LISP Network, The

Victor Moreno is a Distinguished Engineer at Cisco Systems responsible for the definition of next-generation network architectures. Victor has more than 20 years of industry experience focused on enterprise and data center network design and architecture. A recognized expert in his field, Victor holds several patents which are at the foundation of the key protocols and networking technologies that have enabled the evolution of networking to its current state. He has worked directly on the designs of global enterprises and service providers and has done extensive research on the topic of network virtualization, being a driving force within Cisco and earlier Digital Equipment Corporation for new product definition and technological direction. Victor is the co-author of the Cisco Press title Network Virtualization and has published a multitude of technical papers and articles on behalf of Cisco Systems. Victor holds a degree in electrical engineering from the Simon Bolivar University, as well as master's degrees and specializations from the Universities of York, Cambridge, and Stanford. Victor is an active contributor to the definition, implementation, and standardization of the Locator/ID Separation Protocol (LISP). Dino Farinacci is a software engineer by trade and a technology visionary by passion, advancing the state of the art in computer networking. As one of the first Cisco Fellows, Dino holds more than 40 Internet and networking-related patents and has been a major IETF contributor for nearly 30 years with approximately 50 RFCs and Internet Drafts published. Dino is the founder of lispers.net, a nonprofit engineering organization, where he now focuses on design and deployment of LISP for IoT, cryptocurrency, and 5G mobile networks. Dino is one of the original RFC co-authors of LISP, dating back to 2007, and has had the pleasure of writing two implementations of the protocol. He currently does consulting for large startup networking vendors and helps users deploy network designs using LISP and other architectures. If you can name an Internet protocol, there is a good chance Dino has designed and implemented it in widely deployed products. Over his career working at the NSA, CDC, 3Com, Procket, and Cisco, he has worked on dozens of operating systems, network protocols, and infrastructure systems.

Introduction xv

Chapter 1 LISP and the Future of Networking 1

A Brief History of LISP: Motivation, Base Premises, Evolution 5

LISP in the Standards and Open Community 6

Use Cases for LISP: Supporting Future Trends 7

Chapter 2 LISP Architecture 9

Seminal Idea: Location-Identity Separation 9

Map and Encapsulate 11

Demand-Based Routing and Caching 12

LISP Roles 14

Tunnel Routers 14

Ingress Tunnel Routers 14

Egress Tunnel Routers 15

Proxy Tunnel Routers 15

Proxy Ingress Tunnel Routers 16

Proxy Egress Tunnel Routers 16

Mapping Database System 17

An Asset-Controlled Mapping Database 21

Networking Beyond Traditional Address Types 22

The LISP Data Plane 23

Tunnel Entropy 24

Segmentation 24

Locator Status Validation 25

Path Reliability 26

Confidentiality and Authentication 27

Alternative Data Plane Formats 27

NAT Traversal 29

Summary 30

Chapter 3 Data Center Trends 31

A Brief History of Application Virtualization 31

Multitiered Applications, Virtualization, and the Network 34

Evolving Switching Fabrics 37

Optimizing Connectivity to the Data Center with LISP 39

Mobility: Subnets Really Don't Work 42

Segmentation: 32 Bits Needed 46

Device Segmentation 48

Control Plane Segmentation 49

Data Plane Segmentation 50

Extranet VPNs 50

Policy: The Network as an Enforcer 51

The Hybrid Cloud and Carrier Neutrality 54

Summary 56

Chapter 4 The Wide-Area Network: Bringing Traffic from Access to the Data Center 57

Modern WAN Services 57

Hybrid WAN: Efficient xTR Multihoming 60

Scale Considerations 65

Logical Topologies: Peer-to-Peer Connectivity and Service Insertion 67

Security: Connection Integrity and Confidentiality 70

Segmentation 71

The Access Network: Multisite Considerations 72

Manageability 76

Summary 77

Chapter 5 Mega-Scale Access Networks: LISP, User Access, and the Internet of Things 79

Access Networks Using LISP 81

LISP Access Network Design 81

Connecting to External Networks 85

Mobility and Wireless Integration 87

Segmentation 90

Zero Configuration Networking: Service Discovery 91

Situational Policy (Beyond Just Location) 92

Applications 92

Optimized Campus and Branch Access 92

Connected Home 93

Campus Dormitory Rooms: A Virtual Home 94

LISP-Based Air-to-Ground Network 95

Endpoint Tracking Applications: Geo-location 96

The Internet of Things 97

Security and Integrity 98

Sensors: Mega-Scale Aggregation of Very Little Data 99

A Protocol Fitted for Low-Power, Light-Footprint Applications 102

A Lightbulb for Utopia 103

Summary 104

Chapter 6 Security 105

Attack Surfaces, Lateral Moves, and Bot-nets 105

Policy, Segmentation, and the Virtual Perimeter 106

Macro-segmentation 109

Micro-segmentation 111

Process-Level Segmentation 113

How to Integrate the Control Plane into the Assurance Loop 116

Traffic Steering and Service Chains 117

Cryptography in LISP 117

Public-Key Cryptography 117

Symmetric Cryptography 119

Integrated Key Exchange 120

How the LISP Control Plane Is Secured 123

Enhanced Control Plane Security 124

LISP-SEC 124

Threats Addressed by LISP-SEC 126

LISP Elliptic Curve Digital Signature Algorithm (ECDSA) Authentication and Authorization 127

Anonymity in LISP 129

Summary 130

Chapter 7 LISP and the Next-Generation Mobile Network 131

LISP EID Mobility and LISP Mobile Node 131

LISP EID Mobility 132

LISP EID Mobility Mechanics 133

LISP Mobile Node 136

LISP Mobile Node Mechanics 137

Mobility Convergence Optimization 138

Redirection 138

Pub-Sub 139

Predictive RLOCs 141

Use Cases 143

Use Case: High Rate Mobility 143

Use Case: Aeronautical Telecommunications Network (ATN) 148

Use Case: Next-Generation Cellular Networks 150

Network Slicing 151

Ultra-Low Latency 152

High Endpoint Density 153

Fixed-Mobile Convergence (FMC) Multihoming 153

Security 153

Use Case: Mobile Environment for Media Broadcasting 153

Use Case: Blockchain Network 154

Summary 155







9781587144714 TOC 12/17/2019