Scaling the Internet with LISP Olivier Bonaventure Department of Computing Science and Engineering Université catholique de Louvain (UCL) Place Sainte-Barbe, 2, B-1348, Louvain-la-Neuve (Belgium) http://inl.info.ucl.ac.be 1
Scaling the Internet with LISP Issues with the current Internet architecture Separating Identifiers from Locators Locator-Identifier Separation Protocol (LISP) 2
Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables Evolution-Internet-Architecture/2008/ 3 Source : http://bgp.potaroo.net O. Bonaventure, 2008 3
Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : http://bgp.potaroo.net O. Bonaventure, 2008 3
Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables CID works well pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : http://bgp.potaroo.net O. Bonaventure, 2008 3
Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables CID works well Growth is back pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : http://bgp.potaroo.net O. Bonaventure, 2008 3
Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables Internet bubble CID works well Growth is back pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : http://bgp.potaroo.net O. Bonaventure, 2008 3
Issues with the current Internet architecture Interdomain routing scalability Growth of BGP routing tables Internet bubble CID works well Growth is back again! Growth is back pre-cid fast growth Evolution-Internet-Architecture/2008/ 3 Source : http://bgp.potaroo.net O. Bonaventure, 2008 3
easons for the BGP growth Distribution of prefixes versus length /8 /9 - /15 /16 /17 /18 /19 /20 /21 /22 /23 /24 /25 - /32 4
easons for the BGP growth Why so many small prefixes? Allocation of IP prefixes to sites Initial solution chosen by IANA FCFS for all qualifying sites few constraints on which sites qualify for an IP prefix Once allocated, the prefix is owned by the site forever Solution introduced by Is after CID Two types of prefixes Provider Independent prefixes Given by Is to qualifying sites (basically ISPs paying their membership dues to the I) Owned by the site forever and can be globally announced Provider Aggregatable prefixes Given by ISPs from their own address block to customers Customers are expected to return their prefix to its owner if they change from ISP 5
Why do site prefer PI prefixes? Main reasons PI Sites own their prefix for eternity and can change of provider whenever they want PA prefixes cause a provider lock-in syndrome Changing the IP prefix used by a site is difficult IP addresses and prefixes are manually written in configurations files for routers DNS servers Firewalls DHCP servers printers voice and video equipment... Finding all the places where IP addresses and prefixes have been configured is difficult and error-prone With some care, it is possible to prepare an IPv6 site to ease a subsequent IP prefix renumbering, but unfortunately most configurations are not prepared for such a renumbering event 6
easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS4567 1 130.104.0.0/17 2 A Provider AS123 I can reach 194.100.0.0/16 130.104.128.0/18 3 130.104.192.0/18 B I can reach 200.0.0.0/16 Global Internet Provider AS789 7
easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS4567 1 I can reach 130.104.0.0/16 A I can reach 194.100.0.0/16 and 130.104.0.0/16 130.104.0.0/17 2 Provider AS123 130.104.128.0/18 3 130.104.192.0/18 B I can reach 200.0.0.0/16 Global Internet Provider AS789 7
easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS4567 1 I can reach 130.104.0.0/16 A I can reach 194.100.0.0/16 and 130.104.0.0/16 130.104.0.0/17 2 Provider AS123 130.104.128.0/18 3 130.104.192.0/18 B I can reach 200.0.0.0/16 Global Internet Provider AS789 7
easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS4567 1 I can reach 130.104.0.0/16 130.104.0.0/17 A I can reach 194.100.0.0/16 and 130.104.0.0/16 130.104.0.0/17 2 Provider AS123 130.104.128.0/18 3 130.104.192.0/18 B I can reach 200.0.0.0/16 Global Internet Provider AS789 7
easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS4567 1 130.104.0.0/17 2 I can reach 130.104.0.0/16 130.104.0.0/17 A Provider I can reach AS123 130.104.128.0/18 I can reach 194.100.0.0/16 and 130.104.0.0/16 130.104.128.0/18 3 130.104.192.0/18 I can reach 130.104.0.0/16 130.104.192.0/18 B I can reach 200.0.0.0/16 Global Internet Provider AS789 7
easons for the BGP growth More are more network are internally fragmented Internet link is sometimes cheaper than normal link Client : AS4567 1 130.104.0.0/17 2 I can reach 130.104.0.0/16 130.104.0.0/17 A Provider I can reach AS123 130.104.128.0/18 I can reach 194.100.0.0/16 and 130.104.0.0/16 130.104.0.0/17 and 130.104.128.0/18 130.104.128.0/18 3 130.104.192.0/18 I can reach 130.104.0.0/16 130.104.192.0/18 B I can reach 200.0.0.0/16 and 130.104.192.0/18 Global Internet Provider AS789 7
easons for the BGP growth easons for the BGP growth Multihoming 194.100.0.0/16 2 I can reach 194.100.0.0/16 Provider AS123 3 200.0.0.0/16 Provider AS789 I can reach 200.0.0.0/16 Global Internet 8
easons for the BGP growth easons for the BGP growth Multihoming Client : AS4567 1 194.100.0.0/16 2 Provider AS123 I can reach 194.100.0.0/16 3 200.0.0.0/16 Provider AS789 I can reach 200.0.0.0/16 Global Internet 8
easons for the BGP growth easons for the BGP growth Multihoming Client : AS4567 194.100.10.0/23 1 194.100.0.0/16 2 Provider AS123 I can reach 194.100.0.0/16 3 200.0.0.0/16 Provider AS789 I can reach 200.0.0.0/16 Global Internet 8
easons for the BGP growth easons for the BGP growth Multihoming Client : AS4567 1 I can reach 194.100.10.0/23 194.100.0.0/16 2 I can reach 194.100.0.0/16 194.100.10.0/23 Provider AS123 3 200.0.0.0/16 Provider AS789 I can reach 200.0.0.0/16 Global Internet 8
easons for the BGP growth easons for the BGP growth Multihoming Client : AS4567 1 I can reach 194.100.10.0/23 194.100.0.0/16 2 I can reach 194.100.0.0/16 194.100.10.0/23 I can reach 194.100.10.0/23 Provider AS123 3 200.0.0.0/16 Provider AS789 I can reach 200.0.0.0/16 Global Internet 8
easons for the BGP growth easons for the BGP growth Multihoming Client : AS4567 1 I can reach 194.100.10.0/23 194.100.0.0/16 2 I can reach 194.100.0.0/16 194.100.10.0/23 I can reach 194.100.10.0/23 Provider AS123 3 200.0.0.0/16 Provider AS789 I can reach 200.0.0.0/16 and 194.100.10.0/23 Global Internet 8
easons for the BGP growth easons for the BGP growth Multihoming Client : AS4567 1 I can reach 194.100.10.0/23 194.100.0.0/16 2 I can reach 194.100.0.0/16 and 194.100.10.0/23 194.100.10.0/23 I can reach 194.100.10.0/23 Provider AS123 3 200.0.0.0/16 Provider AS789 I can reach 200.0.0.0/16 and 194.100.10.0/23 Global Internet 8
easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS4567 194.100.10.0/23 1 194.100.0.0/16 2 Provider AS123 I can reach 194.100.0.0/16 3 200.0.0.0/16 Provider AS789 I can reach 200.0.0.0/16 Internet 9
easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS4567 1 I can reach 194.100.11.0/24 194.100.0.0/16 2 I can reach 194.100.0.0/16 194.100.10.0/23 I can reach 194.100.10.0/24 Provider AS123 3 200.0.0.0/16 I can reach 200.0.0.0/16 Provider AS789 Internet 9
easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS4567 1 I can reach 194.100.11.0/24 194.100.0.0/16 2 I can reach 194.100.0.0/16 and 194.100.11.0/24 194.100.10.0/23 I can reach 194.100.10.0/24 Provider AS123 3 200.0.0.0/16 I can reach 200.0.0.0/16 and 194.100.10.0/24 Provider AS789 Internet 9
easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS4567 1 I can reach 194.100.11.0/24 194.100.0.0/16 2 I can reach 194.100.0.0/16 and 194.100.11.0/24 194.100.10.0/23 I can reach 194.100.10.0/24 Provider AS123 3 200.0.0.0/16 I can reach 200.0.0.0/16 and 194.100.10.0/24 Provider AS789 Internet 9
easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS4567 1 I can reach 194.100.11.0/24 194.100.0.0/16 2 I can reach 194.100.0.0/16 and 194.100.11.0/24 194.100.10.0/23 I can reach 194.100.10.0/24 Provider AS123 3 200.0.0.0/16 I can reach 200.0.0.0/16 and 194.100.10.0/24 Provider AS789 Internet 9
easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS4567 194.100.10.0/23 1 I can reach 194.100.10.0/24 and 194.100.10.0/23 3 200.0.0.0/16 Provider AS789 I can reach 194.100.11.0/24 194.100.0.0/16 and 194.100.10.0/23 2 I can reach 200.0.0.0/16 Provider AS123 and 194.100.10.0/24 I can reach 194.100.0.0/16 and 194.100.11.0/24 Internet 9
easons for the BGP growth easons for the BGP growth Traffic engineering Client : AS4567 194.100.10.0/23 1 I can reach 194.100.10.0/24 and 194.100.10.0/23 3 200.0.0.0/16 Provider AS789 I can reach 194.100.11.0/24 194.100.0.0/16 and 194.100.10.0/23 2 I can reach 200.0.0.0/16 Provider AS123 and 194.100.10.0/24 and 194.100.10.0/23 I can reach 194.100.0.0/16 and 194.100.11.0/24 and 194.100.10.0/23 Internet 9
Interdomain routing security Interdomain routing security Only Best Current Practices from network operators prevent a customer network from using BGP to announce the prefix of someone else Misconfigurations (fat fingers) are frequent http://www.ripe.net/news/study-youtube-hijacking.html 10
Issues with the current Internet architecture Limited size of IPv4 addressing space Weʼve seen this problem before and NAT, CID and IPv6 have been proposed... Evolution-Internet-Architecture/2008/ 11 Source http://www.potaroo.net/tools/ipv4/index.html O. Bonaventure, 2008 11
Issues with the current Internet architecture Limited size of IPv4 addressing space Weʼve seen this problem before and NAT, CID and IPv6 have been proposed... Evolution-Internet-Architecture/2008/ 11 Source http://www.potaroo.net/tools/ipv4/index.html O. Bonaventure, 2008 11
Scaling the Internet with LISP Issues with the current Internet architecture Separating Identifiers from Locators Locator-Identifier Separation Protocol (LISP) 12
The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Applic. Transport Network DataLink 1 3 4 2 5 6 Applic. Transport Network DataLink 13
The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Applic. Transport Network DataLink 1 3 4 2 5 6 Applic. Transport Network DataLink 13
The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Applic. Transport Network DataLink 1 3 4 2 5 6 Applic. Transport Network DataLink 13
The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink 1 3 4 2 5 6 Applic. Transport Network DataLink 13
The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink 1 3 4 2 5 6 Applic. Transport Network DataLink 13
The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink 1 3 4 2 5 6 Applic. Transport Network DataLink 13
The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink 1 3 4 2 5 6 Applic. Transport Network DataLink 13
The complementary roles of IP addresses The IP addresses currently used by endhosts play two complementary roles Identifier role : the IP address identifies (with port) the endpoint of transport flows Locator role : the IP address indicates the paths used to reach the endhost these paths are updated by routing protocols after each topology change Applic. Transport Network DataLink 1 3 4 2 5 6 Applic. Transport Network DataLink 13
Existing identifiers Loopback addresses are already used as identifiers, but only on routers 6 1.2.3.4/32 10.0.6.1/30 10.0.3.1/30 1 10.0.5.1/30 3 5 14
Existing identifiers Loopback addresses are already used as identifiers, but only on routers 6 1.2.3.4/32 10.0.6.1/30 10.0.3.1/30 1 10.0.5.1/30 3 5 In contrast with endhost addresses and normal addresses on routers, loopback addresses are not tied to a particular physical interface a loopback address is always reachable provided that one of the routerʼs interfaces remains up loopback addresses are often used as identifiers this is only possible because the loopback addresses are directly advertised by the routing protocols 14
Principle of the Host-based solutions Transport layer IP routing sublayer 15
Principle of the Host-based solutions Transport layer Identifier : Id.A IP routing sublayer 15
Principle of the Host-based solutions Transport layer Identifier : Id.A IP routing sublayer Locators { Green.1, ed.2} 15
Principle of the Host-based solutions Transport layer Identifier : Id.A IP routing sublayer Locators { Green.1, ed.2} 15
Principle of the Host-based solutions Transport layer Identifier : Id.A Specific sublayer IP routing sublayer Locators { Green.1, ed.2} oles Translates the packets so that Transport layer always sees only the host identifier IP outing sublayer sees only locators Manages the set of locators Securely switches from one locator to another upon move or after link failure each host maintains some state 15
Principles of the Network-based solutions Transport layer IP routing sublayer 16
Principles of the Network-based solutions Hostʼs IP stack unchanged Each host has one stable IP address used as identifier not globally routed Transport layer Identifier : IPA IP routing sublayer 16
Principles of the Network-based solutions Hostʼs IP stack unchanged Each host has one stable IP address used as identifier not globally routed Transport layer Identifier : IPA IP routing sublayer Locators { IPGreen.A, IPed.A} 16
Principles of the Network-based solutions Hostʼs IP stack unchanged Each host has one stable IP address used as identifier not globally routed Transport layer Identifier : IPA IP routing sublayer Each edge router owns globally routed addresses used as locators Mapping mechanism is used to find locator associated to one identifier Packets from hosts are modified before being sent on Internet Locators { IPGreen.A, IPed.A} 16
Scaling the Internet with LISP Issues with the current Internet architecture Separating Identifiers from Locators Locator-Identifier Separation Protocol (LISP) 17
The Locator Identifier Separation Protocol Principles Define a router-based solution where current IP addresses are separated in two different spaces EndPoint Identifiers (EID) are used to identify endhosts. They are non-globally routable. Hosts in a given site are expected to use EIDs in the same prefix. outing Locators (LOC) are globally routable and are attach to routers A mapping mechanism allows to map an EndPoint Identifier onto the outing Locator(s) of the site router(s) outers encapsulate the packets received from hosts before sending them towards the destination LOC 18
LISP : design goals Main design goals Minimize required changes to Internet equire no hardware no software changes to endsystems (hosts) Be incrementally deployable equire no router hardware changes Minimize router software changes Avoid or minimize packet loss when EID-to-LOC mappings need to be performed 19
LISP : simple example 3.2.1.1 AS3 3.0.0.0/8 0100: DD::8765 2.1.1.1 Provider1 - AS1 1.0.0.0/8 Provider2 - AS2 2.0.0.0/8 1.1.1.1 1 2 2.2.2.2 0100: FF::1234 0100: FE::2345 20
LISP : simple example 3.2.1.1 AS3 3.0.0.0/8 0100: DD::8765 2.1.1.1 Provider1 - AS1 1.0.0.0/8 Provider2 - AS2 2.0.0.0/8 1.1.1.1 1 2 2.2.2.2 0100: FF::1234 S: 0100: FF::1234 D: 0100: FE::2345 0100: FE::2345 20
LISP : simple example 3.2.1.1 AS3 3.0.0.0/8 0100: DD::8765 2.1.1.1 Provider1 - AS1 1.0.0.0/8 Provider2 - AS2 2.0.0.0/8 1.1.1.1 1 2 2.2.2.2 S: 0100: FF::1234 D: 0100: DD::8765 0100: FF::1234 0100: FE::2345 20
LISP : simple example Mapping System AS3 3.0.0.0/8 Mapping request Where is 0100: DD:8765 3.2.1.1 2.1.1.1 0100: DD::8765 Provider1 - AS1 1.0.0.0/8 Provider2 - AS2 2.0.0.0/8 1.1.1.1 1 2 2.2.2.2 S: 0100: FF::1234 D: 0100: DD::8765 0100: FF::1234 0100: FE::2345 20
LISP : simple example Mapping reply for 0100: DD::8765 LOC1 3.2.1.1 Mapping System LOC2 2.1.1.1 AS3 3.0.0.0/8 Mapping request Where is 0100: DD:8765 3.2.1.1 2.1.1.1 0100: DD::8765 Provider1 - AS1 1.0.0.0/8 Provider2 - AS2 2.0.0.0/8 1.1.1.1 1 2 2.2.2.2 S: 0100: FF::1234 D: 0100: DD::8765 0100: FF::1234 0100: FE::2345 20
LISP : simple example 3.2.1.1 AS3 3.0.0.0/8 Provider1 - AS1 1.0.0.0/8 Outer header S: 1.1.1.1 D: 3.2.1.1 Inner S: 0100: FF::1234 D: 0100: DD::8765 2.1.1.1 Provider2 - AS2 2.0.0.0/8 0100: DD::8765 1.1.1.1 1 2 2.2.2.2 S: 0100: FF::1234 D: 0100: DD::8765 0100: FF::1234 0100: FE::2345 20
LISP : Terminology 3.2.1.1 AS3 3.0.0.0/8 2.1.1.1 0100: DD::8765 Provider1 - AS1 1.0.0.0/8 Provider2 - AS2 2.0.0.0/8 1.1.1.1 1 2 2.2.2.2 0100: FF::1234 0100: FE::2345 21
LISP : Terminology 3.2.1.1 AS3 3.0.0.0/8 2.1.1.1 0100: DD::8765 Provider1 - AS1 1.0.0.0/8 Provider2 - AS2 2.0.0.0/8 1.1.1.1 Ingress Tunnel outer (IT) : A router which accepts a packet containing a single IP header. The router maps 1 the destination address of the 2packet 2.2.2.2 to an LOC and prepends a LISP header before forwarding the encapsulated packet. 0100: FF::1234 0100: FE::2345 21
LISP : Terminology AS3 3.0.0.0/8 Provider1 - AS1 1.0.0.0/8 3.2.1.1 Provider2 - AS2 2.0.0.0/8 0100: DD::8765 Egress Tunnel outer (ET) : A router which 2.1.1.1 accepts a LISP encapsulated packet. The router strips the LISP header and forwards the packet based on the next header. 1.1.1.1 Ingress Tunnel outer (IT) : A router which accepts a packet containing a single IP header. The router maps 1 the destination address of the 2packet 2.2.2.2 to an LOC and prepends a LISP header before forwarding the encapsulated packet. 0100: FF::1234 0100: FE::2345 21
LISP : Terminology EID-to-LOC Database : a globally distributed database that contains all know EID-prefix to LOC mappings. AS3 3.0.0.0/8 Provider1 - AS1 1.0.0.0/8 3.2.1.1 Provider2 - AS2 2.0.0.0/8 0100: DD::8765 Egress Tunnel outer (ET) : A router which 2.1.1.1 accepts a LISP encapsulated packet. The router strips the LISP header and forwards the packet based on the next header. 1.1.1.1 Ingress Tunnel outer (IT) : A router which accepts a packet containing a single IP header. The router maps 1 the destination address of the 2packet 2.2.2.2 to an LOC and prepends a LISP header before forwarding the encapsulated packet. 0100: FF::1234 0100: FE::2345 21
LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum Source outing Locator Destination outing Locator 22
LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum Source outing Locator Destination outing Locator UDP Src port : xxxx Dst port : 4341 UDP Length UDP checksum 22
LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum UDP Source outing Locator Destination outing Locator Src port : xxxx Dst port : 4341 UDP Length UDP checksum Source port should be random Destination port set to 4341 22
LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum UDP LISP header Src port : xxxx Dst port : 4341 UDP Length UDP checksum Locator reach bits S E es. Source outing Locator Destination outing Locator Nonce Source port should be random Destination port set to 4341 22
LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum UDP LISP header Src port : xxxx Dst port : 4341 UDP Length UDP checksum Locator reach bits S E es. Source outing Locator Destination outing Locator Nonce Source port should be random Destination port set to 4341 Used to indicate which xt are up. 22
LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum UDP LISP header Src port : xxxx Dst port : 4341 UDP Length UDP checksum Locator reach bits S E es. Source outing Locator Destination outing Locator Nonce Source port should be random Destination port set to 4341 Used to indicate which xt are up. Used to validate some control messages 22
LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum S: Solicit Map equest E: Echo equest UDP LISP header Src port : xxxx Dst port : 4341 UDP Length S E es. Source outing Locator Destination outing Locator UDP checksum Locator reach bits Nonce Source port should be random Destination port set to 4341 Used to indicate which xt are up. Used to validate some control messages 22
LISP data packet format 32 bits Ver IHL DS Total length Outer header Identification Flags Offset TTL Protocol Checksum S: Solicit Map equest E: Echo equest UDP LISP header Inner packet Src port : xxxx Dst port : 4341 UDP Length S E es. Ver Tclass Source outing Locator Destination outing Locator Payload Length UDP checksum Locator reach bits Nonce Flow Label NxtHdr Hop Limit Source EndPoint Identifier (128 bits) Source port should be random Destination port set to 4341 Used to indicate which xt are up. Used to validate some control messages 22
LISP Mapping Possible models for the mapping mechanism Push model LISP ET routers receive from a protocol to be designed the mapping tables that they need to use to map EIDs onto LOCs Pull model LISP ET routers refresh their mapping table by querying the mapping mechanism each time they receive a packet whose mapping is unknown Hybrid models Push is used to place popular or important mappings on LISP ET routers and they query for the less important mappings 23
NED A Not-so-novel EID to LOC Database The only proposed push model Composed of 4 parts a network database format; a change distribution format; a database retrieval/bootstrapping method; a change distribution method Principles An authority computes the mapping database based on the stored registrations The database signed by the authority is stored on servers IT poll regularly the database servers to update their own mapping database 24
LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Nonce Source-AFI IT-AFI Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data 25
LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message Number of records in map-request 1 Flags eserved ec.# Nonce Source-AFI IT-AFI Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data 25
LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Number of records in map-request andom in request, copied in reply Nonce Source-AFI IT-AFI Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data 25
LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Source-AFI Nonce IT-AFI Number of records in map-request andom in request, copied in reply LOC of the IT sending the map-request message Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data 25
LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Source-AFI Nonce IT-AFI Number of records in map-request andom in request, copied in reply LOC of the IT sending the map-request message Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data mask length of EID prefix 25
LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Source-AFI Nonce IT-AFI Number of records in map-request andom in request, copied in reply LOC of the IT sending the map-request message Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data AFI of the requested mapping mask length of EID prefix 25
LISP mapping messages Sent over UDP destination port 4342 source port random Map-request message 1 Flags eserved ec.# Source-AFI Nonce IT-AFI Number of records in map-request andom in request, copied in reply LOC of the IT sending the map-request message Source-EID Address Originating IT LOC es. masklen AFI EID-prefix Mapping protocol data EID prefix for which the mapping is requested AFI of the requested mapping mask length of EID prefix 25
LISP mapping messages Map-reply message format sent over UDP E C O D 2 eserved ec.# Nonce ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data 26
LISP mapping messages Copied from Mapequest Map-reply message format sent over UDP 2 eserved ec.# Nonce E C O D ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data 26
LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest 2 eserved ec.# Nonce E C O D ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data 26
LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest 2 eserved ec.# Nonce Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides E C O D ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data 26
LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest E C O D 2 eserved ec.# Nonce ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides Authoritative or not 26
LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest E C O D 2 eserved ec.# Nonce ecord TTL Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides Authoritative or not Priority : LOCs with lower priority are preferred. If several have same priority, load balance among them Weight : percentage of traffic to this LOC when load balancing is active 26
LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest 2 eserved ec.# Nonce ecord TTL Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides Authoritative or not Is record is reachable from responderʼs viewpoint? E C O D Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data Priority : LOCs with lower priority are preferred. If several have same priority, load balance among them Weight : percentage of traffic to this LOC when load balancing is active 26
LISP mapping messages Map-reply message format sent over UDP Number of records in map-reply Copied from Mapequest 2 eserved ec.# Nonce ecord TTL Lifetime of record ( min. ) 0: remove from cache 0xffffffff: receiver decides Authoritative or not Is record is reachable from responderʼs viewpoint? E C O D Loc. # masklen A eserved eserved EID - AFI EID prefix Prio Weight MPrio MWeight Unused flags Loc-AFI Locator Mapping protocol data Priority : LOCs with lower priority are preferred. If several have same priority, load balance among them Weight : percentage of traffic to this LOC when load balancing is active Used for Multicast 26
How to control incoming traffic? LISP site can control incoming traffic with Weight and Priority 3.2.1.1 A 0100: DD::8765/48 A primary, C backup Mapping for 0100:DD::/48 LOC 3.2.1.1, prio=1, weight=100 LOC 2.1.1.1, prio=99, weight=100 C 2.1.1.1 27
How to control incoming traffic? LISP site can control incoming traffic with Weight and Priority 3.2.1.1 A 0100: DD::8765/48 A primary, C backup Mapping for 0100:DD::/48 LOC 3.2.1.1, prio=1, weight=100 LOC 2.1.1.1, prio=99, weight=100 C 2.1.1.1 A 30%, C 70% Mapping for 0100:DD::/48 LOC 3.2.1.1, prio=1, weight=30 LOC 2.1.1.1, prio=1, weight=70 LISP IT will load balance layer 4 flows by using hash as in ECMP 27
Pull-based mapping systems LISP-ALT Built with an overlay composed of GE tunnels between LISP xts with BGP Solution implemented by Cisco and chosen by LISP WG LISP-DHT Mapping information is stored in a distributed hash table that is queried by ITs LISP-CONS New mapping protocol proposed earlier in WG... 28
LISP ALT A mapping mechanism that relies on an alternate topology to distribute mapping requests to mapping servers LISP IT routers sending mapping request messages to ALT routers ALT routers forward those mapping messages between themselves on an overlay topology built by using GE tunnels 29
LISP ALT (2) A2 EID:100.22.0.0/16 A4 A5 A1 A3 A9 EID:100.0.0.0/16 EID:99.99.0.0/16 30
LISP ALT (2) A2 is authoritative for EID prefix 100.22.0.0/16 A2 EID:100.22.0.0/16 A4 A5 A1 A3 A9 EID:100.0.0.0/16 EID:99.99.0.0/16 30
LISP ALT (2) A2 is authoritative for EID prefix 100.22.0.0/16 A2 BGP 100.22.0.0/16 via A2 EID:100.22.0.0/16 A4 A5 A1 BGP 100.0.0.0/16 via A1 A3 A9 EID:100.0.0.0/16 EID:99.99.0.0/16 30
LISP ALT (2) A2 is authoritative for EID prefix 100.22.0.0/16 A4 aggregates and advertises 100.0.0.0/8 over ALT overlay EID:100.22.0.0/16 A2 BGP 100.22.0.0/16 via A2 A5 A4 BGP 100.0.0.0/8 via A4 A1 BGP 100.0.0.0/16 via A1 A3 A9 EID:100.0.0.0/16 EID:99.99.0.0/16 30
LISP ALT (2) A2 is authoritative for EID prefix 100.22.0.0/16 A4 aggregates and advertises 100.0.0.0/8 over ALT overlay EID:100.22.0.0/16 A2 BGP 100.22.0.0/16 via A2 A5 A4 BGP 100.0.0.0/8 via A4 EID:100.0.0.0/16 A1 BGP 100.0.0.0/16 via A1 A3 BGP 0.0.0.0/0 via A3 A9 EID:99.99.0.0/16 30
LISP - ALT : Example A2 EID:100.22.0.0/16 A4 A5 A1 1 A3 A9 9 EID:100.0.0.0/16 EID:99.99.0.0/16 31
LISP - ALT : Example A2 EID:100.22.0.0/16 A4 A5 A1 1 A3 A9 9 EID:100.0.0.0/16 Src: 100.0.0.1 Dst: 99.99.12.1 EID:99.99.0.0/16 31
LISP - ALT : Example A2 EID:100.22.0.0/16 A4 A5 A1 1 Map request From 1 99.99.12.1? A3 A9 9 EID:100.0.0.0/16 Src: 100.0.0.1 Dst: 99.99.12.1 EID:99.99.0.0/16 31
LISP - ALT : Example A2 EID:100.22.0.0/16 A4 A5 EID:100.0.0.0/16 A1 1 Src: 100.0.0.1 Dst: 99.99.12.1 A3 Map request From 1 99.99.12.1? A9 9 EID:99.99.0.0/16 31
LISP - ALT : Example A2 EID:100.22.0.0/16 A4 A5 Src: 9 Dst:1 Map reply 99.99.0.0/16:9 EID:100.0.0.0/16 A1 1 Src: 100.0.0.1 Dst: 99.99.12.1 A3 Map request From 1 99.99.12.1? A9 9 EID:99.99.0.0/16 31
LISP - ALT : Example A2 EID:100.22.0.0/16 A4 A5 EID:100.0.0.0/16 A1 1 Src: 9 Dst:1 Map reply 99.99.0.0/16:9 Src: 100.0.0.1 Dst: 99.99.12.1 A3 Map request From 1 99.99.12.1? A9 9 EID:99.99.0.0/16 31
LISP - ALT : Example A2 EID:100.22.0.0/16 1 inserts 99.99.0.0/16=9 in its cache EID:100.0.0.0/16 A1 1 Src: 9 Dst:1 Map reply 99.99.0.0/16:9 Src: 100.0.0.1 Dst: 99.99.12.1 A4 A3 A5 Map request From 1 99.99.12.1? A9 9 EID:99.99.0.0/16 31
LISP - ALT : Example EID:100.22.0.0/16 1 inserts 99.99.0.0/16=9 in its cache EID:100.0.0.0/16 A1 1 A2 Src: 9 Dst:1 Map reply 99.99.0.0/16:9 Src: 100.0.0.1 Dst: 99.99.12.1 A4 A3 A5 Map request From 1 99.99.12.1? A9 9 EID:99.99.0.0/16 The first packet can be sent over ALT topology with mapping request to reduce its delay 31
Issues with ALT Complex system with tunnels, BGP protocol (no discussion about policies),... Still relies on lots of error-prone manual configuration Scalability will depend on whether aggregation will be possible If mapping requests are lost due to congestion, difficult to diagnose the problem or send them via another path Security needs to be studied 32
The reachability problem in todayʼs Internet ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 4 2 AS2 2.0.0.0/8 IT1 In todayʼs Internet, routing protocols converge after a link failure to ensure that multihomed prefixes such as e remain reachable 33
The reachability problem in a LISP-based Internet ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 4 2 AS2 2.0.0.0/8 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 34
The reachability problem in a LISP-based Internet ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 4 2 AS2 2.0.0.0/8 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 Upon failure of ET1-3, AS2 continues to advertise 2.0.0.0/8 as reachable to IT1 via BGP How can IT1 notice that ET1 is down and that it should use only ET2 (2.1.1.9) to reach prefix e? 34
Solving the reachability problem with the reachability bits ET1 e/48 ET2 IP UDP LISP 2.1.1.1 2.7.7.7 1100000000000..00000 3 1 2.1.1.1 2.1.1.9 4 2 AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 1100000000000..00000 IP UDP LISP 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 35
Solving the reachability problem with the reachability bits ET1 e/48 ET2 3 1 2.1.1.1 2.1.1.9 4 2 AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 1100000000000..00000 IP UDP LISP 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 35
Solving the reachability problem with the reachability bits ET1 e/48 ET2 3 1 2.1.1.1 2.1.1.9 4 2 AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 1100000000000..00000 IP UDP LISP 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 When ET1 fails, it removes its default route from OSPF ET2 notices the failure and informs all ITs to which it is sending LISP encapsulated packets by setting the reachability bit of ET1 to 0 35
Solving the reachability problem with the reachability bits ET1 e/48 ET2 3 1 2.1.1.1 2.1.1.9 4 2 AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 0100000000000..00000 1100000000000..00000 IP UDP LISP 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 When ET1 fails, it removes its default route from OSPF ET2 notices the failure and informs all ITs to which it is sending LISP encapsulated packets by setting the reachability bit of ET1 to 0 35
Solving the reachability problem with the SM bits ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 4 2 AS2 2.0.0.0/8 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36
Solving the reachability problem with the SM bits ET1 e/48 ET2 3 1 2.1.1.1 2.1.1.9 4 2 AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 0100000000000..00000 S 1234 IP UDP LISP 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36
Solving the reachability problem with the SM bits ET1 e/48 ET2 Mapequest 1234 2.7.7.7 48 IPv6 e IPv4-AFI 3 1 2.1.1.1 2.1.1.9 4 2 AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 0100000000000..00000 S 1234 IP UDP LISP 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36
Solving the reachability problem with the SM bits ET1 e/48 ET2 Mapequest 1234 2.7.7.7 48 IPv6 e IPv4-AFI 3 1 2.1.1.1 2.1.1.9 2.7.7.7 IT1 4 2 AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 0100000000000..00000 S 1234 Mapeply Nonce=1234 e/48 via 2.1.1.9 Mapping e/48 via 2.1.1.1 and 2.1.1.9 IP UDP LISP ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36
Solving the reachability problem with the SM bits ET1 e/48 ET2 Mapequest 1234 2.7.7.7 48 IPv6 e IPv4-AFI 3 1 2.1.1.1 2.1.1.9 2.7.7.7 IT1 4 2 AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 0100000000000..00000 S 1234 Mapeply Nonce=1234 e/48 via 2.1.1.9 Mapping e/48 via 2.1.1.9 IP UDP LISP ET1-3 has been decommissioned and ET2 wants to force IT1 to update its mapping 36
Partial reachability problems ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 4 2 AS2 2.0.0.0/8 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 37
Partial reachability problems ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 4 2 AS2 2.0.0.0/8 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37
Partial reachability problems ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 2.7.7.7 IT1 4 2 AS2 2.0.0.0/8 IP UDP Mapping LISP 2.7.7.7 2.1.1.9 1000000000000..00000 E 5678 e/48 via 2.1.1.1 and 2.1.1.9 ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37
Partial reachability problems ET1 3 1 e/48 ET2 2.1.1.1 2.1.1.9 4 2 AS2 2.0.0.0/8 IP UDP LISP 2.7.7.7 2.1.1.9 1000000000000..00000 E 5678 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37
Partial reachability problems ET1 3 1 e/48 ET2 2.1.1.1 2.1.1.9 4 2 IP UDP LISP AS2 2.0.0.0/8 2.1.1.9 2.7.7.7 1000000000000..00000 0 5678 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37
Partial reachability problems ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 2.7.7.7 IT1 4 2 AS2 IP 2.0.0.0/8 UDP LISP Mapping 2.1.1.9 2.7.7.7 1000000000000..00000 0 5678 e/48 via 2.1.1.1 and 2.1.1.9 ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37
Partial reachability problems ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 4 2 AS2 2.0.0.0/8 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37
Partial reachability problems ET1 e/48 ET2 2.1.1.1 2.1.1.9 IP UDP LISP 2.7.7.7 2.1.1.9 1000000000000..00000 E 5678 3 1 4 2 AS2 2.0.0.0/8 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37
Partial reachability problems ET1 e/48 ET2 2.1.1.1 2.1.1.9 3 1 4 2 AS2 2.0.0.0/8 IP UDP LISP 2.1.1.9 2.7.7.7 1000000000000..00000 0 0 2.7.7.7 IT1 Mapping e/48 via 2.1.1.1 and 2.1.1.9 ET1 is up and sends packets, but packets sent by IT1 do not reach ET1 How can IT1 detect this problem? 37
An evaluation of the cost of using LISP mappings Full Netflow (v7) on border router 1 Gigabit link to Belnet ~10000 users (/16 prefix block) Analysis: flow-tools + custom software /BGP Granularity of mappings iplane data set Source : Iannone, L. and Bonaventure, O. 2007. On the cost Evolution-Internet-Architecture/2008/ 38 of caching locator/id mappings. In Proceedings of the 2007 ACM CoNEXT Conference L. Iannone, 2007 38
Correspondent Prefixes 12000 Incoming Flows Correspondent Prefixes/Minute 10000 8000 6000 4000 Outgoing Flows Union 2000 00 02 04 06 08 10 12 14 16 18 20 22 24 Hour Daily eport (Per-Minute Granularity) Evolution-Internet-Architecture/2008/ 39 L. Iannone, 2007 39
Mappingsʼ Cache Size 110000 100000 90000 Number of Entries 80000 70000 60000 50000 40000 30000 20000 10000 0 00h 3 Min Timeout 30 Min Timeout 300 Min Timeout 12h 24h Evolution-Internet-Architecture/2008/ 40 L. Iannone, 2007 40
Hit atio - Full PULL Model 100 98 Hit atio (%) 96 94 92 90 00h 3 Min Timeout 30 Min Timeout 300 Min Timeout Evolution-Internet-Architecture/2008/ 41 12h 24h L. Iannone, 2007 41
Traffic Volume per Entry 1 0.995 0.99 0.985 0.98 CDF 0.975 0.97 0.965 0.96 0.955 1 10 100 1000 10000 100000 Mbytes 3 Min Timeout 30 Min Timeout 300 Min Timeout Evolution-Internet-Architecture/2008/ 42 L. Iannone, 2007 42
Lookups - PULL Model 3 min timeout Timeout Period 1 LOC 2 LOCs 3 LOCs 3 min. Night 4 kbps 4.9 kbps 5.7 kbps Day 24.4 kpbs 29.2 kbps 34 kbps 30 min. Night 0.814 kbps 0.974 kbps 1.14 kbps Day 8.2 kbps 9.7 kbps 11.3 kbps 300 min. Night 0.041 kbps 0.049 kbps 0.057 kbps Day 2.36 kbps 2.82 kbps 3.29 kbps Evolution-Internet-Architecture/2008/ 43 L. Iannone, 2007 43
LISP challenges How to securely map one identifier onto the corresponding locators? (too) many proposals security not addressed convincingly scalability and performance are concerns How to deal with mobile hosts? Some discussions have started Is there enough incentive for edge networks to deploy this solution while they donʼt suffer from the cost of huge BGP routing tables? Other work within LISP WG Multicast LISP LISP Interworking 44
eferences LISP Working group http://tools.ietf.org/wg/lisp/ Farinacci, D., et al., Locator/ID Separation Protocol (LISP), draft-ietf-lisp-02, 2009 Farinacci, D., et al., LISP Alternative Topology (LISP-ALT), draft-ietf-lisp-alt-02, 2009... Implementations http://www.lisp4.net http://inl.info.ucl.ac.be/software/openlisp Papers D. Meyer, The Locator/Identifier Separation Protocol, Internet Protocol Journal, L. Iannone et al., On the cost of caching locator/id mappings. CoNEXT 2007 L. Iannone, L. Mathy, LISP-DHT, earch2008 45