LISP Network, The

The complete guide to seamless anytime/anywhere networking with LISP

In an era of ubiquitous clouds, virtualization, mobility, and the Internet of Things, information and resources must be accessible anytime, from anywhere. Connectivity to devices and workloads must be seamless even when people move, and their location must be fully independent of device identity. The Locator/ID Separation Protocol (LISP) makes all this possible.

The LISP Network is the first comprehensive, in-depth guide to LISP concepts, architecture, techniques, behavior, and applications. Co-authored by LISP co-creator Dino Farinacci and Victor Moreno-co-developer of the Cisco LISP implementation-it will help you identify the opportunities and benefits of deploying LISP in any data center, campus and branch access, WAN edge, or service provider core network.

This largely implementation-agnostic guide will be valuable to architects, engineers, consultants, technical sales professionals, and senior IT professionals in any largescale network environment. The authors show how LISP overcomes key problems in large-scale networking, thoroughly introduce its key applications, guide you through designing real-world solutions, and present detailed deployment case studies based on their pioneering experience.

· Understand LISP's core principles, history, motivation, and applications

· Explore LISP's technical architecture, components, mechanisms, and workflows

· Use LISP to seamlessly deliver diverse network services and enable major advances in data center connectivity

· Improve mobility, network segmentation, and policy management

· Leverage software-defined WANs (SD-WANs) to efficiently move traffic from access to data center

· Evolve access networks to provide pervasive, mega-scale, high-density modern connectivity

· Integrate comprehensive security into the networking control and data plane, and learn how LISP infrastructure is protected against attacks

· Enforce access control policies, connection integrity, confidentiality for data in flight, and end-point anonymity

· Discover how LISP mobility mechanisms anticipate tomorrow's application use cases

Autorentext

Victor Moreno is a Distinguished Engineer at Cisco Systems responsible for the definition of next-generation network architectures. Victor has more than 20 years of industry experience focused on enterprise and data center network design and architecture. A recognized expert in his field, Victor holds several patents which are at the foundation of the key protocols and networking technologies that have enabled the evolution of networking to its current state. He has worked directly on the designs of global enterprises and service providers and has done extensive research on the topic of network virtualization, being a driving force within Cisco and earlier Digital Equipment Corporation for new product definition and technological direction. Victor is the co-author of the Cisco Press title Network Virtualization and has published a multitude of technical papers and articles on behalf of Cisco Systems. Victor holds a degree in electrical engineering from the Simón Bolívar University, as well as master's degrees and specializations from the Universities of York, Cambridge, and Stanford. Victor is an active contributor to the definition, implementation, and standardization of the Locator/ID Separation Protocol (LISP).

Dino Farinacci is a software engineer by trade and a technology visionary by passion, advancing the state of the art in computer networking. As one of the first Cisco Fellows, Dino holds more than 40 Internet and networking-related patents and has been a major IETF contributor for nearly 30 years with approximately 50 RFCs and Internet Drafts published. Dino is the founder of lispers.net, a nonprofit engineering organization, where he now focuses on design and deployment of LISP for IoT, cryptocurrency, and 5G mobile networks.

Dino is one of the original RFC co-authors of LISP, dating back to 2007, and has had the pleasure of writing two implementations of the protocol. He currently does consulting for large startup networking vendors and helps users deploy network designs using LISP and other architectures. If you can name an Internet protocol, there is a good chance Dino has designed and implemented it in widely deployed products. Over his career working at the NSA, CDC, 3Com, Procket, and Cisco, he has worked on dozens of operating systems, network protocols, and infrastructure systems.

Inhalt

Introduction xv

Chapter 1 LISP and the Future of Networking 1

A Brief History of LISP: Motivation, Base Premises, Evolution 5

LISP in the Standards and Open Community 6

Use Cases for LISP: Supporting Future Trends 7

Chapter 2 LISP Architecture 9

Seminal Idea: Location-Identity Separation 9

Map and Encapsulate 11

Demand-Based Routing and Caching 12

LISP Roles 14

Tunnel Routers 14

Ingress Tunnel Routers 14

Egress Tunnel Routers 15

Proxy Tunnel Routers 15

Proxy Ingress Tunnel Routers 16

Proxy Egress Tunnel Routers 16

Mapping Database System 17

An Asset-Controlled Mapping Database 21

Networking Beyond Traditional Address Types 22

The LISP Data Plane 23

Tunnel Entropy 24

Segmentation 24

Locator Status Validation 25

Path Reliability 26

Confidentiality and Authentication 27

Alternative Data Plane Formats 27

NAT Traversal 29

Summary 30

Chapter 3 Data Center Trends 31

A Brief History of Application Virtualization 31

Multitiered Applications, Virtualization, and the Network 34

Evolving Switching Fabrics 37

Optimizing Connectivity to the Data Center with LISP 39

Mobility: Subnets Really Don't Work 42

Segmentation: 32 Bits Needed 46

Device Segmentation 48

Control Plane Segmentation 49

Data Plane Segmentation 50

Extranet VPNs 50

Policy: The Network as an Enforcer 51

The Hybrid Cloud and Carrier Neutrality 54

Summary 56

Chapter 4 The Wide-Area Network: Bringing Traffic from Access to the Data Center 57

Modern WAN Services 57

Hybrid WAN: Efficient xTR Multihoming 60

Scale Considerations 65

Logical Topologies: Peer-to-Peer Connectivity and Service Insertion 67

Security: Connection Integrity and Confidentiality 70

Segmentation 71

The Access Network: Multisite Considerations 72

Manageability 76

Summary 77

Chapter 5 Mega-Scale Access Networks: LISP, User Access, and the Internet of Things 79

Access Networks Using LISP 81

LISP Access Network Design 81

Connecting to External Networks 85

Mobility and Wireless Integration 87

Segmentation 90

Zero Configuration Networking: Service Discovery 91

Situational Policy (Beyond Just Location) 92

Applications 92

Optimized Campus and Branch Access 92

Connected Home 93

Campus Dormitory Rooms: A Virtual Home 94

LISP-Based Air-to-Ground Network 95

Endpoint Tracking Applications: Geo-location 96

The Internet of Things 97

Security and Integrity 98

Sensors: Mega-Scale Aggregation of Very Little Data 99

A Protocol Fitted for Low-Power, Light-Footprint Applications 102

A Lightbulb for Utopia 103

Summary 104

Chapter 6 Security 105

Attack Surfaces, Lateral Moves, and Bot-nets 105

Policy, Segmentation, and the Virtual Perimeter 106

Macro-segmentation 109

Micro-segmentation 111

Process-Level Segmentation 113

How to Integrate the Control Plane into the Assurance Loop 116

Traffic Steering and Service Chains 117

Cryptography in LISP 117

Public-Key Cryptography 117

Symmetric Cryptography 119

Integrated Key Exchange 120

How the LISP Control Plane Is Secured 123

Enhanced Control Plane Security 124

LISP-SEC 124

Threats Addressed by LISP-SEC 126

LISP Elliptic Curve Digital Signature Algorithm (ECDSA) Authentication and Authorization 127

Anonymit…