You are here: Home / Archives for LISP

Cisco LISP – Multihoming

13/06/2011 By Leave a Comment

This is part of a series of posts – The Lisp Papers.

Overview

One of the key functions of the LISP implementation is baked-in multihoming and traffic engineering. EID spaces can be connected to the RLOC environment via several ETRs. The ETR responding to the querying ITR can offer a list of ETRs to be used. The LISP designers had two objectives when they were determining how this should function.

Firstly, the design should offer a preference of some ETRs over others. This allows some systems to act as primary ETRs and others as backups. This is implemented using the Priority field, with lower Priority systems being (counterintuitively) preferable over higher systems.

Secondly, the design should allow traffic distribution to be controlled. Once the priority comparison has taken place and, assuming that a number of systems with the lowest priority have been identified, the weight is considered. Traffic will be distributed between ETRs in the ratio of their weights. For example, ETR A might have a weight of 80 and ETR B might have a weight of 20. Traffic will be distributed between them in a ratio of 4:1.

Cisco LISP Network

In order to fully explore the design, the topology used in the previous post has been modified as follows:

In this case, the “MF” device combines Mapping Server and Mapping Resolver functionality (MF = Multi-Function). In addition, it peers with xTR3.1 and xTR3.2, which act as dual homing xTRs for Customer C. In this topology, xTR1 and xTR2 register with MS and xTR3.1 and xTR3.2 with MF for Mapping Server functionality. xTR1 and xTR2 use MR and xTR3.1 and xTR3.2 use MF to resolve EID to RLOC addresses. MF has GRE tunnels and BGP peers to both MS and MR. This allows the EID prefixes to be disseminated throughout the network and for Mapping Requests to to be delivered to the correct RLOC address.

Design thought

This is a far more realistic topology than the one considered in the previous post for several reasons. The dual xTRs offer a resilient connection to Customer C. There remains a single point of failure in MF, which could be resolved by deploying a second MF and attaching it to a separate part of the core network. The MS and MR functionality are combined, which makes sense at a superficial level. This is for the practical reason that to separate the functions and provide resilience would require 4 systems (resilient MS and resilient MR), which would probably be an overkill for all but the largest environments. Perhaps there are scaling, security or topological reasons to separate MS and MR functionality.

The Mapping Request is routed over the ALT network, as described in the previous post, to one of the RLOCs registered for a specific EID space. The xTR that this corresponds to will respond with a list of RLOCs with associated priorities and weights.

MF’s LISP configuration looks as follows:

router lisp
 site CustomerC
  authentication-key cisco
  eid-prefix 10.1.0.0/24 accept-more-specifics
  exit
 !
 ipv4 map-server
 ipv4 map-resolver
 ipv4 alt-vrf LISP
 exit

xTR3.1 and xTR3.2 have matching configurations:

router lisp
!database mapping for xTR3.1
 database-mapping 10.1.0.0/24 10.255.255.6 priority 2 weight 50
!database mapping for xTR3.2
 database-mapping 10.1.0.0/24 10.255.255.7 priority 2 weight 50
!Configuring MF's loopback as Mapping Resolver
 ipv4 itr map-resolver 10.255.255.5
 ipv4 itr
!Configuring MF's loopback as Mapping Server
 ipv4 etr map-server 10.255.255.5 key cisco
 ipv4 etr
 exit

Pitfall alert

ETRs must be configured with all the EID address space database mappings for which they are authoritative for. In the above example, xTR3.1 is configured with database mappings for both xTR3.1 and xTR3.2. This makes sense when you consider that any ETR could respond to a mapping request and will need to respond with the addresses, priority and weight for the associated ETR RLOC addresses for a required EID address space. If you only configure xTR3.1 with the database mappings for xTR3.1, it will only respond with its own RLOC address and no load-balancing or resilience will be delivered.

Examining the LISP EID database table on MF shows that both xTRs have registered with it:

MF#sh lisp site detail 
LISP Site Registration Information

Site name: CustomerC
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 10.1.0.0/24 
    First registered:     00:47:03
    Routing table tag:    0x0
    Origin:               Configuration, accepting more specifics
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 10.1.3.26, last registered 00:00:41, no proxy-reply, no map-notify
                   TTL 1d00h
      Locator       Local  State      Pri/Wgt
      10.255.255.6  no     up           2/50 
      10.255.255.7  yes    up           2/50 
    ETR 10.1.3.22, last registered 00:00:53, no proxy-reply, no map-notify
                   TTL 1d00h
      Locator       Local  State      Pri/Wgt
      10.255.255.6  yes    up           2/50 
      10.255.255.7  no     up           2/50

If Customer A wishes to communicate with Customer C, xTR1 will send a Mapping Request to MR. MR will forward this over the ALT network, via the GRE tunnel between itself and MF, to the Customer C address, as detailed in the following packet trace: 

Frame 1: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits)
Ethernet II, Src: ca:00:16:79:00:8c (ca:00:16:79:00:8c), Dst: ca:03:16:79:00:1c (ca:03:16:79:00:1c)
Internet Protocol, Src: 10.255.255.0 (10.255.255.0), Dst: 10.255.255.5 (10.255.255.5)
Generic Routing Encapsulation (IP)
Internet Protocol, Src: 10.1.1.1 (10.1.1.1), Dst: 10.1.0.255 (10.1.0.255)
User Datagram Protocol, Src Port: lisp-control (4342), Dst Port: lisp-control (4342)
Locator/ID Separation Protocol
    0001 .... .... .... .... .... = Type: Map-Request (1)
    .... 0... .... .... .... .... = A bit (Authoritative): Not set
    .... .1.. .... .... .... .... = M bit (Map-Reply present): Set
    .... ..0. .... .... .... .... = P bit (Probe): Not set
    .... ...0 .... .... .... .... = S bit (Solicit-Map-Request): Not set
    .... .... 0... .... .... .... = p bit (Proxy ITR): Not set
    .... .... .0.. .... .... .... = s bit (SMR-invoked): Not set
    .... .... ..00 0000 000. .... = Reserved bits: 0x000000
    .... .... .... .... ...0 0000 = ITR-RLOC Count: 0
    Record Count: 1
    Nonce: 0x0f5c25e246fd29d7
    Source EID AFI: 1
    Source EID: 10.1.1.2 (10.1.1.2)
    ITR-RLOC 1: 10.255.255.1
        ITR-RLOC-AFI: 1
        ITR-RLOC Address: 10.255.255.1 (10.255.255.1)
    Record 1: 10.1.0.255/32
        Reserved bits: 0x00
        Prefix length: 32
        Prefix AFI: 1
        Prefix: 10.1.0.255
    Map-Reply record
        EID prefix: 10.1.1.0/24, TTL: 1440, Authoritative, No-Action
            0000 .... .... .... = Reserved: 0x0000
            .... 0000 0000 0000 = Mapping Version: 0
            Local RLOC: 10.255.255.1, Reachable, Priority/Weight: 2/50, Multicast Priority/Weight: 255/0

You will notice that the above packet trace contains a GRE header sourced by MR and destined to MF. This is because the packet capture occured between Core and MF. The response below from xTR3.1 is not sent via the ALT (therefore no GRE header) and includes two RLOCs, a local RLOC (for xTR3.1) and an additional RLOC (xTR3.2):

Frame 2: 94 bytes on wire (752 bits), 94 bytes captured (752 bits)
Ethernet II, Src: ca:03:16:79:00:1c (ca:03:16:79:00:1c), Dst: ca:00:16:79:00:8c (ca:00:16:79:00:8c)
Internet Protocol, Src: 10.1.3.22 (10.1.3.22), Dst: 10.255.255.1 (10.255.255.1)
User Datagram Protocol, Src Port: lisp-control (4342), Dst Port: lisp-control (4342)
Locator/ID Separation Protocol
    0010 .... .... .... .... .... = Type: Map-Reply (2)
    .... 0... .... .... .... .... = P bit (Probe): Not set
    .... .0.. .... .... .... .... = E bit (Echo-Nonce locator reachability algorithm enabled): Not set
    .... ..00 0000 0000 0000 0000 = Reserved bits: 0x000000
    Record Count: 1
    Nonce: 0x0f5c25e246fd29d7
    EID prefix: 10.1.0.0/24, TTL: 1440, Authoritative, No-Action
        0000 .... .... .... = Reserved: 0x0000
        .... 0000 0000 0000 = Mapping Version: 0
        Local RLOC: 10.255.255.6, Reachable, Priority/Weight: 2/50, Multicast Priority/Weight: 255/0
        RLOC: 10.255.255.7, Reachable, Priority/Weight: 2/50, Multicast Priority/Weight: 255/0

Use the following table to decipher the traces, or for more detail, refer to the detailed diagram and configurations:

SystemTypeAddress
CustomerAEID10.1.1.2
xTR1EID10.1.1.1
xTR1loopback10.255.255.1
MRloopback10.255.255.0
MFloopback10.255.255.5
XTR3.1loopback10.255.255.6
XTR3.1RLOC10.1.3.22
xTR3.2loopback10.255.255.7
xTR3.2RLOC10.1.3.26
Customer CEID10.1.0.255

Examining the FIB on xTR1 shows that both RLOCs are used:

xTR1#sh ip cef 10.1.0.255
10.1.0.0/24
  nexthop 10.1.0.0 Null0
xTR1#sh ip cef 10.1.0.255 det
10.1.0.0/24, epoch 0, flags subtree context, check lisp eligibility
  SC owned: LISP remote EID - locator status bits 0x00000003
  LISP remote EID: 4 packets 400 bytes fwd action encap
  LISP source path list
    nexthop 10.255.255.6 LISP0
    nexthop 10.255.255.7 LISP0
  2 IPL sources [active source]
   Dependent covered prefix type inherit cover 0.0.0.0/0
  recursive via 0.0.0.0/0
    attached to Null0

You might have observed that the interface LISP0 on xTR1 has an extra line of config.

interface LISP0
 ip load-sharing per-packet

This will share packets in a round-robin fashion between xTR3.1 and xTR3.2. This is probably not desirable as using different paths within a stream could cause out of sequence errors and excessive retransmissions, which is why the default is per-destination.

Summary

In the networks of today, load-balancing and resilience is predominantly delivered by the crude tools of deaggregation and AS Path prepending. LISP offers a much more subtle and manageable toolkit in a way that doesn’t beggar thy neighbour.

Share
Filed Under: Modern Networking Tagged With: , , , , ,

LISP – Separate MS / MR

09/05/2011 By 1 Comment

This is part of a series of posts – The Lisp Papers.

In the previous LISP post, Practical LISP – Basic Control Plane, the network topology had a single device that delivered both MS and MR functions. While this demonstrated a simple LISP network, it is not a practical deployment. In reality, any number of MS and MR devices will communicate over an Alternative Logical Topology (ALT).

An ALT is nothing more than a tunnelled overlay network that runs BGP to disseminate EID addresses. It also acts as the environment that delivers Mapping Requests or data probes. The Mapping Request / Reply action has been largely covered under the previous post. Data Probes weren’t.

Data Probes

Data Probes are used to ensure that the first initial frames aren’t dropped while a Mapping Request is sent and Response is received. This delay is similar to DNS but with a small proviso. As DNS requests occur within the client, the dropping of the first few frames doesn’t occur as the network layer isn’t engaged until a destination address has been resolved. However, the LISP map doesn’t occur in the client stack and an ITR will not buffer the frames until the destination ETR(s) have been located. As such, a few packets will generally be dropped until the Mapping Response has been received.

To get around this, Data Probes can be used. This is quite simply using the initial packets received by the ITR to act as a mapping request. The data packet is encapsulated with a LISP header and forwarded to the MR. The LISP packet addressed to the EID and encapsulated within a GRE header, which is destination addressed to the next hop specified by the BGP routing used over the ALT. The GRE packet will potentially be decapsulated and encapsulated multiple times as it traverses the ALT. The ALT will use BGP routing to forward the packet to the EID prefix source, which is the MS. Once at the MS, the LISP packet is forwarded on to the ETR, where the Data Packet is decapsulated and forwarded on to the EID Destination.

So we have 3 different levels of source / destination addresses, which can best be understood using the following diagram:
Location ID Separation Protocol Data Probe

Data Probes seem to be a good idea, but the ALT draft does draw attention to some concerns:

It is worth noting that there has been a great deal of discussion and controversy about whether Data Probes are a good idea. On the one hand, using them offers a method of avoiding the “first packet drop” problem when an ITR does not have a mapping for a particular EID-prefix. On the other hand, forwarding data packets on the ALT would require that it either be engineered to support relatively high traffic rates, which is not generally feasible for a tunneled network, or that it be carefully designed to aggressively rate-limit traffic to avoid congestion or DoS attacks. There may also be issues caused by different latency or other performance characteristics between the ALT path taken by an initial Data Probe and the “Internet” path taken by subsequent packets on the same flow once a mapping is in place on an ITR. For these reasons, the use of Data Probes is not recommended at this time; they should only be originated an ITR when explicitly configured to do so and such configuration should only be enabled when performing experiments intended to test the viability of using Data Probes.

Cisco provides support for data probes on the Nexus platform using the command:
ip lisp itr send-data-probe
No support for data probes seems to be available in IOS (15.1(4)XB4 or 15.1.4M).

The ALT

The ALT does not directly communicate the RLOC to EID mapping. It simply provides a low-capacity environment to deliver the initial Mapping Requests, addressed to the EID required. The Mapping response will traverse the standard RLOC environment, with the source the responding ETR and the destination would be the requesting ITR.

To explore the configuration required to support a separated MS and MR function connecting over the ALT, the following topology will be used:
Locator / ID Separation Protocol MS MR over ALT
The configurations use the new LISP CLI format.
MR Configuration
The MR configuration now includes a GRE tunnel to the MS and an IPv4 VRF SAFI BGP peer to the remote side of the BGP peer tunnel. LISP is redistributed into this BGP SAFI.

vrf definition LISP
 rd 1:1
 !
 address-family ipv4
 exit-address-family
!
interface Loopback0
 ip address 10.255.255.0 255.255.255.255
!
interface Tunnel0
 vrf forwarding LISP
 ip address 10.0.0.1 255.255.255.252
 tunnel source Loopback0
 tunnel destination 10.255.255.4
!
router lisp
 ipv4 map-resolver
 ipv4 alt-vrf LISP
 exit
!
router bgp 65001
 bgp log-neighbor-changes
 !
 address-family ipv4 vrf LISP
  redistribute lisp
  neighbor 10.0.0.2 remote-as 65002
  neighbor 10.0.0.2 activate
 exit-address-family

MS Configuration
The reciprocal configuration is specified

vrf definition LISP
 rd 1:1
 !
 address-family ipv4
 exit-address-family
!
interface Loopback0
 ip address 10.255.255.4 255.255.255.255
!
interface Tunnel0
 vrf forwarding LISP
 ip address 10.0.0.2 255.255.255.252
 tunnel source Loopback0
 tunnel destination 10.255.255.0
!
router lisp
 site CustomerA
  authentication-key cisco
  eid-prefix 10.1.1.0/24 accept-more-specifics
  exit
 !
 site CustomerB
  authentication-key cisco
  eid-prefix 10.1.2.0/24 accept-more-specifics
  exit
 !
 ipv4 map-server
 ipv4 alt-vrf LISP
 exit
!
router bgp 65002
 bgp log-neighbor-changes
 !
 address-family ipv4 vrf LISP
  redistribute lisp
  neighbor 10.0.0.1 remote-as 65001
  neighbor 10.0.0.1 activate
 exit-address-family

xTRs modified configuration
Previously, the xTRs pointed to a single address for both the MS and MR addresses. Now we point the MS and MR elements in the xTR configuration to the separate addresses specified above:
xTR1

router lisp
 database-mapping 10.1.1.0/24 10.255.255.1 priority 2 weight 50
 ipv4 itr map-resolver 10.255.255.0
 ipv4 itr
 ipv4 etr map-server 10.255.255.4 key cisco
 ipv4 etr
 exit

xTR2

router lisp
 database-mapping 10.1.2.0/24 10.255.255.1 priority 2 weight 50
 ipv4 itr map-resolver 10.255.255.0
 ipv4 itr
 ipv4 etr map-server 10.255.255.4 key cisco
 ipv4 etr
 exit

This topology peers the MS directly with the MR. However, it is reasonable to assume that xTR1 would use a MS / MR combination and xTR2 would use another. Further, direct peering is not likely. Instead, the MR would likely peer with a chain of ALT routers before reaching the MS, similar to how the Internet operates with BGP peering from source AS to destination AS.

As BGP is used to interconnect MS and MR devices over the ALT, the standard BGP prefix aggregation mechanisms and best practices could be followed.

ALT in Action

To really get to grips with the Mapping Request, it is important to examine the packets.  The following wireshark frame captures were taken (made available here with the excellent services of Cloudshark):

xTR1 to MR
MR to MS
MS to xTR2

The Mapping Response is presented below. This bypasses the ALT and is sent directly from xTR2 to xTR1.
xTR2 to xTR1

Use the following table to decipher the traces, or for more detail, refer to the detailed diagram and configurations:

SystemTypeAddress
CustomerAEID10.1.1.2
CustomerBEID10.1.2.255
xTR1EID10.1.1.1
xTR1RLOC10.1.3.2
xTR1loopback10.255.255.1
MRtunnel endpoint10.0.0.1
MStunnel endpoint10.0.0.2
MRloopback10.255.255.0
MSloopback10.255.255.4
MSRLOC10.1.3.10
xTR2RLOC10.1.3.6
xTR2loopback10.255.255.2

Monitoring the ALT Network
The MR now contains a couple BGP prefixes within the LISP VRF:

MR#sh ip bgp vpnv4 vrf LISP
BGP table version is 3, local router ID is 10.255.255.0
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf LISP)
*> 10.1.1.0/24      10.0.0.2                 1             0 65002 ?
*> 10.1.2.0/24      10.0.0.2                 1             0 65002 ?

The networks 10.1.1.0/24 and 10.1.2.0/24 are the EIDs address spaces for Customer A and Customer B, respectively. 10.0.0.2 refers to the MS tunnel endpoint, which is used to establish the BGP Peer with the MR.

Share
Filed Under: Modern Networking Tagged With: , , , ,

Practical LISP – Basic Control Plane

13/01/2011 By 2 Comments

This is part of a series of posts – The Lisp Papers.

The previous blog posts on LISP have considered the forwarding plane. A brief summary of the forwarding plane is as follows:

  1. The traffic originates at the EID space of the source where
  2. it is routed to the ITR at the edge of the Service Provider network,
  3. encapsulated in the LISP tunnel,
  4. the encapsulated packet traverses the RLOC space towards the ETR,
  5. where it is decapsulated and
  6. routed in the destination EID space towards the destination.

The control plane is concerned with how the ITR maps a destination to an ETR. In order for this to happen, two primary activities need to be completed.

  1. The first is an ETR needs to inform the network that it should be used as the ETR for a particular EID space.
  2. The second is that an ITR needs to look up the required ETR for a destination EID.

These functions are known as mapping functions. LISP considered a number of different mechanisms (CONS, NERD and EMACS) to deliver this, but the LISP + ALT (Alternative Logical Topology) mechanism is the version Cisco has made available on its released IOS (LISP + ALT is documented in draft-ietf-lisp-alt) and seems to be the way forward.

These two functions are delivered by two separate services. The registration service is delivered via a Mapping Server (MS), while the lookup via the Mapping Resolver (MR). This is in a general deployment. The draft discusses various potential configurations where the ETR or ITR may be directly connected to the ALT network, but this is for sites that require additional controls and wouldn’t be the general practice.

So broadly speaking, the ETR registers its EIDs with the MS. This is communicated to the MS as a push, which in turn is pushed out over the ALT network. This is similar to how BGP routes in the Internet today, in that user networks advertise their reachability out to the wider BGP-connected network.

The ITR sends a mapping request for the destination EID address to the MR, which then forwards the request to the corresponding ETR over the ALT network. The ETR responds with a mapping reply. This mapping reply contains the RLOC addresses (the ETRs) that should be used for the required EIDs, which is stored in the mapping database. This operates as a pull, in a similar fashion to DNS. Together, this is known as a hybrid push pull system.
The asymmetry between the push from the ETR and the pull from the ITR is the key to keeping the forwarding state small on the ITR and allowing the forwarding plane on these systems to scale. It is what keeps Elbonian prefixes off of your router unless you really need it.
These services are configured as follows:
Mapping Server

vrf definition LISP
 rd 1:1
!enable the Mapping Server service
ip lisp map-server
!configure LISP site
lisp site CustomerA
 authentication-key cisco
 eid-prefix 10.1.1.0/24 accept-more-specifics
lisp site CustomerB
 authentication-key cisco
 eid-prefix 10.1.2.0/24 accept-more-specifics
!enable ALT on the vrf LISP
ip lisp alt-vrf LISP

Mapping Resolver

vrf definition LISP
 rd 1:1
!enable the Map Resolver system
ip lisp map-resolver
ip lisp alt-vrf LISP

Combined

vrf definition LISP
 rd 1:1
ip lisp map-server
ip lisp map-resolver
lisp site CustomerA
 authentication-key cisco
 eid-prefix 10.1.1.0/24 accept-more-specifics
lisp site CustomerB
 authentication-key cisco
 eid-prefix 10.1.2.0/24 accept-more-specifics
ip lisp alt-vrf LISP

Note that the VRF definition is required, even if the Map Server and Map Resolver are located on the same system. My initial configurations assumed that this would not be required, but this makes sense when you consider that the MS and MR are actually two separate processes and in most cases they will need to communicate over the ALT network (more on this in the next post). Even if they are located on the same system, the MR requires an ALT network to forward the mapping request to the MS, and then on to the ETR.
Adding the above configuration to the forwarding topology discussed in the previous LISP post, we would have the following:

xTR1 and xTR2 would register with the MS element of the MSMR system. They would have the same address configured as the MR, so that the configuration for xTR1 would look as follows:

!create a database mapping for the EIDs owned by this site. This is used by the ETR function to register with the Mapping Server
ip lisp database-mapping 10.1.1.0/24 10.255.255.1 priority 2 weight 50
!configure the Map Resolver address that is to be used by this system
ip lisp itr map-resolver 10.255.255.4
!enable the itr function
ip lisp itr
!configure the Map Server address that is to be used by this system
ip lisp etr map-server 10.255.255.4 key cisco
!enable the etr function
ip lisp etr

The full configurations and topology of the Basic LISP testbed is documented here. Obviously, the MS and MR systems are very rarely going to be self-contained. In the next post, I’ll consider the ALT environment and how it joins up the MS and MR environments in greater detail.

Share
Filed Under: Modern Networking Tagged With:

LISP Papers

01/12/2010 By Leave a Comment

What was meant to be a brief investigation into LISP has turned into a rather large piece of work. The following is a summary presenting the LISP papers in the correct reading order:

Setting the scene

  1. The other big network challenge
  2. Underlying causes for an expanding Internet Routing Table
  3. Internet Routing Table – the good
  4. Internet Routing Table – the bad
  5. Internet Routing Table – the ugly
  6. Greatness and failure
  7. Identity / Location

LISP

  1. LISP
  2. LISP Data Plane
  3. Routing Tables and Economics
  4. Practical LISP – Basic Control Plane
  5. Practical LISP – Monitoring LISP
  6. Practical LISP – Separate MS / MR
  7. Cisco LISP – Multihoming across xTRs
  8. MTU, security and other practical aspects (upcoming)
Share
Filed Under: Modern Networking Tagged With: , , , , ,

LISP Data Plane

03/11/2010 By 2 Comments

This is part of a series of posts – The Lisp Papers.

The previous post considered the LISP Data Plane from a theoretical basis. Before moving onto the control plane, I would like to examine a real functional network running LISP. Cisco has made code available that I used in GNS3. The topology looks like the following (red space is RLOC, green space is EID):

The first point that should be made is that this not a complete LISP network. For this reason, I won’t post my configs yet. Only once the control plane elements have been considered, will the final pieces be added. In spite of this, we have enough to get traffic from Customer A to Customer B, assuming that the EID to RLOC mappings pre-exist.

In this topology, the core router has no knowledge of the client networks.
Core#show ip route
<snip>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C        10.1.3.0/30 is directly connected, GigabitEthernet1/0
C        10.1.3.4/30 is directly connected, GigabitEthernet2/0
O        10.255.255.1/32 [110/2] via 10.1.3.2, 00:14:19, GigabitEthernet1/0
O        10.255.255.2/32 [110/2] via 10.1.3.6, 00:14:29, GigabitEthernet2/0
Core#

If we examine the xTR LISP Map-cache databases:

xTR1#sh ip lisp map-cache
LISP IPv4 Mapping Cache, 2 entries
0.0.0.0/0, uptime: 00:08:55, expires: never, via static
Negative cache entry, action: send-map-request
10.1.2.0/24, uptime: 00:00:33, expires: 23:59:24, via map-reply, complete
Locator       Uptime    State      Pri/Wgt
10.255.255.2 00:00:33  up           2/50
xTR2#sh ip lisp map-cache
LISP IPv4 Mapping Cache, 2 entries
0.0.0.0/0, uptime: 00:09:07, expires: never, via static
Negative cache entry, action: send-map-request
10.1.1.0/24, uptime: 00:00:40, expires: 23:59:17, via map-reply, complete
Locator       Uptime    State      Pri/Wgt
10.255.255.1 00:00:40  up           2/50

Without being too concerned about the majority of the details listed here, we can see that the EID 10.1.2.0/24 is known via RLOC 10.255.255.2 (xTR2′s loopback address) and EID 10.1.1.0/24 via RLOC 10.255.255.1 (xTR1′s loopback address).

If we ping from Customer A to Customer B, a Wireshark capture (on the link between customer A and xTR1) shows that the source will be 10.1.1.2 (in the EID address space for CustomerA) and the destination will be 10.1.2.254 (in the EID address space for CustomerB).

Frame 17 (114 bytes on wire, 114 bytes captured)
[Protocols in frame: eth:ip:icmp:data]
Ethernet II,
Src: ca:05:16:80:00:1c (ca:05:16:80:00:1c),
Dst: ca:02:11:f4:00:1c (ca:02:11:f4:00:1c)
Internet Protocol,
Src: 10.1.1.2 (10.1.1.2),
Dst: 10.1.2.255 (10.1.2.255)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0 ()
Checksum: 0×2360 [correct]
Identifier: 0×0004
Sequence number: 0 (0×0000)
Data (72 bytes)

The return traffic, unsurprisingly, is from Customer B to Customer A.

Frame 18 (114 bytes on wire, 114 bytes captured)
[Protocols in frame: eth:ip:icmp:data]
Ethernet II,
Src: ca:02:11:f4:00:1c (ca:02:11:f4:00:1c),
Dst: ca:05:16:80:00:1c (ca:05:16:80:00:1c)
Internet Protocol,
Src: 10.1.2.255 (10.1.2.255),
Dst: 10.1.1.2 (10.1.1.2)
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0 ()
Checksum: 0x2b60 [correct]
Identifier: 0×0004
Sequence number: 0 (0×0000)
Data (72 bytes)

If the core is oblivious to the EID address space, how are the pings getting through? LISP has encapsulated the traffic in UDP LISP Data (port 4341). The following wireshark capture (on the link between the Core and xTR1) shows that the source and destination icmp packets are encap’ed (or jacked up), and the source and destination IP addresses are xTR1 (10.1.3.2 – outbound interface) and xTR2 (10.255.255.2 – loopback interface referred to in xTR1′s mapping for the 10.1.2.0/24 EID).

Frame 21 (150 bytes on wire, 150 bytes captured)
[Protocols in frame: eth:ip:udp:lisp-data:ip:icmp:data]
Ethernet II,
Src: ca:02:11:f4:00:38 (ca:02:11:f4:00:38),
Dst: ca:04:16:80:00:1c (ca:04:16:80:00:1c)
Internet Protocol,
Src: 10.1.3.2 (10.1.3.2),
Dst: 10.255.255.2 (10.255.255.2)
User Datagram Protocol,
Src Port: hello (1789),
Dst Port: lisp-data (4341)
Locator/ID Separation Protocol (Data)
Internet Protocol,
Src: 10.1.1.2 (10.1.1.2),
Dst: 10.1.2.255 (10.1.2.255)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0 ()
Checksum: 0×2360 [correct]
Identifier: 0×0004
Sequence number: 0 (0×0000)
Data (72 bytes)

The return wireshark capture shows that the return icmp packets are encap’ed , and the source and destination IP addresses are xTR2 (10.1.3.6 – outbound interface) and xTR1 (10.255.255.1 – loopback interface referred to in XTR2′s mapping for the 10.1.1.0/24 EID).

Frame 22 (150 bytes on wire, 150 bytes captured)
[Protocols in frame: eth:ip:udp:lisp-data:ip:icmp:data]
Ethernet II,
Src: ca:04:16:80:00:1c (ca:04:16:80:00:1c),
Dst: ca:02:11:f4:00:38 (ca:02:11:f4:00:38)
Internet Protocol,
Src: 10.1.3.6 (10.1.3.6),
Dst: 10.255.255.1 (10.255.255.1)
User Datagram Protocol,
Src Port: hello (1789),
Dst Port: lisp-data (4341)
Locator/ID Separation Protocol (Data)
Internet Protocol,
Src: 10.1.2.255 (10.1.2.255),
Dst: 10.1.1.2 (10.1.1.2)
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0 ()
Checksum: 0x2b60 [correct]
Identifier: 0×0004
Sequence number: 0 (0×0000)
Data (72 bytes)

The above output shows that LISP at the data plane is basically a dynamic tunneling protocol. Friday’s post will consider the control plane, which will demonstrate that this data plane integrates with a DNS-like distributed EID to RLOC mapping database. The three questions that will have to be answered are:

  1. how does the ETR inform the network of EID to RLOC mapping
  2. how does the ITR learn the EID to RLOC mapping
  3. how is all of this information distributed in a global fashion

Postcript: These wireshark decodes were made possible with the use of a special LISP version of wireshark – available here.

Share
Filed Under: Modern Networking Tagged With:
« Older Posts

Copyleft(ↄ) 2013. Text is available under the Creative Commons Attribution-ShareAlike license

Pattinson Consulting Limited