CCIE DC - Locator ID Separation Protocol (LISP)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi welcome this is Cisco Lisp class a short video on Cisco Lisp now the idea behind this is separating the ID that is identifying a device from the location of the device what do I mean by that you may think like what he's speaking a device is identified and located by an IP address how can you separate a device identification which is an IP address from the location identification which is also the same IP address you're right the device is identified with an IP address and it's the same IP address that is used to identify the location of the device I agree as a result we face a lot of problems challenges in a growing Internet network mobility is a problem when you move your device the identification of the device changes the IP address and the network changes as a result the policy that was binded to the old IP address all need to be changed till the time the service will be down the service that was provided by this device which is mode will be down till you fix those policies with new IP address so mobility is a challenge in data center again you know there's there's a big impact when you move device from one location to another location to overcome this limitation we have OTV overlay transport virtualization least we explain many more as a solution now we are going to focus on Lisp and Lisp only before I take you through the the understanding of terminologies the terms and how they work for me of place I would like to show you a demo on Lisp so that you will get a picture of what I'm saying and then we will move further what we see here is two sites lisp site one for site one this is the edge router we call this XTR transmit/receive edge device for site - this is the edge device transmit/receive edge device for site - this is the inside network of site to end our - not 0 dot 0 / 6 t and this is the inside network ten or 1.0.0 off site one you may have many sites like this and many private networks any network that doesn't matter you know you have a network now all the sites are connected through Internet in the Internet what we need is we need one sour router we call this map server or map resolver map M stands for map map server or map-resolver router the job of this map server at map-resolver is similar to what the DNS does domain name server what it does is it Maps the domain ID to have IP address when you type yahoo.com on dota2 and outer to sends the request to the DNS server and DNS server results Yahoo to its IP address and gives you the IP address so that r2 can use the IP address to talk directly to Yahoo similarly we are going to map the site IP address to the mapped IP address site IP address to the routable IP address or the route locator IP address here in our case we are going to look we are going to map this 10.1 to 3.1 and this 10.2 to 5.1 this 503 that one are outa Belinda public network when the packet group goes from 10.1 it gets encapsulated with 3.1 and the destination 10.2 will not be on the top layer instead there will be Phi dot 1 on the top layer and packet reaches this Phi dot 1 and D capsulated send to router six that's how the ping happens between rotor 200 or six you can say like hey GRE is already doing this gr eternal between our three and our five can encapsulate 10.1 source to 10.6 and sorry 10.2 and send the packet to row 2 5 and the 5 will D capsulate and send the traffic to 10.2 which is on router 6 you're right but the difference is this I would like to show you the routing table of r3 so I figure out you don't have route to reach 10.1 sorry you don't have route to reach the remote site network 10.2 dots here o dot 0 and you don't see any tunnel interface here but when I go to load to and ping 10.2.32 dot one which is on router six the ping is going to happen give some time see it happens the ping happens to sense the packet around two three but row two three has got no idea about ten or two no tunnel interface you see show IP interface brief note on all interfaces you just got Lisp interface which is the inside interface if three snare zero actually the location of 10.1 is identified by 3.1 dot one dot one in the internet so all the internet knows three dot one dot one dot one be four out of five when it receives a packet to the destination tend on one you see when I ping from rotor six Tara do not know not one when rotor five receives the packet for the destination 10.1.1.1 rotor five cents a request to our full careful there you know anything about ten or one dot network and our four says let me show you so let's look at our table default instant zero is what I used site somebody I can see that there is there are two sites configured with this server mapping server the two sites are the site in the left hand to Satan there right and when I type this command show lisp site I can see those two sides and the address this is the locator address for this subnet it says that if you want to go to tether one network you need to go to the public IP address three dot one dot one dot one what I'm coming to show here is to identify router 2 you have two IDs here 3.1 101 shows the location of T router 2 10.1.1.1 is the device identification itself this is what Lisp provides you as you have to identification now when you move around to two different sites only this mapped address will be changed you need not to change this your original identity the device identity you keep change you need not to change it the change that happens is only to this so the policy that are binded to this address still remains the same you no need to go and alter it as you do mobility as you do motion from one place one side to another side and this registration happen dynamically router for learnt that 3-1-1 is responsible for this network not because i configured it it got registered in router force locator table dynamically as a result whenever router fire you receives a packet for an unknown destination zero to five sure I clear Oh what if I don't know about 10.1 Network but when you ping from router 6 when you think from around 1600 cylinders well that thing happens in the speak has another fight immediately goes to router order for and ask very standard one dot so you know that Ortega on one network router for says two router five that you need to encapsulate with the destination address 3 1 1 1 so rotor 5 encapsulated 3 1 1 1 and cents to low to 3 1 1 1 which is router 3 and what the 3d capsulated that sends to in order to hope you understood what I mean now the location identifier and the device identifier is now 2 separate address 10.1.1.1 is the device identification of rotor 2 and the location identifier is 3.1 or 1.1 which is router 3 is G 0 0 interface so router 305 is configured to go and talk to MS router the map server or the map resolver which is our 4 in the internet somewhere to learn the other sides reach ability to learn the location of other sites Private Networks right with this now let's go and try understanding more about less we will see the overview of Lisp and then there are three essential thing which you have already seen that we need one is the eggs router which encapsulate sandy caps rates increase and decrease traffic's you know and then the MS our MP sir amazon mr mapserver our map-resolver let me show you you know you have this guy its transmits and receives which goes and registers with the MS saying r3 goes to our forum says hey I am three dot one dot dot one you see that you can I can show you who last registered three one one has come and registered saying I am responsible for the edge identifier he eyed eh identifier means you know the edge network ten hundred won at one notify one comes my route fibers come and registered the XR x TR out of five of situ has come and registered saying hey I'm fighted 101 if someone wants to go to ten or two they're sending to me you know so the registration happened this many years ago so what we see here is we see that three components are involved the receiver and sender the code the map server and map-resolver and the third one is in case if you have a router which cannot talk to msre mark if you have a old router which don't support this Lisp services then you can use a lisp proxy device which we don't have here in this enrollment but in case if there is a device which is not supporting list a non-lisp site can still be router in the Lisp Network by using a lisp proxy fine let's go and see more in detail the three essential and then this 7 lisp specific network infrastructure which you already know few of them like MSM are agrees in Greece a I D the edge router and so on then atlas we will see one configuration example which I already showed you but I have not seen that I have not show the configuration side of it I will show you the configuration side of it and then somewhere shark snapshots but as I already told you the problem in today's grown Internet network is the Internet has drawn big as a result the company the complexity the it's more complicated now lot of virtualization you know new advancement demands mobility a lot of things have come so we also need to change the approach towards the identification of a device identifying a device with the IP address and locating the device with the same IP address Laxus or it set some limitation like as you change the IP address the location also gets changed as a result the policy which is binded to this location the policy that is binded to this identification all need to be altered as you as you move the device from one location to the other so there's a big challenge in multihoming mobility scene when we have one single address for identifying the device location and the device and the device itself so we need to have some some separation between the device location and some device identification and the device location identification so we need to identifier to locate a device we want an address like we saw here in my example for locating router to the people in the internet uses three dot one dot one dot one as a address to locate rotor to and doctor twos unique identification is 10.1.1.1 IV two different identification as a result as you move the router router to from one side to another side only the our location remote location on route location changes based on where you move but router twos identification 10.1.1.1 remains the same so the policy that is violet root n dot owner Owner while reminding us aim right you know 5g is now booming everywhere this is what they need actually they want to identify every single device every single thing in the universe every single moving thingy moveable thing in the universe with an IP address so if I am identified with an IP address the policy for me to access this world if it is mapped to my IP address even if I jump from one part of the world to another part of the world the policy to access this world will remain the same because I'm in Africa now because I'll be moving through Antarctica later I will not have different privilege shall have the same privilege same policy to access this world Feige supports this mobility and this Lisp also supports this mobility along with Phi G to happen and I can't hide I couldn't change my identity when I move from one part of the world to another part of the world I know that one single government of Internet right that's where we are moving into the entire world most words that it's what we can see be is all concepts like this for TV blah blah blah vx land SD van all contributes to such one big umbrella of government right just to understand I just took one example which may happen in future so the location ID separation protocol Lisp provides this to identification for device today this device tomorrow it's going to be animals tomorrow it's going to be maybe human being you know it's going to give two different identification one the address that identifies the individual the other one identifies the location where the individual is as a result and the individual moves from one place to another he will have the same policy though the location is changed the individual identification is still the same it's like you hold the Philippines passport you go to another country get the citizenship still you get the same privilege what you've got in Philippines because your bonus of Philippine you continue have the same privilege of what you had in your country even if you move to some other country better privileges may be available for their citizen and it's something like that know if this may leave there this is my prediction so today we may talk in the name of device mobility the middle of LA but tomorrow this is what going to happen may be right because the Phi G saying you know when I map 5g and these mobility features it tells a new story location I did ID separation protocol provides improved routing scalability Lisp we just now saw that the edge dr. Nina to learn all the routes so you you get an optimized routing table you do not have root in that router are three but still you were able to ping from r2 to this network of our six let me show you it again paying thin that 2.0.1 which is on our six let me trace note and show you you see it goes to three hundred one or two which is here and then it goes to fight at will not wonder one which is router five and at last to this private network and if you go to router three sure I pin out you don't have any route for 10.2 if you go to router for sure IP route you don't have any readout for 10.1 or 10.2 but still the packets are moving but then that four has got this lisp site map this msn mr which maps between the public IP address and the private appearance between the route locator and the edge identifier and makes this happen the encapsulation the additional encapsulation makes this happen sure I put out here this guy knows nothing about 10.1 but still you are able to ping from our 610 dot you know so provides an improved scalability flexible address assignment of four multihoming provides independency mobility and virtualization support les offers an alternative to traditional internet architecture by introducing two separate IP address one which is 3.1 or 1.1 in our example that's one identification another address is 10.1.1.1 which is the router tools interest so route locator address in our example is 3 1 1 1 or on the other side it is Phi 1 1 1 that is route locator routing locator the other one is the edge device identification the second address is edge point identification which is 10 dot 1.7 at 102 and 10 or 2.0.1 or router 6 the separation is were offered by Lisp the three essentials of RIP RISP l'espace you need a edge name server it's the Lisp site and if you have a non-lisp site you need okay you need lisp site which is louder too in our example and then the the locator the edge device of the site and then the naming server the mapping server less mapping services like MSN M R map-resolver and maps if you if you can imagine that DNS function similar function here but the difference is here it maps between the Eid and our LOC routing locator and edge identifier edge ID that's the job of mapping service here now this picture explains the same thing what we have in our demo alright so you need these many things if you want to have Lisp in your infrastructure one is the map-resolver another one is the map server in our case map-resolver and map server or in same router which is our 4 in the internet a core and then you may need a proxy edge sternal router proxy in greece tunneled router here XR x TR takes the role of the egress tunnel router and ingress tunneled router proxy is needed when your device don't support this e TR and ITR if not your ET r night here can be done on the edge router itself if in the same router it is called as xt are both E and I if you keep another router along with router 3 for transmitting and three for receiving then you will have to separate name eight here an idea in our case we don't have eat here right here we have both together or two out of three itself - to receive the result that out and to send the local route to get registered with our four we use both transmit and receive both increase and increase and router three itself so it's called a sixth year and Lisp alternative logical topology device which you can you may have it in the core more than one M s and M are alternate topology device the seven things if you just go through it you will understand this alternative logical topology means what you have are three two are five a new relationship and new tunnel whenever you ping from rod or two to router six an alternate logical topologies Crete and that's why the ping is possible that alternate logical topology is built with the help of all the below things that you see agree strand router in Greece tangled router route resolver map-resolver map server edge transmit sorry Greece transmitting he greased out router proxy in Greece router with the support of all this you know you are able to form an alternate logical topology the actual physical topology will not allow our true to ping our sex right you form an alternate logical topology using Lisp now all seven things that are very important for Lisp to happen you need an alternate logical topology support which is supported in almost all 15.1 and later version of Cisco IOS X our device csr device alright so this story just now I finished saying you can pass the recording and give a reading you covered this increase in e grease that happens on the edge router so our three goes and registers with our four by saying I am three one one I am responsible for 10.1 and when our four resolves 10.2 and gives you the information find out what not wondered when you receive it when I wear around to wants to send the traffic to rotor six you use it so both increase and agrees of list packet happens in r3 all right that's what this explains the map-resolver have the mapping table I showed you that it registers and then it helps to resolve whenever packet approaches to reach the remote network all right proxy is needed whenever you don't have ITR and eat here supportin on the router it's a separate device proxy new IC use it and this topology which we already seen which we have much familiar now if i will show you the command then you will understand the entire story now how this is possible whatever I have spoken so far whatever I have shown you while thinking how this is possible you see on r3 I say that 10.1 my internal network this is the map redress for that this is the route located from address and this is the internal address and I send this information to my resolver I go on register with the server when you register with the server you need to identify that you are you are registering with the genuine server so you can you can use authentication key this key it's just a password I just put site 1 as the password you can have any complicated password but it's a pre shared key between r3 and r4 it's a pre shared key you have a separate key between these two and separate key between these two seeing the real world are three round four is not directly connected they are somewhere in the cloud or forest somewhere in the cloud like a DNS server so you just give the location of the RS and mr and ms map-resolver and map server so that r3 will go and register itself this address and the mapping address so there are four this is our fourth address our four we know the locator ID and Eid of site one which is here similarly site to also comes and registers so our 3 and alpha will have similar configuration the only difference is our four sorry are three and our five will have similar configuration our file the differences are five is going to have 10.2 here because in the two is what behind our five and this would be Phi dot 101 which is on G 0 0 of rotor 5 it may be an loopback also but I mean I'm having this address on T 0 0 like I see a 3 1 1 1 is almost 3 is on G 0 0 and I have a common routing protocol between router 5 and router 3 to just simulate the internet they ping each other so this is an R 3 and this is an r5 and I'm using different password for site one outside to all the M s and M our server we configure this I create I have two sides right one on the left and one out right so I just created with the same name you can give different name as well the authentication key the pre-shared key which vo which we already assigned on b TX are on the site and then the prefix that can come and register similarly here we have another one so only those prefixes will be learned it will not learn all the prefixes that comes from the site then we enable the MS by typing this command ipv4 map server and we enable the mr by typing this come in the command that I used to show the table is show lisp site that shows the location table right now you see as soon as I can figure you can see the registration that happens the map register this the screenshot that I captured when I was enabling Lisp you know this is how the result after the result when you ping you know this is how the ping happened see I'm pinging from and pinging from 1002 1.0.1 to 10 or 2.0 what in our topology router 2 to router 6 this is the actual source and actual destination it's a nice aim in packet now you see LSP comes as an encapsulation LS pieces the port number 4 3 4 1 by using this port number UDP port number you see the upper layer 3 1 1 1 which is our threes address and 5 1 1 which is the locator address of the destination that where you go 5 5 1 1 which is 0 2 5 the MAC address of round 2 3 and router 5 tunneled and the packet goes all right so this is the the tunneling technique this is the encapsulation technique that lets follows as a result you are able to ping from R 2 to R 6 without any route information in r3 r4 and r5 this keeps the this makes the routing table small in the public as soon as the edge hope you had this stood you know how this works and why we need Lisp how Lisp supports mobility and how the header looks the additional encapsulations alright thanks for listening see you next step bye bye
Info
Channel: Jayachandran
Views: 5,415
Rating: 4.9200001 out of 5
Keywords: ccna, cisco, data, center, ccnp, ccie, networking, online, training, bgp, jayachandran, sathiyan, routing, switching, MPLS, LISP
Id: _qLKt94F7ow
Channel Id: undefined
Length: 41min 44sec (2504 seconds)
Published: Sat Jun 22 2019
Related Videos
29 Virtual Routing & Forwarding Instances VRFs
Boneless Man
8.7K
Cisco SD-Access | DNA Center Fast Start
Let's Learn
14K
Inside the mind of a master procrastinator | Tim Urban
TED
44M
Unleash Your Super Brain To Learn Faster | Jim Kwik
Mindvalley Talks
11M
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
OSPF 24 Intermediate Level NSSA
Jayachandran
142
Cisco Software Defined Access Evolution
Tech Field Day
18K
TCP/IP and Subnet Masking
Eli the Computer Guy
3.5M
Antimatter Propulsion - Ryan Weed, CEO of Positron Dynamics
Hello Tomorrow
1.4M
Cisco SD-Access - Campus Fabric with DNA Center Automation & Assurance with Shawn Wargo
Tech Field Day
59K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.