Guest

IP Routing

Cisco Locator/ID Separation Protocol

  • Viewing Options

  • PDF (166.8 KB)
  • Feedback
Last updated: February 2012

Cisco Locator/ID Separation Protocol (LISP) is a new routing architecture that is a simple, incrementally deployable, network-based solution, enabling enterprises and service providers to simplify multi-homing routing, facilitate highly scalable network virtualization, support data center virtual machine mobility, and reduce operational complexities.

Challenge

The current Internet routing and addressing architecture uses a single numbering space, the IP address, to simultaneously express two functions about a device: its identity and how it is attached to the network. One very visible and detrimental result of this single numbering space is manifested in the rapid growth of the Internet's DFZ (Default-Free Zone) as a consequence of multi-homing, non-aggregatable address allocations, and business events such as mergers and acquisitions.

Solution

Locator/ID Separation Protocol (LISP) creates a new paradigm by splitting the device identity, known as an Endpoint Identifier (EID), and its location, known as its Routing Locator (RLOC), into two different numbering spaces. Splitting EID and RLOC functions yields many benefits, including simplified and cost-effective multi-homing, ingress Traffic Engineering (TE) capabilities, IP address and host mobility, including session persistency across mobility event, IPv6 transition simplification, including incremental deployment of IPv6 using existing IPv4 infrastructure, and simplified, highly-scalable network virtualization.
Providing ingress TE capabilities is important for the enterprise to control and manage the utilization of the ingress bandwidth it pays for. LISP provides the ability to control ingress bandwidth in a simple and cost-effective manner. Because of its simple configuration and administration, LISP also helps enable sites to manage their own multihomed connectivity, thus eliminating associated outsourcing costs. Furthermore, LISP enables IPv6 connectivity over the existing IPv4 infrastructure.
Providing seamless VM mobility is important for organizations across geographic boundaries. LISP provides seamless VM Mobility across the data center, while providing optimal routing path.
Cisco is leading the LISP development effort through leadership in the IETF LISP Working Group, the development of LISP draft standards, through the development of LISP software, and the deployment and operation of a public LISP network. LISP is being developed as an open standard, with no Cisco intellectual property rights. A summary of many of these and efforts is can be found at http://lisp.cisco.com

LISP Overview

From the outset, the Cisco philosophy for the development of LISP has been to minimize end-customer changes and deployment complexities. Figure 1 provides a very general overview illustration of the LISP deployment environment. As illustrated in Figure 1, three essential environments exist in a LISP environment: the LISP sites (EID namespaces), the non-LISP sites (RLOC namespaces), and the LISP Infrastructure.

Figure 1. LISP Deployment Environment

As illustrated in Figure 1, the LISP namespace represents customer end sites in exactly the same way that end sites are defined today. The only difference is that the IP addresses used within these LISP sites are not advertised within the non-LISP RLOC namespace. Here, end-customer LISP functionality is deployed exclusively on Customer Edge (CE) routers, which function in the LISP roles of Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) devices. To fully implement LISP on an Internet-scale and in order to provide interoperability between LISP and non-LISP sites, additional LISP infrastructure components are required to be deployed as well. These additional LISP infrastructure components, as illustrated in Figure 1, support the LISP roles of Map-Server (MS), Map-Resolver (MR), Proxy Ingress Tunnel Router (PITR), and Proxy Egress Tunnel Router (PETR) devices. The specific functions implemented by each of the LISP devices illustrated in Figure 1 are discussed in the sections below.

LISP Site Edge Devices

ITR-Ingress Tunnel Router is deployed as a CE device. It receives packets from site-facing interfaces, and either encapsulates packets to remote LISP sites or natively forwards packets to non-LISP sites.

ETR-Egress Tunnel Router is deployed as a CE device. It receives packets from core-facing interfaces and either decapsulates LISP packets or natively delivers non-LISP packets to local EIDs at the site.
It is common for LISP site edge devices to implement both ITR and ETR functions. When this is the case, the device is referred to as an xTR. The LISP specification does not require that a device perform both ITR and ETR functions, however.
For both devices, the EID namespace is used inside the sites for end-site addresses for hosts and routers. EIDs go in Domain Name System (DNS) records, just as they do today. Generally speaking, the EID namespace is not globally routed in the underlying infrastructure. RLOC namespace on the other hand is used in the core. RLOCs are used as infrastructure addresses for LISP routers and ISP routers, and are globally routed in the underlying infrastructure, just like today. Hosts do not know about RLOCs, and RLOCs do not know about hosts.

LISP Infrastructure Devices

MS-The Map-Server is deployed as a LISP Infrastructure component. It configures the LISP site policy for LISP ETRs that register to it. This includes the EID prefixes for which registering ETRs are authoritative, and an authentication key, which must match the one also configured on the ETR. Map-Servers receive Map-Register control packets from ETRs. When the MS is configured with a service interface to the LISP ALT, it injects aggregates for the EID prefixes for registered ETRs into the ALT. The MS also receives Map-Request control packets from the ALT, which it then encapsulates to the registered ETR that is authoritative for the EID prefix being queried.

MR-The Map-Resolver is deployed as a LISP Infrastructure device. It receives Map-Requests encapsulated to it from ITRs, and when configured with a service interface to the LISP ALT, forwards Map-Requests to the ALT. Map-Resolvers also send Negative Map-Replies to ITRs in response to queries for non-LISP addresses.

ALT-An Alternative Topology device is deployed as part of the LISP Infrastructure to provide scalable EID prefix aggregation. Because the ALT is deployed as dual-stack (IPv4 and IPv6) BGP over generic routing encapsulation (GRE) tunnels, ALT-only devices can be implemented using basic router hardware, or other off-the-shelf devices capable of supporting BGP and GRE.

LISP Interworking Devices

PITR-A Proxy ITR is a LISP Infrastructure device that provides connectivity between non-LISP sites and LISP sites. A PITR does this by advertising coarse-aggregate prefixes for LISP EID namespace into the Internet, thus attracting non-LISP traffic destined to LISP sites. The PITR then encapsulates and forwards this traffic to LISP sites. This not only facilitates LISP/non-LISP interworking, but also allows LISP sites to see LISP ingress traffic engineering benefits from non-LISP traffic.

PETR-A Proxy ETR is a LISP Infrastructure device that allows IPv6 LISP sites without native IPv6 RLOC connectivity, to reach LISP sites that only have IPv6 RLOC connectivity. In addition, the PETR can also be used to allow LISP sites with uRPF restrictions to reach non-LISP sites.

It is likely that a LISP interworking device will implement both PITR and PETR functions. When this is the case, the device is referred to as a PxTR. The LISP specification does not require that a device perform both PITR and PETR functions, however.

Cisco LISP Software

Cisco LISP capabilities are currently supported on a range of Cisco IOS and NX-OS routing platforms through both Early Deployment (ED) software releases, and through the mainline releases.
Customers who wish to perform a LISP trial can download the required LISP-enabled ED software or mainline release by going to http://lisp.cisco.com

Platform Support

Cisco Locator/ID Separation Protocol (LISP) is available in Cisco IOS and NX-OS software feature sets as listed in Table 1.

Table 1. LISP Platform Support and License Required

Product Family

Platforms Supported

License

ISR 800 Series

860, 870, 880 and 890 Series

Advanced IP Services or Advanced Enterprise Services

ISR 1800 Series

1801, 1802, 1803, 1805, 1811, 1812, 1841, 1861

Advanced IP Services or Advanced Enterprise Services

ISR 1900 Series

1921, 1941, 1941W

Data license and up

ISR 2800 Series

2801, 2811, 2821, 2851

Advanced IP Services or Advanced Enterprise Services

ISR 2900 Series

2901, 2911, 2921, 2951

Data license and up

ISR 3800 Series

3825, 3845

Advanced IP Services or Advanced Enterprise Services

ISR 3900 Series

3925, 3925E, 3945, 3945E

Data license and up

7200 Series

7200-NPE-G2, 7201, 7204VXR, 7206VXR, 7301, 7304

Advanced IP Services or Advanced Enterprise Services

ASR 1000 Series

1001, 1002, 1002-F, 1004, 1006, 1013

Data license and up

N7000 Series

N7K-C7009, N7K-C7010, N7K-C7018. Requires 32-port 10-GE SFP+ I/O module N7K-M132XP-12

Transport Services License (N7K-TRS1K9)

For ordering details or more information on Cisco Locator/ID Separation Protocol, visit: http://www.cisco.com/go/lisp or http://lisp.cisco.com