­‐facing   interfaces   ‒  Encap  to  remote  LISP  sites,  or   na3ve-­‐fwd  to  non-­‐LISP  sites   ETR Provider  A   10.0.0.0/8   Provider  C   12.0.0.0/8   ETR ETR  –  Egress  Tunnel  Router   ITR ITR PI  EID-­‐prefix     xTR-1 xTR-3 PI  EID-­‐prefix     ‒  Receives  packets  from  core-­‐facing   2001:db8:1::/48   2001:db8:2::/48   packet  flow   packet  flow   interfaces   ETR ETR Provider  B   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   ITR ‒  De-­‐cap  and  deliver  packets  to  local   S   xTR-2 xTR-4 D   EIDs  at  site   LISP Site 1 LISP Site 2 LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
LISP Operations LISP Data Plane :: Unicast Packet Flow… Notes: Map-­‐Cache  Entry   EID-­‐prefix:    2001:db8:2::/48   ‒  The destination site controls its Locator-­‐set:     ingress policy (active/active in    12.0.0.2,  priority:  1,  weight:  50  (D1)   This policy controlled this case)    13.0.0.2,  priority:  1,  weight:  50  (D2)   by the destination site ‒  5-tuple hash per-flow selects 3   7   2001:db8:1::1  -­‐>  2001:db8:2::1   RLOC for encapsulation ETR Provider  A   Provider  C   ETR ITR 10.0.0.0/8   12.0.0.0/8   ITR 10.0.0.2   12.0.0.2   xTR-1 11.0.0.2  -­‐>  12.0.0.2   xTR-3 PI  EID-­‐prefix     5   PI  EID-­‐prefix     2001:db8:1::/48   2001:db8:1::1  packet  flow     2001:db8:2::/48   packet  flow   -­‐>  2001:db8:2::1 6   ETR 11.0.0.2   13.0.0.2   ETR Provider  B   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   ITR S   xTR-2 2001:db8:1::1  -­‐>  2001:db8:2::1   xTR-4 D   LISP Site 1 LISP Site 2 2   11.0.0.2  -­‐>  12.0.0.2   2001:db8:1::1  -­‐>  2001:db8:2::1   1   DNS entry: 4   D.abc.com AAAA 2001:db8:2::1 LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
LISP Operations LISP Control Plane :: Introduction…   LISP Control Plane Provides On-Demand Mappings ‒  Control  Plane  is  separate  from  data  plane   ‒  Map-­‐Resolver  and  Map-­‐Server  (similar  to  DNS  Resolver  and  DNS  Server)   ‒  LISP  Control  Plane  Messages  for  EID-­‐to-­‐RLOC  resolu3on   ‒  Distributed databases and map-caches hold mappings   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
LISP Operations LISP Control Plane :: Map-Server/Map-Resolver (MS/MR)… NOTE: An MR/MS need not be deployed as a MS  –  Map-­‐Server   router. Cisco is exploring implementing the LISP control plane on a VM. Mapping System   ‒  LISP  site  ETRs  register  their  EID   MR MS prefixes  here;  requires  configured   “lisp  site”  policy,  authen3ca3on  key   ‒  Receives  Map-­‐Requests  via   Mapping  System,  forwards  them  to   ETR ITR Provider  A   10.0.0.0/8   Provider  C   12.0.0.0/8   ETR ITR registered  ETRs   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   packet  flow   packet  flow   2001:db8:2::/48   MR  –  Map-­‐Resolver   ETR ETR ITR Provider  B   11.0.0.0/8   Provider  D   13.0.0.0/8   ITR ‒  Receives  Map-­‐Request  from  ITR   S   xTR-2 xTR-4 LISP Site 1 LISP Site 2 D   ‒  Forwards  Map-­‐Request  to   Mapping  System   ‒  Sends  Nega3ve  Map-­‐Replies  in   response  to  Map-­‐Requests  for   non-­‐LISP  sites   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
LISP Operations LISP Control Plane :: Mapping Database (ETR), Map-Cache (ITR)… LISP  Site  Mapping-­‐Database  (ETR)   Mapping System   ‒  EID-­‐to-­‐RLOC  mappings  in  all  ETRs   MR MS for  local  LISP  site   ‒  ETR  is  “authorita3ve”  for  its  EIDs,   sends  Map-­‐Replies  to  ITRs   ETR Provider  A   Provider  C   ETR ‒  ETRs  can  tailor  policy  based  on   ITR 10.0.0.0/8   12.0.0.0/8   ITR Map-­‐Request  source   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   packet  flow   packet  flow   2001:db8:2::/48   LISP  Map  Cache  (ITR)   ‒  Only  stores  mappings  for  sites  ITR   ETR ETR Provider  B   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   ITR S   xTR-2 xTR-4 currently  sending  packets  to   LISP Site 1 LISP Site 2 D   ‒  Populated  by  sending  receiving   Map-­‐Replies  from  ETRs   ‒  ITRs  must  respect  Map-­‐Reply  policy   (TTLs,  RLOC  up/down  status,  RLOC   priori3es/weights   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
LISP Operations LISP Control Plane :: Control Plane Messages…   Control Plane EID  Registra3on   ‒  Map-­‐Register  message   Sent  by  ETR  to  MS  to  register  its  associated  EID  prefixes   Specifies  the  RLOC(s)  to  be  used  by  the  MS  when  forwarding  Map-­‐Requests  to  the  ETR     Control  Plane  “Data-­‐triggered”  mapping  service ‒  Map-­‐Request  message   Sent  by  an  ITR  when  it  needs  for  EID/RLOC  mapping,  to  test  an  RLOC  for  reachability,  or  to  refresh  a   mapping  before  TTL  expira3on   ‒  Map-­‐Reply  message   Sent  by  an  ETR  in  response  to  a  valid  map-­‐request  to  provide  the  EID/RLOC  mapping  and  site  ingress   policy  for  the  requested  EID   ‒  Map-­‐No;fy  message   Sent  by  Map-­‐Server  to  ETR    to  acknowledge  that  its  requested  EID  prefixes  were  registered  successfully   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
LISP Operations LISP Control Plane :: Map Registration Example… router lisp 2   Other  2001:db8::/32  sites…   site Site2 description Site 2 Notes: authentication-key S3cr3t 12.0.0.2-­‐>  66.2.2.2   1   eid-prefix 2001:db8:2::/48 System   Mapping LISP  Map-­‐Register   ‒  The ETR registers for EIDs MR MS (udp  4342)   SHA-­‐2   that it is authoritative for 2001:db8:2::/48   12.0.0.2,  13.0.0.2   ‒  The MS is configured for the 66.2.2.2 site EIDs, and must have the same authentication key ETR Provider  A   Provider  C   ETR ITR 10.0.0.0/8   12.0.0.0/8   ITR 10.0.0.2   12.0.0.2   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   2001:db8:2::/48   ETR 11.0.0.2   13.0.0.2   ETR Provider  B   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   ITR S   xTR-2 xTR-4 D   LISP Site 1 LISP Site 2 router lisp database-mapping 2001:db8:2::/48 12.0.0.2 priority 1 weight 50 database-mapping 2001:db8:2::/48 13.0.0.2 priority 1 weight 50 ipv4 itr ipv4 etr ipv4 itr map-resolver 66.2.2.2 ipv4 etr map-server 66.2.2.2 key S3cr3t LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
LISP Operations LISP Control Plane :: Map-Request/Map-Reply Example… 3   11.0.0.2-­‐>  66.2.2.2   Notes: LISP  ECM   4   66.2.2.2-­‐>  12.0.0.2   LISP  ECM   (udp  4342)  Mapping System   (udp  4342)   ‒  The IP address in the Map- 11.0.0.2  -­‐>  2001:db8:2::1   Map-­‐Request   MR MS 11.0.0.2  -­‐>  2001:db8:2::1   Request (2001:db8:2::1 in this Map-­‐Request   (udp  4342)   nonce   (udp  4342)   case) is the host that the ITR is 66.2.2.2 nonce   trying to reach. How  do  I  get  to   2001:db8:2::1?   ‒  The Map-Reply includes the ETR ITR Provider  A   10.0.0.0/8   Provider  C   12.0.0.0/8   ETR ITR entire prefix (2001:db8:2::/48 10.0.0.2   12.0.0.2   PI  EID-­‐prefix     xTR-1 xTR-3 in this case) covering the PI  EID-­‐prefix     2001:db8:1::/48   packet  flow   packet  flow   2001:db8:2::/48   requested host. ETR 11.0.0.2   ETR Provider  B   12.0.0.2  -­‐13.0.0.2   Provider  D   >11.0.0.2   ITR 11.0.0.0/8   13.0.0.0/8   Map-­‐Reply   ITR S   xTR-2 2001:db8:1::1  -­‐>  2001:db8:2::1   (udp  4342)   xTR-4 D   LISP Site 1 nonce   LISP Site 2 2   2001:db8:2::/48   12.0.0.2  [1,  50]   1   6   13.0.0.2  [1,  50]   5   DNS entry: Map-­‐Cache  Entry   D.abc.com AAAA 2001:db8:2::1 EID-­‐prefix:    2001:db8:2::/48   Locator-­‐set:        12.0.0.2,  priority:  1,  weight:  50  (D1)      13.0.0.2,  priority:  1,  weight:  50  (D2)   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
LISP Operations LISP Control Plane :: Proxy Map-Reply Example… 2   11.0.0.2  -­‐>  66.2.2.2   Notes: LISP  ECM   12.0.0.2-­‐>  66.2.2.2   (udp  4342)  Mapping System   LISP  Map-­‐Register   1   ‒  The ETR can register with the 11.0.0.2  -­‐>  2001:db8:2::1   Map-­‐Request   MR MS (udp  4342)   SHA-­‐2   “proxy bit” set. (udp  4342)   Proxy  Bit  set   nonce   2001:db8:2::/48   ‒  The Map-Server creates and 66.2.2.2 12.0.0.2,  13.0.0.2   sends the Map-Rely on behalf of the ETR in this case. ETR Provider  A   Provider  C   ETR ITR 10.0.0.2   10.0.0.0/8   12.0.0.0/8   12.0.0.2   ITR ‒  This is useful for LISP-MN PI  EID-­‐prefix     xTR-1 xTR-3 PI  EID-­‐prefix     cases to reduce control plane 2001:db8:1::/48   2001:db8:2::/48   packet  flow   packet  flow   messaging (and increase ETR 11.0.0.2   Provider  B     Provider  D   -­‐>  113.0.0.2   66.2.2.2   1.0.0.2 ETR battery life). ITR 11.0.0.0/8   13.0.0.0/8   Map-­‐Reply   ITR S   xTR-2 (udp  4342)   xTR-4 D   LISP Site 1 nonce   LISP Site 2 2001:db8:2::/48   12.0.0.2  [1,  50]   4   13.0.0.2  [1,  50]   3   Map-­‐Cache  Entry   EID-­‐prefix:    2001:db8:2::/48   Locator-­‐set:        12.0.0.2,  priority:  1,  weight:  50  (D1)      13.0.0.2,  priority:  1,  weight:  50  (D2)   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
LISP Operations LISP Control Plane :: Negative Map-Reply Example… 2   11.0.0.2-­‐>  66.2.2.2   Notes: LISP  ECM   (udp  4342)  Mapping System   ‒  When an ITR queries for a 11.0.0.2  -­‐>  2001:db7:1::1   Map-­‐Request   MR MS destination that is not in the (udp  4342)   nonce   Mapping System, the Map- 66.2.2.2 Resolver returns an NMR. How  do  I  get  to   2001:db7:1::1?   ETR Provider  A   Provider  C   ETR ITR 10.0.0.0/8   12.0.0.0/8   ITR 10.0.0.2   12.0.0.2   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   2001:db8:2::/48   packet  flow   packet  flow   ETR 11.0.0.2   Provider  B     Provider  D   -­‐>  113.0.0.2   66.2.2.2   1.0.0.2 ETR ITR 11.0.0.0/8   13.0.0.0/8   Nega;ve-­‐Map-­‐Reply   ITR S   xTR-2 (udp  4342)   xTR-4 D   LISP Site 1 2001:db8:1::1  -­‐>  2001:db7:1::1   3   nonce   LISP Site 2 1   2001:8000::/21   NOTE: 4   The actual “covering prefix” returned in an NMR Map-­‐Cache  Entry   depends on the number and distribution of EID EID-­‐prefix:    2001:8000::/21   prefixes in the Mapping System. The NMR prefix    forward-­‐na;ve   will cover the shortest prefix that doesn’t cover any LISP Sites in the Mapping System LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
LISP Operations The LISP Beta Network operates this way today… LISP Control Plane :: Mapping System Scaling… DDT  –  Delegated  Distributed  Tree   ‒  Hierarchy  for  Instance  IDs  and  for   MR MS EID  Prefixes   ‒  DDT  Map-­‐Resolvers  sends  (ECM)   Map-­‐Requests   ‒  DDT  Nodes  Return  Map-­‐Referral   messages   xTRs xTRs PxTRs xTRs ‒  DDT  Resolvers  resolve  the  Map-­‐ xTRs MS/MRs MS/MRs MS/MRs xTRs Server’s  RLOC  itera3vely   xTRs xTRs MS/MRs DHT ALT DHT ALT DDT DHT ALT MS/MRs ‒  Conceptually,  similar  to  DNS  (IN-­‐ DDT DDT PxTRs MS/MRs DHT ALT DDT MS/MRs xTRs ADDR  hierarchy)  but  different  prefix   xTRs xTRs MS/MRs PxTRs encoding,  messages,  etc.   xTRs xTRs xTRs xTRs LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
LISP Operations LISP Internetworking :: Day-One Incremental Deployment   Early  Recogni3on   ‒  LISP  will  not  be  widely  deployed  day-­‐one   ‒  Up-­‐front  recogni3on  of  an  incremental  deployment  plan     Interworking  for: ‒  LISP-­‐sites  to  non-­‐LISP  sites  (e.g.  the  rest  of  the  Internet)   ‒  non-­‐LISP  sites  to  LISP-­‐sites     Proxy-­‐ITR/Proxy-­‐ETR  are  deployed  today   ‒  Infrastructure  LISP  network  en3ty   ‒  Creates  a  mone3zed  service  opportunity  for  infrastructure  players   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
LISP Operations LISP Internetworking :: Day-One Incremental Deployment PITR  –  Proxy  ITR   Mapping System   ‒  Receives  traffic  from  non-­‐LISP  sites;   MR MS encapsulates  traffic  to  LISP  sites   ‒  Adver3ses  coarse-­‐aggregate  EID   PITR IPv6 PETR prefixes   Internet ETR Provider  A   Provider  C   ETR ‒  LISP  sites  see  ingress  TE  “day-­‐one”   ITR 10.0.0.0/8   12.0.0.0/8   ITR 10.0.0.2   12.0.0.2   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   2001:db8:2::/48   PETR  –  Proxy  ETR   ETR 11.0.0.2   13.0.0.2   ETR ITR Provider  B   11.0.0.0/8   Provider  D   13.0.0.0/8   ITR ‒  Allows  a  LISP  Site  in  one  AF  [IPv4   S   xTR-2 xTR-4 D   or  IPv6]  and  the  opposite  RLOC   LISP Site 1 LISP Site 2 [IPv6  or  IPv4]  to  reach  non-­‐  that  AF   [IPv4  or  IPv6]  (AF-­‐hop-­‐over)     ‒  Allows  LISP  sites  with  uRPF   restric3ons  to  reach  non-­‐LISP  sites   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
LISP Operations LISP Internetworking :: Day-One Incremental Deployment Notes: 1   Non-­‐LISP   Mapping System   -­‐>  2001:db8:2::1   2001:d:1::1   v6  Site   ‒  PITRs advertise coarse- MR MS 2001:d:1::1   aggregates (2001:db8::/32 in 2001:db8::/32   2001:f:f::1   2001:f:e::1   6   this case) to attract non-LISP 2001:db8:2::1  -­‐>  2001:d:1::1   IPv6 traffic and encapsulate it to 3   PITR Internet PETR 2001:d:1::1  -­‐>  2001:db8:2::1   LISP sites. ETR ITR Provider  A   10.0.0.0/8   Provider  C   12.0.0.0/8   ETR ITR ‒  PETRs provide LISP to non- 10.0.0.2   12.0.0.2   PI  EID-­‐prefix     xTR-1 10.9.1.1  -­‐>  12.0.0.2   xTR-3 LISP AF hop-over (among PI  EID-­‐prefix     2001:db8:1::/48   2001:d:1::1  -­‐>  2001:db8:2::1   2001:db8:2::/48   other services). 2   ETR 11.0.0.2   ETR Provider  B   12.0.0.2  -­‐>  12.9.2.1   13.0.0.2   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   2001:db8:2::1  -­‐>  2001:d:1::1   ITR S   xTR-2 5   xTR-4 2001:db8:2::1  -­‐>  2001:d:1::1   D   LISP Site 1 LISP Site 2 4   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
How are Customers Using LISP?
LISP Use-Cases Core LISP Use-Cases… 1.  Efficient  Mul3-­‐Homing   2.  IPv6  Transi3on  Support   3.  Efficient  Virtualiza3on/VPN   4.  Data  Center/Host  Mobility   5.  LISP  Mobile-­‐Node   These  ‘core’  Use-­‐Cases  highlight   func3onality  that  is  integrated  in  LISP.     All  use-­‐case  ::  mul3-­‐homing,  v6   transi3on,  virtualiza3on,  and  mobility   work  together  as  well   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
LISP Use-Cases :: Efficient Multihoming Overview… Efficient Multihoming   Needs: ‒  Site connectivity to multiple providers for SP   resiliency AS  200   ‒  Low OpEx/CapEx solution for Ingress TE Internet   LISP  Site     LISP Solution: SP   ‒  LISP provides a streamlined solution for AS  300   handling multi-provider connectivity and policy without BGP complexities No eBGP   Benefits: ‒  OpEx-friendly multi-homing across different providers   Example: ‒  Simple policy management ‒  NJEdge.NET is providing multihoming services using LISP for 190 educational ‒  Ingress Traffic Engineering that actually institutions in New Jersey “works” LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
LISP Use-Cases :: IPv6 Transition Support Overview… Address Family independence   Needs: ‒  Rapid IPv6 Deployment IPv6  Network   ‒  Minimal Infrastructure disruption IPv6  Core   xTR     LISP Solution: v6   ‒  LISP encapsulation is Address Family IPv4  Network   xTR   v4   agnostic, allowing for IPv6 over an IPv4  Core   IPv4 core, or IPv4 over an IPv6 core   Benefits: ‒  Accelerated IPv6 adoption   Examples: ‒  Minimal added configurations ‒  No core network changes ‒  Can be transitional or permanent LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
LISP Use-Cases :: Virtualization Support Overview… Efficient Virtualization IID  11   IID  22     Needs: IID  33   IID  44   IPv4   IPv4   ‒  Integrated Segmentation xTR   IP  Core   PE4   xTR   IID  11   IID  22   ‒  Global scale and interoperability IPv4   PE1   BLUE   MPLS-­‐VPN   ‒  Minimal Infrastructure disruption xTR   PURPLE   MPLS-­‐VPN     LISP Solution: IID  33   IID  44   PE3   IID  33   IID  44   IPv4   PE2   ‒  24-bit LISP Instance-ID segments control IPv4   xTR   xTR   plane and data plane IID  44   IID  44   IID  33   IID  33     Benefits: IID  22   IID  11   IID  11   IID  22   ‒  Very high scale tenant segmentation with Global Scalability   Examples: ‒  Transport-independent IP-based “overlay” ‒  InTouch in production ‒  Virtualization of “ID” and “Locator” space ‒  AT&T is conducting PoC testing LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
LISP Use-Cases :: Data Center/Host Mobility Overview… Data Center/Host Mobility   Needs: Legacy Site Legacy Site Legacy Site ‒  VM-Mobility extending subnets and across subnets LISP Site PxTR ‒  Move detection, dynamic EID-to-RLOC xTR mappings, traffic redirection Mapping DB   LISP Solution: IP  Network   ‒  LISP for across subnets moves ‒  Host IP (/32) remains the same VM move   Benefits: West VM East ‒  VM/OS agnostic, seamless, integrated, DC a.b.c.1 VM DC a.b.c.1 global workload mobility (cloud bursting) Data Data ‒  Direct Path after move (no triangulation) Center 1 Center 2 ‒  No IP address changes across move ‒  Connections survive across moves   Example: ‒  No routing re-convergence or DNS updates ‒  VXnet is providing Disaster Recovery solutions ‒  ARP elimination for financial institutions LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
LISP Use-Cases :: LISP Mobile-Node Overview…   Needs: ‒  Mobile devices roaming across any access media without connection reset ‒  Mobile device keeps the same IP address forever Any 3G/4G Any WiFi Network Network   LISP Solution: Dynamic     Dynamic     ‒  LISP “level of indirection” splits endpoints and locators RLOC   RLOC   ‒  Scalable, host-level registration (1010)   Benefits: This is a ‒  MNs can roam and stay connected dino.cisco.com   LISP Site!   ‒  MNs can be servers Sta;c  EID:  2610:00d0:xxxx::1/128     ‒  MNs roam without DNS changes ‒  MNs can use multiple interfaces ‒  Packet “near-stretch-1” minimizes latency LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
LISP Status and References
LISP Status IETF LISP WG: http://tools.ietf.org/wg/lisp/ LISP Standardization Status… Main drafts Completed! RFC #’s soon!   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
LISP Update
LISP Update
LISP Update
LISP Update
LISP Update
LISP Update
LISP Update
LISP Update
LISP Update
LISP Update

Recommandé

Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationSwiss IPv6 Council
 
Arkusz obserwacyjny-zdolnego-przedszkolaka (2)
Arkusz obserwacyjny-zdolnego-przedszkolaka (2)Arkusz obserwacyjny-zdolnego-przedszkolaka (2)
Arkusz obserwacyjny-zdolnego-przedszkolaka (2)Aga Szajda
 
VMworld 2013: SDDC is Here and Now: A Success Story
VMworld 2013: SDDC is Here and Now: A Success Story VMworld 2013: SDDC is Here and Now: A Success Story
VMworld 2013: SDDC is Here and Now: A Success Story VMworld
 
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Kristoffer Sheather
 
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLANFlexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLANCisco Canada
 
Mobile megatrends 2012
Mobile megatrends 2012Mobile megatrends 2012
Mobile megatrends 2012SlashData
 
Prolog & lisp
Prolog & lispProlog & lisp
Prolog & lispIsmail El Gayar
 
LISP: Introduction to lisp
LISP: Introduction to lispLISP: Introduction to lisp
LISP: Introduction to lispDataminingTools Inc
 

Recommandé

Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationSwiss IPv6 Council
 
Arkusz obserwacyjny-zdolnego-przedszkolaka (2)
Arkusz obserwacyjny-zdolnego-przedszkolaka (2)Arkusz obserwacyjny-zdolnego-przedszkolaka (2)
Arkusz obserwacyjny-zdolnego-przedszkolaka (2)Aga Szajda
 
VMworld 2013: SDDC is Here and Now: A Success Story
VMworld 2013: SDDC is Here and Now: A Success Story VMworld 2013: SDDC is Here and Now: A Success Story
VMworld 2013: SDDC is Here and Now: A Success Story VMworld
 
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Kristoffer Sheather
 
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLANFlexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLANCisco Canada
 
Mobile megatrends 2012
Mobile megatrends 2012Mobile megatrends 2012
Mobile megatrends 2012SlashData
 
Prolog & lisp
Prolog & lispProlog & lisp
Prolog & lispIsmail El Gayar
 
LISP: Introduction to lisp
LISP: Introduction to lispLISP: Introduction to lisp
LISP: Introduction to lispDataminingTools Inc
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungSwiss IPv6 Council
 
Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Swiss IPv6 Council
 
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?Swiss IPv6 Council
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Swiss IPv6 Council
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieSwiss IPv6 Council
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6Swiss IPv6 Council
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"Swiss IPv6 Council
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionSwiss IPv6 Council
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Swiss IPv6 Council
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationSwiss IPv6 Council
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationSwiss IPv6 Council
 
IPv6 Transition
IPv6 TransitionIPv6 Transition
IPv6 TransitionSwiss IPv6 Council
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At StakeSwiss IPv6 Council
 
IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und HackingSwiss IPv6 Council
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCSSwiss IPv6 Council
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandSwiss IPv6 Council
 
IPv6 Enterprise Planning
IPv6 Enterprise PlanningIPv6 Enterprise Planning
IPv6 Enterprise PlanningSwiss IPv6 Council
 

Contenu connexe

Plus de Swiss IPv6 Council

IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungSwiss IPv6 Council
 
Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Swiss IPv6 Council
 
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?Swiss IPv6 Council
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Swiss IPv6 Council
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieSwiss IPv6 Council
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6Swiss IPv6 Council
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"Swiss IPv6 Council
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionSwiss IPv6 Council
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Swiss IPv6 Council
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationSwiss IPv6 Council
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationSwiss IPv6 Council
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At StakeSwiss IPv6 Council
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandSwiss IPv6 Council
 

Plus de Swiss IPv6 Council (19)

IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und Adressierung
 
Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014
 
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security Devices
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 Transition
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementation
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- Acceleration
 
IPv6 Transition
IPv6 TransitionIPv6 Transition
IPv6 Transition
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At Stake
 
IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und Hacking
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH Switzerland
 
IPv6 Enterprise Planning
IPv6 Enterprise PlanningIPv6 Enterprise Planning
IPv6 Enterprise Planning
 

LISP Update

  • 1. LISP – Routing in the Cloud LISP Update – 13 September 2012 LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco PublicCisco Public 1
  • 2. LISP - A Next Generation Routing Architecture   What is LISP?   How Does LISP Work?   How Customers are Using LISP   References LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  • 4. LISP Overview Identity and Location :: an Overloaded Concept in Routing Today… DFZ Routing Table Site 1 eBGP   64.1.0.0/17   AS  200   12.0/8   Enterprise 64.1.0.0/16   12.  0/8   64.1.0.0/17   Tier 1 SP 64.1.0.0/16   Site 2 AS  100   12.1.1.2/30   Location 64.1.0.0/16   13.1.1.2/30   IPv4  Internet   Identity AS  300   13.0/8   13.  0/8   Site 3 64.1.0.0/16   eBGP   Commodity SP 64.1.128.0/17   64.1.128.0/17   Transit SP 64.1.0.0/16   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  • 5. LISP Overview Identity and Location :: an Overloaded Concept in Routing Today… •  What if ID address and LISP DFZ Routing Locator address are in different databases? Mapping Table •  This creates a “level of System indirection” between ID and Site 1 LOCATION in the network! Enterprise AS  200   12.  0/8   Clear Separation at the Network Layer:: Tier 1 SP •  who/what you are looking for Site 2 vs. … AS  100   12.1.1.2/30   •  how to best get there Location 64.1.0.0/16   13.1.1.2/30   IPv4  Internet   Identity ID/Loc Split is common already. There are AS  300   two basic approaches: 13.  0/8   •  Translations (e.g. NAT) Site 3 Commodity SP vs. … •  Tunnels (e.g. GRE, IPsec, MPLS) Transit SP Both approaches are limited to local scope What is needed is Locator/ID Separation on a GLOBAL Scope. LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  • 6. LISP Overview Identity and Location :: an Overloaded Concept in Routing Today… •  Let’s scale the ID address LISP DFZ Routing databases to 1010 and allow it to hold any prefix length Mapping Table (even /32’s and /128’s) System a.a.a.a/27   x.x.x.x/25   •  Let’s provide a mechanism to Site 1 provide on-the-fly resolution of ID and locator (like DNS) AS  200   •  High Enterprise and ability scale design, 12.  0/8   to change locator for fixed ID enables Mobility! Tier 1 SP Site 2 AS  100   12.1.1.2/30   Location 64.1.0.0/16   13.1.1.2/30   IPv4  Internet   Identity AS  300   13.  0/8   Site 3 Commodity SP Transit SP LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  • 7. LISP Overview LISP – A Routing Architecture, Not a Feature… LISP  changes  the  rou3ng  architecture  to  implement  a  level  of  indirec;on   between  a  hosts  IDENTITY  and  its  LOCATION  in  the  network     LISP  radical  changes  the  current  ROUTING  Architecture   •  Radical  changes  lead  to  DISRUPTION  opportuni3es   •  LISP  allows  both  SPs  and  Enterprises  to  do  remarkably  different   things  than  tradi3onal  approaches  allow   •  LISP  enables  NEW  services  (VPNs,  IPv6,  Mobility,  “cloud”)  in  one,   common,  simple  architecture     LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  • 9. LISP Operations LISP :: Main Attributes of LISP…   LISP Loc/ID Split namespaces EID a.a.a.0/24  RLOC   w.x.y.1 b.b.b.0/24 x.y.w.2 ‒  EID  (Endpoint  Iden;fier)  is  the  IP  address  of  a   c.c.c.0/24 z.q.r.5 MS/MR   d.d.0.0/16 z.q.r.5 EID  Space   host  –  just  as  it  is  today   EID  RLOC   a.a.a.0/24 w.x.y.1 ‒  RLOC  (Rou;ng  Locator)  is  the  IP  address  of   b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 xTR   d.d.0.0/16 z.q.r.5 Non-­‐LISP   the  LISP  router  for  the  host   Prefix        Next-­‐hop   EID-­‐to-­‐RLOC   ‒  EID-­‐to-­‐RLOC  mapping  is  the  distributed   w.x.y.1 x.y.w.2 z.q.r.5  e.f.g.h    e.f.g.h    e.f.g.h   mapping   architecture  that  maps  EIDs  to  RLOCs   z.q.r.5  e.f.g.h   PxTR   RLOC  Space     Network-­‐based  solu3on     Address  Family  agnos3c   xTR   EID  Space   xTR     No  host  changes     Incrementally  deployable     Minimal  configura3on   (support  LISP  and  non-­‐LISP)     No  DNS  changes     Support  for  mobility   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  • 10. LISP Operations LISP :: Mapping Resolution “Level of Indirection” DNS analog…   LISP “Level of Indirection” is analogous to a DNS lookup ‒  DNS resolves IP addresses for URL Answering the “WHO IS” question   [ who is lisp.cisco.com ] ? DNS DNS host Server Name-to-IP URL Resolution [153.16.5.29,  2610:D0:110C:1::3  ] ‒  LISP resolves locators for queried identities Answering the “WHERE IS” question   [ where is 2610:D0:110C:1::3  ] ? LISP LISP LISP Identity-to-locator Mapping router Mapping Resolution System [ locator is 128.107.81.169 ] LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • 11. LISP Operations LISP Data Plane :: Ingress/Egress Tunnel Router (xTR)… ITR  –  Ingress  Tunnel  Router   ‒  Receives  packets  from  site-­‐facing   interfaces   ‒  Encap  to  remote  LISP  sites,  or   na3ve-­‐fwd  to  non-­‐LISP  sites   ETR Provider  A   10.0.0.0/8   Provider  C   12.0.0.0/8   ETR ETR  –  Egress  Tunnel  Router   ITR ITR PI  EID-­‐prefix     xTR-1 xTR-3 PI  EID-­‐prefix     ‒  Receives  packets  from  core-­‐facing   2001:db8:1::/48   2001:db8:2::/48   packet  flow   packet  flow   interfaces   ETR ETR Provider  B   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   ITR ‒  De-­‐cap  and  deliver  packets  to  local   S   xTR-2 xTR-4 D   EIDs  at  site   LISP Site 1 LISP Site 2 LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  • 12. LISP Operations LISP Data Plane :: Unicast Packet Flow… Notes: Map-­‐Cache  Entry   EID-­‐prefix:    2001:db8:2::/48   ‒  The destination site controls its Locator-­‐set:     ingress policy (active/active in    12.0.0.2,  priority:  1,  weight:  50  (D1)   This policy controlled this case)    13.0.0.2,  priority:  1,  weight:  50  (D2)   by the destination site ‒  5-tuple hash per-flow selects 3   7   2001:db8:1::1  -­‐>  2001:db8:2::1   RLOC for encapsulation ETR Provider  A   Provider  C   ETR ITR 10.0.0.0/8   12.0.0.0/8   ITR 10.0.0.2   12.0.0.2   xTR-1 11.0.0.2  -­‐>  12.0.0.2   xTR-3 PI  EID-­‐prefix     5   PI  EID-­‐prefix     2001:db8:1::/48   2001:db8:1::1  packet  flow     2001:db8:2::/48   packet  flow   -­‐>  2001:db8:2::1 6   ETR 11.0.0.2   13.0.0.2   ETR Provider  B   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   ITR S   xTR-2 2001:db8:1::1  -­‐>  2001:db8:2::1   xTR-4 D   LISP Site 1 LISP Site 2 2   11.0.0.2  -­‐>  12.0.0.2   2001:db8:1::1  -­‐>  2001:db8:2::1   1   DNS entry: 4   D.abc.com AAAA 2001:db8:2::1 LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  • 13. LISP Operations LISP Control Plane :: Introduction…   LISP Control Plane Provides On-Demand Mappings ‒  Control  Plane  is  separate  from  data  plane   ‒  Map-­‐Resolver  and  Map-­‐Server  (similar  to  DNS  Resolver  and  DNS  Server)   ‒  LISP  Control  Plane  Messages  for  EID-­‐to-­‐RLOC  resolu3on   ‒  Distributed databases and map-caches hold mappings   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  • 14. LISP Operations LISP Control Plane :: Map-Server/Map-Resolver (MS/MR)… NOTE: An MR/MS need not be deployed as a MS  –  Map-­‐Server   router. Cisco is exploring implementing the LISP control plane on a VM. Mapping System   ‒  LISP  site  ETRs  register  their  EID   MR MS prefixes  here;  requires  configured   “lisp  site”  policy,  authen3ca3on  key   ‒  Receives  Map-­‐Requests  via   Mapping  System,  forwards  them  to   ETR ITR Provider  A   10.0.0.0/8   Provider  C   12.0.0.0/8   ETR ITR registered  ETRs   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   packet  flow   packet  flow   2001:db8:2::/48   MR  –  Map-­‐Resolver   ETR ETR ITR Provider  B   11.0.0.0/8   Provider  D   13.0.0.0/8   ITR ‒  Receives  Map-­‐Request  from  ITR   S   xTR-2 xTR-4 LISP Site 1 LISP Site 2 D   ‒  Forwards  Map-­‐Request  to   Mapping  System   ‒  Sends  Nega3ve  Map-­‐Replies  in   response  to  Map-­‐Requests  for   non-­‐LISP  sites   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  • 15. LISP Operations LISP Control Plane :: Mapping Database (ETR), Map-Cache (ITR)… LISP  Site  Mapping-­‐Database  (ETR)   Mapping System   ‒  EID-­‐to-­‐RLOC  mappings  in  all  ETRs   MR MS for  local  LISP  site   ‒  ETR  is  “authorita3ve”  for  its  EIDs,   sends  Map-­‐Replies  to  ITRs   ETR Provider  A   Provider  C   ETR ‒  ETRs  can  tailor  policy  based  on   ITR 10.0.0.0/8   12.0.0.0/8   ITR Map-­‐Request  source   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   packet  flow   packet  flow   2001:db8:2::/48   LISP  Map  Cache  (ITR)   ‒  Only  stores  mappings  for  sites  ITR   ETR ETR Provider  B   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   ITR S   xTR-2 xTR-4 currently  sending  packets  to   LISP Site 1 LISP Site 2 D   ‒  Populated  by  sending  receiving   Map-­‐Replies  from  ETRs   ‒  ITRs  must  respect  Map-­‐Reply  policy   (TTLs,  RLOC  up/down  status,  RLOC   priori3es/weights   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  • 16. LISP Operations LISP Control Plane :: Control Plane Messages…   Control Plane EID  Registra3on   ‒  Map-­‐Register  message   Sent  by  ETR  to  MS  to  register  its  associated  EID  prefixes   Specifies  the  RLOC(s)  to  be  used  by  the  MS  when  forwarding  Map-­‐Requests  to  the  ETR     Control  Plane  “Data-­‐triggered”  mapping  service ‒  Map-­‐Request  message   Sent  by  an  ITR  when  it  needs  for  EID/RLOC  mapping,  to  test  an  RLOC  for  reachability,  or  to  refresh  a   mapping  before  TTL  expira3on   ‒  Map-­‐Reply  message   Sent  by  an  ETR  in  response  to  a  valid  map-­‐request  to  provide  the  EID/RLOC  mapping  and  site  ingress   policy  for  the  requested  EID   ‒  Map-­‐No;fy  message   Sent  by  Map-­‐Server  to  ETR    to  acknowledge  that  its  requested  EID  prefixes  were  registered  successfully   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  • 17. LISP Operations LISP Control Plane :: Map Registration Example… router lisp 2   Other  2001:db8::/32  sites…   site Site2 description Site 2 Notes: authentication-key S3cr3t 12.0.0.2-­‐>  66.2.2.2   1   eid-prefix 2001:db8:2::/48 System   Mapping LISP  Map-­‐Register   ‒  The ETR registers for EIDs MR MS (udp  4342)   SHA-­‐2   that it is authoritative for 2001:db8:2::/48   12.0.0.2,  13.0.0.2   ‒  The MS is configured for the 66.2.2.2 site EIDs, and must have the same authentication key ETR Provider  A   Provider  C   ETR ITR 10.0.0.0/8   12.0.0.0/8   ITR 10.0.0.2   12.0.0.2   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   2001:db8:2::/48   ETR 11.0.0.2   13.0.0.2   ETR Provider  B   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   ITR S   xTR-2 xTR-4 D   LISP Site 1 LISP Site 2 router lisp database-mapping 2001:db8:2::/48 12.0.0.2 priority 1 weight 50 database-mapping 2001:db8:2::/48 13.0.0.2 priority 1 weight 50 ipv4 itr ipv4 etr ipv4 itr map-resolver 66.2.2.2 ipv4 etr map-server 66.2.2.2 key S3cr3t LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  • 18. LISP Operations LISP Control Plane :: Map-Request/Map-Reply Example… 3   11.0.0.2-­‐>  66.2.2.2   Notes: LISP  ECM   4   66.2.2.2-­‐>  12.0.0.2   LISP  ECM   (udp  4342)  Mapping System   (udp  4342)   ‒  The IP address in the Map- 11.0.0.2  -­‐>  2001:db8:2::1   Map-­‐Request   MR MS 11.0.0.2  -­‐>  2001:db8:2::1   Request (2001:db8:2::1 in this Map-­‐Request   (udp  4342)   nonce   (udp  4342)   case) is the host that the ITR is 66.2.2.2 nonce   trying to reach. How  do  I  get  to   2001:db8:2::1?   ‒  The Map-Reply includes the ETR ITR Provider  A   10.0.0.0/8   Provider  C   12.0.0.0/8   ETR ITR entire prefix (2001:db8:2::/48 10.0.0.2   12.0.0.2   PI  EID-­‐prefix     xTR-1 xTR-3 in this case) covering the PI  EID-­‐prefix     2001:db8:1::/48   packet  flow   packet  flow   2001:db8:2::/48   requested host. ETR 11.0.0.2   ETR Provider  B   12.0.0.2  -­‐13.0.0.2   Provider  D   >11.0.0.2   ITR 11.0.0.0/8   13.0.0.0/8   Map-­‐Reply   ITR S   xTR-2 2001:db8:1::1  -­‐>  2001:db8:2::1   (udp  4342)   xTR-4 D   LISP Site 1 nonce   LISP Site 2 2   2001:db8:2::/48   12.0.0.2  [1,  50]   1   6   13.0.0.2  [1,  50]   5   DNS entry: Map-­‐Cache  Entry   D.abc.com AAAA 2001:db8:2::1 EID-­‐prefix:    2001:db8:2::/48   Locator-­‐set:        12.0.0.2,  priority:  1,  weight:  50  (D1)      13.0.0.2,  priority:  1,  weight:  50  (D2)   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  • 19. LISP Operations LISP Control Plane :: Proxy Map-Reply Example… 2   11.0.0.2  -­‐>  66.2.2.2   Notes: LISP  ECM   12.0.0.2-­‐>  66.2.2.2   (udp  4342)  Mapping System   LISP  Map-­‐Register   1   ‒  The ETR can register with the 11.0.0.2  -­‐>  2001:db8:2::1   Map-­‐Request   MR MS (udp  4342)   SHA-­‐2   “proxy bit” set. (udp  4342)   Proxy  Bit  set   nonce   2001:db8:2::/48   ‒  The Map-Server creates and 66.2.2.2 12.0.0.2,  13.0.0.2   sends the Map-Rely on behalf of the ETR in this case. ETR Provider  A   Provider  C   ETR ITR 10.0.0.2   10.0.0.0/8   12.0.0.0/8   12.0.0.2   ITR ‒  This is useful for LISP-MN PI  EID-­‐prefix     xTR-1 xTR-3 PI  EID-­‐prefix     cases to reduce control plane 2001:db8:1::/48   2001:db8:2::/48   packet  flow   packet  flow   messaging (and increase ETR 11.0.0.2   Provider  B     Provider  D   -­‐>  113.0.0.2   66.2.2.2   1.0.0.2 ETR battery life). ITR 11.0.0.0/8   13.0.0.0/8   Map-­‐Reply   ITR S   xTR-2 (udp  4342)   xTR-4 D   LISP Site 1 nonce   LISP Site 2 2001:db8:2::/48   12.0.0.2  [1,  50]   4   13.0.0.2  [1,  50]   3   Map-­‐Cache  Entry   EID-­‐prefix:    2001:db8:2::/48   Locator-­‐set:        12.0.0.2,  priority:  1,  weight:  50  (D1)      13.0.0.2,  priority:  1,  weight:  50  (D2)   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  • 20. LISP Operations LISP Control Plane :: Negative Map-Reply Example… 2   11.0.0.2-­‐>  66.2.2.2   Notes: LISP  ECM   (udp  4342)  Mapping System   ‒  When an ITR queries for a 11.0.0.2  -­‐>  2001:db7:1::1   Map-­‐Request   MR MS destination that is not in the (udp  4342)   nonce   Mapping System, the Map- 66.2.2.2 Resolver returns an NMR. How  do  I  get  to   2001:db7:1::1?   ETR Provider  A   Provider  C   ETR ITR 10.0.0.0/8   12.0.0.0/8   ITR 10.0.0.2   12.0.0.2   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   2001:db8:2::/48   packet  flow   packet  flow   ETR 11.0.0.2   Provider  B     Provider  D   -­‐>  113.0.0.2   66.2.2.2   1.0.0.2 ETR ITR 11.0.0.0/8   13.0.0.0/8   Nega;ve-­‐Map-­‐Reply   ITR S   xTR-2 (udp  4342)   xTR-4 D   LISP Site 1 2001:db8:1::1  -­‐>  2001:db7:1::1   3   nonce   LISP Site 2 1   2001:8000::/21   NOTE: 4   The actual “covering prefix” returned in an NMR Map-­‐Cache  Entry   depends on the number and distribution of EID EID-­‐prefix:    2001:8000::/21   prefixes in the Mapping System. The NMR prefix    forward-­‐na;ve   will cover the shortest prefix that doesn’t cover any LISP Sites in the Mapping System LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  • 21. LISP Operations The LISP Beta Network operates this way today… LISP Control Plane :: Mapping System Scaling… DDT  –  Delegated  Distributed  Tree   ‒  Hierarchy  for  Instance  IDs  and  for   MR MS EID  Prefixes   ‒  DDT  Map-­‐Resolvers  sends  (ECM)   Map-­‐Requests   ‒  DDT  Nodes  Return  Map-­‐Referral   messages   xTRs xTRs PxTRs xTRs ‒  DDT  Resolvers  resolve  the  Map-­‐ xTRs MS/MRs MS/MRs MS/MRs xTRs Server’s  RLOC  itera3vely   xTRs xTRs MS/MRs DHT ALT DHT ALT DDT DHT ALT MS/MRs ‒  Conceptually,  similar  to  DNS  (IN-­‐ DDT DDT PxTRs MS/MRs DHT ALT DDT MS/MRs xTRs ADDR  hierarchy)  but  different  prefix   xTRs xTRs MS/MRs PxTRs encoding,  messages,  etc.   xTRs xTRs xTRs xTRs LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  • 22. LISP Operations LISP Internetworking :: Day-One Incremental Deployment   Early  Recogni3on   ‒  LISP  will  not  be  widely  deployed  day-­‐one   ‒  Up-­‐front  recogni3on  of  an  incremental  deployment  plan     Interworking  for: ‒  LISP-­‐sites  to  non-­‐LISP  sites  (e.g.  the  rest  of  the  Internet)   ‒  non-­‐LISP  sites  to  LISP-­‐sites     Proxy-­‐ITR/Proxy-­‐ETR  are  deployed  today   ‒  Infrastructure  LISP  network  en3ty   ‒  Creates  a  mone3zed  service  opportunity  for  infrastructure  players   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  • 23. LISP Operations LISP Internetworking :: Day-One Incremental Deployment PITR  –  Proxy  ITR   Mapping System   ‒  Receives  traffic  from  non-­‐LISP  sites;   MR MS encapsulates  traffic  to  LISP  sites   ‒  Adver3ses  coarse-­‐aggregate  EID   PITR IPv6 PETR prefixes   Internet ETR Provider  A   Provider  C   ETR ‒  LISP  sites  see  ingress  TE  “day-­‐one”   ITR 10.0.0.0/8   12.0.0.0/8   ITR 10.0.0.2   12.0.0.2   xTR-1 xTR-3 PI  EID-­‐prefix     PI  EID-­‐prefix     2001:db8:1::/48   2001:db8:2::/48   PETR  –  Proxy  ETR   ETR 11.0.0.2   13.0.0.2   ETR ITR Provider  B   11.0.0.0/8   Provider  D   13.0.0.0/8   ITR ‒  Allows  a  LISP  Site  in  one  AF  [IPv4   S   xTR-2 xTR-4 D   or  IPv6]  and  the  opposite  RLOC   LISP Site 1 LISP Site 2 [IPv6  or  IPv4]  to  reach  non-­‐  that  AF   [IPv4  or  IPv6]  (AF-­‐hop-­‐over)     ‒  Allows  LISP  sites  with  uRPF   restric3ons  to  reach  non-­‐LISP  sites   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  • 24. LISP Operations LISP Internetworking :: Day-One Incremental Deployment Notes: 1   Non-­‐LISP   Mapping System   -­‐>  2001:db8:2::1   2001:d:1::1   v6  Site   ‒  PITRs advertise coarse- MR MS 2001:d:1::1   aggregates (2001:db8::/32 in 2001:db8::/32   2001:f:f::1   2001:f:e::1   6   this case) to attract non-LISP 2001:db8:2::1  -­‐>  2001:d:1::1   IPv6 traffic and encapsulate it to 3   PITR Internet PETR 2001:d:1::1  -­‐>  2001:db8:2::1   LISP sites. ETR ITR Provider  A   10.0.0.0/8   Provider  C   12.0.0.0/8   ETR ITR ‒  PETRs provide LISP to non- 10.0.0.2   12.0.0.2   PI  EID-­‐prefix     xTR-1 10.9.1.1  -­‐>  12.0.0.2   xTR-3 LISP AF hop-over (among PI  EID-­‐prefix     2001:db8:1::/48   2001:d:1::1  -­‐>  2001:db8:2::1   2001:db8:2::/48   other services). 2   ETR 11.0.0.2   ETR Provider  B   12.0.0.2  -­‐>  12.9.2.1   13.0.0.2   Provider  D   ITR 11.0.0.0/8   13.0.0.0/8   2001:db8:2::1  -­‐>  2001:d:1::1   ITR S   xTR-2 5   xTR-4 2001:db8:2::1  -­‐>  2001:d:1::1   D   LISP Site 1 LISP Site 2 4   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  • 25. How are Customers Using LISP?
  • 26. LISP Use-Cases Core LISP Use-Cases… 1.  Efficient  Mul3-­‐Homing   2.  IPv6  Transi3on  Support   3.  Efficient  Virtualiza3on/VPN   4.  Data  Center/Host  Mobility   5.  LISP  Mobile-­‐Node   These  ‘core’  Use-­‐Cases  highlight   func3onality  that  is  integrated  in  LISP.     All  use-­‐case  ::  mul3-­‐homing,  v6   transi3on,  virtualiza3on,  and  mobility   work  together  as  well   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  • 27. LISP Use-Cases :: Efficient Multihoming Overview… Efficient Multihoming   Needs: ‒  Site connectivity to multiple providers for SP   resiliency AS  200   ‒  Low OpEx/CapEx solution for Ingress TE Internet   LISP  Site     LISP Solution: SP   ‒  LISP provides a streamlined solution for AS  300   handling multi-provider connectivity and policy without BGP complexities No eBGP   Benefits: ‒  OpEx-friendly multi-homing across different providers   Example: ‒  Simple policy management ‒  NJEdge.NET is providing multihoming services using LISP for 190 educational ‒  Ingress Traffic Engineering that actually institutions in New Jersey “works” LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
  • 28. LISP Use-Cases :: IPv6 Transition Support Overview… Address Family independence   Needs: ‒  Rapid IPv6 Deployment IPv6  Network   ‒  Minimal Infrastructure disruption IPv6  Core   xTR     LISP Solution: v6   ‒  LISP encapsulation is Address Family IPv4  Network   xTR   v4   agnostic, allowing for IPv6 over an IPv4  Core   IPv4 core, or IPv4 over an IPv6 core   Benefits: ‒  Accelerated IPv6 adoption   Examples: ‒  Minimal added configurations ‒  No core network changes ‒  Can be transitional or permanent LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
  • 29. LISP Use-Cases :: Virtualization Support Overview… Efficient Virtualization IID  11   IID  22     Needs: IID  33   IID  44   IPv4   IPv4   ‒  Integrated Segmentation xTR   IP  Core   PE4   xTR   IID  11   IID  22   ‒  Global scale and interoperability IPv4   PE1   BLUE   MPLS-­‐VPN   ‒  Minimal Infrastructure disruption xTR   PURPLE   MPLS-­‐VPN     LISP Solution: IID  33   IID  44   PE3   IID  33   IID  44   IPv4   PE2   ‒  24-bit LISP Instance-ID segments control IPv4   xTR   xTR   plane and data plane IID  44   IID  44   IID  33   IID  33     Benefits: IID  22   IID  11   IID  11   IID  22   ‒  Very high scale tenant segmentation with Global Scalability   Examples: ‒  Transport-independent IP-based “overlay” ‒  InTouch in production ‒  Virtualization of “ID” and “Locator” space ‒  AT&T is conducting PoC testing LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  • 30. LISP Use-Cases :: Data Center/Host Mobility Overview… Data Center/Host Mobility   Needs: Legacy Site Legacy Site Legacy Site ‒  VM-Mobility extending subnets and across subnets LISP Site PxTR ‒  Move detection, dynamic EID-to-RLOC xTR mappings, traffic redirection Mapping DB   LISP Solution: IP  Network   ‒  LISP for across subnets moves ‒  Host IP (/32) remains the same VM move   Benefits: West VM East ‒  VM/OS agnostic, seamless, integrated, DC a.b.c.1 VM DC a.b.c.1 global workload mobility (cloud bursting) Data Data ‒  Direct Path after move (no triangulation) Center 1 Center 2 ‒  No IP address changes across move ‒  Connections survive across moves   Example: ‒  No routing re-convergence or DNS updates ‒  VXnet is providing Disaster Recovery solutions ‒  ARP elimination for financial institutions LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  • 31. LISP Use-Cases :: LISP Mobile-Node Overview…   Needs: ‒  Mobile devices roaming across any access media without connection reset ‒  Mobile device keeps the same IP address forever Any 3G/4G Any WiFi Network Network   LISP Solution: Dynamic     Dynamic     ‒  LISP “level of indirection” splits endpoints and locators RLOC   RLOC   ‒  Scalable, host-level registration (1010)   Benefits: This is a ‒  MNs can roam and stay connected dino.cisco.com   LISP Site!   ‒  MNs can be servers Sta;c  EID:  2610:00d0:xxxx::1/128     ‒  MNs roam without DNS changes ‒  MNs can use multiple interfaces ‒  Packet “near-stretch-1” minimizes latency LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  • 32. LISP Status and References
  • 33. LISP Status IETF LISP WG: http://tools.ietf.org/wg/lisp/ LISP Standardization Status… Main drafts Completed! RFC #’s soon!   LISP – Routing in the Cloud © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33