SlideShare una empresa de Scribd logo

10 fn tut3

S
Scott Foster
1 de 94
Descargar para leer sin conexión
LISP - A Next Generation Networking Architecture
Session Objectives  At the end of this session, you should be able to: – Understand the scalability issues facing the Internet today – Describe how LISP helps solve key scaling issues, and enable interesting new functionalities – Describe the LISP data plane and control plane mechanisms – Understand the basic LISP configuration requirements – Understand Cisco‟s contributions and plans for LISP BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Agenda  LISP Overview  LISP Operations  LISP Example  LISP Use Cases  LISP Initiatives  LISP Summary  Additional Material BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3
LISP Overview Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
LISP Overview Why was LISP developed?  LISP originally conceived to address Internet Scaling What causes scaling issues? − IP addresses denote both location and identity today − Overloaded IP address semantic makes efficient routing impossible − IPv6 does not fix this Why are scaling issues bad? “… routing scalability is the most − Routers require tons of expensive memory important problem facing the Internet to hold the Internet Routing Table in the today and must be solved … ” forwarding plane of a router − It‟s expensive for network builders/operators Internet Architecture Board (IAB) October 2006 Workshop (written as RFC 4984) − Replacing equipment for the wrong reason (to hold the routing table rather than implementing new features…) − It‟s not environmentally GREEN  BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 5
LISP Overview What Pollutes the Internet Today? Before Loc/ID Split Internet Provider Z Provider D 10.1.1.0/24 Provider C 15/8 10/8 10.1.1.0/24 15/8 Provider W Provider H Provider G Provider X Provider A Provider Y 12.0.0.0/8 Provider B 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 15.0.0.0/8 R1 R2 R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, can get de-aggregated by multi-homing BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 6
LISP Overview What Pollutes the Internet Today? Before Loc/ID Split Internet Provider Z Provider D 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 10.1.1.0/24 15/8 Provider W Provider H Provider G Provider X Provider A Provider Y 12.0.0.0/8 Provider B 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 15.0.0.0/8 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 R1 R2 R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 7
LISP Overview Why does LISP solve this problem?  Locator/Identity Split creates a “Level of Indirection” by using two namespaces – hosts and locators  This level of indirection allows you to remove host prefixes from the underlying core (Internet) routing system and move them in another system (database): Think “DNS” here: DNS is a Name-to-IP Address lookup… LISP involves an host-to-locator lookup…  Isn‟t this just a case of “moving the problem”? Fast memory used in the “forwarding plane” of routers is very expensive (and consumers a lot of power) Server Memory is very cheap Moves problem from the “forwarding plane” to the “off-line control plane” where significantly greater scale at much lower cost can be achieved BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 8
LISP Overview Why does Locator/ID Separation solve this problem? Before Loc/ID Split Internet Provider Z Provider D 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 15/8 10.1.1.0/24 Some-Core-Rtr# show ip route bgp Provider W Provider H ---<skip>--- Provider G is 10.0.0.0/8 variably subnetted, 98 subnets, 6 masks B 10.0.0.0/8 [20/0] via 128.223.3.9, 3d19h B 10.1.1.0/24 [20/0] viaProvider X 3d19h 128.223.3.9, Provider A B Provider Y 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 12.0.0.0/8 Provider B ---<skip>--- 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 12.0.0.0/8 is variably subnetted, 29 subnets, 6 masks B 12.1.0.0/16 [20/0] via 128.223.3.9, 3d19h B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h ---<skip>--- 13.0.0.0/8 is variably subnetted, 13 subnets, 4 masks B 13.0.0.0/8 [20/0] via 128.223.3.9, 14:00:10 B 13.0.0.0/10 [20/0] via 128.223.3.9, 5d23h 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 ---<skip>--- 15.0.0.0/8 B 15.0.0.0/8 [20/0] via 128.223.3.9, 1d17h ---<skip>--- 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 many many more...... R1 R2 Some-Core-Rtr# R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 9
LISP Overview Why does Locator/ID Separation solve this problem? After New “EID” Namespace Loc/ID B 10.1.1.0/24 [20/0] via 128.223.3.9, 3d19h Split Internet Provider Z B 15.0.0.0/8 [20/0] via Provider D 1d17h 128.223.3.9, 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 15/8 10.1.1.0/24 Some-Core-Rtr# show ip route bgp Provider W Provider H ---<skip>--- Provider G is 10.0.0.0/8 variably subnetted, 98 subnets, 6 masks B 10.0.0.0/8 [20/0] via 128.223.3.9, 3d19h B 10.1.1.0/24 [20/0] viaProvider X 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 3d19h 128.223.3.9, Provider A Provider Y ---<skip>--- B 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 12.0.0.0/8 Provider B ---<skip>--- 12.0.0.0/8 is variably subnetted, 29 subnets, 6 masks 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 B 12.0.0.0/8 is variably via 128.223.3.9, 3d19h 6 masks 12.1.0.0/16 [20/0] subnetted, 29 subnets, B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h 12.1.0.0/16 ---<skip>--- B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h ---<skip>--- 13.0.0.0/8 is variably subnetted, 13 subnets, 4 masks B 13.0.0.0/8 is [20/0] via 128.223.3.9, subnets, 4 masks 13.0.0.0/8 variably subnetted, 13 14:00:10 B 13.0.0.0/10 [20/0] via 128.223.3.9, 14:00:10 13.0.0.0/8 [20/0] via 128.223.3.9, 5d23h ---<skip>--- B 13.0.0.0/10 [20/0] via 128.223.3.9, 5d23h 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 ---<skip>--- 15.0.0.0/8 B 15.0.0.0/8 [20/0] via 128.223.3.9, 1d17h ---<skip>--- 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 many many more...... R1 R2 Some-Core-Rtr# R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 10
LISP Overview Protocol Ground Rules and Attributes  Various Loc/ID split schemes have been studied for >15 years but no one implemented or tested any of them…  Cisco decided to put some effort into this and undertook the process of writing code and developing standards to test concepts.  The result is: LISP – the “Locator/ID Separation Protocol”  LISP “Attributes”  LISP “Ground Rules” Designed for router encapsulation Network-based solution Designed for Locator Reachability No host changes Support Unicast and Multicast Data No new addressing to site devices; Support for IPv4 IPv6 EIDs (hosts) and minimal configuration changes RLOCs (locators) Incrementally deployable; interoperable with existing Internet BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 11
LISP Overview LISP Header Format draft-ietf-lisp-07 Outer Header: Router supplies RLOCs UDP LISP header Inner Header: Host supplies EIDs BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 12
LISP Overview LISP Data Plane Concepts  Network-based “Map and Encap” approach Requires the fewest changes to existing systems – only the CPE No changes in hosts, DNS, or Core infrastructure New Mapping Service required for EID-to-RLOC mapping resolution 7. Application peer-to-peer communications 7. Application 6. Presentation 6. Presentation 5. Session 5. Session source destination host peer-to-peer communications host 4. Transport 4. Transport 3. Network (host) 3. Network (host) 3. Network (host) (LISP UDP) (LISP UDP) (LISP UDP) 3. Network (host) 3. Network (LISP) 3. Network (LISP) 3. Network (LISP) 3. Network (host) 2. Data Link 2. Data Link 2. Data Link 2. Data Link 2. Data Link 1. Physical 1. Physical 1. Physical 1. Physical 1. Physical LISP LISP En-cap ITR ETR De-cap Internet packets packets BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 13
LISP Overview MTU Issues?  Like all other encapsulation or tunneling protocols, LISP adds to the packet length, resulting in potential fragmentation issues  Three methods are accounted for in the specification 1. “Don‟t Care” – Avoid fragmentation, don‟t do PMTUD, and assume Core MTU is always greater than access MTU 2. Stateless – ITR fragments, then encapsulates; destination host reassembles 3. Stateful – Avoid fragmentation; run PMTUD between ITR and ETR  Experience shows which mechanisms are necessary Years of experience with IPSec and GRE can inform decisions and approaches for LISP deployment BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 14
LISP Overview LISP and MTU…  See additional details about MTU in the “Additional Material” section at the end of this presentation BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 15
LISP Overview Now that we have LISP, what else can we do?  Level of Indirection allows us to: Keep either the EID fixed while changing the RLOC Create separate namespace with different allocation properties  By keeping EIDs fixed… You don‟t have to renumber You can keep TCP connections established across moves  By allowing RLOCs to change… Now sites can change service providers Now hosts can move Roaming hand-sets Relocating Virtual Machines Relocating Infrastructure into a Cloud  More on this later in the “Use Cases” section… BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 16
LISP Operations Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
LISP Operations LISP Components – Ingress/Egress Tunnel Router (xTR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR ITR – Ingress Tunnel Router ETR – Egress Tunnel Router • Receives packets from site-facing • Receives packets from core-facing interfaces interfaces • Encaps to remote LISP site or natively • De-caps and delivers to local EIDs at forwards to non-LISP site the site BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 18
LISP Operations Data Plane – Overview  On-Demand, Cache-based The FIB only contains active map-cache entries  Dynamic Encapsulation No hard tunnel state like GRE  Over-the-Top (CE-based) The “core network” (I.e. Internet) doesn‟t see LISP at Layer 3 BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 19
LISP Operations Data Plane Example – Unicast Packet Forwarding PI EID-prefix PI EID-prefix 2.0.0.0/24 3.0.0.0/24 ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 2.0.0.2 -> 3.0.0.3 11.0.0.1 -> 12.0.0.2 11.0.0.1 -> 12.0.0.2 DNS entry: 2.0.0.2 -> 3.0.0.3 2.0.0.2 -> 3.0.0.3 2.0.0.2 -> 3.0.0.3 D.abc.com A 3.0.0.3 EID-prefix: 3.0.0.0/24 Legend: Mapping Locator-set: EIDs -> Green Entry 12.0.0.2, priority: 1, weight: 50 (D1) This policy controlled Locators -> Red Physical link 13.0.0.2, priority: 1, weight: 50 (D2) by destination site BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 20
LISP Operations Control Plane – Overview  Distributed “Mapping Database” and “Map Cache”  Map-Servers and Map-Resolvers Provide the service interface for LISP sites into the mapping database  LISP+ALT Designed for a modular, scalable mapping service BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 21
LISP Operations LISP Components – Map-Server/Map-Resolver (MS/MR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR MR – Map-Resolver MS – Map-Server • Receives Map-Request encapsulated • LISP ETRs Register here; requires from ITR configured “lisp site” policy, key • De-caps Map-Request, forwards thru • Injects routes for registered LISP sites service interface onto the ALT topology into ALT thru ALT service interface • Sends Negative Map-Replies in response • Receives Map-Requests via ALT; en- to Map-Requests for non-LISP sites caps Map-Requests to registered ETRs BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 22
LISP Operations LISP Components – LISP-ALT Topology (ALT) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 ITR ALT – Alternative 11.0.0.0/8 13.0.0.0/8 Topology ETR • Advertises EID-prefixes in Alternate BGP topology over GRE • Service interface for Map-Requests and Map-Replies • Devices with ALT service interface include: MS, MR, xTR, PxTR • ALT-only router aggregates ALT peering connections and can be off-the-shelf gear, a router, commodity Linux host, etc. BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 23
LISP Operations Control Plane – Mapping Database & Map Cache LISP Mapping-Database ALT ALT • EID-to-RLOC mappings in all ETRs for each LISP site • ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs MR ALT ALT MS • ETRs can tailor policy based on Map-Request source ITR ETR Provider A Provider X • Decentralization increases attack resiliency S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR LISP Map Cache • “Lives” on ITRs • Map-Cache populated by Map-Replies from ETRs • Stored in ITRs – only for sites to which they are currently sending packets • ITRs must respect policy of Map-Reply mapping data including TTLs, RLOC up/down status, RLOC priorities/weights BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 24
LISP Operations Control Plane – Control Plane Mechanisms  Control Plane EID Registration Map-Register messages Sent by an ETR to a Map-Server to register its associated EID prefixes Specifies the RLOC(s) to be used by the Map-Server when forwarding Map-Requests to the ETR  Control Plane “Data-triggered” mapping service Map-Request messages Sent from an ITR when it needs an EID mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration Map-Reply messages Sent from an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress Policy for the requested EID BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 25
LISP Operations Control Plane Example – ETR Registration Other 3/8 sites… ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 12.0.0.2-> 66.2.2.2 LISP Map-Register [1] (udp 4342) 3.0.0.0/8 3.0.0.0/8 SHA-1 [3] MS advertises [2] ALT advertise throughout into ALT Including to BGP over GRE Legend: EIDs -> Green Map-Resolver Locators -> Red BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 26
LISP Operations Control Plane Example – Map Request ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 2.0.0.2 -> 3.0.0.3 How do I get DNS entry: to 3.0.0.3? [2] [3] [4] 11.0.0.1 -> 65.1.1.1 66.2.2.2 -> 12.0.0.2 D.abc.com A 3.0.0.3 LISP ECM 11.0.0.1 -> 3.0.0.3 LISP ECM (udp 4342) Map-Request (udp 4342) [5] (udp 4342) 11.0.0.1 -> 3.0.0.3 11.0.0.1 -> 3.0.0.3 Legend: nonce Map-Request Map-Request EIDs -> Green [1] (udp 4342) (udp 4342) Locators -> Red nonce nonce BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 27
LISP Operations Control Plane Example – Map Reply ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR EID-prefix: 3.0.0.0/24 12.0.0.2 ->11.0.0.1 Mapping Locator-set: Map-Reply [6] (udp 4342) Entry 12.0.0.2, priority: 1, weight: 50 (D1) nonce Legend: EIDs -> Green 13.0.0.2, priority: 1, weight: 50 (D2) 3.0.0.0/24 Locators -> Red 12.0.0.2 [1, 50] 13.0.0.2 [1, 50] BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 28
LISP Operations Locator Liveliness fix  Today if a connection goes down, the route for that connection point is withdrawn from the underlying routing table Without  As consequence of adding the “level of indirection” with LISP, we no longer have direct access to “end-point” liveliness EIDs are removed from DFZ and placed in “”off-line” control plane  Thus, we need new mechanisms to provide liveliness information BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 29
LISP Operations Locator Liveliness  We need a way to quickly detect when an RLOC is down to provide fast switchover…  We need recent up-status for an RLOC so that the switchover picks a working path… Existence of a route to an RLOC does not give up-status Requires a keep-alive mechanisms S1 D1 S S2 ? D2 D  Data Plane vs. Control Plane “N” times “M” control plane messages does not scale Determine the best approach for fast switchover Trade off message overhead vs. fast convergence BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 30
LISP Operations Locator Liveliness Solves More  Use the Routing Table when you can Scalability Cases  Use ICMP if you can In the data plane  Use Locator-Status-Bits (LSB) In the data plane  Use Echo-Nonce In the data plane for RLOC bi-directional flows  Use TCP-Counts Trade off message overhead vs. fast  Use RLOC-Probing In the control plane, from each source-site to each destination-site ETR BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 31
LISP Overview Locator Liveliness  See additional details about Locator Liveliness in the “Additional Material” section at the end of this presentation BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 32
LISP Operations Interworking Mechanisms  Early Recognition – LISP will not be widely deployed day-one  Interworking for: LISP-capable sites to non-LISP sites (i.e. the rest of the Internet) non-LISP sites to LISP-capable sites  Two basic Techniques LISP Network Address Translators (LISP-NAT) Proxy Ingress Tunnel Routers Proxy Egress Tunnel Routers  Proxy-ITR/Proxy-ETR have the most promise Infrastructure LISP network entity Creates a monetized service opportunity for infrastructure players BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 33
LISP Operations LISP Components – Proxy ITR/ETR (PITR/PETR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR PITR – Proxy ITR PETR – Proxy ETR • Receives traffic from non-LISP sites; • Allows IPv6 LISP sites with IPv4 RLOCs encapsulates traffic to LISP sites to reach IPv6 LISP sites that only have • Advertises coarse-aggregate EID prefixes IPv6 RLOCs • LISP sites see benefits of ingress TE • Allows LISP sites with uRPF restrictions “day-one” to reach non-LISP sites BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 34
LISP Operations Interworking Mechanisms – PITR Example [1] [2] 65.1.1.1 - 2.1.1.1 65.9.1.1 - 66.1.1.1 65.1.1.1 - 2.1.1.1 Non-LISP EID Non-LISP LISP Site 2.1.0.0/16 Site Site 65.1.0.0/16 PITR BGP Advertise: 2.0.0.0/8 Non-LISP PITR Non-LISP LISP EID Site BGP Advertise: Site Site 2.2.0.0/16 65.2.0.0/16 2.0.0.0/8 65.0.0.0/12 66.0.0.0/12 PITR BGP Advertise: Non-LISP 2.0.0.0/8 Non-LISP Internet LISP EID Site Site [3] Site 2.3.0.0/16 65.3.0.0/16 65.1.1.1 - 2.1.1.1 Legend: LISP Sites - EIDs non-LISP Sites - RLOCs Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 35
LISP Operations Interworking Mechanisms – PETR Example [2] [1] 65.10.1.1 - 66.1.1.1 ip lisp use-petr 65.10.1.1 65.1.1.1 - 2.1.1.1 65.1.1.1 - 2.1.1.1 Non-LISP EID Non-LISP LISP Site 2.1.0.0/16 65.1.0.0/16 Site PETR Site Non-LISP PITR Non-LISP LISP EID Site BGP Advertise: Site Site 2.2.0.0/16 65.2.0.0/16 2.0.0.0/8 65.0.0.0/12 66.0.0.0/12 PITR BGP Advertise: Non-LISP 2.0.0.0/8 Non-LISP Internet LISP EID Site Site Site 2.3.0.0/16 65.3.0.0/16 [3] [4] 65.1.1.1 - 2.1.1.1 65.9.2.1 - 66.1.1.1 65.1.1.1 - 2.1.1.1 Legend: LISP Sites - EIDs non-LISP Sites - RLOCs Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 36
LISP Operations Practical Security Mechanisms  ETRs… SHA-1 HMAC shared-key authentication between ETR and Map-Server to register EIDs into the mapping system Additional policy and security configured on map-server  ITRs… Will not accept unsolicited Map-Replies, and only accepts a Map-Reply that matches Map-Request nonce Will not accept coarser EID-prefixes  ALT BGP is secured with peer authentication sBGP can be added later when implement  Others… Map-Requests rate-limited Map-Replies could carry public keys ITR could encrypt encapsulated data with ESP headers BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 37
LISP Operations Management of LISP  Data Plane Management Ping, traceroute of EIDs S1 D1 Ping, traceroute of RLOCs S2 D2  Control Plane Management LISP Internet Groper (LIG) (like “dig” for DNS)  Device Management show and debug commands MIB coming… BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 38
LISP Operations Management of LISP  LISP Internet Groper (LIG) Fetches an EID-to-RLOC database mapping entry Both router and host lig implementations available titanium-dino# lig dmm-xtr-2.lisp4.net Send map-request to 128.223.156.35 for 153.16.12.1 ... Received map-reply from 128.223.156.23 with rtt 0.040508 secs Map-cache entry for dmm-xtr-2.lisp4.net EID 153.16.12.1: 153.16.12.0/24, uptime: 00:00:01, expires: 23:59:58, via map-reply, auth Locator Uptime State Priority/ Data Control Weight in/out in/out 128.223.156.23 00:00:01 up 1/100 0/0 0/0 titanium-dino# lig self6 Send loopback map-request to 128.223.156.35 for 2610:d0:2105:: ... Received map-reply from 173.8.188.25 with rtt 0.260715 secs Map-cache entry for EID 2610:d0:2105::: 2610:d0:2105::/48, uptime: 00:00:01, expires: 23:59:58, via map-reply, self Locator Uptime State Priority/ Data Control Weight in/out in/out 173.8.188.25 00:00:01 up 1/33 0/0 0/0 173.8.188.26 00:00:01 up 1/33 0/0 0/0 173.8.188.27 00:00:01 up 1/33 0/0 0/0 2002:ad08:bc19::1 00:00:01 up 2/0 0/0 0/0 BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 39
LISP Operations Management of LISP xTR(config)# ip lisp ? alt-vrf Activate LISP-ALT functionality in VRF database-mapping Configures Locator addresses for an ETR etr Configures a LISP Egress Tunnel Router (ETR) itr Configures a LISP Ingress Tunnel Router (ITR) locator-down Manually set locator status to down map-cache Configures static EID-to-RLOC mappings for an ITR map-cache-limit Configures maximum size of map-cache map-request-source Configures source address for Map-Request message path-mtu-discovery Path MTU discovery proxy-etr Configures a LISP Proxy Engress Tunnel Router (PETR) proxy-itr Configures a LISP Proxy Ingress Tunnel Router (PITR) use-petr Encapsulate to Proxy ETR when matching forward-native entry xTR# show ip lisp ? database Show EID-prefixes configured for this site forwarding LISP forwarding module show commands map-cache Display EID-to-RLOC cache mapping in this ITR statistics Display LISP address family statistics | Output modifiers cr xTR# debug lisp ? control-plane LISP control plane debug categories detail Enable LISP detailed debugging filter Specify a filter for LISP debug output forwarding LISP forwarding related debug commands BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 40
LISP Example Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! interface Loopback0 ip address 153.16.21.1 255.255.255.255 ! interface FastEthernet0/0 ip address 128.223.156.222 255.255.255.0 ! interface FastEthernet0/0/0 ip address 153.16.21.17 255.255.255.240 ! ip lisp database-mapping 153.16.21.0/24 128.223.156.222 priority 1 weight 100 ip lisp itr map-resolver 128.223.156.139 ip lisp itr ip lisp etr map-server 128.223.156.139 key 6 #%$^%## ip lisp etr ! ip route 0.0.0.0 0.0.0.0 128.223.156.1 ! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 42
LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! interface Loopback0 ip address 153.16.40.1 255.255.255.255 ! interface FastEthernet0/0 ip address 217.41.8.65 255.255.255.0 ! interface FastEthernet0/0/0 ip address 153.16.40.2 255.255.255.240 ! ip lisp database-mapping 153.16.40.0/24 217.41.88.65 priority 1 weight 100 ip lisp itr map-resolver 193.0.0.170 ip lisp itr ip lisp etr map-server 193.0.0.170 key 6 #%$^%## ip lisp etr ! ip route 0.0.0.0 0.0.0.0 217.41.88.1 ! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 43
LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! hostname arin-mrmr ! ---skip--- ! lisp site dmm-isr hostname ripe-mrmr eid-prefix 153.16.21.0/24 route-tag 1234567890 ! authentication-key 3 #%$^%## ---skip--- description dmm-isr lisp site simlo ! eid-prefix 153.16.40.0/24 route-tag 1234567890 ---skip--- authentication-key 3 #%$^%## description simlo ! ---skip--- BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 44
LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# show ip lisp database LISP ETR IPv4 Mapping Database, LSBs: 0x1 EID-prefix: 153.16.21.0/28 128.223.156.222, priority: 1, weight: 100, state: up, local dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 1 entries 0.0.0.0/0, uptime: 00:01:15, expires: never, via static dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 45
LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR dmm-isr# show ip lisp site dmm-isr LISP Site Registration Information for VRF default * = truncated IPv6 address 128.223.156.139 153.16.40.0/24 Site name: dmm-isr 153.16.21.0/24 Description: none configured Allowed configured locators: any 193.0.0.170 Allowed EID-prefixes: EID-prefix: 2610:d0:1209::/48 Currently registered: yes First registered: 1w5d Last registered: 00:00:17 Who last registered: 128.223.156.222 Routing table tag: 0x499602d2 Registered locators: 128.223.156.222 (up) EID-prefix: 153.16.21.0/28 Currently registered: yes First registered: 1w5d Last registered: 00:00:17 Who last registered: 128.223.156.222 Routing table tag: 0x499602d2 Registered locators: 128.223.156.222 (up) dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 46
LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# lig self Mapping information for EID 153.16.21.0 from 128.223.156.222 with RTT 0 msecs 153.16.21.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:00 up 1/100 dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 2 entries 0.0.0.0/0, uptime: 00:01:15, expires: never, via static 153.16.21.0/24, uptime: 00:00:02, expires: 23:59:57, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:02 up 1/100 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 47
LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# lig 153.16.40.1 Mapping information for EID 153.16.40.1 from 217.41.88.65 with RTT 404 msecs 153.16.40.0/24, uptime: 00:00:00, expires: 1d00h, via map-reply, complete Locator Uptime State Pri/Wgt 217.41.88.65 00:00:00 up 1/100 dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 3 entries 0.0.0.0/0, uptime: 00:00:13, expires: never, via static 153.16.21.0/24, uptime: 00:00:10, expires: 23:59:49, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:10 up 1/100 153.16.40.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt 217.41.88.65 00:00:00 up 1/100 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 48
LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# show ip lisp Ingress Tunnel Router (ITR): enabled Egress Tunnel Router (ETR): enabled ITR Map-Resolver: 128.223.156.139 ETR Map-Server(s): 128.223.156.139 (00:00:07) ETR accept mapping data: enabled, verify enabled ETR map-cache TTL: 24 hours Locator Status Algorithms: RLOC-probe algorithm: enabled Static mappings configured: 0 Map-cache limit: 1000 Map-cache activity check period: 60 secs Map-cache size: 3 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 49
LISP Use Cases Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
LISP Use Cases Enterprise Use Case 1 – Low OpEx Multi-Homing  Active/active multi-homing Low-OpEx switchover (no BGP)  More efficient bandwidth use by site Use all the bandwidth you pay for Provider A Provider B 10.0.0.0/8 11.0.0.0/8  New link revenue for ISP At the benefit of keeping site‟s routes out of their resources  Decoupling addressing from ISP S1 S2 Site has flexibility to change providers 2.0.0.0/8 Raises the bar for ISPs, better for consumer sites BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 51
LISP Use Cases Enterprise Use Case 2 – Dynamic Roaming and VPNs Engineering is using global PI addresses Boston San Francisco Engineering Marketing Core is using global 2.1.0.0/16 10.2.0.0/16 PA addresses Enterprise Core 65.0.0.0/8 Los Angeles New York Engineering Marketing 2.2.0.0/16 10.1.0.0/16 65.5.1.1 65.5.2.2 Marketing is using 2.2.0.0/16 - Dallas private addresses (65.4.1.1, 65.4.2.2) (65.5.1.1, 65.5.2.2) Engineering Dynamic creation of a site is 2.2.0.0/16 An engineering site moves done by simply registering EID-to-RLOC mapping to the Mapping Database System BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 52
LISP Use Cases Service Provider Use Case 1 – Multi-Family Address Support  The Internet core is not dual-stack, deal with it IPv6-only Site IPv6-only Site 2610:d0:1::/48 2610:d0:2::/48 IPv4 Internet Core LISP Site LISP Site PxTR PxTR Dual Stack Dual Stack Dual-Stack ISP 240.1.0.0/16 65.4.0.0/16 2610:d0:1::/48 2001:1:2::/48 LISP Site Non-LISP Site TCP-over-IPv6 Connection dino-unix.lisp6.net ipv6.google.com BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 53
LISP Use Cases Service Provider Use Case 2 – Multi-Family Address Support  A possible cable company… IPv6 core; They can‟t upgrade residential on IPv4 IPv4-only Server Site IPv6 Cable Core Network IPv4-only 2.1.0.0/16 Residential Site LISP Site 192.168.1.0/24 PxTR LISP Site PxTR IPv4-only Dual-Stack Region Server Site 65.4.0.0/16 Non-LISP Site IPv6 path IPv4 path BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 54
LISP Use Cases Data Center Use Case 1 – Virtual Machine Mobility 2.2.0.0/16 - A’ 3.1.1.1/32 - A’ 3.1.0.0/16 - A Data Center RLOC A RLOC A’ A A’ 3.1.1.254/24 3.1.11.254/24 2.2.2.254/24 2.2.22.254/24 S1 S2 S3 S4 3.1.1.1/24 3.1.11.2/24 2.2.2.3/24 2.2.22.4/24 S1 moves L3 Router LISP Router BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 55
LISP Use Cases Data Center Use Case 2 – Load Balancing the SLBs Array of Servers VIPs Array of SLBs EIDs - RLOC-sets ETR ETR ETR ETR ITR ITR ITR Data Center ITR VIPs are EIDs Internet L3 Router LISP Router Any brand Server Load Balancer Servers BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 56
LISP Use Cases LISP Mobile Code Use Case –  What if 2 Mobile Hand-sets could roam and keep a TCP connection established?  What if 2 Mobile Hand-sets could LISP-encapsulate to each other with a path-stretch of 1?  What if you could put up server functionality on your Mobile Hand-set?  What if your Mobile Hand-set could use all radios at the same time? BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 57
LISP Use Cases LISP Mobile Code Use Case – This is a LISP site! EID-prefix: 2001:xxxx:yyyy::1/128 wifi 64.0.0.1 Map-Server: 64.1.1.1 3G 65.0.0.1 Can set ingress packet policy! Green x.x.x.x - EID Red x.x.x.x - Locator (RLOC) BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 58
LISP Use Cases LISP Mobile Code Use Case –  Run lightweight variant of LISP on the MN draft-meyer-lisp-mn-01.txt  EID can be burned into the SIM Can be either an IPv4 or probably an IPv6 address Will be yours forever – it‟s your “Network Name”  Your DHCP address is your MN‟s RLOC  MN carries Map-Server RLOC while roaming  When you get a new DHCP address: Register the new RLOC(s) to Map-Server(es) Update ITR/PITR caches BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 59
LISP Use Cases LISP Mobile Code Use Case – Can it scale?  Leave RLOCs alone, they map to underlying physical topology There is absolutely no more-specific state in the core for LISP MNs (or any other LISP site for that matter…)  LISP MN EID more-specific state only in Map-Server Map-Server is control-plane home agent Map-Server already has covering route; no more-specifics in the ALT  The only other place for more-specific state is in devices that cache (ITRs and PITRs) How bad can this be? BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 60
LISP Use Cases LISP Mobile Code Use Case – Back-of-the-Envelop Calculation  Assume a map-cache entry is 1000-bytes • 1000-bytes is fairly fat and can be optimized  1M entries (LISP MNs) per ITR requires 1GB of memory (cheap!)  10M entries (LISP MNs) requires 10GB of memory (simple!)  Deploy 100 ITRs at 10M entries each – that‟s 1B LISP MNs 100 ITRs is not unreasonable since good use-experience forces shortest exit Each ITR can hold 10M phones!  This is achievable since granular state is only where you need it and no where else! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 61
LISP Initiatives Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
LISP Initiatives Standardization Status Fall 2008 1st IETF WG 2nd BOF San Francisco Minneapolis IETF 2nd IETF WG Oct 2006: 2007 Summer 2008 Stockholm IAB Routing WS LISP in RRG 1st BOF Dublin IETF 3rd IETF WG Hiroshima 2006 2007 2008 2009 2010 Spring 2009: Fall 2010: More Drafts IETF WG Completes Jan 2007: June 2007: Fall 2007: LISP-MS Beijing First Drafts 2nd Set Drafts 3rd Set Drafts LISP-LIG Main LISP LISP-ALT LISP-IW LISP-CONS Summer 2009: Summer 2009: LISP-NERD LISP-MN Loc-Reach-Algs Implemented RRG Effort IETF Effort BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 63
LISP Initiatives What’s Cisco Doing in LISP?  Cisco LISP Prototype Implementation Started at Prague IETF, Mar 07; Deployed Pilot Network, July 07 Since then, 220 releases of experimental code  Cisco LISP Product Implementations Phase 1 (December 24, 2009) − ISR, ISR-G2, 7200 (xTR) Phase 2 (March 31, 2010) − ISR, ISR-G2, 7200 (xTR, PxTR, ALT) [IOS 15.1(1)XB1] − ASR 1000 (xTR, PxTR, ALT) [IOS-XE 2.5.1] Available Now! − Nexus 7000 (xTR, PxTR, MS/MR) [NX-OS 5.1(1.13)] − UCS C200 (MS/MR) [NX-OS 5.1(1.13)] Phase 3 (June 30, 2010) • External LISP Efforts − More LISP! – FreeBSD OpenLISP http://gforge.info.ucl.ac.be/projects/openlisp/ – Open Source LIG Diagnostic Tool http://www.github.com/davidmeyer/lig BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 64
LISP Initiatives LISP Network – Goals for the LISP Network  Conduct Experiments Provide course-adjustments for protocol architecture  Test Multiple Implementations  Prove ALT Topology maps to EID Address Allocation Delegations  Emulate MSP Business Models  Protocol Learning Tool for Users  Test bed for building Management Tools BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 65
BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 66
BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 67
LISP Initiatives LISP Network – Gaining LISP management experience BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 68
Summary Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3
10 fn tut3

Recomendados

S21 all
S21 allS21 all
S21 allAlexander Li
 
10 fn s21
10 fn s2110 fn s21
10 fn s21Scott Foster
 
10 fn tut2
10 fn tut210 fn tut2
10 fn tut2Scott Foster
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
Carrier Ethernet
Carrier EthernetCarrier Ethernet
Carrier Ethernetrjain51
 
Building managedprivatecloud kvh_vancouversummit
Building managedprivatecloud kvh_vancouversummitBuilding managedprivatecloud kvh_vancouversummit
Building managedprivatecloud kvh_vancouversummitmatsunota
 
GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...
GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...
GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...Neo4j
 
MULTI-STATE OR RECONFIGURABLE RADIO SOLUTIONS
MULTI-STATE OR RECONFIGURABLE RADIO SOLUTIONSMULTI-STATE OR RECONFIGURABLE RADIO SOLUTIONS
MULTI-STATE OR RECONFIGURABLE RADIO SOLUTIONSddslideshare99
 

Recomendados

S21 all
S21 allS21 all
S21 allAlexander Li
 
10 fn s21
10 fn s2110 fn s21
10 fn s21Scott Foster
 
10 fn tut2
10 fn tut210 fn tut2
10 fn tut2Scott Foster
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
Carrier Ethernet
Carrier EthernetCarrier Ethernet
Carrier Ethernetrjain51
 
Building managedprivatecloud kvh_vancouversummit
Building managedprivatecloud kvh_vancouversummitBuilding managedprivatecloud kvh_vancouversummit
Building managedprivatecloud kvh_vancouversummitmatsunota
 
GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...
GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...
GraphTour 2020 - BT: Use of Graph Database in P2P / P2MP Connectivity for Vid...Neo4j
 
MULTI-STATE OR RECONFIGURABLE RADIO SOLUTIONS
MULTI-STATE OR RECONFIGURABLE RADIO SOLUTIONSMULTI-STATE OR RECONFIGURABLE RADIO SOLUTIONS
MULTI-STATE OR RECONFIGURABLE RADIO SOLUTIONSddslideshare99
 
Dth Technology
Dth TechnologyDth Technology
Dth TechnologyCookson Electronics _ Alpha
 
MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media Servers
MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media ServersMWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media Servers
MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media ServersDialogic Inc.
 
Radisys cell engine solutions
Radisys cell engine solutionsRadisys cell engine solutions
Radisys cell engine solutionsRadisys Corporation
 
Getting Started with WebRTC
Getting Started with WebRTCGetting Started with WebRTC
Getting Started with WebRTCChad Hart
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunityxKinAnx
 
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming Replication
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming ReplicationBuilding Tungsten Clusters with PostgreSQL Hot Standby and Streaming Replication
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming ReplicationLinas Virbalas
 
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and HortonworksPowering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and HortonworksHortonworks
 
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PROIDEA
 
Green growth and network quality in a high-growth market - Martin Backstrom -...
Green growth and network quality in a high-growth market - Martin Backstrom -...Green growth and network quality in a high-growth market - Martin Backstrom -...
Green growth and network quality in a high-growth market - Martin Backstrom -...Ericsson France
 
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretas
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretasExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretas
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretasInside_Marketing
 
Design Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDesign Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDVClub
 
Design verification--the-past-present-and-future
Design verification--the-past-present-and-futureDesign verification--the-past-present-and-future
Design verification--the-past-present-and-futureObsidian Software
 
Hybrid FM / Internet Radio
Hybrid FM / Internet RadioHybrid FM / Internet Radio
Hybrid FM / Internet RadioFrancois Lefebvre
 
Concevoir et déployer vos applications a base de microservices sur Cloud Foundry
Concevoir et déployer vos applications a base de microservices sur Cloud FoundryConcevoir et déployer vos applications a base de microservices sur Cloud Foundry
Concevoir et déployer vos applications a base de microservices sur Cloud FoundryVMware Tanzu
 
Service Oriented Architecture (SOA) for the Broadcast Industry
Service Oriented Architecture (SOA) for the Broadcast IndustryService Oriented Architecture (SOA) for the Broadcast Industry
Service Oriented Architecture (SOA) for the Broadcast IndustryMarie Josée (MJ) Drouin
 
IPv6 Progress and Challenge in Chunghwa Telecom
IPv6 Progress and Challenge in Chunghwa TelecomIPv6 Progress and Challenge in Chunghwa Telecom
IPv6 Progress and Challenge in Chunghwa TelecomAPNIC
 
Verizon service delivery ecosystem 2010 bbwf
Verizon service delivery ecosystem 2010 bbwfVerizon service delivery ecosystem 2010 bbwf
Verizon service delivery ecosystem 2010 bbwfAlan Quayle
 
Expectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkExpectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkOpen Networking Summits
 
Cloud Foundry Diego, Lattice, Docker and more
Cloud Foundry Diego, Lattice, Docker and moreCloud Foundry Diego, Lattice, Docker and more
Cloud Foundry Diego, Lattice, Docker and morecornelia davis
 
Fully Scalable Networking with MidoNet
Fully Scalable Networking with MidoNetFully Scalable Networking with MidoNet
Fully Scalable Networking with MidoNetSandro Mathys
 
10 fn tut1
10 fn tut110 fn tut1
10 fn tut1Scott Foster
 
10 fn s48
10 fn s4810 fn s48
10 fn s48Scott Foster
 

Más contenido relacionado

Similar a 10 fn tut3

MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media Servers
MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media ServersMWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media Servers
MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media ServersDialogic Inc.
 
Getting Started with WebRTC
Getting Started with WebRTCGetting Started with WebRTC
Getting Started with WebRTCChad Hart
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunityxKinAnx
 
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming Replication
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming ReplicationBuilding Tungsten Clusters with PostgreSQL Hot Standby and Streaming Replication
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming ReplicationLinas Virbalas
 
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and HortonworksPowering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and HortonworksHortonworks
 
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PROIDEA
 
Green growth and network quality in a high-growth market - Martin Backstrom -...
Green growth and network quality in a high-growth market - Martin Backstrom -...Green growth and network quality in a high-growth market - Martin Backstrom -...
Green growth and network quality in a high-growth market - Martin Backstrom -...Ericsson France
 
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretas
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretasExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretas
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretasInside_Marketing
 
Design Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDesign Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDVClub
 
Design verification--the-past-present-and-future
Design verification--the-past-present-and-futureDesign verification--the-past-present-and-future
Design verification--the-past-present-and-futureObsidian Software
 
Concevoir et déployer vos applications a base de microservices sur Cloud Foundry
Concevoir et déployer vos applications a base de microservices sur Cloud FoundryConcevoir et déployer vos applications a base de microservices sur Cloud Foundry
Concevoir et déployer vos applications a base de microservices sur Cloud FoundryVMware Tanzu
 
Service Oriented Architecture (SOA) for the Broadcast Industry
Service Oriented Architecture (SOA) for the Broadcast IndustryService Oriented Architecture (SOA) for the Broadcast Industry
Service Oriented Architecture (SOA) for the Broadcast IndustryMarie Josée (MJ) Drouin
 
IPv6 Progress and Challenge in Chunghwa Telecom
IPv6 Progress and Challenge in Chunghwa TelecomIPv6 Progress and Challenge in Chunghwa Telecom
IPv6 Progress and Challenge in Chunghwa TelecomAPNIC
 
Verizon service delivery ecosystem 2010 bbwf
Verizon service delivery ecosystem 2010 bbwfVerizon service delivery ecosystem 2010 bbwf
Verizon service delivery ecosystem 2010 bbwfAlan Quayle
 
Expectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkExpectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkOpen Networking Summits
 
Cloud Foundry Diego, Lattice, Docker and more
Cloud Foundry Diego, Lattice, Docker and moreCloud Foundry Diego, Lattice, Docker and more
Cloud Foundry Diego, Lattice, Docker and morecornelia davis
 
Fully Scalable Networking with MidoNet
Fully Scalable Networking with MidoNetFully Scalable Networking with MidoNet
Fully Scalable Networking with MidoNetSandro Mathys
 

Similar a 10 fn tut3 (20)

Dth Technology
Dth TechnologyDth Technology
Dth Technology
 
MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media Servers
MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media ServersMWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media Servers
MWC Barcelona WebRTC Meetup 2015 - Scaling WebRTC with Media Servers
 
Radisys cell engine solutions
Radisys cell engine solutionsRadisys cell engine solutions
Radisys cell engine solutions
 
Getting Started with WebRTC
Getting Started with WebRTCGetting Started with WebRTC
Getting Started with WebRTC
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunity
 
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming Replication
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming ReplicationBuilding Tungsten Clusters with PostgreSQL Hot Standby and Streaming Replication
Building Tungsten Clusters with PostgreSQL Hot Standby and Streaming Replication
 
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and HortonworksPowering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
 
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
PLNOG 6: Henk Bruijns - Enabling Cloud Providers with Converged Infrastructure
 
Green growth and network quality in a high-growth market - Martin Backstrom -...
Green growth and network quality in a high-growth market - Martin Backstrom -...Green growth and network quality in a high-growth market - Martin Backstrom -...
Green growth and network quality in a high-growth market - Martin Backstrom -...
 
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretas
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretasExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretas
ExpoCloud2013 - Cloud flexible: Un enfoque práctico con soluciones concretas
 
Design Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDesign Verification: The Past, Present and Futurere
Design Verification: The Past, Present and Futurere
 
Design verification--the-past-present-and-future
Design verification--the-past-present-and-futureDesign verification--the-past-present-and-future
Design verification--the-past-present-and-future
 
Hybrid FM / Internet Radio
Hybrid FM / Internet RadioHybrid FM / Internet Radio
Hybrid FM / Internet Radio
 
Concevoir et déployer vos applications a base de microservices sur Cloud Foundry
Concevoir et déployer vos applications a base de microservices sur Cloud FoundryConcevoir et déployer vos applications a base de microservices sur Cloud Foundry
Concevoir et déployer vos applications a base de microservices sur Cloud Foundry
 
Service Oriented Architecture (SOA) for the Broadcast Industry
Service Oriented Architecture (SOA) for the Broadcast IndustryService Oriented Architecture (SOA) for the Broadcast Industry
Service Oriented Architecture (SOA) for the Broadcast Industry
 
IPv6 Progress and Challenge in Chunghwa Telecom
IPv6 Progress and Challenge in Chunghwa TelecomIPv6 Progress and Challenge in Chunghwa Telecom
IPv6 Progress and Challenge in Chunghwa Telecom
 
Verizon service delivery ecosystem 2010 bbwf
Verizon service delivery ecosystem 2010 bbwfVerizon service delivery ecosystem 2010 bbwf
Verizon service delivery ecosystem 2010 bbwf
 
Expectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkExpectation for SDN as Carrier's Network
Expectation for SDN as Carrier's Network
 
Cloud Foundry Diego, Lattice, Docker and more
Cloud Foundry Diego, Lattice, Docker and moreCloud Foundry Diego, Lattice, Docker and more
Cloud Foundry Diego, Lattice, Docker and more
 
Fully Scalable Networking with MidoNet
Fully Scalable Networking with MidoNetFully Scalable Networking with MidoNet
Fully Scalable Networking with MidoNet
 

Más de Scott Foster

Más de Scott Foster (20)

10 fn tut1
10 fn tut110 fn tut1
10 fn tut1
 
10 fn s48
10 fn s4810 fn s48
10 fn s48
 
10 fn s47
10 fn s4710 fn s47
10 fn s47
 
10 fn s46
10 fn s4610 fn s46
10 fn s46
 
10 fn s45
10 fn s4510 fn s45
10 fn s45
 
10 fn s44
10 fn s4410 fn s44
10 fn s44
 
10 fn s43
10 fn s4310 fn s43
10 fn s43
 
10 fn s42
10 fn s4210 fn s42
10 fn s42
 
10 fn s40
10 fn s4010 fn s40
10 fn s40
 
10 fn s38
10 fn s3810 fn s38
10 fn s38
 
10 fn s37
10 fn s3710 fn s37
10 fn s37
 
10 fn s36
10 fn s3610 fn s36
10 fn s36
 
10 fn s35
10 fn s3510 fn s35
10 fn s35
 
10 fn s34
10 fn s3410 fn s34
10 fn s34
 
10 fn s33
10 fn s3310 fn s33
10 fn s33
 
10 fn s32
10 fn s3210 fn s32
10 fn s32
 
10 fn s31
10 fn s3110 fn s31
10 fn s31
 
10 fn s29
10 fn s2910 fn s29
10 fn s29
 
10 fn s28
10 fn s2810 fn s28
10 fn s28
 
10 fn s26
10 fn s2610 fn s26
10 fn s26
 

10 fn tut3

  • 1. LISP - A Next Generation Networking Architecture
  • 2. Session Objectives  At the end of this session, you should be able to: – Understand the scalability issues facing the Internet today – Describe how LISP helps solve key scaling issues, and enable interesting new functionalities – Describe the LISP data plane and control plane mechanisms – Understand the basic LISP configuration requirements – Understand Cisco‟s contributions and plans for LISP BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 2
  • 3. Agenda  LISP Overview  LISP Operations  LISP Example  LISP Use Cases  LISP Initiatives  LISP Summary  Additional Material BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 3
  • 4. LISP Overview Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  • 5. LISP Overview Why was LISP developed?  LISP originally conceived to address Internet Scaling What causes scaling issues? − IP addresses denote both location and identity today − Overloaded IP address semantic makes efficient routing impossible − IPv6 does not fix this Why are scaling issues bad? “… routing scalability is the most − Routers require tons of expensive memory important problem facing the Internet to hold the Internet Routing Table in the today and must be solved … ” forwarding plane of a router − It‟s expensive for network builders/operators Internet Architecture Board (IAB) October 2006 Workshop (written as RFC 4984) − Replacing equipment for the wrong reason (to hold the routing table rather than implementing new features…) − It‟s not environmentally GREEN  BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 5
  • 6. LISP Overview What Pollutes the Internet Today? Before Loc/ID Split Internet Provider Z Provider D 10.1.1.0/24 Provider C 15/8 10/8 10.1.1.0/24 15/8 Provider W Provider H Provider G Provider X Provider A Provider Y 12.0.0.0/8 Provider B 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 15.0.0.0/8 R1 R2 R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, can get de-aggregated by multi-homing BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 6
  • 7. LISP Overview What Pollutes the Internet Today? Before Loc/ID Split Internet Provider Z Provider D 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 10.1.1.0/24 15/8 Provider W Provider H Provider G Provider X Provider A Provider Y 12.0.0.0/8 Provider B 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 15.0.0.0/8 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 R1 R2 R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 7
  • 8. LISP Overview Why does LISP solve this problem?  Locator/Identity Split creates a “Level of Indirection” by using two namespaces – hosts and locators  This level of indirection allows you to remove host prefixes from the underlying core (Internet) routing system and move them in another system (database): Think “DNS” here: DNS is a Name-to-IP Address lookup… LISP involves an host-to-locator lookup…  Isn‟t this just a case of “moving the problem”? Fast memory used in the “forwarding plane” of routers is very expensive (and consumers a lot of power) Server Memory is very cheap Moves problem from the “forwarding plane” to the “off-line control plane” where significantly greater scale at much lower cost can be achieved BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 8
  • 9. LISP Overview Why does Locator/ID Separation solve this problem? Before Loc/ID Split Internet Provider Z Provider D 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 15/8 10.1.1.0/24 Some-Core-Rtr# show ip route bgp Provider W Provider H ---<skip>--- Provider G is 10.0.0.0/8 variably subnetted, 98 subnets, 6 masks B 10.0.0.0/8 [20/0] via 128.223.3.9, 3d19h B 10.1.1.0/24 [20/0] viaProvider X 3d19h 128.223.3.9, Provider A B Provider Y 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 12.0.0.0/8 Provider B ---<skip>--- 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 12.0.0.0/8 is variably subnetted, 29 subnets, 6 masks B 12.1.0.0/16 [20/0] via 128.223.3.9, 3d19h B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h ---<skip>--- 13.0.0.0/8 is variably subnetted, 13 subnets, 4 masks B 13.0.0.0/8 [20/0] via 128.223.3.9, 14:00:10 B 13.0.0.0/10 [20/0] via 128.223.3.9, 5d23h 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 ---<skip>--- 15.0.0.0/8 B 15.0.0.0/8 [20/0] via 128.223.3.9, 1d17h ---<skip>--- 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 many many more...... R1 R2 Some-Core-Rtr# R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 9
  • 10. LISP Overview Why does Locator/ID Separation solve this problem? After New “EID” Namespace Loc/ID B 10.1.1.0/24 [20/0] via 128.223.3.9, 3d19h Split Internet Provider Z B 15.0.0.0/8 [20/0] via Provider D 1d17h 128.223.3.9, 13/8 12/8 11/8 10.1.1.0/24 Provider C 15/8 10/8 15/8 10.1.1.0/24 Some-Core-Rtr# show ip route bgp Provider W Provider H ---<skip>--- Provider G is 10.0.0.0/8 variably subnetted, 98 subnets, 6 masks B 10.0.0.0/8 [20/0] via 128.223.3.9, 3d19h B 10.1.1.0/24 [20/0] viaProvider X 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 3d19h 128.223.3.9, Provider A Provider Y ---<skip>--- B 11.0.0.0/8 [20/0] via 128.223.3.9, 1d17h 12.0.0.0/8 Provider B ---<skip>--- 12.0.0.0/8 is variably subnetted, 29 subnets, 6 masks 10.0.0.0/8 13.0.0.0/8 11.0.0.0/8 B 12.0.0.0/8 is variably via 128.223.3.9, 3d19h 6 masks 12.1.0.0/16 [20/0] subnetted, 29 subnets, B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h 12.1.0.0/16 ---<skip>--- B 12.4.4.0/22 [20/0] via 128.223.3.9, 3d19h ---<skip>--- 13.0.0.0/8 is variably subnetted, 13 subnets, 4 masks B 13.0.0.0/8 is [20/0] via 128.223.3.9, subnets, 4 masks 13.0.0.0/8 variably subnetted, 13 14:00:10 B 13.0.0.0/10 [20/0] via 128.223.3.9, 14:00:10 13.0.0.0/8 [20/0] via 128.223.3.9, 5d23h ---<skip>--- B 13.0.0.0/10 [20/0] via 128.223.3.9, 5d23h 10.1.1.0/24 10.1.1.0/24 15.0.0.0/8 ---<skip>--- 15.0.0.0/8 B 15.0.0.0/8 [20/0] via 128.223.3.9, 1d17h ---<skip>--- 12.4.4.1/30 10.9.1.45/30 11.2.1.17/30 13.3.3.5/30 many many more...... R1 R2 Some-Core-Rtr# R1 R2 Provider Assigned Provider Independent (PA) (PI) 10.1.1.0/24 15.0.0.0/8 • Addresses at sites, both PA and PI, • Aggregates for infrastructure addresses can get de-aggregated by multi-homing (e.g. CE-PE links) get advertised as well BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 10
  • 11. LISP Overview Protocol Ground Rules and Attributes  Various Loc/ID split schemes have been studied for >15 years but no one implemented or tested any of them…  Cisco decided to put some effort into this and undertook the process of writing code and developing standards to test concepts.  The result is: LISP – the “Locator/ID Separation Protocol”  LISP “Attributes”  LISP “Ground Rules” Designed for router encapsulation Network-based solution Designed for Locator Reachability No host changes Support Unicast and Multicast Data No new addressing to site devices; Support for IPv4 IPv6 EIDs (hosts) and minimal configuration changes RLOCs (locators) Incrementally deployable; interoperable with existing Internet BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 11
  • 12. LISP Overview LISP Header Format draft-ietf-lisp-07 Outer Header: Router supplies RLOCs UDP LISP header Inner Header: Host supplies EIDs BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 12
  • 13. LISP Overview LISP Data Plane Concepts  Network-based “Map and Encap” approach Requires the fewest changes to existing systems – only the CPE No changes in hosts, DNS, or Core infrastructure New Mapping Service required for EID-to-RLOC mapping resolution 7. Application peer-to-peer communications 7. Application 6. Presentation 6. Presentation 5. Session 5. Session source destination host peer-to-peer communications host 4. Transport 4. Transport 3. Network (host) 3. Network (host) 3. Network (host) (LISP UDP) (LISP UDP) (LISP UDP) 3. Network (host) 3. Network (LISP) 3. Network (LISP) 3. Network (LISP) 3. Network (host) 2. Data Link 2. Data Link 2. Data Link 2. Data Link 2. Data Link 1. Physical 1. Physical 1. Physical 1. Physical 1. Physical LISP LISP En-cap ITR ETR De-cap Internet packets packets BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 13
  • 14. LISP Overview MTU Issues?  Like all other encapsulation or tunneling protocols, LISP adds to the packet length, resulting in potential fragmentation issues  Three methods are accounted for in the specification 1. “Don‟t Care” – Avoid fragmentation, don‟t do PMTUD, and assume Core MTU is always greater than access MTU 2. Stateless – ITR fragments, then encapsulates; destination host reassembles 3. Stateful – Avoid fragmentation; run PMTUD between ITR and ETR  Experience shows which mechanisms are necessary Years of experience with IPSec and GRE can inform decisions and approaches for LISP deployment BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 14
  • 15. LISP Overview LISP and MTU…  See additional details about MTU in the “Additional Material” section at the end of this presentation BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 15
  • 16. LISP Overview Now that we have LISP, what else can we do?  Level of Indirection allows us to: Keep either the EID fixed while changing the RLOC Create separate namespace with different allocation properties  By keeping EIDs fixed… You don‟t have to renumber You can keep TCP connections established across moves  By allowing RLOCs to change… Now sites can change service providers Now hosts can move Roaming hand-sets Relocating Virtual Machines Relocating Infrastructure into a Cloud  More on this later in the “Use Cases” section… BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 16
  • 17. LISP Operations Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  • 18. LISP Operations LISP Components – Ingress/Egress Tunnel Router (xTR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR ITR – Ingress Tunnel Router ETR – Egress Tunnel Router • Receives packets from site-facing • Receives packets from core-facing interfaces interfaces • Encaps to remote LISP site or natively • De-caps and delivers to local EIDs at forwards to non-LISP site the site BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 18
  • 19. LISP Operations Data Plane – Overview  On-Demand, Cache-based The FIB only contains active map-cache entries  Dynamic Encapsulation No hard tunnel state like GRE  Over-the-Top (CE-based) The “core network” (I.e. Internet) doesn‟t see LISP at Layer 3 BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 19
  • 20. LISP Operations Data Plane Example – Unicast Packet Forwarding PI EID-prefix PI EID-prefix 2.0.0.0/24 3.0.0.0/24 ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 2.0.0.2 -> 3.0.0.3 11.0.0.1 -> 12.0.0.2 11.0.0.1 -> 12.0.0.2 DNS entry: 2.0.0.2 -> 3.0.0.3 2.0.0.2 -> 3.0.0.3 2.0.0.2 -> 3.0.0.3 D.abc.com A 3.0.0.3 EID-prefix: 3.0.0.0/24 Legend: Mapping Locator-set: EIDs -> Green Entry 12.0.0.2, priority: 1, weight: 50 (D1) This policy controlled Locators -> Red Physical link 13.0.0.2, priority: 1, weight: 50 (D2) by destination site BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 20
  • 21. LISP Operations Control Plane – Overview  Distributed “Mapping Database” and “Map Cache”  Map-Servers and Map-Resolvers Provide the service interface for LISP sites into the mapping database  LISP+ALT Designed for a modular, scalable mapping service BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 21
  • 22. LISP Operations LISP Components – Map-Server/Map-Resolver (MS/MR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR MR – Map-Resolver MS – Map-Server • Receives Map-Request encapsulated • LISP ETRs Register here; requires from ITR configured “lisp site” policy, key • De-caps Map-Request, forwards thru • Injects routes for registered LISP sites service interface onto the ALT topology into ALT thru ALT service interface • Sends Negative Map-Replies in response • Receives Map-Requests via ALT; en- to Map-Requests for non-LISP sites caps Map-Requests to registered ETRs BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 22
  • 23. LISP Operations LISP Components – LISP-ALT Topology (ALT) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 ITR ALT – Alternative 11.0.0.0/8 13.0.0.0/8 Topology ETR • Advertises EID-prefixes in Alternate BGP topology over GRE • Service interface for Map-Requests and Map-Replies • Devices with ALT service interface include: MS, MR, xTR, PxTR • ALT-only router aggregates ALT peering connections and can be off-the-shelf gear, a router, commodity Linux host, etc. BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 23
  • 24. LISP Operations Control Plane – Mapping Database & Map Cache LISP Mapping-Database ALT ALT • EID-to-RLOC mappings in all ETRs for each LISP site • ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs MR ALT ALT MS • ETRs can tailor policy based on Map-Request source ITR ETR Provider A Provider X • Decentralization increases attack resiliency S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR LISP Map Cache • “Lives” on ITRs • Map-Cache populated by Map-Replies from ETRs • Stored in ITRs – only for sites to which they are currently sending packets • ITRs must respect policy of Map-Reply mapping data including TTLs, RLOC up/down status, RLOC priorities/weights BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 24
  • 25. LISP Operations Control Plane – Control Plane Mechanisms  Control Plane EID Registration Map-Register messages Sent by an ETR to a Map-Server to register its associated EID prefixes Specifies the RLOC(s) to be used by the Map-Server when forwarding Map-Requests to the ETR  Control Plane “Data-triggered” mapping service Map-Request messages Sent from an ITR when it needs an EID mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration Map-Reply messages Sent from an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress Policy for the requested EID BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 25
  • 26. LISP Operations Control Plane Example – ETR Registration Other 3/8 sites… ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 12.0.0.2-> 66.2.2.2 LISP Map-Register [1] (udp 4342) 3.0.0.0/8 3.0.0.0/8 SHA-1 [3] MS advertises [2] ALT advertise throughout into ALT Including to BGP over GRE Legend: EIDs -> Green Map-Resolver Locators -> Red BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 26
  • 27. LISP Operations Control Plane Example – Map Request ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR 2.0.0.2 -> 3.0.0.3 How do I get DNS entry: to 3.0.0.3? [2] [3] [4] 11.0.0.1 -> 65.1.1.1 66.2.2.2 -> 12.0.0.2 D.abc.com A 3.0.0.3 LISP ECM 11.0.0.1 -> 3.0.0.3 LISP ECM (udp 4342) Map-Request (udp 4342) [5] (udp 4342) 11.0.0.1 -> 3.0.0.3 11.0.0.1 -> 3.0.0.3 Legend: nonce Map-Request Map-Request EIDs -> Green [1] (udp 4342) (udp 4342) Locators -> Red nonce nonce BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 27
  • 28. LISP Operations Control Plane Example – Map Reply ALT ALT PI EID-prefix PI EID-prefix 65.1.1.1 66.2.2.2 2.0.0.0/24 3.0.0.0/24 MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR EID-prefix: 3.0.0.0/24 12.0.0.2 ->11.0.0.1 Mapping Locator-set: Map-Reply [6] (udp 4342) Entry 12.0.0.2, priority: 1, weight: 50 (D1) nonce Legend: EIDs -> Green 13.0.0.2, priority: 1, weight: 50 (D2) 3.0.0.0/24 Locators -> Red 12.0.0.2 [1, 50] 13.0.0.2 [1, 50] BGP-over-GRE Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 28
  • 29. LISP Operations Locator Liveliness fix  Today if a connection goes down, the route for that connection point is withdrawn from the underlying routing table Without  As consequence of adding the “level of indirection” with LISP, we no longer have direct access to “end-point” liveliness EIDs are removed from DFZ and placed in “”off-line” control plane  Thus, we need new mechanisms to provide liveliness information BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 29
  • 30. LISP Operations Locator Liveliness  We need a way to quickly detect when an RLOC is down to provide fast switchover…  We need recent up-status for an RLOC so that the switchover picks a working path… Existence of a route to an RLOC does not give up-status Requires a keep-alive mechanisms S1 D1 S S2 ? D2 D  Data Plane vs. Control Plane “N” times “M” control plane messages does not scale Determine the best approach for fast switchover Trade off message overhead vs. fast convergence BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 30
  • 31. LISP Operations Locator Liveliness Solves More  Use the Routing Table when you can Scalability Cases  Use ICMP if you can In the data plane  Use Locator-Status-Bits (LSB) In the data plane  Use Echo-Nonce In the data plane for RLOC bi-directional flows  Use TCP-Counts Trade off message overhead vs. fast  Use RLOC-Probing In the control plane, from each source-site to each destination-site ETR BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 31
  • 32. LISP Overview Locator Liveliness  See additional details about Locator Liveliness in the “Additional Material” section at the end of this presentation BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 32
  • 33. LISP Operations Interworking Mechanisms  Early Recognition – LISP will not be widely deployed day-one  Interworking for: LISP-capable sites to non-LISP sites (i.e. the rest of the Internet) non-LISP sites to LISP-capable sites  Two basic Techniques LISP Network Address Translators (LISP-NAT) Proxy Ingress Tunnel Routers Proxy Egress Tunnel Routers  Proxy-ITR/Proxy-ETR have the most promise Infrastructure LISP network entity Creates a monetized service opportunity for infrastructure players BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 33
  • 34. LISP Operations LISP Components – Proxy ITR/ETR (PITR/PETR) ALT ALT MR ALT ALT MS ITR ETR Provider A Provider X S1 10.0.0.0/8 12.0.0.0/8 D1 PITR PETR S Provider B Provider Y D S2 D2 11.0.0.0/8 13.0.0.0/8 ITR ETR PITR – Proxy ITR PETR – Proxy ETR • Receives traffic from non-LISP sites; • Allows IPv6 LISP sites with IPv4 RLOCs encapsulates traffic to LISP sites to reach IPv6 LISP sites that only have • Advertises coarse-aggregate EID prefixes IPv6 RLOCs • LISP sites see benefits of ingress TE • Allows LISP sites with uRPF restrictions “day-one” to reach non-LISP sites BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 34
  • 35. LISP Operations Interworking Mechanisms – PITR Example [1] [2] 65.1.1.1 - 2.1.1.1 65.9.1.1 - 66.1.1.1 65.1.1.1 - 2.1.1.1 Non-LISP EID Non-LISP LISP Site 2.1.0.0/16 Site Site 65.1.0.0/16 PITR BGP Advertise: 2.0.0.0/8 Non-LISP PITR Non-LISP LISP EID Site BGP Advertise: Site Site 2.2.0.0/16 65.2.0.0/16 2.0.0.0/8 65.0.0.0/12 66.0.0.0/12 PITR BGP Advertise: Non-LISP 2.0.0.0/8 Non-LISP Internet LISP EID Site Site [3] Site 2.3.0.0/16 65.3.0.0/16 65.1.1.1 - 2.1.1.1 Legend: LISP Sites - EIDs non-LISP Sites - RLOCs Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 35
  • 36. LISP Operations Interworking Mechanisms – PETR Example [2] [1] 65.10.1.1 - 66.1.1.1 ip lisp use-petr 65.10.1.1 65.1.1.1 - 2.1.1.1 65.1.1.1 - 2.1.1.1 Non-LISP EID Non-LISP LISP Site 2.1.0.0/16 65.1.0.0/16 Site PETR Site Non-LISP PITR Non-LISP LISP EID Site BGP Advertise: Site Site 2.2.0.0/16 65.2.0.0/16 2.0.0.0/8 65.0.0.0/12 66.0.0.0/12 PITR BGP Advertise: Non-LISP 2.0.0.0/8 Non-LISP Internet LISP EID Site Site Site 2.3.0.0/16 65.3.0.0/16 [3] [4] 65.1.1.1 - 2.1.1.1 65.9.2.1 - 66.1.1.1 65.1.1.1 - 2.1.1.1 Legend: LISP Sites - EIDs non-LISP Sites - RLOCs Physical link BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 36
  • 37. LISP Operations Practical Security Mechanisms  ETRs… SHA-1 HMAC shared-key authentication between ETR and Map-Server to register EIDs into the mapping system Additional policy and security configured on map-server  ITRs… Will not accept unsolicited Map-Replies, and only accepts a Map-Reply that matches Map-Request nonce Will not accept coarser EID-prefixes  ALT BGP is secured with peer authentication sBGP can be added later when implement  Others… Map-Requests rate-limited Map-Replies could carry public keys ITR could encrypt encapsulated data with ESP headers BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 37
  • 38. LISP Operations Management of LISP  Data Plane Management Ping, traceroute of EIDs S1 D1 Ping, traceroute of RLOCs S2 D2  Control Plane Management LISP Internet Groper (LIG) (like “dig” for DNS)  Device Management show and debug commands MIB coming… BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 38
  • 39. LISP Operations Management of LISP  LISP Internet Groper (LIG) Fetches an EID-to-RLOC database mapping entry Both router and host lig implementations available titanium-dino# lig dmm-xtr-2.lisp4.net Send map-request to 128.223.156.35 for 153.16.12.1 ... Received map-reply from 128.223.156.23 with rtt 0.040508 secs Map-cache entry for dmm-xtr-2.lisp4.net EID 153.16.12.1: 153.16.12.0/24, uptime: 00:00:01, expires: 23:59:58, via map-reply, auth Locator Uptime State Priority/ Data Control Weight in/out in/out 128.223.156.23 00:00:01 up 1/100 0/0 0/0 titanium-dino# lig self6 Send loopback map-request to 128.223.156.35 for 2610:d0:2105:: ... Received map-reply from 173.8.188.25 with rtt 0.260715 secs Map-cache entry for EID 2610:d0:2105::: 2610:d0:2105::/48, uptime: 00:00:01, expires: 23:59:58, via map-reply, self Locator Uptime State Priority/ Data Control Weight in/out in/out 173.8.188.25 00:00:01 up 1/33 0/0 0/0 173.8.188.26 00:00:01 up 1/33 0/0 0/0 173.8.188.27 00:00:01 up 1/33 0/0 0/0 2002:ad08:bc19::1 00:00:01 up 2/0 0/0 0/0 BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 39
  • 40. LISP Operations Management of LISP xTR(config)# ip lisp ? alt-vrf Activate LISP-ALT functionality in VRF database-mapping Configures Locator addresses for an ETR etr Configures a LISP Egress Tunnel Router (ETR) itr Configures a LISP Ingress Tunnel Router (ITR) locator-down Manually set locator status to down map-cache Configures static EID-to-RLOC mappings for an ITR map-cache-limit Configures maximum size of map-cache map-request-source Configures source address for Map-Request message path-mtu-discovery Path MTU discovery proxy-etr Configures a LISP Proxy Engress Tunnel Router (PETR) proxy-itr Configures a LISP Proxy Ingress Tunnel Router (PITR) use-petr Encapsulate to Proxy ETR when matching forward-native entry xTR# show ip lisp ? database Show EID-prefixes configured for this site forwarding LISP forwarding module show commands map-cache Display EID-to-RLOC cache mapping in this ITR statistics Display LISP address family statistics | Output modifiers cr xTR# debug lisp ? control-plane LISP control plane debug categories detail Enable LISP detailed debugging filter Specify a filter for LISP debug output forwarding LISP forwarding related debug commands BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 40
  • 41. LISP Example Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  • 42. LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! interface Loopback0 ip address 153.16.21.1 255.255.255.255 ! interface FastEthernet0/0 ip address 128.223.156.222 255.255.255.0 ! interface FastEthernet0/0/0 ip address 153.16.21.17 255.255.255.240 ! ip lisp database-mapping 153.16.21.0/24 128.223.156.222 priority 1 weight 100 ip lisp itr map-resolver 128.223.156.139 ip lisp itr ip lisp etr map-server 128.223.156.139 key 6 #%$^%## ip lisp etr ! ip route 0.0.0.0 0.0.0.0 128.223.156.1 ! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 42
  • 43. LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! interface Loopback0 ip address 153.16.40.1 255.255.255.255 ! interface FastEthernet0/0 ip address 217.41.8.65 255.255.255.0 ! interface FastEthernet0/0/0 ip address 153.16.40.2 255.255.255.240 ! ip lisp database-mapping 153.16.40.0/24 217.41.88.65 priority 1 weight 100 ip lisp itr map-resolver 193.0.0.170 ip lisp itr ip lisp etr map-server 193.0.0.170 key 6 #%$^%## ip lisp etr ! ip route 0.0.0.0 0.0.0.0 217.41.88.1 ! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 43
  • 44. LISP Example Configurations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 ! hostname arin-mrmr ! ---skip--- ! lisp site dmm-isr hostname ripe-mrmr eid-prefix 153.16.21.0/24 route-tag 1234567890 ! authentication-key 3 #%$^%## ---skip--- description dmm-isr lisp site simlo ! eid-prefix 153.16.40.0/24 route-tag 1234567890 ---skip--- authentication-key 3 #%$^%## description simlo ! ---skip--- BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 44
  • 45. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# show ip lisp database LISP ETR IPv4 Mapping Database, LSBs: 0x1 EID-prefix: 153.16.21.0/28 128.223.156.222, priority: 1, weight: 100, state: up, local dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 1 entries 0.0.0.0/0, uptime: 00:01:15, expires: never, via static dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 45
  • 46. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR dmm-isr# show ip lisp site dmm-isr LISP Site Registration Information for VRF default * = truncated IPv6 address 128.223.156.139 153.16.40.0/24 Site name: dmm-isr 153.16.21.0/24 Description: none configured Allowed configured locators: any 193.0.0.170 Allowed EID-prefixes: EID-prefix: 2610:d0:1209::/48 Currently registered: yes First registered: 1w5d Last registered: 00:00:17 Who last registered: 128.223.156.222 Routing table tag: 0x499602d2 Registered locators: 128.223.156.222 (up) EID-prefix: 153.16.21.0/28 Currently registered: yes First registered: 1w5d Last registered: 00:00:17 Who last registered: 128.223.156.222 Routing table tag: 0x499602d2 Registered locators: 128.223.156.222 (up) dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 46
  • 47. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# lig self Mapping information for EID 153.16.21.0 from 128.223.156.222 with RTT 0 msecs 153.16.21.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:00 up 1/100 dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 2 entries 0.0.0.0/0, uptime: 00:01:15, expires: never, via static 153.16.21.0/24, uptime: 00:00:02, expires: 23:59:57, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:02 up 1/100 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 47
  • 48. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# lig 153.16.40.1 Mapping information for EID 153.16.40.1 from 217.41.88.65 with RTT 404 msecs 153.16.40.0/24, uptime: 00:00:00, expires: 1d00h, via map-reply, complete Locator Uptime State Pri/Wgt 217.41.88.65 00:00:00 up 1/100 dmm-isr# show ip lisp map-cache LISP IPv4 Mapping Cache, 3 entries 0.0.0.0/0, uptime: 00:00:13, expires: never, via static 153.16.21.0/24, uptime: 00:00:10, expires: 23:59:49, via map-reply, self Locator Uptime State Pri/Wgt 128.223.156.222 00:00:10 up 1/100 153.16.40.0/24, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt 217.41.88.65 00:00:00 up 1/100 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 48
  • 49. LISP Example Operations arin-mrms MS/MR 217.41.88.65 simlo xTR 128.223.156.222 ripe-mrms dmm-isr xTR MS/MR 128.223.156.139 153.16.40.0/24 153.16.21.0/24 193.0.0.170 dmm-isr# show ip lisp Ingress Tunnel Router (ITR): enabled Egress Tunnel Router (ETR): enabled ITR Map-Resolver: 128.223.156.139 ETR Map-Server(s): 128.223.156.139 (00:00:07) ETR accept mapping data: enabled, verify enabled ETR map-cache TTL: 24 hours Locator Status Algorithms: RLOC-probe algorithm: enabled Static mappings configured: 0 Map-cache limit: 1000 Map-cache activity check period: 60 secs Map-cache size: 3 dmm-isr# BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 49
  • 50. LISP Use Cases Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  • 51. LISP Use Cases Enterprise Use Case 1 – Low OpEx Multi-Homing  Active/active multi-homing Low-OpEx switchover (no BGP)  More efficient bandwidth use by site Use all the bandwidth you pay for Provider A Provider B 10.0.0.0/8 11.0.0.0/8  New link revenue for ISP At the benefit of keeping site‟s routes out of their resources  Decoupling addressing from ISP S1 S2 Site has flexibility to change providers 2.0.0.0/8 Raises the bar for ISPs, better for consumer sites BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 51
  • 52. LISP Use Cases Enterprise Use Case 2 – Dynamic Roaming and VPNs Engineering is using global PI addresses Boston San Francisco Engineering Marketing Core is using global 2.1.0.0/16 10.2.0.0/16 PA addresses Enterprise Core 65.0.0.0/8 Los Angeles New York Engineering Marketing 2.2.0.0/16 10.1.0.0/16 65.5.1.1 65.5.2.2 Marketing is using 2.2.0.0/16 - Dallas private addresses (65.4.1.1, 65.4.2.2) (65.5.1.1, 65.5.2.2) Engineering Dynamic creation of a site is 2.2.0.0/16 An engineering site moves done by simply registering EID-to-RLOC mapping to the Mapping Database System BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 52
  • 53. LISP Use Cases Service Provider Use Case 1 – Multi-Family Address Support  The Internet core is not dual-stack, deal with it IPv6-only Site IPv6-only Site 2610:d0:1::/48 2610:d0:2::/48 IPv4 Internet Core LISP Site LISP Site PxTR PxTR Dual Stack Dual Stack Dual-Stack ISP 240.1.0.0/16 65.4.0.0/16 2610:d0:1::/48 2001:1:2::/48 LISP Site Non-LISP Site TCP-over-IPv6 Connection dino-unix.lisp6.net ipv6.google.com BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 53
  • 54. LISP Use Cases Service Provider Use Case 2 – Multi-Family Address Support  A possible cable company… IPv6 core; They can‟t upgrade residential on IPv4 IPv4-only Server Site IPv6 Cable Core Network IPv4-only 2.1.0.0/16 Residential Site LISP Site 192.168.1.0/24 PxTR LISP Site PxTR IPv4-only Dual-Stack Region Server Site 65.4.0.0/16 Non-LISP Site IPv6 path IPv4 path BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 54
  • 55. LISP Use Cases Data Center Use Case 1 – Virtual Machine Mobility 2.2.0.0/16 - A’ 3.1.1.1/32 - A’ 3.1.0.0/16 - A Data Center RLOC A RLOC A’ A A’ 3.1.1.254/24 3.1.11.254/24 2.2.2.254/24 2.2.22.254/24 S1 S2 S3 S4 3.1.1.1/24 3.1.11.2/24 2.2.2.3/24 2.2.22.4/24 S1 moves L3 Router LISP Router BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 55
  • 56. LISP Use Cases Data Center Use Case 2 – Load Balancing the SLBs Array of Servers VIPs Array of SLBs EIDs - RLOC-sets ETR ETR ETR ETR ITR ITR ITR Data Center ITR VIPs are EIDs Internet L3 Router LISP Router Any brand Server Load Balancer Servers BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 56
  • 57. LISP Use Cases LISP Mobile Code Use Case –  What if 2 Mobile Hand-sets could roam and keep a TCP connection established?  What if 2 Mobile Hand-sets could LISP-encapsulate to each other with a path-stretch of 1?  What if you could put up server functionality on your Mobile Hand-set?  What if your Mobile Hand-set could use all radios at the same time? BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 57
  • 58. LISP Use Cases LISP Mobile Code Use Case – This is a LISP site! EID-prefix: 2001:xxxx:yyyy::1/128 wifi 64.0.0.1 Map-Server: 64.1.1.1 3G 65.0.0.1 Can set ingress packet policy! Green x.x.x.x - EID Red x.x.x.x - Locator (RLOC) BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 58
  • 59. LISP Use Cases LISP Mobile Code Use Case –  Run lightweight variant of LISP on the MN draft-meyer-lisp-mn-01.txt  EID can be burned into the SIM Can be either an IPv4 or probably an IPv6 address Will be yours forever – it‟s your “Network Name”  Your DHCP address is your MN‟s RLOC  MN carries Map-Server RLOC while roaming  When you get a new DHCP address: Register the new RLOC(s) to Map-Server(es) Update ITR/PITR caches BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 59
  • 60. LISP Use Cases LISP Mobile Code Use Case – Can it scale?  Leave RLOCs alone, they map to underlying physical topology There is absolutely no more-specific state in the core for LISP MNs (or any other LISP site for that matter…)  LISP MN EID more-specific state only in Map-Server Map-Server is control-plane home agent Map-Server already has covering route; no more-specifics in the ALT  The only other place for more-specific state is in devices that cache (ITRs and PITRs) How bad can this be? BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 60
  • 61. LISP Use Cases LISP Mobile Code Use Case – Back-of-the-Envelop Calculation  Assume a map-cache entry is 1000-bytes • 1000-bytes is fairly fat and can be optimized  1M entries (LISP MNs) per ITR requires 1GB of memory (cheap!)  10M entries (LISP MNs) requires 10GB of memory (simple!)  Deploy 100 ITRs at 10M entries each – that‟s 1B LISP MNs 100 ITRs is not unreasonable since good use-experience forces shortest exit Each ITR can hold 10M phones!  This is achievable since granular state is only where you need it and no where else! BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 61
  • 62. LISP Initiatives Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
  • 63. LISP Initiatives Standardization Status Fall 2008 1st IETF WG 2nd BOF San Francisco Minneapolis IETF 2nd IETF WG Oct 2006: 2007 Summer 2008 Stockholm IAB Routing WS LISP in RRG 1st BOF Dublin IETF 3rd IETF WG Hiroshima 2006 2007 2008 2009 2010 Spring 2009: Fall 2010: More Drafts IETF WG Completes Jan 2007: June 2007: Fall 2007: LISP-MS Beijing First Drafts 2nd Set Drafts 3rd Set Drafts LISP-LIG Main LISP LISP-ALT LISP-IW LISP-CONS Summer 2009: Summer 2009: LISP-NERD LISP-MN Loc-Reach-Algs Implemented RRG Effort IETF Effort BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 63
  • 64. LISP Initiatives What’s Cisco Doing in LISP?  Cisco LISP Prototype Implementation Started at Prague IETF, Mar 07; Deployed Pilot Network, July 07 Since then, 220 releases of experimental code  Cisco LISP Product Implementations Phase 1 (December 24, 2009) − ISR, ISR-G2, 7200 (xTR) Phase 2 (March 31, 2010) − ISR, ISR-G2, 7200 (xTR, PxTR, ALT) [IOS 15.1(1)XB1] − ASR 1000 (xTR, PxTR, ALT) [IOS-XE 2.5.1] Available Now! − Nexus 7000 (xTR, PxTR, MS/MR) [NX-OS 5.1(1.13)] − UCS C200 (MS/MR) [NX-OS 5.1(1.13)] Phase 3 (June 30, 2010) • External LISP Efforts − More LISP! – FreeBSD OpenLISP http://gforge.info.ucl.ac.be/projects/openlisp/ – Open Source LIG Diagnostic Tool http://www.github.com/davidmeyer/lig BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 64
  • 65. LISP Initiatives LISP Network – Goals for the LISP Network  Conduct Experiments Provide course-adjustments for protocol architecture  Test Multiple Implementations  Prove ALT Topology maps to EID Address Allocation Delegations  Emulate MSP Business Models  Protocol Learning Tool for Users  Test bed for building Management Tools BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 65
  • 66. BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 66
  • 67. BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 67
  • 68. LISP Initiatives LISP Network – Gaining LISP management experience BRKCRS-3045 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 68
  • 69. Summary Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 69