lisp - a next generation routing architecturelisp.cisco.com/docs/brkrst-3045_vegas2011.pdflisp...
TRANSCRIPT
![Page 1: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/1.jpg)
BRKCRS-3045
LISP - A Next Generation Routing Architecture
![Page 2: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/2.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 2
LISP Overview LISP Operations LISP Use Cases LISP Status Summary References
LISP - Agenda
![Page 3: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/3.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 3
LISP Overview LISP Operations LISP Use Cases LISP Status Summary References
LISP - Agenda
![Page 4: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/4.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 4
LISP Overview What’s the problem with an “overloaded” semantic?
The IP address is overloaded on location and identity Why do current IP semantics cause scaling issues? − Overloaded IP address semantic makes
efficient routing impossible
− Today, “addressing follows topology,” which limits route aggregation compactness
− IPv6 does not fix this
Why are route scaling issues bad? − Routers require expensive memory to hold
the Internet Routing Table in forwarding plane
− Your router may have enough memory today; network gear lifetime can be 7 years or more.
− Replacing equipment for the wrong reason (to hold the routing table); gear replacement should be to implement new features and to meet bandwidth requirements
“… routing scalability is the most important problem facing the Internet today and must be solved … ”
Internet Architecture Board (IAB) October 2006 Workshop (written as RFC 4984)
![Page 5: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/5.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 5
Internet
LISP Overview How does Location/ID Split help solve this problem?
Internet
Today’s Internet Behavior Loc/ID “overload”
LISP Behavior Loc/ID “split”
DFZ
DFZ Map System
LISP Mapping System
In this model, everything goes in the Default Free Zone (DFZ)
In this model, only RLOCs go in the DFZ; EIDs go in the LISP Mapping System!
![Page 6: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/6.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 6
LISP creates a Level of indirec-on with two namespaces: EID and RLOC
EID (Endpoint Iden-fier) is the IP address of a host – just as it is today
RLOC (Rou-ng Locator) is the IP address of the LISP router for the host
EID-‐to-‐RLOC mapping is the distributed architecture that maps EIDs to RLOCs
Network-‐based solu?on No host changes Minimal configura?on
Incrementally deployable
Support for mobility
Address Family agnos?c
LISP Overview A “level of indirection”
Prefix Next-‐hop w.x.y.1 e.f.g.h x.y.w.2 e.f.g.h z.q.r.5 e.f.g.h z.q.r.5 e.f.g.h
Non-‐LISP
RLOC Space
EID-‐to-‐RLOC
mapping
xTR
EID Space xTR
EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5
MS/MR
PxTR
xTR
EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5
EID RLOC a.a.a.0/24 w.x.y.1 b.b.b.0/24 x.y.w.2 c.c.c.0/24 z.q.r.5 d.d.0.0/16 z.q.r.5
EID Space
![Page 7: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/7.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 7
LISP “Level of Indirection” is analogous to a DNS lookup DNS resolves IP addresses for URLs
LISP resolves locators for queried identities
host DNS URL Resolution
LISP Identity-to-location Map Resolution
[ who is lisp4.cisco.com] ?
LISP router
DNS Server
LISP Mapping System
[153.16.5.29 ]
[ where is 153.16.5.29 ] ?
[ location is 128.107.81.169 ]
LISP Overview LISP Mapping Resolution – DNS analog
![Page 8: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/8.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 8
LISP Overview LISP Operations LISP Use Cases LISP Status Summary References
LISP - Agenda
![Page 9: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/9.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 9
IPv4 Outer Header: Router supplies
RLOCs
IPv4 Inner Header: Host supplies
EIDs
LISP header
UDP
draft-ietf-lisp-12
LISP – Data Format Example IPv4 EID/IPv4 RLOC Example
![Page 10: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/10.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 10
LISP – Data Format Example All Combinations – IPv4 and IPv6 Supported
IPv4/IPv4
IPv4 Outer
Header
IPv4 Inner
Header
UDP LISP
IPv4/IPv6
IPv4 Outer
Header
IPv6 Inner
Header
UDP LISP
IPv6/IPv4
IPv6 Outer
Header
IPv4 Inner
Header
UDP LISP
IPv6/IPv6
IPv6 Outer
Header
IPv6 Inner
Header
UDP LISP
![Page 11: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/11.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 11
ITR – Ingress Tunnel Router • Receives packets from site-facing interfaces • Encap to remote LISP sites, or native-fwd to
non-LISP sites
ETR – Egress Tunnel Router • Receives packets from core-facing interfaces • De-cap, deliver packets to local EIDs at site
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
LISP Data Plane Ingress/Egress Tunnel Router (xTR)
packet flow packet flow
![Page 12: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/12.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 12
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site LISP Site LISP Site
10.0.0.1
11.0.0.1 13.0.0.2
12.0.0.2
PI EID-prefix 2.0.0.0/24
PI EID-prefix 3.0.0.0/24
This policy controlled by destination site
Legend: EIDs -> Green Locators -> Red Physical link
DNS entry: D.abc.com A 3.0.0.3
1
EID-prefix: 3.0.0.0/24 Locator-set:
12.0.0.2, priority: 1, weight: 50 (D1) 13.0.0.2, priority: 1, weight: 50 (D2)
Mapping Entry
3
LISP Data Plane Unicast Packet Forwarding
2.0.0.2 -> 3.0.0.3
2
2.0.0.2 -> 3.0.0.3 11.0.0.1 -> 12.0.0.2
4
5
6
2.0.0.2 -> 3.0.0.3 11.0.0.1 -> 12.0.0.2
7
2.0.0.2 -> 3.0.0.3
8
![Page 13: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/13.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 13
Control Plane EID Registration Map-Register message
Sent by ETR to Map-Server to register its associated EID prefixes
Specifies the RLOC(s) to be used by the Map-Server when forwarding Map-Requests to the ETR
Control Plane “Data-triggered” mapping service Map-Request message
Sent by an ITR when it needs for EID/RLOC mapping, to test an RLOC for reachability, or to refresh a mapping before TTL expiration
Map-Reply message Sent by an ETR in response to a valid map-request to provide the EID/RLOC mapping and site ingress Policy for the requested EID
LISP Control Plane Control Plane Messages
![Page 14: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/14.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 14
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
MS – Map-Server • LISP site ETRs Register their EID prefixes
here; requires configured “lisp site” policy, authentication key.
• Injects routes for registered site EID prefixes into BGP ALT topology.
• Receives Map-Requests via ALT and forwards them to registered ETRs.
MR – Map-Resolver • Receives Map-Request from ITR. • Forwards Map-Request onto the ALT topology. • Sends Negative Map-Replies in response to
Map-Requests for non-LISP sites.
LISP Control Plane Map-Server/Map-Resolver (MS/MR)
MR
ALT
MS
ALT
ALT ALT
ALT – Alternate Topology • Aggregate EID-prefixes along allocation hierarchy • Advertise EID-prefixes in alternate BGP-over-GRE
tunnels • Forward Map-Requests with EID destination address
over GRE topology
![Page 15: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/15.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 15
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
MR
ALT
MS
ALT
ALT ALT
LISP Map Cache • “Lives” on ITRs and only stores mappings for sites to
which ITR is currently sending packets. • Map-Cache populated by sending Map-Requests
through ALT and receiving Map-Replies from ETRs • ITRs must respect Map-Reply policy, including TTLs,
RLOC up/down status, RLOC priorities/weights
LISP Control Plane Mapping Database (ETR), Map-Cache (ITR)
LISP Site Mapping-Database • EID-to-RLOC mappings in all ETRs for local LISP site • ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs • ETRs can tailor policy based on Map-Request source • Decentralization increases attack resiliency
![Page 16: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/16.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 16
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
LISP Control Plane Map-Server/Map-Resolver (MS/MR)
MR
ALT
MS
ALT
ALT ALT
![Page 17: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/17.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 17
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
MR
ALT
MS
ALT
ALT ALT
10.0.0.1
11.0.0.1 13.0.0.2
12.0.0.2
LISP Site LISP Site
65.1.1.1 66.2.2.2
Legend: EIDs -> Green Locators -> Red BGP-over-GRE Physical link
[1]
12.0.0.2-> 66.2.2.2 LISP Map-Register
(udp 4342) SHA-1
3.0.0.0/24 12.0.0.2, 13.0.0.2
Other 3/8 sites…
MS advertises into ALT
BGP over GRE
3.0.0.0/8
[2]
ALT propagation includes the
Map-Resolver [3]
3.0.0.0/8
LISP Control Plane Map-Registration example
PI EID-prefix 2.0.0.0/24
PI EID-prefix 3.0.0.0/24
![Page 18: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/18.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 18
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
MR
ALT
MS
ALT
ALT ALT
10.0.0.1
11.0.0.1 13.0.0.2
12.0.0.2
65.1.1.1 66.2.2.2
Legend: EIDs -> Green Locators -> Red BGP-over-GRE Physical link
DNS entry: D.abc.com A 3.0.0.3
How do I get to 3.0.0.3?
11.0.0.1 -> 3.0.0.3 Map-Request
(udp 4342) nonce
11.0.0.1 -> 65.1.1.1 LISP ECM (udp 4342)
[1]
[2] [3] [4]
11.0.0.1 -> 3.0.0.3 Map-Request
(udp 4342) nonce 11.0.0.1 -> 3.0.0.3
Map-Request (udp 4342)
nonce
66.2.2.2 -> 12.0.0.2 LISP ECM (udp 4342) [5]
LISP Control Plane Map-Request example
2.0.0.2 -> 3.0.0.3
PI EID-prefix 2.0.0.0/24
PI EID-prefix 3.0.0.0/24
![Page 19: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/19.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 19
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
MR
ALT
MS
ALT
ALT ALT
10.0.0.1
11.0.0.1 13.0.0.2
12.0.0.2
65.1.1.1 66.2.2.2
Legend: EIDs -> Green Locators -> Red BGP-over-GRE Physical link
12.0.0.2 ->11.0.0.1 Map-Reply (udp 4342)
nonce 3.0.0.0/24
12.0.0.2 [1, 50] 13.0.0.2 [1, 50]
[6]
EID-prefix: 3.0.0.0/24 Locator-set:
12.0.0.2, priority: 1, weight: 50 (D1) 13.0.0.2, priority: 1, weight: 50 (D2)
Mapping Entry
LISP Control Plane Map-Reply example
PI EID-prefix 2.0.0.0/24
PI EID-prefix 3.0.0.0/24
![Page 20: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/20.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 20
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
MR
ALT
MS
ALT
ALT ALT
10.0.0.1
11.0.0.1 13.0.0.2
12.0.0.2
65.1.1.1 66.2.2.2
Legend: EIDs -> Green Locators -> Red BGP-over-GRE Physical link
12.0.0.2 ->11.0.0.1 Proxy Map-Reply
(udp 4342) nonce
3.0.0.0/24 12.0.0.2 [1, 50] 13.0.0.2 [1, 50]
[6] EID-prefix: 3.0.0.0/24 Locator-set:
12.0.0.2, priority: 1, weight: 50 (D1) 13.0.0.2, priority: 1, weight: 50 (D2)
Mapping Entry
LISP Control Plane Proxy Map-Reply example (when configured)
PI EID-prefix 2.0.0.0/24
PI EID-prefix 3.0.0.0/24
![Page 21: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/21.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 21
Early Recognition: • LISP will not be widely deployed day-one • Up-front recognition of an incremental deployment plan
Interworking for: • LISP-sites to non-LISP sites (e.g. the rest of the Internet) • non-LISP sites to LISP-sites
Two basic Techniques • Proxy ITR (PITR) and Proxy ETR (PETR) • LISP Network Address Translators (LISP-NAT)
Proxy-ITR/Proxy-ETR are being deployed today Infrastructure LISP network entity Creates a monetized service opportunity for infrastructure players
LISP Interworking Day-One incremental deployment
![Page 22: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/22.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 22
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
MR
ALT
MS
ALT
ALT ALT
PETR – Proxy ETR • Allows IPv6 LISP sites with IPv4 RLOCs to reach
IPv6 LISP sites that only have IPv6 RLOCs • Allows LISP sites with uRPF restrictions to reach
non-LISP sites
PITR – Proxy ITR • Receives traffic from non-LISP sites;
encapsulates traffic to LISP sites • Advertises coarse-aggregate EID prefixes • LISP sites see ingress TE “day-one”
LISP Interworking Proxy Ingress/Egress Tunnel Routers (PITR/PETR)
PITR PETR
![Page 23: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/23.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 23
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
LISP Site LISP Site
10.0.0.1
11.0.0.1 13.0.0.2
12.0.0.2
65.1.1.1 66.2.2.2
LISP Interworking Proxy Ingress Tunnel Router example
Non-LISP Site
65.1.0.0/16
Non-LISP Site
65.9.1.1
65.1.1.1 -> 3.0.0.1 [1]
65.1.1.1 -> 3.0.0.1 65.9.1.1 -> 13.0.0.2
[2]
PITR
65.1.1.1 -> 3.0.0.1 [3]
3.0.0.1 -> 65.1.1.1
[4]
65.9.2.1
3.0.0.1 -> 65.1.1.1
[5]
PI EID-prefix 2.0.0.0/24
PI EID-prefix 3.0.0.0/24
PETR
MR
ALT
MS
ALT
ALT ALT
3.0.0.0/8
![Page 24: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/24.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 24
PI EID-prefix 2.0.0.0/24
PI EID-prefix 3.0.0.0/24
LISP Interworking Proxy Egress Tunnel Router example
S1
S2
ITR
ITR
D1
D2
ETR
ETR
S D
Provider A 10.0.0.0/8
Provider B 11.0.0.0/8
Provider X 12.0.0.0/8
Provider Y 13.0.0.0/8
PITR PETR
MR
ALT
MS
ALT
ALT ALT
LISP Site LISP Site
10.0.0.1
11.0.0.1 13.0.0.2
12.0.0.2
65.1.1.1 66.2.2.2
3.0.0.0/8
Non-LISP Site
65.1.0.0/16
Non-LISP Site
65.9.1.1
65.1.1.1 -> 3.0.0.1 [1]
65.1.1.1 -> 3.0.0.1 65.9.1.1 -> 13.0.0.2
[2] 65.1.1.1 -> 3.0.0.1
[3]
3.0.0.1 -> 65.1.1.1
[4]
65.9.2.1
ip lisp use-petr 65.9.2.1
3.0.0.1 -> 65.1.1.1
[6]
3.0.0.1 -> 65.1.1.1
13.0.0.2 -> 65.9.2.1
[5]
![Page 25: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/25.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 25
Security…
LISP and Security Aspects of LISP Security
Internet
S LISP router
D
x.y.z.1
a.b.c.1 LISP router
r.s.t.7
e.f.g.9
Host IP available
Topological location
Internet
LISP router
LISP Site
Non-LISP Site
LISP Site
Non-LISP Site
“drop” policy push
Core S LISP
router D
x.y.z.1
a.b.c.1 LISP router
r.s.t.7
e.f.g.9
MS/MR
Map-Register
(SHA-1) Map-Register (SHA-1)
… of the protocol Inherent security of the
protocol itself
… impact of the protocol on existing networks Changes that need to be made
made to a site and core network to handle the protocol
… enabled by the protocol New types of network
security that can be deployed because of the new protocol
![Page 26: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/26.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 26
LISP Overview LISP Operations LISP Use Cases LISP Status Summary References
LISP - Agenda
![Page 27: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/27.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 27
IPv6 Transition Support
v6-over-v4, v6-over-v6 v4-over-v6, v4-over-v4
IPv4 Internet
IPv6 Internet
v6
v6 v4 v6
LISP router LISP
router v6
services
VM-Mobility
Cloud / Layer 3 VM moves Segmentation
Data Center 1
Data Center 2
a.b.c.1 VM
a.b.c.1 VM
VM move
LISP router
LISP router
Internet
LISP Use Cases Overview
VPNs and Segmentation
Over-the-Top Multi-tenency
HQ LISP Site
Internet
Data Center
User Network
Remote LISP Site
Remote LISP Site Remote
LISP Site Remote
LISP Site . . 10k . .
Efficient Multi-Homing
IP Portability Ingress Traffic Engineering without BGP
LISP routers
LISP Site
Internet
![Page 28: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/28.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 28
LISP Use Cases Efficient Multi-Homing
Needs: Site connectivity to multiple providers Low OpEx/CapEx
LISP Solution: LISP provides a streamlined solution for
handling multi-provider connectivity and policy without BGP complexity
Benefits: Multi-homing across different providers Simple policy management Ingress Traffic Engineering Egress Traffic Engineering
LISP routers
LISP Site
Internet
![Page 29: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/29.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 29
LISP Use Cases – Efficient Multi-Homing Customer Case Study #1 – Requirements
Multi-Homed Remote-Sites: More than 400 remote sites (limited access), need to be “as robust as possible” T-1 (~$600/month) + dial-backup cost prohibitive vs. 3G access (~$60/month)
Necessary Features: IOS Firewall and NAT for Internet Access Mixed of dynamic (DHCP) and Static Interface IP address (RLOC)
LISP Design: Private LISP Mapping System (MS/MR) for RFC1918 EIDs at Hub & Remote Sites ASR1002s (2) at Hub Site, C2811s w/ 3G-HWICs at remote sites (2 each) NAT to Internet, IOS FW, DHCP Active/Backup minimum, Active/Active “stretch goal” for WAN utilization
![Page 30: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/30.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 30
LISP Use Cases – Efficient Multi-Homing Customer Case Study #1 – Topology
Internet
LISP Hub Site
Corporate Data Center
Carrier 1 3G
Carrier 2 3G
3G HWIC
3G HWIC
LISP Spoke Sites X 400
. . . . . .
ASR 1002 • Map-Server/Map-Resolver
for private LISP mapping • xTR for LISP encap/decap
ISR (2811) • xTR at Remote LISP site • Dual 3G-HWICs • RFC1918 EID Space • DHCP or static RLOCs • DHCP server for internal hosts • NAT/IOS FW to Internet
Customer Network
3G HWIC
3G HWIC
3G HWIC
3G HWIC
3G HWIC
3G HWIC
172.16.1.1 172.16.1.5
![Page 31: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/31.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 31
LISP Use Cases – Efficient Multi-Homing Customer Case Study #1 – LISP Configurations
Internet
LISP Hub Site
Corporate Data Center
Carrier 1 3G
Carrier 2 3G
3G HWIC
3G HWIC
LISP Spoke Sites X 400
. . . . . .
Customer Network
3G HWIC
3G HWIC
3G HWIC
3G HWIC
3G HWIC
3G HWIC
172.16.1.1 172.16.1.5
router lisp database-mapping 10.10.1.0/24 ipv4-interface cell0/0/0 priority 1 weight 50 database-mapping 10.10.1.0/24 ipv4-interface cell0/0/1 priority 1 weight 50 ip itr ip etr ip itr map-resolver 172.16.1.1 ip itr map-resolver 172.16.1.5 ip etr map-server 172.16.1.1 key xxxxxx ip etr map-server 172.16.1.5 key xxxxxx
router lisp site All-Sites eid-prefix 10.0.0.0/16 eid-prefix 10.10.0.0/16 accept-more-
specifics authentication-key 0 xxxxxx description all remote sites exit database-mapping 10.0.0.0/16 172.16.1.5
priority 1 weight 50 database-mapping 10.0.0.0/16 172.16.1.1
priority 1 weight 50 ipv4 map-server ipv4 map-resolver ipv4 itr ipv4 etr ip itr map-resolver 172.16.1.1 ip itr map-resolver 172.16.1.5 ip etr map-server 172.16.1.1 key xxxxxx ip etr map-server 172.16.1.5 key xxxxxx
10.10.1.0/24 10.10.0.0/24 10.10.x.0/24 10.10.y.0/24
![Page 32: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/32.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 32
LISP Use Cases – Efficient Multi-Homing Customer Case Study #1 – Packet Flow Example
Internet
LISP Hub Site
Corporate Data Center
Carrier 1 3G
Carrier 2 3G
3G HWIC
3G HWIC
LISP Spoke Sites X 400
. . . . . .
Customer Network
3G HWIC
3G HWIC
3G HWIC
3G HWIC
3G HWIC
3G HWIC
172.16.1.1 172.16.1.5
10.10.0.1 -> 10.0.0.1
10.10.0.1 -> 10.0.0.1 172.17.1.1 -> 172.16.1.1
10.10.0.1
10.0.0.1
172.16.1.1 172.16.1.5
172.17.1.1
10.10.0.1 -> 10.0.0.1 10.0.0.1 -> 10.10.0.1
10. 0.0.1 -> 10.10.0.1 172.16.1.1 -> 172.17.1.1
10.0.0.1 -> 10.10.0.1
![Page 33: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/33.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 33
LISP Use Cases – Efficient Multi-Homing Customer Case Study #1 – Other IOS Configurations
Internet
LISP Hub Site
Corporate Data Center
Carrier 1 3G
Carrier 2 3G
3G HWIC
3G HWIC
LISP Spoke Sites X 400
. . . . . .
Customer Network
3G HWIC
3G HWIC
3G HWIC
3G HWIC
3G HWIC
3G HWIC
172.16.1.1 172.16.1.5
12.1.1.5
VzW
Internet
13.1.1.5
10.0.0.0/16
VzW
Cellular0/3/0 Cellular0/3/1
10.10.0.0/24
ip nat inside
ip inspect out
ip access-group 101 in
ip address negotiated
ip verify unicast source reachable-via rx
ip nat outside
LISP is executed in CEF. Any CEF process should be available when LISP is enabled. Commonly used CEF functions that have been tested include: Access Control Lists Network Address Translation Quality of Service Flexible NetFlow IPSec IOS Firewall IOS Intrusion Protection Srvc Flexible Packet Matching
![Page 34: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/34.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 34
LISP Use Cases IPv6 Migration Support
Needs: Rapid IPv6 Deployment
Minimal Infrastructure disruption
LISP Solution: LISP encapsulation is Address Family
agnostic IPv6 interconnected over IPv4 core
IPv4 interconnected over IPv6 core
Benefits: Accelerated IPv6 adoption
Minimal added configurations
No core network changes
Can be used as a transitional or permanent solution
IPv4 Internet
IPv6 Internet
v6
v6 v4 PxTR
IPv4 Core
v6
xTR v6 service
IPv4 Internet IPv4
Enterprise Core
v6 v4
v6
v6 island IPv4 Enterprise
Core
v6
xTR v6 island
xTR
IPv6 Internet
IPv4 access & Internet
PxTR v6
v6 home Network
.
v6 home Network
v6 home Network
xTR
xTR
xTR
PxTR
PxTR
v6
. v6 site
v6 v4
Connecting IPv6 Islands
IPv6 Transition Support
IPv6 Access Support
![Page 35: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/35.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 35
LISP Use Cases – IPv6 Migration Support Customer Case Study #2 – Requirements
IPv6 Access to Company Services: Corporate employees deploying IPv6 home networks Requesting same access to services as IPv4 home users
Necessary Features: Take advantage of existing infrastructure; minimal changes to add IPv6 support Use existing SSL VPN equipment Use existing Load Balancers – capable of v6/v4 header translation
LISP Design: IPv6 EID allocation from Cisco LISP Beta Network block
− Could “bring their own” IPv6 block, but used ours…
Cisco ISR-G2 (3945) as xTR
![Page 36: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/36.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 36
LISP Use Cases – IPv6 Migration Support Customer Case Study #2 – General Topology
IPv4 Internet
IPv6 Internet
Customer IPv4 DFZ
Internal v4 Network
v4-vlan v6-vlan
xTR
192.168.2.1
192.168.1.1
172.16.1.5 2001:db8:ff::1
PxTR
2001:db8:a::1
10.10.10.10
v6 VIP 2001:db8:c5c0::1
MSMR 172.16.1.6 2001:db8:ff::6
ISR G2 (3945) • xTR for LISP encap/decap • “use-petr” for v6/v4
interworking
A-record: www.customer.com 10.1.1.1 (example)
v4 VIP 10.1.1.1
AAAA-record: www.lisp6.customer.com 2001:db8:c5c0::1 (example)
SSL VPN Appliance
Load Balancer • v6/v4 translation
![Page 37: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/37.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 37
LISP Use Cases – IPv6 Migration Support Customer Case Study #2 – LISP Configuration
IPv4 Internet
IPv6 Internet
Customer IPv4 DFZ
Internal v4 Network
v4-vlan v6-vlan
xTR
172.16.1.5 2001:db8:ff::1
PxTR
2001:db8:a::1
10.10.10.10
v6 VIP 2001:db8:c5c0::1
router lisp database-mapping 2001:db8:c5c0::/48 10.10.10.10 priority 1 weight 1 ipv6 itr ipv6 etr ipv6 itr map-resolver 172.16.1.6 ipv6 etr map-server 172.16.1.6 key xxxxxx ipv6 use-petr 172.16.1.5
MSMR 172.16.1.6 2001:db8:ff::6
192.168.2.1
192.168.1.1
![Page 38: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/38.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 38
LISP Use Cases – IPv6 Migration Support Customer Case Study #2 – Example Packet Flow
IPv4 Internet
IPv6 Internet
Customer IPv4 DFZ
Internal v4 Network
v4-vlan v6-vlan
xTR
172.16.1.5 2001:db8:ff::1
PxTR
2001:db8:a::1
10.10.10.10
v6 VIP 2001:db8:c5c0::1
MSMR 172.16.1.6 2001:db8:ff::6
192.168.2.1
192.168.1.1
2001:db8:a::1 -> 2001:db8:c5c0::1
172.16.1.5 -> 10.10.10.10 2001:db8:a::1 -> 2001:db8:c5c0::1
2001:db8:a::1 -> 2001:db8:c5c0::1
192.168.1.1 -> 192.168.2.1 192.168.2.1 -> 192.168.1.1
2001:db8:c5c0::1 -> 2001:db8:a::1
10.10.10.10 -> 172.16.1.5 2001:db8:c5c0::1 -> 2001:db8:a::1
2001:db8:c5c0::1 -> 2001:db8:a::1
![Page 39: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/39.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 39
LISP Use Cases VPNs and Segmentation
Needs: Highly-scalable VPNs supporting
IPv4 and IPv6 Remove IGP scaling limitations
for Branch WAN aggregation
LISP Solution: LISP Instance-IDs for
Over-the-Top VPNs Supports complex topologies including
multi-homed branches, partial mesh, etc. IPv4/IPv6 co-existence
Benefits: No CE-PE coordination required LISP Mapping System supports high scalability Simplified Management
HQ LISP Site
Internet
Data Center
User Network
Remote LISP Site
Remote LISP Site Remote
LISP Site Remote
LISP Site . . x10,000 . .
![Page 40: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/40.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 40
IPv6 Network
IPv4 LISP Spoke Site
Any to Any Access
IPv4 LISP Spoke Site
IPv4 LISP Spoke Site
xTR xTR xTR
IPv4 LISP Hub Site
xTR
IPv4
IP
v6
IPv4
GET VPN KS
LISP MS/MR
IPv4 Data
IPv4 Data IPv4 Data
IPv6 IPv4 Encrypted
IPv6 IPv4 Data
IPv4 over IPv6 Encapsulation (LISP Mixed Mode) • W/ No Encryption • W/ Encryption
VPN Platform Service: • Private LISP EID Mapping/Resolution
• GET Key Distribution
1. Transport − Tunnel-less IPv4 site interconnect over
IPv6 network based on LISP
− Private IP address mapping
− IPv6 site interconnect possible
IPv4 Data
LISP Use Cases – High-Scale VPNs Customer Case Study #3 – Requirements
2. Security − Tunnel-less group encryption based on
GETVPN
− “Bootstrap” Map-Cache to Key Server
− GETVPN keeps EID and Security Policy in sync
• GET ACL and LISP database are same subnet at Site
3. Site Routing − No Dynamic Routing between Spoke
and Hub
− Spoke router only has IPv6 Default Route on WAN side
− Hub router aggregates Spoke Site Routes
− Proxy xTR can be placed on Hub Site and can route non-LISP site or Internet
![Page 41: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/41.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 41
IPv4 IPv6
IPv6 Network
LISP Site A
LISP Site B
MS/MRxTR
xTR IPv4 LAN IPv4 LAN
IPv6
IPv4
IPv4
Lo0
Lo0
GM
KS
Lo0 GM
xTR
Control Path (GETVPN) Control Path (LISP) Forwarding Path
Payload Payload ESP SPI
ESP Trailer
IPv4 Src/Dst
LISP Hdr UDP IPv6
Src/Dst IPv4
Src/Dst IPv4
Src/Dst
Encrypted Original Packet
Payload IPv4 Src/Dst
Packet Construction (Forwarding Path)
Original IPv4 Header
• Validation of Group Members • Distribution of Group Policies and Keys
• EID Registration • Mapping Request/Reply IPv4 EID
LISP RLOC LISP EID Original Packet Original Packet
Payload LISP Hdr UDP IPv6
Src/Dst IPv4
Src/Dst Payload IPv4 Src/Dst
LISP RLOC LISP EID Original Packet Original Packet
Payload IPv4 Src/Dst
With No Encryption
With Encryption
LISP
LISP Use Cases – High-Scale VPNs Customer Case Study #3 – Functional Overview
LISP
GET LISP GET LISP
![Page 42: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/42.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 42
LISP Virtualization – Segmentation
LISP Virtualization A technique to Virtualized the EID and RLOC namespaces
The LISP Instance-ID is the mechanism to separate address spaces in the control and data planes
Instance-ID a 24-bit unstructured number
Data-plane: in LISP encapsulation header
Control-plane: EID encoded in LCAF format
![Page 43: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/43.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 43
Shared Infrastructure for Scaling, Private VPN sites for Segmentation
LISP Virtualization – Address Separation Shared Mapping System, Single-Tenency
Shared Mapping Database System
xTR xTR
Shared Core Routing System
xTR xTR
MS/MR MS/MR
MS/MR 10.1.0.0/16) 10.2.0.0/16)
xTR xTR
xTR xTR
10.1.0.0/16) 10.2.0.0/16) ( ( IID1, IID1,
( ( IID2, IID2,
![Page 44: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/44.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 44
Shared Mapping Database System
Shared Core Routing System
LISP Virtualization – Address Separation Shared Mapping System and xTR, Multi-Tenancy
(IID2, 10.2.0.0/16)
xTR xTR
(IID1, 10.2.0.0/16)
xTR xTR
xTR xTR
(IID1, 10.1.0.0/16) (IID2, 10.1.0.0/16)
MS/MR MS/MR
![Page 45: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/45.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 45
vrf vrf vrf
10.3.2.0/24 10.2.2.0/24 10.1.2.0/24
Lo1 Lo2 Lo3
Loop0 13.1.1.1/32
Loop0 13.1.1.3/32
xTR
LISP Site-3
xTR
LISP Site-1
12.1.0.0/30 E0/0 (.2)
E0/0 (.1)
12.3.0.0/30 E0/0 (.2)
E0/0 (.1)
12.2.0.0/30
E0/0 (.1)
E0/0 (.2)
xTR MS/MR
LISP Site-2
Loop0 13.1.1.2/32
10.3.1.0/24
vrf vrf vrf
Lo1 Lo2 Lo3
10.2.1.0/24 10.1.1.0/24
vrf vrf vrf
10.3.3.0/24
E1/0 E1/1 E1/2
10.2.3.0/24 10.1.3.0/24
LISP Use-Cases – Multi-Tenancy Customer Case Study #4 – Configurations
! hostname xTR-1 ! vrf definition blue ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! vrf definition teal ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! vrf definition green ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ip cef ipv6 unicast-routing ipv6 cef !
! interface Loopback0 ip address 13.1.1.1 255.255.255.255 ! interface Loopback1 vrf forwarding blue ip address 10.1.1.1 255.255.255.0 ! interface Loopback2 vrf forwarding teal ip address 10.2.1.1 255.255.255.0 ! interface Loopback3 vrf forwarding green ip address 10.3.1.1 255.255.255.0 ! interface Ethernet0/0 description to R30 (Core) ip address 12.1.0.2 255.255.255.252 !
! router lisp eid-table default instance-id 0 database-mapping 13.1.1.1/32 IPv4-interface Ethernet0/0 priority 1 weight 1 exit ! eid-table vrf blue instance-id 1 database-mapping 10.1.1.0/24 IPv4-interface Ethernet0/0 priority 1 weight 1 exit ! eid-table vrf teal instance-id 2 database-mapping 10.2.1.0/24 IPv4-interface Ethernet0/0 priority 1 weight 1 exit ! eid-table vrf green instance-id 3 database-mapping 10.3.1.0/24 IPv4-interface Ethernet0/0 priority 1 weight 1 exit ! ipv4 itr map-resolver 12.2.0.2 ipv4 itr ipv4 etr map-server 12.2.0.2 key secret ipv4 etr exit ! ip route 0.0.0.0 0.0.0.0 12.1.0.1 !
![Page 46: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/46.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 46
LISP Use-Cases – Multi-Tenancy Customer Case Study #4 – Configurations
vrf vrf vrf
10.3.2.0/24 10.2.2.0/24 10.1.2.0/24
Lo1 Lo2 Lo3
Loop0 13.1.1.1/32
Loop0 13.1.1.3/32
xTR
LISP Site-3
xTR
LISP Site-1
12.1.0.0/30 E0/0 (.2)
E0/0 (.1)
12.3.0.0/30 E0/0 (.2)
E0/0 (.1)
12.2.0.0/30
E0/0 (.1)
E0/0 (.2)
xTR MS/MR
LISP Site-2
Loop0 13.1.1.2/32
10.3.1.0/24
vrf vrf vrf
Lo1 Lo2 Lo3
10.2.1.0/24 10.1.1.0/24
vrf vrf vrf
10.3.3.0/24
E1/0 E1/1 E1/2
10.2.3.0/24 10.1.3.0/24
! router lisp eid-table default instance-id 0 database-mapping 13.1.1.2/32 12.2.0.2 priority 1 weight 1 exit ! eid-table vrf blue instance-id 1 database-mapping 10.1.2.0/24 12.2.0.2 priority 1 weight 1 exit ! eid-table vrf teal instance-id 2 database-mapping 10.2.2.0/24 12.2.0.2 priority 1 weight 1 exit ! eid-table vrf green instance-id 3 database-mapping 10.3.2.0/24 12.2.0.2 priority 1 weight 1 exit ! site All-Sites authentication-key secret eid-prefix 13.1.1.0/24 accept-more-specifics eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics eid-prefix instance-id 2 10.2.0.0/16 accept-more-specifics eid-prefix instance-id 3 10.3.0.0/16 accept-more-specifics exit ! ipv4 map-server ipv4 map-resolver ipv4 itr map-resolver 12.2.0.2 ipv4 itr ipv4 etr map-server 12.2.0.2 key secret ipv4 etr exit !
! hostname xTR-2 ! vrf definition blue ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! vrf definition teal ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! vrf definition green ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ip cef ipv6 unicast-routing ipv6 cef !
! interface Loopback0 ip address 13.1.1.2 255.255.255.255 ! interface Loopback1 vrf forwarding blue ip address 10.1.2.1 255.255.255.0 ! interface Loopback2 vrf forwarding teal ip address 10.2.2.1 255.255.255.0 ! interface Loopback3 vrf forwarding green ip address 10.3.2.1 255.255.255.0 ! interface Ethernet0/0 description to R30 (Core) ip address 12.2.0.2 255.255.255.252 !
![Page 47: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/47.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 47
LISP Use-Cases – Multi-Tenancy Customer Case Study #4 – Results
vrf vrf vrf
10.3.2.0/24 10.2.2.0/24 10.1.2.0/24
Lo1 Lo2 Lo3
Loop0 13.1.1.1/32
Loop0 13.1.1.3/32
xTR
LISP Site-3
xTR
LISP Site-1
12.1.0.0/30 E0/0 (.2)
E0/0 (.1)
12.3.0.0/30 E0/0 (.2)
E0/0 (.1)
12.2.0.0/30
E0/0 (.1)
E0/0 (.2)
xTR MS/MR
LISP Site-2
Loop0 13.1.1.2/32
10.3.1.0/24
vrf vrf vrf
Lo1 Lo2 Lo3
10.2.1.0/24 10.1.1.0/24
vrf vrf vrf
10.3.3.0/24
E1/0 E1/1 E1/2
10.2.3.0/24 10.1.3.0/24
xTR-2#show lisp site LISP Site Registration Information
Site Name Last Up Who Last Inst EID Prefix Register Registered ID All-Sites never no -- 0 13.1.1.0/24 00:00:34 yes 12.1.0.2 0 13.1.1.1/32 00:00:06 yes 12.2.0.2 0 13.1.1.2/32 00:00:02 yes 12.3.0.2 0 13.1.1.3/32 never no -- 1 10.1.0.0/16 00:00:27 yes 12.1.0.2 1 10.1.1.0/24 00:00:03 yes 12.2.0.2 1 10.1.2.0/24 00:00:03 yes 12.3.0.2 1 10.1.3.0/24 never no -- 2 10.2.0.0/16 00:00:24 yes 12.1.0.2 2 10.2.1.0/24 00:00:58 yes 12.2.0.2 2 10.2.2.0/24 00:00:02 yes 12.3.0.2 2 10.2.3.0/24 never no -- 3 10.3.0.0/16 00:00:33 yes 12.1.0.2 3 10.3.1.0/24 00:00:04 yes 12.2.0.2 3 10.3.2.0/24 00:00:00 yes 12.3.0.2 3 10.3.3.0/24 xTR-2#
xTR-2#show lisp site instance-id 0 LISP Site Registration Information
Site Name Last Up Who Last Inst EID Prefix Register Registered ID All-Sites never no -- 0 13.1.1.0/24 00:00:48 yes 12.1.0.2 0 13.1.1.1/32 00:00:20 yes 12.2.0.2 0 13.1.1.2/32 00:00:18 yes 12.3.0.2 0 13.1.1.3/32 xTR-2#show lisp site instance-id 1 LISP Site Registration Information
Site Name Last Up Who Last Inst EID Prefix Register Registered ID All-Sites never no -- 1 10.1.0.0/16 00:00:43 yes 12.1.0.2 1 10.1.1.0/24 00:00:22 yes 12.2.0.2 1 10.1.2.0/24 00:00:19 yes 12.3.0.2 1 10.1.3.0/24 xTR-2#show lisp site instance-id 2 LISP Site Registration Information
Site Name Last Up Who Last Inst EID Prefix Register Registered ID All-Sites never no -- 2 10.2.0.0/16 00:00:43 yes 12.1.0.2 2 10.2.1.0/24 00:00:19 yes 12.2.0.2 2 10.2.2.0/24 00:00:21 yes 12.3.0.2 2 10.2.3.0/24 xTR-2#show lisp site instance-id 3 LISP Site Registration Information
Site Name Last Up Who Last Inst EID Prefix Register Registered ID All-Sites never no -- 3 10.3.0.0/16 00:00:56 yes 12.1.0.2 3 10.3.1.0/24 00:00:28 yes 12.2.0.2 3 10.3.2.0/24 00:00:25 yes 12.3.0.2 3 10.3.3.0/24 xTR-2#
![Page 48: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/48.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 48
LISP Use-Cases – Multi-Tenancy Customer Case Study #4 – Results
vrf vrf vrf
10.3.2.0/24 10.2.2.0/24 10.1.2.0/24
Lo1 Lo2 Lo3
Loop0 13.1.1.1/32
Loop0 13.1.1.3/32
xTR
LISP Site-3
xTR
LISP Site-1
12.1.0.0/30 E0/0 (.2)
E0/0 (.1)
12.3.0.0/30 E0/0 (.2)
E0/0 (.1)
12.2.0.0/30
E0/0 (.1)
E0/0 (.2)
xTR MS/MR
LISP Site-2
Loop0 13.1.1.2/32
10.3.1.0/24
vrf vrf vrf
Lo1 Lo2 Lo3
10.2.1.0/24 10.1.1.0/24
vrf vrf vrf
10.3.3.0/24
E1/0 E1/1 E1/2
10.2.3.0/24 10.1.3.0/24
xTR-1#ping 13.1.1.3 source 13.1.1.1 repeat 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 13.1.1.3, timeout is 2 seconds: Packet sent with a source address of 13.1.1.1 ..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/4 ms
xTR-1#ping vrf blue 10.1.3.1 source 10.1.1.1 rep 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 10.1.3.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 ..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/4 ms
xTR-1#ping vrf teal 10.2.3.1 source 10.2.1.1 rep 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 10.2.3.1, timeout is 2 seconds: Packet sent with a source address of 10.2.1.1 ..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/4 ms xTR-1#ping vrf green 10.3.3.1 source 10.3.1.1 rep 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds: Packet sent with a source address of 10.3.1.1 ..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 98 percent (98/100), round-trip min/avg/max = 1/1/4 ms xTR-1#
![Page 49: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/49.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 49
6 E0/0
.1 E2/0
.2
172.16.6.0/30
OSPF (6)
3 1 2 E0/0
.1
E1/0
.5
E0/0
.2 12.0.0.0/30 12.0.0.4/30
E0/0
.6 E0/0 .2
E1/0 .1
E0/0
.2
E1/0
.1 4
12.2.0.0/30 12.1.0.0/30
5 7 E0/0
.1 E2/0 .2
Loop0 13.1.1.1/32 172.16.7.0/30
Site 2 Site 1
OSPF (0)
LDP LDP
ISIS ISIS
mp-‐BGP OSPF (1)
ce2 pe2
Loop0 12.9.3.3/32
Loop0 13.1.1.2/32
Loop0 12.9.1.1/32
Loop0 12.9.2.2/32
ce1
OSPF (0)
12 E0/0
.1 E2/0
.2
172.16.12.0/30
OSPF (1)
E0/0 .2
E1/0 .1 10
12.3.0.0/30
Site 3
ce3
OSPF (0)
pe1
Loop0 13.1.1.3/32
p
l0: 10.1.0.6/24 l1: 10.1.1.6/24 l2: 10.1.2.6/24
l0: 10.2.0.7/24 l1: 10.2.1.7/24 l2: 10.2.2.7/24
l0: 10.3.0.12/24 l1: 10.3.1.12/24 l2: 10.3.2.12/24
MPLS Baseline Case OSPF process on CE OSPF process on PE
• Routing change at site cause OSPF changes on PE BGP on PE side
• Changes in OSPF redistribute to BGP, propagate all sites in vrf • The greater the number of cust routes, the more thrashing?
Impact on PE router Memory and CPU per VRF for routing, changes
Adding IPv6 for the customer Requires CE-PE link dual-stack New BGP VPNV6 OSPFv3
LISP Use-Cases – MPLS Customer Case Study #5 – Conceptual
![Page 50: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/50.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 50
6 E0/0
.1 E2/0
.2
172.16.6.0/30
OSPF (6)
3 1 2 E0/0
.1
E1/0
.5
E0/0
.2 12.0.0.0/30 12.0.0.4/30
E0/0
.6 E0/0 .2
E1/0 .1
E0/0
.2
E1/0
.1 4
12.2.0.0/30 12.1.0.0/30
5 7 E0/0
.1 E2/0 .2
Loop0 13.1.1.1/32 172.16.7.0/30
Site 2 Site 1
OSPF (0)
LDP LDP
ISIS ISIS
mp-‐BGP OSPF (1)
ce2 pe2
Loop0 12.9.3.3/32
Loop0 13.1.1.2/32
Loop0 12.9.1.1/32
Loop0 12.9.2.2/32
ce1
OSPF (0)
12 E0/0
.1 E2/0
.2
172.16.12.0/30
OSPF (1)
E0/0 .2
E1/0 .1 10
12.3.0.0/30
Site 3
ce3
OSPF (0)
pe1
Loop0 13.1.1.3/32
p
l0: 10.1.0.6/24 l1: 10.1.1.6/24 l2: 10.1.2.6/24
l0: 10.2.0.7/24 l1: 10.2.1.7/24 l2: 10.2.2.7/24
l0: 10.3.0.12/24 l1: 10.3.1.12/24 l2: 10.3.2.12/24
LISP Use-Cases – MPLS Customer Case Study #5 – Baseline
MPLS Baseline Case What does routing look like:
• On CE? • On PE?
Customer Routes (9)
CE-‐PE Links (3)
CE Loopbacks (3)
R2-PE#show ip route vrf Cust1 ---<skip>--- 10.0.0.0/32 is subnetted, 9 subnets O IA 10.3.1.12 [110/21] via 12.3.0.2, 00:23:54, Ethernet2/0 O IA 10.3.0.12 [110/21] via 12.3.0.2, 00:23:54, Ethernet2/0 O IA 10.3.2.12 [110/21] via 12.3.0.2, 00:23:40, Ethernet2/0 O IA 10.1.1.6 [110/21] via 12.1.0.2, 00:23:58, Ethernet1/0 B 10.2.2.7 [200/21] via 12.9.3.3, 00:26:10 O IA 10.1.0.6 [110/21] via 12.1.0.2, 00:23:58, Ethernet1/0 B 10.2.1.7 [200/21] via 12.9.3.3, 00:26:26 B 10.2.0.7 [200/21] via 12.9.3.3, 00:26:26 O IA 10.1.2.6 [110/21] via 12.1.0.2, 00:24:00, Ethernet1/0 12.0.0.0/30 is subnetted, 3 subnets C 12.1.0.0 is directly connected, Ethernet1/0 B 12.2.0.0 [200/0] via 12.9.3.3, 00:40:13 C 12.3.0.0 is directly connected, Ethernet2/0 13.0.0.0/32 is subnetted, 3 subnets O 13.1.1.1 [110/11] via 12.1.0.2, 00:24:00, Ethernet1/0 O 13.1.1.3 [110/11] via 12.3.0.2, 00:24:00, Ethernet2/0 B 13.1.1.2 [200/11] via 12.9.3.3, 00:38:58 R2-PE#
Customer Routes (all sites) (9)
Customer Infrastructure (all sites) (4)
CE Loopbacks (all sites) (3)
CE-‐PE Links (all sites) (4)
R4-CE#show ip route ---<skip>--- 10.0.0.0/32 is subnetted, 9 subnets O IA 10.1.0.6 [110/11] via 172.16.6.1, 01:09:49, Ethernet1/0 O IA 10.1.1.6 [110/11] via 172.16.6.1, 01:10:54, Ethernet1/0 O IA 10.1.2.6 [110/11] via 172.16.6.1, 01:09:39, Ethernet1/0 O IA 10.2.0.7 [110/31] via 12.1.0.1, 01:03:46, Ethernet0/0 O IA 10.2.1.7 [110/31] via 12.1.0.1, 01:03:46, Ethernet0/0 O IA 10.2.2.7 [110/31] via 12.1.0.1, 01:03:31, Ethernet0/0 O IA 10.3.0.12 [110/31] via 12.1.0.1, 01:01:15, Ethernet0/0 O IA 10.3.1.12 [110/31] via 12.1.0.1, 01:01:15, Ethernet0/0 O IA 10.3.2.12 [110/31] via 12.1.0.1, 01:01:01, Ethernet0/0 12.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 12.1.0.0/30 is directly connected, Ethernet0/0 L 12.1.0.2/32 is directly connected, Ethernet0/0 O IA 12.2.0.0/30 [110/11] via 12.1.0.1, 01:17:27, Ethernet0/0 O 12.3.0.0/30 [110/20] via 12.1.0.1, 01:17:27, Ethernet0/0 13.0.0.0/32 is subnetted, 3 subnets C 13.1.1.1 is directly connected, Loopback0 O IA 13.1.1.2 [110/21] via 12.1.0.1, 01:16:18, Ethernet0/0 O 13.1.1.3 [110/21] via 12.1.0.1, 01:13:37, Ethernet0/0 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks C 172.16.6.0/30 is directly connected, Ethernet1/0 L 172.16.6.2/32 is directly connected, Ethernet1/0 O IA 172.16.7.0/30 [110/30] via 12.1.0.1, 01:16:18, Ethernet0/0 O 172.16.12.0/30 [110/30] via 12.1.0.1, 01:13:37, Ethernet0/0 R4-CE#
![Page 51: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/51.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 51
6 E0/0
.1 E2/0
.2
172.16.6.0/30
OSPF (6)
pe2
12.9.0.0/30 .2
.1
ms/mr
3 1 2 E0/0
.1
E1/0
.5
E0/0
.2 12.0.0.0/30 12.0.0.4/30
E0/0
.6 E0/0 .2
E1/0 .1
E0/0
.2
E1/0
.1 4
12.2.0.0/30 12.1.0.0/30
5 7 E0/0
.1 E2/0 .2
Loop0 13.1.1.1/32 172.16.7.0/30
Site 2 Site 1
OSPF (0)
LDP LDP
ISIS ISIS
mp-‐BGP OSPF (1)
ce2
Loop0 12.9.3.3/32
Loop0 13.1.1.2/32
Loop0 12.9.1.1/32
Loop0 12.9.2.2/32
ce1
OSPF (0)
12 E0/0
.1 E2/0
.2
172.16.12.0/30
OSPF (1)
E0/0 .2
E1/0 .1 10
12.3.0.0/30
Site 3
ce3
OSPF (0)
pe1
Loop0 13.1.1.3/32
p
l0: 10.1.0.6/24 l1: 10.1.1.6/24 l2: 10.1.2.6/24
l0: 10.3.0.12/24 l1: 10.3.1.12/24 l2: 10.3.2.12/24
LISP Use-Cases – MPLS Customer Case Study #5 – Add LISP (Remove eBGP)
router lisp eid-table default instance-id 0 database-mapping 10.1.0.0/24 12.1.0.2 priority 1 weight 100 database-mapping 10.1.1.0/24 12.1.0.2 priority 1 weight 100 database-mapping 10.1.2.0/24 12.1.0.2 priority 1 weight 100 database-mapping 13.1.1.1/32 12.1.0.2 priority 1 weight 100 exit ! ipv4 itr map-resolver 12.9.0.2 ipv4 itr ipv4 etr map-server 12.9.0.2 key secret ipv4 etr exit
router lisp eid-table default instance-id 0 database-mapping 10.2.0.0/24 12.2.0.2 priority 1 weight 100 database-mapping 10.2.1.0/24 12.2.0.2 priority 1 weight 100 database-mapping 10.2.2.0/24 12.2.0.2 priority 1 weight 100 database-mapping 13.1.1.2/32 12.2.0.2 priority 1 weight 100 exit ! ipv4 itr map-resolver 12.9.0.2 ipv4 itr ipv4 etr map-server 12.9.0.2 key secret ipv4 etr exit
router lisp eid-table default instance-id 0 database-mapping 10.3.0.0/24 12.3.0.2 priority 1 weight 100 database-mapping 10.3.1.0/24 12.3.0.2 priority 1 weight 100 database-mapping 10.3.2.0/24 12.3.0.2 priority 1 weight 100 database-mapping 13.1.1.3/32 12.3.0.2 priority 1 weight 100 exit ! ipv4 itr map-resolver 12.9.0.2 ipv4 itr ipv4 etr map-server 12.9.0.2 key secret ipv4 etr exit
router lisp site Site-all authentication-key secret eid-prefix 10.0.0.0/8 accept-more-specifics eid-prefix 2001:DB8::/32 accept-more-specifics exit ! ipv4 map-server ipv4 map-resolver ipv6 map-server ipv6 map-resolver exit
l0: 10.2.0.7/24 l1: 10.2.1.7/24 l2: 10.2.2.7/24
![Page 52: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/52.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 52
6 E0/0
.1 E2/0
.2
172.16.6.0/30
OSPF (6)
3 1 2 E0/0
.1
E1/0
.5
E0/0
.2 12.0.0.0/30 12.0.0.4/30
E0/0
.6 E0/0 .2
E1/0 .1
E0/0
.2
E1/0
.1 4
12.2.0.0/30 12.1.0.0/30
5 7 E0/0
.1 E2/0 .2
Loop0 13.1.1.1/32 172.16.7.0/30
Site 2 Site 1
OSPF (0)
LDP LDP
ISIS ISIS
mp-‐BGP OSPF (1)
ce2 pe2
Loop0 12.9.3.3/32
Loop0 13.1.1.2/32
Loop0 12.9.1.1/32
Loop0 12.9.2.2/32
ce1
OSPF (0)
12 E0/0
.1 E2/0
.2
172.16.12.0/30
OSPF (1)
E0/0 .2
E1/0 .1 10
12.3.0.0/30
Site 3
ce3
OSPF (0)
pe1
Loop0 13.1.1.3/32
p
l0: 10.1.0.6/24 l1: 10.1.1.6/24 l2: 10.1.2.6/24
l0: 10.2.0.7/24 l1: 10.2.1.7/24 l2: 10.2.2.7/24
l0: 10.3.0.12/24 l1: 10.3.1.12/24 l2: 10.3.2.12/24
LISP Use-Cases – MPLS Customer Case Study #5 – New Routing
Customer Routes (this site only)(3)
CE Loopbacks (1)
CE-‐PE Links (this site only)(1)
Customer Infrastructure (this site only) (1)
R4-CE#show ip route ---<skip>--- S* 0.0.0.0/0 [1/0] via 12.1.0.1 10.0.0.0/32 is subnetted, 3 subnets O IA 10.1.0.6 [110/11] via 172.16.6.1, 00:37:54, Ethernet1/0 O IA 10.1.1.6 [110/11] via 172.16.6.1, 00:37:54, Ethernet1/0 O IA 10.1.2.6 [110/11] via 172.16.6.1, 00:37:54, Ethernet1/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 12.1.0.0/30 is directly connected, Ethernet0/0 L 12.1.0.2/32 is directly connected, Ethernet0/0 13.0.0.0/32 is subnetted, 1 subnets C 13.1.1.1 is directly connected, Loopback0 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.6.0/30 is directly connected, Ethernet1/0 L 172.16.6.2/32 is directly connected, Ethernet1/0 R4-CE#
default route
CE-‐PE Links (3)
R2-PE#show ip route vrf Cust1 ---<skip>--- 12.0.0.0/30 is subnetted, 3 subnets C 12.1.0.0 is directly connected, Ethernet1/0 B 12.2.0.0 [200/0] via 12.9.3.3, 00:40:13 C 12.3.0.0 is directly connected, Ethernet2/0 R2-PE#
NO CUSTOMER ROUTES!
Now look at CE and PE What does routing look like:
• On CE? • On PE?
![Page 53: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/53.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 53
6 E0/0
.1 E2/0
.2
172.16.6.0/30
OSPF (6)
pe2
12.9.0.0/30 .2
.1
ms/mr
3 1 2 E0/0
.1
E1/0
.5
E0/0
.2 12.0.0.0/30 12.0.0.4/30
E0/0
.6 E0/0 .2
E1/0 .1
E0/0
.2
E1/0
.1 4
12.2.0.0/30 12.1.0.0/30
5 7 E0/0
.1 E2/0 .2
Loop0 13.1.1.1/32 172.16.7.0/30
Site 2 Site 1
OSPF (0)
LDP LDP
ISIS ISIS
mp-‐BGP OSPF (1)
ce2
Loop0 12.9.3.3/32
Loop0 13.1.1.2/32
Loop0 12.9.1.1/32
Loop0 12.9.2.2/32
ce1
OSPF (0)
12 E0/0
.1 E2/0
.2
172.16.12.0/30
OSPF (1)
E0/0 .2
E1/0 .1 10
12.3.0.0/30
Site 3
ce3
OSPF (0)
pe1
Loop0 13.1.1.3/32
p
l0: 10.1.0.6/24 l1: 10.1.1.6/24 l2: 10.1.2.6/24
l0: 10.2.0.7/24 l1: 10.2.1.7/24 l2: 10.2.2.7/24
l0: 10.3.0.12/24 l1: 10.3.1.12/24 l2: 10.3.2.12/24
LISP Use-Cases – MPLS Customer Case Study #5 – Add IPv6
• Add IPv6 at Customer Sites • ZERO changes in SP Core • A few more lines of config on the
xTRs (CE’s) and MS
router lisp site Site-all authentication-key secret eid-prefix 10.0.0.0/8 accept-more-specifics eid-prefix 2001:DB8::/32 accept-more-specifics exit ! ipv4 map-server ipv4 map-resolver ipv6 map-server ipv6 map-resolver exit
l0: 2001:db8:2:a::7/64 l1: 2001:db8:2:b::7/64 l2: 2001:db8:2:c::7/64
l0: 2001:db8:3:a::c/64 l1: 2001:db8:3:b::c/64 l2: 2001:db8:3:c::c/64
l0: 2001:db8:1:a::6/64 l1: 2001:db8:1:b::6/64 l2: 2001:db8:1:c::6/64
router lisp eid-table default instance-id 0 database-mapping 10.1.0.0/24 12.1.0.2 priority 1 weight 100 database-mapping 10.1.1.0/24 12.1.0.2 priority 1 weight 100 database-mapping 10.1.2.0/24 12.1.0.2 priority 1 weight 100 database-mapping 13.1.1.1/32 12.1.0.2 priority 1 weight 100 database-mapping 2001:DB8:1:A::/64 12.1.0.2 priority 1 weight 100 database-mapping 2001:DB8:1:B::/64 12.1.0.2 priority 1 weight 100 database-mapping 2001:DB8:1:C::/64 12.1.0.2 priority 1 weight 100 exit ! ipv4 itr map-resolver 12.9.0.2 ipv4 itr ipv4 etr map-server 12.9.0.2 key secret ipv4 etr ipv6 itr map-resolver 12.9.0.2 ipv6 itr ipv6 etr map-server 12.9.0.2 key secret ipv6 etr exit
--similar to R4--
--similar to R4--
![Page 54: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/54.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 54
LISP Use Cases VM-Mobility
Needs: VM-Mobility across subnets Move detection, dynamic EID-to-
RLOC mappings, traffic redirection
LISP Solution: xTR Dynamic EID (VM-Mobility) on
access or aggregation switches
Benefits: Integrated Mobility Direct Data Path (no triangulation) Connections maintained across moves No routing re-convergence Transparent to hosts
No DNS updates required Global Scalability (cloud bursting) IPv4/IPv6 Support ARP elimination Automated move detection
Data Center 1
Data Center 2
a.b.c.1 VM
a.b.c.1 VM
VM move
LISP router
LISP router
Internet
![Page 55: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/55.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 55
LISP Use Cases – VM-Mobility Detailed Look: Roaming Across Subnets
Mapping Database System
S2
A
S3 S4
B
S5 S6
C
S7 S8
D RLOC A RLOC B RLOC C RLOC D
10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 10.4.0.0/16
LISP Router or infrastructure device
10.1.0.0/16 -> A 10.2.0.0/16 -> B 10.3.0.0/16 -> C 10.4.0.0/16 -> D
S1
10.1.0.1/32 S1 moves across subnets
S1
10.1.0.1/32 -> C MS/MR
MS/MR
![Page 56: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/56.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 56
LISP Use Cases – VM-Mobility Topology and Initial Map Cache entries
Enterprise Core
EAST
VM3 : 10.10.20.1
Server C WEST
VM2 : 10.10.10.2
Server B
Enterprise WAN
192.168.30.1
Host 1: 10.10.30.1
VM1 : 10.10.10.1
Server A
Map Cache Table
EID RLOC
10. 10.20.0/24 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
DC EID Space, Home Subnet 10.10.20.0/24
DC EID Space, Home Subnet 10.10.10.0/24
Branch EID Space, 10.10.30.0/25
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
10.10.20.0/24 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
Enterprise Remote
Site Map Cache Table
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
Map Cache Table
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
192.168.10.1 192.168.10.2 192.168.20.1 192.168.20.2
![Page 57: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/57.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 57
LISP Use Cases – VM-Mobility Traffic Flows – Before Move
Enterprise Core
EAST
VM3 : 10.10.20.1
Server C WEST
VM2 : 10.10.10.2
Server B
Enterprise WAN
192.168.30.1
Host 1: 10.10.30.1
VM1 : 10.10.10.1
Server A DC EID Space, Home Subnet 10.10.20.0/24
DC EID Space, Home Subnet 10.10.10.0/24
Branch EID Space, 10.10.30.0/25
Enterprise Remote
Site
10.10.30.1<->10.10.10.1
10.10.20.1<->10.10.10.1 10.10.20.1<->10.10.10.1 10.10.10.2<->10.10.10.1
Traffic Flows
Before Move
Map Cache Table
EID RLOC
10. 10.20.0/24 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
10.10.20.0/24 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
Enterprise Remote
Site Map Cache Table
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
Map Cache Table
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
192.168.10.1 192.168.10.2
192.168.30.1<->192.168.10.2 10.10.30.1<->10.10.10.1
192.168.20.1 192.168.20.2
192.168.20.2<->192.168.10.2 10.10.20.1<->10.10.10.1
10.10.30.1<->10.10.10.1
![Page 58: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/58.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 58
LISP Use Cases – VM-Mobility Map Cache Updates – After Move
Enterprise Core
EAST
VM3 : 10.10.20.1
Server C WEST
VM2 : 10.10.10.2
Server B
Enterprise WAN
192.168.30.1
Host 1: 10.10.30.1
DC EID Space, Home Subnet 10.10.20.0/24
DC EID Space, Home Subnet 10.10.10.0/24
Branch EID Space, 10.10.30.0/25
Enterprise Remote
Site
VM1 : 10.10.10.1
Server A
1
2
3
4 4
4
Traffic Flows
Before Move
192.168.20.1
Map Cache Table
EID RLOC
10. 10.20.0/24 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
10.10.20.0/24 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
Enterprise Remote
Site Map Cache Table
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
Map Cache Table
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
192.168.10.1 192.168.10.2 192.168.20.2 10.10.10.1/32 192.168.20.1 192.168.20.2
10.10.10.1/32 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
10.10.10.1/32 192.168.20.1 192.168.20.2
![Page 59: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/59.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 59
LISP Use Cases – VM-Mobility Traffic Flows – After Move
Enterprise Core
EAST
VM3 : 10.10.20.1
Server C WEST
VM2 : 10.10.10.2
Server B
Enterprise WAN
192.168.30.1
Host 1: 10.10.30.1
DC EID Space, Home Subnet 10.10.20.0/24
DC EID Space, Home Subnet 10.10.10.0/24
Branch EID Space, 10.10.30.0/25
Enterprise Remote
Site
Traffic Flows
Before Move
AYer Move
VM1 : 10.10.10.1
Server A
10.10.30.1<->10.10.10.1
10.10.20.1<->10.10.10.1
10.10.30.1<->10.10.10.1
10.10.20.1<->10.10.10.1 10.10.10.2<->10.10.10.1 10.10.10.2<->10.10.10.1
192.168.20.1 192.168.20.2
192.168.30.1<->192.168.20.1 10.10.30.1<->10.10.10.1
Map Cache Table
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
Map Cache Table
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
10.10.30.0/24 192.168.30.1
10.10.10.1/32 192.168.20.1 192.168.20.2
Map Cache Table
EID RLOC
10. 10.20.0/24 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
EID RLOC
10.10.10.0/24 192.168.10.1 192.168.10.2
10.10.20.0/24 192.168.20.1 192.168.20.2
10.10.30.0/24 192.168.30.1
10.10.10.1/32 192.168.20.1 192.168.20.2
10.10.10.1/32 192.168.20.1 192.168.20.2
192.168.10.1 192.168.10.2
192.168.10.1<->192.168.20.1 10.10.10.2<->10.10.10.1
![Page 60: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/60.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 60
LISP Overview LISP Operations LISP Use Cases LISP Status Summary References
LISP - Agenda
![Page 61: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/61.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 61
DraY Current Status Next Steps/Target
LISP base protocol (dra]-‐ie^-‐lisp-‐12) Submi_ed: 04/26/2011 WG Last Call now…
LISP+ALT (dra]-‐ie^-‐lisp-‐alt-‐06) Submi_ed: 03/04/2011 WG Last Call now…
LISP Interworking (dra]-‐ie^-‐lisp-‐interworking-‐01)
Submi_ed: 08/26/2010 WG Last Call now…
LISP Map Server (dra]-‐ie^-‐lisp-‐ms-‐08) Submi_ed: 04/28/2011 WG Last Call now…
LISP Mul-cast (dra]-‐ie^-‐lisp-‐mul?cast-‐05)
Submi_ed: 04/05/2010 WG Last Call now…
LISP Internet Groper (dra]-‐ie^-‐lisp-‐lig-‐02)
Submi_ed: 04/05/2011 Several implementa?ons available (including open source)
LISP Mobile Node (dra]-‐meyer-‐lisp-‐mn-‐04)
Submi_ed: 10/25/2010 Three prototype implementa?ons underway Not WG Document
LISP Canonical Address Format (dra]-‐farinacci-‐lisp-‐lcaf-‐05)
Submi_ed: 04/28/2011 -‐05 update sent to WG list Proposed for WG adop?on
LISP MIB (dra]-‐ie^-‐lisp-‐mib-‐01) Submi_ed: 03/14/2011 -‐01 update sent to WG list
LISP Map Versioning (dra]-‐ie^-‐lisp-‐map-‐versioning-‐01)
Submi_ed: 03/11/2011 -‐01 update sent to WG list
LISP Standardization Effort Open Design
IETF LISP WG: http://tools.ietf.org/wg/lisp/
![Page 62: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/62.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 62
LISP Community-‐Operated > 4 years opera?onal > 120+ sites, 18 countries
Many LISP implementa?ons Cisco: IOS/IOS-‐XE, NX-‐OS FreeBSD: OpenLISP Two Linux implementa?ons Android implementa?on “another” router vendor
Company IPv4 Sites IPv6 Sites
Cisco http://www.lisp4.net http://lisp.cisco.com
http://www.lisp6.net http://lisp.cisco.com
Facebook http://www.lisp6.facebook.com
Qualcomm http://www6.eudora.com http://myvpn6.qualcomm.com
InTouch http://www.lisp.intouch.eu/ http://www.lisp.intouch.eu/
LISP Global Pilot Network Deployed/Operational Experience
Notables who are using LISP –
![Page 63: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/63.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 63
Step 1: Market Seeding via Early Deployment (ED) software LISP ED releases available on CCO as private images (“hidden” posts) − Not orderable via the Cisco Global Configuration tool − Intended only for deployment on LISP nodes − Not intended nor recommended for production deployment scenarios − TAC supported (unless deployed in non-LISP environment)
− Refer to LISP Early ED Software Release Product Bulletin for details − Links to Software Here: http://lisp.cisco.com (IPv4 and IPv6 access)
Step 2: Production LISP Deployments via mainline integration LISP production software images available via CCO download − Orderable via the Cisco Global Configuration tool − Approved for use in all production deployment scenarios − TAC supported − Links to Software Here: http://lisp.cisco.com (IPv4 and IPv6 access)
LISP Software Release Strategy Two-pronged approach
![Page 64: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/64.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 64
Phase 1 Dec’09
Phase 2 March ’10
Phase 3 June ’10
Phase 4 October ’10
Phase 5 April ’11
Phase 6 June ’11
Phase 7 Sept ’11
ISR, ISR G2 7200(1)
IPv4 xTR IPv6 xTR IPv4/v6 PxTR
IPv4/v6 MS/MR
MS/MR Mul?-‐Tenant xTR Single-‐Tenant
xTR Mul?-‐Tenant
Route Server for PITR LISP-‐SEC (OTK)* Mul?-‐Tenent Parallel Mode* Mul?ple xTR dyn-‐RLOCs
Planning
ASR1K IPv4/v6 xTR IPv4/v6 PxTR
IPv4/v6 MS/MR
MS/MR Mul?-‐Tenant
N7K(*) IPv4/v6 PxTR
IPv4/v6 xTR
(Aug 2010) VM-‐Mobility (Nov 2010) MS/MR Mul?-‐Tenant xTR Mul?-‐Tenant
(Feb 2011) VM-‐Mobility MS/MR Mul?-‐Tenant xTR Mul?-‐Tenant
LISP-‐SEC (OTK) LISP-‐ODF
Planning
UCS C200(*) IPv4/v6 MS/MR IPv4/v6 PxTR
MS/MR Mul?-‐Tenant xTR Mul?-‐Tenant
Virtual Appliance
MS/MR PxTR
LISP Software Release Strategy ED Software Releases
(1) C7200 support subject to change without notice. (*) Subject to change without notice. − ED support doesn’t automatically imply that there will be mainline support in the future;
some items may not be productized. − Access is provided for early field testing; Images and terms available at lisp.cisco.com
![Page 65: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/65.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 65
1HCY11 2HCY11 1HCY12 2HCY12
ISR, ISR G2, 7200(1)
15.1(4)M (March/Shipping) Base (xTR, PxTR), MS/MR
15.2(2)T (Nov) Mul?-‐Tenancy for xTR, MS/MR
15.2(3)T(*) PITR Route Server LISP-‐SEC (OTK) Mul?-‐tenant Parallel Mode Mul?ple xTRs w/ dyn RLOCs
Planning
ASR 1K XE3.3.0S (March/Shipping) Base (xTR, PxTR), MS/MR
XE3.5.0S (Nov) Mul?-‐Tenancy for xTR, MS/MR
XE3.6.0S(*) PITR Route Server LISP-‐SEC (OTK) Connected App LISP support Mul?-‐tenant Parallel Mode Mul?ple xTRs w/ dyn RLOCs
Planning
Catalyst 6K(*) Base (xTR, PxTR), MS/MR
N7K 5.2 (May) Base (xTR, PxTR), MS/MR VM Mobility, Mul?-‐tenant
VM Mobility enhancements Mul?-‐Tenancy enhancements
6.0(*)
Mul?cast Support for F3 hardware
Planning
Virtual Appliance 6.0(*)
IPv4/v6 MS/MR
ASR 9K Base (xTR, PxTR)
LISP Software Release Strategy Mainline Software Releases
(1) C7200 support subject to change without notice. (*) Subject to change without notice. − Access to mainline images and terms available at www.cisco.com
![Page 66: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/66.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 66
LISP Overview LISP Operations LISP Use Cases LISP Status Summary References
LISP - Agenda
![Page 67: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/67.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 67
LISP – A Routing Architecture; Not a Feature LISP Innovations
LISP enables IP Number Portability
With session survivability
Never change host IP addresses No renumbering costs
No DNS “name -> EID” binding change
LISP uses pull vs. push routing
OSPF and BGP are push models; routing stored in the forwarding plane
LISP is a pull model; Analogous to DNS; massively scalable
LISP is an over-the-top technology
Address Family agnostic
Incrementally deployable
No changes in end systems
LISP creates a Level of Indirection
Separates End-Host and Site addresses
LISP deployment simplicity
No host changes
Minimal CPE changes
Some new core infrastructure components
LISP enables other interesting features
Simplified multi-homing with Ingress traffic engineering – without the need for BGP
End-host mobility without renumbering
Address Family agnostic support
LISP is an Open Standard
No Cisco Intellectual Property Rights
![Page 68: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/68.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 68
LISP Overview LISP Operations LISP Use Cases LISP Status Summary References
LISP - Agenda
![Page 69: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/69.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 69
LISP Information • IETF LISP WG h_p://tools.ie^.org/wg/lisp/
• LISP Beta Network h_p://www.lisp4.net or h_p://www.lisp6.net
• Cisco LISP Site h_p://lisp.cisco.com (v4 and v6)
• Cisco LISP Marketing h_p://www.cisco.com/go/lisp
Mailing Lists • IETF LISP WG lisp@ie^.org
• LISP Interest (public) lisp-‐[email protected]
• Cisco LISP Questions lisp-‐[email protected]
LISP References Resources
![Page 70: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/70.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 70
Complete Your Online Session Evaluation
• Receive 25 Cisco Preferred Access points for each session evaluation you complete.
• Give us your feedback and you could win fabulous prizes. Points are calculated on a daily basis. Winners will be notified by email after July 22nd.
• Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
• Don’t forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com
![Page 71: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/71.jpg)
Visit the Cisco Store for Related Titles
http://theciscostores.com
![Page 72: LISP - A Next Generation Routing Architecturelisp.cisco.com/docs/BRKRST-3045_Vegas2011.pdfLISP Overview How does Location/ID Split help solve this problem? Internet Today’s Internet](https://reader034.vdocuments.mx/reader034/viewer/2022042105/5e83fd1265d92f41f42237ba/html5/thumbnails/72.jpg)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-3045 72
Thank you.