Mobility and Virtualization in the Data Center with LISP and OTV
|
|
- Howard Rogers
- 6 years ago
- Views:
Transcription
1
2 Mobility and Virtualization in the Data Center with LISP and OTV Victor Moreno, Distinguished Engineer
3 Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases LAN Extensions: OTV LISP + OTV Deployment Considerations Summary and Conclusion Slides Identified with the Book Icon Are Provided for Your Reference and Will Not Be Part of the Live Presentation 3
4 Distributed Data Centers Building the Data Center Cloud Distributed Data Center Goals Seamless workload mobility Distributed applications Pool and maximize global resources Business Continuity Interconnect Challenges Complex operations Transport dependence IP subnets and mobility Failure containment Geographically Disperse Data Centers 4
5 Connecting Virtualized Data Centers Multi-tenancy/segmentation: Segment-IDs in LISP, FabricPath and OTV OTV OTV IP Mobility: LISP Network Services Elasticity: ACE, GSS, ASA, VSG OTV L2 Domain Elasticity: Inter-DC: OTV/VPLS Intra-DC: vpc, FabricPath, FEX, VXLAN Location of compute resources is transparent to the user Storage Solutions & Partners: FCIP, Read/write Acceleration EMC, NetApp 5 OTV OTV VM-awareness: Port Profiles
6 Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases LAN Extensions: OTV LISP + OTV Deployment Considerations Summary and Conclusion 6
7 Location Identity Separation Protocol What do we mean by Location and Identity IP core Today s IP Behavior Loc/ID Overloaded Semantic When the Device Moves, It Gets Device IPv4 or IPv6 a New IPv4 or IPv6 Address for Address Represents Its New Identity and Location Identity and Location Device IPv4 or IPv6 Address Represents Identity Only. Its Location Is Here! IP core Only the Location Changes LISP Behavior Loc/ID Split When the Device Moves, Keeps Its IPv4 or IPv6 Address. It Has the Same Identity 7
8 A LISP Packet Walk How does LISP operate? 1 DNS Entry: D.abc.com A > > > > /24 LISP Site S ETR West-DC D 3 Mapping Entry ITR /24 EID-prefix: /24 Locator-set: , priority: Non-LISP 1, weight: 50 (D1) Non-LISP site , site priority: 1, weight: 50 (D2) IP Network /24 PITR EID-to-RLOC mapping This Policy Controlled by Destination Site East-DC 8
9 A LISP Packet Walk How about Non-LISP Sites? 1 DNS Entry: D.abc.com A Non-LISP Site S Non-LISP Site 3 Mapping Entry EID-Prefix: /24 Locator-Set: , priority: 1, weight: 50 (D1) , priority: 1, weight: 50 (D2) > ETR West-DC > D > > /24 IP Network /24 PITR EID-to-RLOC mapping East-DC
10 LISP Roles and Address Spaces What are the Different Components Involved? LISP Roles Tunnel Routers - xtrs Edge devices encap/decap Ingress/Egress Tunnel Routers (ITR/ETR) Proxy Tunnel Routers - PxTR Coexistence between LISP and non-lisp sites Ingress/Egress: PITR, PETR EID to RLOC Mapping DB RLOC to EID mappings Distributed across multiple Map Servers (MS) Non-LISP PxTR EID Space Prefix Next-hop w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5 Address Spaces EID = End-point Identifier Host IP or prefix RLOC = Routing Locator IP address of routers in the backbone 10 e.f.g.h e.f.g.h e.f.g.h e.f.g.h ITR Mapping DB ETR EID a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 d.d.0.0/16 RLOC w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5 EID a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 d.d.0.0/16 ALT RLOC Space EID Space EID a.a.a.0/24 b.b.b.0/24 c.c.c.0/24 d.d.0.0/16 RLOC w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5 RLOC w.x.y.1 x.y.w.2 z.q.r.5 z.q.r.5
11 LISP Mapping Database The Basics Registration and Resolution Mapping Cache Entry (on ITR): LISP Site /16-> ( , ) ITR Map Server / Resolver: Database Mapping Entry (on ETR): /16 -> ( , ) Map-Reply /16 -> ( , ) ETR ETR ETR ETR Database Mapping Entry (on ETR): /16 -> ( , ) West-DC East-DC / /16 Y X Y Z
12 LISP Mapping Database Node Resiliency/Clustering Mapping Cache Entry (on ITR): /16-> ( , ) LISP Site ITR No Synchronization Protocol Between Map Servers; ETRs Must Register with All Map Servers Individually; ITRs anycast Map Requests Database Mapping Entry (on ETR): /16 -> ( , ) Map-Reply /16 -> ( , ) Map Resolver: (Anycast) Map Server: Mapping DB Map Server: Node Cluster ETR ETR ETR ETR Database Mapping Entry (on ETR): /16 -> ( , ) West-DC East-DC / /16 Y X Y Z
13 Basic LISP Configuration Servers ip lisp map-resolver ip lisp map-server lisp site west-dc authentication-key 0 s3cr3t eid-prefix /24 Border Routers Between Backbones ip lisp proxy-itr ip lisp ITR map-resolver Branch Routers ip lisp itr-etr ip lisp ITR map-resolver DC Aggregation Routers ip lisp itr-etr ip lisp database-mapping / p1 w50 ip lisp database-mapping / p1 w50 ip lisp ETR map-server key s3cr3t ip lisp ETR map-server key s3cr3t Usually Devices Will Be Configured as ITRs and ETRs to Handle Traffic in Both Directions; We Illustrate Only One Direction for Simplicity 13 LISP Site ITR ETR West-DC /24 RLOC Non-LISP Sites PITR IP Network EID Mapping DB East-DC LISP Encap/Decap
14 Location ID/Separation Protocol(LISP) Next Generation Networking Architecture Single Network Architecture Delivers: Host Mobility (topology independent addressing) Security: VPNs/Multi-tenancy Route Scalability (on demand routing) IPv6 enablement, Routing Policy simplification Benefits Services integrated in a single architecture Services can be offered across organizational boundaries (multiple providers) Very large scale Open model to integrate with cloud orchestrators Use-Cases DCI route optimization/mobility Workload Portability to Cloud Secure Multi-tenancy across organizations Rapid IPv6 Deployment Route scaling 2014 Cisco and/or its affiliates. Making All rights reserved. the Network 14 Cloud-Ready
15 LISP Use Cases Efficient Multi-Homing LISP Site LISP Routers IP Portability Ingress Traffic Engineering without BGP Multi-Tenancy and VPNs LISP Site Internet IP Network IPv6 Transition Support v6 Services LISP Router v6 LISP Router IPv4 Internet v4 v6 v6-over-v4, v6-over-v6 v4-over-v6, v4-over-v4 Host-Mobility LISP Site v6 IPv6 Internet IP Network West-DC East-DC West-DC East-DC Reduced CapEx/OpEx Large scale Segmentation 15 Cloud / Layer 3 VM moves Segmentation
16 Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases Host-Mobility LAN Extensions: OTV LISP + OTV Deployment Considerations Summary and Conclusion 16
17 Moving vs. Distributing Workloads Why do we really need LAN Extensions? Hypervisor Moving Workloads Hypervisor Control Traffic (routable) IP Network Hypervisor Move workloads with IP mobility solutions: LISP Host Mobility IP preservation is the real requirement (LAN extensions not mandatory) Distribute workloads with LAN extensions Application High Availability with Distributed Clusters O S O S Distributed App (GeoCluster) O S Non-IP application traffic (heartbeats) LAN Extension (OTV) 17
18 LISP Host-Mobility Needs: Global IP-Mobility across subnets Optimized routing across extended subnet sites LISP Solution: Automated move detection on XTRs Dynamically update EID-to-RLOC mappings Traffic Redirection on ITRs or PITRs Benefits: Direct Path (no triangulation) Connections maintained across move No routing re-convergence No DNS updates required Transparent to the hosts Global Scalability (cloud bursting) IPv4/IPv6 Support 18 LISP Site XTR LAN Extensions LISP-VM (XTR) West-DC RLOC Non-LISP Sites PXTR Mapping DB IP Network East-DC EID LISP Encap/Decap
19 Host-Mobility Scenarios Moves Without LAN Extension Moves With LAN Extension LISP Site XTR Non-LISP Site LISP Site XTR Mapping DB Internet or Shared WAN DR Location or Cloud Provider DC LAN Extension IP Network Mapping DB LISP-VM (XTR) LISP-VM (XTR) West-DC East-DC West-DC East-DC IP Mobility Across Subnets Disaster Recovery Cloud Bursting Application Members in One Location 19 Routing for Extended Subnets Active-Active Data Centers Distributed Clusters Application Members Distributed (Broadcasts across sites)
20 LISP Host-Mobility Move Detection Monitor the source of Received Traffic The new xtr checks the source of received traffic Configured dynamic-eids define which prefixes may roam lisp dynamic-eid roamer database-mapping /24 <RLOC-C> p1 w50 database-mapping /24 <RLOC-D> p1 w50 map-server key abcd interface vlan 100 lisp mobility roamer LISP-VM (xtr) Mapping DB A B C D Received a Packet It s from a New Host It s in the Dynamic-EID Allowed Range It s a Move! Register the /32 with LISP West-DC East-DC / /16 Y X Y Z
21 LISP Host-Mobility Traffic Redirection Update Location Mappings for the Host System Wide When a host move is detected, updates are triggered: The host-to-location mapping in the Database is updated to reflect the new location The old ETR is notified of the move ITRs are notified to update their Map-caches Ingress routers (ITRs or PITRs) now send traffic to the new location LISP Site xtr A B C D /16 RLOC A, B Mapping DB /32 RLOC C, D LISP-VM (xtr) West-DC East-DC / /16 Y X Y Z
22 Host Mobility without LAN extensions
23 LISP Host-Mobility First Hop Routing No LAN Extension SVI (Interface VLAN x) and HSRP configured as usual Consistent GWY-MAC configured across all dynamic subnets The lisp mobility <dyn-eid-map> command enables proxy-arp functionality on the SVI The LISP-VM router services first hop routing requests for both local and roaming subnets Moving hosts always talk to a local gateway with the same MAC interface vlan 100 interface Ethernet2/4 ip address /24 ip address /24 lisp mobility roamer lisp mobility ( roamer ip proxy-arp) (ip proxy-arp hsrp 101 hsrp 101 mac-address e1d.010c mac-address ip e1d.010c ip HSRP Active LISP-VM (xtr) A B C D West-DC East-DC / /24 HSRP HSRP ARP ARP GWY-MAC GWY-MAC interface vlan 200 interface vlan 100 ip address /24 ip address /24 lisp mobility roamer lisp mobility roamer (ip proxy-arp (ip proxy-arp) hsrp 201 hsrp 201 mac-address e1d.010c mac-address e1d.010c ip ip HSRP Active
24 Host-Mobility and Multi-homing ETR Updates Across LISP Sites Null0 host routes indicate the host is away /16 RLOC A, B /32 RLOC C, D Routing Table: /16 Local /32 Null0 10 Map-Notify /32 <C,D> Map-Notify /32 <C,D> A X B Mapping DB Routing Table: /16 Local / / /32 Null0 1 East-DC West-DC Y Routing Table: /16 Local /24 Null /32 Local 24 5 Map-Register /32 <C,D> Y C 4 D Routing Table: /16 Local /24 Null /32 Local Map-Notify /32 <C,D>
25 Refreshing the Map Caches 1. ITRs and PITRs with cached mappings continue to send traffic to the old locators 1. The old xtr knows the host has moved (Null0 route) 2. Old xtr sends Solicit Map Request (SMR) messages to any encapsulators sending traffic to the moved host 3. The ITR then initiates a new map request process 4. An updated map-reply is issued from the new location 5. The ITR Map Cache is updated Map ITR /16 RLOC A,B LISP site ITR /32 RLOC C,D Mapping DB A B C D Traffic is now re-directed SMRs are an important integrity measure to avoid unsolicited map responses and spoofing LISP-VM (xtr) West-DC East-DC / /16 Y X Y Z
26 LISP Mobility Across LISP Sites Client-server communication established without the need to discover the workloads in the home subnet in West-DC /16 RLOC A, B Map ITR /16 RLOC A,B LISP site ITR Mapping DB Routing Table: /24 Local /24 West-DC A X B Y Routing Table: /24 Local /24 Null0 Routing Table: /24 Local C D /24 Routing Table: /24 Local /24 Null0 Installed by LISP to allow Proxy-ARP functions when moving x workloads here East-DC 26
27 On-subnet Server-Server Traffic West-to-East East-to-West X ARPs for Y, /32 Null0 entry for Y triggers proxy-arp on West-DC xtrs to ensure traffic is steered there Note: entry for Y in X ARP cache is cleared by GARP message originated by West-DC XTRs Traffic to Y is LISP encapsulated Y ARPs for X, /24 Null0 entry for the home subnet triggers proxy-arp on East DC xtrs to ensure traffic is steered there Note: assumption is that ARP cache on Y is refreshed after the move Traffic to X is LISP encapsulated B C C B A B C D A B C D LISP DC xtr LISP DC xtr West-DC West-DC /24 East-DC / /24 East-DC / Y Y X Y Z X Y Z
28 LISP Host-Mobility Configuration Without LAN Extensions ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-A> ip lisp database-mapping /16 <RLOC-B> ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-C> ip lisp database-mapping /16 <RLOC-D> lisp dynamic-eid roamer database-mapping /24 <RLOC-A> database-mapping /24 <RLOC-B> map-server key abcd map-server key abcd map-notify-group interface vlan 100 ip address /16 lisp mobility roamer (ip proxy-arp) hsrp 101 mac-address e1d.010c ip LISP-VM (xtr) A B C D lisp dynamic-eid roamer database-mapping /24 <RLOC-C> database-mapping /24 <RLOC-D> map-server key abcd map-server key abcd map-notify-group interface vlan 100 ip address /16 lisp mobility roamer (ip proxy-arp) hsrp 201 mac-address e1d.010c ip Mapping DB West-DC East-DC / /16 X 28 Y Z
29 MS/MR Deployment across LISP Sites Recommended Option: co-locate MS/MR functionality on the DC xtr (one per DC site) MS/MR in West-DC LISP site /24 ip lisp map-resolver ip lisp map-server lisp site BRANCH_1 eid-prefix / /24 authentication-key abcd lisp site West-DC eid-prefix / /16 accept-more-specifics authentication-key abcd lisp site East-DC eid-prefix / /16 accept-more-specifics authentication-key abcd A B C D MS/MR in East-DC West-DC East-DC / /24 X Y Z 29
30 Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases LAN Extensions: OTV LISP + OTV Deployment Considerations Summary and Conclusion 30
31 Moving vs. Distributing Workloads Why do we really need LAN Extensions? Hypervisor Moving Workloads Hypervisor Control Traffic (routable) IP Network Hypervisor Move workloads with IP mobility solutions: LISP Host Mobility IP preservation is the real requirement (LAN extensions not mandatory) Distribute workloads with LAN extensions Application High Availability with Distributed Clusters OS OS Distributed App (GeoCluster) OS Non-IP application traffic (heartbeats) LAN Extension (OTV) 31
32 LAN Extensions Evolution From Circuits to Packets Circuits + Data Plane Flooding Packet Switching + Control Protocol DC- 1 DC- 2 DC- 1 DC- 2 L3 L2 L3 L2 B A C D B A C D Full mesh of circuits (pseudo-wires) MAC learning based on flooding Failure propagation Limited information Operationally Challenging Loop prevention and multi-homing must be provided separately Traditional L2 VPNs 32 B A C D B A C D Packet switched connectivity MAC learning by control protocol Failure containment Rich information Operational simplification Automatic loop prevention & multi-homing MAC Routing
33 OTV Data Plane 1. Layer 2 lookup on the destination MAC. MAC 3 is reachable through IP B 2. The Edge Device encapsulates the frame 3. The transport delivers the packet to the Edge Device on site East 4. The Edge Device on site East receives and decapsulates the packet 5. Layer 2 lookup on the original frame. MAC 3 is a local MAC 6. The frame is delivered to the destination 1 Layer 2 Lookup MAC TABLE VLAN MAC IF Transport Infrastructure 100 MAC 1 Eth 2 IP A IP B 100 MAC 1 IP A OTV OTV OTV OTV 100 MAC 2 Eth 1 Encap 100 MAC 2 IP A MAC 1 MAC 3 IP A IP B 100 MAC 3 IP B MAC 1 MAC 3 IP A IP B 100 MAC 3 Eth MAC 4 IP B 2 3 Decap 4 MAC TABLE VLAN MAC IF 100 MAC 4 Eth 4 5 Layer 2 Lookup MAC 1 MAC 3 MAC 1 West Site 33 East Site MAC 1 MAC 3 MAC 3 6
34 Building the MAC Tables The OTV Control Plane OTV proactively advertises MAC reachability (control-plane learning) MAC addresses advertised in the background once OTV has been configured IS-IS is the OTV Control Protocol running between the Edge Devices No specific configuration is required OTV MAC Addresses Advertisements OTV West IP A IP B East IP C OTV 34 South
35 Overlay Transport Virtualization (OTV) Simplifying LAN Extensions Ethernet LAN Extension over any Network Works over dark fiber, MPLS, or IP Multi-data center scalability Simplified Configuration & Operation Seamless overlay - No network re-design Single touch site configuration High Resiliency Failure domain isolation Seamless Multi-homing Maximizes available bandwidth Automated multi-pathing Optimal multicast replication Many Physical Sites One Logical Data Center Any Workload, Anytime, Anywhere Unleashing the Full Potential of Compute Virtualization 35
36 Ingress Routing Challenge in DCI Extending Subnets Creates a Routing Challenge A subnet traditionally implies location Yet we use LAN extensions to stretch subnets across locations Location semantics of subnets are lost LISP site XTR Traditional routing relies on the location semantics of the subnet Can t tell if a server is at the East or West location of the subnet LAN Extension IP Network More granular (host level) information is required LISP provides host level location semantics West-DC East-DC 36
37 Host Mobility in Extended Subnets
38 LISP Host-Mobility First Hop Routing With Extended Subnets Consistent GWY-IP and GWY-MAC configured across all sites Consistent HSRP group number across sites consistent GWY-MAC Servers can move anywhere and always talk to a local gateway with the same IP/MAC interface vlan 100 interface vlan 200 interface vlan 100 ip address /24 interface Ethernet2/4 ip address /24 ip address /24 lisp mobility roamer ip address /24 lisp mobility roamer lisp mobility roamer lisp extended-subnet-mode lisp mobility lisp roamer lisp extended-subnet-mode extended-subnet-mode hsrp 101 lisp extended-subnet-mode LAN Ext. hsrp 101 hsrp 101 ip hsrp 101 ip ip A B C D ip HSRP Active LISP-VM (xtr) West-DC East-DC /24 HSRP HSRP /24 ARP ARP GWY-MAC GWY-MAC HSRP Active 38
39 Host-Mobility and Multi-homing ETR updates Extended Subnets /16 RLOC A, B /32 RLOC C, D Mapping DB Routing Table: Routing Table: /16 Local Routing Table: /16 Local /24 Null /16 Local /24 Null /32 Null /24 Null /32 Local A B /32 Local C D Routing Table: /16 Local /24 Null /32 Null / /16 1 OTV East-DC West-DC Y X Y Map-Notify Map-Notify /32 <C,D> /32 <C,D> Null0 host routes indicate the host is away /24 is the dyn-eid Map-Register /32 <C,D>
40 Refreshing the Map Caches Map ITR 1. ITRs and PITRs with cached mappings continue to send traffic to the old locators 1. The old xtr knows the host has moved (Null0 route) 2. Old xtr sends Solicit Map Request (SMR) messages to any encapsulators sending traffic to the moved host 3. The ITR then initiates a new map request process 4. An updated map-reply is issued from the new location 5. The ITR Map Cache is updated Traffic is now re-directed SMRs are an important integrity measure to avoid unsolicited map responses and spoofing West-DC OTV East-DC / /16 X LISP site Y ITR A B C D /32 RLOC A,B /32 RLOC A,B /32 RLOC C,D Y Z Mapping DB LISP-VM (xtr) 40
41 Server to Server Intra-subnet flows Live moves and cluster member dispersion LAN Ext. A B C D Traffic flows in both E-W and W-E directions leverage LAN Extension (LISP does not come into the picture since traffic is handled at Layer 2) LISP DC xtr West-DC / Y East-DC /24 Link-local-multicast handled by the LAN Extension X Y Z 41
42 LISP VM-Mobility Configuration With Extended Subnets extended-subnet-mode ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-A> ip lisp database-mapping /16 <RLOC-B> ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-C> ip lisp database-mapping /16 <RLOC-D> lisp dynamic-eid roamer database-mapping /24 <RLOC-A> database-mapping /24 <RLOC-B> map-server key abcd map-server key abcd map-notify-group interface vlan 100 ip address /16 lisp mobility roamer lisp extended-subnet-mode hsrp 101 ip LISP-VM (xtr) LAN Ext A B C D lisp dynamic-eid roamer database-mapping /24 <RLOC-C> database-mapping /24 <RLOC-D> map-server key abcd map-server key abcd map-notify-group interface vlan 100 ip address /16 lisp mobility roamer lisp extended-subnet-mode hsrp 101 ip Mapping DB West-DC /16 East-DC X 42 Y Z
43 Off-subnet Client-Server Traffic All Off-Subnet/Off-Site Traffic Is LISP Encapsulated Clients ( & communicate with Server Client-server traffic is LISP encapsulated at the ITRs or PITRs CLIENT Client-to-server: to ETRs C or D Server-to-client: to ETR (F) for LISP sites to PETR (G) for non-lisp sites Server-Server off-subnet traffic across sites is also LISP encapsulated LISP Site 43 F xtr CLIENT F C A B C D Mapping DB LISP-VM (xtr) West-DC East-DC / / Y X Y Non-LISP Sites G PxTR G D
44 On-subnet Server-Server Traffic On Subnet Traffic Across L3 Boundaries With LAN Extension Live moves and cluster member dispersion Traffic between X & Y uses the LAN Extension Link-local-multicast handled by the LAN Extension Without LAN Extensions Cold moves, no application dispersion X- Y traffic is sent to the LISP-VM router & LISP encapsulated Need LAN extensions for link-local multicast traffic B C Mapping DB LAN Ext A B C D A B C D LISP-VM (xtr) LISP-VM (xtr) West-DC /16 East-DC West-DC /16 East-DC / Y Y X Y Z X Y Z
45 Agenda Mobility and Virtualization in the Data Center LAN Extensions: OTV Introduction to LISP LISP Data Center Use Cases Multi-Tenancy LISP + OTV Deployment Considerations Summary and Conclusion 45
46 LISP Multi-Tenancy High Level View Needs: Integrated Segmentation Ease of operations Global Scale and interoperability LISP Site xtr Non- LISP Sites PxTR Instance IP Location Red A East Blue A West Yellow C (Move) East West LISP Solution: IP Network Mapping DB Traffic (control & data) is colored (tagged) with an instance-id Mappings are also colored in DB and caches On xtrs use VRFs as map cache contexts Benefits: xtr West-DC East-DC Very high scale tenant segmentation Distributed/on-demand/no-adjacencies Global mobility IP based solution, transport independent Overlay solution is transparent to the core RLOC EID LISP Encap/Decap 46
47 Network Virtualization in LISP LISP Multi-tenancy To MPLS VPNs, VRF-lite or separate networks Colored Map Requests/Replies Instance EID IP Location Green A East Blue A West Yellow C East West To LISP Virtualized Mapping Service: EID entries with instance-id semantics Control packets also contain instance-id semantics G D Instance G E Instance G F Instance Single RLOC space shared by multiple instances Virtualized Map Cache (xtrs): Mappings cached in different VRFs per instance-id Interoperable with other VRF features/solutions Colored Traffic: Instance-ID tag in LISP data header Instance-ID encoded in LISP control packets 47
48 LISP Multi-Tenancy Two Modes Shared Mode Parallel Mode EID RLOC EID RLOC Multiple EID VRFs Multiple RLOC VRFs run in parallel All EID VRFs map to one shared RLOC VRF EID space is virtualized RLOC space not virtualized EID VRFs map to different RLOC VRFs RLOC and EID spaces are virtualized 48
49 LISP Virtualization Shared Model Shared Model at the device level - Multiple EID-prefixes are allocated privately using VRFs - EID lookups are in the VRF associated with an Instance-ID - All RLOC lookups are in a single table default - The Mapping System is part of the locator address space and is shared To VPNs (MPLS, 802.1Q, VRF-Lite, or separate networks) EID namespace, VRF Pink, IID 1 Pink To RLOC namespace EID namespace, VRF Blue, IID 2 Blue Default Single RLOC namespace Default table or RLOC VRF 49
50 LISP Virtualization Parallel Model Parallel Model at the device level - Multiple EID-prefixes are allocated privately using VRFs - EID lookups are in the VRF associated with an Instance-ID - RLOC lookups are in the VRF associated with the locator table - A Mapping System must be part of each locator address space To VPNs (MPLS, 802.1Q, VRF-Lite, or separate networks) EID namespace, VRF Pink, IID 1 Pink RLOC uses Pink namespace To VPNs (MPLS, 802.1Q, VRF-Lite, or separate networks) EID namespace, VRF Blue, IID 2 Blue Default RLOC uses Blue namespace 50
51 LISP Mobility in multiple VRFs Configuration Shared mode LISP Virtualization vrf context BLUE ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-A> ip lisp database-mapping /16 <RLOC-B> lisp instance-id 102 ip lisp locator-vrf RED vrf context BLUE ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-C> ip lisp database-mapping /16 <RLOC-D> lisp instance-id 102 ip lisp locator-vrf RED lisp dynamic-eid roamer database-mapping /24 <RLOC-A> database-mapping /24 <RLOC-B> map-server key abcd map-notify-group interface vlan 100 vrf member BLUE ip address /16 lisp mobility roamer hsrp 101 ip LISP-VM (xtr) A B C D lisp dynamic-eid roamer database-mapping /24 <RLOC-C> database-mapping /24 <RLOC-D> map-server key abcd map-notify-group interface vlan 100 vrf member BLUE ip address /16 lisp mobility roamer hsrp 101 ip Mapping DB West-DC East-DC / /16 X 51 Y Z
52 LISP Mobility in multiple VRFs Configuration Parallel mode LISP Virtualization vrf context BLUE ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-A> ip lisp database-mapping /16 <RLOC-B> lisp instance-id 102 ip lisp locator-vrf BLUE vrf context BLUE ip lisp ITR-ETR ip lisp database-mapping /16 <RLOC-C> ip lisp database-mapping /16 <RLOC-D> lisp instance-id 102 ip lisp locator-vrf BLUE lisp dynamic-eid roamer database-mapping /24 <RLOC-A> database-mapping /24 <RLOC-B> map-server key abcd map-notify-group interface vlan 100 vrf member BLUE ip address /16 lisp mobility roamer hsrp 101 ip LISP-VM (xtr) A B C D lisp dynamic-eid roamer database-mapping /24 <RLOC-C> database-mapping /24 <RLOC-D> map-server key abcd map-notify-group interface vlan 100 vrf member BLUE ip address /16 lisp mobility roamer hsrp 101 ip Mapping DB West-DC East-DC / /16 X 52 Y Z
53 LISP Multi-tenant + Mobility Configuration ip lisp map-resolver ip lisp map-server lisp site BRANCH_1 eid-prefix /24 authentication-key abcd lisp site West-DC eid-prefix /16 instance-id 102 accept-more-specifics authentication-key abcd lisp site East-DC eid-prefix /16 authentication-key abcd LISP-VM (xtr) A B C D Mapping DB West-DC East-DC / /16 X 53 Y Z
54 Segmentation End-to-end LISP-VRF Integration servers Enterprise Core A Enterprise WAN B Global Corp-A User Global VRF- Corp-A101 VRF-Corp-A102 MS/MR VRF-Lite / EVN (or MPLS VPN) xtr11 LISP Multi-Tenancy Instances 0,101,102 A B Instance 0 A B Instance 101 A B Instance 102 S D in Global S D in Corp-A101 S D in Corp-A102 xtr203 Enterprise Remote Site Doctor Corp-A101 User Finance Corp-A102 User VRF-Lite / EVN (or MPLS VPN) Global VRF- Corp-A101 VRF-Corp-A102 Single RLOC space shared by multiple instances 54 Legend: EIDs -> Green Locators -> Red LISP encap/decap
55 VRFs and LISP Multi-Tenancy Routes and Mappings in VRFs On a PITR, routes can be advertized on different VRFs Leverage VRF enabled functionality: PBR VRF-select DHCP relay ExTRanet Imports/Exports IGP/BGP routing protocols Interoperate with existing VPN networks To MPLS VPNs, VRF-Lite or Separate Networks 55
56 Agenda Mobility and Virtualization in the Data Center LAN Extensions: OTV Introduction to LISP LISP Data Center Use Cases LISP + OTV Deployment Considerations Summary and Conclusion 56
57 LISP Host-Mobility XTR Router Main Data Disaster Recover facilities Ideally: First hop routers for the subnets in which the mobile hosts reside: Detect host moves Provide a consistent first hop presence Could also be the second hop Usually the Aggregation Switches in the Data Center Customer Managed LISP Site XTR LISP-VM (XTR) West-DC RLOC Internet / WAN Backbone Data Center IP Backbone EID LISP-VM (XTR) DC-Aggregation DC-Access East-DC LISP Encap/Decap DR Location or Cloud Provider DC 57
58 OTV Router Main Data Centers only Typically not Disaster Recover facilities First hop routers for the subnets in which the mobile hosts reside: Connect to the VLANs to be extended Connect to the IP core Usually the Aggregation Switches in the Data Center Customer Managed LISP Site XTR OTV West-DC RLOC LAN Extension to DR or Cloud Facilities Is Usually Not Required Internet / WAN Backbone EID Data Center IP Backbone DC-Aggregation DC-Access East-DC LISP Encap/Decap DR Location or Cloud Provider DC OTV 58
59 PxTR Placement Advertise DC Routes to Non-LISP Sites PXTR Ideally placed on path between non-lisp and LISP sites Aggregation points are optimal: Border routers between DC core and WAN Internet Routers Customer Routers at Co-location Provider routers (PXTR service) PITRs must be configured to inject routes into the non-lisp network Attract traffic from Non-LISP sites Encap and send to the Data Center West-DC Provider PXTR RLOC Internet / WAN Backbone Data Center IP Backbone EID Non-LISP Sites DC-Aggregation DC-Access Private PXTR East-DC LISP Encap/Decap 59
60 PxTR Placement Advertise DC Routes to Non-LISP Sites PxTR on path between non-lisp and LISP sites (ideal) 1. Border routers between DC core and WAN Internet Routers Customer Routers at Co-location 2. Provider routers (PXTR service) 2 PxTRs at LISP sites (tromboning) 3. PXTR at Data Center edge 4. PxTR at regional hub branch PITRs must be configured to inject routes into the non-lisp network Attract traffic from Non-LISP sites Encap and send to the Data Center LISP Site West-DC RLOC XTR/PXTR 4 Internet / WAN Backbone Data Center IP Backbone PXTR EID 3 Non-LISP Sites Private PXTR East-DC Provider PXTR 1 LISP Encap/Decap 2 60
61 Map Server Placement A Daemon on a Router The Map Server functionality can be enabled on any router BGP route-reflectors are a good analogy Off path is good, but not mandatory Distribute Map Servers across different locations Private Data Centers (Self managed) SP Data Centers/Cloud (SP Service) Map Server resiliency options: Clustered and distributed Distributed Database (DDT) West-DC LISP Site SP Mapping Service Private Map Server RLOC XTR Internet / WAN Backbone Data Center IP Backbone EID Non-LISP Sites DC-Aggregation DC-Access Private Map Server East-DC LISP Encap/Decap 61
62 Map Server Placement Private DC deployment Options Option 1: co-locate MS/MR functionality on the DC xtr (same as for LISP Across Subnet Mode) Option 2: push the MS/MR functionality on the OTV VDC (one per DC site) MS/MR in West DC MS/MR in West DC MS/MR in West DC MS/MR in West DC 62
63 Summary - Where to Deploy LISP and OTV Roles and Places in the Network XTR: Branch LISP Sites Customer-managed/owned SP-Managed CE service PXTR: Border Transit Points Customer backbone routers Customer co-location SP provided router/service LISP-VM XTR: Aggregation Data Center Customer-managed/owned LISP Site XTR Internet / WAN Backbone Data Center IP LISP-VM (XTR) Backbone PXTR DC-Aggregation Non-LISP Sites Mapping DB Mapping Servers/Routers: Distributed Across Data Centers Customer-managed/owned SP provided service OTV OTV: Aggregation Data Center Customer-managed/owned West-DC RLOC 63 DC-Access East-DC EID LISP Encap/Decap
64 Nexus 7000 OTV and LISP Co-Existence OTV must run in a separate VDC in order to support SVIs for IP routing on extended VLANs Aggregation VDC OTV VDC IP Services, SVIs, LISP OTV Services LISP runs in the Aggregation VDC, separate from OTV, just like any other IP routing service 64
65 Nexus 7000 Hardware Requirements Encap/Decap Interfaces N7K-M132XP-12 N7K-M132XP-12L Other M-Series F1 & F2E-Series Cards (Proxy Mode) N7K-M132XP-12 N7K-M132XP-12L Only F3, N7K-M132XP-12 and N7K- M132XP-12L support LISP encapsulation F1 and F2E-Series can use N7K-M132XP-12 Proxy mode to support LISP Other M-series cards cannot operate in Proxy mode, should be deployed in a separate VDC Multi-hop mode can be leveraged if the first hop is not lisp encap capable (M-series) 65
66 Agenda Mobility and Virtualization in the Data Center LAN Extensions: OTV Introduction to LISP LISP Data Center Use Cases LISP + OTV Deployment Considerations Stateful Services Considerations Summary and Conclusion 66
67 Live Moves or Cold Moves Live (hot) Moves preserve existing connections and state e.g. vmotion, Cluster failover Requires synchronous storage and network policy replication Distance limitations Cold Moves bring machines down and back up elsewhere e.g. Site Recovery Manager No state preservation: less constrained by distances or services capabilities Moving Workloads Hypervisor Hypervisor Control Traffic (routable) IP Network Hypervisor Mobility across PODs within a site or across different locations 67
68 Live Moves or Cold Moves Services Live Moves Established before the move Established after the move Services Cold Moves LISP LISP LISP LISP LAN Extension DC1 DC2 Redirection of established flows: - Extended Clusters - Cluster or LISP based re-direction DC1 DC2 IP preservation Uniform Policies 68
69 Cold Moves / Disaster Recovery Localized FW & SLB Clusters Independent FW & SLB cluster in each location LAN extensions not required New state created after moves No state synchronization LISP steers traffic to different locations Disaster recovery Cold workload relocation LISP FW cluster SLB cluster LISP FW cluster SLB cluster DC1 DC2 69
70 LISP and Services Integration Active/Standby Units Deployed in Each Site LISP site Layer 3 Core FWs in separated sites work independently Stateless Active/Active scenario FW in different sites are not sync d Policies have to be replicated between sites VIP ESX VIP Workload/Server Farm Moves ESX No state information maintained between sites VIP on ACE must be moved between independent pairs Will drop previously established sessions after live workload move (i.e. vmotion) Data Center 1 Data Center 2 Positioned for cold migration scenarios (like Disaster Recovery for example) 70
71 Live Moves Extended Firewall Clusters All Active FW cluster extended across locations LAN extensions for heartbeats, state sync and redirection within the cluster FW state is synchronized across all cluster members All members active LISP steers traffic to different locations Flows existing prior to the move will be redirected within the FW cluster (over the LAN extension) New flows will be instantiated on the FWs at the new site LISP LISP Extended cluster LAN Extension DC1 DC2 71
72 LISP and Services Integration What about Stretching Services across Sites? LISP site VIP ESX Data Center 1 Layer 3 Core Workload/Server Farm Moves Data Center 2 ESX VIP FW and SLB stretched extended locations LAN extensions for heartbeats & state sync LISP steers traffic to Data Center 2 after Workload/Server Farm move Sub-optimal traffic pattern Not truly leveraging LISP inbound Path Optimization functionality advantages 72
73 SLB Virtual-IP (VIP) Failover VIP is active at one location at a time VIP location is advertised in LISP VIP may failover on failure or change active device on machine moves VIP becomes active at a new site LISP VIP LISP VIP VIP activity is detected by the VM-mobility logic LAN Extension LAN Extension VIP location is updated in LISP on failover DC1 DC2 73
74 Inserting Firewalls in routed mode Traffic is Decapsulated Before Being Handed off to the FWs LISP Messages XTR is not the first hop router LISP host-mobility functionality is split to two places: SG XTR LISP registration/encap/decap 1 st Hop router Move detection, map notification to XTR, proxy default GWY The SG XTR LISP registers host mappings in the dynamic-eid range LISP encap/decap LISP signaling Move Detection Host route injection Default GWY proxy L3 Core roamer (lands in a foreign network) R3: Site GWY XTR (SG) R2: FW (non- LISP) R1: First Hop (FH) 74
75 LISP-HM Multi-hop ESM L3 Core Map-Notify 4 LISP Registration/ Notifications 3 Map-Register L3 Core LISP encap/decap LISP encap/decap EID-Notify 5 2 EID-Notify Extended LAN (east-west traffic) 1 Map-Notify roamer (lands in a foreign network) 2 75
76 LISP-HM Multi-hop ESM Configuration L3 SG LISP Registrations ip lisp itr-etr LISP encap/decap lisp dynamic-eid foo database-mapping <eid-prefix> <xtr-rloc> priority <p> weight <w> SG1 SGn map-server <map-server-address> eid-notify authentication-key <key-value> LISP Notifications roamer (lands in a foreign network) lisp dynamic-eid foo 76 database-mapping <eid-prefix> <xtr-rloc> priority <p> weight <w> eid-notify <xtr-address-1> key <key-value> eid-notify <xtr-address-n> key <key-value>
77 LISP Host-mobility IGP Assist (LISP HMIA) Dynamic Host Routes Installed by LISP and redistributed into the IGP L3 Core roamer (lands in a foreign network) R1: FHR Host routing end to end LISP provides host mobility detection LISP provides signaling to guide IGP convergence The IGP propagates host routes received from LISP No LISP encapsulation involved 77
78 LISP-HM IGP Assist ESM e2e host routing LISP Signaling assists IGP convergence No mapping infrastructure for ESM L3 Core Redistribut e LISP routes into IGP Remove /32 lisp interface route 3 Map-Notify 2 78 Host detection 1 roamer (lands in a foreign network) Map-Notify 2 Redistribut e LISP routes into IGP Install /32 lisp interface route 2
79 LISP HM IGP Assist Configuration - FHR L3 Core lisp dynamic-eid foo database-mapping <eid-prefix> redistribute map-notify-group Dynamic Host Routes Installed by LISP and redistributed into the IGP R1: FHR router <favorite-routing-protocol> foo redistribute lisp route-map <bar> ip prefix-list <eid-list-name> seq 5 permit <eid-prefix> ge 32 route-map <bar> permit 10 roamer (lands in a foreign network) match ip address <eid-list-name> 79
80 LISP-HM IGP Assist ASM e2e host routing Without LISP signaling: Blackhole period L3 Core Redistribut e LISP routes into IGP Redistribut e LISP routes into IGP Remove /32 lisp interface route 4 3 Dyn-eid timeout Host detection 1 Map-Notify 2 Install /32 lisp interface route 2 80 roamer (lands in a foreign network)
81 LISP-HM IGP Assist ASM e2e host routing LISP Signaling assists IGP convergence L3 Core Map-Server Redistribut e LISP routes into IGP 4 Map-Notify 3 Map-Register Redistribut e LISP routes into IGP Remove /32 lisp interface route 5 Map-Notify 5 Host detection 1 Map-Notify 2 Install /32 lisp interface route 2 81 roamer (lands in a foreign network)
82 LISP HM IGP Assist Configuration - FHR ip lisp etr <<<< Must be ETR only L3 Core lisp dynamic-eid foo database-mapping <eid-prefix> redistribute Dynamic Host Routes Installed by LISP and redistributed into the IGP R1: FHR database-mapping <eid-prefix> rloc <rloc> p1 w50 map-server <ms-address> key <some-key> map-notify-group router <favorite-routing-protocol> foo redistribute lisp route-map <bar> roamer (lands in a foreign network) 82 ip prefix-list <eid-list-name> seq 5 permit <eid-prefix> ge 32 route-map <bar> permit 10 match ip address <eid-list-name>
83 Summary and Conclusions
84 Summary and Conclusions LISP provides an effective solution for host mobility Some applications may require LAN extensions in combination with host mobility LISP consolidates many network services in one architecture: Mobility, network segmentation, traffic engineering Enhanced scalability Location Identity Separation opens many opportunities in the Data Center space 84
85 LISP Host Mobility Support Part of the LISP Solution Space IPv6 Network xtr IPv6 Core 1. Multihoming 2. IPv6 Transition 3. Virtualization/VPN 4. Mobility IPv4 Network xtr IPv4 Core v6 v4 LISP is an Architecture 85
86 LISP References
87 LISP References LISP Information Cisco LISP Site. (IPv4 and IPv6) Cisco LISP Marketing Site... LISP Beta Network Site or LISP DDT Root... IETF LISP Working Group... LISP Mailing Lists Cisco LISP Questions IETF LISP Working Group LISP Interest (public). LISPmob Questions... 87
88 Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 88
89 Continue Your Education Demos in the Cisco Campus Walk-in Self-Paced Labs Table Topics Meet the Engineer 1:1 meetings 89
90
91
Mobility and Virtualization in the Data Center with LISP and OTV
Mobility and Virtualization in the Data Center with LISP and OTV Agenda Mobility and Virtualization in the Data Center Introduction to LISP LISP Data Center Use Cases LAN Extensions: OTV LISP + OTV Deployment
More informationMobility and Virtualization in the Data Center with LISP and OTV
Cisco Expo 2012 Mobility and Virtualization in the Data Center with LISP and OTV Tech DC2 Martin Diviš Cisco, CSE, mdivis@cisco.com Cisco Expo 2012 Cisco and/or its affiliates. All rights reserved. 1 Twitter
More informationINTRODUCTION 2 DOCUMENT USE PREREQUISITES 2
Table of Contents INTRODUCTION 2 DOCUMENT USE PREREQUISITES 2 LISP MOBILITY MODES OF OPERATION/CONSUMPTION SCENARIOS 3 LISP SINGLE HOP SCENARIO 3 LISP MULTI- HOP SCENARIO 3 LISP IGP ASSIT MODE 4 LISP INTEGRATION
More informationLocation ID Separation Protocol. Gregory Johnson -
Location ID Separation Protocol Gregory Johnson - grjohnso@cisco.com LISP - Agenda LISP Overview LISP Operations LISP Use Cases LISP Status (Standards and in the Community) Summary 2 LISP Overview 2010
More informationDeploying LISP Host Mobility with an Extended Subnet
CHAPTER 4 Deploying LISP Host Mobility with an Extended Subnet Figure 4-1 shows the Enterprise datacenter deployment topology where the 10.17.1.0/24 subnet in VLAN 1301 is extended between the West and
More informationIP Mobility Design Considerations
CHAPTER 4 The Cisco Locator/ID Separation Protocol Technology in extended subnet mode with OTV L2 extension on the Cloud Services Router (CSR1000V) will be utilized in this DRaaS 2.0 System. This provides
More informationFlexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN Ron Fuller CCIE #5851 (R&S/Storage) Technical Marketing Engineer, Nexus 7000 rfuller@cisco.com Agenda The Evolving Data Centre Fabric
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationLISP Locator/ID Separation Protocol
LISP Locator/ID Separation Protocol Hernán Contreras G. Consulting Systems Engineer hcontrer@cisco.com LISP Next Gen Routing Architecture Locator-ID Separation Protocol (LISP) Elevator Pitch LISP is a
More informationDNA SA Border Node Support
Digital Network Architecture (DNA) Security Access (SA) is an Enterprise architecture that brings together multiple building blocks needed for a programmable, secure, and highly automated fabric. Secure
More informationLISP. - innovative mobility w/ Cisco Architectures. Gerd Pflueger Consulting Systems Engineer Central Europe Version 0.
Version 0.2 22 March 2012 LISP - innovative mobility w/ Cisco Architectures Gerd Pflueger Consulting Systems Engineer Central Europe gerd@cisco.com 2012 Cisco and/or its affiliates. All rights reserved.
More informationLocator ID Separation Protocol (LISP) Overview
Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address: Endpoint identifiers (EIDs) assigned to end hosts.
More informationCisco Nexus 7000 Series NX-OS LISP Configuration Guide
First Published: 2011-10-25 Last Modified: 2014-04-25 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationIP Routing: LISP Configuration Guide, Cisco IOS Release 15M&T
First Published: 2012-07-27 Last Modified: 2013-03-29 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationHierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017
Hierarchical Fabric Designs The Journey to Multisite Lukas Krattiger Principal Engineer September 2017 A Single Fabric, a Single Data Center External Layer-3 Network Pod 1 Leaf/ Topologies (aka Folded
More informationCisco Nexus 7000 Series NX-OS LISP Configuration Guide
First Published: 2016-12-23 Last Modified: 2018-07-05 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationMulti-site Datacenter Network Infrastructures
Multi-site Datacenter Network Infrastructures Petr Grygárek rek 2009 Petr Grygarek, Advanced Computer Networks Technologies 1 Why Multisite Datacenters? Resiliency against large-scale site failures (geodiversity)
More informationCisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003
Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Agenda ACI Introduction and Multi-Fabric Use Cases ACI Multi-Fabric Design Options ACI Stretched Fabric Overview
More informationLocator/ID Separation Protocol (LISP) Virtual Machine Mobility Solution
White Paper Locator/ID Separation Protocol (LISP) Virtual Machine Mobility Solution White Paper 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1
More informationEvolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800
Evolving your Campus Network with Campus Fabric Shawn Wargo Technical Marketing Engineer BRKCRS-3800 Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility
More informationLISP. Migration zu IPv6 mit LISP. Gerd Pflueger Version Feb. 2013
Version 0.7 24 Feb. 2013 LISP Migration zu IP mit LISP Gerd Pflueger gerd@cisco.com 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 2011 Cisco and/or its affiliates. All rights reserved.
More informationData Center Interconnect Solution Overview
CHAPTER 2 The term DCI (Data Center Interconnect) is relevant in all scenarios where different levels of connectivity are required between two or more data center locations in order to provide flexibility
More informationCisco ACI Multi-Pod and Service Node Integration
White Paper Cisco ACI Multi-Pod and Service Node Integration 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 68 Contents Introduction... 3 Prerequisites...
More informationData Center Interconnection
Dubrovnik, Croatia, South East Europe 20-22 May, 2013 Data Center Interconnection Network Service placements Yves Louis TSA Data Center 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco
More informationMP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017
MP-BGP VxLAN, ACI & Demo Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017 Datacenter solutions Programmable Fabric Classic Ethernet VxLAN-BGP EVPN standard-based Cisco DCNM Automation Modern
More informationAPT: A Practical Transit-Mapping Service Overview and Comparisons
APT: A Practical Transit-Mapping Service Overview and Comparisons draft-jen-apt Dan Jen, Michael Meisel, Dan Massey, Lan Wang, Beichuan Zhang, and Lixia Zhang The Big Picture APT is similar to LISP at
More informationIntroduction to External Connectivity
Before you begin Ensure you know about Programmable Fabric. Conceptual information is covered in the Introduction to Cisco Programmable Fabric and Introducing Cisco Programmable Fabric (VXLAN/EVPN) chapters.
More informationImplementing VXLAN in DataCenter
Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric
More informationNexus 7000 F3 or Mx/F2e VDC Migration Use Cases
Nexus 7000 F3 or Mx/F2e VDC Migration Use Cases Anees Mohamed Network Consulting Engineer Session Goal M1 VDC M1/M2 VDC M2/F3 VDC M1/F1 VDC M1/M2/F2e VDC F2/F2e/F3 VDC F2 VDC F3 VDC You are here This Session
More informationOverview. Overview. OTV Fundamentals. OTV Terms. This chapter provides an overview for Overlay Transport Virtualization (OTV) on Cisco NX-OS devices.
This chapter provides an overview for Overlay Transport Virtualization (OTV) on Cisco NX-OS devices., page 1 Sample Topologies, page 6 OTV is a MAC-in-IP method that extends Layer 2 connectivity across
More informationEvolution of Network Overlays in Data Center Clouds
Evolution of Network Overlays in Data Center Clouds Victor Moreno, Distinguished Engineer Agenda In the beginning - Overlay Foundational Principles Square pegs and round holes Evolution to meet networking
More informationCisco IOS LISP Application Note Series: Lab Testing Guide
Cisco IOS LISP Application Note Series: Lab Testing Guide Version 3.0 (28 April 2011) Background The LISP Application Note Series provides targeted information that focuses on the integration configuration
More informationCisco Nexus 7000 Series NX-OS LISP Command Reference
First Published: 2016-11-24 Last Modified: -- Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax:
More informationLISP: What and Why. RIPE Berlin May, Vince Fuller (for Dino, Dave, Darrel, et al)
LISP: What and Why RIPE Berlin May, 2008 Vince Fuller (for Dino, Dave, Darrel, et al) http://www.vaf.net/prezos/lisp-ripe-long.pdf Agenda What is the problem? What is LISP? Why Locator/ID Separation? Data
More informationLISP Parallel Model Virtualization
Finding Feature Information, page 1 Information About, page 1 How to Configure, page 6 Configuration Examples for, page 24 Additional References, page 25 Feature Information for, page 26 Finding Feature
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationOptimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric)
White Paper Optimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric) What You Will Learn This document describes how to achieve a VXLAN EVPN multifabric design by integrating Virtual
More informationCisco IOS LISP Application Note Series: Access Control Lists
Cisco IOS LISP Application Note Series: Access Control Lists Version 1.1 (28 April 2011) Background The LISP Application Note Series provides targeted information that focuses on the integration and configuration
More informationMulti-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service
Cisco ACI Multi-Site Service Integration, on page 1 Cisco ACI Multi-Site Back-to-Back Spine Connectivity Across Sites Without IPN, on page 8 Bridge Domain with Layer 2 Broadcast Extension, on page 9 Bridge
More informationCisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco
Cisco Campus Fabric Introduction Vedran Hafner Systems engineer Cisco Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationTTL Propagate Disable and Site-ID Qualification
The TTL Propagate Disable feature supports disabling of the TTL (Time-To-Live) propagation for implementing the traceroute tool in a LISP network when RLOC and EID belong to different address-family. The
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationCampus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801
Campus Fabric How To Integrate With Your Existing Networks Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationVirtuální firewall v ukázkách a příkladech
Praha, hotel Clarion 10. 11. dubna 2013 Virtuální firewall v ukázkách a příkladech T-SEC3 / L2 Tomáš Michaeli Cisco 2013 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Agenda VXLAN
More informationLocator/ID Separation Protocol (LISP)
Locator/ID Separation Protocol (LISP) Damien Saucez* INRIA Sophia Antipolis FRNOG 18, December 2 th, 2011 * special thanks to Olivier Bonaventure, Luigi Iannone and Dino Farinacci Disclaimer Not a vendor
More informationCisco Dynamic Fabric Automation Architecture. Miroslav Brzek, Systems Engineer
Cisco Dynamic Fabric Automation Architecture Miroslav Brzek, Systems Engineer mibrzek@cisco.com Agenda DFA Overview Optimized Networking Fabric Properties Control Plane Forwarding Plane Virtual Fabrics
More informationData Center InterConnect (DCI) Technologies. Session ID 20PT
Data Center InterConnect (DCI) Technologies Session ID 20PT Session Objectives The main goals of this session are: Highlighting the main business requirements driving Data Center Interconnect (DCI) deployments
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Introduction to The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationVRF, MPLS and MP-BGP Fundamentals
VRF, MPLS and MP-BGP Fundamentals Jason Gooley, CCIEx2 (RS, SP) #38759 Twitter: @ccie38759 LinkedIn: http://www.linkedin.com/in/jgooley Agenda Introduction to Virtualization VRF-Lite MPLS & BGP Free Core
More informationDemand-Based Control Planes for Switching Fabrics
Demand-Based Control Planes for Switching Fabrics Modern switching fabrics use virtual network overlays to support mobility, segmentation, and programmability at very large scale. Overlays are a key enabler
More informationConfiguring VXLAN EVPN Multi-Site
This chapter contains the following sections: About VXLAN EVPN Multi-Site, on page 1 Licensing Requirements for VXLAN EVPN Multi-Site, on page 2 Guidelines and Limitations for VXLAN EVPN Multi-Site, on
More informationLecture 7 Advanced Networking Virtual LAN. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 7 Advanced Networking Virtual LAN Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Advanced Networking Scenario: Data Center Network Single Multiple, interconnected via Internet
More informationEthernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services. Introduction and Application Note
White Paper Ethernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services Introduction and Application Note Last Updated: 5/2014 Ethernet VPN (EVPN)
More informationACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU
ACI Multi-Site Architecture and Deployment Max Ardica Principal Engineer - INSBU Agenda ACI Network and Policy Domain Evolution ACI Multi-Site Deep Dive Overview and Use Cases Introducing ACI Multi-Site
More informationContents. EVPN overview 1
Contents EVPN overview 1 EVPN network model 1 MP-BGP extension for EVPN 2 Configuration automation 3 Assignment of traffic to VXLANs 3 Traffic from the local site to a remote site 3 Traffic from a remote
More informationLISP Router IPv6 Configuration Commands
ipv6 alt-vrf, page 2 ipv6 etr, page 4 ipv6 etr accept-map-request-mapping, page 6 ipv6 etr map-cache-ttl, page 8 ipv6 etr map-server, page 10 ipv6 itr, page 13 ipv6 itr map-resolver, page 15 ipv6 map-cache-limit,
More information21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer
21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal By Adeyemi Ademola E. Cloud Engineer 1 Contents Introduction... 5 1.2 Document Purpose and Scope...5 Service Definition...
More informationLISP Generalized SMR
The feature enables LISP xtr (ITR and ETR) to update map cache when there is a change in database mapping. Note There is no configuration commands for this feature. This feature is turned on automatically.
More informationMigration from Classic DC Network to Application Centric Infrastructure
Migration from Classic DC Network to Application Centric Infrastructure Kannan Ponnuswamy, Solution Architect, Cisco Advanced Services Acronyms IOS vpc VDC AAA VRF STP ISE FTP ToR UCS FEX OTV QoS BGP PIM
More informationGETVPN+LISP Lab Guide
GETVPN+LISP Lab Guide Developers and Lab Proctors This lab was created by: Gregg Schudel, TME LISP Development Team Version 1.0: Created by Gregg Schudel Lab proctor: Gregg Schudel (gschudel@cisco.com)
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches) First Published: 2017-07-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-997 Title : Implementing Cisco Data Center Unified Fabric (DCUFI) Vendor : Cisco
More informationLISP: Intro and Update
LISP: Intro and Update RIPE Berlin May, 2008 Vince Fuller (for Dino, Dave, Darrel, et al) http://www.vaf.net/prezos/lisp-ripe-short.pdf Agenda What is LISP? What problem is LISP solving? www.vaf.net/prezos/rrg-prague.pdf
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationVXLAN Multipod Design for Intra-Data Center and Geographically Dispersed Data Center Sites
White Paper VXLAN Multipod Design for Intra-Data Center and Geographically Dispersed Data Center Sites May 17, 2016 Authors Max Ardica, Principal Engineer INSBU Patrice Bellagamba, Distinguish System Engineer
More informationHPE FlexFabric 5940 Switch Series
HPE FlexFabric 5940 Switch Series EVPN Configuration Guide Part number: 5200-2002b Software version: Release 25xx Document version: 6W102-20170830 Copyright 2017 Hewlett Packard Enterprise Development
More informationVXLAN Design with Cisco Nexus 9300 Platform Switches
Guide VXLAN Design with Cisco Nexus 9300 Platform Switches Guide October 2014 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 39 Contents What
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches) First Published: 2017-07-31 Last Modified: 2017-11-03 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive
More informationEthernet VPN (EVPN) in Data Center
Ethernet VPN (EVPN) in Data Center Description and Design considerations Vasilis Stavropoulos Sparkle GR EVPN in Data Center The necessity for EVPN (what it is, which problems it solves) EVPN with MPLS
More informationLISP A Next Generation Networking Architecture
LISP A Next Generation Networking Architecture Victor Moreno Distinguished Engineer #clmel Agenda LISP Overview LISP Operations How setup LISP LISP Deployment Examples LISP Status LISP Summary 3 LISP Overview
More informationOTV Technology Introduction and Deployment Considerations
CHAPTER 1 OTV Technology Introduction and Deployment Considerations This document introduces a Cisco innovative LAN extension technology called Overlay Transport Virtualization (OTV). OTV is an IP-based
More informationImplementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN
This module provides conceptual information for VXLAN in general and configuration information for layer 2 VXLAN on Cisco ASR 9000 Series Router. For configuration information of layer 3 VXLAN, see Implementing
More informationCisco Virtualized Workload Mobility Introduction
CHAPTER 1 The ability to move workloads between physical locations within the virtualized Data Center (one or more physical Data Centers used to share IT assets and resources) has been a goal of progressive
More informationExam Questions
Exam Questions 642-997 DCUFI Implementing Cisco Data Center Unified Fabric (DCUFI) v5.0 https://www.2passeasy.com/dumps/642-997/ 1.Which SCSI terminology is used to describe source and destination nodes?
More informationFrequently Asked Questions for HP EVI and MDC
Frequently Asked Questions for HP EVI and MDC Q. What are we announcing at VMworld? A. HP will be expanding Virtual Application Networks with new FlexFabric innovations that simplify the interconnection
More informationVXLAN Deployment Use Cases and Best Practices
VXLAN Deployment Use Cases and Best Practices Azeem Suleman Solutions Architect Cisco Advanced Services Contributions Thanks to the team: Abhishek Saxena Mehak Mahajan Lilian Quan Bradley Wong Mike Herbert
More informationData Center Configuration. 1. Configuring VXLAN
Data Center Configuration 1. 1 1.1 Overview Virtual Extensible Local Area Network (VXLAN) is a virtual Ethernet based on the physical IP (overlay) network. It is a technology that encapsulates layer 2
More informationPage 2
Page 2 Mgmt-B, vmotion-a vmotion-b VMM-Pool-B_ Connection-B -Set-A Uplink-Set-A Uplink-Set-B ACI-DC Standard Aggregation L3 Switch Configuration for existing Layer 2 : Nexus 6K-01 switch is
More informationSecurizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN
Platformă de e-learning și curriculă e-content pentru învățământul superior tehnic Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN MPLS VPN 5-ian-2010 What this lecture is about: IP
More informationLARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF
LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF MODULE 07 - MPLS BASED LAYER 2 SERVICES 1 by Xantaro MPLS BASED LAYER 2 VPNS USING MPLS FOR POINT-TO-POINT LAYER 2 SERVICES 2 by Xantaro Why are Layer-2
More informationCisco ACI Multi-Pod Design and Deployment
Cisco ACI Multi-Pod Design and Deployment John Weston Technical Marketing Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationEvolution with End-to-End Data Center Virtualization
Evolution with End-to-End Data Center Virtualization Yves Louis DC Virtualisation Technical Solution Architect Agenda Data Center Virtualization Overview Front-End Data Center Virtualization Core Layer
More informationCisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab
Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab Ali Shaikh Technical Leader Faraz Shamim Sr. Technical Leader Mossaddaq Turabi Distinguished ENgineer Cisco Spark How Questions?
More informationIBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture
IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture Date: 2017-03-29 Version: 1.0 Copyright IBM Corporation 2017 Page 1 of 16 Table of Contents 1 Introduction... 4 1.1 About
More informationReal4Test. Real IT Certification Exam Study materials/braindumps
Real4Test http://www.real4test.com Real IT Certification Exam Study materials/braindumps Exam : 400-101 Title : CCIE Routing and Switching Written Exam v5.1 Vendor : Cisco Version : DEMO Get Latest & Valid
More informationIntelligent WAN Multiple VRFs Deployment Guide
Cisco Validated design Intelligent WAN Multiple VRFs Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deploying the Cisco IWAN Multiple VRFs...
More informationOverlay Transport Virtualization
Overlay Transport Virtualization Brian Farnham Technical Marketing Engineer Nexus 7000 Overlay Transport Virtualization Simplifying Data Center Interconnect Any Workload Anytime Anywhere 4 Session Objectives
More informationLISP A Next-Generation Networking Architecture
LISP A Next-Generation Networking Architecture LISP Disjointed RLOC Space Technical Details Version 0.8 30 October 2013 LISP Disjointed RLOC Space Details Agenda LISP Disjointed RLOC Space Technical Details
More informationLTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager
LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager Henrique Molina, Technical Marketing Engineer Matthias Wessendorf, Technical Marketing Engineer Cisco Spark How
More informationHow to Achieve True Active Active Data Centre Infrastructures
How to Achieve True Active Active Data Centre Infrastructures John Schaper Technical Solutions Architect BRKDCT-2615 # 5354 Agenda Introduction Mapping Applications to Business Criticality Levels Active
More informationArchitecting Scalable Clouds using VXLAN and Nexus 1000V
Architecting Scalable Clouds using VXLAN and Nexus 1000V Lawrence Kreeger Principal Engineer Agenda Session Is Broken Into 3 Main Parts Part 1: VXLAN Overview What is a VXLAN? Why VXLANs? What is VMware
More informationContents. Configuring EVI 1
Contents Configuring EVI 1 Overview 1 Layer 2 connectivity extension issues 1 Network topologies 2 Terminology 3 Working mechanism 4 Placement of Layer 3 gateways 6 ARP flood suppression 7 Selective flood
More informationDMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationInternet Engineering Task Force (IETF) Request for Comments: Cisco Systems January 2013
Internet Engineering Task Force (IETF) Request for Comments: 6831 Category: Experimental ISSN: 2070-1721 D. Farinacci D. Meyer J. Zwiebel S. Venaas Cisco Systems January 2013 The Locator/ID Separation
More informationIntroduction to Segment Routing
Segment Routing (SR) is a flexible, scalable way of doing source routing. Overview of Segment Routing, page 1 How Segment Routing Works, page 2 Examples for Segment Routing, page 3 Benefits of Segment
More informationConfiguring VXLAN EVPN Multi-Site
This chapter contains the following sections: About VXLAN EVPN Multi-Site, page 1 Guidelines and Limitations for VXLAN EVPN Multi-Site, page 2 Enabling VXLAN EVPN Multi-Site, page 2 Configuring VNI Dual
More information