Home > Articles > LISP Architecture

LISP Architecture

Contents

  1. LISP Architecture
  2. LISP Canonical Address Format (LCAF)
  3. LISP Packet Headers
  4. LISP Control Plane Messages
  5. LISP Database Architecture: LISP-DDT
  6. LISP Architecture on Cisco Platforms
  7. Summary
  8. References

Chapter Description

In this sample chapter from LISP Network Deployment and Troubleshooting: The Complete Guide to LISP Implementation on IOS-XE, IOS-XR, and NX-OS, you will explore LISP core architecture and components, including the roles and functionality of xTRs, PxTRs, MR/MS, and ALT.

From the Book

LISP Network Deployment and Troubleshooting: The Complete Guide to LISP Implementation on IOS-XE, IOS-XR, and NX-OS

LISP Network Deployment and Troubleshooting: The Complete Guide to LISP Implementation on IOS-XE, IOS-XR, and NX-OS

$47.99 (Save 20%)

Locator/ID Separation Protocol (LISP) architecture is a feature-rich architecture that not only does the separation of device identity and location but also brings down operational expenses (opex), provides a Border Gateway Protocol (BGP)–free multihoming network, enables multi address-family (AF) support, provides a highly scalable virtual private network (VPN) solution, enables host mobility in data centers, and much more. To understand how all these functionalities and benefits are achieved, it is important to know the underlying architectural components of LISP and also understand how LISP works. This chapter explores the details of the architecture of LISP.

This chapter covers the following topics:

  • LISP architecture

  • LISP Canonical Address Format (LCAF)

  • LISP packet headers

  • LISP control plane messages

  • LISP Database Architecture: LISP-DDT

  • LISP architecture on Cisco platforms

LISP Architecture

LISP, defined in RFC 6830, is a routing and addressing architecture of the Internet Protocol. The LISP routing architecture was designed to solve issues related to scaling, multihoming, inter-site traffic engineering, and mobility. An address on the Internet today combines location (how the device is attached to the network) and identity semantics in a single 32-bit (IPv4 address) or 128-bit (IPv6 address) number. The purpose of LISP is to separate the location from the identity. In simple words, with LISP, where you are (the network layer locator) in a network that can change, but who you are (the network layer identifier) in the network remains the same. LISP separates the end user device identifiers from the routing locators used by others to reach them. The LISP routing architecture design creates a new paradigm, splitting the device identity—that is, the endpoint identifier (EID)—from its location—that is, the routing locator (RLOC).

In order to further understand how LISP does the locator/ID separation, it is important to first learn about the architectural components of LISP. The following are some of the functions or components that form the LISP architecture:

  • Ingress tunnel router (ITR): The ITR receives the packets from the site-facing interfaces and encapsulates them to the remote LISP site or natively forwards the packets to a non-LISP site.

  • Egress tunnel router (ETR): The ETR receives the packets from core-facing interfaces and de-encapsulates them to deliver them to local EIDs at the site.

  • Proxy ingress tunnel router (PITR): A PITR is an infrastructure LISP network entity that receives packets from non-LISP sites and encapsulates the packets to LISP sites or natively forwards them to non-LISP sites.

  • Proxy egress tunnel router (PETR): A PETR is an infrastructure LISP network entity that de-encapsulates packets from LISP sites to deliver them to non-LISP sites.

  • Map server (MS): An MS configures LISP site policy to authenticate when LISP sites try to register to the MS. It also performs the following functions:

    • Provides a service interface to the ALT router and injects routes in the ALT BGP when the site registers.

    • Receives MAP requests over the ALT router and encapsulates them to registered ETRs.

  • Map resolver (MR): The MR performs the following functions:

    • Receives MAP requests, which are encapsulated by ITRs.

    • Provides a service interface to the ALT router, de-encapsulates MAP requests, and forwards on the ALT topology.

    • Sends negative MAP replies in response to MAP requests for non-LISP sites.

  • ALT router (ALT): An ALT router is a router that runs External Border Gateway Protocol (eBGP) over an alternate Generic Routing Encapsulation (GRE) tunnel topology. It is an off-the-shelf router that does not run LISP. The ALT router simply forwards MAP requests according to the BGP Routing Information Base (RIB). ALT routers are used to aggregate BGP connections and to summarize EID prefix routes.

  • LISP Delegated Database Tree (LISP-DDT): LISP-DDT is a hierarchical distributed database authority that provides EID-to-RLOC mappings. It is statically populated with the EID namespace and other nodes, called DDT nodes. Each DDT node is authoritative for one or more EID prefixes, or “child” DDT nodes, for more specific EID prefixes addressed by an authoritative DDT node.

The following sections discuss these components and features in detail.

Routing Locators and Endpoint Identifiers

The IPv4 or IPv6 address of a device represents its identity and location. In the present-day Internet, when a host moves from one location to another location, it is assigned a different IPv4 or IPv6 address, which overloads the location/identity semantic. LISP separates the location and identity of a device through the RLOC and EID. The RLOC represents the IP address of the egress tunnel router (ETR) the host is attached to, and the EID represents the IP address assigned to the host. With LISP, the change in location of a device does not result in a change in its identity. In other words, when the device moves from one location to another, it still retains its IPv4 or IPv6 address; however, the site tunnel router (xTR) is dynamically updated. Ensuring that the identity does not change for the host even with the change in location requires a mapping system. LISP provides the distributed architecture EID-to-RLOC mapping that maps EIDs to RLOCs. Figure 2-1 displays the location and identity separation in a network with EIDs and RLOCs.

FIGURE 2-1

FIGURE 2-1 Using EIDs and RLOCs for Location/ID Separation

Ingress/Egress Tunnel Routers (xTRs)

Both the ITRs and ETRs are also referred to as xTRs. The ITRs and ETRs play a vital role in packet forwarding in the LISP architecture.

An ITR is a router that performs the following tasks:

  • Accepts an IP packet from a host and treats the IP destination as an EID

  • Performs an EID-to-RLOC mapping lookup in its local map caches or remote map resolver in the event of a missed hit

  • Prepends the packet with a LISP header, with the RLOC as the destination IP address

  • Forwards the packet to the ETR that is hosting the RLOC

An ETR is a router that performs the following tasks:

  • Accepts an IP packet with a LISP header, where the destination IP address is hosted by the router

  • Strips the LISP header and forwards the packet based on the next IP header found on the packet

To further understand the functioning of the ITR and ETR routers, examine the topology shown in Figure 2-2. In this topology, there are two LISP sites, Site1 and Site2, with hosts in subnets 100.1.1.0/24 and 200.1.1.0/24. The Internet cloud has four ISP networks, with the subnets 10.0.0.0/8, 20.0.0.0/8, 30.0.0.0/8, and 40.0.0.0/8.

FIGURE 2-2

FIGURE 2-2 LISP-Enabled Topology

If the host 100.1.1.1 wants to reach host 200.1.1.2, the following control plane lookups happen in a LISP-enabled network:

  • Step 1. Host S1 with IP address 100.1.1.1 performs a DNS lookup for destination host D1 with IP address 200.1.1.2.

  • Step 2. After the DNS lookup is performed, the host forwards the packet to one of the ITRs, based on the routing and forwarding preference. In this case, the packet is sent to ITR1.

  • Step 3. ITR1 receives the packet and checks the IP headers and does not find a relevant next-hop entry for forwarding the received packet with source IP address 100.1.1.1 and destination IP address 200.1.1.2. The ITR then thinks that it might be a potential packet for LISP encapsulation. It performs a lookup in the map cache entry and finds two locator sets for the destination 200.1.1.0/24 subnet.

  • Step 4. The ITR creates an overlay from ITR to ETR with LISP encapsulation. The encapsulation of the IP packet happens on the ITR, and the de-encapsulation happens on the ETR.

  • Step 5. The ETR forwards the IP packet to the destination host.

Map Servers (MSs) and Map Resolvers (MRs)

The fundamental behavior of LISP is to separate the EID from the RLOC, which allows the host to retain its identity even with a change in location. But the seamless mobility is achieved using the EID-to-RLOC mapping, which is maintained in the distributed database. The map server (MS) learns EID-to-RLOC mapping entries from the ETRs and publishes these mappings to the distributed mapping database. To publish its EID prefixes, an ETR periodically sends its mapping entries to the MS. The MS also receives the map requests via the mapping system and forwards them to the registered ETRs.

The map resolver (MR), on the other hand, accepts LISP encapsulated map requests from an ITR. Based on a map request, two things may happen.

  • If the destination IP address is part of the EID namespace, the MR finds the appropriate EID-to-RLOC mapping by consulting the distributed mapping database system.

  • If the destination is not found in the EID namespace, then a negative map reply is sent to the ITR. This means that if the MR receives a map request for a non-LISP site, the MR sends a negative map reply in response.

To understand the functioning of MR/MS routers, examine the topology shown in Figure 2-3.

FIGURE 2-3

FIGURE 2-3 LISP Map Request and Map Reply

In this topology, when host S1 with IP address 100.1.1.1 tries to reach host D2 with IP address 200.1.1.2, it sends the packet to one of the local ITRs at the site. Then, if the ITR does not have an entry in its map cache table, the ITR creates a map request looking for the host 200.1.1.2 and sends it to the map resolver (MR). The map request is also LISP encapsulated where the outer header has the source IP address of 20.0.0.2 and destination IP address of 50.0.0.2. Based on the request, the MR forwards the map request to the map server (MS). The MS redirects the packet to the ETR, which has the information about the host prefix/subnet. One important thing to notice in this map request/map reply is that the map request comes toward the mapping system, but the mapping system does not send the reply. The ETR sends the map reply directly to the ITR that raised the map request. This significantly reduces the load on the MR/MS and at the same time helps validate the path between the ETR and the ITR. The map reply contain the mapping entries of the ETRs that hold the destination EIDs.

Figure 2-4 illustrates an example of an ITR sending a map request for a prefix in a non-LISP site.

FIGURE 2-4

FIGURE 2-4 LISP Map Request and Negative Map Reply

In this scenario, if a host connected to the ITR tries to reach a destination that is on a non-LISP site, the ITR (as in the previous scenario) creates a map request and sends it to the MR. The MS performs a lookup to see whether the EID is present in its mapping database. If the MS cannot find a matching entry, it sends a negative map reply back to the originating ITR. On receiving the negative reply, the ITR updates its map cache entry with the tag forward-native, which means that the destination is part of a non-LISP site.

Proxy Ingress/Egress Tunnel Router (PxTR)

Sites cannot all be LISP enabled immediately, and not all segments of the network are not capable of running LISP from day 1. With the gradual migration from non-LISP-enabled sites to LISP-enabled sites, network operators still require that the non-LISP-capable sites be able to send traffic destined to LISP-enabled sites. This is where proxy ingress/egress tunnel routers (PxTRs) come into play.

Proxy ingress tunnel routers (PITRs) allow for non-LISP sites to send packets to LISP sites. A PITR is a new network element that shares many characteristics with a LISP ITR. A PITR allows non-LISP sites to send packets to LISP sites without requiring changes in the protocol or devices at the non-LISP sites. PITRs perform two primary functions:

  • Originating EID advertisements: PITRs advertise highly aggregated EID-prefix space on behalf of LISP sites to the non-LISP sites so that the non-LISP sites can reach them.

  • Encapsulating legacy Internet traffic: PITRs encapsulate non-LISP Internet traffic into LISP packets and route them toward their destination RLOCs.

Proxy egress tunnel routers (PETRs) are used to allow traffic from LISP sites to non-LISP sites. A PETR acts as an ETR for traffic sourced from LISP sites and destined to non-LISP sites. PETRs are useful in the following cases:

  • Avoiding strict uRPF failures: Some providers’ access networks require the source of a packet to be within the address scope of the access networks. PETRs allow for LISP sites to send packets to non-LISP sites in cases where the access network does not allow for the LISP site to send packets with the source address of the site’s EIDs.

  • Traversing a different IP protocol: The transit path network between LISP sites and non-LISP sites may not be IPv4 or IPv6 enabled. LISP support for mixed protocol encapsulation allows PETRs to hop over such networks in order to route the traffic between the LISP and non-LISP sites.

NOTE

PITRs and PETRs are the same physical devices. As with xTRs, the distinction is based on the direction of the flow with functions of de-encapsulation or encapsulation.

The LISP ALT System

The LISP Alternative Logical Topology (ALT) system is defined in RFC 6836. The LISP ALT system is a simple distributed index system that assists the ITR or MR in finding the ETR that holds the RLOC mapping information for a particular EID. ALT is a topology formed using GRE tunnels via which EIDs are routable. It is used to propagate mapping entries to the ITR. The purpose of the ALT system is to advertise EID prefixes in BGP on an alternative topology. The ALT system thus allows for incremental deployment of LISP. Figure 2-5 shows a LISP-enabled topology with ALT routers in the network.

FIGURE 2-5

FIGURE 2-5 LISP ALT

An ALT-only device can be off-the-shelf gear that can be configured on router hardware or even on a Linux host. The device just needs to be BGP and GRE capable. Often users confuse the functionality of LISP ALT system. The ALT system does not distribute the actual EID-to-RLOC mappings but provides a forwarding path from an ITR or MR to an ETR that holds the mapping for a particular EID prefix.

2. LISP Canonical Address Format (LCAF) | Next Section

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020