1 / 15

New LISP Mapping System: LISP- DDT Presentation to LNOG Darrel Lewis on behalf of the LISP TEAM

New LISP Mapping System: LISP- DDT Presentation to LNOG Darrel Lewis on behalf of the LISP TEAM. The Story So Far. ALT was a really nice starting point because the development effort was minimal Separated the location of the mapping from the mapping itself

season
Download Presentation

New LISP Mapping System: LISP- DDT Presentation to LNOG Darrel Lewis on behalf of the LISP TEAM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New LISP Mapping System:LISP-DDTPresentation to LNOGDarrel Lewis on behalf of the LISP TEAM

  2. The Story So Far • ALT was a really nice starting point because the development effort was minimal • Separated the location of the mapping from the mapping itself • Lack of the use of caching was seen as a feature in enabling mobility • Some growing pains have appeared (more later) • The interface to this mapping system is really key • MR/MS has benefits

  3. Some current issues with the ALT • Who runs the ALT network? • What’s the business model? • Should it be rooted at/run by the RIRs? • Who assigns infrastructure AS/Tunnel IPs • How do we administer all these GRE/IPsec tunnels? • Why do this for an Enterprise deployment • How can we update xTRs • Why use a routing protocol and all that • we are using 1% of the features • GRE tunnels are overkill for carrying only map-requests • Traceroute over the ALT has always been troublesome

  4. Duplicate Everything, Per VRF? xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs • It _seems_ logical • But to quoteJesper: • “That’s Mad” xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs ALT ALT ALT ALT ALT xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs ALT ALT ALT ALT ALT ALT ALT ALT ALT ALT MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs ALT ALT ALT ALT ALT xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs MS/MRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs xTRs Legend: LISP Sites -> green 1st layer access infrastructure -> blue 2nd layer core infrastructure -> red

  5. LISP+ALT-IID=0(that is, LISP-DDT)

  6. LISP DDT • LISP Delegated Database Tree • Hierarchy for Instance IDs and for EID Prefixes • DDT Nodes are pre-configured with delegations • DDT Map-Resolvers sends (ECM) Map-Requests • DDT Nodes Return Map-Referral messages • DDT Resolvers resolve the Map-Server’s RLOC iteratively • Replacement for LISP-ALT • Increased Flexibility - Supports LISP Instance IDs, etc. • Simplified Operations • ITRs and ETRs don’t change

  7. LISP DDT Map Resolvers • DDT Map Resolvers • Cache Map Requests from ITRs • Query the DDT hierarchy iteratively • Detect Loops/Delegation Errors • Resolve the location of the DDT Map-Server • DDT Map Resolvers thus have state: • Referral Cache • Map-Request Queue

  8. LISP DDT Referrals & Their Actions • ‘Positive’ Referrals are used to discover a DDT-node’s RLOC for a given EID Prefix • Type 0, NODE-REFERRAL • Type 1, MS-REFERRAL • Type 2, MS-ACK • ‘Negative’ referrals are used to indicate other actions: • Type 3, MS-NOT-REGISTERED • Type 4, DELEGATION-HOLE • Type 5, NOT-AUTHORITATIVE

  9. Configuration and Setup DDT-Node Root 1 0.0.0.0/0 IID=0 Setup & Configuration 1) MR configured with Root, or MS1, RLOC DDT-Node 2 10.0.0.0/8 IID=0 2) DDT-1, DDT2, DDT-3, DDT/MS-4 configured children with child prefixes, and authoritative prefixes Ex. DDT-2 Delegates child 10.1.0.0/16 to MS3 DDT-2 configured authoritative for 10/8 in IID0 1 3) ETR is registering its EID to the Leaf MS 2 DDT Node 3 10.1.0.0/16 IID=0 MS DDT-Node 4 10.1.0.0/24 IID=0 Static Delegation Hierarchy MR 3 ETR-MS Registration Map Request ETR 10.1.0.0/24 Map Referral Map Reply

  10. First Request Packet Flow Map Request, Referral, & Reply DDT-Node Root 1 0.0.0.0/0 1) ITR sends MRQ to MR via ECM 2) MR sends Iterative-MRQ to its statically configured Root DDT-Node via ECM-Like-packet DDT Node 2 10.0.0.0/8 3) MS1 Sends a Map Referral to MR informing the MR who is the next DDT-Node (2) to try 3 2 4) MR repeats steps 2 & 3 until it gets to leaf MS/DDT-Node which has the registered ETR (DDT-4) DDT Node 3 10.1.0.0/16 5) DDTNode-4 sends Map-Referral to MR with done bit set 4 6) MS (DDT-4) receives, processes MR and fwd to ETR 7) ETR sends Map-Reply to the ITR DDT-Node-4 MS 10.1.0.0/24 Static Delegation Hierarchy 5 1 MR 6 ETR-MS Registration Map Request ETR 10.1.0.0/24 Map Referral 7 ITR Map Reply

  11. Steady State DDT 1 0.0.0.0/0 Once MR’sReferal-Cache is Populated MRQ in ECM arrives on MR MR sends MRQ in ECM (possibly double encaped if lisp-sec is used to secure referal path) to Cache’d Leaf-Map-Server (MS-4) MS decaps ECM and then sends Map-Request in new ECM to ETR MS also sends a Map-Referal with Done Bit set back to MR ETR sends Map-Reply to ITR DDt 2 10.0.0.0/8 DDT 3 10.1.0.0/16 DDT-4 MS 10.1.0.0/24 2 Static Delegation Hierarchy 1 MR 3 ETR-MS Registration Map Request 4 ETR 10.1.0.0/24 Map Referral ITR Map Reply

  12. DDT Implementation Status • IOS and NXOS implementations complete • Development, and interoperability testing going on now • Beta Network running DDT code • Configuration is pretty simple • Does not include proposed DDT-SEC extensions

  13. DDT Beta (IID0) Network Deployment Iota- root Servers Other DDT Roots IID * EID: * root-verisign.ddt-root.org mu-ddt-root.org Cisco’s DDT Roots: (Iota-Root) IID: * EID: * arin-ddt.rloc.lisp4.net ripe-ddt.rloc.lisp4.net vxnet-ddt.rloc.lisp4.net DDT Beta- Network TLDs IID 0 v4-EID: 153.16.0.0/16 v6-EID: 2610:D0/32 uninett-ddt.rloc.lisp4.net sj-ddt.rloc.lisp4.net msn-ddt.rloc.lisp4.net ARIN-Region RIPE- Region LACNIC-Region Beta Network DDT TLD AP-Region asp-isis MR/MS: EID Aggregates:153.16.128.0/19 2610:D0:5000::/36 lacnic-mr-ms MR/MS: EID Aggregates: 153.16.0.0/19 2610:D0:1000::/36 2610:D0:FACE::/48 153.16.21.0/24 TO MN 153.16.22.0/24 TO MN isc-mr-ms asp-mr-ms cisco-sjc-mr-ms1 eqx-ash-mr-ms MR/MS: EID Aggregates:153.16.64.0/19 2610:D0:3000::/36 apnic-mr-ms MR/MS: EID Aggregates: 153.16.32.0/19 2610:D0:2000::/36 l3-london-mr-ms tdc-mr-ms intouch-ams-mr-ms intouch-ams-mr-ms MR/MS’s 153.16.21/24 153.16.22/24 2610:d0:1219::/48 2610:d0:120e::/48 asp-isis isc-isis intouch-isis Mobile Node Region DDT Node with ‘child referrals’ Static Delegation Hierarchy

  14. LISP DDTRoot Operations • DDT Root is expected to be neutral (vendor and provider agnostic) • http://ddt-root.org • set up non profit for ddt operations/administration? • Current DDT efforts are community based

  15. Wrap Up • Questions?

More Related