Locator/ID Separation Protocol (LISP) · 2019-07-22 · Locator/ID Separation Protocol (LISP)...
Transcript of Locator/ID Separation Protocol (LISP) · 2019-07-22 · Locator/ID Separation Protocol (LISP)...
Locator/ID Separation
Protocol (LISP) Damien Saucez*
FRNOG 18, December 2th, 2011INRIA Sophia Antipolis
* special thanks to Olivier Bonaventure, Luigi Iannone and Dino Farinacci
Disclaimer
• Not a vendor
• Not an operator
• LISP will not solve all the problems
➡ try to stay with the facts (now)
2
Agenda
• Why Separating Identifiers from Locators?
• Locator/ID Separation Protocol (LISP)
• LISP Use Case
• Open Questions
3
Bad Traffic Engineering
• Outgoing TE is ok
• Incoming TE is not can be hard, only tricks (BGP, DNS, NAT)
• Scalability issues
• Table size (Memory)
• Churn (CPU)
5
The IP Schizophrenia
• The IP addresses currently used by endhosts play two complementary roles
• Identifier role: the IP address identifies (with port) the endpoint of transport flows
• Locator role: the IP address indicates the paths used to reach the endhost
• these paths are updated by routing protocols after each topology change
6
The Locator/Identifier Separation
• Today, changing the locator means changing the identifier, breaking the pending flows
• Separating the locator and the identifier roles to avoid breaking the flows
• Host-based approach
• Network-based approach
7
Host-based Loc/ID split• Roles
• Translates the packets so that
• Transport layer only sees the host identifier
• Network layer only sees locators
• Manages the set of locators
• Switches from one locator to another upon move or after link failure
• Hosts maintain flow state
Transport layer
Network layer
8 [HIP, ILNP, shim6, Six/One, MPTCP(?)]
Host-based Loc/ID split• Roles
• Translates the packets so that
• Transport layer only sees the host identifier
• Network layer only sees locators
• Manages the set of locators
• Switches from one locator to another upon move or after link failure
• Hosts maintain flow state
Transport layer
Network layer
Identifier: Ia
8 [HIP, ILNP, shim6, Six/One, MPTCP(?)]
Host-based Loc/ID split• Roles
• Translates the packets so that
• Transport layer only sees the host identifier
• Network layer only sees locators
• Manages the set of locators
• Switches from one locator to another upon move or after link failure
• Hosts maintain flow state
Transport layer
Network layerLocators: {Ra, Rb}
Identifier: Ia
8 [HIP, ILNP, shim6, Six/One, MPTCP(?)]
Host-based Loc/ID split• Roles
• Translates the packets so that
• Transport layer only sees the host identifier
• Network layer only sees locators
• Manages the set of locators
• Switches from one locator to another upon move or after link failure
• Hosts maintain flow state
Transport layer
Network layerLocators: {Ra, Rb}
Specific shim layerIdentifier: Ia
8 [HIP, ILNP, shim6, Six/One, MPTCP(?)]
Network-based Loc/ID split• Host’s IP stack unchanged
• Each host has one stable IP address
• Used as identifier
• Not globally routable
B/b
A/a
a.1.2.3
b.4.5.6
C/c
Transport layer
Network layer
c.7.8.9
A/a
B/b
9
Network-based Loc/ID split• Host’s IP stack unchanged
• Each host has one stable IP address
• Used as identifier
• Not globally routable
B/b
A/a
a.1.2.3
b.4.5.6
C/c
Transport layer
Network layer
c.7.8.9
A/a
B/b
Locators for C/c: a.1.2.3, b.4.5.6 9
• Each edge router owns
• Globally routable addresses
• Used as locators
• Mapping mechanism is used to find locators associated to one identifier
• Packets from hosts are modified at the edge before being sent on Internet
Benefits of Identifier and Locator separation*
• Reduction of the DFZ routing table size
• No provider lock-in
• More traffic control and cost-effective multihoming
• Mobility
10 * in theory
Design Goals*• No end-systems (hosts) changes (1)
• Minimize required changes to the Internet infrastructure (2) and the number of routers which have to be modified (5)
• Avoid or minimize packet loss when EID-to-RLOC mappings need to be performed (7)
• Be incrementally deployable (3)
• No router hardware change (4) and minimize router software changes (6)
12 *explicitly stated until -08
LISP Philosophy• Split the IP address space in two at the border routers
• Endpoint IDentifiers (EID)
• identify end-systems and edge routers
• non-globally routable
• end systems in a site share the same EID prefix
• Routing LOCators (RLOC)
• attached to core routers (router interfaces)
• globally routable
• Use Map-and-Encap to glue the two spaces
13
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
dst: cafe
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
dst: cafe
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
dst: cafe
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
Map-Request:2001:DB8B::cafe?
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
dst: cafe
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56Map-Reply:
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
dst: cafe
3.2.2.1
1.1.1.1
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
dst: cafe
3.2.2.1
1.1.1.1
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
dst: cafe2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
14
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
dst: cafe
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
Endpoint Identifiers (EID)Endpoint Identifiers (EID)
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
Routing Locators (RLOC)Routing Locators (RLOC)Routing Locators (RLOC)Routing Locators (RLOC)
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
Ingress Tunnel Routers (ITR)Ingress Tunnel Routers (ITR)
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
Egress Tunnel Routers (ETR)Egress Tunnel Routers (ETR)
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
EID-to-RLOC database
LISP in a nutshell
15
2.2.2.1
3.2.2.1
2001:DB8A::beef
2001:DB8B::cafe
AS21/8
AS43/8
AS32/8
1.1.1.1
2.1.1.1
AS52001:DB8B::/56
AS12001:DB8A::/56
ETR
ETR
ITR
ITR
2.2.2.1 2 100%3.2.2.1 1 100%
2001:DB8B::/56 60
1.1.1.1 1 75%2.1.1.1 1 25%
2001:DB8A::/56 1440
Mapping System
Terminology
16
• Ingress Tunnel Router (ITR): a router which accepts a packet which addresses are identifiers. The router maps the destination address of the packet to an RLOC and prepends a LISP header before forwarding the encapsulatedpacket.
• Egress Tunnel Router (ETR): a router which accepts a LISP encapsulated packet. The router strips the LISP header and forwards the packet based on the next header
Terminology
• EID-to-RLOC Database: a globally distributed database that contains all known EID-prefix to RLOC mappings
• LISP Cache: EID-to-RLOC Database stored at the ITR
• LISP Database: EID-to-RLOC Database stored at the ETR
17
Data-plane packets
19
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Enca
psul
atin
gEn
caps
ulat
ed
Fixed Destination Port: 4341
(IP(UDP:4341(LISP(XXX))))
Possible virtualization with Instance ID
Data-plane packets
19
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Enca
psul
atin
gEn
caps
ulat
ed
Source/Destination LocatorsSrc/Dst Locators:
IPv4 or IPv6
Fixed Destination Port: 4341
(IP(UDP:4341(LISP(XXX))))
Possible virtualization with Instance ID
Source/Destination Locators
Src/Dst Identifiers:IPv4 or IPv6 or ...
RLOC AFI independent!
Control Plane Packets
• Map-Request (ITR => MR/ETR)
• request for a mapping
• Map-Reply (ETR/MS => ITR)
• provides the mapping requested by a Map-Request
• Map-Register (ETR => MS)
• register a mapping to the mapping system
• Map-Notify (MS => ETR)
• confirm a mapping registration 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 or IPv6 Header | | (uses RLOC addresses) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4342 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ LCM | LISP Control Message | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
20
(IP(UDP:4342(LISP_control)))
What is in a mapping?
21
+-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Record TTL | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ R | Locator Count | EID mask-len | ACT |A| Reserved | e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ c | Rsvd | Map-Version Number | EID-prefix-AFI | o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ r | EID-prefix | d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | /| Priority | Weight | M Priority | M Weight | | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | o | Unused Flags |L|p|R| Loc-AFI | | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | \| Locator | +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
• A mapping associates an EID prefix to a list of RLOC of arbitrary AFI
• Each RLOC receives a priority and a weight
• L4-flows are balanced between RLOCs of same priority, proportionally to the weight
• Mappings can be empty to announce holes
• Mappings are time limited
Mapping DatabaseLISP+ALT eBGP overlay
Mapping Database modularity
23
ITR ETR
MR MS
192.0.2.0/24
LISP+ALT IS-IS overlay
Mapping DatabaseLISP+ALT eBGP overlay
Mapping Database modularity
23
ITR ETR
MR MS
192.0.2.0/24
LISP+ALT IS-IS overlayDHT
Mapping DatabaseLISP+ALT eBGP overlay
Mapping Database modularity
23
ITR ETR
MR MS
192.0.2.0/24
LISP+ALT IS-IS overlayDHTDNS-based
Mapping DatabaseLISP+ALT eBGP overlay
Mapping Database modularity
23
ITR ETR
MR MS
192.0.2.0/24
LISP+ALT IS-IS overlayDHTDNS-based
LISP-DDT
Mapping Registration
24
ITR ETR
MR MS
LISP+ALT eBGP overlay
11. Map-Register:192.0.2.0/24, ETR
192.0.2.0/24
Mapping Registration
24
ITR ETR
MR MS
LISP+ALT eBGP overlay
11. Map-Register:192.0.2.0/24, ETR
192.0.2.0/24
2
2. BGP Update192.0.2.0/24
Mapping Registration
24
ITR ETR
MR MS
LISP+ALT eBGP overlay
11. Map-Register:192.0.2.0/24, ETR
192.0.2.0/24
2
2. BGP Update192.0.2.0/24
33. Map-Notify:
192.0.2.0/24, ETR
LISP+ALT eBGP overlay
Mapping retrieval
25
ITR ETR
MR MS
192.0.2.0/241
1. Packet to192.0.2.42
22. Map-Request for192.0.2.42
to 192.0.2.42Encapsulated to MR
LISP+ALT eBGP overlay
Mapping retrieval
25
ITR ETR
MR MS
192.0.2.0/241
1. Packet to192.0.2.42
22. Map-Request for192.0.2.42
to 192.0.2.42Encapsulated to MR
3
3. Map-Request for192.0.2.42to 192.0.2.42
LISP+ALT eBGP overlay
Mapping retrieval
25
ITR ETR
MR MS
192.0.2.0/241
1. Packet to192.0.2.42
22. Map-Request for192.0.2.42
to 192.0.2.42Encapsulated to MR
3
3. Map-Request for192.0.2.42to 192.0.2.42
4
4. Map-Request for192.0.2.42to 192.0.2.42
Encapsulated to ETR
LISP+ALT eBGP overlay
Mapping retrieval
25
ITR ETR
MR MS
192.0.2.0/241
1. Packet to192.0.2.42
22. Map-Request for192.0.2.42
to 192.0.2.42Encapsulated to MR
3
3. Map-Request for192.0.2.42to 192.0.2.42
4
4. Map-Request for192.0.2.42to 192.0.2.42
Encapsulated to ETR
5
5. Map-Reply:192.0.2.0/24, ETR
Interworking LISP
26
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/24PITR
198.51.100.0/24
PETR
Non-LISP to LISP
27
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/16PITR
198.51.100.0/24
PETR
Non-LISP to LISP
27
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/16PITR
198.51.100.0/24
1
1. Packet to153.16.35.42
PETR
Non-LISP to LISP
27
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/16PITR
198.51.100.0/24
1
1. Packet to153.16.35.42
2
2. Packet to 153.16.35.42Encapsulated toxTR-damien
PETR
Non-LISP to LISP
27
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/16PITR
198.51.100.0/24
1
1. Packet to153.16.35.42
2
2. Packet to 153.16.35.42Encapsulated toxTR-damien
3 3. Packet to153.16.35.42
PETR
LISP to non-LISP
28
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/16PITR
198.51.100.0/24
PETR
LISP to non-LISP
28
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/16PITR
198.51.100.0/241 1. Packet to
198.51.100.42
PETR
LISP to non-LISP
28
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/16PITR
198.51.100.0/24
2
2. Packet to 198.51.100.42Encapsulated to PETR
1 1. Packet to198.51.100.42
PETR
LISP to non-LISP
28
xTR-damien
153.16.35.0/24
BGP update:153.16.0.0/16
xTR-luigi
153.16.34.0/16PITR
198.51.100.0/24
3
3. Packet to198.51.100.42
2
2. Packet to 198.51.100.42Encapsulated to PETR
1 1. Packet to198.51.100.42
PETR
Low OpEx site multihoming
• Basic LISP feature
30 2.2.2.1
3.2.2.1
ETR-A
ETR-B
2001:DB8:F::1
192.0.2.0/24
Low OpEx site multihoming
• Basic LISP feature
• ETR-A Primary, ETR-B Backup (IPv6 just in case...)
• 3.2.2.1, prio: 1, weight: 100• 2.2.2.1, prio: 10, weight: 100• 2001:DB8:F:11, prio 100, weight: 100
30 2.2.2.1
3.2.2.1
ETR-A
ETR-B
2001:DB8:F::1
192.0.2.0/24
Low OpEx site multihoming
• Basic LISP feature
• ETR-A Primary, ETR-B Backup (IPv6 just in case...)
• 3.2.2.1, prio: 1, weight: 100• 2.2.2.1, prio: 10, weight: 100• 2001:DB8:F:11, prio 100, weight: 100
• ETR-A: 60%, ETR-B: 40% (IPv6 just in case...)
• 3.2.2.1, prio: 1, weight: 60• 2.2.2.1, prio: 1, weight: 40• 2001:DB8:F:11, prio 99, weight: 100
30 2.2.2.1
3.2.2.1
ETR-A
ETR-B
2001:DB8:F::1
192.0.2.0/24
IPv6/IPv4 coexistence
31
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
BGP update:2001:DB8:A::/56
2001:DB8:F::/56
IPv6/IPv4 coexistence
31
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
1 1. Packet to2001:DB8:F::1
BGP update:2001:DB8:A::/56
2001:DB8:F::/56
IPv6/IPv4 coexistence
31
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
2
2. Packet to 2001:DB8:F::1Encapsulated to PxTR
1 1. Packet to2001:DB8:F::1
BGP update:2001:DB8:A::/56
2001:DB8:F::/56
IPv6/IPv4 coexistence
31
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
2
2. Packet to 2001:DB8:F::1Encapsulated to PxTR
1 1. Packet to2001:DB8:F::1
BGP update:2001:DB8:A::/56
3
3. Packet to2001:DB8:F::1
2001:DB8:F::/56
IPv6/IPv4 coexistence
32
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
BGP update:2001:DB8:A::/56
2001:DB8:F::/56
IPv6/IPv4 coexistence
32
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
BGP update:2001:DB8:A::/56
1
1. Packet to2001:DB8:A::42
2001:DB8:F::/56
IPv6/IPv4 coexistence
32
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
BGP update:2001:DB8:A::/56
1
1. Packet to2001:DB8:A::42
2001:DB8:F::/562
2. Packet to 2001:DB8:A::42Encapsulated to xTR
IPv6/IPv4 coexistence
32
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
2 3. Packet to2001:DB8:A::42
BGP update:2001:DB8:A::/56
1
1. Packet to2001:DB8:A::42
2001:DB8:F::/562
2. Packet to 2001:DB8:A::42Encapsulated to xTR
IPv6/IPv4 coexistence
32
xTR
192.0.2.0/242001:DB8:A::/56
IPv6
PxTR
BGP update:2001:DB8:A::/56
2001:DB8:F::/56
Multi-tenant VPN
xTR
192.0.2.128/25
xTR_S
Sales R&D
192.0.2.128/25
xTR_RD
R&D
192.0.2.0/25
192.0.2.0/25
Sales
VLAN69
VLAN42
33
Multi-tenant VPN
xTR
192.0.2.128/25
xTR_S
Sales R&D
192.0.2.128/25
xTR_RD
R&D
192.0.2.0/25
192.0.2.0/25
Sales
VLAN69
VLAN42
33
VRF R&D:instance-id: 24192.0.2.128/25: xTR_RD
VRF Sales:instance-id 96192.0.2.128/25: xTR_S
Multi-tenant VPN
xTR
192.0.2.128/25
xTR_S
Sales R&D
192.0.2.128/25
xTR_RD
R&D
192.0.2.0/25
192.0.2.0/25
Sales
VLAN69
VLAN42
33
VRF R&D:instance-id: 24192.0.2.128/25: xTR_RD
VRF Sales:instance-id 96192.0.2.128/25: xTR_S
11. Packet to
192.0.2.42
Multi-tenant VPN
xTR
192.0.2.128/25
xTR_S
Sales R&D
192.0.2.128/25
xTR_RD
R&D
192.0.2.0/25
192.0.2.0/25
Sales
VLAN69
VLAN42
33
VRF R&D:instance-id: 24192.0.2.128/25: xTR_RD
VRF Sales:instance-id 96192.0.2.128/25: xTR_S
11. Packet to
192.0.2.42
2
2. Packet to 192.0.2.42Encapsulated to xTR, instance-id: 96
Multi-tenant VPN
xTR
192.0.2.128/25
xTR_S
Sales R&D
192.0.2.128/25
xTR_RD
R&D
192.0.2.0/25
192.0.2.0/25
Sales
VLAN69
VLAN42
33
VRF R&D:instance-id: 24192.0.2.128/25: xTR_RD
VRF Sales:instance-id 96192.0.2.128/25: xTR_S
11. Packet to
192.0.2.42
2
2. Packet to 192.0.2.42Encapsulated to xTR, instance-id: 96
3
3. Packet to192.0.2.42VLAN 69
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
192.0.2.42/32198.51.100.69/32
203.0.113.0/24
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
1. Map-Register:192.0.2.42/32,198.51.100.69
1
198.51.100.0/24
192.0.2.42/32198.51.100.69/32
203.0.113.0/24
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
192.0.2.42/32198.51.100.69/32
203.0.113.0/24
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
192.0.2.42/32198.51.100.69/32
2
2. Map-Request for192.0.2.42
203.0.113.0/24
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
192.0.2.42/32198.51.100.69/32
203.0.113.0/24
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
192.0.2.42/32198.51.100.69/32
33. Map-Reply:
192.0.2.42/32, 198.51.100.69
203.0.113.0/24
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
192.0.2.42/32198.51.100.69/32
203.0.113.0/24
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
192.0.2.42/32198.51.100.69/32
203.0.113.0/24
BGP 192.0.2.0/24
192.0.2.42/32
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
203.0.113.0/24
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
203.0.113.0/24
192.0.2.42/32203.0.113.66/32
1’
1’. Map-Register:192.0.2.42/32,203.0.113.66
2’
2’. Change notification:192.0.2.0/24, 203.0.113.66
BGP 192.0.2.0/24
LISP Mobile Nodes
34
MR MS
LISP+ALT eBGP overlay
198.51.100.0/24
203.0.113.0/24
192.0.2.42/32203.0.113.66/32
Network Resiliency
• Today, preserving the prefixes reachability is mainly performed locally
• In LISP, the legacy Internet is EID agnostic
• Recovery only once ITR discover ETR failure
• ITR periodically probes RLOCs
• Important part of LISP WG’ new charter
36
Network Security
• Who control the mappings control the traffic
• Denial of service
• Eavesdropping
• ...
• Firewalls? DPI?
• Important part of LISP WG’ new charter
37
Summary
39
• LISP uses map-and-encap to separate IP’s ID and locator roles
• Improve network multi-homing
• Transparent for the end-users
• Incrementally deployable
• Mobility support
• See you @ 5:55 pm for a configuration hands on (possible to play with live routers)
Bibliography
40
• draft-ietf-lisp
• draft-ietf-lisp-alt
• draft-fuller-ddt
• draft-ietf-lisp-ms
• draft-ietf-lisp-map-versioning
• draft-ietf-lisp-mn
• draft-ietf-lisp-lig
• draft-ietf-lisp-threats
• draft-ietf-lisp-sec
• draft-farinacci-lisp-lcaf
• Jackab et al., LISP-TREE: A DNS Hierarchy to Support the LISP Mapping System
• Iannone and Bonaventure, On the cost of caching locacor/ID mappings
• Kim et al, A Deep Dive into the LISP Cache and What ISPs Should Know about It
• Ohmori et al, Analyses on First Packet Drops of LISP in End-to-End Bidirectional Communications
• www.lisp4.net
LISP Philosophy 2/2
• Follows the Map-and-Encap principle
• a mapping system maps EID prefixes onto site router’s RLOCs
• ITR routers encapsulate the packets received from end systems before sending them toward the destination RLOC
• ETR routers decapsulate the packets received from the Internet before sending them towards the destination end system
43
LISP is over UDP
• UDP to traverse firewalls/NAT, limit the impact of ECMP hashing on reordering...
• Source port is random
• but per-flow source port is recommended
• Destination port is fixed to 4341
• Checksum is important if IPv6 RLOCs
44
Locator Status Bits• A vector of 32 bits (L bit set to 1 if LSB is present)
• Each source locator is mapped to one position in the vector
if locator_status_bit[i] = 1
RLOC i is reachable
else
RLOC i is not reachable
• Each RLOC has an implicit position in the LSB
• How to set the bit? What is her meaning?
45
NERD• The only proposed push model
• Composed of 4 parts
• a network database format;
• a change distribution format;
• a database retrieval/bootstrapping method;
• a change distribution method
• Principles
• An authority computes the mapping database based on the stored registrations
• The database signed by the authority is stored on servers
• ITR poll regularly the database servers to update their own mapping database
48
LISP+ALT• An pull model mapping system
• A mapping mechanism that relies on an alternate topology to distribute mapping requests to mapping servers
• LISP ITR routers sending mapping request messages to ALT routers
• ALT routers forward those mapping messages between themselves on an overlay topology built by using GRE tunnels
50
LISP+ALT
• BGP announces where the mappings can be found
• Map-Requests are forwarded on the ALT
• Map-Replies are forwarded on the legacy Internet (directly sent to the ITRs’ RLOC)
• ! BGP does not give the mappings !
51
LISP+ALT issues
• Complex system with tunnels, BGP protocol (no discussion about policies), ...
• Still relies on lots of error-prone manual configuration
• Scalability will depend on whether aggregation will be possible
• If mapping requests are lost due to congestion, difficult to diagnose the problem or send them via another path
• Security needs to be studied
53
LISP+ALT, big question
• How to deploy it?
• aggregation vs recovery vs TE
• how to cache the mappings?
54
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
a.1.2.3
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
a.1.2.3
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
Status bits = 11000...0
PAYLOAD
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
a.1.2.3
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
Status bits = 11000...0
PAYLOAD
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
a.1.2.3
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
a.1.2.3
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
Status bits = 11000...0
PAYLOAD
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
a.1.2.3
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
Status bits = 11000...0
PAYLOAD
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
a.1.2.3
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
Status bits = 01000...0
PAYLOAD
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
Status bits = 01000...0
PAYLOAD
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
C/c a.1.2.3, p=1>b.1.2.3, p=2
Status bits = 01000...0
PAYLOAD
55
Solving the reachability problem with the locator status bits
• ETR2 notices the failure and informs all ITRs to which it is sending LISP encapsulated packets by setting the reachability bit of ETR1 to 0
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
C/c a.1.2.3, p=1>b.1.2.3, p=2
55
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
a.1.2.3
b.1.2.3
C/cETR1
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
SMR =1
Map-Request
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
SMR =1
Map-Request
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
nonce = 1234
Map-Request
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
nonce = 1234
Map-Request
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
nonce = 1234
Map-Reply
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
nonce = 1234
Map-Reply
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
nonce = 1234
Map-Reply
C/c>b.1.2.3, p=1
56
Solving the reachability problem with the SMR bit
• ETR1 has been decommissioned and ETR2 wants that all the sites currently sending encapsulated data to itself update the mapping
b.1.2.3
C/c
ETR2
ITR
C/c>a.1.2.3, p=1 b.1.2.3, p=2
C/c>b.1.2.3, p=1
56
Solving the reachability problem with the Echo-Nonce Algorithm
• xTR I wants to know if the RLOC she uses to reach ETR E is reachable:
• generate a nonce n when encap to E
• set E=1
• Next time E sends a packet to I, she sets the nonce to n
• If I receives the nonce within a given time, she considers the RLOC reachable, otherwise E is considered unreachable
57
The reachability problem
• Today, preserving the prefixes reachability is mainly performed locally
• In LISP, the legacy Internet is EID agnostic
•
58
A/a
The reachability problem in today’s Internet
A/a
A/aA/a
A/aA/a
• In today’s Internet, routing protocols converge after a link failure to ensure that multihomed prefixes such as A/a remain reachable
59
A/a
The reachability problem in today’s Internet
A/aA/a
A/a
• In today’s Internet, routing protocols converge after a link failure to ensure that multihomed prefixes such as A/a remain reachable
59
The reachability problem in a LISP-based Internet
B/b
A/aA/aB/b
a.1.2.3
b.1.2.3
C/c>a.1.2.3, p=1 b.1.2.3, p=2
• Upon failure of ETR1, A continues to advertise A/a via BGP
• How can ITR notice that ETR1 failed and that ETR2 should be used instead?
ETR1
ETR2
A
BITR
60
A/a
B/bC/c
The reachability problem in a LISP-based Internet
B/b
A/aA/aB/b
b.1.2.3
C/c>a.1.2.3, p=1 b.1.2.3, p=2
• Upon failure of ETR1, A continues to advertise A/a via BGP
• How can ITR notice that ETR1 failed and that ETR2 should be used instead?
ETR2
A
BITR
60
A/a
B/bC/c
Solving the reachability problem with RLOC Probing
• Periodically probe the RLOCs to check their reachability
61
Host vs Network-based Loc/ID split
• Both can coexist
• At home, connected directly to the wall
• Let my ISP do the stuff for me
• In the street, calling with Skype over WIFI&3G
• Prefer WIFI to 3G when possible
62
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Source/Destination Locators
Source/Destination Locators
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Hash based Source Port
Source/Destination Locators
Source/Destination Locators
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fixed Destination port
Hash based Source Port
Source/Destination Locators
Source/Destination Locators
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fixed Destination port
Hash based Source Port
Source/Destination Locators
Source/Destination Locators
Encap data integrity check
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fixed Destination port
Hash based Source Port
Source/Destination Locators
Source/Destination Locators
Encap data integrity check
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bitV: Map-Version present bitI: Instance ID bit
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fixed Destination port
Hash based Source Port
Source/Destination Locators
Source/Destination Locators
Encap data integrity check
Packet unique identifier or version
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bitV: Map-Version present bitI: Instance ID bit
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fixed Destination port
Hash based Source Port
Source/Destination Locators
Source/Destination Locators
Encap data integrity check
Packet unique identifier or version
Source locator reachability or Instance ID or bothN: Nonce present bit
L: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bitV: Map-Version present bitI: Instance ID bit
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Header details
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OH | Time to Live | Protocol = 17 | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source Routing Locator | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination Routing Locator | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / | Source Port = xxxx | Dest Port = 4341 | UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L |N|L|E|V|I|flags| Nonce/Map-Version | I \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ S / | Instance ID/Locator Status Bits | P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / |Version| IHL |Type of Service| Total Length | / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Identification |Flags| Fragment Offset | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IH | Time to Live | Protocol | Header Checksum | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Source EID | \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ | Destination EID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Fixed Destination port
Hash based Source Port
Source/Destination Locators
Source/Destination Locators
Encap data integrity check
Packet unique identifier or version
Source locator reachability or Instance ID or bothN: Nonce present bit
L: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bit
N: Nonce present bitL: Locator Status Bits present bitE: Echo-Nonce request bitV: Map-Version present bitI: Instance ID bit
Source/Destination Locators
Source/Destination Identifiers
(IP(UDP(LISP(IP))))
63
Enca
psul
atin
gEn
caps
ulat
ed
Src/Dst Locators
• Source locator: IP address of the ITR that performed the encapsulation
• Destination locator: IP address of one ETR responsible for the destination EID’s prefix
• Locators can be in IPv4 or IPv6
64
Src/Dst EID• Source EID: IP address of the source end-host
• Destination EID: IP address of destination end-hosts
• EIDs can be in IPv4 or IPv6
• or even L2 with LCAF (WiP)
• AFI(RLOC) can be different AFI(EID)
• LISP can be an IPv4/IPv6 transition mechanism (but does not support xAFI)
65
Interworking of LISP and non LISP networks• Introduce transition devices
• Consider the legacy Internet as a big LISP site
• Proxy-ITR, encapsulates packets, whatever their source address
• Advertises coarse-aggregated EID prefixes to BGP
• Proxy ETR, decapsulates packets, whatever their destination EID
• LISP-NAT, rewriting instead of encapsulation
• ITR replaces source EID by one of its RLOCs
66