new lisp mapping system: lisp- ddt presentation to lnog darrel lewis on behalf of the lisp team

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

New LISP Mapping System:

LISP-DDTPresentation to LNOGDarrel Lewis on behalf of the LISP TEAM

2

The Story So Far

ALT was a really nice starting point because the development effort was minimal

– Separated the location of the mapping from the mapping itself– Lack of the use of caching was seen as a feature in enabling mobility– Some growing pains have appeared (more later)

The interface to this mapping system is really key– MR/MS has benefits

3

Some current issues with the ALT

Who runs the ALT network?– What’s the business model?– Should it be rooted at/run by the RIRs?– Who assigns infrastructure AS/Tunnel IPs

How do we administer all these GRE/IPsec tunnels?– Why do this for an Enterprise deployment– How can we update xTRs

Why use a routing protocol and all that– we are using 1% of the features – GRE tunnels are overkill for carrying only map-requests

• Traceroute over the ALT has always been troublesome

4

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRsxTRs

xTRs

xTRs

xTRs xTRsxTRs

MS/MRs

MS/MRsMS/MRs

MS/MRs

MS/MRs

MS/MRs

MS/MRsMS/MRs

ALTALTALT

ALT

Legend: LISP Sites -> green 1st layer access infrastructure -> blue 2nd layer core infrastructure -> red

Duplicate Everything, Per VRF? It _seems_ logical

But to quote Jesper:

“That’s Mad”

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRsxTRs

xTRs

xTRs

xTRs xTRsxTRs

MS/MRs

MS/MRsMS/MRs

MS/MRs

MS/MRs

MS/MRs

MS/MRsMS/MRs

ALTALTALT

ALT

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRsxTRs

xTRs

xTRs

xTRs xTRsxTRs

MS/MRs

MS/MRsMS/MRs

MS/MRs

MS/MRs

MS/MRs

MS/MRsMS/MRs

ALTALTALT

ALT

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRsxTRs

xTRs

xTRs

xTRs xTRsxTRs

MS/MRs

MS/MRsMS/MRs

MS/MRs

MS/MRs

MS/MRs

MS/MRsMS/MRs

ALTALTALT

ALT

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRs

xTRsxTRs

xTRs

xTRs

xTRs xTRsxTRs

MS/MRs

MS/MRsMS/MRs

MS/MRs

MS/MRs

MS/MRs

MS/MRsMS/MRs

ALTALTALT

ALT

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

LISP+ALT-IID=0(that is, LISP-DDT)

6

LISP DDT LISP Delegated Database Tree– Hierarchy for Instance IDs and for EID Prefixes

DDT Nodes are pre-configured with delegations– DDT Map-Resolvers sends (ECM) Map-Requests– DDT Nodes Return Map-Referral messages

DDT Resolvers resolve the Map-Server’s RLOC iteratively Replacement for LISP-ALT – Increased Flexibility - Supports LISP Instance IDs, etc.– Simplified Operations– ITRs and ETRs don’t change

7

LISP DDT Map Resolvers DDT Map Resolvers – Cache Map Requests from ITRs– Query the DDT hierarchy iteratively– Detect Loops/Delegation Errors– Resolve the location of the DDT Map-Server

DDT Map Resolvers thus have state:– Referral Cache– Map-Request Queue

8

LISP DDT Referrals & Their Actions– ‘Positive’ Referrals are used to discover a DDT-node’s

RLOC for a given EID Prefix» Type 0, NODE-REFERRAL» Type 1, MS-REFERRAL» Type 2, MS-ACK

– ‘Negative’ referrals are used to indicate other actions:» Type 3, MS-NOT-REGISTERED » Type 4, DELEGATION-HOLE» Type 5, NOT-AUTHORITATIVE

9

DDT-Node Root 10.0.0.0/0IID=0

DDT-Node 210.0.0.0/8IID=0

DDT Node 310.1.0.0/16IID=0

MSDDT-Node 410.1.0.0/24IID=0

Setup & Configuration

MR

Map Request

Map Referral

Static Delegation Hierarchy

Map Reply

ETR10.1.0.0/24

ETR-MS Registration

Configuration and Setup

1

1) MR configured with Root, or MS1, RLOC

3

3) ETR is registering its EID to the Leaf MS 2

2) DDT-1, DDT2, DDT-3, DDT/MS-4 configured children with child prefixes, and authoritative prefixes

Ex. DDT-2 Delegates child 10.1.0.0/16 to MS3 DDT-2 configured authoritative for 10/8 in IID0

10

DDT-Node Root 10.0.0.0/0

DDT Node 210.0.0.0/8

DDT Node 310.1.0.0/16

DDT-Node-4MS10.1.0.0/24

Map Request, Referral, & Reply

MR

ITR

Map Request

Map Referral

Static Delegation Hierarchy

Map Reply

ETR-MS Registration

ETR10.1.0.0/24

First Request Packet Flow

1

1) ITR sends MRQ to MR via ECM

2

2) MR sends Iterative-MRQ to its statically configured Root DDT-Node via ECM-Like-packet

33) MS1 Sends a Map Referral to MR informing

the MR who is the next DDT-Node (2) to try

4

4) MR repeats steps 2 & 3 until it gets to leaf MS/DDT-Node which has the registered ETR (DDT-4)

5

5) DDTNode-4 sends Map-Referral to MR with done bit set

7

7) ETR sends Map-Reply to the ITR

6

6) MS (DDT-4) receives, processes MR and fwd to ETR

11

DDT 10.0.0.0/0

DDt 210.0.0.0/8

DDT 310.1.0.0/16

DDT-4 MS10.1.0.0/24

Once MR’s Referal-Cache is Populated

1) MRQ in ECM arrives on MR2) MR sends MRQ in ECM (possibly double

encaped if lisp-sec is used to secure referal path) to Cache’d Leaf-Map-Server (MS-4)

3) MS decaps ECM and then sends Map-Request in new ECM to ETR MS also sends a Map-Referal with Done Bit set back to MR

4) ETR sends Map-Reply to ITR

MR

ITR

Map Request

Map Referral

Static Delegation Hierarchy

Map Reply

ETR10.1.0.0/24

ETR-MS Registration

Steady State

1

2

3

4

12

DDT Implementation Status

IOS and NXOS implementations complete Development, and interoperability testing going on now Beta Network running DDT code Configuration is pretty simple Does not include proposed DDT-SEC extensions

13Static Delegation Hierarchy

DDT Beta (IID0) Network Deployment Cisco’s DDT Roots:(Iota-Root)IID: *EID: *arin-ddt.rloc.lisp4.netripe-ddt.rloc.lisp4.netvxnet-ddt.rloc.lisp4.net

MR/MS:EID Aggregates: 153.16.0.0/19 2610:D0:1000::/362610:D0:FACE::/48153.16.21.0/24 TO MN153.16.22.0/24 TO MNisc-mr-msasp-mr-mscisco-sjc-mr-ms1eqx-ash-mr-ms

Other DDT Roots IID * EID: *root-verisign.ddt-root.orgmu-ddt-root.org

ARIN-Region

RIPE- Region AP-Region LACNIC-Region

Mobile Node Region

MR/MS:EID Aggregates: 153.16.32.0/192610:D0:2000::/36l3-london-mr-mstdc-mr-msintouch-ams-mr-msintouch-ams-mr-ms

MR/MS:EID Aggregates:153.16.64.0/19 2610:D0:3000::/36apnic-mr-ms

DDT Node with ‘child referrals’

MR/MS’s153.16.21/24 153.16.22/24 2610:d0:1219::/482610:d0:120e::/48asp-isisisc-isisintouch-isis

MR/MS:EID Aggregates:153.16.128.0/192610:D0:5000::/36 lacnic-mr-ms

asp-isis

DDT Beta- Network TLDsIID 0v4-EID: 153.16.0.0/16v6-EID: 2610:D0/32uninett-ddt.rloc.lisp4.netsj-ddt.rloc.lisp4.netmsn-ddt.rloc.lisp4.net

Beta Network DDT TLD

Iota- root Servers

14

LISP DDT Root Operations

DDT Root is expected to be neutral (vendor and provider agnostic)

– http://ddt-root.org– set up non profit for ddt operations/administration?

Current DDT efforts are community based

15

Wrap Up Questions?