new lisp mapping system: lisp- ddt presentation to lnog darrel lewis on behalf of the lisp team
Post on 25-Feb-2016
77 Views
Preview:
DESCRIPTION
TRANSCRIPT
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
New LISP Mapping System:
LISP-DDTPresentation to LNOGDarrel Lewis on behalf of the LISP TEAM
2
The Story So Far
ALT was a really nice starting point because the development effort was minimal
– Separated the location of the mapping from the mapping itself– Lack of the use of caching was seen as a feature in enabling mobility– Some growing pains have appeared (more later)
The interface to this mapping system is really key– MR/MS has benefits
3
Some current issues with the ALT
Who runs the ALT network?– What’s the business model?– Should it be rooted at/run by the RIRs?– Who assigns infrastructure AS/Tunnel IPs
How do we administer all these GRE/IPsec tunnels?– Why do this for an Enterprise deployment– How can we update xTRs
Why use a routing protocol and all that– we are using 1% of the features – GRE tunnels are overkill for carrying only map-requests
• Traceroute over the ALT has always been troublesome
4
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRsxTRs
xTRs
xTRs
xTRs xTRsxTRs
MS/MRs
MS/MRsMS/MRs
MS/MRs
MS/MRs
MS/MRs
MS/MRsMS/MRs
ALTALTALT
ALT
Legend: LISP Sites -> green 1st layer access infrastructure -> blue 2nd layer core infrastructure -> red
Duplicate Everything, Per VRF? It _seems_ logical
But to quote Jesper:
“That’s Mad”
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRsxTRs
xTRs
xTRs
xTRs xTRsxTRs
MS/MRs
MS/MRsMS/MRs
MS/MRs
MS/MRs
MS/MRs
MS/MRsMS/MRs
ALTALTALT
ALT
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRsxTRs
xTRs
xTRs
xTRs xTRsxTRs
MS/MRs
MS/MRsMS/MRs
MS/MRs
MS/MRs
MS/MRs
MS/MRsMS/MRs
ALTALTALT
ALT
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRsxTRs
xTRs
xTRs
xTRs xTRsxTRs
MS/MRs
MS/MRsMS/MRs
MS/MRs
MS/MRs
MS/MRs
MS/MRsMS/MRs
ALTALTALT
ALT
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRs
xTRsxTRs
xTRs
xTRs
xTRs xTRsxTRs
MS/MRs
MS/MRsMS/MRs
MS/MRs
MS/MRs
MS/MRs
MS/MRsMS/MRs
ALTALTALT
ALT
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
LISP+ALT-IID=0(that is, LISP-DDT)
6
LISP DDT LISP Delegated Database Tree– Hierarchy for Instance IDs and for EID Prefixes
DDT Nodes are pre-configured with delegations– DDT Map-Resolvers sends (ECM) Map-Requests– DDT Nodes Return Map-Referral messages
DDT Resolvers resolve the Map-Server’s RLOC iteratively Replacement for LISP-ALT – Increased Flexibility - Supports LISP Instance IDs, etc.– Simplified Operations– ITRs and ETRs don’t change
7
LISP DDT Map Resolvers DDT Map Resolvers – Cache Map Requests from ITRs– Query the DDT hierarchy iteratively– Detect Loops/Delegation Errors– Resolve the location of the DDT Map-Server
DDT Map Resolvers thus have state:– Referral Cache– Map-Request Queue
8
LISP DDT Referrals & Their Actions– ‘Positive’ Referrals are used to discover a DDT-node’s
RLOC for a given EID Prefix» Type 0, NODE-REFERRAL» Type 1, MS-REFERRAL» Type 2, MS-ACK
– ‘Negative’ referrals are used to indicate other actions:» Type 3, MS-NOT-REGISTERED » Type 4, DELEGATION-HOLE» Type 5, NOT-AUTHORITATIVE
9
DDT-Node Root 10.0.0.0/0IID=0
DDT-Node 210.0.0.0/8IID=0
DDT Node 310.1.0.0/16IID=0
MSDDT-Node 410.1.0.0/24IID=0
Setup & Configuration
MR
Map Request
Map Referral
Static Delegation Hierarchy
Map Reply
ETR10.1.0.0/24
ETR-MS Registration
Configuration and Setup
1
1) MR configured with Root, or MS1, RLOC
3
3) ETR is registering its EID to the Leaf MS 2
2) DDT-1, DDT2, DDT-3, DDT/MS-4 configured children with child prefixes, and authoritative prefixes
Ex. DDT-2 Delegates child 10.1.0.0/16 to MS3 DDT-2 configured authoritative for 10/8 in IID0
10
DDT-Node Root 10.0.0.0/0
DDT Node 210.0.0.0/8
DDT Node 310.1.0.0/16
DDT-Node-4MS10.1.0.0/24
Map Request, Referral, & Reply
MR
ITR
Map Request
Map Referral
Static Delegation Hierarchy
Map Reply
ETR-MS Registration
ETR10.1.0.0/24
First Request Packet Flow
1
1) ITR sends MRQ to MR via ECM
2
2) MR sends Iterative-MRQ to its statically configured Root DDT-Node via ECM-Like-packet
33) MS1 Sends a Map Referral to MR informing
the MR who is the next DDT-Node (2) to try
4
4) MR repeats steps 2 & 3 until it gets to leaf MS/DDT-Node which has the registered ETR (DDT-4)
5
5) DDTNode-4 sends Map-Referral to MR with done bit set
7
7) ETR sends Map-Reply to the ITR
6
6) MS (DDT-4) receives, processes MR and fwd to ETR
11
DDT 10.0.0.0/0
DDt 210.0.0.0/8
DDT 310.1.0.0/16
DDT-4 MS10.1.0.0/24
Once MR’s Referal-Cache is Populated
1) MRQ in ECM arrives on MR2) MR sends MRQ in ECM (possibly double
encaped if lisp-sec is used to secure referal path) to Cache’d Leaf-Map-Server (MS-4)
3) MS decaps ECM and then sends Map-Request in new ECM to ETR MS also sends a Map-Referal with Done Bit set back to MR
4) ETR sends Map-Reply to ITR
MR
ITR
Map Request
Map Referral
Static Delegation Hierarchy
Map Reply
ETR10.1.0.0/24
ETR-MS Registration
Steady State
1
2
3
4
12
DDT Implementation Status
IOS and NXOS implementations complete Development, and interoperability testing going on now Beta Network running DDT code Configuration is pretty simple Does not include proposed DDT-SEC extensions
13Static Delegation Hierarchy
DDT Beta (IID0) Network Deployment Cisco’s DDT Roots:(Iota-Root)IID: *EID: *arin-ddt.rloc.lisp4.netripe-ddt.rloc.lisp4.netvxnet-ddt.rloc.lisp4.net
MR/MS:EID Aggregates: 153.16.0.0/19 2610:D0:1000::/362610:D0:FACE::/48153.16.21.0/24 TO MN153.16.22.0/24 TO MNisc-mr-msasp-mr-mscisco-sjc-mr-ms1eqx-ash-mr-ms
Other DDT Roots IID * EID: *root-verisign.ddt-root.orgmu-ddt-root.org
ARIN-Region
RIPE- Region AP-Region LACNIC-Region
Mobile Node Region
MR/MS:EID Aggregates: 153.16.32.0/192610:D0:2000::/36l3-london-mr-mstdc-mr-msintouch-ams-mr-msintouch-ams-mr-ms
MR/MS:EID Aggregates:153.16.64.0/19 2610:D0:3000::/36apnic-mr-ms
DDT Node with ‘child referrals’
MR/MS’s153.16.21/24 153.16.22/24 2610:d0:1219::/482610:d0:120e::/48asp-isisisc-isisintouch-isis
MR/MS:EID Aggregates:153.16.128.0/192610:D0:5000::/36 lacnic-mr-ms
asp-isis
DDT Beta- Network TLDsIID 0v4-EID: 153.16.0.0/16v6-EID: 2610:D0/32uninett-ddt.rloc.lisp4.netsj-ddt.rloc.lisp4.netmsn-ddt.rloc.lisp4.net
Beta Network DDT TLD
Iota- root Servers
14
LISP DDT Root Operations
DDT Root is expected to be neutral (vendor and provider agnostic)
– http://ddt-root.org– set up non profit for ddt operations/administration?
Current DDT efforts are community based
15
Wrap Up Questions?
top related