Expert Reference Series of White Papers
Simplify Your Route to
the Internet:
Simplify Your Route to the Internet:
Three Advantages of Using LISP
Alex Marcotte, CCIE, CCI, VMware Certified professional , Data Center
Design and Unified Fabric Specialist, Cisco WAN Specialist
Introduction
Cisco systems is very busy promoting Location ID separation protocol (LISP) these days and it is leaving many network administrators wondering about the technology and if they should start looking into it or not. There are many big companies, such as Lufthansa airlines and the Los Angeles Unified School District, that are already using LISP in production, and they were eager to share the benefits of the protocol during the last Cisco Live! Event in 2012. Let’s learn more about the protocol and its benefits.
What is LISP?
LISP was developed in the last few years for many reasons, but the main on is to make this process of connect-ing multi-homed sites much easier and (almost) maintenance-free.
The concept of LISP is to decouple hosts identities from the network that they belong to. In order to do so, LISP uses two different databases: the first Resource Locator (RLOC),which is essentially a map of different networks; and second is the End-host ID (EID), that keeps track of where hosts are on the network in relation to their RLOC. There are also three types of LISP router roles. (See Figure 1.)
1. ITR – ingress tunnel router 2. ETR – egress tunnel router
3. MAP Server and MAP Resolver router
Today’s Internet
Whenever network administrators, designers, and engineers are presented with a multi-location network topol-ogy that includes dual-homing, one answer pops up to solve the routing between the locations: Border Gateway Protocol (BGP). BGP is the de facto protocol to “route the Internet” and requires the IT staff to have a good understanding of the protocol before starting to configure it. Major networks collaborate to build the internet, making then transient autonomous systems (AS) that are advertised to one another using BGP. When someone wants to visit an Autonomous System such as the one holding Google, Facebook, or eBay, they determine the AS based on the subnet that has the host and the lookup router (either the ISPs or your multi-homed router) and consults the internet’s BGP table to figure out the best path to the destination.
Tomorrow’s Internet
If we already have a solution, why even talk about LISP? The possible answers here are numerous :
If you want to become part of the internet and become a full AS with an ISP, you must “own” a full public Class C public IP address range
1. To perform a full adjacency with an ISP and become a transient AS, you must have routers that can pro-cess the 400K+ routes that currently make the internet. Here we are talking Cisco’s ASR class, nothing less.
2. You and your staff must have in-depth knowledge of BGP since you can make mistakes that may hinder the performance of the ISPs connected to you. If you make too many mistakes, your BGP privileges will be revoked; uplinks may be shut down, etc.
There are more examples but these are always the main ones that I share when customers want to talk BGP with me. Even if they are only going to be multi-homed and do not necessarily want to become a transient network, they need equipment in point 2 to make this work because what you ultimately want is to have your edge routers make the best decision to forward your egress traffic to the Internet based on the destination that you are trying to reach (Figure 2).
Suboptimal BGP routing
Some companies that still choose to embark on the BGP adventure end up hiring consultants to help them de-sign their BGP infrastructure. Once the network is built, consultants leave and network engineers must manage the network moving forward. Fine tuning may be required when there is an imbalance on certain BGP configu-rations where one link is always preferred over another to reach a specific site. If this site is your secondary data center or secondary location, this becomes suboptimal because you are not using all the bandwidth between your connected sites.
Let’s learn more about the main advantages LISP provides.
LISP Advantage #1
Simplicity over BGP
Let’s make a quick comparison between LISP and BGP. Let’s say you need to reach www.globalknowledge. com to enroll for your next class. You will go to a DNS server, which will tell you that the www A record for globalknowledge.com point to ip address 1.1.1.1 . Your end host will then consult your default gateway (router), which will then consult your local BGP table that indicated that 1.1.1.1 is held by GK-AS1 that encompasses the entire 1.1.1.0/24 subnet, two routes ( for example ) are offered via ISP A with a metric of X and via ISP B with a metric of Y. The “lowest cost” metric will be used to get there and, more than likely, the same path will be used for subsequent interactions with the site. Not only that, the folks at Global Knowledge cannot move “www” around because it belongs to a specific AS in a specific subnet.
With LISP, the same process would work almost the same except that a LISP-enabled router , in this case an ETR, would catch your outbound request and consult a MAP server (MS) to find out which site holds 1.1.1.1 at this moment, almost in the same fashion as DNS. The MS holds RLOC-to-EID mappings and returns an “answer” to the ETR. The ETR can now make a forwarding decision to the site based on RLOC priorities and weights. The MS router could also indicate that the site is a non-LISP site, and you could continue forwarding the traffic without the benefits at this point.
What can I do with LISP?
Think about this: You run a multi-site insurance company. Each site is multi-homed for redundancy and band-width aggregation purposes. Your site HQ has an MS router and two ITR/ETRs to connect to the transient net-work (Internet ). Your other site also has two ITR/ETRs to connect to the Internet. All the end hosts of the remote site are registered as EIDs to the site’s ITR/ETR routers which then register their router for the MAP server at HQ.
If someone at HQ wants to reach the remote site’s HOST A, a query is made to the MS, which identifies the proper RLOC for the host. RLOC says to go to “remote site” to find the host. (See Figure 3.) Metrics are then compared to find the best path (priority/weight) for the “remote site”. If the metrics are equal, LISP will use a 5 tuple hash per flow to encapsulate your traffic to a specific router. This is big: it’s almost like creating a giant port channel between two sites across the Internet!
Figure 3 (Source: cisco.com)
LISP Advantage #2
Load Balancing
Now, I will up the ante by telling you that this will work great with multi-homed sites where one or more links come up with DHCP addresses on the WAN side. Yes, one for your branches has a primary fixed Metro Ethernet circuit with a DSL backup. When the DSL interface comes online, it will “call home” to the MS router and an-nounce itself as SITE B with a new dynamic WAN address of X. Now you can keep track of your moving target sites without having to resort to a complicated DMVPN solution. You will probably prefer to use the Metro-Eth-ernet WAN circuit with your metrics and leave the DSL to some default metric or worse, if necessary. When your primary fails, no one notices (at least at the routing level). Even if both WAN links are on DHCP addresses, it still doesn’t matter to LISP. Just call home and register your site ID. Did someone say Dynamic DNS for networks? Due to the 5 tuple hash per flow method discussed above, your imbalance in routing between sites is greatly reduced. More importantly, LISP places you back in the driver’s seat because you control the metrics between your sites regardless of the metrics advertised by your ISPs at the BGP level. Almost as with Link Aggregation Control Protocol (LACP) does with Layer 2 port channels; you can control the hashing methods used by your multi-homed sites to send traffic to one another. In case of a link failure, the other link via your secondary ITR/ ETR router will be used seamlessly.
LISP Encapsulation
ITR and ETR routers are responsible to encapsulate data between the sites. Since we are now decoupling host IDs from Site IDs; the conversation in the “cloud” must be between sites, not between hosts. Once the traf-fic leaves one of your sites on a LISP to LISP router conversation, the destination and source addresses reflect the ones of your routers, not the hosts. This provides a certain level of simplicity and security. I am not going to discuss the security aspect of LISP in this white paper but just know that it can be used for multipoint VPNs.
IPv6
Since the above mentioned encapsulation is taking place, this would fit into a solution where your sites are on IPv6 and the middle network is IPv4. Remember, conversations are from site to site now, not host to host. (See Figure 4.)
Figure 4 (Source: cisco.com)
LISP Advantage #3
Mobility
One of the great advantages with LISP is the ability to understand mobility. In an earlier white paper I wrote about Overlay Transport Protocol (OTV) [http://www.globalknowledge.com/training/whitepaperdetail.asp?pag eid=502&wpid=891&country=United+States], we discussed joining two geographically disconnected sites at Layer 2, making the same Layer 3 subnet span two locations. We explored the new-found possibility to use vMo-tion to migrate a VM with an IP of 2.2.2.2 from one site to another without losing a beat since our OTV routers (Nexus 7000) kept their mac address tables synchronized to see which site currently has this MAC address and transmit across the Overlay network.
pied, making the traffic cross the Overlay network twice. Back then, we suggested a load balancer and other /32 route injection methods, but now LISP makes things much simpler since ITR/ETRs can be made aware of vMotion and other mobility activities, and notify the MS server. Therefore, RLOCs can be updated on the fly so ingress traffic may follow the hosts as they move around. Cisco is very proud of this and this is why they say that LISP can “route the cloud”. (See Figure 5.)
Figure 5 (Source: Cisco.com)
Conclusion
There are clearly some great advantages to using LISP as opposed to BGP when presented with topologies where you control multiple sites and leverage dual internet circuits. Plus with LISP, it is possible to route to external sites using the ever growing LISP community by visiting www.lispv4.net and www.lispv6.net.
Learn More
To learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge, Global Knowledge suggests the following courses:
DCNX7K - Configuring Cisco Nexus 7000 Switches v2.0
Visit www.globalknowledge.com or call 1-800-COURSES (1-800-268-7737) to speak with a Global Knowledge training advisor.
