--- 1/draft-ietf-lisp-deployment-02.txt 2012-03-13 00:14:22.438839173 +0100 +++ 2/draft-ietf-lisp-deployment-03.txt 2012-03-13 00:14:22.482896917 +0100 @@ -1,22 +1,23 @@ Network Working Group L. Jakab Internet-Draft A. Cabellos-Aparicio Intended status: Informational F. Coras -Expires: May 4, 2012 J. Domingo-Pascual - Technical University of Catalonia +Expires: September 13, 2012 J. Domingo-Pascual + Technical University of + Catalonia D. Lewis Cisco Systems - November 1, 2011 + March 12, 2012 LISP Network Element Deployment Considerations - draft-ietf-lisp-deployment-02.txt + draft-ietf-lisp-deployment-03.txt Abstract This document discusses the different scenarios for the deployment of the new network elements introduced by the Locator/Identifier Separation Protocol (LISP). Status of this Memo This Internet-Draft is submitted in full conformance with the @@ -25,25 +26,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on May 4, 2012. + This Internet-Draft will expire on September 13, 2012. Copyright Notice - Copyright (c) 2011 IETF Trust and the persons identified as the + Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -65,27 +66,31 @@ 3.1. Map-Servers . . . . . . . . . . . . . . . . . . . . . . . 11 3.2. Map-Resolvers . . . . . . . . . . . . . . . . . . . . . . 12 4. Proxy Tunnel Routers . . . . . . . . . . . . . . . . . . . . . 13 4.1. P-ITR . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4.2. P-ETR . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5. Migration to LISP . . . . . . . . . . . . . . . . . . . . . . 16 5.1. LISP+BGP . . . . . . . . . . . . . . . . . . . . . . . . . 16 5.2. Mapping Service Provider (MSP) P-ITR Service . . . . . . . 16 5.3. Proxy-ITR Route Distribution (PITR-RD) . . . . . . . . . . 17 5.4. Migration Summary . . . . . . . . . . . . . . . . . . . . 19 - 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 - 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20 - 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 - 9.1. Normative References . . . . . . . . . . . . . . . . . . . 20 - 9.2. Informative References . . . . . . . . . . . . . . . . . . 21 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21 + 6. Step-by-Step BGP to LISP Migration Procedure . . . . . . . . . 20 + 6.1. Customer Pre-Install and Pre-Turn-up Checklist . . . . . . 20 + 6.2. Customer Activating LISP Service . . . . . . . . . . . . . 21 + 6.3. Cut-Over Provider Preparation and Changes . . . . . . . . 22 + 7. Security Considerations . . . . . . . . . . . . . . . . . . . 22 + 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 + 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 23 + 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 + 10.1. Normative References . . . . . . . . . . . . . . . . . . . 23 + 10.2. Informative References . . . . . . . . . . . . . . . . . . 24 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24 1. Introduction The Locator/Identifier Separation Protocol (LISP) addresses the scaling issues of the global Internet routing system by separating the current addressing scheme into Endpoint IDentifiers (EIDs) and Routing LOCators (RLOCs). The main protocol specification [I-D.ietf-lisp] describes how the separation is achieved, which new network elements are introduced, and details the packet formats for the data and control planes. @@ -888,42 +893,176 @@ Late transition | may decrease | slower increase | slower increase LISP Internet | considerable decrease It is expected that PITR-RD will co-exist with LISP+BGP during the migration, with the latter being more popular in the early transition phase. As the transition progresses and the MSP P-ITR and PITR-RD ecosystem gets more ubiquitous, LISP+BGP should become less attractive, slowing down the increase of the number of routes in the DFZ. -6. Security Considerations +6. Step-by-Step BGP to LISP Migration Procedure + +6.1. Customer Pre-Install and Pre-Turn-up Checklist + + 1. Determine how many current physical service provider connections + the customer has and their existing bandwidth and traffic + engineering requirements. + + This information will determine the number of routing locators, + and the priorities and weights that should be configured on the + xTRs. + + 2. Make sure customer router has LISP capabilities. + + * Obtain output of 'show version' from the CE router. + + This information can be used to determine if the platform is + appropriate to support LISP, in order to determine if a + software and/or hardware upgrade is required. + + * Have customer upgrade (if necessary, software and/or hardware) + to be LISP capable. + + 3. Obtain current running configuration of CE router. A suggested + LISP router configuration example can be customized to the + customer's existing environment. + + 4. Verify MTU Handling + + * Request increase in MTU to (1556) on service provider + connections. Prior to MTU change verify that 1500 byte packet + from P-xTR to RLOC with do not fragment (DF-bit) bit set. + + * Ensure they are not filtering ICMP unreachable or time- + exceeded on their firewall or router. + + LISP, like any tunneling protocol, will increase the size of + packets when the LISP header is appended. If increasing the MTU + of the access links is not possible, care must be taken that ICMP + is not being filtered in order to allow for Path MTU Discovery to + take place. + + 5. Validate member prefix allocation. + + This step is to check if the prefix used by the customer is a + direct (Provider Independent), or if it is a prefix assigned by a + physical service provider (Provider Allocated). If the prefixes + are assigned by other service provivers then a Letter of + Agreement is required to announce prefixes through the Proxy + Service Provider. + + 6. Verify the member RLOCs and their reachability. + + This step ensures that the RLOCs configured on the CE router are + in fact reachable and working. + + 7. Prepare for cut-over. + + * If possible, have a host outside of all security and filtering + policies connected to the console port of the edge router or + switch. + + * Make sure customer has access to the router in order to + configure it. + +6.2. Customer Activating LISP Service + + 1. Customer configures LISP on CE router(s) from service provider + recommended configuration. + + The LISP configuration consists of the EID prefix, the locators, + and the weights and priorities of the mapping between the two + values. In addition, the xTR must be configured with Map- + Resolver(s), Map-Server(s) and the shared key for registering to + Map-Server(s). If required, Proxy-ETR(s) may be configured as + well. + + In addition to the LISP configuration, the following: + + * Ensure default route(s) to next-hop external neighbors are + included and RLOCs are present in configuration. + + * If two or more routers are used, ensure all RLOCs are included + in the LISP configuration on all routers. + + * It will be necessary to redistribute default route via IGP + between the external routers. + + 2. When transition is ready perform a soft shutdown on existing eBGP + peer session(s) + + * From CE router, use LIG to ensure registration is successful. + + * To verify LISP connectivity, ping LISP connected sites. See + http://www.lisp4.net/ and/or http://www.lisp6.net/ for + potential candidates. + + * To verify connectivity to non-LISP sites, try accessing major + Internet sites via a web browser. + +6.3. Cut-Over Provider Preparation and Changes + + 1. Verify site configuration and then active registration on Map- + Server(s) + + * Authentication key + + * EID prefix + + 2. Add EID space to map-cache on proxies + + 3. Add networks to BGP advertisement on proxies + + * Modify route-maps/policies on P-xTRs + + * Modify route policies on core routers (if non-connected + member) + + * Modify ingress policers on core routers + + * Ensure route announcement in looking glass servers, RouteViews + + 4. Perform traffic verification test + + * Ensure MTU handling is as expected (PMTUD working) + + * Ensure proxy-ITR map-cache population + + * Ensure access from traceroute/ping servers around Internet + + * Use a looking glass, to check for external visibility of + registration via several Map-Resolvers (e.g., + http://lispmon.net/). + +7. Security Considerations Security implications of LISP deployments are to be discussed in separate documents. [I-D.saucez-lisp-security] gives an overview of LISP threat models, while securing mapping lookups is discussed in [I-D.ietf-lisp-sec]. -7. IANA Considerations +8. IANA Considerations This memo includes no request to IANA. -8. Acknowledgements +9. Acknowledgements Many thanks to Margaret Wasserman for her contribution to the IETF76 presentation that kickstarted this work. The authors would also like to thank Damien Saucez, Luigi Iannone, Joel Halpern, Vince Fuller, Dino Farinacci, Terry Manderson, Noel Chiappa, Hannu Flinck, and everyone else who provided input. -9. References +10. References -9.1. Normative References +10.1. Normative References [I-D.ietf-lisp] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "Locator/ID Separation Protocol (LISP)", draft-ietf-lisp-15 (work in progress), July 2011. [I-D.ietf-lisp-alt] Fuller, V., Farinacci, D., Meyer, D., and D. Lewis, "LISP Alternative Topology (LISP+ALT)", draft-ietf-lisp-alt-09 (work in progress), September 2011. @@ -941,24 +1080,24 @@ [I-D.ietf-lisp-sec] Maino, F., Ermagan, V., Cabellos-Aparicio, A., Saucez, D., and O. Bonaventure, "LISP-Security (LISP-SEC)", draft-ietf-lisp-sec-00 (work in progress), July 2011. [I-D.saucez-lisp-security] Saucez, D., Iannone, L., and O. Bonaventure, "LISP Security Threats", draft-saucez-lisp-security-03 (work in progress), March 2011. -9.2. Informative References +10.2. Informative References [I-D.ietf-lisp-eid-block] - Iannone, L., Lewis, D., Meyer, D., and V. Fuller, "LISP + Lewis, D., Meyer, D., Iannone, L., and V. Fuller, "LISP EID Block", draft-ietf-lisp-eid-block-01 (work in progress), October 2011. [I-D.lear-lisp-nerd] Lear, E., "NERD: A Not-so-novel EID to RLOC Database", draft-lear-lisp-nerd-08 (work in progress), March 2010. [cache] Jung, J., Sit, E., Balakrishnan, H., and R. Morris, "DNS performance and the effectiveness of caching", 2002.