Scaling the Internet with LISP

Transcription

1 Scaling the Internet with LISP Olivier Bonaventure Department of Computing Science and Engineering Université catholique de Louvain (UCL) Place Sainte-Barbe, 2, B-1348, Louvain-la-Neuve (Belgium) 1

2 Scaling the Internet with LISP Issues with the current Internet architecture Separating Identifiers from Locators Locator-Identifier Separation Protocol (LISP) 2

3 Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables Evolution-Internet-Architecture/2008/ 3 Source : O. Bonaventure,

4 Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : O. Bonaventure,

5 Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables CID works well pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : O. Bonaventure,

6 Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables CID works well Growth is back pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : O. Bonaventure,

7 Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables Internet bubble CID works well Growth is back pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : O. Bonaventure,

8 Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables Internet bubble CID works well Growth is back again! Growth is back pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : O. Bonaventure,

9 easons for the BGP growth Distribution of prefixes versus length /8 /9 - /15 /16 /17 /18 /19 /20 /21 /22 /23 /24 /25 - /32 4

10 easons for the BGP growth Why so many small prefixes? Allocation of IP prefixes to sites Initial solution chosen by IANA FCFS for all qualifying sites few constraints on which sites qualify for an IP prefix Once allocated, the prefix is owned by the site forever Solution introduced by Is after CID Two types of prefixes Provider Independent prefixes Given by Is to qualifying sites (basically ISPs paying their membership dues to the I) Owned by the site forever and can be globally announced Provider Aggregatable prefixes Given by ISPs from their own address block to customers Customers are expected to return their prefix to its owner if they change from ISP 5

11 Why do site prefer PI prefixes? Main reasons PI Sites own their prefix for eternity and can change of provider whenever they want PA prefixes cause a provider lock-in syndrome Changing the IP prefix used by a site is difficult IP addresses and prefixes are manually written in configurations files for routers DNS servers Firewalls DHCP servers printers voice and video equipment... Finding all the places where IP addresses and prefixes have been configured is difficult and error-prone With some care, it is possible to prepare an IPv6 site to ease a subsequent IP prefix renumbering, but unfortunately most configurations are not prepared for such a renumbering event 6

12 easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS /17 2 A Provider AS123 I can reach / / /18 B I can reach /16 Global Internet Provider AS789 7

13 easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS I can reach /16 A I can reach /16 and / /17 2 Provider AS / /18 B I can reach /16 Global Internet Provider AS789 7

14 easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS I can reach /16 A I can reach /16 and / /17 2 Provider AS / /18 B I can reach /16 Global Internet Provider AS789 7

15 easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS I can reach / /17 A I can reach /16 and / /17 2 Provider AS / /18 B I can reach /16 Global Internet Provider AS789 7

16 easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS /17 2 I can reach / /17 A Provider I can reach AS /18 I can reach /16 and / / /18 I can reach / /18 B I can reach /16 Global Internet Provider AS789 7

17 easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS /17 2 I can reach / /17 A Provider I can reach AS /18 I can reach /16 and / /17 and / / /18 I can reach / /18 B I can reach /16 and /18 Global Internet Provider AS789 7

18 easons for the BGP growth easons for the BGP growth Multihoming /16 2 I can reach /16 Provider AS /16 Provider AS789 I can reach /16 Global Internet 8

19 easons for the BGP growth easons for the BGP growth Multihoming Client : AS /16 2 Provider AS123 I can reach / /16 Provider AS789 I can reach /16 Global Internet 8

20 easons for the BGP growth easons for the BGP growth Multihoming Client : AS / /16 2 Provider AS123 I can reach / /16 Provider AS789 I can reach /16 Global Internet 8

21 easons for the BGP growth easons for the BGP growth Multihoming Client : AS I can reach / /16 2 I can reach / /23 Provider AS /16 Provider AS789 I can reach /16 Global Internet 8

22 easons for the BGP growth easons for the BGP growth Multihoming Client : AS I can reach / /16 2 I can reach / /23 I can reach /23 Provider AS /16 Provider AS789 I can reach /16 Global Internet 8

23 easons for the BGP growth easons for the BGP growth Multihoming Client : AS I can reach / /16 2 I can reach / /23 I can reach /23 Provider AS /16 Provider AS789 I can reach /16 and /23 Global Internet 8

24 easons for the BGP growth easons for the BGP growth Multihoming Client : AS I can reach / /16 2 I can reach /16 and / /23 I can reach /23 Provider AS /16 Provider AS789 I can reach /16 and /23 Global Internet 8

25 easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS / /16 2 Provider AS123 I can reach / /16 Provider AS789 I can reach /16 Internet 9

26 easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS I can reach / /16 2 I can reach / /23 I can reach /24 Provider AS /16 I can reach /16 Provider AS789 Internet 9

27 easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS I can reach / /16 2 I can reach /16 and / /23 I can reach /24 Provider AS /16 I can reach /16 and /24 Provider AS789 Internet 9

28 easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS I can reach / /16 2 I can reach /16 and / /23 I can reach /24 Provider AS /16 I can reach /16 and /24 Provider AS789 Internet 9

29 easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS I can reach / /16 2 I can reach /16 and / /23 I can reach /24 Provider AS /16 I can reach /16 and /24 Provider AS789 Internet 9

30 easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS /23 1 I can reach /24 and / /16 Provider AS789 I can reach / /16 and /23 2 I can reach /16 Provider AS123 and /24 I can reach /16 and /24 Internet 9

31 easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS /23 1 I can reach /24 and / /16 Provider AS789 I can reach / /16 and /23 2 I can reach /16 Provider AS123 and /24 and /23 I can reach /16 and /24 and /23 Internet 9

32 Interdomain routing security Interdomain routing security Only Best Current Practices from network operators prevent a customer network from using BGP to announce the prefix of someone else Misconfigurations (fat fingers) are frequent 10

33 Issues with the current Internet architecture Limited size of IPv4 addressing space Weʼve seen this problem before and NAT, CID and IPv6 have been proposed... Evolution-Internet-Architecture/2008/ 11 Source O. Bonaventure,

34 Issues with the current Internet architecture Limited size of IPv4 addressing space Weʼve seen this problem before and NAT, CID and IPv6 have been proposed... Evolution-Internet-Architecture/2008/ 11 Source O. Bonaventure,

35 Scaling the Internet with LISP Issues with the current Internet architecture Separating Identifiers from Locators Locator-Identifier Separation Protocol (LISP) 12

36 The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Applic. Transport Network DataLink Applic. Transport Network DataLink 13

37 The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Applic. Transport Network DataLink Applic. Transport Network DataLink 13

38 The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Applic. Transport Network DataLink Applic. Transport Network DataLink 13

39 The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink Applic. Transport Network DataLink 13

40 The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink Applic. Transport Network DataLink 13

41 The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink Applic. Transport Network DataLink 13

42 The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink Applic. Transport Network DataLink 13

43 The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink Applic. Transport Network DataLink 13

44 Existing identifiers Loopback addresses are already used as identifiers, but only on routers / / / /

45 Existing identifiers Loopback addresses are already used as identifiers, but only on routers / / / / In contrast with endhost addresses and normal addresses on routers, loopback addresses are not tied to a particular physical interface a loopback address is always reachable provided that one of the routerʼs interfaces remains up loopback addresses are often used as identifiers this is only possible because the loopback addresses are directly advertised by the routing protocols 14

46 Principle of the Host-based solutions Transport layer IP routing sublayer 15

47 Principle of the Host-based solutions Transport layer Identifier : Id.A IP routing sublayer 15

48 Principle of the Host-based solutions Transport layer Identifier : Id.A IP routing sublayer Locators { Green.1, ed.2} 15

49 Principle of the Host-based solutions Transport layer Identifier : Id.A IP routing sublayer Locators { Green.1, ed.2} 15

50 Principle of the Host-based solutions Transport layer Identifier : Id.A Specific sublayer IP routing sublayer Locators { Green.1, ed.2} oles Translates the packets so that Transport layer always sees only the host identifier IP outing sublayer sees only locators Manages the set of locators Securely switches from one locator to another upon move or after link failure each host maintains some state 15

51 Principles of the Network-based solutions Transport layer IP routing sublayer 16

52 Principles of the Network-based solutions Hostʼs IP stack unchanged Each host has one stable IP address used as identifier not globally routed Transport layer Identifier : IPA IP routing sublayer 16

53 Principles of the Network-based solutions Hostʼs IP stack unchanged Each host has one stable IP address used as identifier not globally routed Transport layer Identifier : IPA IP routing sublayer Locators { IPGreen.A, IPed.A} 16

54 Principles of the Network-based solutions Hostʼs IP stack unchanged Each host has one stable IP address used as identifier not globally routed Transport layer Identifier : IPA IP routing sublayer Each edge router owns globally routed addresses used as locators Mapping mechanism is used to find locator associated to one identifier Packets from hosts are modified before being sent on Internet Locators { IPGreen.A, IPed.A} 16

55 Scaling the Internet with LISP Issues with the current Internet architecture Separating Identifiers from Locators Locator-Identifier Separation Protocol (LISP) 17

56 The Locator Identifier Separation Protocol Principles Define a router-based solution where current IP addresses are separated in two different spaces EndPoint Identifiers (EID) are used to identify endhosts. They are non-globally routable. Hosts in a given site are expected to use EIDs in the same prefix. outing Locators (LOC) are globally routable and are attach to routers A mapping mechanism allows to map an EndPoint Identifier onto the outing Locator(s) of the site router(s) outers encapsulate the packets received from hosts before sending them towards the destination LOC 18

57 LISP : design goals Main design goals Minimize required changes to Internet equire no hardware no software changes to endsystems (hosts) Be incrementally deployable equire no router hardware changes Minimize router software changes Avoid or minimize packet loss when EID-to-LOC mappings need to be performed 19

58 LISP : simple example AS /8 0100: DD:: Provider1 - AS /8 Provider2 - AS / : FF:: : FE::

59 LISP : simple example AS /8 0100: DD:: Provider1 - AS /8 Provider2 - AS / : FF::1234 S: 0100: FF::1234 D: 0100: FE:: : FE::

60 LISP : simple example AS /8 0100: DD:: Provider1 - AS /8 Provider2 - AS / S: 0100: FF::1234 D: 0100: DD:: : FF:: : FE::

61 LISP : simple example Mapping System AS /8 Mapping request Where is 0100: DD: : DD::8765 Provider1 - AS /8 Provider2 - AS / S: 0100: FF::1234 D: 0100: DD:: : FF:: : FE::

62 LISP : simple example Mapping reply for 0100: DD::8765 LOC Mapping System LOC AS /8 Mapping request Where is 0100: DD: : DD::8765 Provider1 - AS /8 Provider2 - AS / S: 0100: FF::1234 D: 0100: DD:: : FF:: : FE::

63 LISP : simple example AS /8 Provider1 - AS /8 Outer header S: D: Inner S: 0100: FF::1234 D: 0100: DD:: Provider2 - AS /8 0100: DD:: S: 0100: FF::1234 D: 0100: DD:: : FF:: : FE::

64 LISP : Terminology AS / : DD::8765 Provider1 - AS /8 Provider2 - AS / : FF:: : FE::

65 LISP : Terminology AS / : DD::8765 Provider1 - AS /8 Provider2 - AS / Ingress Tunnel outer (IT) : A router which accepts a packet containing a single IP header. The router maps 1 the destination address of the 2packet to an LOC and prepends a LISP header before forwarding the encapsulated packet. 0100: FF:: : FE::

66 LISP : Terminology AS /8 Provider1 - AS / Provider2 - AS /8 0100: DD::8765 Egress Tunnel outer (ET) : A router which accepts a LISP encapsulated packet. The router strips the LISP header and forwards the packet based on the next header Ingress Tunnel outer (IT) : A router which accepts a packet containing a single IP header. The router maps 1 the destination address of the 2packet to an LOC and prepends a LISP header before forwarding the encapsulated packet. 0100: FF:: : FE::

67 LISP : Terminology EID-to-LOC Database : a globally distributed database that contains all know EID-prefix to LOC mappings. AS /8 Provider1 - AS / Provider2 - AS /8 0100: DD::8765 Egress Tunnel outer (ET) : A router which accepts a LISP encapsulated packet. The router strips the LISP header and forwards the packet based on the next header Ingress Tunnel outer (IT) : A router which accepts a packet containing a single IP header. The router maps 1 the destination address of the 2packet to an LOC and prepends a LISP header before forwarding the encapsulated packet. 0100: FF:: : FE::

68 LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum Source outing Locator Destination outing Locator 22

69 LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum Source outing Locator Destination outing Locator UDP Src port : xxxx Dst port : 4341 UDP Length UDP checksum 22

70 LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum UDP Source outing Locator Destination outing Locator Src port : xxxx Dst port : 4341 UDP Length UDP checksum Source port should be random Destination port set to

71 LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum UDP LISP header Src port : xxxx Dst port : 4341 UDP Length UDP checksum Locator reach bits S E es. Source outing Locator Destination outing Locator Nonce Source port should be random Destination port set to

72 LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum UDP LISP header Src port : xxxx Dst port : 4341 UDP Length UDP checksum Locator reach bits S E es. Source outing Locator Destination outing Locator Nonce Source port should be random Destination port set to 4341 Used to indicate which xt are up. 22

73 LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum UDP LISP header Src port : xxxx Dst port : 4341 UDP Length UDP checksum Locator reach bits S E es. Source outing Locator Destination outing Locator Nonce Source port should be random Destination port set to 4341 Used to indicate which xt are up. Used to validate some control messages 22

74 LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum S: Solicit Map equest E: Echo equest UDP LISP header Src port : xxxx Dst port : 4341 UDP Length S E es. Source outing Locator Destination outing Locator UDP checksum Locator reach bits Nonce Source port should be random Destination port set to 4341 Used to indicate which xt are up. Used to validate some control messages 22

75 LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum S: Solicit Map equest E: Echo equest UDP LISP header Inner packet Src port : xxxx Dst port : 4341 UDP Length S E es. Ver Tclass Source outing Locator Destination outing Locator Payload Length UDP checksum Locator reach bits Nonce Flow Label NxtHdr Hop Limit Source EndPoint Identifier (128 bits) Source port should be random Destination port set to 4341 Used to indicate which xt are up. Used to validate some control messages 22

76 LISP Mapping Possible models for the mapping mechanism Push model LISP ET routers receive from a protocol to be designed the mapping tables that they need to use to map EIDs onto LOCs Pull model LISP ET routers refresh their mapping table by querying the mapping mechanism each time they receive a packet whose mapping is unknown Hybrid models Push is used to place popular or important mappings on LISP ET routers and they query for the less important mappings 23

77 NED A Not-so-novel EID to LOC Database The only proposed push model Composed of 4 parts a network database format; a change distribution format; a database retrieval/bootstrapping method; a change distribution method Principles An authority computes the mapping database based on the stored registrations The database signed by the authority is stored on servers IT poll regularly the database servers to update their own mapping database 24

78 LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Nonce Source-AFI IT-AFI Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data 25

79 LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message Number of records in map-request 1 Flags eserved ec.# Nonce Source-AFI IT-AFI Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data 25

80 LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Number of records in map-request andom in request, copied in reply Nonce Source-AFI IT-AFI Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data 25

81 LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Source-AFI Nonce IT-AFI Number of records in map-request andom in request, copied in reply LOC of the IT sending the map-request message Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data 25

82 LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Source-AFI Nonce IT-AFI Number of records in map-request andom in request, copied in reply LOC of the IT sending the map-request message Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data mask length of EID prefix 25

83 LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Source-AFI Nonce IT-AFI Number of records in map-request andom in request, copied in reply LOC of the IT sending the map-request message Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data AFI of the requested mapping mask length of EID prefix 25

84 LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Source-AFI Nonce IT-AFI Number of records in map-request andom in request, copied in reply LOC of the IT sending the map-request message Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data EID prefix for which the mapping is requested AFI of the requested mapping mask length of EID prefix 25

85 LISP mapping messages Map-reply message format sent over UDP E C O D 2 eserved ec.# Nonce ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data 26

86 LISP mapping messages Copied from Mapequest Map-reply message format sent over UDP 2 eserved ec.# Nonce E C O D ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data 26

87 LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest 2 eserved ec.# Nonce E C O D ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data 26

88 LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest 2 eserved ec.# Nonce Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides E C O D ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data 26

89 LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest E C O D 2 eserved ec.# Nonce ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides Authoritative or not 26

90 LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest E C O D 2 eserved ec.# Nonce ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides Authoritative or not Priority : LOCs with lower priority are preferred. If several have same priority, load balance among them Weight : percentage of traffic to this LOC when load balancing is active 26

91 LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest 2 eserved ec.# Nonce ecord TTL Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides Authoritative or not Is record is reachable from responderʼs viewpoint? E C O D Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data Priority : LOCs with lower priority are preferred. If several have same priority, load balance among them Weight : percentage of traffic to this LOC when load balancing is active 26

92 LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest 2 eserved ec.# Nonce ecord TTL Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides Authoritative or not Is record is reachable from responderʼs viewpoint? E C O D Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data Priority : LOCs with lower priority are preferred. If several have same priority, load balance among them Weight : percentage of traffic to this LOC when load balancing is active Used for Multicast 26

93 How to control incoming traffic? LISP site can control incoming traffic with Weight and Priority A 0100: DD::8765/48 A primary, C backup Mapping for 0100:DD::/48 LOC , prio=1, weight=100 LOC , prio=99, weight=100 C

94 How to control incoming traffic? LISP site can control incoming traffic with Weight and Priority A 0100: DD::8765/48 A primary, C backup Mapping for 0100:DD::/48 LOC , prio=1, weight=100 LOC , prio=99, weight=100 C A 30%, C 70% Mapping for 0100:DD::/48 LOC , prio=1, weight=30 LOC , prio=1, weight=70 LISP IT will load balance layer 4 flows by using hash as in ECMP 27

95 Pull-based mapping systems LISP-ALT Built with an overlay composed of GE tunnels between LISP xts with BGP Solution implemented by Cisco and chosen by LISP WG LISP-DHT Mapping information is stored in a distributed hash table that is queried by ITs LISP-CONS New mapping protocol proposed earlier in WG... 28

96 LISP ALT A mapping mechanism that relies on an alternate topology to distribute mapping requests to mapping servers LISP IT routers sending mapping request messages to ALT routers ALT routers forward those mapping messages between themselves on an overlay topology built by using GE tunnels 29

97 LISP ALT (2) A2 EID: /16 A4 A5 A1 A3 A9 EID: /16 EID: /16 30

98 LISP ALT (2) A2 is authoritative for EID prefix /16 A2 EID: /16 A4 A5 A1 A3 A9 EID: /16 EID: /16 30

99 LISP ALT (2) A2 is authoritative for EID prefix /16 A2 BGP /16 via A2 EID: /16 A4 A5 A1 BGP /16 via A1 A3 A9 EID: /16 EID: /16 30

100 LISP ALT (2) A2 is authoritative for EID prefix /16 A4 aggregates and advertises /8 over ALT overlay EID: /16 A2 BGP /16 via A2 A5 A4 BGP /8 via A4 A1 BGP /16 via A1 A3 A9 EID: /16 EID: /16 30

101 LISP ALT (2) A2 is authoritative for EID prefix /16 A4 aggregates and advertises /8 over ALT overlay EID: /16 A2 BGP /16 via A2 A5 A4 BGP /8 via A4 EID: /16 A1 BGP /16 via A1 A3 BGP /0 via A3 A9 EID: /16 30

102 LISP - ALT : Example A2 EID: /16 A4 A5 A1 1 A3 A9 9 EID: /16 EID: /16 31

103 LISP - ALT : Example A2 EID: /16 A4 A5 A1 1 A3 A9 9 EID: /16 Src: Dst: EID: /16 31

104 LISP - ALT : Example A2 EID: /16 A4 A5 A1 1 Map request From ? A3 A9 9 EID: /16 Src: Dst: EID: /16 31

105 LISP - ALT : Example A2 EID: /16 A4 A5 EID: /16 A1 1 Src: Dst: A3 Map request From ? A9 9 EID: /16 31

106 LISP - ALT : Example A2 EID: /16 A4 A5 Src: 9 Dst:1 Map reply /16:9 EID: /16 A1 1 Src: Dst: A3 Map request From ? A9 9 EID: /16 31

107 LISP - ALT : Example A2 EID: /16 A4 A5 EID: /16 A1 1 Src: 9 Dst:1 Map reply /16:9 Src: Dst: A3 Map request From ? A9 9 EID: /16 31

108 LISP - ALT : Example A2 EID: /16 1 inserts /16=9 in its cache EID: /16 A1 1 Src: 9 Dst:1 Map reply /16:9 Src: Dst: A4 A3 A5 Map request From ? A9 9 EID: /16 31

109 LISP - ALT : Example EID: /16 1 inserts /16=9 in its cache EID: /16 A1 1 A2 Src: 9 Dst:1 Map reply /16:9 Src: Dst: A4 A3 A5 Map request From ? A9 9 EID: /16 The first packet can be sent over ALT topology with mapping request to reduce its delay 31

110 Issues with ALT Complex system with tunnels, BGP protocol (no discussion about policies),... Still relies on lots of error-prone manual configuration Scalability will depend on whether aggregation will be possible If mapping requests are lost due to congestion, difficult to diagnose the problem or send them via another path Security needs to be studied 32

111 The reachability problem in todayʼs Internet ET1 e/48 ET AS /8 IT1 In todayʼs Internet, routing protocols converge after a link failure to ensure that multihomed prefixes such as e remain reachable 33

112 The reachability problem in a LISP-based Internet ET1 e/48 ET AS / IT1 Mapping e/48 via and

113 The reachability problem in a LISP-based Internet ET1 e/48 ET AS / IT1 Mapping e/48 via and Upon failure of ET1-3, AS2 continues to advertise /8 as reachable to IT1 via BGP How can IT1 notice that ET1 is down and that it should use only ET2 ( ) to reach prefix e? 34

114 Solving the reachability problem with the reachability bits ET1 e/48 ET2 IP UDP LISP AS / IP UDP LISP IT1 Mapping e/48 via and

115 Solving the reachability problem with the reachability bits ET1 e/48 ET AS / IP UDP LISP IT1 Mapping e/48 via and

116 Solving the reachability problem with the reachability bits ET1 e/48 ET AS / IP UDP LISP IT1 Mapping e/48 via and When ET1 fails, it removes its default route from OSPF ET2 notices the failure and informs all ITs to which it is sending LISP encapsulated packets by setting the reachability bit of ET1 to 0 35

117 Solving the reachability problem with the reachability bits ET1 e/48 ET AS / IP UDP LISP IT1 Mapping e/48 via and When ET1 fails, it removes its default route from OSPF ET2 notices the failure and informs all ITs to which it is sending LISP encapsulated packets by setting the reachability bit of ET1 to 0 35

118 Solving the reachability problem with the SM bits ET1 e/48 ET AS / IT1 Mapping e/48 via and ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36

119 Solving the reachability problem with the SM bits ET1 e/48 ET AS / S 1234 IP UDP LISP IT1 Mapping e/48 via and ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36

120 Solving the reachability problem with the SM bits ET1 e/48 ET2 Mapequest IPv6 e IPv4-AFI AS / S 1234 IP UDP LISP IT1 Mapping e/48 via and ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36

121 Solving the reachability problem with the SM bits ET1 e/48 ET2 Mapequest IPv6 e IPv4-AFI IT1 4 2 AS / S 1234 Mapeply Nonce=1234 e/48 via Mapping e/48 via and IP UDP LISP ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36

122 Solving the reachability problem with the SM bits ET1 e/48 ET2 Mapequest IPv6 e IPv4-AFI IT1 4 2 AS / S 1234 Mapeply Nonce=1234 e/48 via Mapping e/48 via IP UDP LISP ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36

123 Partial reachability problems ET1 e/48 ET AS / IT1 Mapping e/48 via and

124 Partial reachability problems ET1 e/48 ET AS / IT1 Mapping e/48 via and ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37

125 Partial reachability problems ET1 e/48 ET IT1 4 2 AS /8 IP UDP Mapping LISP E 5678 e/48 via and ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37

126 Partial reachability problems ET1 3 1 e/48 ET AS /8 IP UDP LISP E IT1 Mapping e/48 via and ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37

127 Partial reachability problems ET1 3 1 e/48 ET IP UDP LISP AS / IT1 Mapping e/48 via and ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37

128 Partial reachability problems ET1 e/48 ET IT1 4 2 AS2 IP /8 UDP LISP Mapping e/48 via and ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37

129 Partial reachability problems ET1 e/48 ET AS / IT1 Mapping e/48 via and ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37

130 Partial reachability problems ET1 e/48 ET IP UDP LISP E AS / IT1 Mapping e/48 via and ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37

131 Partial reachability problems ET1 e/48 ET AS /8 IP UDP LISP IT1 Mapping e/48 via and ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37

132 An evaluation of the cost of using LISP mappings Full Netflow (v7) on border router 1 Gigabit link to Belnet ~10000 users (/16 prefix block) Analysis: flow-tools + custom software /BGP Granularity of mappings iplane data set Source : Iannone, L. and Bonaventure, O On the cost Evolution-Internet-Architecture/2008/ 38 of caching locator/id mappings. In Proceedings of the 2007 ACM CoNEXT Conference L. Iannone,

133 Correspondent Prefixes Incoming Flows Correspondent Prefixes/Minute Outgoing Flows Union Hour Daily eport (Per-Minute Granularity) Evolution-Internet-Architecture/2008/ 39 L. Iannone,

134 Mappingsʼ Cache Size Number of Entries h 3 Min Timeout 30 Min Timeout 300 Min Timeout 12h 24h Evolution-Internet-Architecture/2008/ 40 L. Iannone,

135 Hit atio - Full PULL Model Hit atio (%) h 3 Min Timeout 30 Min Timeout 300 Min Timeout Evolution-Internet-Architecture/2008/ 41 12h 24h L. Iannone,

136 Traffic Volume per Entry CDF Mbytes 3 Min Timeout 30 Min Timeout 300 Min Timeout Evolution-Internet-Architecture/2008/ 42 L. Iannone,

137 Lookups - PULL Model 3 min timeout Timeout Period 1 LOC 2 LOCs 3 LOCs 3 min. Night 4 kbps 4.9 kbps 5.7 kbps Day 24.4 kpbs 29.2 kbps 34 kbps 30 min. Night kbps kbps 1.14 kbps Day 8.2 kbps 9.7 kbps 11.3 kbps 300 min. Night kbps kbps kbps Day 2.36 kbps 2.82 kbps 3.29 kbps Evolution-Internet-Architecture/2008/ 43 L. Iannone,

138 LISP challenges How to securely map one identifier onto the corresponding locators? (too) many proposals security not addressed convincingly scalability and performance are concerns How to deal with mobile hosts? Some discussions have started Is there enough incentive for edge networks to deploy this solution while they donʼt suffer from the cost of huge BGP routing tables? Other work within LISP WG Multicast LISP LISP Interworking 44

139 eferences LISP Working group Farinacci, D., et al., Locator/ID Separation Protocol (LISP), draft-ietf-lisp-02, 2009 Farinacci, D., et al., LISP Alternative Topology (LISP-ALT), draft-ietf-lisp-alt-02, Implementations Papers D. Meyer, The Locator/Identifier Separation Protocol, Internet Protocol Journal, L. Iannone et al., On the cost of caching locator/id mappings. CoNEXT 2007 L. Iannone, L. Mathy, LISP-DHT, earch