lisp a next generation networking architecture live 2015 melbourne... · lisp changes the routing...

117

Upload: others

Post on 24-Mar-2020

1 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its
Page 2: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

#clmel

LISP – A Next Generation Networking Architecture

BRKRST-3045

Victor Moreno

Distinguished Engineer

Page 3: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

BRKRST-3045 Cisco Public© 2015 Cisco and/or its affi liates. All rights reserved.

Agenda

• LISP Overview

• LISP Operations

• How setup LISP

• LISP Deployment Examples

• LISP Status

• LISP Summary

3

Page 4: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

LISP Overview

Page 5: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OverviewOriginal Motivation

5

• An IP address “overloads” location and identity– Today… “addressing follows topology”

– Efficient aggregation is only available for Provider Assigned (PA) addresses

– Ingress Traffic Engineering usually requires Provider Independent (PI) addresses and the injection of “more specifics” :: this limits route aggregation compactness

– IPv6 does not fix this

• Route scaling issues drive system costs higher– Forwarding plane (FIB) requires expensive memory

– Route scaling “drivers” are also seen in Data Centres and for Mobility :: not just the Internet DFZ

“… routing scalability is the most important problem facing the Internet today and must be solved … ”

Internet Architecture Board (IAB)

October 2006 Workshop (written as RFC 4984)

Page 6: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

Locator/ID Split and LISP• Routing and Addressing Architecture of the Internet Protocol

Addresses today combine location and identity semantics in a single 32-bit or 128-bit number

Separating Location and Identity changes this…– Provide a clear separation at the Network Layer between

what we are looking for vs. how best to get there

– Translation vs. Tunnelling is a key question

Network Layer Identifier: WHO you are in the network– long-term binding to the thing that they name, does not change often at all

Network Layer Locator: WHERE you are in the network – Think of the source and destination “addresses” used in routing and forwarding

WHERE you are can change! WHO you are should be the same!

6

Page 7: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OverviewLISP: A Routing Architecture – Not a Feature

7

LISP changes the routing architecture to implement a level of indirectionbetween a hosts IDENTITY and its LOCATION in the network

LISP changes the current ROUTING Architecture• Changes lead to DISRUPTION

• Disruption leads to OPPORTUNITIES• LISP allows both SPs and Enterprises to do remarkably different

things than allowed by traditional approaches

• LISP enables NEW services (VPNs, IPv6, Mobility, “cloud”) in one, common, simple architecture

Page 8: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OverviewLISP: A Routing Architecture – Not a Feature

8

An over-the-top technology

‒ Address Family agnostic

‒ Incrementally deployable

‒ End systems can be unaware of LISP

Deployment simplicity

‒ No host changes

‒ Minimal CPE changes

‒ Some new core infrastructure components

Enables IP Number Portability

‒ Never change host IP’s; No renumbering costs

‒ No DNS changes; “name == EID” binding

‒ Session survivability

An Open Standard

‒ Being developed in the IETF

‒ No Cisco Intellectual Property Rights on Protocol

Uses pull vs. push routing

‒ OSPF and BGP are push models; routing stored in the forwarding plane

‒ LISP is a pull model; Analogous to DNS; massively scalable

LISP use-cases are complimentary

‒ Simplified multi-homing with Ingress traffic Engineering; no need for BGP

‒ Address Family agnostic support

‒ Virtualisation support

‒ End-host mobility without renumbering

Page 9: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

LISP Operations

Page 10: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Operations

Main attributes of LISP

10

LISP namespaces

‒ EID (Endpoint Identifier) is the IP address of a host – just as it is today

‒ RLOC (Routing Locator) is the IP address of the LISP router for the host

‒ EID-to-RLOC mapping is the distributed architecture that maps EIDs to RLOCs

Prefix Next-hop

w.x.y.1 e.f.g.hx.y.w.2 e.f.g.hz.q.r.5 e.f.g.hz.q.r.5 e.f.g.h

Non-LISP

RLOC Space

EID-to-RLOC mapping

EID SpacexTR

xTR

MS/MR

PxTR

xTR

EID RLOCa.a.a.0/24 w.x.y.1

b.b.b.0/24 x.y.w.2

c.c.c.0/24 z.q.r.5

d.d.0.0/16 z.q.r.5EID Space

Network-based solution

No host changes

Minimal configuration

No DNS changes

Address Family agnostic

Incrementally deployable (support LISP and non-LISP)

Support for mobility

Page 11: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP: Mapping Resolution “Level of Indirection”

11

LISP “Level of Indirection” is analogous to a DNS lookup

‒ DNS resolves IP addresses for URL Answering the “WHO IS” question

‒ LISP resolves locators for queried identities Answering the “WHERE IS” question

host

DNS

Name-to-IPURL Resolution

[ who is lisp.cisco.com ] ?

DNS

Server

[153.16.5.29, 2610:D0:110C:1::3 ]

LISP

Identity-to-locatorMapping Resolution

LISP

router

LISP

Mapping System

[ where is 2610:D0:110C:1::3 ] ?

[ locator is 128.107.81.169, 128.107.81.170 ]

Page 12: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP IPv4 EID/IPv4 RLOC Data Plane Header Example

12

IPv4 Outer Header:

ITR supplies RLOCs

IPv4 Inner Header:

Host supplies EIDs

LISP Header:

UDP Header:

Page 13: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Encapsulation Combinations – IPv4 and IPv6 Supported

13

Q: Doesn’t encapsulation cause MTU issues?

A: It can… But preparation limits issues… ‒ Encapsulation overhead is 36B IPv4 and 56B IPv6

‒ LISP supports “stateful” (PMTUD) and “stateless”

(fragmentation) options

‒ Tunnel/MTU issues are well known (GRE, IPsec, etc.)

and are usually operationally tractable

IPv6/IPv4

IPv6

Outer

Header

IPv4

Inner

Header

UDP

LISP

IPv4/IPv6

IPv4

Outer

Header

IPv6

Inner

Header

UDP

LISP

IPv4/IPv4

IPv4

Outer

Header

IPv4

Inner

Header

UDP

LISP

IPv6/IPv6

IPv6

Outer

Header

IPv6

Inner

Header

UDP

LISP

Page 14: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Data Plane: Ingress/Egress Tunnel Router (ITR/ETR)(xTR)

14

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

ETR – Egress Tunnel Router

‒ Receives packets from core-facing interfaces

‒ De-cap and deliver packets to local EIDs at site

ITR – Ingress Tunnel Router

‒ Receives packets from site-facing interfaces

‒ Encap to remote LISP sites, or native-fwd to non-LISP sites

Page 15: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Data Plane: Unicast Packet Flow

15

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

DNS entry:D.abc.com AAAA 2001:db8:2::1

12

2001:db8:1::1 -> 2001:db8:2::1

2001:db8:1::1 -> 2001:db8:2::1

11.0.0.2 -> 12.0.0.2

4

5

2001:db8:1::1 -> 2001:db8:2::1

11.0.0.2 -> 12.0.0.2

6

7

2001:db8:1::1 -> 2001:db8:2::1

EID-prefix: 2001:db8:2::/48

Locator-set:

12.0.0.2, priority: 1, weight: 50

13.0.0.2, priority: 1, weight: 50

Map-Cache Entry

3

This policy controlledby the destination site

Page 16: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Data Plane: Ingress/Egress Tunnel Router (ITR/ETR)(xTR)

16

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

!

router lisp

locator-set SITE2

12.0.0.2 priority 1 weight 50

13.0.0.2 priority 1 weight 50

exit

!

eid-table default instance-id 0

database-mapping 2001:db8:2::/48 locator-set SITE2

exit

!

ipv6 itr map-resolver 66.2.2.2

ipv6 itr

ipv6 etr map-server 66.2.2.2 key S3cr3t-2

ipv6 etr

exit

!

ip route 0.0.0.0 0.0.0.0 12.0.0.1 (or 13.0.0.1)

!

Identical configs on both xTRs!

Page 17: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Introduction

17

LISP Control Plane Provides On-Demand Mappings

‒ Control Plane is separate from the Data Plane (UDP 4342 vs UDP 4341)

‒ Map-Resolver and Map-Server (similar to DNS Resolver and DNS Server)

‒ LISP Control Plane Messages for EID-to-RLOC resolution

‒ Distributed databases and map-caches hold mappings

Page 18: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Map-Server/Map-Resolver (MS/MR)

18

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

Mapping System

MR MS

MR – Map-Resolver

‒ Receives Map-Request from ITR

‒ Forwards Map-Request to Mapping System

‒ Sends Negative Map-Replies in response to Map-Requests for non-LISP sites

MS – Map-Server

‒ LISP site ETRs register their EID prefixes here; requires configured “lisp site” policy,

authentication key

‒ Receives Map-Requests via Mapping System,

forwards them to registered ETRs

Page 19: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Map-Server/Map-Resolver (MS/MR)

19

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

Mapping System

MR MS

LISP Map Cache (ITR)

‒ Only stores mappings for sites the ITR is currently sending packets to

‒ Populated by receiving Map-Replies from ETRs

‒ ITRs must respect Map-Reply policy (TTLs, RLOC up/down status, RLOC priorities/weights

LISP Site Mapping-Database (ETR)

‒ EID-to-RLOC mappings in all ETRs for local LISP site

‒ ETR is “authoritative” for its EIDs, sends Map-Replies to ITRs

‒ ETRs can tailor policy based on Map-Request source

Page 20: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Control Plane Messages

20

Control Plane Control Plane EID Registration

‒ Map-Register message

Sent by ETR to Map-Server to register its associated EID prefixes

• Specifies RLOC(s) to be used by the MS when forwarding Map-Requests to the ETR

Control Plane “Data-triggered” mapping services

‒ Map-Request message

Sent by an ITR to Map-Resolver to

• learn an EID/RLOC mapping

• test an RLOC for reachability

• refresh a mapping before TTL expiration

• respond to a Solicit Map-Request (SMR)

Sent by an ETR (with “S” bit set)

• as a Solicit Map-Request (SMR) to signal site change

‒ Map-Reply message

Sent by an ETR to an ITR

• in response to valid map-request to provide

EID/RLOC mapping and site ingress policy

for the requested EID

‒ Map-Notify message

Sent by Map-Server to an ETR to

• acknowledge successful registration of an EDI prefix

Page 21: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Map-Register

21

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

Mapping System

MR MS

66.2.2.2

1LISP Map-Register

(udp 4342)SHA2 HMAC

2001:db8:2::/48

12.0.0.2, 13.0.0.2

12.0.0.2 -> 66.2.2.2

Other sites… 2

1LISP Map-Register

. . .

12.0.0.2 -> 66.2.2.2

Page 22: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Map-Request/Map-Reply

22

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

Mapping System

MR MS

66.2.2.2

DNS entry:D.abc.com AAAA 2001:db8:2::1

12

2001:db8:1::1 -> 2001:db8:2::1

Is 2001:db8:2::1 a

LISP Destination?

3 11.0.0.2 -> 66.2.2.2

LISP ECM(udp 4342)

11.0.0.2 / 2001:db8:2::1

Map-Request(udp 4342)

nonce

EID-prefix: 2001:db8:2::/48

Locator-set:

12.0.0.2, priority: 1, weight: 50

13.0.0.2, priority: 1, weight: 50

Map-Cache Entry6

4 66.2.2.2 -> 12.0.0.2

LISP ECM(udp 4342)

11.0.0.2 / 2001:db8:2::1

Map-Request(udp 4342)

nonce

5

12.0.0.2 ->11.0.0.2

Map-Reply(udp 4342)nonce / TTL

2001:db8:2::/4812.0.0.2 [1, 50]13.0.0.2 [1, 50]

Page 23: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Map-Request/Proxy-Map-Reply

23

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

Mapping System

MR MS

66.2.2.2

EID-prefix: 2001:db8:2::/48

Locator-set:

12.0.0.2, priority: 1, weight: 50

13.0.0.2, priority: 1, weight: 50

Map-Cache Entry4

3

66.2.2.2 ->11.0.0.2

Map-Reply(udp 4342)nonce / TTL

2001:db8:2::/4812.0.0.2 [1, 50]13.0.0.2 [1, 50]

2 11.0.0.2 -> 66.2.2.2

LISP ECM(udp 4342)

11.0.0.2 / 2001:db8:2::1

Map-Request(udp 4342)

nonce

1LISP Map-Register

(udp 4342)SHA2 HMACProxy-Bit Set

2001:db8:2::/4812.0.0.2, 13.0.0.2

12.0.0.2 -> 66.2.2.2

Page 24: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Map-Request/Negative-Map-Reply

24

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

Mapping System

MR MS

66.2.2.2

EID-prefix: 2001:8000::/21

forward-native

Map-Cache Entry4

3

66.2.2.2 -> 11.0.0.2

Negative-Map-Reply(udp 4342)nonce / TTL

2001:8000::/21

2 11.0.0.2 -> 66.2.2.2

LISP ECM(udp 4342)

11.0.0.2 / 2001:db7:1::1

Map-Request(udp 4342)

nonce

1

2001:db8:1::1 -> 2001:db7:1::1

Is 2001:db7:1::1 a

LISP Destination?

NOTE:

The actual “covering prefix” returned in an NMR depends on the number and distribution of EID

prefixes in the Mapping System. The NMR prefix

will cover the shortest prefix that doesn’t cover any LISP Sites in the Mapping System

Notes:

‒ When an ITR queries for a destination that is not in the Mapping System, the Map-Resolver returns an NMR.

‒ A TTL of 1-minute or 15-minutes is set depending on the space covered by

the NMR.

Page 25: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: MS/MR Configuration Example

25

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

packet flowpacket flow

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

Mapping System

MR MS

66.2.2.2

!

router lisp

site Site-1

authentication-key S3cr3t-1

eid-prefix 2001:db8:1::/48

exit

!

site Site-2

authentication-key S3cr3t-2

eid-prefix 2001:db8:2::/48

exit

!

!-:: more LISP site configs

!

ipv6 map-server

ipv6 map-resolver

exit

!

!

router lisp

site ALL

authentication-key S3cr3t

eid-prefix 2001:db8::/32 accept-more-specifics

exit

!

ipv6 map-server

ipv6 map-resolver

exit

!Alternative

Page 26: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Control Plane: Mapping System Scaling

26

MR MSMR MS

xTRs

xTRs

xTRs

PxTRs

PxTRs

xTRs

xTRs

xTRs

PxTRs

xTRs

xTRsxTRs

xTRs

xTRs

xTRs xTRsxTRs

MS/MRs

MS/MRsMS/MRs

MS/MRs

MS/MRs

MS/MRs

MS/MRsMS/MRs

The LISP Beta Network uses DDT today…

DDTDDTDDT

DDT

DDT – Delegated Distributed Tree

‒ Hierarchy for Instance IDs and for EID Prefixes

‒ DDT Map-Resolvers sends (ECM) Map-Requests

‒ DDT Nodes Return Map-Referral messages

‒ DDT Resolvers resolve the Map-Server’s RLOC iteratively

‒ Conceptually, similar to DNS (IN-ADDR hierarchy) but different prefix encoding, messages, etc.

Scaling the LISP Mapping System

‒ Deploy multiple “stand-alone” Map-Servers” and register each LISP Site to all of them (up to eight)

‒ Deploy Map-Resolvers in an “Anycast” manner

‒ Or, deploy a “hierarchical” Mapping System - DDT

LISP Delegated Database Tree

ddt-root

ddt-tld

MR MSMR MS

Page 27: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesPublic and Private LISP Deployment Models

27

• “Private” LISP deployment

support single Enterprises or

Entities

• LISP Enterprise deploys:

- xTRs- Mapping System, if required - Proxy System, if required

Private Model Public Model

Enterprise A

Enterprise B

Enterprise C

Private Enterprise Examples

• “Public” LISP deployment supports the needs of

multiple Enterprises

• LISP Service Provider deploys “shared” Mapping

System and Proxy System

• LISP Enterprises subscribe to LISP SP, and deploy

their own xTRs

Stand-Alone Example

CCC

PCCC CCM BCC

MU Princeton

LISP SP

LISP Ent

NJEdge.Net

Global Examples

LISP Beta

InTouch

ddt-root.org

VXNet

LISP SP

LISP Ent

LISP SP

Page 28: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Interworking: Day-one Incremental Deployment

28

Early Recognition

‒ Up-front recognition of an incremental deployment plan

‒ LISP will not be widely deployed day-one

Interworking for:

‒ LISP-sites to non-LISP sites (e.g. the rest of the Internet)

‒ non-LISP sites to LISP-sites

Proxy-ITR/Proxy-ETR are deployed today

‒ Infrastructure LISP network entity

‒ Creates a monetised service opportunity for infrastructure players

Page 29: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Interworking: Proxy-Ingress/Egress Tunnel Router (PxTR)

29

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

IPv6 InternetPITR PETR

Mapping System

MR MS

66.2.2.2

PETR – Proxy ETR

‒ Allows an EID in one AF [IPv4 or IPv6]

and the opposite RLOC [IPv6 or IPv4] to

reach non-LISP prefix in that same AF

(AF-hop-over)

‒ Allows LISP sites with uRPF restrictions

to reach non-LISP sites

IPv4 InternetPITR – Proxy ITR

‒ Receives traffic from non-LISP sites;

encapsulates traffic to LISP sites

‒ Advertises coarse-aggregate EID prefixes

‒ LISP sites see ingress TE “day-one”

Page 30: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP OperationsLISP Interworking: Proxy-Ingress/Egress Tunnel Router (PxTR)

30

PI EID-prefix 2001:db8:2::/48

xTR-3

ETR

ITR

xTR-4

ETR

ITR

LISP Site 2 DLISP Site 1S

xTR-1

ETR

ITR

xTR-2

ETR

ITR

PI EID-prefix 2001:db8:1::/48

Provider A

10.0.0.0/8

Provider B

11.0.0.0/8

Provider C

12.0.0.0/8

Provider D

13.0.0.0/8

10.0.0.2

11.0.0.2

12.0.0.2

13.0.0.2

IPv6 InternetPITR PETR

Mapping System

MR MS

66.2.2.2

2001:f:f::1 2001:f:e::1

2001:db8::/32

Non-LISP

v6 Site

2001:d:1::1

2001:d:1::1 -> 2001:db8:2::1

1

2001:d:1::1 -> 2001:db8:2::1

10.9.1.1 -> 12.0.0.2

2

3

2001:d:1::1 -> 2001:db8:2::1

4

2001:db8:2::1 -> 2001:d:1::1

6

2001:db8:2::1 -> 2001:d:1::1

IPv4 Internet

2001:db8:2::1 -> 2001:d:1::1

12.0.0.2 -> 12.9.2.1

5 ipv4 use-petr 12.1.1.1

Page 31: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

xTR4

EID – 4.4.4.0/24

EID – 4:4:4::/48

xTR6

EID – 6.6.6.0/24

EID – 6:6:6::/48

xTR5

EID – 5.5.5.0/24

EID – 5:5:5::/48

xTR7

EID – 7.7.7.0/24

EID – 7:7:7::/48

MSMR RTR

IPv4

10.1.0.0/16(scope 1)

IPv4

10.2.0.0/16(scope 2)

IPv6

10:A::/32(scope 3)

Disjoined Locator Space

IPv4 SP

IPv4 SP

IPv4 SP

IPv4 SP

IPv6 SP

IPv6 SP

How can an IPv4 RLOC talk to an IPv6 RLOC

Only MS/MR needs to be upgraded and configured

Page 32: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

Instance ID, VRF and LISPEfficient Virtualisation and High-Scale VPNs

32

xTR (Single Tenant)• Accommodates single customer

• Deployed for CPE Overlay model

• Located at customer site

Generalised LISP Shared Model deployment

LISP router

Non LISP router

EID

RLOC

RLOC Name Space

(IPv4/IPv6)

xTR1

xTR3

EID Name Space

(IPv4/IPv6)

xTR2

User Blue•EID 192.168.1.0/24•IID 1•VRF Blue

User Red•EID 192.168.1.0/24•IID 2•VRF Red

MS/MREID Name Space

(IPv4/IPv6)

xTR (Multi-Tenant)• Accommodates multiple customers

• Deployed for PE model

• Located at Edge layer, DC or customer site

MS/MR• Shared by multiple customers

• Located in RLOC name space

RLOCEIDDataLISPHdr

IID1

RLOCEIDDataLISPHdr

I ID2

User Blue•EID 192.168.2/24•IID 1•VRF Blue

User Red•EID 192.168.2.0/24•IID 2•VRF Red

IID EID RLOC

1 192.168.1.0/24 xTR1

1 192.168.2.0/24 xTR3

2 192.168.1.0/24 xTR2

2 192.168.2.0/24 xTR3

Page 33: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

Interface LISP0

33 33

xTR

GM

xTR

GM

IPv4 Core

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

VRF A, IID 1

HQ

Site 1 Site 2

Site 3

VRF B, IID 2

VRF C, IID 3

Segmentation by

physical, Layer 2, or

Layer 3 means

(e.g. 802.1Q, EVN,

physically separate

networks)Default

• Single RLOC namespace

• Default table (or RLOC VRF)

To IPv4 or IPv6 Core

RLOC namespace

VRF B, IID 2

To Enterprise

Internal Networks

LISP0.1

LISP0.2

LISP0.3

Interface LISP0.x X= IID

Attach config for:

crypto-map

Assign QoS Policy

Netflow

ACL’s

Page 34: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

How to Setup LISP

Page 35: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Example Topology• Build the network configuration

Say we want to build this…- Three VRFs, IPv4 and IPv6

- HQ multihomed, two CPE

- Remote multihomed, one CPE

- Remote single-homed, DHCP- Add encryption

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

35

Page 36: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

Three Steps To Go

How do we build this? Three common steps:1. Build the underlay (RLOCs)

2. Add the LISP overlay (EIDs)

3. Add encryption

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

36

Page 37: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP “Underlay”

1. Build the underlay (RLOCs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

HQ1 xTR/MSMR/GM

!

hostname HQ1

!

interface Ethernet0/0

ip address 10.0.14.2 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 10.0.14.1

!

Remote2 xTR/GM

!

hostname Remote2

!

interface Ethernet0/0

ip address 10.2.1.2 255.255.255.252

!

interface Ethernet1/0

ip address 10.2.2.2 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 10.2.1.1

ip route 0.0.0.0 0.0.0.0 10.2.2.1

!

Examples:• Normal IP routing…

• Nothing to do with LISP!

All other sites are similar!

37

Page 38: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP “Underlay”

1. Build the underlay (RLOCs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• Normal IP routing…

• Nothing to do with LISP!

Verification…

Site2#ping 10.0.14.2 source 10.2.2.2 rep 10

Type escape sequence to abort.

Sending 100, 100-byte ICMP Echos to 10.0.14.2, timeout is 2 seconds:

Packet sent with a source address of 10.2.2.2

!!!!!!!!!!

Success rate is 100 percent (10/10), round-trip min/avg/max = 8/7/8 ms

Site2#

Example:

RLOC to RLOC

38

Page 39: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation

2. Add the LISP overlay (EIDs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Remote2 xTR/GM

!

router lisp

locator-set Site2

10.2.1.2 priority 1 weight 50

10.2.2.2 priority 1 weight 50

exit

!

eid-table default instance-id 0

database-mapping 192.168.255.16/32 locator-set Site2

exit

!

eid-table vrf DeptA instance-id 1

database-mapping 192.168.16.0/24 locator-set Site2

database-mapping 1:1:16::/64 locator-set Site2

exit

!

eid-table vrf DeptB instance-id 2

database-mapping 192.168.16.0/24 locator-set Site2

database-mapping 2:2:16::/64 locator-set Site2

exit

!

eid-table vrf DeptC instance-id 3

database-mapping 192.168.16.0/24 locator-set Site2

database-mapping 3:3:16::/64 locator-set Site2

exit

!

Examples:• Bind VRFs to IIDs

• Bind EIDs to RLOCs

39

Page 40: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation

2. Add the LISP overlay (EIDs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• Bind VRFs to IIDs

• Bind EIDs to RLOCs

Remote2 xTR/GM

! – continued – LISP control plane

!

ipv4 itr map-resolver 10.0.14.2

ipv4 itr map-resolver 10.0.15.2

ipv4 itr

ipv4 etr map-server 10.0.14.2 key site2-pswd

ipv4 etr map-server 10.0.15.2 key site2-pswd

ipv4 etr

ipv6 map-server

ipv6 map-resolver

ipv6 itr map-resolver 10.0.14.2

ipv6 itr map-resolver 10.0.15.2

ipv6 itr

ipv6 etr map-server 10.0.14.2 key site2-pswd

ipv6 etr map-server 10.0.15.2 key site2-pswd

ipv6 etr

exit

!

All other sites are similar!

40

Page 41: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation

2. Add the LISP overlay (EIDs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• Bind VRFs to IIDs

• Bind EIDs to RLOCs

HQ2 xTR/MSMR/GM

router lisp

!

site HQ

authentication-key hq-pswd

eid-prefix 192.168.18.0/24

eid-prefix 192.168.19.0/24

eid-prefix 192.168.255.14/32

eid-prefix 192.168.255.15/32

eid-prefix instance-id 1 192.168.14.0/24

eid-prefix instance-id 1 1:1:14::/64

eid-prefix instance-id 2 192.168.14.0/24

eid-prefix instance-id 2 2:2:14::/64

eid-prefix instance-id 3 192.168.14.0/24

eid-prefix instance-id 3 3:3:14::/64

exit

!

site Site1

authentication-key site1-pswd

eid-prefix 192.168.255.11/32

eid-prefix instance-id 1 192.168.11.0/24

eid-prefix instance-id 1 1:1:11::/64

eid-prefix instance-id 2 192.168.11.0/24

eid-prefix instance-id 2 2:2:11::/64

eid-prefix instance-id 3 192.168.11.0/24

eid-prefix instance-id 3 3:3:11::/64

exit

!

---<etc.>---

Map-Server Config…

41

Page 42: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation

2. Add the LISP overlay (EIDs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• Bind VRFs to IIDs

• Bind EIDs to RLOCs

HQ2 xTR/MSMR/GMHQ2#show lisp site

LISP Site Registration Information

Site Name Last Up Who Last Inst EID Prefix

Register Registered ID

HQ 00:00:46 yes 10.0.14.2 0 192.168.18.0/24

00:00:05 yes 10.0.15.2 0 192.168.19.0/24

00:00:46 yes 10.0.14.2 0 192.168.255.14/32

00:00:05 yes 10.0.15.2 0 192.168.255.15/32

00:00:09 yes 10.0.14.2 1 192.168.14.0/24

00:00:56 yes 10.0.14.2 1 1:1:14::/64

00:00:32 yes 10.0.15.2 2 192.168.14.0/24

00:00:23 yes 10.0.15.2 2 2:2:14::/64

00:00:54 yes 10.0.15.2 3 192.168.14.0/24

00:00:43 yes 10.0.14.2 3 3:3:14::/64

Site1 00:00:07 yes 10.0.11.2 0 192.168.255.11/32

00:00:16 yes 10.0.11.2 1 192.168.11.0/24

00:00:42 yes 10.0.11.2 1 1:1:11::/64

00:00:32 yes 10.0.11.2 2 192.168.11.0/24

00:00:41 yes 10.0.11.2 2 2:2:11::/64

---<etc.>---

Verification…

42

Page 43: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation

2. Add the LISP overlay (EIDs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• Bind VRFs to IIDs

• Bind EIDs to RLOCs

Verification…

Site3#ping vrf DeptC 192.168.14.1 source 192.168.13.1 rep 10

Type escape sequence to abort.

Sending 100, 100-byte ICMP Echos to 192.168.14.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.13.1%DeptC

..!!!!!!!!

Success rate is 80 percent (8/10), round-trip min/avg/max = 1/1/1 ms

Site3

Example:

EID to EID

43

Page 44: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation

2. Add the LISP overlay (EIDs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• Bind VRFs to IIDs

• Bind EIDs to RLOCs

Verification…

Site3#show ip lisp map-cache instance-id 3

LISP IPv4 Mapping Cache for EID-table vrf DeptC (IID 3), 4 entries

---<skip>---

192.168.14.0/24, uptime: 00:01:38, expires: 23:58:25, via map-reply, complete

Locator Uptime State Pri/Wgt

10.0.14.2 00:01:38 up 1/50

10.0.15.2 00:01:38 up 1/50

---<skip>---

Site3#

Example:

EID to EID

44

Page 45: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation

2. Add the LISP overlay (EIDs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• Bind VRFs to IIDs

• Bind EIDs to RLOCs

Verification…

Site3#ping vrf DeptA 1:1:14::1 source 1:1:13::1 rep 10

Type escape sequence to abort.

Sending 10, 100-byte ICMP Echos to 1:1:14::1, timeout is 2 seconds:

Packet sent with a source address of 1:1:13::1%DeptA

..!!!!!!!!

Success rate is 80 percent (8/10), round-trip min/avg/max = 1/1/1 ms

Site3

Example:

EID to EID

45

Page 46: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation

2. Add the LISP overlay (EIDs)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• Bind VRFs to IIDs

• Bind EIDs to RLOCs

Verification…

Site3#show ipv6 lisp map-cache instance-id 1

LISP IPv6 Mapping Cache for EID-table vrf DeptA (IID 1), 4 entries

---<skip>---

1:1:14::/64, uptime: 00:00:33, expires: 23:59:28, via map-reply, complete

Locator Uptime State Pri/Wgt

10.0.14.2 00:00:33 up 1/50

10.0.15.2 00:00:33 up 1/50

---<skip>---

Site3#

Example:

EID to EID

46

Page 47: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

Adding Encryption to LISP Using GETVPN

Page 48: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Encryption

Use-Case VanillaIPsec

GETVPN Comments

LISP Default Model

crypto-map on

RLOC✔ ✔ LISP encap first, then encryption based on RLOC

crypto-map on

LISP0✔ ✔ Encryption first based on EID, then LISP encap

LISP Virtualization

crypto-map on

RLOC✔ ✔ LISP encap first, then encryption based on RLOC

CSCuc63717

crypto-map on

LISP0.x✔ ✔ Encryption first based on EID, then LISP encap

See: lisp.cisco.com for the GETVPN+LISP Configuration Guide!

LISP and encryption (IOS)– Recalling that… LISP is “Locator/ID” separation… and creates two

namespaces: EIDs and RLOCs

– LISP provides two ways to apply a crypto map

48

Page 49: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Header with IPSec

LISP provides two ways to apply a crypto map, resulting in different packet outcomes– RLOC :: LISP processing, and then encryption

– LISP0 :: Encryption, and then LISP processing

ESP

trailer

xx

Host

IP Hdr

ICMP

Hdr

Payload

8xxxx

da

dd

r

20

1

UDP

Hdr(LISP)

LISP

Hdr

8

sa

dd

r

8

S:x

x

D:4

34

1

8 0

ITR

IP Hdr

20

da

dd

r

17

ESP

SPI

xx

ITR

IP Hdr

20

17

sa

dd

r

da

dd

r

50

sa

dd

r

ESP

trailer

xx

Host

IP Hdr

ICMP

Hdr

Payload

8xxxx

da

dd

r

20

1

sa

dd

r

8 0

ESP

SPI

xx

1

Host

IP Hdr

da

dd

r

20

50

sa

dd

r

UDP

Hdr(LISP)

LISP

Hdr

8 8

S:x

x

D:4

34

1

ITR

IP Hdr

20

da

dd

r

17

sa

dd

r

49

LISP + IPsecOn RLOC

IPsec + LISPOn LISP0

Page 50: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Header with GETVPN

LISP provides two ways to apply a crypto map, resulting in different packet outcomes– RLOC :: LISP processing, and then encryption

– LISP0 :: Encryption, and then LISP processing

LISP + GETVPNOn RLOC

GETVPN + LISPOn LISP0

da

dd

r

1

sa

dd

r

8 0

1

da

dd

r

50

sa

dd

r

S:x

x

D:4

34

1

da

dd

r

17

sa

dd

r

Original IPv4 Header

ESP

trailer

xx

Host

IP Hdr

ICMP

Hdr

Payload

8xxxx 20

ESP

SPI

xx

Host

IP Hdr

20

UDP

Hdr(LISP)

LISP

Hdr

8 8

ITR

IP Hdr

20

da

dd

r

1

sa

dd

r

S:x

x

D:4

34

1

8 0

da

dd

r

17

17

sa

dd

r

da

dd

r

50

sa

dd

r

ESP

trailer

xx

Host

IP Hdr

ICMP

Hdr

Payload

8xxxx 20

LISP

Hdr

8 8

ITR

IP Hdr

20

ESP

SPI

xx

ITR

IP Hdr

20

Original IPv4 Header

UDP

Hdr(LISP)

50

Page 51: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Encryption (1)

3. Add encryption

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• GETVPN Key Servers

• Nothing to do with LISP!

Redundant Key Server identical!

KS1

!

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 16

crypto isakmp key FOO address 0.0.0.0

crypto isakmp keepalive 15 periodic

!

crypto ipsec transform-set GDOI-TRANS esp-aes

256 esp-sha512-hmac

!

crypto ipsec profile GDOI-PROFILE

set transform-set GDOI-TRANS

!

crypto gdoi group V4GROUP-0001

identity number 10001

server local

rekey retransmit 60 number 2

rekey authentication mypubkey rsa GET-KEYS1

rekey transport unicast

sa ipsec 1

profile GDOI-PROFILE

match address ipv4 GETVPN-0001

replay time window-size 5

address ipv4 192.168.18.2

redundancy

local priority 100

peer address ipv4 192.168.19.2

!

---<cont.>---

51

Page 52: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Encryption (2)

3. Add encryption

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Examples:• GETVPN Key Servers

• Nothing to do with LISP!

Redundant Key Server identical!

KS1

! ---<cont.>---

!

crypto gdoi group ipv6 V6GROUP-0003

identity number 20003

server local

rekey retransmit 60 number 2

rekey authentication mypubkey rsa GET-KEYS3

rekey transport unicast

sa ipsec 1

profile GDOI-PROFILE

match address ipv6 GETVPN6-0003

replay time window-size 5

address ipv4 192.168.18.2

redundancy

local priority 100

peer address ipv4 192.168.19.2

!

ip access-list extended GETVPN-0001

permit ip any any

ip access-list extended GETVPN-0002

permit ip any any

ip access-list extended GETVPN-0003

permit ip any any

!

ipv6 access-list GETVPN6-0001

permit ipv6 any any

!

ipv6 access-list GETVPN6-0002

permit ipv6 any any

!

ipv6 access-list GETVPN6-0003

permit ipv6 any any

!

52

Page 53: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Encryption (3)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

Remote2 xTR/GM!

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 16

crypto isakmp key FOO address 192.168.18.2

crypto isakmp key FOO address 192.168.19.2

!

crypto gdoi group V4GROUP-0001

identity number 10001

server address ipv4 192.168.18.2

server address ipv4 192.168.19.2

client registration interface Loopback0

!

---<skip>---

crypto gdoi group ipv6 V6GROUP-0003

identity number 20003

server address ipv4 192.168.18.2

server address ipv4 192.168.19.2

client registration interface Loopback0

!

crypto map MAP-V4-0001 10 gdoi

set group V4GROUP-0001

!

---<skip>---

crypto map ipv6 MAP-V6-0003 10 gdoi

set group V6GROUP-0003

!

3. Add encryption

Examples:• GETVPN Group Members

• Add crypto map to LISP0.x

ALL LISP SITES identical! Cut/Paste!

53

Page 54: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Encryption (4)

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

3. Add encryption

Examples:• GETVPN Group Members

• Add crypto map to LISP0.x

ALL LISP SITES identical! Cut/Paste!

Remote2 xTR/GM!

interface LISP0

!

interface LISP0.1

ip mtu 1456

ipv6 mtu 1436

ipv6 crypto map MAP-V6-0001

crypto map MAP-V4-0001

!

interface LISP0.2

ip mtu 1456

ipv6 mtu 1436

ipv6 crypto map MAP-V6-0002

crypto map MAP-V4-0002

!

interface LISP0.3

ip mtu 1456

ipv6 mtu 1436

ipv6 crypto map MAP-V6-0003

crypto map MAP-V4-0003

!

54

Page 55: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Encryption Verification (1)• Efficient Virtualisation and High-Scale VPNs – Overview

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

3. Add encryption

Examples:• GETVPN Group Members

• Add crypto map to LISP0.x

Verification…

Site3#ping vrf DeptA 192.168.14.1 source 192.168.13.1 rep 100

Type escape sequence to abort.

Sending 10, 100-byte ICMP Echos to 192.168.14.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.13.1%DeptA

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (100/100), round-trip min/avg/max = 5/6/12 ms

Site3#

Example:

EID to EID

55

Page 56: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Encryption Verification (2)• Efficient Virtualisation and High-Scale VPNs – Overview

IPv4 Core

xTR

GMxTR

GM

xTR

GM

xTR

GMMSMRMSMR

xTR

GM

KSKS

HQ VRF DeptC, IID 3

VRF DeptB, IID 2

VRF DeptA, IID 1

Site 1 Site 2

Site 3

3. Add encryption

Examples:• GETVPN Group Members

• Add crypto map to LISP0.x

Verification…

Site3#show crypto engine connection active

Crypto Engine Connections

ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address

---<skip>---

143 IPsec AES256+SHA512 0 100 0 192.168.11.1

144 IPsec AES256+SHA512 100 0 0 192.168.11.1

---<skip>---

Site3#

Example:

EID to EID

56

Page 57: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

LISP Deployment Examples

Page 58: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesLISP Deployment Examples

58

1. Efficient Multihoming and Multi-AF (IPv4 and IPv6)

2. Efficient Virtualisation and High-Scale VPNs

3. Data Centre/Host Mobility

4. LISP-Mobile Node

These examples highlight functionality integrated in LISP.

All use-case – multi-homing, v6 transition, virtualisation, and mobility

work together!

Page 59: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesLISP Deployment Examples

59

1. Efficient Multihoming and Multi-AF (IPv4 and IPv6)

2. Efficient Virtualisation and High-Scale VPNs

3. Data Centre/Host Mobility

4. LISP-Mobile Node

Page 60: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support

60

IPv4 Internet

IPv6

IPv6LISP Site

GE0/0/0

10.1.1.2/30

GE0/0/0

10.2.1.2/30

EIDs

172.16.1.2/24

2001:db8:a:1::2/64

xTR-1

xTR-2

RLOC

RLOC

SP1

IPv4

SP2

IPv4

MR/M

S

10.10.30.10

2001:db8:f000:2::1

PxTR

10.10.30.11

2001:db8:f000:2::2

MR/M

S

2001:db8:e000:2::1

10.10.10.10

PxTR

2001:db8:e000:2::2

10.10.10.11

Default

To IPv4 or IPv6 Core

RLOC namespace

To Enterprise

Internal IPv4 or IPv6 Networks

LISP0

LISP

tx encap

LISP

rcv decapingress

features

egress

features

IPv4 or IPv6IPv4 or IPv6

Page 61: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support

61

IPv4 Internet

IPv6

IPv6LISP Site

GE0/0/0

10.1.1.2/30

GE0/0/0

10.2.1.2/30

EIDs

172.16.1.2/24

2001:db8:a:1::2/64

xTR-1

xTR-2

RLOC

RLOC

SP1

IPv4

SP2

IPv4

MR/M

S

10.10.30.10

2001:db8:f000:2::1

PxTR

10.10.30.11

2001:db8:f000:2::2

MR/M

S

2001:db8:e000:2::1

10.10.10.10

PxTR

2001:db8:e000:2::2

10.10.10.11

PxTR1#show ip lisp map-cacheLISP IPv4 Mapping Cache for EID-table default (IID 0), 196 entries---<skip>---172.16.1.0/24, uptime: 00:01:38, expires: 23:58:25, via map-reply, complete

Locator Uptime State Pri/Wgt10.1.1.2 00:01:38 up 1/50 10.2.1.2 00:01:38 up 1/50

---<skip>---

Page 62: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support

62

IPv4 Internet

IPv6

IPv6LISP Site

GE0/0/0

10.1.1.2/30

GE0/0/0

10.2.1.2/30

EIDs

172.16.1.2/24

2001:db8:a:1::2/64

xTR-1

xTR-2

RLOC

RLOC

SP1

IPv4

SP2

IPv4

MR/M

S

10.10.30.10

2001:db8:f000:2::1

PxTR

10.10.30.11

2001:db8:f000:2::2

MR/M

S

2001:db8:e000:2::1

10.10.10.10

PxTR

2001:db8:e000:2::2

10.10.10.11

PxTR1#show ipv6 lisp map-cacheLISP IPv6 Mapping Cache for EID-table default (IID 0), 13 entries---<skip>---2001:DB8:A:1::/64, uptime: 00:01:38, expires: 23:58:25, via map-reply, complete

Locator Uptime State Pri/Wgt10.1.1.2 00:01:38 up 1/50 10.2.1.2 00:01:38 up 1/50

---<skip>---

Page 63: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support

63

Needs:‒ Site connectivity to multiple providers for resiliency

‒ Low OpEx/CapEx solution for Ingress TE

‒ Rapid IPv6 deployment, minimal disruption

LISP Solution:‒ LISP provides a streamlined solution for handling multi-

provider connectivity and policy without BGP complexities

‒ LISP encapsulation is Address Family agnostic, allowing for IPv6 over an IPv4 core, or IPv4 over an IPv6 core

Benefits:‒ OpEx-friendly multi-homing across different providers

‒ Simple policy management

‒ Ingress Traffic Engineering that actually “works”

‒ Minimal configuration

‒ No core network changes

LISP

routersLISP

Site

Internet

Efficient Multihoming

IPv6 Transition Support

IPv4

Internet

IPv6

Internet

PxTR

IPv4 Core

xTRv6 service

v6

v6

v6v4

Connecting IPv4 or IPv6

Islands over IPv6 or IPv4

Cores

Page 64: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support – Customer Example

64

LISP Services:• BGP-free Multihoming

• IPv6 Internet Access

• Host Mobility Disaster-Recovery (adding now…)

• Inter-Departmental VPNs (adding next…)

PRODUCTION

Target Market:• State of New Jersey Educational Entities

(k-12, universities, colleges) Customer Case Study: http://lisp.cisco.com

Customer Site: http://njedge.net

NJEDge.Net

Page 65: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support – Customer Example

65

IPv4 Internet

Tier 1 SP2 Commodity

SP

...

Transit

SP

Member N

CPE

Tier 1 SP1

Member 2

CPE

IPv6 Internet

Some..

v6

More…

v6

Google

Facebook

Member 1

CPE

More…

v4

Some..

v4

Default

Route

Default

Route

Or BGP

Member 3

CPE CPE

BGPBGP

Constituent Member Topologies…

Page 66: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support – Customer Example

66

IPv4 Internet

Tier 1 SP2 Commodity

SP

...

Transit

SP

Member N

CPE

Tier 1 SP1

Member 2

CPE

IPv6 Internet

Some..

v6

More…

v6

Google

Facebook

Member 1

CPE

More…

v4

Some..

v4

Default

Route

Default

Route

Or BGP

Member 3

CPE CPE

BGPBGP

Constituent Member Topologies…

They wanted:

50%/50%They got:

90%/10% ?

80%/20% ?

Never 50%/50%

router bgp 100bgp router-id 172.16.2.1bgp asnotation dotno bgp default ipv4-unicastbgp log-neighbor-changesneighbor 172.16.2.1 remote-as 300 <== eBGP to SP1 neighbor 172.16.1.2 remote-as 400 <== eBGP to SP2 !address-family ipv4no synchronizationredistribute ospf route-map populate-defaultneighbor 172.16.1.2 activateneighbor 172.16.1.2 route-map filter-out outneighbor 172.16.1.2 route-map filter-in inneighbor 172.16.1.2 maximum-prefix 450000 90neighbor 172.16.2.1 activateneighbor 172.16.2.1 route-map filter-out outneighbor 172.16.2.1 route-map filter-in inneighbor 172.16.2.1 maximum-prefix 450000 90no auto-summaryexit-address-family!ip bgp-community new-formatip community-list standard outlist permit 100:123!route-map populate-default permit 10set origin igpset community 100:123!route-map filter-out permit 10match community outlist!route-map filter-in permit 10match community inlist!

Many more features

can be added here...Before LISP…• Configuration

complexity…

• Uneven multihoming

load shares…

Page 67: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support – Customer Example

67

IPv4 Internet

Tier 1 SP2 Commodity

SP

...

Transit

SP

Member N

CPE

Tier 1 SP1

Member 2

CPE

IPv6 Internet

Some..

v6

More…

v6

Google

Facebook

Member 1

CPE

More…

v4

Some..

v4

Default

Route

Default

Route

Or BGP

Member 3

CPE CPE

BGPBGP

Constituent Member Topologies…

Deploy LISP…

NJEDge.Net

LISP Network

MS/MR

PxTR

NJEDge.Net

LISP Network

MS/MR

PxTR

Member 1

xTR

Default

Route

Default

Route

Member 2

xTR

Member N

xTR

Default

Route

Member 3

xTR xTR

Default

Route

router lisplocator-set Site3

172.16.1.2 priority 1 weight 50172.16.2.2 priority 1 weight 50exit

!eid-table default instance-id 0

database-mapping 10.1.1.0/24 locator-set Site3exit!ipv4 itripv4 etripv4 itr map-resolver 172.17.1.1ipv4 etr map-server 172.17.1.1 key s3cr3tipv4 use-petr 10.5.5.5

!

• Configuration

simplicity…

Page 68: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support – Customer Example

68

IPv4 Internet

Tier 1 SP2 Commodity

SP

...

Transit

SP

Member N

CPE

Tier 1 SP1

Member 2

CPE

IPv6 Internet

Some..

v6

More…

v6

Google

Facebook

Member 1

CPE

More…

v4

Some..

v4

Default

Route

Default

Route

Or BGP

Member 3

CPE CPE

BGPBGP

Deploy LISP…

NJEDge.Net

LISP Network

MS/MR

PxTR

NJEDge.Net

LISP Network

MS/MR

PxTR

Member 1

xTR

Default

Route

Default

Route

Member 2

xTR

Member N

xTR

Default

Route

Member 3

xTR xTR

Default

Route

• Configuration

simplicity…

LISP-to-LISP

Non-LISP-to-LISP

IPv4 EID Aggregate

Advertisement

Page 69: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Multihoming and Multi-AF (IPv4/IPv6) Support – Customer Example

69

IPv4 Internet

Tier 1 SP2 Commodity

SP

...

Transit

SP

Member N

CPE

Tier 1 SP1

Member 2

CPE

IPv6 Internet

Some..

v6

More…

v6

Google

Facebook

Member 1

CPE

More…

v4

Some..

v4

Default

Route

Default

Route

Or BGP

Member 3

CPE CPE

BGPBGP

NJEDge.Net

LISP Network

MS/MR

PxTR

NJEDge.Net

LISP Network

MS/MR

PxTR

Member 1

xTR

Default

Route

Default

Route

Member 2

xTR

Member N

xTR

Default

Route

Member 3

xTR xTR

Default

Route

Non-LISP-to-LISP

IPv6 EID Aggregate

Advertisement

NJEDge.Net is now

adding IPv6 for its

members!

IPv6

EIDsIPv6

EIDsIPv6

EIDs

IPv6

EIDsLISP-to-LISP

Page 70: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP and MPLS InteractionHow it works together

70

MPLS Core

Network

MPLS VPN

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location X

Group A

Network

Group B

Network

Group C

Network

Group N

Network

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location Y

Group A

Network

Group B

Network

Group C

Network

Group N

Network

CE to CE Customer routes= LISP

PE-CE = BGP PE-CE = BGP

PE PE

Page 71: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesLISP Deployment Examples

71

1. Efficient Multihoming and Multi-AF (IPv4 and IPv6)

2. Efficient Virtualisation and High-Scale VPNs

3. Data Centre/Host Mobility

4. LISP-Mobile Node

Page 72: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Virtualisation and High-Scale VPNs

72

Needs:‒ Integrated Segmentation

‒ Global scale and interoperability

‒ Minimal Infrastructure disruption

LISP Solution:‒ 24-bit LISP Instance-ID segments control plane and data

plane, with VRF binding to the Instance-ID

Benefits:‒ Very high scale tenant segmentation

‒ Global mobility + high scale segmentation integrated in single IP solution

‒ IP-based “overlay” solution, transport independent

‒ No Inter-AS complexity

LISP Site

IP Network

West

DC

Legacy Site Legacy Site Legacy Site

East

DC

PxTR

Mapping

DB

LISP+GETVPN Config Guide:http://lisp.cisco.com

Page 73: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Virtualisation/VPNs• LISP Virtualisation/Multi-Tenancy Support – Concepts

Default (non-Virtualised) Model – at the device level– Conceptually, the Default Model is just a single Parallel Model instance

– All EID lookups are also in the same single table – default

– Thus, EIDs are associated with Instance-ID 0

– All RLOC lookups are in a single table – default

– The Mapping System is part of the locator address space

• Single RLOC namespace

• Default table or RLOC VRF

Shared RLOC

namespaceTo EID namespace

(direct connect, IGP, etc.)

• Single EID namespace

• Default table

Default

To VPNs (MPLS,

802.1Q, VRF-Lite, or separate networks)

73

Page 74: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Virtualisation/VPNs• LISP Virtualisation/Multi-Tenancy Support – Concepts

Shared Model – at the device level– Multiple EID-prefixes are allocated privately using VRFs

– EID lookups are in the VRF associated with an Instance-ID

– All RLOC lookups are in a single table – (default/global or RLOC VRF)

– The Mapping System is part of the locator address space and is shared

To VPNs (MPLS, 802.1Q,

VRF-Lite, or separate networks)

• EID namespace,

VRF Pink, IID 1

• EID namespace,

VRF Blue, IID 2

Default

Pink

Blue • Single RLOC namespace

• Default table or RLOC VRF

Shared RLOC

namespace To VPNs (MPLS,

802.1Q, VRF-Lite, or separate networks)

74

Page 75: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Virtualisation/VPNs• LISP Virtualisation/Multi-Tenancy Support – Concepts

Parallel Model – at the device level– Multiple EID-prefixes are allocated privately using VRFs

– EID lookups are in the VRF associated with an Instance-ID

– RLOC lookups are in the VRF associated with the locator table

– A Mapping System must be part of each locator address space

To VPNs (MPLS, 802.1Q,

VRF-Lite, or separate networks)

• EID namespace,

VRF Pink, IID 1

• EID namespace,

VRF Blue, IID 2

Default

Pink

Blue

To VPNs (MPLS,

802.1Q, VRF-Lite, or separate networks)

• RLOC uses Blue

namespace

• RLOC uses Pink

namespace

75

Page 76: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Virtualisation/VPNs• LISP Virtualisation/Multi-Tenancy Support – Concepts

Shared and Parallel Models Combined – at the device level– Multiple “Shared Model” instantiations combined with Multiple “Parallel Model” instantiations

– Multiple EID VRFs bound to a single RLOC VRF

– Multiple RLOC VRFs on the same device

To VPNs (MPLS, 802.1Q,

VRF-Lite, or separate networks)

Default

Pink

Blue

To VPNs (MPLS,

802.1Q, VRF-Lite, or separate networks)

• RLOC uses Blue

namespace

• RLOC uses Pink

namespace

VRF Cust1, IID 101

VRF Cust2, IID 102

VRF Cust3, IID 103

Cust1

Cust2

Cust3

VRF CustA, IID 901

VRF CustB, IID 902

VRF CustC, IID 903

CustA

CustB

CustC

76

Page 77: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Virtualisation and High-Scale VPNs

77

Encapsulation

• EID prefix virtualisation

• Tied to VRFs

• Locators can be virtualised too

Site to Site Routing

• Spoke to spoke connectivity

• Optional local Internet offload (split-tunnel)

• No IGP required to branch sites!

LISP VPNs

Routing and Tunnelling! -- all in one!

Security

• LISP Works with any crypto scheme

• Locators or EIDs can be encrypted

• LISP-SEC for control plane security

Cryptography

Page 78: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesEfficient Virtualisation and High-Scale VPNs

78

LISP – Inherently scalability and virtualisation, rapidly deployable

Scalability(# of VPN site)

Unconstrained

VPN site-to-site routing

Unnecessary

Secure Segmentation

24-bit Instance

ID with VRF

PerformanceOptimal

Path(P2P),Loadbalancing

• No protocol constraint• 100K concurrent site connections

?

?

?

?

• No site-to-site routing required• No VPN route injection into core• LISP / Non-LISP site interworking through PxTR

• 16M unique VPN classifiers• Used by LISP control plane and data plane• Optional data plane encryption with GETVPN

• Shortest path between LISP sites• Equal cost/unequal cost loadbalancing

Page 79: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP VPN/Virtualisation• Efficient Virtualisation and High-Scale VPNs – Overview

Generalised LISP Shared Model deployment

LISP router

Non LISP router

EID

RLOC

RLOC Name Space

(IPv4/IPv6)

xTR1

xTR3

EID Name Space

(IPv4/IPv6)

xTR2

User Blue•EID 192.168.1.0/24•IID 1•VRF Blue

User Red•EID 192.168.1.0/24•IID 2•VRF Red

MS/MREID Name Space

(IPv4/IPv6)

xTR (Single Tenant)• Accommodates single customer

• Deployed for CPE Overlay model

• Located at customer site

xTR (Multi-Tenant)• Accommodates multiple customers

• Deployed for PE model

• Located at Edge layer, DC or customer site

MS/MR• Shared by multiple customers

• Located in RLOC name space

RLOCEIDDataLISPHdr

IID1

RLOCEIDDataLISPHdr

I ID2

User Blue•EID 192.168.120/24•IID 1•VRF Blue

User Red•EID 192.168.2.0/24•IID 2•VRF Red

IID EID RLOC

1 192.168.1.0/24 xTR1

1 192.168.2.0/24 xTR3

2 192.168.1.0/24 xTR2

2 192.168.2.0/24 xTR3

79

Page 80: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Use Cases: Virtualisation/VPNs• Customer Example: US State Government (Multi-tenancy)

MPLS Core

Network

MPLS VPN

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location X

Group A

Network

Group B

Network

Group C

Network

Group N

Network

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location Y

Group A

Network

Group B

Network

Group C

Network

Group N

Network

80

Page 81: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Use Cases: Virtualisation/VPNs• Customer Example: US State Government (Multi-tenancy)

MPLS Core

Network

MPLS VPN

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location X

Group A

Network

Group B

Network

Group C

Network

Group N

Network

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location Y

Group A

Network

Group B

Network

Group C

Network

Group N

Network

No need for multiple MPLS VRFs

for traffic segmentation. • LISP encapsulates all traff ic into

the “RLOC namespace”

• LISP Instance-IDs (IIDs) provide

segmentation

Customer Networks:• IPv4, IPv6..

• LISP Instance-IDs (IIDs)

provide segmentation

• Add GETVPN for encryption,

per-customer (simple!)

Core Network Access Flexibility:• One or multiple WAN connections

• One or multiple CE devices…

• IPv4 and/or IPv6…

• Multiple SP Cores…

Everything “just w orks” with LISP…

SP1 SP1 SP1 SP2

81

Page 82: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

MPLS Core

Network

MPLS VPN

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location X

Group A

Network

Group B

Network

Group C

Network

Group N

Network

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location Y

Group A

Network

Group B

Network

Group C

Network

Group N

Network

LISP Use Cases: Virtualisation/VPNs• Customer Example: US State Government (Multi-tenancy)

82

Segmentation by

physical, Layer 2, or

Layer 3 means

(e.g. 802.1Q, EVN,

physically separate

networks)Default

• Single RLOC

namespace• Default table

(or RLOC VRF)

To IPv4 or IPv6 Core

RLOC namespace

VRF-B, IID 2

To Enterprise

Internal Networks

LISP0.1

LISP0.2

LISP0.3

Page 83: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

MPLS Core

Network

MPLS VPN

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location X

Group A

Network

Group B

Network

Group C

Network

Group N

Network

..

Group A

Dev ice

Group B

Dev ice

Group C

Dev ice

Group N

Dev ice

CE Device

xTR

xTR

GM

..

Location Y

Group A

Network

Group B

Network

Group C

Network

Group N

Network

LISP Use Cases: Virtualisation/VPNs• Customer Example: US State Government (Multi-tenancy)

!

router lisp

locator-set CE

10.2.2.2 priority 1 weight 100

exit

!

eid-table vrf GROUPA instance-id 1

database-mapping 192.168.16.0/24 locator-set CE

database-mapping 1:1:16::/64 locator-set CE

exit

!

eid-table vrf GROUPB instance-id 2

database-mapping 192.168.16.0/24 locator-set CE

database-mapping 2:2:16::/64 locator-set CE

exit

!

eid-table vrf GROUPC instance-id 3

database-mapping 192.168.16.0/24 locator-set CE

database-mapping 3:3:16::/64 locator-set CE

exit

!

83

Page 84: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesLISP Deployment Examples

84

1. Efficient Multihoming and Multi-AF (IPv4 and IPv6)

2. Efficient Virtualisation and High-Scale VPNs

3. Data Centre/Host Mobility

4. LISP-Mobile Node

Page 85: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility

85

Needs:‒ VM-Mobility extending subnets and across subnets

‒ Move detection, dynamic EID-to-RLOC mappings, traffic redirection

LISP Solution:‒ OTV + LISP for VM-moves in extended subnets

‒ LISP for VM-moves across subnets

Benefits:‒ VM OS agnostic, seamless, integrated, global

workload mobility

‒ Direct Path (no triangulation)

‒ Connections survive across moves

‒ No routing re-convergence, no DNS updates

‒ Global Scalability (cloud bursting)

‒ ARP elimination

Data

Centre 1

Data

Centre 2

a.b.c.1

VM

a.b.c.1

VM

VM move

LISP

router

LISP

router

Internet

Page 86: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility

86

Moves With LAN Extension

IPv4 Network

West-DC East-DC

Non-LISP

Site

Mapping DB

LISP-VM (XTR)

LAN Extension

LISP Site

XTR

Routing for Extended SubnetsActive-Active Data Centres

Distributed Data Centres

Application Members DistributedBroadcasts across sites

IP Mobility Across SubnetsDisaster Recovery

Cloud Bursting

Application Members In One Location

Moves Without LAN Extension

IPv4 Network DR Location

or Cloud Provider DC

Mapping DB

West-DC East-DC

LISP-VM (XTR)

LISP Site

XTR

LISP Host Mobility Config Guide:http://lisp.cisco.com

Page 87: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility – No LAN Extension : First-Hop Routing

87

• SVI (Interface VLAN x) and HSRP configured as usual

– Consistent GWY-MAC configured across all dynamic subnets

• The lisp mobility <dyn-eid-map> command enables proxy-arp functionality on the SVI

– The LISP-VM router services first hop routing requests for both local and roaming subnets

• Moving hosts always talk to a local gateway with the same MAC

West-DC East-DC

LISP-VM (xTR)

A B C D

HSRP

ARP

GWY-MAC

HSRP

ARP

GWY-MAC

interface Ethernet2/4ip address 10.1.0.6/24lisp mobility roamer

ip proxy-arphsrp 101

mac-address 0000.0e1d.010c

ip 10.2.0.1

interface vlan 100ip address 10.2.0.5/24lisp mobility roamer

ip proxy-arphsrp 101

mac-address 0000.0e1d.010c

ip 10.2.0.1

interface vlan 200

ip address 10.2.0.8/24lisp mobility roamerip proxy-arp

hsrp 201 mac-address 0000.0e1d.010cip 10.3..0.1

interface vlan 100

ip address 10.3.0.7/24lisp mobility roamerip proxy-arp

hsrp 201mac-address 0000.0e1d.010cip 10.3.0.1

10.2.0.0 /24 10.3.0.0 /24

10.2.0.2

HSRP ActiveHSRP Active

Page 88: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility – ETR Updates across LISP sites

88

West-DCEast-DC

X

Y

Y

Mapping DB

10.2.0.2

10.2.0.0 /16 10.3.0.0 /16

5.1.1.1 5.2.2.2

A BC D

Routing Table:

10.3.0.0/16 – Local

10.2.0.0/24 – Null0

10.2.0.2/32 – LocalRouting Table:

10.3.0.0/16 – Local

10.2.0.0/24 – Null0

10.2.0.2/32 – Local

Map-Notify

10.2.0.2/32 <C,D>

1

Routing Table:

10.2.0.0/16 – Local

10.2.0.2/32 – Null0

Routing Table:

10.2.0.0/16 – Local

10.2.0.2/32 – Null0

Map-Notify

10.2.0.2/32 <C,D>

Map-Register

10.2.0.2/32 <C,D>

10.2.0.0/16 – RLOC A, B

10.2.0.2/32 – RLOC C, D

3

75

9

2

4

6

8

10

Map-Notify

10.2.0.2/32 <C,D>

Null0 host routes indicate the host is “away”

Page 89: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility – Refreshing map-caches

89

1. ITRs and PITRs with cached mappings continue to send traffic to the old locators

• The old DC xTR knows the host has moved (Null0 route)

2. Old xTR sends Solicit Map Request (SMR) messages to any encapsulators sending traffic to the moved host

3. The ITR then initiates a new map request process

4. An updated map-reply is issued from the new location

5. The ITR Map Cache is updated

Traffic now flows shortest path

West-DC East-DC

LISP-VM (xTR)

X Z

Y

Y

Mapping DB

10.2.0.2

10.2.0.0 /16 10.3.0.0 /16

A B C D

LISP site

ITR

Map Cache @ ITR

10.2.0.0/16 – RLOC A,B

10.2.0.2/32 – RLOC C,D

Page 90: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

West-to-East

On-subnet Server-Server Traffic

• Y ARPs for X, /24 Null0 entry for the ‘home subnet’ triggers proxy-ARP on East DC xTRs to ensure traffic is steered there

• Note: assumption is that ARP cache on Y is refreshed after the move

• Traffic to X is LISP encapsulated

• X ARPs for Y, /32 Null0 entry for Y triggers proxy-ARP on West-DC xTRs to ensure traffic is steered there

–Note: entry for Y in X ARP cache is cleared by GARPmessage originated by West-DC XTRs

• Traffic to Y is LISP encapsulated

W est-DC

East-DC

LISP DC xTR

Z

Y

Y

10.1.1.8

A

10.1.1.9

X

B C D

10.1.1.0/2410.2.1.0/24

W est-DC

East-DC

LISP DC xTR

Z

Y

Y

10.1.1.8

A

10.1.1.9

X

B C D

10.1.1.0/2410.2.1.0/24

East-to-West

BC 10.1.1.9 10.1.1.8 CB 10.1.1.8 10.1.1.9

90

Page 91: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility – Customer Example

91

MPLS Core, Across Subnets – Topology

Customer-AMPLS-VPN

MPLS Core

PE5 PE6

Blue/DC 1(Location 1)

CE5 CE6

Blue/DC 2(Location 2)

CE7 CE8

ITR/ETR

Customer-ASite 4

PE4

Customer-ASite 3PE3

MS/MRMS/MR

Customer-ASite 2

PE2

Customer-ASite 1 PE1

CE2

ITR/ETR

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR 172.18.0.0/16172.17.0.0/16

DYNAMIC EID

172.17.0.0/24

Page 92: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility – Customer Example

92

Customer-AMPLS-VPN

MPLS Core

PE5 PE6

Blue/DC 1(Location 1)

CE5 CE6

Blue/DC 2(Location 2)

CE7 CE8

ITR/ETR

Customer-ASite 4

PE4

Customer-ASite 3PE3

MS/MRMS/MR

Customer-ASite 2

PE2

Customer-ASite 1 PE1

CE2

ITR/ETR

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR

MPLS Core, Across Subnets – LISP Configurations (Sites and MS/MRs)

172.18.0.0/16172.17.0.0/16

EID 172.16.1.0/24

RLOC 10.1.1.2

RLOC 10.1.5.1 RLOC 10.1.6.1

router lispeid-table default instance-id 0database-mapping 172.16.1.0/24 10.1.1.2 pri 1 wei 100exit!ipv4 itripv4 etripv4 itr map-resolver 10.1.5.1ipv4 itr map-resolver 10.1.6.1ipv4 etr map-server 10.1.5.1 key s3cr3tipv4 etr map-server 10.1.6.1 key s3cr3t!

IOS

IOS

router lisp!site DCsauthentication-key DCs3cr3teid-prefix 172.17.0.0/16 accept-more-specificseid-prefix 172.18.0.0/16exit!site Site-1authentication-key s3cr3teid-prefix 172.16.1.0/24exit!

--<more sites>---ipv4 map-serveripv4 map-resolverexit!

DYNAMIC EID

172.17.0.0/24

Page 93: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Center/Host Mobility – Customer Example

93

Customer-AMPLS-VPN

MPLS Core

PE5 PE6

Blue/DC 1(Location 1)

CE5 CE6

Blue/DC 2(Location 2)

CE7 CE8

ITR/ETR

Customer-ASite 4

PE4

Customer-ASite 3PE3

MS/MRMS/MR

Customer-ASite 2

PE2

Customer-ASite 1 PE1

CE2

ITR/ETR

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR

MPLS Core, Across Subnets – LISP Configurations (Data Centers)

172.18.0.0/16172.17.0.0/16

EID 172.16.1.0/24

RLOC-A 10.2.5.1 RLOC-B10.2.5.5 RLOC-C 10.2.6.1 RLOC-D10.2.6.5

RLOC 10.1.1.2

RLOC 10.1.5.1 RLOC 10.1.6.1

ip lisp itr-etrip lisp database-mapping 172.17.0.0/16 10.2.5.1 p 1 w50ip lisp database-mapping 172.17.0.0/16 10.2.5.5 p 1 w50

ip lisp itr map-resolver 10.1.5.1 ip lisp itr map-resolver 10.1.6.1 ip lisp etr map-server 10.1.5.1 key DCs3cr3tip lisp etr map-server 10.1.6.1 key DCs3cr3t

lisp dynamic-eid CUST-A-ROAMdatabase-mapping 172.17.0.0/24 10.2.5.1 p 1 w 50database-mapping 172.17.0.0/24 10.2.5.5 p 1 w 50map-notify-group 239.1.1.1

interface vlan 100ip address 172.17.0.2/24 (or 172.17.0.3/24)lisp mobility CUST-A-ROAMip proxy-arp

hsrp 101mac-address 0000.0e1d.010cip 172.17.0.1

NX-OS

ip lisp itr-etrip lisp database-mapping 172.18.0.0/16 10.2.6.1 p 1 w50ip lisp database-mapping 172.18.0.0/16 10.2.6.5 p 1 w 50

ip lisp itr map-resolver 10.1.5.1 ip lisp itr map-resolver 10.1.6.1 ip lisp etr map-server 10.1.5.1 key DCs3cr3tip lisp etr map-server 10.1.6.1 key DCs3cr3t

lisp dynamic-eid CUST-A-ROAMdatabase-mapping 172.17.0.0/24 10.2.6.1 p 1 w 50database-mapping 172.17.0.0/24 10.2.6.5 p 1 w 50map-notify-group 239.2.2.2

interface vlan 100ip address 172.18.0.2/24 (or 172.18.0.3/24)lisp mobility CUST-A-ROAMip proxy-arp

hsrp 101mac-address 0000.0e1d.010cip 172.18.0.1

NX-OS

Page 94: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility – Customer Example

94

Customer-AMPLS-VPN

MPLS Core

PE5 PE6

Blue/DC 1(Location 1)

CE5 CE6

Blue/DC 2(Location 2)

CE7 CE8

ITR/ETR

Customer-ASite 4

PE4

Customer-ASite 3PE3

MS/MRMS/MR

Customer-ASite 2

PE2

Customer-ASite 1 PE1

CE2

ITR/ETR

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR

MPLS Core, Extending Subnets – Initial State

172.18.0.0/16172.17.0.0/16

EID 172.16.1.0/24

172.17.0.12/32the server is here

EID-prefix: 172.17.0.12/32

Locator-set: 10.2.5.1, priority: 1, weight: 5010.2.5.5, priority: 1, weight: 50

map-cache

RLOC-A 10.2.5.1 RLOC-B10.2.5.5 RLOC-C 10.2.6.1 RLOC-D10.2.6.5

Page 95: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesData Centre/Host Mobility – Customer Example

95

Customer-AMPLS-VPN

MPLS Core

PE5 PE6

Blue/DC 1(Location 1)

CE5 CE6

Blue/DC 2(Location 2)

CE7 CE8

ITR/ETR

Customer-ASite 4

PE4

Customer-ASite 3PE3

MS/MRMS/MR

Customer-ASite 2

PE2

Customer-ASite 1 PE1

CE2

ITR/ETR

CE1

ITR/ETR

CE3

ITR/ETR

CE4

ITR/ETR

ITR/ETR

MPLS Core, Extending Subnets – After the move

172.18.0.0/16172.17.0.0/16

EID 172.16.1.0/24

172.17.0.12/32

the server moves here

EID-prefix: 172.17.0.12/32

Locator-set: 10.2.5.1, priority: 1, weight: 5010.2.5.5, priority: 1, weight: 50

map-cache

10.2.6.1, priority: 1, weight: 5010.2.6.5, priority: 1, weight: 50

RLOC-A 10.2.5.1 RLOC-B10.2.5.5 RLOC-C 10.2.6.1 RLOC-D10.2.6.5

Page 96: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP for Cloud Connect

96

Customer-AMPLS-VPN

MPLS Core

PE5 PE6

Blue/DC 1

(Location 1)

CE5 CE6

Blue/DC 2

(Location 2)

CE7 CE8

ITR/ETR

MS/MRMS/MR

Customer-ASite 2

PE2

Customer-A

Site 1 PE1

CE2

ITR/ETR

CE1

ITR/ETR

ITR/ETR 172.18.0.0/16172.17.0.0/16

Internet

ISP

CSR1kV

Here you need to add an RTR and MS/MR connected to both IP Spaces for Disjoined RLOC

space – MPLS and Internet are not routable

Page 97: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Host-Mobility – First Hop Routing• With Extended Subnets

97

• Consistent GWY-IP and GWY-MAC configured across all sites

– Consistent HSRP group number across sites consistent GWY-MAC

• Servers can move anywhere and always talk to a local gateway with the same IP/MAC

West-DC East-DC

LISP-VM (xTR)

A B C D

HSRP

ARP

GWY-MAC

HSRP

ARP

GWY-MAC

HSRP ActiveHSRP Active

10.2.0.0 /24 10.2.0.0 /24

LAN Ext.

interface Ethernet2/4

ip address 10.2.0.6/24

lisp mobility roamer

lisp extended-subnet-mode

hsrp 101

ip 10.2.0.1

interface vlan 100

ip address 10.2.0.5/24

lisp mobility roamer

lisp extended-subnet-mode

hsrp 101

ip 10.2.0.1

interface vlan 200

ip address 10.2.0.8/24

lisp mobility roamer

lisp extended-subnet-mode

hsrp 101

ip 10.2.0.1

interface vlan 100

ip address 10.2.0.7/24

lisp mobility roamer

lisp extended-subnet-mode

hsrp 101

ip 10.2.0.1

Page 98: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

Host-Mobility and Multi-homing• ETR Updates – Extended Subnets

98

West-DCEast-DC

X

Y

Y

Mapping DB

10.2.0.2

10.2.0.0 /16 10.2.0.0 /16

5.1.1.1 5.2.2.2

A BC D

Routing Table:10.2.0.0/16 – Local10.2.0.0/24 – Null010.2.0.2/32 – Local

Routing Table:10.2.0.0/16 – Local10.2.0.0/24 – Null010.2.0.2/32 – Local

Map-Notify 10.2.0.2/32 <C,D>

Routing Table:10.2.0.0/16 – Local10.2.0.0/24 – Null010.2.0.2/32 – Null0

Routing Table:10.2.0.0/16 – Local10.2.0.0/24 – Null010.2.0.2/32 – Null0

Map-Register 10.2.0.2/32 <C,D>

10.2.0.0/16 – RLOC A, B10.2.0.2/32 – RLOC C, D

3

5

3

24

6

4

Map-Notify 10.2.0.2/32 <C,D>

OTV

4

1

10.2.0.0 /24 is the dyn-EID

Null0 host routes indicate the host is “away”

Page 99: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

Refreshing the Map Caches

1. ITRs and PITRs with cached mappings continue to send traffic to the old locators

1. The old xTR knows the host has moved (Null0 route)

2. Old xTR sends Solicit Map Request (SMR) messages to any encapsulators sending traffic to the moved host

3. The ITR then initiates a new map request process

4. An updated map-reply is issued from the new location

5. The ITR Map Cache is updated

Traffic is now re-directed

SMRs are an important integrity measure to avoid unsolicited map responses and spoofing

99

West-DC East-DC

LISP-VM (xTR)

X Z

Y

Y

Mapping DB

10.2.0.2

10.2.0.0 /16 10.2.0.0 /16

A B C D

LISP site

ITR

10.2.0.2/32 – RLOC C,D

Map Cache @ ITR

10.2.0.3/32 – RLOC A,B

10.2.0.2/32 – RLOC A,B

OTV

Page 100: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

On-subnet Server-Server Traffic• On Subnet Traffic Across L3 Boundaries

100

• Live moves and cluster member dispersion

• Traffic between X & Y uses the LAN Extension

• Link-local-multicast handled by the LAN Extension

• Cold moves, no application dispersion

• X- Y traffic is sent to the LISP-VM router & LISP encapsulated

• Need LAN extensions for link-local multicast traffic

With LAN Extension Without LAN Extensions

W est-DC

East-DC

LISP-VM (xTR)

Z

Y

Y

10.2.0.2

A

10.2.0.0/16

LAN Ext.

B C D

10.2.0.3 10.2.0.2

W est-DC

East-DC

LISP-VM (xTR)

Z

Y

Y

10.2.0.2

A

10.2.0.3

X

Mapping DB

B C D

BC 10.2.0.3 10.2.0.2

10.2.0.0/1610.3.0.0/16

10.2.0.3

X

Page 101: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Deployment ExamplesLISP Deployment Examples

101

1. Efficient Multihoming and Multi-AF (IPv4 and IPv6)

2. Efficient Virtualisation and High-Scale VPNs

3. Data Centre/Host Mobility

4. LISP-Mobile Node

Page 102: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Mobile Node• A LISP-MN Phone is a LISP Site!!…

EID-prefix: 2610:00d0:xxxx::1/128

64.0.0.1 65.0.0.1

Map-Server: 64.1.1.1

wifi 3G

This device

is a LISP

xTR !

What can a LISP-MN Device do? • Two MNs can roam and stay connected

• MNs can be servers

• MNs roam without changing DNS entries

• MNs can use multiple interfaces

• MNs can control ingress packet policy

• Faster hand-offs

• Low battery use by MS proxy-replying

• And most importantly, packets have stretch of “1” –best for latency/delay sensitive applications

LISP-MN can scale to1 billion hand-sets!

102

Page 103: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

LISP Status

Page 104: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP StatusLISP RFCs and notable drafts

104

IETF LISP WG: http://tools.ietf.org/wg/lisp/

Draft Target

LISP Canonical Address Format (draft-ietf-lisp-lcaf-04) Active Working Group Document

LISP Deployment (draft-ietf-lisp-deployment-11) Active Working Group Document

LISP SEC (draft-ietf-lisp-sec-05) Active Working Group Document

LISP DDT (draft-fuller-lisp-ddt-01) Active Working Group Document

LISP Introduction (draft-ietf-lisp-introduction-03) Active Working Group Document

LISP Mobile Node (draft-meyer-lisp-mn-10) Related Working Group Document

LISP NAT-Traversal (draft-ermagan-lisp-nat-traversal-05)

Related Working Group Document

LISP GPE (draft-lewis-lisp-gpe) Related Working Group Document

LISP Deployment (draft-ietf-lisp-deployment-12) RFC-Editor’s Queue

LISP Based FlowMapping for Scaling NVF (draft-barakai-lisp-nvf-04)

Related Internet Draft

LISP Reliable Transport (draft-kouvelas-lisp-reliable-transport-00)

Related Internet Draft

RFCs

Locator/ID Separation Protocol (LISP) base document

RFC 6830

LISP Map Server RFC 6833

LISP Interworking RFC 6832

LISP Multicast RFC 6831

LISP Internet Groper RFC 6835

LISP Map Versioning RFC 6834

LISP+ALT RFC 6836

LISP MIB RFC 7052

LISP Network Element Deployment Considerations

RFC 7215

Page 105: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Community Operated:– More than 5+ years of operation…

– More than ~600+ Sites, 45+ countries…

Interoperable LISP implementations:

– Cisco • IOS (ISR, ISRG2, 7200) and IOS-XE (ASR1K, CSR1KV)

• Cisco IOS-XR (CRS3, ASR9K)

• Cisco NX-OS (N7K)

• Cisco Cat6K

– AVM “FRITZ!Box”

– OpenWrt

– Open Source• FreeBSD: OpenLISP

• Linux: Aless, LISPmob, OpenWrt

• Android

LISP Status• LISP Beta Network – International R&D and demonstration network

Plus some others… ;-)

http://www.lisp4.net

http://v inciconsulting.com/vxnet

http://www.lisp.intouch.eu/

http://www.itris-enterprise.ch/

and more…

105

EMAIL: [email protected]

Page 106: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP Status• LISP Software – Available Features:: By operating System

Cisco Releases (http://lisp.cisco.com)

Features

Roles:- ITR/ETR

- PITR/PETR

- MS/MR

- RTR

AF Support- EID v4/v6

- RLOC v4/v6

Virtualisation

- Shared/Parallel

Mobility

- ESM/ASM

- Multi-Hop

Multicast

NAT-Traversal

IOS IOS-XE NX-OS IOS-XR Cat 6K

testing

v4 only

testing testing

roadmap

5.3.0

roadmap

roadmap

roadmap

shared

v4 only

roadmap

roadmap

roadmap

roadmap

roadmap

ASM 15.2(1)SY

ASR9k

111

roadmap

111

Page 107: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

APIC-EM - LISP Overlay Service

112

Page 108: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP - Open Standard Specification IETF Specification

Nine RFCs presently published: RFC 6830 thru 6836, 7052 and 7215

6+ year thorough customer/vendor review

No IPR claims on LISP IETF specifications

Ongoing IETF LISP WG Focus

Complete LISP base specifications (LCAF, deployment, LISP-SEC, LISP-DDT, LISP-MN)

Use cases being documented:

o DC Virtualisation and Host Mobility

o WAN Virtualisation, Multi-Homing, IPv6 Adoption/Transition

o Traffic Engineering and Service Chaining

o SDN/NFV

11

3

IETF LISP WG: http://tools.ietf.org/wg/lisp/

113

Page 109: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP – Important Contacts

11

4

WEB: http://lisp.cisco/com

EMAIL: [email protected]

114

Download of this Breakout Session PDF’s and Videos:

http://cs.co/BRKRST3045

Facebook

https://www.facebook.com/groups/407716795982512/

Linkedin

https://www.linkedin.com/groups?mostRecent=&gid=3776183

Page 110: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP StatusLISP Information

115

LISP Mailing Lists

Cisco LISP Questions ……………… [email protected]

IETF LISP Working Group ………… [email protected]

LISP Interest (public) ………………. [email protected]

LISPmob Questions ………………... [email protected]

LISP Information

Cisco LISP Site ……………………. http://lisp.cisco.com

Cisco LISP Marketing Site ………... http://www.cisco.com/go/lisp/

LISP Beta Network Site …………… http://www.lisp4.net or http://www.lisp6.net

LISP DDT Root ……………………... http://www.ddt-root.org

IETF LISP Working Group ……...… http://tools.ietf.org/wg/lisp/

Page 111: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

LISP Summary

Page 112: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

LISP SummaryPart of the LISP Solution Space

117

v6

LISP is an Architecture…

IPv4 Core

IPv6 Core

v4

IPv4 Network

xTR

xTR

1. Multihoming

2. IPv6 Transition

3. Virtualisation/VPN

4. Mobility

IPv6 Network

Page 113: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

Call to Action

• Visit the World of Solutions for– Cisco Campus

– Walk in Labs

– Technical Solution Clinics

• Meet the Engineer

• Lunch time Table Topics

• DevNet zone related labs and sessions

• Recommended Reading: for reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2015

118

Page 114: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

Q & A

Page 115: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its

© 2015 Cisco and/or its affi liates. All rights reserved.BRKRST-3045 Cisco Public

Give us your feedback and receive a

Cisco Live 2015 T-Shirt!

Complete your Overall Event Survey and 5 Session

Evaluations.

• Directly from your mobile device on the Cisco Live

Mobile App

• By visiting the Cisco Live Mobile Site

http://showcase.genie-connect.com/clmelbourne2015

• Visit any Cisco Live Internet Station located

throughout the venue

T-Shirts can be collected in the World of Solutions

on Friday 20 March 12:00pm - 2:00pm

Complete Your Online Session Evaluation

Learn online with Cisco Live! Visit us online after the conference for full

access to session videos and

presentations. www.CiscoLiveAPAC.com

Page 116: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its
Page 117: LISP A Next Generation Networking Architecture Live 2015 Melbourne... · LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its