Mobility and Virtualization in the Data Center with LISP and OTV

Transcription

1

2 Mobility and Virtualization in the Data Center with LISP and OTV

3 Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases LAN Extensions: OTV LISP + OTV Deployment Considerations Summary and Conclusion Slides Identified with the Book Icon Are Provided for Your Reference and Will Not Be Part of the Live Presentation 3

4 Distributed Data Centers Building the Data Center Cloud Distributed Data Center Goals Seamless workload mobility Distributed applications Pool and maximize global resources Business Continuity Interconnect Challenges Complex operations Transport dependence IP subnets and mobility Failure containment Geographically Disperse Data Centers 4

5 Connecting Virtualized Data Centers Multi-tenancy/segmentation: Segment-IDs in LISP, FabricPath and OTV OTV IP Mobility: LISP Network Services Elasticity: ACE, GSS, ASA, VSG OTV OTV L2 Domain Elasticity: Inter-DC: OTV/VPLS Intra-DC: vpc, FabricPath, FEX, VXLAN OTV OTV Storage Solutions & Partners: FCIP, Read/write Acceleration EMC, NetApp Location of compute resources is transparent to the user VM-awareness: Port Profiles 5

6 Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases LAN Extensions: OTV LISP + OTV Deployment Considerations Summary and Conclusion 6

7 Location Identity Separation Protocol What do we mean by Location and Identity IP core Today s IP Behavior Loc/ID Overloaded Semantic When the Device Moves, It Gets a New IPv4 or IPv6 Address for Device IPv4 or IPv6 Its New Identity and Location Address Represents Identity and Location Device IPv4 or IPv6 Address Represents Identity Only. Its Location Is Here! IP core Only the Location Changes LISP Behavior Loc/ID Split When the Device Moves, Keeps Its IPv4 or IPv6 Address. It Has the Same Identity 7

8 A LISP Packet Walk How does LISP operate? 1 DNS Entry: D.abc.com A > > > > /24 LISP Site S ETR West-DC D 3 Mapping Entry ITR /24 EID-prefix: /24 Locator-set: Non-LISP site , priority: 1, weight: 50 (D1) Non-LISP site , priority: 1, weight: 50 (D2) IP Network /24 PITR EID-to-RLOC mapping This Policy Controlled by Destination Site East-DC

9 A LISP Packet Walk How about Non-LISP Sites? 1 DNS Entry: D.abc.com A Non-LISP Site S Non-LISP Site 3 Mapping Entry EID-Prefix: /24 Locator-Set: , priority: 1, weight: 50 (D1) , priority: 1, weight: 50 (D2) > ETR West-DC > D > > /24 IP Network /24 PITR East-DC EID-to-RLOC mapping

10 LISP Roles and Address Spaces What are the Different Components Involved? LISP Roles Tunnel Routers - xtrs Edge devices in charge of encap/decap Ingress/Egress Tunnel Routers (ITR/ETR) Proxy Tunnel Routers - PxTR Coexistence between LISP and non-lisp sites Ingress/Egress: PITR, PETR EID to RLOC Mapping DB Contains RLOC to EID mappings Distributed across multiple Map Servers (MS) MS may connect over an ALT network Non-LISP PxTR Address Spaces EID = End-point Identifier Host IP or prefix RLOC = Routing Locator IP address of routers in the backbone EID Space Prefix w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5 Next-hop e.f.g.h e.f.g.h e.f.g.h e.f.g.h ITR Mapping DB ETR EID a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 d.d.0.0/16 RLOC w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5 EID a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 d.d.0.0/16 RLOC Space EID Space EID ALT a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 d.d.0.0/16 RLOC w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5 RLOC w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5 10

11 LISP Mapping Database The Basics Registration and Resolution LISP Site ITR Mapping Cache Entry (on ITR): /16-> ( , ) Map Server / Resolver: Map-Reply /16 -> ( , ) Database Mapping Entry (on ETR): /16 -> ( , ) ETR ETR ETR ETR Database Mapping Entry (on ETR): /16 -> ( , ) West-DC East-DC / /16 Y X Y Z

12 LISP Mapping Database Node Resiliency/Clustering Mapping Cache Entry (on ITR): /16-> ( , ) LISP Site ITR No Synchronization Protocol Between Map Servers; ETRs Must Register with All Map Servers Individually; ITRs anycast Map Requests Map-Reply /16 -> ( , ) Map Resolver: (Anycast) Map Server: Mapping DB Map Server: Node Cluster Database Mapping Entry (on ETR): /16 -> ( , ) ETR ETR ETR ETR Database Mapping Entry (on ETR): /16 -> ( , ) West-DC East-DC / /16 Y X Y Z

13 Basic LISP Configuration Servers ip lisp map-resolver ip lisp map-server lisp site west-dc authentication-key 0 s3cr3t eid-prefix /24 Border Routers Between Backbones ip lisp proxy-itr ip lisp ITR map-resolver Non-LISP Sites Branch Routers ip lisp itr-etr ip lisp ITR map-resolver DC Aggregation Routers ip lisp itr-etr ip lisp database-mapping / p1 w50 ip lisp database-mapping / p1 w50 ip lisp ETR map-server key s3cr3t ip lisp ETR map-server key s3cr3t Usually Devices Will Be Configured as ITRs and ETRs to Handle Traffic in Both Directions; We Illustrate Only One Direction for Simplicity LISP Site ITR ETR West-DC /24 RLOC IP Network EID PITR Mapping DB LISP Encap/Decap East-DC 13

14 Location ID/Separation Protocol(LISP) Next Generation Networking Architecture Single Network Architecture Delivers: VM Mobility (topology independent addressing) Security: VPNs/Multi-tenancy Route Scalability (on demand routing) IPv6 enablement, Routing Policy simplification Benefits Services integrated in a single architecture Services can be offered across organizational boundaries (multiple providers) Very large scale Open model to integrate with cloud orchestrators Use-Cases DCI route optimization/mobility Workload Portability to Cloud Secure Multi-tenancy across organizations Rapid IPv6 Deployment Route scaling Making the Network Cloud-Ready 14

15 LISP Use Cases Consolidated Architecture with Multiple Applications Efficient Multi-Homing IPv6 Transition Support LISP Site LISP Routers Internet IP Portability Ingress Traffic Engineering without BGP v6 Services LISP Router v6 IPv4 Internet v4 v6 v6-over-v4, v6-over-v6 v4-over-v6, v4-over-v4 LISP Router v6 IPv6 Internet Multi-Tenancy and VPNs LISP Site Host-Mobility LISP Site IP Network IP Network West-DC East-DC West-DC East-DC Reduced CapEx/OpEx Large scale Segmentation Cloud / Layer 3 VM moves Segmentation 15

16 Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases Host-Mobility LAN Extensions: OTV LISP + OTV Deployment Considerations Summary and Conclusion 16

17 Moving vs. Distributing Workloads Why do we really need LAN Extensions? Moving Workloads Hypervisor Hypervisor Control Traffic (routable) IP Network Hypervisor Move workloads with IP mobility solutions: LISP Host Mobility IP preservation is the real requirement (LAN extensions not mandatory) Distribute workloads with LAN extensions Application High Availability with Distributed Clusters Distributed App (GeoCluster) OS OS OS Non-IP application traffic (heartbeats) LAN Extension (OTV) 17

18 LISP Host-Mobility Needs: Global IP-Mobility across subnets Optimized routing across extended subnet sites LISP Solution: Automated move detection on XTRs Dynamically update EID-to-RLOC mappings Traffic Redirection on ITRs or PITRs Benefits: Direct Path (no triangulation) Connections maintained across move No routing re-convergence No DNS updates required Transparent to the hosts Global Scalability (cloud bursting) IPv4/IPv6 Support LISP Site XTR LAN Extensions LISP-VM (XTR) West-DC RLOC Non-LISP Sites PXTR Mapping DB IP Network East-DC EID LISP Encap/Decap 18

19 Host-Mobility Scenarios Moves Without LAN Extension Moves With LAN Extension LISP Site XTR Non-LISP Site LISP Site XTR Mapping DB Internet or Shared WAN DR Location or Cloud Provider DC LAN Extension IP Network Mapping DB LISP-VM (XTR) LISP-VM (XTR) West-DC East-DC West-DC East-DC IP Mobility Across Subnets Disaster Recovery Cloud Bursting Routing for Extended Subnets Active-Active Data Centers Distributed Clusters Application Members in One Location Application Members Distributed (Broadcasts across sites) 19

20 LISP Host-Mobility Move Detection Monitor the source of Received Traffic The new xtr checks the source of received traffic Configured dynamic-eids define which prefixes may roam lisp dynamic-eid roamer database-mapping /24 <RLOC-C> p1 w50 database-mapping /24 <RLOC-D> p1 w50 map-server key abcd interface vlan 100 lisp mobility roamer Mapping DB LISP-VM (xtr) A B C D Received a Packet It s from a New Host It s in the Dynamic-EID Allowed Range It s a Move! Register the /32 with LISP West-DC East-DC / /16 Y X Y Z

21 LISP Host-Mobility Traffic Redirection Update Location Mappings for the Host System Wide When a host move is detected, updates are triggered: The host-to-location mapping in the Database is updated to reflect the new location The old ETR is notified of the move ITRs are notified to update their Map-caches Ingress routers (ITRs or PITRs) now send traffic to the new location Transparent to the underlying routing and to the host LISP Site xtr A B C D Mapping DB /16 RLOC A, B /32 RLOC C, D LISP-VM (xtr) West-DC East-DC / /16 Y X Y Z

22 Host Mobility without LAN extensions

23 LISP Host-Mobility First Hop Routing No LAN Extension SVI (Interface VLAN x) and HSRP configured as usual Consistent GWY-MAC configured across all dynamic subnets The lisp mobility <dyn-eid-map> command enables proxy-arp functionality on the SVI The LISP-VM router services first hop routing requests for both local and roaming subnets Hosts can move anywhere and always talk to a local gateway with the same MAC Totally transparent to the moving hosts interface vlan 100 interface Ethernet2/4 ip address /24 ip address /24 lisp mobility roamer lisp mobility ip roamer proxy-arp ip proxy-arp hsrp 101 hsrp 101 mac-address e1d.010c mac-address ip e1d.010c ip HSRP Active LISP-VM (xtr) A B C D West-DC East-DC / /24 HSRP ARP GWY-MAC interface vlan 200 interface vlan 100 ip address /24 ip address /24 lisp mobility roamer lisp mobility roamer ip proxy-arp ip proxy-arp hsrp 201 hsrp 201 mac-address e1d.010c mac-address e1d.010c ip ip HSRP ARP GWY-MAC HSRP Active 23

24 Host-Mobility and Multi-homing ETR Updates Across LISP Sites Null0 host routes indicate the host is away /16 RLOC A, B /32 RLOC C, D Map-Notify /32 <C,D> Mapping DB Map-Register /32 <C,D> Routing Table: /16 Local /32 Null0 10 Map-Notify /32 <C,D> Routing Table: / /16 Local / /32 Null0 1 East-DC West-DC Y A X B Routing Table: /16 Local /32 Local Y C 3 4 D Routing Table: /16 Local /32 Local Map-Notify /32 <C,D> 24

25 Refreshing the Map Caches Map ITR 1. ITRs and PITRs with cached mappings continue to send traffic to the old locators 1. The old xtr knows the host has moved (Null0 route) 2. Old xtr sends Solicit Map Request (SMR) messages to any encapsulators sending traffic to the moved host 3. The ITR then initiates a new map request process 4. An updated map-reply is issued from the new location 5. The ITR Map Cache is updated Traffic is now re-directed SMRs are an important integrity measure to avoid unsolicited map responses and spoofing /16 RLOC A,B LISP site ITR /32 RLOC C,D Mapping DB A B C D LISP-VM (xtr) West-DC East-DC / /16 X Y Y Z

26 LISP Mobility Across LISP Sites Communication to the Home Subnet Client-server communication established without the need to discover the workloads in the home subnet in West-DC /16 RLOC A, B Map ITR /16 RLOC A,B LISP site ITR Mapping DB Routing Table: /24 Local A B Routing Table: /24 Local /24 Null0 C D Routing Table: /24 Local /24 Null0 Installed by LISP to allow Proxy- ARP functions when moving x workloads here /24 West-DC X Y Routing Table: /24 Local /24 East-DC 26

27 On-subnet Server-Server Traffic On Subnet Traffic Across L3 Boundaries West-to-East X ARPs for Y, /32 Null0 entry for Y triggers proxy- ARP on West-DC xtrs to ensure traffic is steered there Note: entry for Y in X ARP cache is cleared by GARP message originated by West-DC XTRs Traffic to Y is LISP encapsulated East-to-West Y ARPs for X, /24 Null0 entry for the home subnet triggers proxy-arp on East DC xtrs to ensure traffic is steered there Note: assumption is that ARP cache on Y is refreshed after the move Traffic to X is LISP encapsulated B C C B A B C D A B C D LISP DC xtr LISP DC xtr West-DC West-DC /24 East-DC / /24 East-DC / Y Y X Y Z X Y Z

28 LISP Host-Mobility Configuration Without LAN Extensions ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-A> ip lisp database-mapping /16 <RLOC-B> ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-C> ip lisp database-mapping /16 <RLOC-D> lisp dynamic-eid roamer database-mapping /24 <RLOC-A> database-mapping /24 <RLOC-B> map-server key abcd map-server key abcd map-notify-group interface vlan 100 ip address /16 lisp mobility roamer (ip proxy-arp) hsrp 101 mac-address e1d.010c ip LISP-VM (xtr) A B C D lisp dynamic-eid roamer database-mapping /24 <RLOC-C> database-mapping /24 <RLOC-D> map-server key abcd map-server key abcd map-notify-group interface vlan 100 ip address /16 lisp mobility roamer (ip proxy-arp) hsrp 201 mac-address e1d.010c ip West-DC East-DC / /16 Mapping DB X Y Z 28

29 LISP Mobility Across LISP Sites MS/MR Deployment Recommended Option: co-locate MS/MR functionality on the DC xtr (one per DC site) MS/MR in West-DC LISP site /24 ip lisp map-resolver ip lisp map-server lisp site BRANCH_1 eid-prefix / /24 authentication-key abcd lisp site West-DC eid-prefix /16 accept-more-specifics authentication-key abcd lisp site East-DC eid-prefix /16 accept-more-specifics authentication-key abcd A B C D MS/MR in East-DC West-DC East-DC / /24 X Y Z 29

30 Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases LAN Extensions: OTV LISP + OTV Deployment Considerations Summary and Conclusion 30

31 Moving vs. Distributing Workloads Why do we really need LAN Extensions? Moving Workloads Hypervisor Hypervisor Control Traffic (routable) IP Network Hypervisor Move workloads with IP mobility solutions: LISP Host Mobility IP preservation is the real requirement (LAN extensions not mandatory) Distribute workloads with LAN extensions Application High Availability with Distributed Clusters Distributed App (GeoCluster) OS OS OS Non-IP application traffic (heartbeats) LAN Extension (OTV) 31

32 LAN Extensions Evolution From Circuits to Packets Circuits + Data Plane Flooding Packet Switching + Control Protocol DC-1 DC-2 DC-1 DC-2 L3 L2 L3 L2 B B A C D A C D Full mesh of circuits (pseudo-wires) MAC learning based on flooding Failure propagation Limited information Operationally Challenging Loop prevention and multi-homing must be provided separately Traditional L2 VPNs B B A C D A C D Packet switched connectivity MAC learning by control protocol Failure containment Rich information Operational simplification Automatic loop prevention & multi-homing MAC Routing 32

33 Overlay Transport Virtualization (OTV) Simplifying LAN Extensions Ethernet LAN Extension over any Network Works over dark fiber, MPLS, or IP Multi-data center scalability Simplified Configuration & Operation Seamless overlay - No network re-design Single touch site configuration High Resiliency Failure domain isolation Seamless Multi-homing Maximizes available bandwidth Automated multi-pathing Optimal multicast replication Many Physical Sites One Logical Data Center Any Workload, Anytime, Anywhere Unleashing the Full Potential of Compute Virtualization 33

34 Ingress Routing Challenge in DCI Extending Subnets Creates a Routing Challenge A subnet usually implies location Yet we use LAN extensions to stretch subnets across locations LISP site XTR Location semantics of subnets are lost Traditional routing relies on the location semantics of the subnet IP Network Can t tell if a server is at the East or West location of the subnet LAN Extension More granular (host level) information is required West-DC East-DC LISP provides host level location semantics 34

35 Host Mobility in Extended Subnets

36 LISP Host-Mobility First Hop Routing With Extended Subnets Consistent GWY-IP and GWY-MAC configured across all sites Consistent HSRP group number across sites consistent GWY-MAC Servers can move anywhere and always talk to a local gateway with the same IP/MAC interface vlan 100 interface vlan 200 interface vlan 100 ip address /24 ip address /24 interface Ethernet2/4 ip address /24 lisp mobility roamer lisp mobility roamer ip address /24 lisp mobility roamer lisp extended-subnet-mode lisp extended-subnet-mode lisp mobility lisp roamer extended-subnet-mode hsrp 101 LAN Ext. hsrp 101 lisp extended-subnet-mode hsrp 101 ip ip hsrp 101 ip A B C D ip HSRP Active LISP-VM (xtr) West-DC East-DC / /24 HSRP ARP GWY-MAC HSRP ARP GWY-MAC HSRP Active 36

37 Host-Mobility and Multi-homing ETR updates Extended Subnets Null0 host routes indicate the host is away /16 RLOC A, B /32 RLOC C, D /24 is the dyn-eid 4 Routing Table: /16 Local /24 Null /32 Null / /16 1 OTV East-DC West-DC A B 2 Y X Map-Notify /32 <C,D> Mapping DB Routing Table: /16 Local /24 Null /32 Local Routing Table: /16 Local /24 Null /32 Null Map-Register /32 <C,D> Y C 3 4 D Routing Table: /16 Local /24 Null /32 Local Map-Notify /32 <C,D> 37

38 Refreshing the Map Caches Map ITR 1. ITRs and PITRs with cached mappings continue to send traffic to the old locators 1. The old xtr knows the host has moved (Null0 route) 2. Old xtr sends Solicit Map Request (SMR) messages to any encapsulators sending traffic to the moved host 3. The ITR then initiates a new map request process 4. An updated map-reply is issued from the new location 5. The ITR Map Cache is updated Traffic is now re-directed SMRs are an important integrity measure to avoid unsolicited map responses and spoofing LISP-VM (xtr) West-DC OTV East-DC / /16 X LISP site Y ITR A B C D /32 RLOC A,B /32 RLOC A,B /32 RLOC C,D Y Z Mapping DB 38

39 LISP VM-Mobility Configuration With Extended Subnets extended-subnet-mode ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-A> ip lisp database-mapping /16 <RLOC-B> lisp dynamic-eid roamer database-mapping /24 <RLOC-A> database-mapping /24 <RLOC-B> map-server key abcd map-server key abcd map-notify-group interface vlan 100 ip address /16 lisp mobility roamer lisp extended-subnet-mode hsrp 101 ip ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-C> ip lisp database-mapping /16 <RLOC-D> lisp dynamic-eid roamer database-mapping /24 <RLOC-C> database-mapping /24 <RLOC-D> map-server key abcd map-server key abcd map-notify-group interface vlan 100 ip address /16 lisp mobility roamer lisp extended-subnet-mode hsrp 101 ip LISP-VM (xtr) LAN Ext A B C D Mapping DB West-DC /16 East-DC X Y Z 40

40 Off-subnet Client-Server Traffic All Off-Subnet/Off-Site Traffic Is LISP Encapsulated Clients ( & communicate with Server Client-server traffic is LISP encapsulated at the ITRs or PITRs Client-to-server: to ETRs C or D Server-to-client: to ETR (F) for LISP sites to PETR (G) for non-lisp sites Server-Server off-subnet traffic across sites is also LISP encapsulated CLIENT LISP Site F West-DC xtr CLIENT A B C D X Y F C Non-LISP Sites Y PxTR G D Mapping DB LISP-VM (xtr) East-DC / / G 41

41 On-subnet Server-Server Traffic On Subnet Traffic Across L3 Boundaries With LAN Extension Live moves and cluster member dispersion Traffic between X & Y uses the LAN Extension Link-local-multicast handled by the LAN Extension Without LAN Extensions Cold moves, no application dispersion X- Y traffic is sent to the LISP-VM router & LISP encapsulated Need LAN extensions for link-local multicast traffic B C Mapping DB LAN Ext A B C D A B C D LISP-VM (xtr) LISP-VM (xtr) West-DC /16 East-DC West-DC /16 East-DC / Y Y X Y Z X Y Z

42 Agenda Mobility and Virtualization in the Data Center LAN Extensions: OTV Introduction to LISP LISP Data Center Use Cases Multi-Tenancy LISP + OTV Deployment Considerations Summary and Conclusion 43

43 LISP Multi-Tenancy High Level View Needs: Integrated Segmentation Ease of operations Global Scale and interoperability LISP Solution: Traffic (control & data) is colored (tagged) with an instance-id Mappings are also colored in DB and caches On xtrs use VRFs as map cache contexts LISP Site xtr Non-LISP Sites IP Network PxTR Instance IP Location Red A East Blue A West Yellow C (Move) East West Mapping DB Benefits: xtr Very high scale tenant segmentation Distributed/on-demand/no-adjacencies Global mobility + high scale segmentation integrated in a single IP solution IP based solution, transport independent No Inter-AS complexity Overlay solution is transparent to the core West-DC RLOC EID LISP Encap/Decap East-DC 44

44 Network Virtualization in LISP LISP Multi-tenancy Virtualized Mapping Service: Instance EID IP Location Green A East Blue A West EID entries with instance-id semantics To MPLS VPNs, VRF-lite or separate networks Colored Map Requests/Replies Yellow C East West To LISP Control packets also contain instanceid semantics G D Instance G E Instance G F Instance Virtualized Map Cache (xtrs): Mappings cached in different VRFs per instance-id Interoperable with other VRF features/solutions Single RLOC space shared by multiple instances Colored Traffic: Instance-ID tag in LISP data header Instance-ID encoded in LISP control packets Coloring is transparent to the core 45

45 Segmentation End-to-end LISP-VRF Integration servers Enterprise Core A Enterprise WAN B Global Corp-A User MS/MR xtr11 xtr203 Doctor Corp-A101 User Enterprise Remote Site Finance Corp-A102 User Global VRF- Corp-A101 VRF-Corp-A102 VRF-Lite / EVN (or MPLS VPN) LISP Multi-Tenancy Instances 0,101,102 A B Instance 0 S D in Global A B Instance 101 S D in Corp-A101 A B Instance 102 S D in Corp-A102 VRF-Lite / EVN (or MPLS VPN) Global VRF- Corp-A101 VRF-Corp-A102 Single RLOC space shared by multiple instances Legend: EIDs -> Green Locators -> Red LISP encap/decap 47

46 Agenda Mobility and Virtualization in the Data Center LAN Extensions: OTV Introduction to LISP LISP Data Center Use Cases LISP + OTV Deployment Considerations Summary and Conclusion 49

47 LISP Host-Mobility Router Main Data Disaster Recover facilities Ideally: First hop routers for the subnets in which the mobile hosts reside: Detect host moves Provide a consistent first hop presence Could also be the second hop Usually the Aggregation Switches in the Data Center Customer Managed LISP Site XTR LISP-VM (XTR) West-DC RLOC Internet / WAN Backbone Data Center IP Backbone EID LISP-VM (XTR) DC-Aggregation DC-Access East-DC LISP Encap/Decap DR Location or Cloud Provider DC 50

48 OTV Router Main Data Centers only Typically not Disaster Recover facilities First hop routers for the subnets in which the mobile hosts reside: Connect to the VLANs to be extended Connect to the IP core Usually the Aggregation Switches in the Data Center Customer Managed LISP Site XTR OTV West-DC RLOC LAN Extension to DR or Cloud Facilities Is Usually Not Required Internet / WAN Backbone EID Data Center IP Backbone DC-Aggregation DC-Access East-DC LISP Encap/Decap DR Location or Cloud Provider DC OTV 51

49 PxTR Placement Advertise DC Routes to Non-LISP Sites PXTR Ideally placed on path between non-lisp and LISP sites Aggregation points are optimal: Border routers between DC core and WAN Internet Routers Customer Routers at Co-location Provider routers (PXTR service) PITRs must be configured to inject routes into the non-lisp network Attract traffic from Non-LISP sites Encap and send to the Data Center West-DC RLOC Provider PXTR Internet / WAN Backbone Data Center IP Backbone EID DC-Aggregation DC-Access Non-LISP Sites Private PXTR East-DC LISP Encap/Decap 52

50 Map Server Placement A Daemon on a Router The Map Server functionality can be enabled on any router BGP route-reflectors are a good analogy Off path is good, but not mandatory Distribute Map Servers across different locations Private Data Centers (Self managed) SP Data Centers/Cloud (SP Service) Map Server resiliency options: Clustered and distributed Distributed Database (DDT) West-DC LISP Site SP Mapping Service Private Map Server RLOC XTR Internet / WAN Backbone Data Center IP Backbone EID DC-Aggregation Non-LISP Sites DC-Access Private Map Server East-DC LISP Encap/Decap 53

51 Map Server Placement Private DC deployment Options Option 1: co-locate MS/MR functionality on the DC xtr (same as for LISP Across Subnet Mode) Option 2: push the MS/MR functionality on the OTV VDC (one per DC site) MS/MR in West DC MS/MR in West DC MS/MR in West DC MS/MR in West DC 54

52 Agenda Mobility and Virtualization in the Data Center LAN Extensions: OTV Introduction to LISP LISP Data Center Use Cases LISP + OTV Deployment Considerations Stateful Services Considerations Summary and Conclusion 59

53 Live Moves or Cold Moves Live (hot) Moves preserve existing connections and state e.g. vmotion, Cluster failover Requires synchronous storage and network policy replication Distance limitations Cold Moves bring machines down and back up elsewhere e.g. Site Recovery Manager No state preservation: less constrained by distances or services capabilities Moving Workloads Hypervisor Hypervisor Control Traffic (routable) IP Network Hypervisor Mobility across PODs within a site or across different locations 60

54 Services - Live Moves Services Cold Moves LISP LISP LISP LISP LAN Extension LAN Extension LAN Extension LAN Extension Redirection of established flows: - Extended Clusters - Cluster or LISP based re-direction DC1 DC2 DC1 IP preservation Uniform Policies DC2 Established before the move Established after the move 61

55 Cold Moves / Disaster Recovery Localized FW & SLB Clusters Independent FW & SLB cluster in each location LAN extensions not required New state created after moves No state synchronization LISP steers traffic to different locations Disaster recovery Cold workload relocation LISP FW cluster SLB cluster LISP FW cluster SLB cluster DC1 DC2 62

56 Live Moves Extended Firewall Clusters All Active FW cluster extended across locations LAN extensions for heartbeats, state sync and redirection within the cluster LISP LISP FW state is synchronized across all cluster members All members active LAN Extension LAN Extension Extended cluster LAN Extension LAN Extension LISP steers traffic to different locations Flows existing prior to the move will be redirected within the FW cluster (over the LAN extension) New flows will be instantiated on the FWs at the new site DC1 DC2 64

57 SLB Virtual-IP (VIP) Failover VIP is active at one location at a time VIP location is advertised in LISP LISP LISP VIP may failover on failure or change active device on machine moves VIP becomes active at a new site VIP VIP VIP activity is detected by the VMmobility logic LAN Extension LAN Extension VIP location is updated in LISP on failover DC1 DC2 66

58 Dynamic routes Inserting Firewalls in routed mode Traffic is Decapsulated Before Being Handed off to the FWs XTR is not the first hop router LISP host-mobility functionality is split to two places: XTR LISP registration/encap/decap 1 st Hop router Move detection, host route injection, proxy default GWY LISP encap/decap LISP signaling L3 Core R3: 3 rd Hop Router (XTR) R2: 2 nd Hop Router (FW) Local host routes fix up routing to the moving device The XTR LISP registers host routes in the dynamic-eid range Move Detection Host route injection Default GWY proxy roamer (lands in a foreign network) R1: 1 st Hop Router 67

59 Agenda Mobility and Virtualization in the Data Center LAN Extensions: OTV Introduction to LISP LISP Data Center Use Cases LISP + OTV Deployment Considerations Interaction with VXLAN Summary and Conclusion 70

60 L2 Host Overlays and Virtualization - VXLAN IP1 VXLAN elastic creation of virtual Segments web app GWY VM VM web vxlan 1 vxlan 2 IP1 GWY VM VSG vxlan 21 vxlan 22 Small Segments Usually don t stretch outside of a POD Mobile: Can be instantiated anywhere Move along with VMs as necessary Very large number of segments db VM app vxlan 3 db VM VM VSG vxlan 23 Do not consume resources in the network core Host overlays are initiated at the hypervisor virtual switch Virtual hosts only GWY to connect to the non-virtualized world Multi-tier Virtual App = VMs + Segments + GWY Application: Cloud Services VXLAN shipping since 2011 on Cisco Nexus 1000v, other variants: NVGRE, STT 71

61 IP1 VXLAN + LISP for vapp mobility GWY vxlan 1 web VM Move virtual Applications (vapps) to private cloud PODs Move VMs and virtual Segments (VXLANs) app VM vxlan 2 VSG LISP host mobility allows the vapp GWY to roam db VM vxlan 3 Maintain GWY IP address, segmentation and optimal reachability LISP IP mobility IP Network DC-west DC-east POD POD POD POD GWY web web web app app app db db db VM VM VM VM VM VM GWY VM VM vxlan 1 GWY vxlan 1 vxlan 1 vxlan 2 vxlan 2 vxlan 2 vxlan 3 VM vxlan 3 vxlan 3 web app db GWY VM VM VM vxlan 1 vxlan 2 vxlan 3 web app GWY VM VM vxlan 1 vxlan 2 vxlan 3 VM db 72

62 Service State Mobility vpath and the Virtual Services Gateway (VSG) VSG uses the vpath model FW policies are maintained centrally FW state/enforcement is distributed to the hypervisor switch FW state moves granularly with each VM LISP LISP DC1 DC2 73

63 Summary and Conclusions

64 Summary and Conclusions LISP provides an effective solution for host mobility Some applications may require LAN extensions in combination with host mobility LISP consolidates many network services in one architecture: Mobility, network segmentation, traffic engineering Enhanced scalability Location Identity Separation opens many opportunities in the Data Center space 76

65 LISP Host Mobility Support Part of the LISP Solution Space IPv6 Network xtr IPv6 Core 1. Multihoming 2. IPv6 Transition 3. Virtualization/VPN 4. Mobility IPv4 Network xtr IPv4 Core v6 v4 LISP is an Architecture 77

66 LISP References

67 LISP References LISP Sessions at Cisco Live London 2013 TRY LISP YOURSELF! LISP Walk-In Self-Paced (WISP) Labs Mon 09:30-18:30 Tues 11:15-12:45 Mon 09:30-18:30 Fri 11:30-13:00 Mon 09:30-18:30 You Are Here Wed 14:00-15:30 Thurs 15:00-18:30 79

68 LISP References LISP Information and Mailing Lists LISP Information Cisco LISP Site. (IPv4 and IPv6) Cisco LISP Marketing Site... LISP Beta Network Site or LISP DDT Root... IETF LISP Working Group... LISP Mailing Lists Cisco LISP Questions IETF LISP Working Group LISP Interest (public). LISPmob Questions... 80

69 Call to Action Visit the Cisco Campus at the World of Solutions to experience Cisco innovations in action Get hands-on experience attending one of the Walk-in Labs Schedule face to face meeting with one of Cisco s engineers at the Meet the Engineer center Discuss your project s challenges at the Technical Solutions Clinics 81

70 82

71