advances in lisp: current deployments to future innovations techadvantage webinar
DESCRIPTION
The Locator/ID separation protocol (LISP) implements a "level of indirection" that enables a new IP routing architecture by separating IP addresses into two namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators (RLOCs), which are assigned to devices (primarily routers) making up the global routing system. By separating EIDs and RLOCs to create an overlay network, LISP inherently enables numerous benefits within a single protocol, including: Low OpEx multihoming with ingress traffic engineering; address family independence for efficient IPv4 and IPv6 support; high-scale Virtualization/Multi-tenancy support; and Data Center/Cloud Host Mobility support, including session persistence across mobility events. The first part of the webinar provides a brief LISP progress report including IETF LISP standardization initiatives as well as Cisco LISP initiatives. We'll then review, in detail, the broad LISP use-cases, and focuses on specific production deployment examples highlighting each use-case. Listen to the WebEx: https://cisco.webex.com/cisco/onstage/g.php?t=a&d=201502266TRANSCRIPT
1 © 2013 Cisco and/or its affiliates. All rights reserved.
Cisco TechAdvantage Webinars Advances in LISP: Current Deployments to Future Innovations Gregg Schudel and Marco Pessi
Follow us @GetYourBuildOn
We’ll get started a few minutes past the top of the hour.
Note: you may not hear any audio until we get started.
© 2013 Cisco and/or its affiliates. All rights reserved. 2
• Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists
• Please complete the post-event survey
• For WebEx audio, select COMMUNICATE > Join Audio Broadcast
• Where can I get the presentation? Or send email to: [email protected]
• Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage
• For WebEx call back, click ALLOW phone button at the bottom of participants side panel
© 2013 Cisco and/or its affiliates. All rights reserved. 3
Panelists Speakers
Gregg Schudel Technical Marketing Engineer
Marco Pessi Technical Marketing Engineer
Marc Portoles Comeras Software Engineer
Johnson Leong Software Engineer [email protected]
© 2013 Cisco and/or its affiliates. All rights reserved. 4
• LISP Perspectives - Where are we today? - What observations can we make today?
• LISP Customer Deployment Use Cases - Multihoming and Multi-Address Family - Virtualization/Multitenancy - Datacenter/Host Mobility
• Wrap-up
© 2013 Cisco and/or its affiliates. All rights reserved. 5
Advances in LISP: Current Deployments to Future Innovations
© 2013 Cisco and/or its affiliates. All rights reserved. 6
• LISP has come a long way since 2006 IETF… - when a small group of Cisco engineers and industry researchers
began discussing ID/Location split - when Cisco engineers began developing the LISP protocol
• 8 IETFs RFCs published during 2013 - RFC 6830-6836, RFC 7052 - Initial IETF LISP WG focus was on routing table scaling - Going forward, IETF LISP WG focus now moving to LISP use cases
• Most importantly, we have very significant customer deployments - Wide range of customers :: both Enterprise and Service Provider space - Wide range of use cases :: Internet VPNs, Multi-homing, IPv6 Transition, Data Center Host Mobility
RFCs Locator/ID Separa2on Protocol (LISP) RFC 6830 LISP Map Server RFC 6833 LISP Interworking RFC 6832 LISP Mul2cast RFC 6831 LISP Internet Groper RFC 6835 LISP Map Versioning RFC 6834 LISP+ALT RFC 6836 LISP MIB RFC 7052
© 2013 Cisco and/or its affiliates. All rights reserved. 7
• LISP is a transformative technology - LISP adds significant new capabilities and reduces complexities! - Customers have new options for building and operating networks
• LISP deployments are now moving beyond ‘early adopters’ - Large number of customers deploying LISP in production - Large scale and wide diversity of of LISP deployments - Customer commitment to and reliance on LISP in their business models
• LISP engages a broad range of new participation in networking - Open standard, and control plane/data plane separation enables… o Universities and researchers to experiment on new and novel design concepts
o Easy and effective Integration with software defined networking initiatives
o Open source code implementations and wide hardware/device support from new vendors
© 2013 Cisco and/or its affiliates. All rights reserved. 8
Advances in LISP: Current Deployments to Future Innovations
9 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 10
• Increased Resiliency - Access link, router, or upstream provider network failures should not interrupt service
• Increased Bandwidth - Usually cheaper to add a 2nd link rather than buying a ‘step increase’ in existing access bandwidth - Adding bandwidth via a 2nd link gives other benefits over simply increasing single link bandwidth - But this extra bandwidth has to be useable – need to have the ability to effect ingress traffic usage
• Increased Responsiveness - Potentially, can serve customers better with diverse links
• Increased Market Opportunities - IPv6 opportunities for new growth - Serve customers “not in your physical plant footprint”
© 2013 Cisco and/or its affiliates. All rights reserved. 11
Customer Case Study: http://lisp.cisco.com
Customer Site: http://njedge.net Customer Site: http://lisp.njedge.net
• Market Segment - Over the Top Service Provider for State of New Jersey Educational Entities
(K-12, universities, colleges)
• LISP Services - BGP-free Multihoming - IPv6 Internet Access - Host Mobility Disaster-Recovery (adding now…) - Inter-Departmental VPNs (adding next…)
© 2013 Cisco and/or its affiliates. All rights reserved. 12
IPv4 Internet
Tier 1 SP2 Commodity SP
Transit SP
Member N
CPE
Tier 1 SP1
Member 2
CPE
IPv6 Internet Some..
v6
More… v6
Google Facebook
Member 1
CPE
More… v4
Some.. v4
Default Route
Default Route
Or BGP
Member 3
CPE CPE
BGP BGP
Constituent Member Topologies…
They wanted: 50%/50% They got:
90%/10% ? 80%/20% ?
Never 50%/50%
router bgp 100 bgp router-‐id 172.16.2.1 bgp asnota2on dot no bgp default ipv4-‐unicast bgp log-‐neighbor-‐changes neighbor 172.16.2.1 remote-‐as 300 <== eBGP to SP1 neighbor 172.16.1.2 remote-‐as 400 <== eBGP to SP2 ! address-‐family ipv4 no synchroniza2on redistribute ospf route-‐map populate-‐default neighbor 172.16.1.2 ac2vate neighbor 172.16.1.2 route-‐map filter-‐out out neighbor 172.16.1.2 route-‐map filter-‐in in neighbor 172.16.1.2 maximum-‐prefix 450000 90 neighbor 172.16.2.1 ac2vate neighbor 172.16.2.1 route-‐map filter-‐out out neighbor 172.16.2.1 route-‐map filter-‐in in neighbor 172.16.2.1 maximum-‐prefix 450000 90 no auto-‐summary exit-‐address-‐family ! ip bgp-‐community new-‐format ip community-‐list standard outlist permit 100:123 ! route-‐map populate-‐default permit 10 set origin igp set community 100:123 ! route-‐map filter-‐out permit 10 match community outlist ! route-‐map filter-‐in permit 10 match community inlist !
Many more features can be added here...
Before LISP, constituent members were faced with… • Configuration complexity… • Uneven multihoming load
shares…
. . .
© 2013 Cisco and/or its affiliates. All rights reserved. 13
IPv4 Internet
Tier 1 SP2 Commodity SP
Transit SP
Member N
CPE
Tier 1 SP1
Member 2
CPE
IPv6 Internet Some..
v6
More… v6
Google Facebook
Member 1
CPE
More… v4
Some.. v4
Default Route
Default Route
Or BGP
Member 3
CPE CPE
BGP BGP
Constituent Member Topologies…
By deploying LISP… NJEDge.Net LISP Network
MS/MR PxTR
NJEDge.Net LISP Network
MS/MR PxTR
Member 1
xTR
Default Route
Default Route
Member 2
xTR
Member N
xTR
Default Route
Member 3
xTR xTR
Default Route
• Configuration simplicity…
router lisp locator-‐set Site3 172.16.1.2 priority 1 weight 50 172.16.2.2 priority 1 weight 50 exit ! eid-‐table default instance-‐id 0 database-‐mapping 10.1.1.0/24 locator-‐set Site3 exit ! ipv4 itr ipv4 etr ipv4 itr map-‐resolver 172.17.1.1 ipv4 etr map-‐server 172.17.1.1 key s3cr3t ipv4 use-‐petr 10.5.5.5 ! . . .
© 2013 Cisco and/or its affiliates. All rights reserved. 14
IPv4 Internet
Tier 1 SP2 Commodity SP
. . .
Transit SP
Member N
CPE
Tier 1 SP1
Member 2
CPE
IPv6 Internet Some..
v6
More… v6
Google Facebook
Member 1
CPE
More… v4
Some.. v4
Default Route
Default Route
Or BGP
Member 3
CPE CPE
BGP BGP
By deploying LISP… NJEDge.Net LISP Network
MS/MR PxTR
NJEDge.Net LISP Network
MS/MR PxTR
Member 1
xTR
Default Route
Default Route
Member 2
xTR
Member N
xTR
Default Route
Member 3
xTR xTR
Default Route
• Configuration simplicity…
• Even multihoming load sharing…
LISP-to-LISP
Non-LISP-to-LISP
IPv4 EID Aggregate
Advertisement
© 2013 Cisco and/or its affiliates. All rights reserved. 15
IPv4 Internet
Tier 1 SP2 Commodity SP
Transit SP
Member N
CPE
Tier 1 SP1
Member 2
CPE
IPv6 Internet Some..
v6
More… v6
Google Facebook
Member 1
CPE
More… v4
Some.. v4
Default Route
Default Route
Or BGP
Member 3
CPE CPE
BGP BGP
NJEDge.Net LISP Network
MS/MR PxTR
NJEDge.Net LISP Network
MS/MR PxTR
Member 1
xTR
Default Route
Default Route
Member 2
xTR
Member N
xTR
Default Route
Member 3
xTR xTR
Default Route
. . .
NJEDge.Net is now adding IPv6 for its members!
IPv6 EIDs
IPv6 EIDs IPv6
EIDs
IPv6 EIDs
LISP-to-LISP
Non-LISP-to-LISP
IPv6 EID Aggregate Advertisement
© 2013 Cisco and/or its affiliates. All rights reserved. 16
• Deployment Details - ASR1Ks as MSMRs - ASR9Ks as PxTRs (90G Internet capacity)
• Key LISP Benefits ü No BGP to configure or complexities for customers to manage ü No complex configurations ü Optimized and predictable Ingress load balancing * ü Cost Savings by reducing OPEX and CAPEX ü LISP offers non disruptive transition approach which does not affect end system and allows for
incremental deployment ü Disaster Recovery for Critical Applications introduces Increased Complexity
* Traditional BGP-based multihoming and load balancing is especially challenging (and often unpredictable during failure events). LISP always is predictable.
This opens the door for “best” access! • Broadband now useable • Higher speeds, lower costs • Backup link diversity
© 2013 Cisco and/or its affiliates. All rights reserved. 17
Hosts (end-points)
Underlay Network
• LISP with MPLS results in an “ideal” deployment environment - Locator/ID split “idealizes” a pure “RLOC core” and “EID Overlay” - Enabler for many high-payoff benefits
Underlay Control Plane (BGP)
Edge Devices (CEs) Edge Device (CE)
• Robust Underlay/Fabric - High Capacity Resilient Fabric
- Intelligent Packet Handling
- Programmable & Manageable
• Flexible Overlay Virtual Network - Scale – Reduce core state
- Virtualization
- Mobility – Track end-point attach at edges
- Distribute and partition state to network edge
- Flexibility/Programmability
- Reduced number of touch points
Overlay Control Plane (LISP Mapping System)
LISP Encapsulation Service = Virtual Network (VN)
© 2013 Cisco and/or its affiliates. All rights reserved. 18
• Enterprise Customer Deployment Examples: - IPv6 over IPv4 MPLS VPN o Immediate ability to deploy IPv6 enterprise network without core involvement - Multihoming over two separate MPLS VPN service provider networks o LISP control plane automatically handles disjointed locator space - Virtualization over existing MPLS VPN * o Immediate ability to deploy virtualization over the top of MPLS network without core involvement
• Service Provider Customer Deployment Examples: - NNI for 3rd-party MPLS provider access * o Simplified NNI solution that enables uniform service levels “everywhere”
* Covered in the virtualization/multitenancy section of this presentation.
© 2013 Cisco and/or its affiliates. All rights reserved. 19
1: Existing IPv4 MPLS
Blue MPLS-‐VPN
SP MPLS
Blue Site 1
PE1
Purple MPLS-‐VPN
Purple Site 1
PE4
PE3 PE2
Blue Site 2
Blue Site 3
Purple Site 2
CE2 IPv4
IPv4
IPv4 IPv4
IPv4
IPv4 IPv4
IPv4
CE3 CE2
CE1
CE1
IGP eBGP
IPv4 IPv4
PE2#show ip route vrf BLUE ---<skip>--- 10.0.0.0/8 is subnetted, 9 subnets B 10.1.0.0/24 [20/11] via 12.1.0.2, 00:17:55 B 10.1.2.0/24 [20/11] via 12.1.0.2, 00:17:55 B 10.3.0.0/24 [20/11] via 12.3.0.2, 00:12:01 B 10.3.1.0/24 [20/11] via 12.3.0.2, 00:12:01 ---<more>--- 12.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 12.1.0.0/30 is directly connected, Ethernet1/0 L 12.1.0.1/32 is directly connected, Ethernet1/0 ---<more>--- PE2#
Customer Prefixes (EIDs!!)
PE-‐CE links (RLOCs!!)
CE1#show ip route ---<skip>--- 10.0.0.0/8 is subnetted, 9 subnets O IA 10.1.0.0/24 [110/11] via 172.16.6.1, 00:29:49, Ethernet1/0 O IA 10.1.2.0/24 [110/11] via 172.16.6.1, 00:29:49, Ethernet1/1 ---<skip>--- B 10.3.0.0/24 [20/11] via 12.3.0.2, 00:12:01 B 10.3.1.0/24 [20/11] via 12.3.0.2, 00:12:01 ---<more>--- 12.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 12.1.0.2/30 is directly connected, Ethernet0/0 B 12.1.0.8/30 [20/11] via 12.3.0.1, 00:12:01 ---<more>--- CE1#
Customer Prefixes (EIDs!!)
PE-‐CE links (RLOCs!!)
© 2013 Cisco and/or its affiliates. All rights reserved. 20
1: Existing IPv4 MPLS – Add LISP!
Blue MPLS-‐VPN
SP MPLS
Blue Site 1
PE1
Purple MPLS-‐VPN
Purple Site 1
PE4
PE3 PE2
Blue Site 2
Blue Site 3
Purple Site 2
CE2 IPv4
IPv4
IPv4 IPv4
IPv4
IPv4 IPv4
IPv4
CE3 CE2
CE1
CE1
IGP eBGP
IPv4 IPv4
xTR
xTR MSMR
xTR
✗ route-map deny EIDs out
Note: LISP can be enabled on CE or PE devices!
PE2#show ip route vrf BLUE ---<skip>--- 12.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 12.1.0.0/30 is directly connected, Ethernet1/0 L 12.1.0.1/32 is directly connected, Ethernet1/0 ---<more>--- PE2#
PE-‐CE links (RLOCs!!)
CE1#show ip route ---<skip>--- 10.0.0.0/8 is subnetted, 9 subnets O IA 10.1.0.0/24 [110/11] via 172.16.6.1, 00:29:49, Ethernet1/0 O IA 10.1.2.0/24 [110/11] via 172.16.6.1, 00:29:49, Ethernet1/1 ---<skip>--- 12.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 12.1.0.2/30 is directly connected, Ethernet0/0 B 12.1.0.8/30 [20/11] via 12.3.0.1, 00:12:01 ---<more>--- CE1#
PE-‐CE links (RLOCs!!)
This sites Prefixes (EIDs!!)
© 2013 Cisco and/or its affiliates. All rights reserved. 21
✗ route-map deny EIDs out
1: Existing IPv4 MPLS – Add LISP!
Blue MPLS-‐VPN
SP MPLS
Blue Site 1
PE1
Purple MPLS-‐VPN
Purple Site 1
PE4
PE3 PE2
Blue Site 2
Blue Site 3
Purple Site 2
CE2 IPv4
IPv4
IPv4 IPv4
IPv4
IPv4 IPv4
IPv4
CE3 CE2
CE1
CE1
IGP eBGP
IPv4 IPv4
xTR
xTR MSMR
xTR
✗ route-map deny EIDs out
Note: LISP can be enabled on CE or PE devices!
CE1#show ip lisp map-cache LISP IPv4 Mapping Cache for EID-table default (IID 0), 12 entries 0.0.0.0/0, uptime: 6w0d, expires: never, via static send map-request Negative cache entry, action: send-map-request 10.3.0.0/24, uptime: 00:00:06, expires: 23:59:46, via map-reply, complete Locator Uptime State Pri/Wgt 12.3.0.2 00:00:06 up 1/100 ---<more>--- CE1#
Other site EIDs!!
PE-‐CE link (RLOC!!)
© 2013 Cisco and/or its affiliates. All rights reserved. 22
2: Add IPv6 over IPv4 MPLS with LISP
Blue MPLS-‐VPN
SP MPLS
Blue Site 1
PE1
Purple MPLS-‐VPN
Purple Site 1
PE4
PE3 PE2
Blue Site 2
Blue Site 3
Purple Site 2
CE2 IPv4
IPv4
IPv4 IPv4
IPv4
IPv4 IPv4
IPv4
CE3 CE2
CE1
CE1
IGP eBGP
IPv4 IPv4
xTR
xTR MSMR
xTR
✗ route-map deny EIDs out IPv6
IPv6 IPv6
PE2#show ipv6 route vrf Blue % Specified IPv6 routing table does not exist PE2#
IPv6 Not Enabled!
IPv6 EIDs!!
CE1#show run | begin router lisp ---<skip>--- router lisp eid-table default instance-id 0 database-mapping 2001:db8:a:a::/64 12.1.0.2 pri 1 wei 100 exit ! ipv6 itr map-resolver 12.1.0.2 ipv6 itr ipv6 etr map-server 12.1.0.2 key ce1-xtr ipv6 etr exit ! ---<more>--- CE1#
© 2013 Cisco and/or its affiliates. All rights reserved. 23
2: Add IPv6 over IPv4 MPLS with LISP
Blue MPLS-‐VPN
SP MPLS
Blue Site 1
PE1
Purple MPLS-‐VPN
Purple Site 1
PE4
PE3 PE2
Blue Site 2
Blue Site 3
Purple Site 2
CE2 IPv4
IPv4
IPv4 IPv4
IPv4
IPv4 IPv4
IPv4
CE3 CE2
CE1
CE1
IGP eBGP
IPv4 IPv4
xTR
xTR MSMR
xTR
✗ route-map deny EIDs out IPv6
IPv6 IPv6
IPv4
CE1#ping 2001:db8:b:b::1 so 2001:db8:a:a::1 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 2001:db8:b:b::1, timeout is 2 seconds: Packet sent with a source address of 2001:db8:a:a::1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms CE1# CE1#show ipv6 lisp map-cache LISP IPv6 Mapping Cache for EID-table default (IID 0), 3 entries ::/0, uptime: 6w0d, expires: never, via static send map-request Negative cache entry, action: send-map-request 2001:DB8:B:B::/64, uptime: 00:01:17, expires: 23:58:36, via map-reply, complete Locator Uptime State Pri/Wgt 12.3.0.2 00:00:06 up 1/100 ---<more>--- CE1#
Other site EIDs!!
PE-‐CE links RLOCs!!
© 2013 Cisco and/or its affiliates. All rights reserved. 24
• Customer Example :: Cisco IT – IPv6-over-IPv4 MPLS
Current Remote Office xTR 8 Offices, ~1900 employees ~1375 IPv6 devices Planned Deployments (Q1- CY14) 80+ additional offices
L3 MPLS VPN
PxTR, MSMR
Proxy Aggregate BW
© 2013 Cisco and/or its affiliates. All rights reserved. 25
LTE Cloud
SP Broadband
Core
Customer 192.168.1.0/24
.10
UP: xMbps DN: yMbps
UP: aMbps DN: bMbps
2
1
EID (Lo0) 10.1.1.x/32
Internet PxTR
§ Multihoming by bundling multiple access technologies – 4G+xDSL
§ Higher BW, and resiliency
§ Load Sharing – Bandwidth and link conditions
§ Better user experience
§ Subscriber traffic NAT’d to EID loopback – Common configuration on all CE
§ Supports DHCP (RLOC) § LISP hidden from customer
• Customer Example :: “Home Router Market” (Europe)
© 2013 Cisco and/or its affiliates. All rights reserved. 26
IPv4 Internet 0.0.0.0/0
IPv6 Internet
::/0 MPLS VPN Core
xTR xTR xTR
xTR xTR xTR xTR
xTR
MSMR RTR
• Locator/ID separation creates two namespaces: EIDs and RLOCs - EID space is the overlay of Enterprise prefixes - RLOC space is the underlay network connectivity
• Fundamental principal of ALL network: connectivity must exist between sites
• LISP supports sites being connected to locator spaces that have no connectivity to each other! - In LISP, this is known as a “disjointed RLOC set”
© 2013 Cisco and/or its affiliates. All rights reserved. 27
IPv4 Internet 0.0.0.0/0 (scope 1)
IPv6 Internet
::/0 (scope 2)
xTR4 10.0.4.0/30
EID – 4.4.4.0/24 EID – 4:4:4::/48
xTR6 10:0:6::/64
EID – 6.6.6.0/24 EID – 6:6:6::/48
One obvious example of disjointed RLOC spaces is for IPv4 and IPv6 attached sites MPLS SP 1
IPv4 VPN 10.1.0.0/16 (scope 1)
MPLS SP 2 IPv4 VPN
10.2.0.0/16 (scope 2)
xTR1 10.1.1.0/30
EID – 1.1.1.0/24 EID – 1:1:1::/48
xTR2 10.2.1.0/30
EID – 2.2.2.0/24 EID – 2:2:2::/48
Internet (scope 1)
MPLS IPv4 VPN (scope 2) xTR1
10.1.1.0/30 EID – 1.1.1.0/24 EID – 1:1:1::/48
xTR2 10.2.1.0/30
EID – 2.2.2.0/24 EID – 2:2:2::/48
The same situation occurs for distinct core networks of the same address family. Two MPLS VPN cores, for example, exhibit disjointed RLOC properties.
© 2013 Cisco and/or its affiliates. All rights reserved. 28
Core 2 10.2.0.0/16
xTR xTR xTR
xTR xTR xTR
MSMR RTR
Core 1 10.1.0.0/16
! router lisp locator-set rtr-set1 10.1.3.1 priority 1 weight 1 exit ! locator-set rtr-set2 10.2.3.1 priority 1 weight 1 exit ! locator-scope s1 rtr-locator-set rtr-set1 rloc-prefix 10.1.0.0/16 exit ! locator-scope s2 rtr-locator-set rtr-set2 rloc-prefix 10.2.0.0/16 exit ! ---<etc.>---
! router lisp locator-set setALL 10.1.3.1 priority 1 weight 1 10.2.3.1 priority 1 weight 1 exit ! map-request itr-rlocs setALL eid-table default instance-id 0 map-cache 0.0.0.0/0 map-request map-cache ::/0 map-request exit ! ---<etc.>---
No changes are made to the CE devices!!
29 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 30
• Virtualization of the DEVICE level - Virtual Routing and Forwarding (VRF)
tables segment Layer 3 routing tables - VRFs are used to virtualize the component
resources - Virtualization secures movement of traffic
between networks and enhances security policy options
• Virtualization of the PATH level - VRFs assist in path isolation - Single-hop (hop-by-hop) - Multi-hop (over-the-top)
VRF-1
VRF-2
Global
IP
802.1q, DLCI, VPI/VCI PW,
EVN
GRE, MPLS, etc.
#1 LISP use case!!
© 2013 Cisco and/or its affiliates. All rights reserved. 31
• Recalling that… LISP is “Locator/ID” separation… and creates two namespaces: EIDs and RLOCs… LISP can virtualize both EID and RLOC namespaces, or both!
• Two models of operation are defined: Shared and Parallel - Shared Model Virtualization: o Virtualizes the EID namespaces
o Binds EID namespace privately defined using a VRF to an Instance-ID o Uses a common (shared) RLOC (locator) address space
o The Mapping System is also part of the locator namespaces and is shared - Parallel Model Virtualization: o Virtualizes the RLOC (locator) namespaces
o One or more EID instances may share a virtualized RLOC namespace o A Mapping System must also be part of each locator namespaces is shared
© 2013 Cisco and/or its affiliates. All rights reserved. 32
. . .
Data Center Host/Cloud
Service (Virtualized)
SONY Bit-Drive Services
IPv6 Internet
IPv4 Internet
KS MS/MR
GW
PxTR
xTR
IPv4/IPv6 EID Space
xTR
SMB X Site 1
IPv4/IPv6 EID Space
xTR
SMB X Site 2
IPv4/IPv6 EID Space
xTR
SMB X Site 3
TEK/LISP IID X
GETVPN+LISP
IPv4/IPv6 EID Space
xTR
SMB Y Site 1
IPv4/IPv6 EID Space
xTR
SMB Y Site 2
IPv4/IPv6 EID Space
xTR
SMB Y Site 10
. . .
TEK/LISP IID Y
GETVPN+LISP
IID X
IID Y
X Y
X Y
• Market Segment - SMB customers, 2 to 15 sites - IPv6 Access/Core, IPv4 Customer space
• LISP Services - GETVPN+LISP (encrypted VPN) - IPv4, IPv6 Internet Access - Multitenant Data Center (web, mail, etc.)
© 2013 Cisco and/or its affiliates. All rights reserved. 33
Cisco Products: • SONY bit-drive LISP infrastructure
ASR1Ks for Proxy Systems
ISRG2s for Mapping Systems
ASR1Ks for NAT Devices
ISRG2s for Key Servers
• Customer CE Devices C890Js
Shared LISP infrastructure Multi-tenant/Virtualized
Subscribers, per end-site LISP-based Services Benefits: • Broadband circuits (<$) • Multihoming (<$) • IPv6 Core, IPv4 and IPv6 EIDs • Creates a private network (w/o MPLS $)
Customer Site: http://www.bit-drive.ne.jp/vpn/cisco_series/
© 2013 Cisco and/or its affiliates. All rights reserved. 34
• Multitenancy
MPLS Core Network
MPLS VPN
. .
Group A Device
Group B Device
Group C Device
Group N Device
CE Device xTR
xTR
GM
. .
IID 1 IID 2
IID n
IID 3
Location X
Group A Network
Group B Network
Group C Network
Group N Network
. .
Group A Device
Group B Device
Group C Device
Group N Device
CE Device xTR
xTR
GM
. .
IID 1 IID 2
IID n
IID 3
Location Y
Group A Network
Group B Network
Group C Network
Group N Network
Customer Networks: • IPv4, IPv6.. • LISP Instance-IDs (IIDs) provide segmentation • Add GETVPN for encryption, per-customer (simple!)
Core Network Access Flexibility: • One or multiple WAN connections • One or multiple CE devices… • IPv4 and/or IPv6… • Multiple SP Cores…
SP1 SP1 SP1 SP2
No need for multiple MPLS VRFs for traffic segmentation. • LISP encapsulates all traffic into the “RLOC
namespace” • LISP Instance-IDs (IIDs) provide segmentation
© 2013 Cisco and/or its affiliates. All rights reserved. 35
MPLS Core Network
MPLS VPN
. .
Group A Device
Group B Device
Group C Device
Group N Device
CE Device xTR
xTR
GM
. .
IID 1 IID 2
IID n
IID 3
Location X
Group A Network
Group B Network
Group C Network
Group N Network
. .
Group A Device
Group B Device
Group C Device
Group N Device
CE Device xTR
xTR
GM
. .
IID 1 IID 2
IID n
IID 3
Location Y
Group A Network
Group B Network
Group C Network
Group N Network
Segmentation by physical, Layer 2, or
Layer 3 means (e.g. 802.1Q, EVN,
physically separate networks)
Default • Single RLOC
namespace • Default table
(or RLOC VRF)
To IPv4 or IPv6 Core RLOC namespace
VRF B, IID 2
VRF C, IID 3
To Enterprise Internal Networks
LISP0.1
LISP0.2
LISP0.3
• Multitenancy
© 2013 Cisco and/or its affiliates. All rights reserved. 36
MPLS Core Network
MPLS VPN
. .
Group A Device
Group B Device
Group C Device
Group N Device
CE Device xTR
xTR
GM
. .
IID 1 IID 2
IID n
IID 3
Location X
Group A Network
Group B Network
Group C Network
Group N Network
. .
Group A Device
Group B Device
Group C Device
Group N Device
CE Device xTR
xTR
GM
. .
IID 1 IID 2
IID n
IID 3
Location Y
Group A Network
Group B Network
Group C Network
Group N Network
! router lisp locator-set CE 10.2.2.2 priority 1 weight 100 exit ! eid-table vrf GROUPA instance-id 1 database-mapping 192.168.16.0/24 locator-set CE database-mapping 1:1:16::/64 locator-set CE exit ! eid-table vrf GROUPB instance-id 2 database-mapping 192.168.16.0/24 locator-set CE database-mapping 2:2:16::/64 locator-set CE exit ! eid-table vrf GROUPC instance-id 3 database-mapping 192.168.16.0/24 locator-set CE database-mapping 3:3:16::/64 locator-set CE exit !
• Multitenancy
© 2013 Cisco and/or its affiliates. All rights reserved. 37
• LISP and encryption (IOS) - Recalling that… LISP is “Locator/ID” separation…
and creates two namespaces: EIDs and RLOCs - LISP provides two ways to apply a crypto map
Use-Case Vanilla IPsec
GETVPN Comments
LISP Default Model
crypto-map on RLOC ✔ ✔ LISP encap first, then encryption based on RLOC
crypto-map on LISP0 ✔ ✔ Encryption first based on EID, then LISP encap
LISP Virtualization
crypto-map on RLOC ✔ ✔ LISP encap first, then encryption based on RLOC
crypto-map on LISP0.x ✔ ✔ Encryption first based on EID, then LISP encap
See: lisp.cisco.com for the GETVPN+LISP Configuration Guide!
© 2013 Cisco and/or its affiliates. All rights reserved. 38
• Group Domain of Interpretation (GDOI) RFC 6407 - “Stateless” IPsec - Traffic encryption keys computed on Key
Server, distributed to all Group Members - Better scaling than vanilla IPsec
Group Member
Group Member
Group Member
Group Member
Key Server
Routing Domain
Group Member • Encryption Devices • Route Between Secure / Unsecure Regions
• Multicast Participation
Key Server • Validate Group Members • Manage Security Policy • Create Group Keys • Distribute Policy / Keys
Key Encryption Key (KEK)
Traffic Encryption Key (TEK)
GET VPN
Group Policy
© 2013 Cisco and/or its affiliates. All rights reserved. 39
MPLS Core Network
MPLS VPN
. .
Group A Device
Group B Device
Group C Device
Group N Device
CE Device xTR
xTR
GM
. .
IID 1 IID 2
IID n
IID 3
Location X
Group A Network
Group B Network
Group C Network
Group N Network
. .
Group A Device
Group B Device
Group C Device
Group N Device
CE Device xTR
xTR
GM
. .
IID 1 IID 2
IID n
IID 3
Location Y
Group A Network
Group B Network
Group C Network
Group N Network
! interface LISP0 ! interface LISP0.1 ip mtu 1456 ipv6 mtu 1456 ipv6 crypto map MAP-V6-0001 crypto map MAP-V4-0001 ! interface LISP0.2 ip mtu 1456 ipv6 mtu 1456 ipv6 crypto map MAP-V6-0002 crypto map MAP-V4-0002 ! interface LISP0.3 ip mtu 1456 ipv6 mtu 1456 ipv6 crypto map MAP-V6-0003 crypto map MAP-V4-0003 !
• Multitenancy
© 2013 Cisco and/or its affiliates. All rights reserved. 40
SP MPLS VRF
Partner VRF ASBR-A1
ASBR-A2
ASBR-P1
ASBR-P2
xTR PxTR
PxTR
Mapping System
LISP Encapsulated traffic
CE
LISP control plane
LISP Domain
CE
Mapping System
xTR
“Important” use-case due to the “simplification” it enables, and also for the additional “features” it enables once deployed.
• LISP Services - Reduce complexity of
provisioning and managing 3rd-party NNI connections
- QoS, Multicast, IPv4/IPv6 for ALL customers
- PE customer VRF routing table size reduction
- 3rd party SP core isolation
41 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 42
• Mobility in the DC allows business continuity during network failover, maintenance and migration: active-active DC, Disaster Recovery, Hybrid Cloud, DC migration
• Server Virtualization…enables virtual server mobility
• Mobility with IP Address Retention…
• Is transparent to clients, applications and allows keeping existing network policies
A.B.C.D A.B.C.D
Original DC Service Provider DC or Disaster Recovery DC or
New DC …
Mobility = Flexibility IP Portability = Simplicity
© 2013 Cisco and/or its affiliates. All rights reserved. 43
Live Moves With LAN Extension
IPv4 Network
West-DC East-DC
Mapping DB
LISP-‐VM (XTR)
LAN Extension
LISP Site
XTR
• Routing for Extended Subnets Active-Active Data Centers Distributed Data Centers
• Application Members Distributed
• Seamless Workload Mobility
• IP Mobility Across Subnets DC Migration Disaster Recovery / Cloud Bursting / Hybrid Cloud
• Application Members In One Home Location
Cold Moves Without LAN Extension
IPv4 Network
DR Location or
Cloud Provider
DC
Mapping DB
West-DC East-DC
LISP-‐VM (XTR)
LISP Site
XTR
43
© 2013 Cisco and/or its affiliates. All rights reserved. 44
• Existing LISP adopters LISP sites Enable VM Mobility in DC Sites Natural, simple evolution of existing LISP infrastructure
• New LISP customers Non LISP remote sites Standalone VM Mobility Use Case Minimal, DC only, intrusion Phased, operationally light, incremental approach Interworking with existing routing protocols
East-DC West-DC East-DC West-DC
Mapping DB
MSMR
MSMR MSMR
© 2013 Cisco and/or its affiliates. All rights reserved. 45
• Most firewalls cannot inspect LISP data traffic (ZBF LISP
Inspection: 1HCY14)
Client Site
West-DC
WAN or Internet
LISP Encapsulated Traffic
East-DC
© 2013 Cisco and/or its affiliates. All rights reserved. 46
• Most firewalls cannot inspect LISP data traffic (ZBF LISP
Inspection: 1HCY14)
• Stateful devices like firewalls and
load balancers need to inspect
the traffic in both directions
Client Site
West-DC East-DC
WAN or Internet
BidirectionalTraffic
LAN Extension
Example: Extended
LAN between DCs
© 2013 Cisco and/or its affiliates. All rights reserved. 47
• Most firewalls cannot inspect LISP data traffic (ZBF LISP
Inspection: 1HCY14)
• Stateful devices like firewalls and
load balancers need to inspect
the traffic in both directions
After the silver VM moves to East-DC across the LAN extension,
firewalls on each DC see traffic only
in one direction
Client Site
West-DC East-DC
WAN or Internet
Return Traffic
BidirectionalTraffic
One-Way Traffic
LAN Extension
Example: Extended
LAN between DCs
© 2013 Cisco and/or its affiliates. All rights reserved. 48
• Client traffic to moved workload is blackholed or not optimized after
the move
Client Site
West-DC East-DC
? WAN or Internet
© 2013 Cisco and/or its affiliates. All rights reserved. 49
• Server Zone Segmentation front-end/back-end servers
Internal firewall inspects inter-zone traffic
VLAN or VRF Lite
• Tenant (or service) Segmentation Each tenant use a private VPN
Dedicated firewall (context) per tenant
• Associate Zones to single tenant (or service)
Tenant VRF “merges” server zone VRFs
• Scale from tens (enterprise) to thousands tenants (service provider)
Client Site Tenant 1
WAN Tenant 1
West-DC
Client Site Tenant 2
WAN Tenant 2
Client Site Tenant 1 Client Site
Tenant 2
Example: Two tenant –Three zone
IaaS Virtualization
FW Context Tenant 1
FW Context Tenant 2
© 2013 Cisco and/or its affiliates. All rights reserved. 50
• There are minimal changes to existing LISP functions to support VM Mobility
Map Server/Resolver (MSMR) Tunnel Router (xTR): H/W encap/decap (HW capable) and registration (control-plane) of the mobile subnet in the MS
• In a typical deployment, MSMR and TR functions coexist and are distributed (HA) on the same devices in one or all data center locations
WAN or Internet
EID
LISP Encap/Decap
RLOC
... LISP Device
PITR PETR
LISP Client Site
DC-1
ETR ITR
FHR FHR
DC-2
ETR ITR
FHR FHR
Mapping DB
MSMR
Non LISP Client Site
router lisp ! [MSMR portion] site WESTEAST-DC authentication-key L15P43V3R eid-prefix 172.71.64.0/20 accept-more-specifics exit ! ipv4 map-server ipv4 map-resolver exit
© 2013 Cisco and/or its affiliates. All rights reserved. 51
• First Hop Router is a control-plane function for scalable, dynamic detection and signaling of a “silent” host
• LISP Single-Hop Mobility implements FHR and xTR in the same devices
• LISP Multi-Hop Mobility implements FHR and xTR in two distinct devices, allowing multiple L3 hops in between:
- Less stringent H/W capability requirements
- Insertion of L3 stateful devices (non LISP capable)
- Multiple points in the network capable of injecting LISP mobile information and “influence” traffic routing
WAN or Internet
EID
LISP Encap/Decap
RLOC
... LISP Device
PITR PETR
LISP Client Site
DC-1
ETR ITR
FHR FHR
DC-2
ETR ITR
FHR FHR
Mapping DB
MSMR
Non LISP Client Site
© 2013 Cisco and/or its affiliates. All rights reserved. 52
• The signaling of the mobile VM location initiated by a FHR discovery, happens on both axes:
E-W: local and remote peers
N-S: FHR à xTR à MSMR à xTR à FHR WAN or Internet
EID
LISP Encap/Decap
RLOC
... LISP Device
PITR PETR
LISP Client Site
DC-1
ETR ITR
FHR FHR
DC-2
ETR ITR
FHR FHR
Mapping DB
MSMR
Non LISP Client Site
router lisp locator-set DC2 10.10.3.1 priority 1 weight 5 10.10.4.1 priority 1 weight 5 exit eid-table default instance-id 3333 dynamic-eid VM database-mapping 172.71.73.0/24 locator-set DC2 map-notify-group 230.23.3.1 eid-notify 10.10.1.1 key DC2-XTR exit ! [..] ! interface GigabitEthernet0/0 ip address 172.71.73.3 255.255.255.0 standby 0 ip 172.71.73.1 lisp mobility VM lisp extended-subnet-mode !
LAN Extension
© 2013 Cisco and/or its affiliates. All rights reserved. 53
• The signaling of the mobile VM location initiated by a FHR discovery, happens on both axes:
E-W: local and remote peers
S-N: FHR à xTR à MSMR à xTR à FHR
• FHR can be deployed as a LISP standalone function, for the simplest LISP DC mobility solution
WAN
EID
LISP Encap/Decap
RLOC
... LISP Device
Regional Site
DC-1
FHR FHR
DC-2
FHR FHR
Non LISP Client Site
Host Route Injection
Host Route Injection
LAN Extension
© 2013 Cisco and/or its affiliates. All rights reserved. 54
IPv4 Internet
Tier 1 SP2 Commodity SP
. . . Transit
SP
Member N
CPE
Tier 1 SP1
Member 2
CPE
IPv6 Internet Some..
v6
More… v6
Google Facebook
Some v4
Default Route
Or BGP
Member 3
CPE CPE
BGP BGP
NJEDge.Net LISP Network
MS/MR PxTR
Default Route
Member 1
xTR
Member N
xTR
Default Route
Member 2
xTR xTR
Default Route
LISP-to-LISP
IPv4 EID Aggregate
Advertisement Non-LISP-to-LISP
XTR
1:1 NAT 192.168.0.0/24
172.31.255.0/24
172.31.255.10
192.168.0.10
• Web Server Backup Service Cold Move – Across Subnet Mode Single server machine needs to move to LISP Service Provider DC for scheduled maintenance or DR
• NAT Support Firewalls with 1:1 NAT acting as server gateway are typically deployed on original site Host presence detection on original site on public prefix Public IP address moves to LISP Service Provider DC
© 2013 Cisco and/or its affiliates. All rights reserved. 55
Bulk Migration Shared or Migration WAN
WAN
• Before LISP: Big-Bang Approach Perform a bulk migration with high risk Take longer to start moving servers Longer storage migration cycle that requires keeping a large data set in synch over WAN
10.1.1.5 10.1.1.6
L3 L2
Any VLAN and Any
STP
ASR1K
L3 L2
Any VLAN and Any
STP
Greenfield IBM DC
10.1.1.0/24
Brownfield Customer DC
© 2013 Cisco and/or its affiliates. All rights reserved. 56
LISP ASM Incremental
Server Migration
WAN
• With LISP: Can perform the server migration in smaller waves (lower risk) and faster, as soon as the server data is available on IBM DC The amount of data to be kept in synch is minimized, reducing risk and WAN requirements Path optimization from the user to the application is possible, eliminating latency concerns and reducing WAN bandwidth requirements Simplicity: Repeatable, easy to implement with pre-defined price
• IBM SO UK Reduced the Migration Window from years to weeks (95%)
10.1.1.5 10.1.1.6
L3 L2
Any VLAN and Any
STP
ETR MSMR
ASR1K
L3 L2
Any VLAN and Any
STP
Greenfield IBM DC
10.1.1.5
Brownfield Customer DC
© 2013 Cisco and/or its affiliates. All rights reserved. 57
WAN
• Brownfield DC: Non intrusive ASR1000 placement (on-a-stick), configured as LISP PxTR No changes in routing advertisement (mobile aggregate subnet)
• Greenfield DC: LISP Mapping System (MSMR) LISP xTR with ASM Mobility (Dynamic EID) for the migrating prefix
PxTR ETR
ASR1K
10.1.1.5 10.1.1.6
L3 L2
Any VLAN and Any
STP
ETR MSMR
ASR1K
L3 L2
Any VLAN and Any
STP
Greenfield IBM DC
LISP Dynamic EID: 10.1.1.0/24
4.4.4.4 5.5.5.5
Brownfield Customer DC
2.2.2.2 3.3.3.3
Mapping System:!10.1.1.0 à 2.2.2.2! à 3.3.3.3!
© 2013 Cisco and/or its affiliates. All rights reserved. 58
WAN
• Dynamic Granular Migration: As soon as server is enabled in Greenfield DC, it is discovered by IP/ARP traffic and registered into LISP Mapping System
• Dynamic Path Optimization: Client traffic is steered to new Greenfield location Return traffic can be symmetric to allow external firewalls in Brownfield DC Intra-subnet traffic from Brownfield DC is routed (GARP+LISP) to Greenfield DC
PxTR ETR
ASR1K
10.1.1.5 10.1.1.6
L3 L2
Any VLAN and Any
STP
ETR MSMR
ASR1K
L3 L2
Any VLAN and Any
STP
Greenfield IBM DC
LISP Dynamic EID: 10.1.1.0/24
4.4.4.4 5.5.5.5
10.1.1.5
IP/ARP
Brownfield Customer DC
2.2.2.2 3.3.3.3
GARP
Mapping System:!10.1.1.0 à 2.2.2.2! à 3.3.3.3!
Mapping System:!10.1.1.0 à 2.2.2.2! à 3.3.3.3!10.1.1.5 à 4.4.4.4! à 5.5.5.5!!
© 2013 Cisco and/or its affiliates. All rights reserved. 59
CSR 1000V
WAN Router
Switches Servers
CSR 1000V
VPC/ vDC
VPC/ vDC
Cloud Provider Data Center
Challenges
• Simple, Fast, Transparent Application Onboarding
• Consistency with DC Network Features
Benefits
• Simpler App Integration • Dynamic infrastructure • Consistent Management
Solutions
• LISP for VM Mobility • Routing • NAT, DHCP
Use Case: DC to Cloud IP Mobility
Benefit: Simplified Application Deployment to the Cloud
LISP protocol
DC
ASR
© 2013 Cisco and/or its affiliates. All rights reserved. 60
VPLS
Client Site C
Client Site B Client Site A
EID
LISP Encap/Decap
RLOC
... LISP Device
West-DC East-DC
VM Move Event
Incremental Phases…
• Active-active DC Solution with ASR1000, LISP+OTV
© 2013 Cisco and/or its affiliates. All rights reserved. 61
VPLS
Client Site C
Client Site B Client Site A
EID
LISP Encap/Decap
RLOC
... LISP Device
West-DC
xTR MSMR
xTR MSMR
East-DC
xTR MSMR
VM Move Event
10.227.43.9
10.227.41.7
Phase 1 of 3
• Active-active DC Solution with ASR1000, LISP+OTV
• Phase 1: DC only OTV for intra-VLAN, LISP for inter-VLAN
© 2013 Cisco and/or its affiliates. All rights reserved. 62
VPLS
Client Site C
Client Site B Client Site A
EID
LISP Encap/Decap
RLOC
... LISP Device
West-DC
xTR MSMR
xTR MSMR
East-DC
xTR MSMR
VM Move Event
10.227.43.9
Host Route Injection
(LISPàEIGRP) tag=200
… 10.227.41.7/32
East-DC Hosts
connectedàEIGRP tag=100
… 10.227.41.0/24
West-DC Hosts
10.227.41.7
Phase 1 of 3
• Active-active DC Solution with ASR1000, LISP+OTV
• Phase 1: DC only OTV for intra-VLAN, LISP for inter-VLAN
Use redistribution for client traffic optimization:
!redistribute connected ! West
!redistribute lisp ! East
© 2013 Cisco and/or its affiliates. All rights reserved. 63
VPLS
Client Site C
Client Site B Client Site A
EID
LISP Encap/Decap
RLOC
... LISP Device
PxTR
West-DC
xTR MSMR
xTR MSMR
East-DC
xTR MSMR
VM Move Event
staticàEIGRP tag=330
… 10.227.41.0/24
DC Hosts Regional Hub Client Site B
10.227.41.0 10.227.41.0
Phase 2 of 3
• Active-active DC Solution with ASR1000, LISP+OTV
• Phase 1: DC only OTV for intra-VLAN, LISP for inter-VLAN
Use redistribution for client traffic optimization:
!redistribute connected ! West
!redistribute lisp ! East
• Phase 2: regional sites as LISP Proxy DC Ingress Traffic Engineering
© 2013 Cisco and/or its affiliates. All rights reserved. 64
• Active-active DC Solution with ASR1000, LISP+OTV
• Phase 1: DC only OTV for intra-VLAN, LISP for inter-VLAN
Use redistribution for client traffic optimization:
!redistribute connected ! West
!redistribute lisp ! East
• Phase 2: regional sites as LISP Proxy DC Ingress Traffic Engineering
• Phase 3: all client sites become xTR Full Traffic Optimization Future Proof
VPLS
Client Site C
Client Site B Client Site A
EID
LISP Encap/Decap
RLOC
... LISP Device
xTR
xTR xTR
West-DC
xTR MSMR
xTR MSMR
East-DC
xTR MSMR
VM Move Event
Phase 3 of 3
© 2013 Cisco and/or its affiliates. All rights reserved. 65
Client Site C
Client Site B
xTR
xTR
Migration to Phase 3
• Incrementally, each client site: enables LISP (cookie-cutter config) à Traffic to other LISP sites (like DC) will use LISP transport
Advertises its connected subnets into EIGRP with a specific tag à to allow automated filtering by other LISP sites
• Each new xTR, including DC xTRs: Automatically filters out new LISP subnets as described for Phase 2 à return traffic will use LISP transport
VPLS
Client Site A
EID
LISP Encap/Decap
RLOC
... LISP Device
xTR
West-DC
xTR MSMR
xTR MSMR
East-DC
xTR MSMR
VM Move Event
router lisp locator-set CLIENT ipv4-interface GigabitEthernet0/0 p 1 w 10 exit ! eid-table default instance-id 5473 ipv4 route-import database connected route-map LOCAL locator-set CLIENT exit ! ipv4 itr ipv4 etr map-server 10.10.1.10 key L15P43V3R ipv4 etr map-server 10.10.2.20 key L15P43V3R ipv4 etr map-server 10.20.0.10 key L15P43V3R ipv4 etr exit ! ip route 0.0.0.0 0.0.0.0 10.0.9.1 router eigrp 100 redistribute connected route-map TAG-OUT distribute-list route-map FILTER-DC in ! route-map FILTER-DC deny 10 match tag 100 match tag 200 ! route-map FILTER-DC permit 90 ! route-map TAG-OUT permit 10 set tag 100 ! route-map LOCAL permit 10 !
router eigrp 100 distribute-list route-map FILTER-DC in ! route-map FILTER-DC deny 10 match tag 100 match tag 200 ! [..] route-map FILTER-DC permit 90 !
© 2013 Cisco and/or its affiliates. All rights reserved. 66
West-DC (PRIMARY)
FHR FHR FHR
xTR MSMR
xTR MSMR
East-DC (BACKUP)
FHR FHR FHR
xTR MSMR
xTR MSMR
• Multi-Hop Mobility with Virtualized First Hop Router as gateway for each Server Zone
• Internal non-Cisco Firewall as inter zone router
Private WAN
Non-LISP Client Site
DR Move Event
EID
LISP Encap/Decap
RLOC
... LISP Device
~ 1000 mobile servers 70 VRFs
Non Cisco router
© 2013 Cisco and/or its affiliates. All rights reserved. 67
West-DC (PRIMARY)
FHR FHR FHR
xTR MSMR
xTR MSMR
East-DC (BACKUP)
FHR FHR FHR
xTR MSMR
xTR MSMR
• Multi-Hop Mobility with Virtualized First Hop Router as gateway for each Server Zone
• Internal non-Cisco Firewall as inter zone router
• Both DC Firewalls see bidirectional traffic
EID
LISP Encap/Decap
RLOC
... LISP Device
Private WAN
Non-LISP Client Site
DR Move Event
10.0.3.81
10.0.1.67
next-hop=FHRs (static)
10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 …
Host Route Injection
(static) next-hop=xTR
… 10.0.0.0/16
LISPàOSPF next-hop=xTR
… 10.0.1.67/32
East-DC Hosts
next-hop=FHRs LISPàOSPF
10.0.1.67/32 …
East-DC Hosts
Host Route Injection
© 2013 Cisco and/or its affiliates. All rights reserved. 68
West-DC (PRIMARY)
FHR FHR FHR
xTR MSMR
xTR MSMR
East-DC (BACKUP)
FHR FHR FHR
xTR MSMR
xTR MSMR
• Multi-Hop Mobility with Virtualized First Hop Router as gateway for each Server Zone
• Internal non-Cisco Firewall as inter zone router
• Both DC Firewalls see bidirectional traffic
• Traffic is locally routed when needed
EID
LISP Encap/Decap
RLOC
... LISP Device
Private WAN
Non-LISP Client Site
DR Move Event
10.0.3.81
10.0.1.67
next-hop=FHRs (static)
10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 …
LISPàOSPF next-hop=xTR
… 10.0.1.67/32
10.0.1.67/32 …
… 10.0.3.81/32 10.0.1.67/32
Host Route Injection
next-hop=FHRs LISPàOSPF
10.0.1.67/32 10.0.3.81/32 …
(static) next-hop=xTR
… 10.0.0.0/16
East-DC Hosts
East-DC Hosts
Host Route Injection
DR Move Event 10.0.3.81
© 2013 Cisco and/or its affiliates. All rights reserved. 69
West-DC (PRIMARY)
FHR FHR FHR
xTR MSMR
xTR MSMR
East-DC (BACKUP)
FHR FHR FHR
xTR MSMR
xTR MSMR
• Multi-Hop Mobility with Virtualized First Hop Router as gateway for each Server Zone
• Internal non-Cisco Firewall as inter zone router
• Both DC Firewalls see bidirectional traffic
• Traffic is locally routed when needed
• Ingress Path Optimization is more efficient than LSB RHI in terms of mobility capacity and host route pollution
EID
LISP Encap/Decap
RLOC
... LISP Device
WAN
Non-LISP Client Site
DR Move Event
10.0.3.81
10.0.1.67
Host Route Injection
(LISPàOSPF) next-hop=FHR
… 10.0.1.67/32
East-DC Hosts
Host Route Injection
Server Presence
Polling
© 2013 Cisco and/or its affiliates. All rights reserved. 70
https://www2.wwt.com/resilient-active-datacenters
• RAD: Resilient Active Datacenters
• Seamless Mobility with Session Survivability:
Compute Cisco UCS
Storage EMC VPLEX NetApp Metrocluster
Networking Cisco OTV/LISP
Virtualization VMWare Microsoft Hyper-V
Security Cisco ASA Clustering
© 2013 Cisco and/or its affiliates. All rights reserved. 71
Advances in LISP: Current Deployments to Future Innovations
© 2013 Cisco and/or its affiliates. All rights reserved. 72
• LISP Software – Available Releases… (http://lisp.cisco.com)
72
NX-OS IOS IOS-XE IOS-XR Software First Available: 12/2009
Current Main: 6.1(4a) or 6.2(2a) First Available: 12/2009 Current Main: 15.4(1)T Current Eng: 15.3(3)XB12
First Available: 03/2010 Current Main: 15.3(3)S Current Eng: 15.3(3)S1xb
First Available: 03/2012 Current Main: 4.3.2
Platforms Nexus 7000 M1-32 linecard
ISR (1800/2800/3800) ISRG2 (800/1900/2900/3900) Catalyst 6500
ASR1K CSR1000V
ASR9k
Features Roles: ITR/ETR/MS/MR/PITR/PETR AF: EID-v4/v6, RLOC-v4 Virtualization: Shared/Parallel Mobility: ASM/ESM OTV Multicast: yes
Roles: ITR/ETR/MS/MR/PITR/PETR AF: EID-v4/v6, RLOC-v4/v6 Virtualization: Shared/Parallel Mobility: ASM/ESM Multicast: roadmap March 2014
Roles: ITR/ETR/MS/MR/PITR/PETR AF: EID-v4/v6, RLOC-v4/v6 Virtualization: Shared/Parallel Mobility: ASM/ESM OTV Multicast: roadmap Nov 2014
Roles: PITR/PETR AF: EID-v4/v6, RLOC-v4 Virtualization: Shared/Parallel Mobility: roadmap Multicast: roadmap March 2014
© 2013 Cisco and/or its affiliates. All rights reserved. 73
LISP – A Routing Architecture, Not a Feature…
§ An over-the-top technology ‒ Address Family agnostic ‒ Incrementally deployable ‒ End systems can be unaware of LISP
§ Deployment simplicity ‒ No host changes ‒ Minimal CPE changes ‒ Some new core infrastructure components
§ Enables IP Number Portability ‒ Never change host IP’s; No renumbering costs ‒ No DNS changes; “name == EID” binding ‒ Session survivability
§ An Open Standard ‒ Being developed in the IETF ‒ No Cisco Intellectual Property Rights
§ LISP use-cases are complimentary ‒ Simplified multi-homing with Ingress traffic Engineering;
no need for BGP ‒ Address Family agnostic support ‒ Virtualization support ‒ End-host mobility without renumbering
§ pull vs. push routing ‒ OSPF and BGP are push models; routing
stored in the forwarding plane ‒ LISP is a pull model; Analogous to DNS;
massively scalable
© 2013 Cisco and/or its affiliates. All rights reserved. 74
• The LISP Solution Space
74
LISP is an Architecture…
IPv4 Core
IPv4 Core
v4
IPv4 Network
xTR
1. Multihoming
xTR
© 2013 Cisco and/or its affiliates. All rights reserved. 75
v6
• The LISP Solution Space
75
LISP is an Architecture…
IPv4 Core
IPv6 Core
v4
IPv4 Network
xTR
1. Multihoming 2. IPv6 Transition
xTR
IPv6 Network
© 2013 Cisco and/or its affiliates. All rights reserved. 76
v6
• The LISP Solution Space
76
LISP is an Architecture…
IPv4 Core
IPv6 Core
v4
IPv4 Network
xTR
1. Multihoming 2. IPv6 Transition 3. Virtualization/VPN
xTR
IPv6 Network
v4
© 2013 Cisco and/or its affiliates. All rights reserved. 77
v6
• The LISP Solution Space
77
LISP is an Architecture…
IPv4 Core
IPv6 Core
v4
IPv4 Network
xTR
1. Multihoming 2. IPv6 Transition 3. Virtualization/VPN 4. Mobility
xTR
IPv6 Network
v4
© 2013 Cisco and/or its affiliates. All rights reserved. 78
§ LISP Information Cisco LISP Site ……………………. http://lisp.cisco.com (IPv4 and IPv6) LISP Beta Network Site …………… http://www.lisp4.net or http://www.lisp6.net LISP DDT Root ……………………... http://www.ddt-root.org IETF LISP Working Group ……...… http://tools.ietf.org/wg/lisp/
§ LISP Mailing Lists Cisco LISP Questions ……………… [email protected] IETF LISP Working Group ………… [email protected] LISPmob Questions ………………... [email protected]
© 2013 Cisco and/or its affiliates. All rights reserved. 79
• Thank you! • Please complete the post-event survey • Join us for upcoming webinars:
Register: www.cisco.com/go/techadvantage Follow us @GetYourBuildOn