Cisco Systems is very busy promoting Location ID separation protocol (LISP) these days, and it is leaving many network administrators wondering about the technology and if they should start looking into it or not. Let’s learn more about the protocol and its benefits.
What is LISP?
The concept of LISP is to decouple host identities from the network that they belong to. In order to do so, LISP uses two different databases: the first is the Resource Locator (RLOC), which is essentially a map of different networks; and second is the End-host ID (EID) that keeps track of where hosts are on the network in relation to their RLOC.
Whenever network administrators, designers, and engineers are presented with a multi-location network topology that includes dual-homing, one answer pops up to solve the routing between the locations: Border Gateway Protocol (BGP). BGP is the de facto protocol to “route the Internet” and requires the IT staff to have a good understanding of the protocol before starting to configure it. Major networks collaborate to build the internet, making then transient autonomous systems (AS) that are advertised to one another using BGP. When someone wants to visit an Autonomous System such as the one holding Google, Facebook, or eBay, they determine the AS based on the subnet that has the host and the lookup router (either the ISPs or your multi-homed router) and consult the internet’s BGP table to figure out the best path to the destination.
If we already have a solution, then why even talk about LISP? The possible answers here are numerous:
If you want to become part of the internet and become a full AS with an ISP, you must “own” a full public Class C public IP address range
- To perform a full adjacency with an ISP and become a transient AS, you must have routers that can process the 400K+ routes that currently make the internet. Here we are talking Cisco’s ASR class, nothing less.
- You and your staff must have in-depth knowledge of BGP since you can make mistakes that may hinder the performance of the ISPs connected to you. If you make too many mistakes, your BGP privileges will be revoked; uplinks may be shut down, etc.
Let’s learn more about the main advantages LISP provides.
LISP Advantage #1: Simplicity over BGP
Let’s make a quick comparison between LISP and BGP. Let’s say you need to reach www.globalknowledge.com. You will go to a DNS server, which will tell you that the www A record for globalknowledge.com points to ip address 220.127.116.11 . Your end host will then consult your default gateway (router), which will then consult your local BGP table that indicated that 18.104.22.168 is held by GK-AS1 that encompasses the entire 22.214.171.124/24 subnet, two routes (for example) are offered via ISP A with a metric of X and via ISP B with a metric of Y. The “lowest cost” metric will be used to get there, and more than likely, the same path will be used for subsequent interactions with the site. Not only that, the folks at Global Knowledge cannot move “www” around because it belongs to a specific AS in a specific subnet.
With LISP, the same process would work almost the same except that a LISP-enabled router, in this case an ETR, would catch your outbound request and consult a MAP server (MS) to find out which site holds 126.96.36.199 at this moment, almost in the same fashion as DNS. The MS holds RLOC-to-EID mappings and returns an “answer” to the ETR. The ETR can now make a forwarding decision to the site based on RLOC priorities and weights. The MS router could also indicate that the site is a non-LISP site, and you could continue forwarding the traffic without the benefits at this point.
What can I do with LISP?
Think about this: You run a multi-site insurance company. Each site is multi-homed for redundancy and bandwidth aggregation purposes. Your site HQ has an MS router and two ITR/ETRs to connect to the transient network (Internet). Your other site also has two ITR/ETRs to connect to the Internet. All the end hosts of the remote site are registered as EIDs to the site’s ITR/ETR routers which then register their router for the MAP server at HQ.
If someone at HQ wants to reach the remote site’s HOST A, a query is made to the MS, which identifies the proper RLOC for the host. RLOC says to go to “remote site” to find the host. Metrics are then compared to find the best path (priority/weight) for the “remote site”. If the metrics are equal, LISP will use a 5 tuple hash per flow to encapsulate your traffic to a specific router. This is big: it’s almost like creating a giant port channel between two sites across the Internet!
LISP Advantage #2: Load Balancing
Now, I will up the ante by telling you that this will work great with multi-homed sites where one or more links come up with DHCP addresses on the WAN side. Yes, one for your branches has a primary fixed Metro Ethernet circuit with a DSL backup. When the DSL interface comes online, it will “call home” to the MS router and announce itself as SITE B with a new dynamic WAN address of X. Now you can keep track of your moving target sites without having to resort to a complicated DMVPN solution. You will probably prefer to use the Metro-Ethernet
WAN circuit with your metrics and leave the DSL to some default metric or worse, if necessary. When your primary fails, no one notices (at least at the routing level). Even if both WAN links are on DHCP addresses, it still doesn’t matter to LISP. Just call home and register your site ID. Did someone say Dynamic DNS for networks?
Due to the 5 tuple hash per flow method discussed above, your imbalance in routing between sites is greatly reduced. More importantly, LISP places you back in the driver’s seat because you control the metrics between your sites regardless of the metrics advertised by your ISPs at the BGP level. Almost as with Link Aggregation Control Protocol (LACP) does with Layer 2 port channels; you can control the hashing methods used by your multi-homed sites to send traffic to one another. In case of a link failure, the other link via your secondary ITR/ETR router will be used seamlessly.
ITR and ETR routers are responsible to encapsulate data between the sites. Since we are now decoupling host IDs from Site IDs; the conversation in the “cloud” must be between sites, not between hosts. Once the traffic leaves one of your sites on a LISP to LISP router conversation, the destination and source addresses reflect the ones of your routers, not the hosts. This provides a certain level of simplicity and security. I am not going to discuss the security aspect of LISP in this white paper but just know that it can be used for multipoint VPNs.
Since the above mentioned encapsulation is taking place, this would fit into a solution where your sites are on IPv6 and the middle network is IPv4. Remember, conversations are from site to site now, not host to host.
There are clearly some great advantages to using LISP as opposed to BGP when presented with topologies where you control multiple sites and leverage dual internet circuits. Plus with LISP, it is possible to route to external sites using the ever growing LISP community by visiting www.lispv4.net.
Excerpted and reproduced from Global Knowledge White Paper: Simplify Your Route to the Internet: Three Advantages of Using LISP