CHF49.90
Download steht sofort bereit
The complete guide to seamless anytime/anywhere networking with LISP
In an era of ubiquitous clouds, virtualization, mobility, and the Internet of Things, information and resources must be accessible anytime, from anywhere. Connectivity to devices and workloads must be seamless even when people move, and their location must be fully independent of device identity. The Locator/ID Separation Protocol (LISP) makes all this possible.
The LISP Network is the first comprehensive, in-depth guide to LISP concepts, architecture, techniques, behavior, and applications. Co-authored by LISP co-creator Dino Farinacci and Victor Moreno-co-developer of the Cisco LISP implementation-it will help you identify the opportunities and benefits of deploying LISP in any data center, campus and branch access, WAN edge, or service provider core network.
This largely implementation-agnostic guide will be valuable to architects, engineers, consultants, technical sales professionals, and senior IT professionals in any largescale network environment. The authors show how LISP overcomes key problems in large-scale networking, thoroughly introduce its key applications, guide you through designing real-world solutions, and present detailed deployment case studies based on their pioneering experience.
· Understand LISP's core principles, history, motivation, and applications
· Explore LISP's technical architecture, components, mechanisms, and workflows
· Use LISP to seamlessly deliver diverse network services and enable major advances in data center connectivity
· Improve mobility, network segmentation, and policy management
· Leverage software-defined WANs (SD-WANs) to efficiently move traffic from access to data center
· Evolve access networks to provide pervasive, mega-scale, high-density modern connectivity
· Integrate comprehensive security into the networking control and data plane, and learn how LISP infrastructure is protected against attacks
· Enforce access control policies, connection integrity, confidentiality for data in flight, and end-point anonymity
· Discover how LISP mobility mechanisms anticipate tomorrow's application use cases
Autorentext
Victor Moreno is a Distinguished Engineer at Cisco Systems responsible for the definition of next-generation network architectures. Victor has more than 20 years of industry experience focused on enterprise and data center network design and architecture. A recognized expert in his field, Victor holds several patents which are at the foundation of the key protocols and networking technologies that have enabled the evolution of networking to its current state. He has worked directly on the designs of global enterprises and service providers and has done extensive research on the topic of network virtualization, being a driving force within Cisco and earlier Digital Equipment Corporation for new product definition and technological direction. Victor is the co-author of the Cisco Press title Network Virtualization and has published a multitude of technical papers and articles on behalf of Cisco Systems. Victor holds a degree in electrical engineering from the Simón Bolívar University, as well as master's degrees and specializations from the Universities of York, Cambridge, and Stanford. Victor is an active contributor to the definition, implementation, and standardization of the Locator/ID Separation Protocol (LISP).
Dino Farinacci is a software engineer by trade and a technology visionary by passion, advancing the state of the art in computer networking. As one of the first Cisco Fellows, Dino holds more than 40 Internet and networking-related patents and has been a major IETF contributor for nearly 30 years with approximately 50 RFCs and Internet Drafts published. Dino is the founder of lispers.net, a nonprofit engineering organization, where he now focuses on design and deployment of LISP for IoT, cryptocurrency, and 5G mobile networks.
Dino is one of the original RFC co-authors of LISP, dating back to 2007, and has had the pleasure of writing two implementations of the protocol. He currently does consulting for large startup networking vendors and helps users deploy network designs using LISP and other architectures. If you can name an Internet protocol, there is a good chance Dino has designed and implemented it in widely deployed products. Over his career working at the NSA, CDC, 3Com, Procket, and Cisco, he has worked on dozens of operating systems, network protocols, and infrastructure systems.
Inhalt
Introduction xv
Chapter 1 LISP and the Future of Networking 1
A Brief History of LISP: Motivation, Base Premises, Evolution 5
LISP in the Standards and Open Community 6
Use Cases for LISP: Supporting Future Trends 7
Chapter 2 LISP Architecture 9
Seminal Idea: Location-Identity Separation 9
Map and Encapsulate 11
Demand-Based Routing and Caching 12
LISP Roles 14
Tunnel Routers 14
Ingress Tunnel Routers 14
Egress Tunnel Routers 15
Proxy Tunnel Routers 15
Proxy Ingress Tunnel Routers 16
Proxy Egress Tunnel Routers 16
Mapping Database System 17
An Asset-Controlled Mapping Database 21
Networking Beyond Traditional Address Types 22
The LISP Data Plane 23
Tunnel Entropy 24
Segmentation 24
Locator Status Validation 25
Path Reliability 26
Confidentiality and Authentication 27
Alternative Data Plane Formats 27
NAT Traversal 29
Summary 30
Chapter 3 Data Center Trends 31
A Brief History of Application Virtualization 31
Multitiered Applications, Virtualization, and the Network 34
Evolving Switching Fabrics 37
Optimizing Connectivity to the Data Center with LISP 39
Mobility: Subnets Really Don't Work 42
Segmentation: 32 Bits Needed 46
Device Segmentation 48
Control Plane Segmentation 49
Data Plane Segmentation 50
Extranet VPNs 50
Policy: The Network as an Enforcer 51
The Hybrid Cloud and Carrier Neutrality 54
Summary 56
Chapter 4 The Wide-Area Network: Bringing Traffic from Access to the Data Center 57
Modern WAN Services 57
Hybrid WAN: Efficient xTR Multihoming 60
Scale Considerations 65
Logical Topologies: Peer-to-Peer Connectivity and Service Insertion 67
Security: Connection Integrity and Confidentiality 70
Segmentation 71
The Access Network: Multisite Considerations 72
Manageability 76
Summary 77
Chapter 5 Mega-Scale Access Networks: LISP, User Access, and the Internet of Things 79
Access Networks Using LISP 81
LISP Access Network Design 81
Connecting to External Networks 85
Mobility and Wireless Integration 87
Segmentation 90
Zero Configuration Networking: Service Discovery 91
Situational Policy (Beyond Just Location) 92
Applications 92
Optimized Campus and Branch Access 92
Connected Home 93
Campus Dormitory Rooms: A Virtual Home 94
LISP-Based Air-to-Ground Network 95
Endpoint Tracking Applications: Geo-location 96
The Internet of Things 97
Security and Integrity 98
Sensors: Mega-Scale Aggregation of Very Little Data 99
A Protocol Fitted for Low-Power, Light-Footprint Applications 102
A Lightbulb for Utopia 103
Summary 104
Chapter 6 Security 105
Attack Surfaces, Lateral Moves, and Bot-nets 105
Policy, Segmentation, and the Virtual Perimeter 106
Macro-segmentation 109
Micro-segmentation 111
Process-Level Segmentation 113
How to Integrate the Control Plane into the Assurance Loop 116
Traffic Steering and Service Chains 117
Cryptography in LISP 117
Public-Key Cryptography 117
Symmetric Cryptography 119
Integrated Key Exchange 120
How the LISP Control Plane Is Secured 123
Enhanced Control Plane Security 124
LISP-SEC 124
Threats Addressed by LISP-SEC 126
LISP Elliptic Curve Digital Signature Algorithm (ECDSA) Authentication and Authorization 127
Anonymit…