Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. 1
LISP - innovative mobility w/ Cisco Architectures
Gerd Pflueger – Consulting Systems Engineer – Central Europe [email protected]
Version 0.3
14 March 2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Cisco is developing a new, innnovative routing architecture, which helps w/ the separation of the host addressing from the actual location. Within multiple RFCs the new architecture of LISP (Locator/ID Separation Protocol) was documented and discussed in the IEFT. Beside of countless other functions, like IP address portability, VM mobility or large scale VPN, LISP will allow the following functionality for mobile communication: - simultaneous load balancing and multihoming for ingress and egress communication w/ different media (WLAN, Edge, UMTS, LTE) and - IPv6 mobility - keep IPv6 address even w/ roaming and connecting over IPv4 networks. The presentation will explain the basics on LISP and will discuss the opportunities of LISP with mobile communication. The presenter will show to of the latest use cases from airline industries and automotive communication. He will also demonstrate the actual LISP implementation on an Android mobile.
Cisco Public 3 © 2011 Cisco and/or its affiliates. All rights reserved.
• What is LISP?
• Usecases incl. IPv6-Solutions
• Example - LHSys
• Example - Car-Communication
• Example - Android Phone
• Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Without LISP
LISP originally conceived to address Internet Scaling
Many customers have been requesting Cisco to look into this issue “…. routing scalability is the most important problem facing the Internet today and must be solved….” Attendees of IAB workshop in October 2006 (written in RFC4984)
LISP – A Solution to Real World Problems
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
• LISP is completely open
Started in the IRTF
Currently has an IETF working group
No known IPR
• 100s of Researchers and Operators Contributed to Design
• Multiple Vendors Interested
• Pilot Network up for nearly 4 years
121 nodes in 25 countries
• Building a LISP-MN Pilot Network
Testing server capabilities on Android phones
Experimenting new mapping database systems and security mechanisms
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Locator/ID split enables other (more important) benefits…
Internet
Device IPv4 or IPv6 address
represents identity and
location
x.y.z.1
When the device moves, it gets a new
IPv4 or IPv6 address for its new identity
and location w.z.y.9
Device IPv4 or IPv6
address represents
identity only
When the device moves, keeps its IPv4
or IPv6 address.
It has the same identity
Internet
a.b.c.1
e.f.g.7
Only the location changes
x.y.z.1
x.y.z.1
Today’s Internet Behavior
LISP Behavior
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Prefix Next-hop w.x.y.1 e.f.g.h
x.y.w.2 e.f.g.h
z.q.r.5 e.f.g.h
z.q.r.5 e.f.g.h
MS
ITR
PTR
ETR
ETR
Non-LISP
EID Space
EID Space
RLOC Space
EID RLOC a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID RLOC a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID RLOC a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
Map DB
EID (Endpoint Identifier) is the host IP address
Creates a “Level of indirection” by using two namespaces – EID and RLOC
RLOC (Routing Locator) is the infrastructure IP address of the LISP router
Mapping Database (M-DB) is the distributed database and policy repository
Network-based solution
No host changes
Minimal configuration
No DNS changes
Address Family agnostic
Incrementally deployable (support LISP and non-LISP)
Support for mobility
LISP – A Level of Indirection for IP Addressing
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
LISP IPv4 EID/IPv4 RLOC Header Example
IPv4 Outer Header: Router
supplies RLOCs
IPv4 Inner Header:
Host supplies EIDs
LISP
header
UDP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
LISP Encapsulation Combinations – IPv4 and IPv6 Supported
IPv4/IPv4
IPv4
Outer
Header
IPv4
Inner
Header
UDP
LISP
IPv4/IPv6
IPv4
Outer
Header
IPv6
Inner
Header
UDP
LISP
IPv6/IPv4
IPv6
Outer
Header
IPv4
Inner
Header
UDP
LISP
IPv6/IPv6
IPv6
Outer
Header
IPv6
Inner
Header
UDP
LISP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
RC
172.16.10.0/24 172.16.20.0/24
10.1.1.0/30
10.2.1.0/30
10.0.0.0/30 .3
.2 .2 .1
.2
.2
Lo0 153.16.1.1/32
RA3
Lo0 153.16.2.1/32
RB3 RA1-xTR
RB1-xTR
.1
.1
RLOC
.1
RLOC
2.0.0.1/8 Lo0
4.0.0.1/8 Lo0 3.0.0.1/8
Lo0
193.159.224.1/24 Lo0
.1
RI-MS/MR
LISP A LISP B
RA2-xTR 10.1.2.0/30
1.0.0.1/8 Lo0
.1
RLOC
.2
10.2.2.0/30 .2 .1
EID-prefixes
LISP Site A
172.16.10.0/24
153.16.1.1/32
153.16.1.2/32
EID-prefixes
LISP Site B
172.16.20.0/24
153.16.2.1/32
EID (S)
EID (D)
MR - MS
Mapping Database (ETR) and Map Cache (ITR)
10.2.1.1 -> 10.0.0.1
1 LISP Map-Register
153.16.2.1/32
2
MS and MR
on a single router.
No ALT advertisement
1
ETR – Registration
153.16.1.1 -> 153.16.2.1 3
How do I get to
153.16.2.1? 4
Map Request
5 5
10.1.2.1 -> 10.0.0.1 5
LISP ECM to MR
10.1.2.1 -> 153.16.2.1 5
Map-Request to ETR
10.0.0.1 -> 10.2.1.1 6
LISP ECM to ETR
10.1.2.1 -> 153.16.2.1 6
Map-Request to ETR
6
10.2.1.1 -> 10.1.2.1
Map-Reply to iTR
153.16.2.1/32
10.2.1.1 [1,50]
10.2.2.1 [10,50]
7
7
3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
RC
172.16.10.0/24 172.16.20.0/24
10.1.1.0/30
10.2.1.0/30
10.0.0.0/30 .3
.2 .2 .1
.2
.2
Lo0 153.16.1.1/32
RA3
Lo0 153.16.2.1/32
RB3 RA1-xTR
RB1-xTR
.1
.1
RLOC
.1
RLOC
2.0.0.1/8 Lo0
4.0.0.1/8 Lo0 3.0.0.1/8
Lo0
193.159.224.1/24 Lo0
.1
RI-MS/MR
LISP A LISP B
RA2-xTR 10.1.2.0/30
1.0.0.1/8 Lo0
.1
RLOC
.2
10.2.2.0/30 .2 .1
EID-prefixes
LISP Site A
172.16.10.0/24
153.16.1.1/32
153.16.1.2/32
EID-prefixes
LISP Site B
172.16.20.0/24
153.16.2.1/32
EID (S)
EID (D)
MR - MS
RC
Unicast Packet Forwarding
This policy controlled
by destination site
EID-prefix: 153.16.2.1/32
Locator-set:
10.2.1.1, priority: 1, weight: 50 (D1)
10.2.2.1, priority: 10, weight: 50 (D2)
Mapping
Entry
153.16.1.1 -> 153.16.2.1 4
2
3
1
153.16.1.1 -> 153.16.2.1 2
10.1.2.1 -> 10.2.1.1
4
153.16.1.1 -> 153.16.2.1 1 153.16.1.1 -> 153.16.2.1 3
10.1.2.1 -> 10.2.1.1
Cisco Public 12 © 2011 Cisco and/or its affiliates. All rights reserved.
• What is LISP?
• Usecases incl. IPv6-Solutions
• Example - LHSys
• Example - Car-Communication
• Example - Android Phone
• Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
IPv6 Transition Support
v6-over-v4, v6-over-v6
v4-over-v6, v4-over-v4
IPv4 Internet IPv6 Internet
v6
v6 v4 v6
LISP
router LISP
router
v6 services
VM-Mobility
Cloud / Layer 3 VM moves
Segmentation
Data Center
1
Data Center
2
a.b.c.1
VM
a.b.c.1
VM
VM move
LISP
router LISP
router
Internet
VPNs and Segmentation
Over-the-Top
Multi-tenency
HQ LISP Site
Internet
Data
Center User
Network
Remote
LISP Site Remote
LISP Site Remote
LISP Site
Remote
LISP Site . . 10k . .
Efficient Multi-Homing
IP Portability
Ingress Traffic Engineering without BGP
LISP
routers
LISP
Site
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Needs:
− Rapid IPv6 Deployment
− Minimal Infrastructure disruption
LISP Solution:
− LISP encapsulation is Address Family agnostic
IPv6 interconnected over IPv4 core
IPv4 interconnected over IPv6 core
Benefits:
− Accelerated IPv6 adoption
− Minimal added configurations
− No core network changes
− Can be used as a transitional or permanent solution
IPv4 Internet
IPv6 Internet
v6
v6 v4
PxTR
IPv4 Core
v6
xTR v6 service
IPv4 Internet IPv4 Enterprise
Core
v6 v4
v6
island IPv4 Enterprise Core
xTR v6
island
xTR
IPv6 Internet
IPv4
access & Internet
PxTR v6
v6 home
Network
.
v6 home
Network
v6 home
Network
xTR
xTR
xTR
PxTR
PxTR
v6
. v6 site
v6 v4
Connecting IPv6 Islands
IPv6 Service Support
IPv6 Access Support
v6
v6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
RC
172.16.10.0/24 172.16.20.0/24
10.1.1.0/30 10.2.1.0/30
10.0.0.0/30 .3
.2 .2
.1
.2
.2
Lo0 153.16.1.1/32
RA3
Lo0 153.16.2.1/32
RB3 RA1-xTR
RB1-xTR
.1
.1
RLOC
.1
RLOC
2.0.0.1/8 Lo0
4.0.0.1/8 Lo0 3.0.0.1/8
Lo0
193.159.224.1/24 Lo0
.1
RI-MS/MR
LISP A LISP B
RA2-xTR 10.1.2.0/30
1.0.0.1/8 Lo0
.1
RLOC
.2
10.2.2.0/30 .2 .1
EID-prefixes
LISP Site A
172.16.10.0/24
153.16.1.1/32
153.16.1.2/32
EID-prefixes
LISP Site B
172.16.20.0/24
153.16.2.1/32
EID (S) EID (D)
MR - MS
hostname RI
ip lisp map-resolver
ip lisp map-server
lisp site LISP-A
eid-prefix 153.16.1.0/24
eid-prefix 172.16.10.0/24
authentication-key 3 9125d59c18a9b015
description LISP SITE A
lisp site LISP-B
eid-prefix 153.16.2.0/24
eid-prefix 172.16.20.0/24
authentication-key 3 9125d59c18a9b015
description LISP SITE B
hostname RA2
ip route 0.0.0.0/0 10.1.2.2
ip route 10.1.1.1/32 10.1.2.2
ip route 153.16.1.0/24 172.16.10.3
ip lisp itr-etr
ip lisp database-mapping 153.16.1.0/24 10.1.2.1 priority 1 weight 50
ip lisp database-mapping 172.16.10.0/24 10.1.2.1 priority 1 weight 50
ip lisp database-mapping 153.16.1.0/24 10.1.1.1 priority 1 weight 50
ip lisp database-mapping 172.16.10.0/24 10.1.1.1 priority 1 weight 50
ip lisp itr map-resolver 10.0.0.1
ip lisp etr map-server 10.0.0.1 key 3 9125d59c18a9b015
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
RC
2010::/48
10.1.1.0/30 10.2.1.0/30
10.0.0.0/30
2010::3
.2 .2 .2
RA3
2020::/48
EID
RB3
RA1-xTR
RB1-xTR
.1
RLOC
.1
RLOC
193.159.224.1/24 Lo0
.1
RI-MS/MR
LISP A LISP B
RA2-xTR 10.1.2.0/30
.1
RLOC
EID
10.2.2.0/30 .2 .1
2010::1
2010::2
2020::2
2020::1
RA2# sh run lisp
ip lisp itr-etr
ipv6 lisp itr-etr
ipv6 lisp database-mapping 2010::0003/128 10.1.1.1 priority 1 weight 50
ipv6 lisp database-mapping 2010::0003/128 10.1.2.1 priority 1 weight 50
ip lisp ...
ipv6 lisp itr map-resolver 10.0.0.1
ip lisp itr map-resolver 10.0.0.1
ipv6 lisp etr map-server 10.0.0.1 key 3 9125d59c18a9b015
ip lisp etr map-server 10.0.0.1 key 3 9125d59c18a9b015
RA2#
RI# sh run lisp
ipv6 lisp map-resolver
ip lisp map-resolver
ipv6 lisp map-server
ip lisp map-server
lisp loc-reach-algorithm rloc-probing
lisp site LISP-A
eid-prefix 2010::/48 accept-more-specifics
eid-prefix 153.16.1.0/24
eid-prefix 172.16.10.0/24
authentication-key 3 9125d59c18a9b015
description LISP SITE A
lisp site LISP-B
eid-prefix 2020::/48 accept-more-specifics
eid-prefix 153.16.2.0/24
eid-prefix 172.16.20.0/24
authentication-key 3 9125d59c18a9b015
description LISP SITE B
RI#
Cisco Public 17 © 2011 Cisco and/or its affiliates. All rights reserved.
• What is LISP?
• Usecases incl. IPv6-Solutions
• Example - LHSys
• Example - Car-Communication
• Example - Android Phone
• Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
• Seamless roaming for passenger and LHSys
- Internet Access
- private VPN tunnel (passenger and LHSys)
• Optimal traffic flow (local breakout, return)
• Same IP-addr. for plane network (192.168.1.0/24)
• Unique IP-addr. for plane D-ABFT = 10.11.35.73/32 EID NAT/PAT WiMax-Link-Addr.
• No additional HW at the plane (!!!)
• 2 x Intel Platform HW: LISP-VM auf ESX or KVM incl. Windows 2008 R2 servers as VM
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
xTR
PTR
xTR xTR
D-ABFT = 10.11.35.73/32
LHSYS Server
www.yahoo.com
LHSYS FW
Plane Net
xTR IR DB
RLOC (IPv4/IPv6)
EID (IPv4/IPv6)
EID (IPv4/IPv6)
RLOC RLOC RLOC
RLOC
EID (IPv4/IPv6)
Cisco Public 20 © 2011 Cisco and/or its affiliates. All rights reserved.
• What is LISP?
• Usecases incl. IPv6-Solutions
• Example - LHSys
• Example - Car-Communication
• Example - Android Phone
• Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
• Multiple IPv6 Networks (/48 and /64) in the car (EIDs)
• Secure, scalable connection to HQ and to the Internet - secure = integrated encryption, if needed - scalable = 1-2 mio MN per year w/ lifespan of 5-10 years
• Parallel use of different connections (WiFi, GMS, LTE, …) (RLOCs)
• Prioritizing of connections (due to speed, cost, …)
• Shortest Path (limited proxies)
• Lean client (LISP MN) in the car possible (HW or SW)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
PTR
Car DB
Car Apps
Car IPv6 Net = EID
xTR DB
xTR
RLOC (WiFi, GSM, LTE, …)
RLOC
RLOC RLOC
EID
RLOC (IPv4/IPv6)
EID (IPv6)
EID
Cisco Public 23 © 2011 Cisco and/or its affiliates. All rights reserved.
• What is LISP?
• Usecases incl. IPv6-Solutions
• Example - LHSys
• Example - Car-Communication
• Example - Android Phone
• Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
3G/4G Network WiFi Network
EID: 2610:00d0:xxxx::1/128
64.0.0.1 65.0.0.1
dynamic RLOCs
static EID
dino.cisco.com
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
This phone is a LISP site!
Map-Server: 64.1.1.1
64.0.0.1
65.0.0.1
wifi
3G
(1) 2 MNs can roam and stay connected (2) MNs can be servers (3) MNs roam without changing DNS entries (4) MNs can use multiple interfaces (5) MNs can control ingress packet policy (6) Faster hand-offs (7) Low battery use by MS proxy-replying (8) And most importantly, packets have stretch of 1 so latency is best for delay sensitive applications
LISP-MN can scale to
1 billion hand-sets!
EID-prefix: 2610:00d0:xxxx::1/128
Cisco Public 26 © 2011 Cisco and/or its affiliates. All rights reserved.
• What is LISP?
• Usecases incl. IPv6-Solutions
• Example - LHSys
• Example - Car-Communication
• Example - Android Phone
• Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
• With real implementation experience!
• With real deployment experience!
• With real customer engagement!
• http://www.lisp4.net & http://www.lisp6.net
• http://lisp.cisco.com
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
• Platforms to date:
ISR, ISRG2, 7200 (IOS)
ASR 1K (IOS-XE)
Nexus 7K, UCS c200, Titanium PC (NX-OS)
NX-OS on VMware and KVM
LISP-MN on Nexus 1 and Nexus S phones (Android Gingerbread)
LISP-MN on Linux (lispmob.org) – public domain
• Platforms this year:
CRS 3 and ASR 9K (IOS-XR)
Catalyst 6K (IOS)
Linksys (Linux/OpenWrt) – public domain
Cius Tablet (Android Froyo)
LISP Platform Products Shipping
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Thank you.