This document discusses the basic concepts of the Cisco® Locator/ID Separation Protocol (LISP) and illustrates the benefits of the architecture through the diverse use cases that LISP uniquely enables:
• IP mobility for geographic dispersion of data centers and disaster recovery
• IPv6 adoption enablement
• Highly scalable IP VPNs
• Multihoming and prefix portability
This document is of interest to technical decision makers (TDMs), network architects, and business decision makers (BDMs) defining technology direction and strategy.
The rapid proliferation and evolution of mobile devices, computing virtualization, and cloud-enabled services have triggered unprecedented requirements for network mobility, scalability, and security. Although the existing routing infrastructure may be able to partially meet the immediate requirements, a revised architecture capable of providing streamlined, consolidated, and sustainable solutions to these challenges on a global basis is needed to support the full realization of these trends over the Internet and in the data centers that source the information and services that the Internet enables.
To achieve the full potential of the cloud model, ubiquitous mobility is essential, not only in large-scale data centers, but also across data centers or in any location globally. Any workload should be able to exist anywhere to optimize utilization of computing resources and create flexible business models that benefit the end-user while providing fresh business opportunities for providers pursuing new models such as cloud computing services.
As the last remaining range of IPv4 addresses is assigned, the need for IPv6 enablement becomes even more relevant. The exhaustion of addresses, along with the revitalized push for IPv6 adoption, will drive the scale of the existing Internet infrastructure and the capacity of data center network infrastructures beyond their current limits. A routing architecture capable of intelligently handling the increased address space and smoothly integrating IPv6 without requiring a total upgrade of the network infrastructure is needed.
As cloud business becomes more pervasive, distributed and large-scale data centers hosting a multitude of customers who must be kept securely segmented from each other will become the standard. Not only do these data centers need to handle the very large number of addresses present on the Internet, but they must do so in a virtualized manner with integrated mobility. A revised architecture capable of providing all the services of mobility, scalability, and security concurrently and in a manageable way is necessary to continue to use the Internet to pursue the potential of cloud-enabled services.
Businesses and consumers face these challenges to different degrees. Small businesses will need better ways to move their workloads to cloud providers, enterprises will seek to use cloud models in their internal facilities and eventually on third-party facilities, and service providers will seek the business of enterprises and small businesses that want to outsource some of their processes and capacity and also of consumers who continue to increase their use of connected technologies in their daily lives.
LISP, developed by Cisco as an open standard, is a new routing architecture that brings renewed flexibility to the network in a single protocol, enabling mobility, scalability, and security.
By enabling pervasive mobility that can cut across organizational boundaries, LISP enables enterprises to move workloads or relocate resources to any location over any transport. The business implications include the capability to easily use private or third-party locations and resources that would have otherwise remained idle or unavailable. More important, LISP provides the freedom to choose among any combination of transport service offerings and the operational flexibility to move workloads and relocate IP prefixes without having to open a ticket with one or more service providers or be concerned about the traversal of multiple organizations (autonomous systems) across which not all required services may be available. Service costs are reduced through the capability to select the optimal transport service for different sites. Operating costs are reduced through the simplification of the process for moving or relocating workloads. Business opportunity costs are lowered through reduced provisioning times and the movement of services to the optimal location. The LISP solution offers a new level of mobility with its global scale and reach and provides true flexibility across any network, whether it is privately connected or is accessible through the public Internet.
The scalability benefits of LISP allow network owners to optimize the use of valuable resources such as forwarding tables. This optimization can be the difference between comfortably operating within the capacity of the network devices and requiring a hardware upgrade to accommodate the increased load. In large-scale facilities such as data centers, where very high port densities are required, capital expenditures (CapEx) can rapidly grow if the hardware must be upgraded to the next level of capacity. In addition to the CapEx for the infrastructure components, operating expenses (OpEx) for replacing the hardware can be significant. All these costs can be avoided by intelligent manipulation of the addressing space. LISP provides a solution that handles addressing to optimize the utilization of the network forwarding resources.
As businesses continue to grow, the assignable IPv4 address space will finally be depleted, and IPv6 adoption is no longer optional. The implementation of IPv6 and its ongoing maintenance have significant operational implications that will make the process of adopting IPv6 lengthy and costly. Through the use of LISP, IPv6 can be deployed incrementally in the network, without having to mandate an immediate move to a dual-stack infrastructure for which the operations team may or may not be prepared. This approach allows the network architect to support the immediate demands of the business for an increased number of endpoints, even with IPv4 address exhaustion. The LISP alternative is particularly interesting because it provides a mechanism to support IPv6 that can be enabled literally in minutes without imposing the immediate operational burden of a full dual-stack deployment.
As mobility becomes more pervasive, different organizations may seek to use common facilities to host workloads. Service providers can achieve economies of scale in which a few facilities can service a very large number of organizations or tenants at very competitive rates. It is critical that the connectivity within these large shared facilities be secure to avoid the risk of information leakage or security exposure between tenants. Furthermore, the separation of the tenants must be maintained on a global basis and across the different service provider organizations to achieve the flexibility that organizations seek. LISP has built-in segmentation services that are designed to support a global scale and to transparently cut across organizational boundaries, allowing businesses to use any combination of cloud providers while helping ensure that their privacy is maintained.
The current Internet routing and addressing architecture uses a single namespace - the IP address - to simultaneously express two attributes about a device: its identity and where it is attached to the network. LISP decouples the IP addresses of endpoints (endpoint identifier addresses [EIDs]) from their topological location address (routing locator addresses [RLOCs]) and maintains mappings between these addresses to achieve routing to EIDs over the routing locator (RLOC) topology. LISP uses a map-and-encapsulate routing model in which traffic destined for an EID is encapsulated and sent to an authoritative RLOC, rather than directly to the destination EID, based on the results of a lookup in a mapping database. Using this approach, the LISP architecture resolves current limitations and facilitates new functions in an interoperable manner with little impact on existing networks.
Services enabled by using LISP include:
• IP mobility with LISP for virtual machine mobility (Cisco LISP VM-Mobility)
• IPv6 enablement
• Multi-tenancy and large-scale VPNs
• Prefix portability and multihoming
Traditionally, these different scenarios have required the implementation of a multitude of independent protocols that are hard to deploy. LISP meets the requirements for all these scenarios with a single consolidated protocol. The operational benefits of such consolidation are considerable: operations can be streamlined and dramatically simplified.
IP Mobility with Cisco LISP VM-Mobility
Cisco LISP VM-Mobility provides location flexibility for IP endpoints in the data center network and across the Internet. With Cisco LISP VM-Mobility, IP endpoints such as virtual machines can be deployed anywhere, regardless of their IP address, and can freely move across data center racks and rows and separate locations, or globally across organizations.
With Cisco LISP VM-Mobility, the Internet is now equipped with the capability to move workloads across locations and organizations while preserving optimal routing, host IP addresses, policies, and existing connections. This level of mobility, flexibility, optimization, and scalability is not available with any other IP mobility solution and is crucial in transforming the Internet into a connectivity continuum capable of supporting global cloud deployments.
Cisco LISP VM-Mobility provides an automated solution to IP mobility with the following characteristics:
• Guaranteed optimal shortest-path routing
• Support for any combination of IPv4 and IPv6 addressing
• Integrated load balancing and multihoming
• Internet scale
• IP based
• Transparent to the endpoints and to the IP core
• Autonomous-system agnostic
Cisco LISP VM-Mobility allows IP endpoints to change location while keeping their assigned IP address. IP endpoints can move between different subnets or across different locations of a subnet that has been extended with a LAN extension mechanism. In either case, Cisco LISP VM-Mobility guarantees optimal routing to the IP endpoint, regardless of its location. Former IP mobility solutions force suboptimal routing through home agents and are difficult to deploy across organizations or autonomous systems.
This level of flexibility is crucial in supporting the deployment scenarios listed in Table 1 and illustrated in Figure 1.
Table 1. Cisco LISP VM-Mobility Use Cases and Requirements
Fast implementation of disaster recovery facilities
Relocation of IP endpoints across separate subnets; IP endpoints must preserve their IP addresses to reduce startup time
Relocation of IP endpoints across organizations
Optimized routing to IP subnets extended with Cisco Overlay Transport Virtualization (OTV) or Virtual Private LAN Services (VPLS)
Figure 1. Cisco VM-Mobility Across Separate Subnets and Within Extended Subnets
These deployment scenarios address a series of business needs, including:
• Improved application availability
• Streamlined disaster recovery procedures
• Flexible outsourcing options
• Better resource utilization
• Change-management flexibility
Operational flexibility is further enhanced by the transparent mobility provided through LISP. Traditional network designs must carefully choose an addressing structure that matches the structure of the network topology. This approach results in difficult challenges in deciding the ideal dimension for Layer 2 domains and often also mandates restrictive policies that limit the ability to quickly and efficiently deploy hosts or move workloads. The location flexibility introduced by LISP allows a standard network design that can scale to any number of endpoints without posing location restrictions on those endpoints. This characteristic, typical of Layer 2 networks, is enabled in a Layer 3 network with Cisco LISP VM-Mobility.
Mobility also affects change-management procedures. With the location flexibility available through LISP, change-management windows can have targets as specific as a single rack or as broad as an entire data center. Furthermore, the right combination of server virtualization and Cisco LISP VM-Mobility can enable in-service maintenance because LISP preserves connections over workload movement, and therefore downtime is replaced through the concept of workload relocation.
LISP introduces prefix portability to the networking space. In the world of telephony, number portability allows subscribers to keep their phone numbers as they roam across provider networks or even change providers. LISP allows network architects to easily preserve their addresses and be in a position to select the best providers with the best services and terms without being tied because of the complexity of addressing changes.
Incorporating LISP into an IPv6 transition strategy can simplify the initial rollout of IPv6 by taking advantage of the LISP mechanisms to encapsulate IPv6 host packets within IPv4 headers (or IPv4 host packets within IPv6 headers). This approach allows, for example, an organization to build IPv6 islands and connect them using existing IPv4 Internet connectivity. In addition, when LISP interworking infrastructure (proxy tunnel routers [PxTRs]) are included, a LISP-enabled IPv6 site can also connect to non-LISP IPv6 sites, again using existing IPv4 Internet connectivity. Often, these approaches can be accomplished using existing hardware, reducing CapEx needs.
One way to gain basic IPv6 experience with limited CapEx or OpEx outlay or changes to the existing infrastructure is to create IPv6 islands within the corporate network and connect them together using LISP over the existing IPv4 core. This design can be accomplished rapidly and easily with LISP without changes to the underlying network. This cost-effective solution is illustrated in Figure 2.
In this example, IPv6 islands are added at each site by configuring dual-stack routers to provide the connectivity between the existing IPv4 topology and the new IPv6 prefixes. These routers also perform the required LISP functions, which are all run completely internally to the enterprise.
Figure 2. IPv6 Islands Connected over an IPv4 Core
Another compelling use case is the need for enterprises to establish an IPv6 Internet web presence quickly, and without disrupting existing IPv4 services. Using LISP and the public LISP mapping services, enterprises can establish an IPv6 web presence using existing IPv4 WAN connectivity, and with few modifications to its current data center infrastructure. This cost-effective solution is illustrated in Figure 3.
In this example, LISP is used to connect non-LISP IPv6 Internet users to corporate web services. Again, this solution can be achieved with little reconfiguration and can be accomplished within a few hours.
Figure 3. LISP IPv6 Enablement Solutions and Services
Multi-Tenancy and Large-Scale VPNs
As a map-and-encapsulate mechanism, LISP is well suited to handle multiple virtual parallel address spaces. LISP mappings can be "colored" to give VPN and tenant semantics to each prefix handled by LISP. This coloring is encoded in the LISP control plane as stipulated in the standard definition of the protocol, and the LISP data plane also has the necessary fields to support the segmentation of traffic into multiple VPNs. Virtual Route Forwarding (VRF) instances are used as containers to cache mapping entries and also to provide transparent interoperability between the LISP segmentation solution and more traditional VRF interconnection techniques such as Multiprotocol Label Switching (MPLS) VPNs, VRF-lite, and Easy Virtual Network (EVN).
The LISP multi-tenancy solution is particularly attractive because it is natively integrated with the mobility, scalability, and IPv6 enablement functions that LISP offers, allowing all the various services to be enabled with the deployment of a single protocol.
Furthermore, since LISP uses an on-demand routing model, which does not require the maintenance of traditional routing adjacencies, the LISP multi-tenancy solution is expected to exceed the scalability of current segmentation solutions by at least one or two orders of magnitude.
The LISP multi-tenancy solution is not constrained by organizational boundaries, allowing users to deploy VPNs that can cut across multiple organizations to effectively reach any location and extend the network segmentation ubiquitously.
Cisco is a pioneer in the area of LISP implementation and a major force in the standardization efforts for the protocol. Cisco provides full standards-compliant implementations of LISP across most routing and switching product lines. Cisco is committed to the delivery of holistic solutions that have the improvement of our customer's business as the top priority. All Cisco solutions are backed by industry-leading research, development, and support organizations that are focused on customer success.