Documente Academic
Documente Profesional
Documente Cultură
FabricPath
VXLAN 1K
Cisco
Nexus
x8
LISP 6
Nexus Fabric
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Goals of the Fabric
Addressing Concurrent Workloads, Mobility and Latency
Port Density Priority Flow Control
Adequate Buffer Capacity Early Congestion Notification
Adequate Table Sizes FabricPath Multiple Trees
Low Latency Switching ECMP L2 & L3
Cut-through Switching Multi-tenancy
: :
: :
L3/L2 L3/L2
L2 L2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Goals of the Fabric
Not a L2 vs. L3 debate
L2/L3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
“Plug-and-Play” and Mobility vs. Availability and Scaling
Advantages of Layer 2 Disadvantages of Layer 2
A A
Layer 2
Domain
MAC Table MAC Table MAC Table
A MAC Table A A
A
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Availability and Scaling vs. Restricted Workload Flexibility
S4
802.1Q
VLAN ID 802.1Q
VLAN ID 802.1ad
12-bits 12-bits standardized
frame format
SegmentId
VLAN ID VLAN ID
12-bits 24-bits 12-bits
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Location Identity Separation
• Location reachability determined by
traditional routing mechanisms in the
Fabric
L2/L3 Fabric • Identity is mapped to location
Location addresses
LISP
IP mobility
IP Network
DC-west DC-east
FabricPath
VXLAN 1K
Cisco
Nexus
x8
LISP 6
Nexus Fabric
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Cisco FabricPath
NX-OS Innovation Enhancing L2 with L3
Switching Routing
Easy Configuration Multi-pathing (ECMP)
Plug & Play Fast Convergence
Provisioning Flexibility Highly Scalable
FabricPath
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
MAC-in-MAC Optimal MAC Learning IS-IS
• Creates hierarchical layer 2 • Prevent potential MAC table • Scalable routing protocol with
address scheme with additional MAC overflow in large scale L2 domain proven implementation for fast
header • Traditional source-learning only on convergence upon network changes
• Source and destination Switch_ID Edge port for locally connected MAC • Link-state protocol ensures optimal
written into outer MAC header at addresses path between any 2 nodes
L2MP edge • Learning is disabled on Core port to • Built-in authentication mechanism
• Forwarding inside L2MP core reduce MAC table utilization enhances network security and
network is based on destination • Non-local source-MAC only learned stability
Switch_ID if destination-MAC is already learned • Inherent support for ECMP and
• Embedded path selector (FTAG) as local entry multi-topology maximize link
provides multi-pathing for even utilization
broadcast and multicast
• Built-in protections (TTL and
multicast RPF) minimize impact of
transient network issues
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
New Control Plane
Plug-n-Play L2 IS-IS manages forwarding topology
• IS-IS assigns addresses to all FabricPath switches automatically
• Compute shortest, pair-wise paths
• Support equal-cost paths between any FabricPath switch pairs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
New Data Plane
• The association MAC address/Switch ID is maintained at the edge
S10 S20 S30 S40
FabricPath
MAC Table on S100
MAC IF/SID
Local MACs point
to switchports
A
B
e1/1
e1/2
S100 S101 FabricPath S200
Remote MACs point C S101
to Switch IDs D S200
• Algorithm computes shortest (best) paths to each Switch ID based on link metrics
FabricPath
Routing Table on S100
Switch IF
One „best‟ path S10 L1
to S10 (via L1) S20 L2
S30 L3 L1 L2 L3 L4
S40 L4
Four equal-cost S101 L1, L2, L3, L4
paths to S101 … … FabricPath
S200 L1, L2, L3, L4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
S100 S101 S200
Scaling – Conversational Learning
MAC IF MAC IF
A e1/1 A s1,e1/1
… … … …
B s8, e1/2
FabricPath B e1/2
s3 s5 s8
e1/1 e1/2
A B
MAC IF
… …
• Edge switch only learn the MAC of remote hosts when there are two way communications
between remote hosts and local hosts
• Unknown unicast flooding alone won‟t have all switches within VLAN learn the source MAC
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Cisco FabricPath
Terminology
Interface connected to another FabricPath device
Sends/receives traffic with FabricPath header
Does not run spanning tree
Does not perform MAC learning!
Exchanges topology info through L2 ISIS adjacency
FP Core Ports Forwarding based on „Switch ID Table‟
S10 S20 S30 S40
Spine Switch
FabricPath (FP)
S100 S200 S300
Leaf Switch
1/1 1/2
Classical Ethernet (CE)
A B
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Configuration Simplicity
Automatically handled
by IS-IS
FabricPath
FabricPath
Topology „0‟ VLAN 20 (DC Wide)
Common across entire
Data Center
FabricPath
Topologies FabricPath FabricPath
Topology Topology
„1‟ „2‟
• Extending FabricPath to the edge switches without requiring a redesign of the VLAN topology
• Each FP switch can have up to 2 Topology ID‟s defined (Topology ID‟s does not have to be unique).
• Each Topology will have 2 Multi-Destination Trees defined
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Mac-in-Mac Header
Classical Ethernet Frame DMAC SMAC 802.1Q Etype Payload CRC
Outer Outer FP
Cisco FabricPath DA SA Tag DMAC SMAC 802.1Q Etype Payload
CRC
(new)
Frame (48) (48) (32)
4 Tree IF
DA→FF
Ftag → 1 po100,po200,po300
Ftag→1
po300
2 po100
SA→100.0.12
DA→FF
DMAC→FF
po100 po200
Ftag→1
SMAC→A SA→100.0.12
5 Tree IF 6
FabricPath
MAC Table on S100 DMAC→FF
e1/13
Ftag → 1 po10,po20,po30,po40 e2/29 Payload
SMAC→A
2 po40
MAC IF/SID SMAC→A
DMAC→FF
A e1/13 (local) 2 Payload
FabricPath
MAC A MAC B
1 MAC Table on S200
© 2010 Cisco and/or its affiliates. All rights reserved. MAC IF/SID Cisco Confidential 25
Putting it all together – Host A to Host B
(1) Broadcast ARP Request
• S100:
S100# sh mac address-table dynamic
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID MAC A learned as
---------+-----------------+--------+---------+------+----+------------------ local entry on e1/13
* 10 0000.0000.000a dynamic 0 F F Eth1/13
S100#
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
(2) Broadcast ARP Reply
Root for Root for
Multidestination Tree 1 Tree 2
S10 S20 S30 S40
Trees on Switch 10
10 Tree IF
Ftag → 1 po100,po200,po300
po300
2 po100 DA→MC1
DA→MC1 Ftag→1
Ftag→1 po100 po200
SA→300.0.64
SA→300.0.64
DMAC→A
DMAC→A
Multidestination
SMAC→B
Trees on Switch 100 SMAC→B
po20 po30 po40
po10 po20 po30
Payload
Payload
11 Tree IF po40 po10
2 po40 SMAC→B
MAC IF/SID SMAC→B
Payload
A e1/13 (local) 12 DMAC→A
MAC A
FabricPath MAC Table on S300 MAC B
B 300.0.64 (remote)
MAC IF/SID
8
MISS
© 2010 Cisco and/or its affiliates. All rights reserved. B e2/29 (local) Cisco Confidential 27
Putting it all together – Host A to Host B
MAC Address Table after the first ARP frame
• S100:
S100# sh mac address-table dynamic
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------ S100 learns MAC B as
* 10 0000.0000.000a dynamic 90 F F Eth1/13 remote entry reached
10 0000.0000.000b dynamic 60 F F 300.0.64 through S300
S100#
• S300:
S300# sh mac address-table dynamic
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link MAC B learned as
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID local entry on e2/29
---------+-----------------+--------+---------+------+----+------------------
• 10 0000.0000.000b dynamic 0 F F Eth2/29
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
FabricPath Routing
Table on S30
S10 S20 S30 S40
Switch IF
… …
DA→300.0.64 DA→300.0.64
FabricPath Routing Ftag→1 Ftag→1
Table on S100 SA→100.0.12
SA→100.0.12
Switch IF
DMAC→B DMAC→B
S10 po10
SMAC→A SMAC→A
po10 po20 po30 po20 po30 po40
S20 po20
Payload Payload
Hash po40 po10
S30 po30
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Putting it all together – Host A to Host B
Unicast Forwarding
S100# sh fabricpath route
FabricPath Unicast Route Table
'a/b/c' denotes ftag/switch-id/subswitch-id
'[x/y]' denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
Topology (ftag), Switch
ID, Sub-Switch ID
FabricPath Unicast Route Table for Topology-Default Administrative distance,
routing metric
0/100/0, number of next-hops: 0
via ---- , [60/0], 0 day/s 04:43:51, local
1/10/0, number of next-hops: 1 Route age
via Po10, [115/20], 0 day/s 02:24:02, isis_fabricpath-default
1/20/0, number of next-hops: 1
via Po20, [115/20], 0 day/s 04:43:25, isis_fabricpath-default Client protocol
1/30/0, number of next-hops: 1
via Po30, [115/20], 0 day/s 04:43:25, isis_fabricpath-default Next-hop interface(s)
1/40/0, number of next-hops: 1
via Po40, [115/20], 0 day/s 04:43:25, isis_fabricpath-default FabricPath
1/200/0, number of next-hops: 4
via Po10, [115/40], 0 day/s 02:24:02, isis_fabricpath-default S10 S20 S30 S40
FabricPath
(no STP)
FabricPath
Classical
Ethernet STP
(STP) Domain
STP
Domain 1 BPDU ✖ STP
BPDU Domain 2
CE Edge Ports
FabricPath domain appears as single Spanning-Tree bridge
All FabricPath bridges share a common (static) bridge ID
Cisco reserved MAC c84c.75fa.6000
STP BPDUs are not carried through the FabricPath network
Configure all FabricPath edge switches using “spanning-tree vlan <x> root primary” (or manually configure bridge
priority lower than any STP bridge)
Each FabricPath edge switch must be the root for all connected STP domains
Strongly recommended to use the same bridge priority on all FabricPath edge switches 32
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
FabricPath
L2/L3 Boundary Location
Layer 3 Boundary at the Spine Layer 3 Integration at the Leaf/Edge
Straightforward with two spine switches Provides a “cleaner” spine design
Considerations with more than two spines: Traffic distributed equally across spines (no hot
HSRP: Traffic polarized to spines on a per VLAN basis spot)
(South-North)
GLBP to distribute servers to different default gateways Increased number of hops to reach gateway
(latency)
Anycast FHRP future solution
L3
FabricPath
FabricPath
L3 L3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
FabricPath L2/L3 Boundary Location
Classic Two Switch Spine
• Simplest migration from most existing
designs
L3 Domain
• The spine is also used for routing with
Switch-id based
• Consideration – MAC Learning and Scaling edge/spine
routed traffic
forwarding
s M1+F1 M1+F1
• Compared to classic ethernet designs you
gain:
Ease of configuration
MAC address table increased scalability and more
efficient learning
Traffic distribution on all uplinks edge
Possibility to offload the spine by providing direct
communication paths between the edge layer devices
[…]
Conversational Learning Conversational Learning
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
FabricPath L2/L3 Boundary Location
Leaf/Spine/Boundary Architecture
L3 Domain
• By separating the L3 function
from the spine, the F1 card in L3 edge
the spine performs pure switch-
id forwarding M1/F1 M1/F1
FP port FP port
• The L3 edge will need both
M1/F1 in order to connect with
Switch-id based
Fabricpath ports to the spine
spine spine
forwarding
• The M1/F1 L3 edge will need to
perform learning for the remote
mac addresses
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Standards Based + Cisco Extensions
• Nexus 5500, F1, F2
and all future HW are
3 Cisco Forwarding 0
3 TRILL Forwarding 0
1 1
capable of IETF Outer CDCE DA Outer MAC DA
standards TRILL Outer CDCE DA Outer CDCE SA Outer MAC DA Outer MAC SA NextHop
Outer CDCE SA Outer MAC SA
Header
• Support for TRILL in
ET = DTAG FTAG TTL ET = 802.1Q Outer VLAN
NX-OS is pending
completion of Inner MAC DA ET = TRILL V/R/M, HopCnt TRILL
extensions to the Inner MAC DA Inner MAC SA Egress RB Ingress RB Header
baseline protocol Inner MAC SA Inner MAC DA
L3 Core L2+L3
FabricPath
Core
FabricPath
POD vPC POD
vPC+ POD vPC+ POD
Path
Fabric
Site 1
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Agenda
FabricPath
VXLAN 1K
Cisco
Nexus
x8
LISP 6
Nexus Fabric
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
• Customer Requirement
Tenant Network
Secure movement of vApps across cloud infrastructure (VLAN)
VXLAN
Flags8 Networker Reserved Res.
bits Identifier (VIN) 24 bits 8 bits
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
24 bits
• The Nexus 1000V VEMs act as the VXLAN Tunnel Endpoints (VTEP)
• VTEPs use multicast to deliver unknown destination VM MAC addresses to all VTEPs
participating in a given VXLANs
• Known destination VM MAC addresses are carried over point to point tunnels between
VTEPs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Access Access
Switch Switch
End End
Bridge Bridge System
System
Domain Domain
Switch VTEP IP Multicast VTEP Switch
Enabled Underlying
Network
End End
System System
Direct Unicast tunnels between VTEPs VTEP = VXLAN Tunnel End Point
(Carries known unicast frames) VNI = VXLAN Network Identifier
VTEP VTEP
VXLAN‟s IP Any Source Multicast Group (*,G)
acts as a bus for delivery to all relevant VTEPs
for a given VNI
(Carries unknown/broadcast/multicast frames)
VTEP VTEP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
43
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
VTEP Use Of IGMP
IGMP Used to Join Each VXLANs Assigned Multicast Group on Demand
Web DB DB Web
VM VM VM VM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
VXLAN Example Data Flow
VM1 Communicating with VM2 in a VXLAN
MAC: VM 3
VM 1 abc
VM 2 MAC:
xyz
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
VXLAN Example Data Flow
VM1 Communicating with VM2 in a VXLAN
MAC: VM 3
VM 1 abc
VM 2 MAC:
xyz
Unicast
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
VXLAN Example Data Flow
VM1 Communicating with VM2 in a VXLAN
MAC: VM 3
VM 1 abc
VM 2 MAC:
xyz
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
VXLAN Example Data Flow
VM1 Communicating with VM2 in a VXLAN
MAC: VM 3
VM 1 abc
VM 2 MAC:
xyz
Unicast
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Multiple VXLANs Can Share One Multicast Group
Blue & Red VXLANs Share The 239.1.1.1 Multicast Group
FabricPath
VXLAN 1K
Cisco
Nexus
x8
LISP 6
Nexus Fabric
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Single Network Architecture Delivers:
VM Mobility (topology independent addressing)
Security: VPNs/Multi-tenancy
Route Scalability (on demand routing)
IPv6 enablement,
Routing Policy simplification
Benefits Use-Cases
Services integrated in a single architecture DCI route optimization/mobility
IP Network IP Network
LISP Behavior
Loc/ID “Split”
IP core
10.1.0.1 When the Device Moves, Keeps
Device IPv4 or IPv6 1.1.1.1 Its IPv4 or IPv6 Address.
Address Represents 2.2.2.2 It Has the Same Identity
10.1.0.1
Identity Only.
Its Location Is Here!
Only the Location Changes
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
A LISP Packet Walk
How Does LISP Operate?
3
EID-prefix: 10.2.0.0/24
Mapping Locator-set:
Entry Non-LISP site
1 2.1.1.1, site
Non-LISP priority: 1, weight: 50 (D1) This Policy Controlled
DNS Entry: by Destination Site
2.1.2.1, priority: 1, weight: 50 (D2)
D.abc.com A 10.2.0.1
10.1.0.0/24
LISP Site
S ITR PITR
2 1.1.1.1 5.4.4.4
10.1.0.1 -> 10.2.0.1 IP Network 5.3.3.3
EID-to-RLOC
4 mapping
5.1.1.1 5.2.2.2
1.1.1.1 -> 2.1.1.1
10.1.0.1 -> 10.2.0.1 2.1.1.1 2.1.2.1 3.1.1.1 3.1.2.1
ETR
5
10.1.0.1 -> 10.2.0.1
West-DC East-DC
D 10.2.0.0/24 10.3.0.0/24
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
A LISP Packet Walk
How About Non-LISP Sites? 3
EID-Prefix: 10.2.0.0/24
Mapping Locator-Set:
1 Entry 2.1.1.1, priority: 1, weight: 50 (D1)
DNS Entry:
D.abc.com A 10.2.0.1 2.1.2.1, priority: 1, weight: 50 (D2)
Non-LISP Site
Non-LISP Site
S
2
192.3.0.1 -> 10.2.0.1 PITR
4.4.4.4
4 5.3.3.3
4.4.4.4- > 2.1.2.1 EID-to-RLOC
192.3.0.1 -> 10.2.0.1 mapping
5.1.1.1 5.2.2.2
IP Network
2.1.1.1 2.1.2.1 3.1.1.1 3.1.2.1
ETR
5
192.3.0.1 -> 10.2.0.1
West-DC East-DC
D 10.2.0.0/24 10.3.0.0/24
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
LISP Roles and Address Spaces
Mapping EID
What Are the Different Components Involved? DB a.a.a.0/24
b.b.b.0/24
RLOC
w.x.y.1
x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID RLOC
a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
a.a.a.0/24 w.x.y.1
•
w.x.y.1 e.f.g.h
Ingress/Egress Tunnel Routers x.y.w.2
z.q.r.5
e.f.g.h
e.f.g.h
z.q.r.5 e.f.g.h
(ITR/ETR)
• EID to RLOC Mapping DB PxTR RLOC Space
• Contains RLOC to EID ETR
mappings
• Distributed across multiple Map EID Space
Servers (MS)
• MS may connect over an ALT
network Address Spaces
• Proxy Tunnel Routers - PxTR • EID = End-point Identifier
• Coexistence between LISP and • Host IP or prefix
non-LISP sites
• RLOC = Routing Locator
• Ingress/Egress: PITR, PETR
• IP address of routers in the backbone
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
LISP Mapping Database
The Basics – Registration and Resolution
LISP Site
Mapping Cache Entry (on ITR):
10.2.0.0/16-> (2.1.1.1, 2.1.2.1)
ITR
Map-Reply
10.2.0.0/16 -> (2.1.1.1, 2.1.2.1)
West-DC East-DC
10.2.0.0 /16 10.3.0.0/16
Y
X Y Z
© 2010 Cisco and/or its affiliates. All rights reserved. 10.2.0.2 Cisco Confidential 58
Basic LISP Configuration Servers
ip lisp map-resolver
ip lisp map-server
lisp site west-DC
authentication-key 0 s3cr3t
eid-prefix 10.2.0.0/24
Non-LISP Sites
FabricPath
VXLAN 1K
Cisco
Nexus
x8
LISP 6
Nexus Fabric
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
LISP Host-Mobility
Needs:
• Global IP-Mobility across subnets
Non-LISP Sites
• Optimized routing across extended subnet sites
LISP Site PxTR
LISP Solution:
xTR
• Automated move detection on xTRs Mapping DB
• Dynamically update EID-to-RLOC mappings IP Network
• Traffic Redirection on ITRs or PITRs
LAN Extensions
Benefits:
• Direct Path (no triangulation) LISP-VM (xTR)
• Connections maintained across move West-DC East-DC
• No routing re-convergence
• No DNS updates required
• Transparent to the hosts RLOC EID LISP Encap/Decap
• Global Scalability (cloud bursting)
• IPv4/IPv6 Support
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
Host-Mobility Scenarios
Moves Without LAN Extension Moves With LAN Extension
LISP Site Non-LISP LISP Site
xTR Site
xTR
DR Location or
Mapping DB Mapping DB
Cloud Provider IP Network
Internet or DC
Shared WAN LAN Extension
West-DC East-DC
10.2.0.0 /16 10.3.0.0/16
Y
X Y Z
© 2010 Cisco and/or its affiliates. All rights reserved. 10.2.0.2 Cisco Confidential 63
LISP Host-Mobility - Traffic Redirection
Update Location Mappings for the Host System Wide
• When a host move is detected, updates are triggered:
The host-to-location mapping in the Database is updated to reflect the new location
The old ETR is notified of the move
ITRs are notified to update their Map-caches
• Ingress routers (ITRs or PITRs) now send traffic to the new location
10.2.0.0/16 – RLOC A, B
LISP Site
xTR
Mapping DB
10.2.0.2/32 – RLOC C, D
A B C D
LISP-VM (xTR)
West-DC East-DC
10.2.0.0 /16 10.3.0.0 /16
Y
X Y Z
© 2010 Cisco and/or its affiliates. All rights reserved. 10.2.0.2 Cisco Confidential 64
LISP Host-Mobility - First Hop Routing
Across Different Subnets
• SVI (Interface VLAN x) and HSRP configured as usual (Consistent GWY-MAC configured across all dynamic subnets)
• The lisp mobility <dyn-eid-map> command enables proxy-arp functionality on the SVI
The LISP-VM router services first hop routing requests for both local and roaming subnets
• Hosts can move anywhere and always talk to a local gateway with the same MAC
interface vlan 100
interface vlan 100 ip address 10.3.0.7/24
interface vlan 200
ip address 10.2.0.5/24 lisp mobility roamer
ip address 10.2.0.8/24
lisp mobility roamer
interface Ethernet2/4 ip proxy-arp
lisp mobility roamer
ip proxy-arp
ip address 10.1.0.6/24 ip proxy-arp hsrp 201
hsrp 101
lisp mobility roamer mac-address 0000.0e1d.010c
hsrp 201
ip proxy-arp mac-address 0000.0e1d.010c ip 10.3.0.1
mac-address 0000.0e1d.010c
hsrp 101 ip 10.2.0.1
ip 10.3..0.1
mac-address 0000.0e1d.010c
ip 10.2.0.1
A B C D
LISP-VM (xTR)
HSRP Active HSRP Active
West-DC East-DC
10.2.0.0 /24 10.3.0.0 /24
HSRP HSRP
ARP ARP
GWY-MAC GWY-MAC
© 2010 Cisco and/or its affiliates. All rights reserved. 10.2.0.2 Cisco Confidential 65
Null0 host routes indicate the host is “away”
10.2.0.0/16 – RLOC A, B
6 10.2.0.2/32 – RLOC C, D
Map-Register
10.2.0.2/32 <C,D>
Map-Notify Mapping DB
10.2.0.2/32 <C,D> 5.1.1.1 5.2.2.2
Map-Notify X Map-Notify
Y
10.2.0.2/32 <C,D> 10.2.0.2 10.2.0.2/32 <C,D>
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
Map Cache @ ITR
West-DC East-DC
10.2.0.0 /16 10.3.0.0 /16
X
Y Z
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
Agenda
FabricPath
VXLAN 1K
Cisco
Nexus
x8
LISP 6
Nexus Fabric
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
Simplifying LAN Extensions
• Ethernet LAN Extension over any Network
Works over dark fiber, MPLS, or IP Many Physical Sites –
Multi-data center scalability
One Logical Data Center
• High Resiliency
Failure domain isolation
Seamless Multi-homing
Any Workload, Anytime, Anywhere
• Maximizes available bandwidth Unleashing the Full Potential of Compute Virtualization
Automated multi-pathing
Optimal multicast replication
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
OTV Data Plane
Inter-Site Packet Flow
1. Layer 2 lookup on the destination MAC. 4. The Edge Device on site East receives
MAC 3 is reachable through IP B and decapsulates the packet
2. The Edge Device encapsulates the frame 5. Layer 2 lookup on the original frame.
3. The transport delivers the packet to the MAC 3 is a local MAC
Edge Device on site East 6. The frame is delivered to the destination
3
MAC TABLE MAC TABLE
Transport
VLAN MAC IF VLAN MAC IF
Infrastructure Decap
100 MAC 1 Eth 2 IP A 2 4 IP B 100 MAC 1 IP A
1 100
OTV
MAC 2 Eth 1
OTV OTV
100 MAC 2
OTV
IP A 5
Encap
MAC 1 MAC 3 IP A IP B
Layer 2 100 MAC 3 IP B MAC 1 MAC 3 IP A IP B 100 MAC 3 Eth 3 Layer 2
Lookup 100 MAC 4 IP B 100 MAC 4 Eth 4 Lookup
• MAC addresses advertised in the background once OTV has been configured
• IS-IS is the OTV Control Protocol running between the Edge Devices
OTV
MAC Addresses OTV
Advertisements
IP A IP B
West East
IP C OTV
FabricPath
VXLAN 1K
Cisco
Nexus
x8
LISP 6
Nexus Fabric
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
Ingress Routing Challenge in DCI
Extending Subnets Creates a Routing Challenge
• A subnet usually implies location
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
Host-Mobility and Multi-homing
ETR updates – Extended Subnets
Null0 host routes indicate the host is “away”
10.2.0.0 /24 is the dyn-EID
10.2.0.0/16 – RLOC A, B
6 10.2.0.2/32 – RLOC C, D
Map-Register
10.2.0.2/32 <C,D>
Mapping DB
5.1.1.1 5.2.2.2
Routing Table: Routing Table:
10.2.0.0/16 – Local Routing Table: 10.2.0.0/16 – Local
10.2.0.0/24 – Null0 5 10.2.0.0/24 – Null0
10.2.0.0/16 – Local
4 10.2.0.2/32 – Null0 10.2.0.0/24 – Null0 4 10.2.0.2/32 – Local
A B 2 10.2.0.2/32 – Local C D
Routing Table:
10.2.0.0/16 – Local
10.2.0.0/24 – Null0
4 10.2.0.2/32 – Null0 3
10.2.0.0 /16 3 10.2.0.0 /16
1
OTV East-DC
West-DC Y
X Map-Notify
Y
Map-Notify 10.2.0.2/32 <C,D>
10.2.0.2/32 <C,D> 10.2.0.2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
Refreshing the map caches Map Cache @ ITR
• Servers can move anywhere and always talk to a local gateway with the same
IP/MAC
Mapping DB
LAN Ext. 1.1.1.1 2.2.2.2
A B C D
LISP-VM (xTR)
West-DC East-DC
10.2.0.0/16
X
Y Z
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
Off-Subnet Client-Server Traffic
All Off-Subnet/Off-Site Traffic Is LISP Encapsulated
Server-to-client:
FC 10.1.0.1 10.2.0.2
to ETR (F) for LISP sites
to PETR (G) for non-LISP sites
A B C D
• Server-Server off-subnet traffic across LISP-VM (xTR)
sites is also LISP encapsulated
West-DC East-DC
10.2.0.0 /16 10.3.0.0 /16
10.1.0.1 10.2.0.2
192.168.2.1 10.2.0.2
Y
X Y
© 2010 Cisco and/or its affiliates. All rights reserved. 10.2.0.2 Cisco Confidential 79
On-Subnet Server-Server Traffic
On Subnet Traffic Across L3 boundaries
With LAN Extension Without LAN Extensions
• Live moves and cluster member • Cold moves, no application dispersion
dispersion • X- Y traffic is sent to the LISP-VM
router & LISP encapsulated
• Traffic between X & Y uses the
LAN Extension • Need LAN extensions for link-local
multicast traffic
• Link-local-multicast handled by the
LAN Extension
BC 10.2.0.3 10.2.0.2
Mapping DB
LAN Ext. 10.2.0.3 10.2.0.2
A B C D A B C D
10.2.0.3 Y 10.2.0.3 Y
X Y Z X Y Z
10.2.0.2
© 2010 Cisco and/or its affiliates. All rights reserved.
10.2.0.2 Cisco Confidential 80
Agenda
FabricPath
VXLAN 1K
Cisco
Nexus
x8
LISP 6
Nexus Fabric
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
• Enhance application availability by distributing Cluster members across PODs and across locations
LISP
IP mobility
IP Network
DC-west DC-east
OTV
POD POD (Inter-DC) POD POD
Fabric Path
(Intra-DC)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
• VXLAN & FP provide elasticity within the DC within a L2 POD and across PODs
• OTV extends the LAN across DC sites without compromising network stability
• LISP integrates with SLBs and balances traffic across the SLBs (Future)
Intra-DC Inter-DC
Virtual Machines VXLAN (x-L3), FabricPath (L2) OTV (x-L3)
Physical Machines FabricPath (L2), VXLAN GWY (future) OTV (x-L3)
LISP
IP mobility
IP Network
DC-west DC-east
LISP
IP mobility
IP Network
DC-west DC-east
VXLAN VXLAN
(Intra-DC x-L3)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
(Intra-DC x-L3) 84
IP1
GWY
vxlan 1
LISP
IP mobility
IP Network
DC-west DC-east
OS OS OS OTV/VPLS OS OS OS
(Inter-DC x-L3)
Fabric Path VXLAN/OTV Fabric Path VXLAN/OTV
(Intra-DC L2) (Intra-DC x-L3)
© 2010 Cisco and/or its affiliates. All rights reserved.
(Intra-DC L2) (Intra-DC x-L3)
Cisco Confidential 86
Q&A
#CiscoPlusCA
We value your feedback.
Please be sure to complete the Evaluation Form for this session.