Post on 17-Aug-2020
transcript
Internet Economics HS 2012 Robert Richter, Niklaus Meyer
1
Agenda • Introduction
• Wrap-Up: IP-Routing • Locator/Identifier Split
• LISP • Data Plane • Control Plane • Deployment, Interoperability
• Economics • Current standardization state • Deployment costs • Use-Cases
• Summary
2
What is wrong with IP? • IPv4 Address Exhaustion
• IPv6 not yet fully deployed à Topic of another presentation!
• Unsupported Use-Cases • (Fast) Mobility • Multi-Homing • Traffic Engineering (Load Balancing)
• Large Routing Tables • Slower routing | More expensive hardware
Introduction 3
IP-Routing Revisited (In theory)
Provider 1(1.0.0.0/9)
Provider 2(1.128.0.0/9)
Provider A(1.0.0.0/8)
Provider B(2.0.0.0/8)
Client A1.128.1.0/24
Client B2.1.1.0/24
2 Entries
1.128.1.0/24
1.0.0.0/9 1.128.0.0/9 2.0.0.0/8
2.1.1.0/24
1.0.0.0/8
Introduction 4
Provider 1(1.0.0.0/9)
Provider 2(1.128.0.0/9)
Provider A(1.0.0.0/8)
Provider B(2.0.0.0/8)
Client B2.1.1.0/24
Provider Change / «Mobility»
IP-Routing (In practice)
2.1.1.0/24
1.0.0.0/9 2.1.1.0/24
1.0.0.0/8 2.1.1.0/24
2.0.0.0/8 1.128.1.0/24
1.128.0.0/9 1.128.1.0/24
1.0.0.0/8 2.1.1.0/24 1.128.1.0/24
5 Entries
Client A1.128.1.0/24
Multi Homing/ Traffic Engineering
1.128.1.0/24 1.128.1.0/24
Introduction 5
IP-Routing (Table growth)
0
50000
100000
150000
200000
250000
300000
350000
400000
450000
500000
BG
P FI
B E
ntrie
s
Introduction 6
CIDR (1994)
??? (~2001)
Locator/Identifier (Loc/ID) Split • IP-Address = Identity & Location
• Identity: Stable & Avoid Renumbering • Location: Efficient routing (Aggregation)
• Rekhter’s Law: „Addressing may follow topology or topology may follow addressing. Choose one!“
• Idea: Split Identity & Location • Locator/Identifier separation Protocol (LISP) • Others :
• Global, Site, End-System (GSE) à IPv6 only • Network Address Translation (NAT) à Limited end-to-end connectivity • …
Introduction 7
Routing with Loc/ID Split
Provider 1(1.0.0.0/9)
Provider 2(1.128.0.0/9)
Provider A(1.0.0.0/8)
Provider B(2.0.0.0/8)
Client AID: 1.128.1.0/24
Loc: 1.128.0.1 & 2.0.0.1
Client BID: 2.1.1.0/24Loc: 1.0.0.1
1.0.0.0/8
1.128.0.0/91.0.0.0/9
1.128.0.11.0.0.1
2.0.0.0/8
2.0.0.1
2 Entries
Assigned by ISP
Assigned by registry
Introduction 8
LOCATOR/IDENTIFIER SEPARATION PROTOCOL Data Plane Control Plane Interoperability & Deployment
9
LISP Addresses
• Two Address Spaces: • EID: Endpoint Identifier
• 1 constant identifier per device • RLOC: Routing Locator
• 1-n locations per device. (Changes when device changes it location.)
• EID/RLOC are address agnostic. (IPv4, IPv6, ???) • à Presentation: IPv4
Locator/Identifier Separation Protocol 10
LISP Functionality • Only 2 network devices (ETR/ITR = xTR) required
• Egress/Ingress Tunnel Router • No changes to hosts, other routers, …
• EID-to-RLOC mapping system (≈ DNS)
• xTR does “Map-and-encap” 1. Map EID to RLOC 2. Encapsulate original datagram
Locator/Identifier Separation Protocol 11
Application Layer(HTTP, FTP, SMTP, …)
Transport Layer(TCP, UDP)
Internet Layer(IPv4, IPv6)
Transport/Internet Layer(UDP + IPv4, IPv6)
Link Layer(Ethernet, X.25, Token Ring, ...)
EID
RLOC LISP
Host Stack(end-‐to-‐end)
Core NetworkProvider A11.0.0.0/8
Provider B13.1.0.0/16
R [13.2.0.1]ETR [13.1.1.1]ITR [11.0.0.1]S [10.1.2.3]
Data Plane
SRC = 10.1.2.3DST = 13.2.0.1TCP/UDP/...
HTTP/SMTP/...
IP
SRC = 10.1.2.3DST = 13.2.0.1TCP/UDP/...
HTTP/SMTP/...IP
SRC = 11.0.0.1DST = 13.1.1.1LISP Header (UDP)SRC = 10.1.2.3DST = 13.2.0.1TCP/UDP/...
HTTP/SMTP/...
IPUDP
-‐Data
1 A
encap
B 2
decap
Locator/Identifier Separation Protocol 12
LISP Encapsulation Packet 0 1 2 3 4 5 6 7 8 9
0
0 1 2 3 4 5 6 7 8 9
1
0 1 2 3 4 5 6 7 8 9
2
0 1
3
Version IHL Type of Service Total Length
Identification Flags Fragment Offset
Time to Live Protocol = 17 Header Checksum
Source Address = Source Routing Locator
Destination Address = Destination Routing Locator
Source Port Dest Port (4341)
UDP length UDP Checksum
Flags/Nonce/Others
Locator Reach Bits
Version IHL Type of Service Total Length
Identification Flags Fragment Offset
Time to Live Protocol Header Checksum
Source Address = Source Endpoint Identifier
Destination Address = Destination Endpoint Identifier
OH
(Outer Heade
r)
UDP
IH (Inn
er Heade
r)
LISP
+ 36 Bytes!
Locator/Identifier Separation Protocol 13
Mapping System • Distributed database
• ITRs find RLOCs by Mapping System • ETRs register EIDs at Mapping System • Two components: Map Resolver & Map Server • Map Resolver:
• Interface for ITRs • Map Server:
• Interface for ETRs • Each Map Server stores part of EID address space
• Three main messages: • Map Request, Map Reply, Map Register
Locator/Identifier Separation Protocol 14
Messages • Map request
• Send by ITR to Map Resolver to find RLOC for EID
• Map reply • Send by ETR or Map Server to ITR as reply to map request • Contains RLOCs with weights (for load balancing)
• Map register • Send by ETR to Map Server to register EIDs • Contains all RLOCs and weights • Can contain proxy bit (Map Reply by Map Server)
Locator/Identifier Separation Protocol 15
Map Request example
Locator/Identifier Separation Protocol 16
Types • Map Server and Map Resolver abstract interfaces • There are a number of different mapping systems • Examples:
• ALT: BGP overlay network • LISP-Tree: DNS based mapping system • LISP-DHT: Chord DHT based mapping system
• Currently LISP-Tree seems to be proposed solution
Locator/Identifier Separation Protocol 17
LISP-Tree (1) • DNS based solution
• Hierarchical aggregated namespace • Iterativ vs. Recursiv • Map Resolver as interface
• LISP-Tree != DNS • Where is mapping? vs. What is mapping?
• Number of advantages: • Use existing DNS know-how • Use existing DNS security protocols • Use existing DNS implementations and infrastructure
Locator/Identifier Separation Protocol 18
LISP-Tree (2)
Picture from [LTREE2010]
Locator/Identifier Separation Protocol 19
Deployment and Interoperability • Incremental deployment possible
• Install tunnel routers (client or provider site) • Setup mapping system (E.g. use existing DNS infrastructure)
• LISP can coexist with existing networks
• LISP-Proxys • LISP-NAT
• 3 Deployment phases planed • Global routable EIDS • LISP / no LISP mixed • LISP only
Locator/Identifier Separation Protocol 20
Consequences ü Smaller routing tables
• Today: Routing Entries >> Nr of networks (~ 430’000 > 42’000) (Oct. 2012)
• LISP-Simulation: Routing Entries << Nr of networks
v Overhead for packet forwarding + ~1 μS/Packet • Encapsula1on and Decapsula1on
v TCP throughput reduced by less than 5% • Slower packet forwarding + Overhead for header So(ware implementa3on! (OpenLISP on FreeBSD)
Locator/Identifier Separation Protocol 21
ECONOMICS Current standardization state Deployment costs Use-Cases
22
Standardization & State (1) • 2006 Amsterdam IAB Routing and Addressing Workshop
• IETF Draft (2012) • “It is NOT RECOMMENDED for deployment beyond experimental
situations.” • Open Issues:
Mapping Systems, Caching of EID-to-RLOC, Security, …
• RFC 6115 (Recommendation for a Routing Architecture, 2011) • Open Protocol
• Developed by Cisco but no Intellectual property held.
• Drafts for different components and aspects (mapping system, deployment): http://tools.ietf.org/wg/lisp/
Economics 23
Standardization & State (2) • Number of successful applications (see Case-Studies) • LISP Beta Network
• More than 4+ years operational • More than 200 sites, 32 countries • Participation from Facebook, Google and others
• Number of implementations • OpenLISP (FreeBSD) • Cisco LISP (NX-OS) • LISP-Click (Java based) • Zlisp (C++ based: Linux, FreeBSD, MacOS)
Economics 24
Deployment costs • One LISP router per upstream connection
• Owned/Configured by: • Network Operator • Service Provider
• Mapping System • Depending on the mapping system variant! (E.g. Reuse DNS)
• “Technical costs”: • Transmission rate decrease <5% • Mapping System opens new attack surface
(Denial of Service, Injecting wrong mappings, …)
Economics 25
Economical Considerations (Provider) • Smaller routing tables
• Hardware and personal costs
• Get customers by providing new service • Easier provider change à chance and threat! • Increase existing service quality with LISP
• Provider areas • xTR hosting • Proxy hosting • Mapping System hosting • LISP based services
Economics 26
Economical Considerations (Client) • Do not operate these routers
• Publishing routes is easy à No incentives to reduce routing tables
• Benefits for early adopters • Multi-Homing, Traffic Engineering • IPv4 * IPv6 • Mobility & Avoid renumbering
• Easier provider change
Economics 27
Multi-homing (1) • Connection to internet by more than one ISP (reliability) • Distribute traffic among ISPs over BGP is complicated
• LISP supports effective multi homing (just new ETR/RLOC for EID) • Map Register message contains weight (traffic engineering)
Picture from [CISCO2012]
Economics 28
Multi-homing (2) • Desirable for client to increase reliability • Traffic management essential for optimal bandwidth use
• Traffic management complicated with BGP • Experts needed • Time consuming • Ineffective routing produces costs
• Increasing routing tables produce costs
• Cloud routing as application (call center)
Economics 29
Case-study NJEDge.net • Non-profit technology consortium of academic and
research institutions in New Jersey • Network of ~ 190 institutes • Provider of regional optical network and statewide
broadband access for members • Used for video conferences, distance learning etc.
• Problems with multi-homing and traffic management • Increasing hardware cost due to complicated BGP routing • Started to deploy LISP in 2011 • 11.000 USD savings per router lifetime
Economics 30
Mobility / Cloud Computing • Change location of host / vm without changing address • Support of Cloud Computing
• Disaster avoidance • Data center migration • Maintenance
• Number of providers • InTouch (NED) • VinciConsulting VXNet (USA)
Picture from [CISCO2012]
Economics 31
Case-study InTouch NV • Service Provider in Netherlands • Simplify infrastructure and provide easier integration of
services • Introduced LISP based VPN architecture
• LISP is "[..] around ten times cheaper than using standard Layer 2 interconnections."
• "Depending on customer location and availability of connectivity, we’re already seeing reductions of at least 30 percent in capital expense and 50 percent in operating costs."
Economics 32
Mobile-Node • Mobile-node changes access network • Mobile-node can keep IP • Mobile-node contains xTRs
Picture from [CISCO2012]
Economics 33
IPv6 deployment • Support IPv6 deployment • Minimal infrastructure changes • LISP uses address family agnostic encapsulation mechanism • IPv6 over IPv4 core and other way around
Picture from [CISCO2012]
Economics 34
Summary • IP-Address split
• Location & Identity à IP Number Portability
• LISP • Open Standard • Additional Features (Multi-Homing, Traffic Engineering, …) • Simple & Incremental deployment
• Mapping System (~DNS for EID-to-RLOC) • More than 6 variants • Issues: Security, Performance, Fast Updates, …
Summary 35
QUESTIONS / DISCUSSION
36
Will LISP be widely deployed?
37
Why develop an open protocol?
• Open Protocol à No intellectual property held by CISCO
• But mostly CISCO employees involved
38
Is there a real use-case for LISP? • Michael Leonard (Technical Marketing Manager at Juniper)
(http://forums.juniper.net/t5/Data-Center-Directions-Michael/Is-There-a-Real-Use-Case-for-LISP-The-Locator-ID-Separation/ba-p/152472)
• According to the LISP Protocol Specification, LISP’s only goal is in reducing routing table size. However, Cisco has also positioned LISP as an IPv6 transition mechanism, for mobility of virtual machines, and now fast mobility for Mobile IP. In all cases LISP competes with alternative solutions that do not rely on LISP’s unique and relatively unproven mapping and packet transport mechanisms.
39
Who operates the Mapping System?
40
BACKUP SLIDES
41
Comparison to others LISP GSE NAT
Map-and-encap Address Rewriting Address Rewriting
EID IPv6 postfix (64Bit) Private IP (10.0.0.0/8,…)
RLOC IPv6 prefix (64Bit) Public IP
- Requires mapping system
- IPv6 only - Changes to hosts
required
- Endpoints not reachable
- IPv4/6 intermixing - Traffic engineering - Mobility - Multi-homing
- Multi-homing
Test network Draft only In use
42
Glossary • EID: Endpoint Identifier • RLOC: Routing Locator • ITR: Ingress Tunnel Router • ETR: Egress Tunnel Router • xTR: ETR/ITR
• ISP: Internet service provider • CIDR: Classless Inter-Domain Routing • BGP: Border Gateway Protocol
43
Referenzen • [LTREE2010] LISP-TREE: A DNS Hierarchy to Support the LISP Mapping System, 2010, L. Jakab, A. C.-Aparicio, F.
Coras, D. Saucez, O. Bonaventure
44