Executive Panel : LISP Customers Discuss Modern Network Solutions

Executive Panel : LISP Customers Discuss Modern Network SolutionsPNLRST-2020

Fabio Maino, Distinguished Engineer, LISP Team

Colin Kincaid, Vice President, NOSTG Marketing & Architecture

© 2014 Cisco and/or its affiliates. All rights reserved.PNLRST-2020 Cisco Public

Executive Panel : LISP Customers Discuss Modern Network Solutions

3

Introduction Fabio Maino

LISP Perspectives Colin Kincaid

Customer Use Case :: Cisco IT Khalid Jawaid

Customer Use Case :: IBM Chris Williams

Customer Use Case :: Etat du Valais Christian Quenzer

Customer Use Case :: AVM GmbH Eric van Uden

Questions/Answers ALL

Closing Words Fabio Maino

LISP IntroductionFabio Maino, Distinguished EngineerLISP Team


Introduction

LISP has come a long way since 2006 IETF…– when a small group of Cisco engineers started the design of a protocol for

identity/location separation

8 IETFs RFCs published during 2013 (RFC 6830-6836, RFC 7052)– IETF LISP WG now focusing on LISP use cases

Most importantly we have very significant customer deployments– Enterprise and Service Provider space– Use cases: Internet VPNs, Multi-homing, IPv6 Transition, Data Center Host

Mobility

LISP Update

5


Introduction

LISP is a transformative technology– LISP adds significant new capabilities and reduces complexities!

LISP deployments are now moving beyond ‘early adopters’– Large number of customers deploying LISP in production– Large scale of LISP deployments and wide diversity of LISP deployments– Commitment to and reliance on LISP

LISP engages a broad range of new participation in networking– Open standard, control plane/data plane separation enables…

Universities and researchers to experiment on new and novel designs Easy and effective Integration with software defined networking initiatives Open source code implementations and wide hardware/device support

What have we learned so far?

6


Use Cases: Internet Based VPN

IP based, transport independent VPN solution

Support for multi-tenancy and security

Global mobility Minimal infrastructure

disruption

Today’s Testimonial– Etat du Valais: Christian Quenzer

7

IP Network

WestDC

LISP Site

Legacy Site Legacy Site Legacy Site

East DC

PxTR

MappingDB


Use Cases: BGP-free Multi-homing

Multi-provider connectivity and policy without BGP complexity

OpEx-friendly multi-homing across different providers

Simple Policy Management Ingress/Egress Traffic

Engineering

Today’s Testimonial– AVM GmbH: Eric van Uden

8

LISProuters

LISPSite

Internet


Use Cases: IPv6 Transition

Rapid deployment of IPv6 over IPv4– Or IPv4 over IPv6

Accelerates IPv6 adoption Minimal added

configurations No core network changes

Today’s Testimonial– Cisco IT: Khalid Jawaid– AVM GmbH: Eric van Uden

9

IPv4 CoreIPv4

Enterprise Core

v6v4

v6

V6IPv4 Enterprise

Core

v6

xTRV6

xTR


Use Cases: Host Mobility

Host mobility for Data Center applications– DC Migration– Disaster Recovery– Hybrid Cloud Extension

Integrated mobility, inbound routing optimization, OTV integration

Today’s Testimonial– IBM: Chris Williams

Data Center 1

Data Center 2

a.b.c.1VM

a.b.c.1VM

VM move

LISProuters

LISProuters

Internet

10



11









LISP PerspectivesColin Kincaid, Vice President NOSTG Marketing & Architecture


LISP Perspective

NOSTG is a central innovation engine for CISCO– Supports the core of the LISP HIP team (engineering + marketing)

With LISP, Cisco is innovating at the cutting edge of technology providing– An open, scalable architecture for network virtualization– Easy to deploy– Focused on simplifying network operations

LISP and Cisco

13


LISP PerspectivePlatforms supporting LISP (Cisco and Open Source)

14


LISP Perspective

Cisco is strongly committed to LISP technologyFuture work is focused on:

– Integration with SDN (OpenDayLight LISP project) – Data Center and Hybrid Cloud Extension– Campus Architecture

Support to Customers with existing and new use cases

Future Work

15



16









LISP @Cisco IT

As a Member of Technical Staff at Cisco Systems, Khalid Jawaid is the Lead Design Engineer for IPv6 integration/deployment across Cisco and the EON project (Cisco IT's SDN Initiative). Double CCIE certified and experienced in routing and switching technologies and WAN design, Khalid has been at Cisco for the last 13 years and worked with multiple technologies across TAC, Cisco Services and Cisco IT.

• Khalid Jawaid• Member of the Technical Staff, Cisco IT

© 2014 Cisco and/or its affiliates. All rights reserved.PNLRST-2020 Cisco Public 19

Introducing CiscoThe Global Cisco Family

369 locations in 90 countries 450+ buildings 51 data centers and

server rooms 1500+ labs world wide

(500+ in San Jose)

66,000+ Employees 20,000 Channel Partners 110+ Application

Service Providers 210+ Business and Support

Development Partners

Over 180,000 people around the world in the extended Cisco family

Estimated Numbers


Cisco IT LISP Use-caseIPv6 Transition Support

20

IPv6 Deployment strategy

Dual stack

Overlay

Long term plan that absorbs cost in established lifecycle process

Have a quick and scalable solution in hand to relieve delivery pressure

IPv6 deployment challenges

Financial investment required Migration to L2 VPN

Anycast ISATAP Manual 6in4 Tunnel

Business Impact

Next-Generation overlay architectureLocator/ID Separation Protocol

IPv4 only WAN BackboneL3 MPLS VPN

Day-1 tunneling techniques do not scale very well

Delayed deployment of IPv6

affects product development/testing

and IPv6 adoption.


Why LISP ?

Anycast ISATAP

End-Client centric solutionSupport challenge

Manual 6in4 tunnels

Configuration overheadPerformance impact (Hub & Spoke)

Locator/ID Separation Protocol

Configuration & Troubleshooting simplicityAny-to-any traffic flows

IPv4 exit-strategy (IPv4 over IPv6)New capabilities (Mobility, Virtualization)

DMVPN

Potential routing challenges when multi-homingScalability concerns

Any-to-any traffic flows

Day-1 tunneling techniques Next-Generation overlay


Mapping SystemProxy Tunnel Router

ASR1006

EMEAR LISP IPv6 Deployment overview

Cisco Managed CE Map-Resolver, Map-Server, Proxy Ingress/Egress Tunnel Router

Cisco Managed CE Ingress/Egress Tunnel Router

IPSEC VPN Tunnel head-end

From an interim to permanent solution ?

“LISP allows us to postpone some of our WAN migrations in locations where services are not

available or cost inefficient “

Tunnel RouterASR 1006 & ISR 3945

London Amsterdam

Carrier ManagedL3VPN MPLS

Internet

Load Sharing Primary/Backup Primary/Backup

Cisco Enterprise Backbone NetworkDC Internet

DC

DC

DS3DS3 DS3 E1 E1 BB

Dual Stack

Dual Stack

Geographically diverseStandalone / Self-managed

Primary / Backup PxTR

Default Route / HSRPv6 to attract trafficLoad sharing defined by WAN topology

Liveliness features

RLOC route-loss detectionRLOC probing

Locator Status Bits (LSB)Solicited Map-Request (SMR)

LISP IPv6 in IPv4

Cisco Remote Offices

IPv4 Only


Deployment Status

Istanbul(Turkey)

Pilot Deployment(Completed September 2013)

Accelerated Deployment(Completed November 2013)

General Deployment(Target completion May 2014)

Greenpark(UK)

Galway(Ireland)

Munich(Germany)

Vimercatie(Italy)

Moscow(Russia)

Dubai(UAE)

80+ Remote Offices7000+ end-users

3 Engineering Data Centers

Target = IPv6 configuration automation via scripts !

LISP is the easy part !

1700 end-users1300 IPv6 endpoints+ 30 Mbps IPv6 peak BW0 LISP related cases opened !!!

Internal LISP Design(Guidelines, Cut-sheet, test plan)

Resource training(Configuration & Troubleshooting)

Implementation(Test plan execution and monitoring)

Operational support

In numbers …


Lesson learned

Network convergence Minor routing architecture changes required to match IPv4 convergence SLA RLOC route-down detection provides fastest convergence (/32 Prefix leakage) RLOC Probing detects all other failures

MTU handling Only stateful fragmentation (pMTU) supported as per IPv6 best practices Previous overlay solutions provided stateful fragmentation Our LISP implementation uncovered some pMTU support problems

Feature Support Most exciting capabilities/enhancements included in more recent versions of code


Potential use-cases Data-Center VM MobilityClient IP Portability & Disaster RecoveryTraffic engineering (SDN/OnePK)

Cisco IT LISP Strategy

Evaluate Learn Explore

http://www.google.be/url?sa=i&rct=j&q=evaluate&source=images&cd=&cad=rja&docid=J59SJBpcnLXyUM&tbnid=ce7rQ0GYXnKERM:&ved=0CAUQjRw&url=http://ec.europa.eu/enterprise/e-bsn/ebusiness-solutions-guide/selectLanguage.do?languageId=2&forwardPage&ei=w3zdUeiEDJDwhQfv5oHwBQ&bvm=bv.48705608,d.ZG4&psig=AFQjCNHSoh4zzKEfyqTa8W_fXrogqodcrQ&ust=1373556283942422

http://www.google.be/url?sa=i&rct=j&q=learn&source=images&cd=&cad=rja&docid=556Hd6FCtP50VM&tbnid=l8hoA3mT965w9M:&ved=0CAUQjRw&url=http://www.speakoutitalian.com/2012/08/13/how-to-learn-italian-fast/&ei=5XzdUcWQFY6JhQfh4oAQ&bvm=bv.48705608,d.ZG4&psig=AFQjCNFhrSSc4uPsgZXmc3qPX3P1tVtIlQ&ust=1373556314016759


Conclusion

Big wins for Cisco IT

– Accelerated EMEAR IPv6 deployment within 6-9 months– More time to explore most cost-efficient WAN backbone replacement– Supported on existing WAN Edge platforms – no capital investment– Easy to deploy … It just works !– Relatively low risk learning experience for future use-cases

THANKS to the LISP-Support for the guidance and great customer focus !



27









LISP @IBM

• Chris Williams• Infrastructure Architect/Network Architect CEng (MIET), IBM

Chris enjoyed a successful career with IBM spanning 21 years. His notable achievements include the role of chief architect for IBM on the multi-million dollar Lloyds TSB converged IP network, and conceiving and developing IBM’s global secure network infrastructure connecting its outsourcing clients to IBM Global Services. Chris now works as an independent consultant, and more recently at IBM, working on a data centre and network migration.

PIC


IBM and RSA

International Business Machines Corporation. Founded 1911. Headquarters in Armonk, New York. Multinational technology, consulting and hosting corporation.

Royal and Sun Alliance, Founded 1710. Headquartered in London. Operating in 32 countries. 17 million customers in 140 countries . Listed on the London Stock Exchange and FTSE 100 Index.

In 2001, IBM and RSA signed the first IT services agreement for IBM to manage and support the IT infrastructure and provide end-to-end service integration across all of the third party technology suppliers.

Company Overviews

30


Data Centre Migration Challenges for IBM

To reduce the time it takes to migrate servers or applications from:– a customers data centre to an IBM data centre– an ‘inherited’ data centre to an IBM strategic data centre– within a data centre, from a legacy to a new environment (our challenge here)

Competitors who can perform a faster migration can offer a lower price to the customer and have higher margins.

Traditional migration approaches all have limitations:– Application migration– Physical move– Whole DC ‘Big Bang’ migration

Why this is an issue

31


DC Migration without IP mobility / IP Retention Application Migration – Complexity of Ensuring Interfaces are Maintained

32

Move application to new DC requires change of IP address and hostname

Takes longer to start moving servers due to data gathering / documentation of legacy application interfaces

Risk – has an interface been overlooked?


DC Migration without IP mobility / IP Retention Application Migration – Complexity of Ensuring Interfaces are Maintained

33

Complexity of ensuring interfaces are maintained - affects even non-moved / non-migrated systems

DNS may not always help with legacy hard coded applications

Applications local and remote may need to be amended

Firewalls need to be amended

Risk - Can you be sure you have the complete picture?


DC Migration without IP mobility / IP Retention What is the traditional approach?

34

Move a server (physical move or virtual migration) and keep the IP Address and Hostname

Should be simpler process – Is this true?


DC Migration without IP mobility / IP Retention Affinity Groups

35

Move requires understanding of server VLAN cross-patching / affinity groups if smaller units of servers to be migrated in one event

Subnet A Subnet B Subnet C


DC Migration without IP mobility / IP Retention Affinity Groups

36

Move requires understanding of server VLAN cross-patching / affinity groups if smaller units of servers to be migrated in one event

Subnet A Subnet B Subnet C


DC Migration – Server Physical Move Physical Move of Affinity Groups – The Reality

37

Physically move the server and patch into new infrastructure: Takes longer to start moving servers due to data gathering and

understanding of virtual server network interfaces. Requires understanding of server VLAN cross-patching & affinity

groups if smaller units of servers to be migrated in one event Conflicting VLAN numbering in switch blocks – virtual server

VLAN re-configuration required during migration event Risk – has a server or VLAN cross connection been overlooked? Server virtualisation / platform refresh is a follow on project


DC Migration – Big BangEvery Server Migrated in Single Migration Event (Physical Move or Re-build)

38

Without a solution that enables IP mobility with IP Retention for each server then ‘Big Bang’ approach implies:

Years in Planning - takes longer to start moving servers due to data gathering and move planning

Longer storage migration cycle that requires keeping a large data set in synch over WAN (or other methods)

High risk / large service outage during migration event Cast of thousands / large workforce required


DC Migration with IP mobility / IP Retention Using LISP

39

We need a way to move servers with IP mobility and removing affinity group constraints of traditional approach:

Move a server (physical or virtual) and keep the IP Address and Hostname

Should be simpler process – Is this true using LISP?


LISP Implementation ModelsWe Used Model 3

40

Model 1 – To use this method, would require every location to have its site WAN routers involved in the LISP ‘cloud’

Model 2 – Located at a pinch point in the network

Model 3 – The model we intend to use - Link is across the machine room floor in our case


The Migration ScopeLegacy DC to New Infrastructure – Same Location

41


LISP InfrastructureCross Machine Room Links – ASR1002 Routers

42


LISP Server MigrationInitial State

43


LISP Server MigrationIntermediate State – Some Servers Migrated

44


LISP Server MigrationServers Migrated

45


LISP Server MigrationServers Migrated – HSRP Cut-Over

46

Migration Steps: New DC aggregation router interface enabled & added to HRSP group HSRP priority raised - ‘active’ router becomes New DC aggregation router Routes injected into New DC OSPF & removed from legacy Remove HSRP configuration on the MR-MS LISP router i/f for fully migrated subnet


LISP Server MigrationEnd State – Servers Migrated & Cut-Over to New DC Complete

47


Why Choose LISPWhy not use other Layer 2 LAN extension methods?

48

We looked at but rejected: IRB (Integrated Route Bridging) VPLS (Virtual Private LAN Service) over MPLSThere are two viable candidate technologies. They are: OTV (Overlay Transport Virtualization) LISP (Locator Identifier Separation Protocol)Our Preferred Method is LISP Because it’s a safer interconnection method. It protects against broadcast

storms and spanning tree issues Non-disruptive Layer 3 connection to existing live data centre's Works with all server types – physical/virtual/x86/P-Series/Mainframe

Cisco Services – How They Helped Us


Cisco Professional ServicesData Centre Replica – Cisco Lab Reading UK

50

Replica data centre - same hardware & code levels

LISP infrastructure - 4x Cisco AS1002’s

Comprehensive suite of LISP function & performance tests

129Mb test report !

LISP configurations created

Post implementation support



51









LISP @Etat du Valais


State of Valais

One of the 26 states forming Switzerland.

Composed of government, administration, police and justice.

5’000 employees. Serves more than 320’000

inhabitants. Most offices are located in seven

major cities.

General Facts

53


State of Valais

One of the 26 states forming Switzerland.

Composed of government, administration, police and justice.

5’000 employees. Serves more than 320’000

inhabitants. Most offices are located in seven

major cities.

General Facts

54


State of Valais

7 POPs, one in each of the main cities.– 200 buildings– 800 network devices– 5’000 IP Phones / 1’000 TDM Phones

Operate a dedicated MPLS backbone build on dark fiber. 90 % of the links are build with dark fiber.

– 300 km of dark fibers

10 % of the links are build with leased line or leased L3 services.

About the Network

55

EXISTING TOPOLOGIES


Existing TopologyConnecting the Police’s Offices

57

Voice

DataInternet

Voice gateway with SRST

Leased L3 VPNAll routers are outsourced

Provider AIPv4

PSTN

Transport– P-to-P IPSec tunnel for

“blue” VRF.– Juniper SSG on both

sides.

Sites– 12 remote locations.– 2 VRFs.– IP Phones register to

central CUCM.– Voice call goes through

PSTN.– SRST for some phones.– Single-homed

CUCM Cluster


Existing TopologyConnecting the Administration's Offices

58

Voice

DataInternet

Voice gateway with CUCME

Multiple leased L3 VPN

Provider BIPv4

PSTN

Transport– DMVP.– GRE tunnels with IPSec.– Nothing

Sites– 20 remote locations.– 0-1-2 VRFs.– CUCM Express– IP Phones register to

local CUCME.– Voice call goes through

PSTN.– Single-homed

CUCM Cluster


Existing TopologyPutting All Together

59

Voice

DataInternet

Provider BIPv4

Provider AIPv4

PSTN

Multiple leased L3 VPN

Voice gateway with CUCME

Voice gateway with SRST

Leased L3 VPNAll routers are outsourced CUCM Cluster


Existing Topology

It’s a complex solution DMVPN, encrypted GRE tunnel There must be at least one voice gateway and one PSTN access on the remote

sites for telephony. Require lots of configuration whether to add a new site or a new VRF

also require modification on the provider side in each case. Absolutely not scalable whether at site level or at VRF level. Lots of centrally hosted services are not available to the remote sites

– CUCM, Unity and UCCE.– Radio network.

Unable to deploy IPv6 to the sites.

Limitations

60

THE LISP PROJECT


Goals of the LISP Project

Should be able to replace all existing solutions. One leased L3 VPN will be used to interconnect all the existing sites. This leased L3 VPN will be put in production in parallel to the actual. We should be able to migrate every site independently and one after the other. Our networks should be totally isolated from the leased L3 VPN. Changes to our networks should be transparent for the provider. QoS should be implemented and enforced by the provider on the leased L3

VPN

Provider’s network

62


Goals of the LISP Project

All centrally hosted services should be available to all the remote sites. No more voice gateway and/or PSTN access on the sites. All IP Phones should register to the corporate CUCM cluster. All external voice calls should goes through the centralized PSTN access. Voice and radio traffic must be prioritized. Each remote site will have at least 8 VRFs implemented. Encryption must be possible, if needed, at VRF level.

Ours networks

63


LISP TopologyProvider’s network

64

Site 1

Headquarters

Provider AIPv4

HQ– Multihomed, two CPE.– One provider.

Sites– Single-home, one CPE.– BW between1 and 8 Mb/s.– Same provider on every site.


LISP TopologyUser’s VRFs

65

Headquarters

Site 3

Site 1

Site 2

Internet

Provider AIPv4


Headquarters

Site 3

Site 1

Site 2


66

Internet

Provider AIPv4

HQ– Has lots of networks in each of

VRF.– Some networks are /16.– Gives access to the Internet .– Hosts 3 DCs.


Headquarters

Site 3

Site 1

Site 2


67

Internet

Provider AIPv4

Sites– Have 1-2 networks in each VRF.– Some networks are /24 but most

are smaller.– Have Loopback interfaces in

each VRF.


Headquarters

Site 3

Site 1

Site 2


68

Internet

Provider AIPv4

HQ RTR acts as– Map Server.– Map Resolver.– PxTR


Headquarters

Site 3

Site 1

Site 2


69

Internet

Provider AIPv4

Site RTR – acts as xTR– use PxTR at HQ– use MS/MR at HQ


Headquarters

Site 3

Site 1

Site 2

LISP TopologyAdding GETVPN

70

Internet

Provider AIPv4


Headquarters

Site 3

Site 1

Site 2


71

Internet

Provider AIPv4

HQ RTR acts as– Map Server.– Map Resolver.– xTR


Headquarters

Site 3

Site 1

Site 2


72

Internet

Provider AIPv4

Site RTR – acts as xTR– use MS/MR at HQ


LISP Topology

The “orange” VRF is only used to connect the LISP routers to the Key Servers. We defined only one Loopback per site in the “orange” VRF. Internet Key Exchange (IKE) Phase 1 use “Pre-shared” key for authentication. The “orange” VRF is not encrypted. Voice traffic is not encrypted by GETVPN, this has to be done directly by the

phones.

Adding GETVPN

73

NTP can be your main concern

Conclusions


Why LISP

LISP was easy to deploy and has a great supporting team. LISP worked out of the box. It’s easy to add encryption on a VRF basis (GETVPN). The configurations on each remote site are the same

only the provider’s link has to be adapted. It’s very easy to add new sites with minimal configuration on the HQ side. IPv6 can be pushed to the sites with the current implementation

no change on the provider’s side. We are totally isolated from the provider’s network.

Key Facts

75


Next steps

Multiple service providers disjoined RLOC-space. Using the Internet as an “SP” to deploy very small sites. Using LISP to solve the north-south routing optimization in the case of VM-

mobility between DC.

CY2014

76



77









LISP @AVM GmbH

• Eric van Uden• Country Manager, AVM GmbH

Currently Country Manager at AVM. Experience in the data and telecommunications sector since the early1990s. Specialized in remote access projects with ISDN, GSM and VPN for several international customers. At AVM, Eric is responsible for sales in the Dutch market. He launched IPv6 with customer XS4ALL to the Dutch consumer market and is a member of the Dutch IPv6 Taskforce. Looking forward to commercial use of LISP with AVM products.


About AVMAVM is a Berlin-based communications specialist that develops and manufactures products for your broadband connection. The company has received numerous awards for its innovative FRITZ!Box family.

FRITZ! offers fast Internet access, easy networking, convenient telephony and versatile multimedia applications.


Overview

Founded 1986 in Berlin Management formed by

shareholders Fiscal 2012

Worldwide productionwith focus on Germany

- EUR 250 million in revenue- 420 employees


What sets AVM apart

Proximity to our core markets (EU and D) Continuous innovations In-house developments – made in Berlin Speed – time to market


What is a FRITZ!Box?

83

A router for the Smart Home or Office Models for DSL,LTE or Cable WLAN AC + N with 1300 Mbit/s (5 GHz) and 450 Mbit/s (2.4 GHz)

simultaneously Telephone system (ISDN, analog, IP) with DECT base station,

answering machine and faxing


Why LISP at AVM?

84

• Request for multiple WAN, Aggregation of multiple links• To speed up IPv6 implementation• Request for cooperation from CISCO LISP Team


LISP in the FRITZ!Box, IPv6

LISP: Locator / Identifier Separator Protocol Idea: address space of my hosts (EIDs) is independent of the address space

from my ISP (RLOC) Very flexible tunneling scenarios are possible: IPv4 in IPv6, IPv6 in IPv4, v6 in

v6, v4 in v4


LISP in the FRITZ!Box, Hybrid solutions

Aggregation of multiple links with LISP


Example, Hybrid solution VDSL and LTE

87



88











89










LISP ReferencesLISP Information

LISP InformationCisco LISP Site ……………………. http://lisp.cisco.com (IPv4 and IPv6)Cisco LISP Marketing Site ………... http://www.cisco.com/go/lisp/LISP Beta Network Site …………… http://www.lisp4.net or http://www.lisp6.netLISP DDT Root ……………………... http://www.ddt-root.orgIETF LISP Working Group ……...… http://tools.ietf.org/wg/lisp/

LISP Mailing ListsCisco LISP Questions ……………… [email protected] LISP Working Group ………… [email protected] Interest (public) ………………. [email protected] Questions ………………... [email protected]

90


Maximize your Cisco Live experience with your free Cisco Live 365 account. Download session PDFs, view sessions on-demand and participate in live activities throughout the year. Click the Enter Cisco Live 365 button in your Cisco Live portal to log in.

Complete Your Online Session Evaluation

Complete your session evaluation online now through either the mobile app or internet kiosk stations.

Note: This slide is now a Layout choice

91

Documents

Executive Panel : LISP Customers Discuss Modern Network Solutions