This document discusses the architecture and deployment scenarios of Cisco® Locator/ID Separation Protocol (LISP) and illustrates the benefits of the architecture in campus networks with Cisco Catalyst® 6500 and 6800 Series Switches through the different use cases that LISP uniquely enables:
• IPv6 adoption enablement
• Virtualization with highly scalable IP VPNs
• Prefix portability
This document is of interest to technical decision makers (TDMs), network architects, and business decision makers (BDMs) defining technology direction and strategy for any enterprise.
The last decade has seen a twofold technology shift: rapid proliferation of mobile devices, tablets, and laptops and technology evolution in virtualization and cloud-enabled services. This has triggered unprecedented requirements for network mobility, scalability, and converged solutions, and campus networks need innovative solutions to address them. In the campus there has been an increased proliferation of devices (both IPv4 and IPv6) with trends such as bring your own device (BYOD). Similarly, IT consolidation, mergers, and acquisitions require architects and operators to revector their network designs constantly. The bandwidth requirements and scale have also been increasing, with video on demand, unified communications, and networked applications becoming more pervasive in the enterprise. Although the existing campus infrastructure might be able to partially meet the immediate requirements, a revised architecture capable of providing streamlined, consolidated, and sustainable solutions to these challenges is needed to support the full realization of these trends in campus networks.
As the paucity of IPv4 addresses is aggravated by the proliferation of devices, the need for IPv6 enablement becomes even more relevant. The exhaustion of IP addresses, along with the revitalized push for IPv6 adoption, will push the scale of the existing infrastructure beyond current limits. A routing architecture capable of intelligently handling the increased address space and integrating IPv6 without requiring a total end-to-end upgrade of the network infrastructure is needed.
Conventional Internet protocol routing technology relies on routing tables to find IP addresses. This approach creates difficulties when those addresses need to be updated or when the systems or applications move for any reason in the campus or data center. With the rise of cloud services and IPv6 adoption, end users are increasingly moving applications from one environment to another or updating IP addresses. The proliferation of IP addresses and certain applications with embedded IP addresses makes the problem worse.
Another area in which customers face significant challenges is different aspects of network operations such as:
• Complexity of network deployment, especially with multihoming requirement for increased bandwidth, high availability, and resiliency
• Technical hurdles and operating expenses associated with site renumbering when changing services providers is detrimental to the development of new services
Overview of LISP Solution
LISP is a revolutionary routing architecture developed by Cisco and the IETF that implements a new paradigm for IP addressing that uses the IP address to create two namespaces: endpoint identifiers (EIDs), which are assigned to end hosts, and routing locators (RLOCs), which are assigned to devices (primarily routers and switches) that make up the global routing system. Using this approach, the LISP architecture resolves current limitations and facilitates new functionality in an interoperable manner with minimal effect to existing networks. LISP uses a map-and-encapsulate routing model in which traffic destined for an EID is encapsulated and sent to an authoritative RLOC, rather than directly to the destination EID, based on the results of a lookup in a mapping database.
Services enabled by LISP in campus networks using Cisco Catalyst 6500/6800 switches include:
• IPv6 enablement
• Multitenancy and large-scale VPNs
• Prefix portability
Traditionally, these different scenarios have required the implementation of a multitude of independent protocols that are hard to deploy. LISP meets the requirements for all these scenarios with a single consolidated approach. The operational benefits of such consolidation are considerable because operations can be dramatically simplified. On the Cisco Catalyst 6500, the encapsulation and decapsulation of LISP packets are done in hardware, resulting in improved performance for LISP in the core of the campus network.
The scalability benefits of LISP allow network owners to optimize the use of valuable resources in routers and switches such as forwarding and routing tables. In large-scale enterprises, where high port densities and rich services are required, capital expenditures (CapEx) can rapidly grow if the hardware must be upgraded to the next level of capacity on a frequent basis to address route scale. In addition to the CapEx for the infrastructure components, operating expenses (OpEx) for replacing the hardware and maintaining the upgraded network can be significant. All these costs can be avoided by intelligent manipulation of the addressing space. LISP provides a solution that handles addressing to optimize the utilization of the network forwarding resources.
As businesses continue to grow and with trends such as BYOD, the assignable IPv4 address space will finally be depleted, and IPv6 adoption is no longer optional. The implementation of IPv6 and its ongoing maintenance have significant operational implications that will make the process of adopting IPv6 lengthy and costly. Through the use of LISP, IPv6 can be deployed incrementally in the network, without having to mandate an immediate move to a dual-stack infrastructure, which typically requires additional OpEx budgets. This approach allows the network architect to support the immediate demands of the business for an increased number of endpoints, even with IPv4 address exhaustion.
For IT, with mergers, acquisitions, outsourcing, and consolidation, it is becoming increasingly important to have a virtualized campus network with many closed user groups, all on a single physical network, which LISP virtualization solves elegantly.
Traditionally network-based IPv6 transition techniques fall into three categories:
• Dual-stack IPv4 and IPv6
• IPv6 tunneling
• IPv6 translation
For enterprises enabling IPv6, each approach has its dependencies and limitations such as failure detection, resiliency challenges with static configurations, and dependence on service providers.
Implementing an IPv6 transition strategy with LISP has several benefits over each of preceding approaches because it can immensely simplify the initial rollout of IPv6 by encapsulating IPv6 host packets within IPv4 headers or IPv4 host packets within IPv6 headers. Establishing an IPv6 web presence or deploying a private IPv6 VPN can both be accomplished with few changes to existing IPv4 network infrastructure using the inherent address family-independent design of LISP. Using LISP allows retaining the existing IPv4 WAN connectivity, enabling quick and efficient migration to IPv6. In addition, when LISP interworking infrastructure proxy tunnel routers (PxTRs) are included, a LISP-enabled IPv6 site can also connect to non-LISP IPv6 sites using existing IPv4 Internet infrastructure.
Campuses are typically distributed, and the different sites such as headquarters, engineering centers, branch offices, and remote sites need to be interconnected. Some of the site networks can now be transitioned to IPv6 in phases while still having other sites and the core network being on IPv4. An operationally efficient way to gain basic IPv6 rollout with limited CapEx or OpEx increase in such scenarios is to create IPv6 islands within the corporate network and connect them together using LISP over the existing IPv4 core. This design can be accomplished rapidly with the Cisco Catalyst 6500/6800 running LISP without changes to the underlying network. This cost-effective solution is illustrated in Figure 1. The Cisco Catalyst 6500/6800 can be configured to provide LISP mapping services and LISP encapsulation services. The switch can be configured as a map server/map resolver (MS/MR) and as an ingress tunnel router/egress tunnel router (xTR) concurrently.
In this example, IPv6 islands are added at each site by configuring dual-stack routers to provide the connectivity between the existing IPv4 topology and the new IPv6 prefixes. These routers also perform the required LISP functions, which are all run completely internal to the enterprise.
Figure 1. IPv6 Islands Connected over IPv4 Core
Another compelling use case is the need for enterprises to be able to support remote users who would like to connect to a corporate intranet over an IPv6 Internet connection. Many service providers have now moved to IPv6 rollouts for Internet connectivity for their customers. These users also need to access their corporate network that still runs over an IPv4 core and can have dual-stack devices such as media players, printers, and network storage devices. Using LISP and the public LISP mapping services, enterprises can allow IPv6 Internet users to connect to the corporate LAN or BYOD network using existing IPv4 WAN connectivity, and with few modifications to the underlying infrastructure. This cost-effective solution is illustrated in Figure 2.
In this example, LISP is used to connect non-LISP IPv6 Internet users to corporate web services, printing, data storage, and media services. Again, this solution can be achieved with little reconfiguration and can be accomplished within a few hours.
Figure 2. LISP IPv6 Service with IPv4 Infrastructure
Multitenancy and Large-Scale VPNs
LISP implements "locator/ID" separation and thus creates two namespaces, one each for EIDs and RLOCs, and hence both these namespaces can be utilized for virtualization. LISP mappings can be "colored" to give VPN and tenant semantics to each prefix handled by LISP. This coloring is encoded in the LISP control plane as stipulated in the standard definition of the protocol, and the LISP data plane also has the necessary fields to support the segmentation of traffic into multiple VPNs. LISP binds VRFs to instance IDs, and then these IDs are included in the LISP header to provide data plane (traffic flow) separation for single or multihop needs. The LISP multitenancy solution is expected to exceed the scalability of current segmentation solutions significantly because it uses an on-demand routing model, which does not require the maintenance of traditional routing adjacencies.
The Cisco Catalyst 6500/6800 LISP implementation supports the shared mode for virtualization in which the EID space is virtualized through its association with VRFs, which are tied to LISP instance IDs to segment the control plane and data plane. A common shared locator space, the default (global) table, is then used to resolve RLOC addresses for all virtualized EIDs.
The LISP multitenancy solution is especially useful in the campus, because it supports deploying VPNs that cut across multiple organizations to extend the network segmentation ubiquitously beyond network boundaries. A typical scenario of LISP virtualization in the campus is to extend VRF/VLAN services by using one pseudowire or VPN to transport multiple VRFs mapped through LISP over the existing VPLS and Multiprotocol Label Switching (MPLS) core. Services such as voice, closed-circuit TV (CCTV), and video can be put in their own VRFs to resolve EIDs within VRFs tied to instance IDs, while the RLOC addresses are resolved in a common (shared) address space. This is particularly useful if the core network is IP only without MPLS, as illustrated in Figure 3. New VRFs can be added on any of the sites and connected over existing MPLS or IP core without the need to create new VRF in the core. This enables all the new VRFs to be transported over a single campus VRF.
Figure 3. Extend VRF Services over Existing Core
Multihoming with LISP
Given the LISP separation of location and identity and the ability to look up EID paths in the map server at the ingress switch, one of the primary benefits of the LISP implementation is built-in multihoming and traffic engineering. EID spaces can be connected to the RLOC environment using several ETRs. The map server responding to the querying ITR can offer a list of ETRs to be used. This design offers a preference of some ETRs over others, allowing some systems to act as primary ETRs and others as backups, thus inherently providing multihoming. This is implemented using the priority field, with lower priority systems being preferable over higher systems.
The benefit of this design is that it allows traffic distribution to be controlled. After the priority comparison has been made and a number of systems with the lowest priority have been identified, the weight is considered. Traffic will be distributed between ETRs in the ratio of their weights.
Cisco is a pioneer in the area of LISP implementation and a major force in the standardization efforts for the protocol. Cisco provides full standards-compliant implementations of LISP across most routing and switching product lines. Cisco is committed to the delivery of holistic solutions that have the improvement of our customers' business as the top priority. All Cisco solutions are backed by industry-leading research, development, and support organizations that are focused on customer success.