LISP Hybrid Cloud Use Case
Hybrid Cloud is all about connecting the public cloud provider to the enterprise private cloud. It consists of a composition of two or more distinct infrastructures in dispersed locations that remain unique entities. These unique entities are bound together logically via some kind of network to enable data and application portability.
How do you support Intra-subnet traffic patterns among two dispersed cloud locations?
Enterprise want the ability to seamlessly insert their application right in the heart of the cloud provider, without changing any parameters. Customers want to do this without making changes to VMs IP addresses and/or MAC-address. This requires the VLAN to be stretched end-to-end. Unfortunately, IP routing cannot support VLAN extension which puts pressure on the data center interconnect ( DCI ) link to enable stretched VLANs. In reality this is not a good solution.
How do we overcome these challenges?
Locator Identity Separation Protocol ( LISP ) can be used to extend subnets without extending the VLAN. Creating a LISP Hybrid Cloud. Subnet extension with LISP is far more appealing than a Layer 2 LAN extension.
LISP enabled hybrid cloud solution allows Intra-subnet communication regardless of where the server is located. This means you can have two servers in different locations, one server in the public cloud and the other in the Enterprise domain, both servers can communicate as if they were on the same subnet. LISP operates like an overlay technology, it LISP encapsulates the original source packet with UDP and a header that consists of the source and destination RLOC ( RLOC are used to map EIDS). The result is that you can address the servers in the cloud according to your own addressing scheme. There is no need to match your addressing scheme to the clouds addressing scheme.
LISP on the Cloud Service Router ( CRS ) 1000V ( virtual router ) solution provides a Layer-3 based approach to hybrid cloud. It allows you to stretch subnets from the enterprise to the public cloud without the need for a Layer 2 LAN extension.
Deployment Key Points
-LISP can be deployed with the CRS 1000V in the cloud and either a CRS 1000V or ASR 1000 in the enterprise domain.
-The enterprise CRS must have at least two interfaces.One interface is the L3 routed interface to the core. Second interface is a Layer 2 interface to support VLAN connectivity for the servers that require mobility.
-The enterprise CRS does not need to be the default gateway and its interaction with the local infrastructure ( via the Layer 2 interface ) is based on Proxy-ARP. As a result, ARP packets must be allowed on the underlying networks.
-The Cloud CRS is also deployed with at least two interfaces. One interface is facing the Internet or MPLS network. Second interface is facing the local infrastructure, either by VLANs or Virtual Extensible LAN ( VXLAN ).
– The CRS offers machine level high availability and supports all the VMware high-availability features such as dynamic resource scheduling ( DRS ), vMotion, NIC load balancing and teaming.
-LISP is a network based solution and is independent of the hypervisor. You can have different hypervisors in the enterprise and in the public cloud. No changes to virtual servers or host. It’s completely transparent.
-The PxTR ( also used to forward to non LISP sites ) is deployed in the enterprise cloud and the xTR is deployed in the public cloud.
-The CRS1000V deployed in the public cloud is secured by an IPSEC tunnel. The LISP tunnel should be encrypted using IPSEC tunnel mode. Tunnel mode is preferred to support NAT.
-Each CRS must have one unique outside ip address. This is used to form the IPSEC tunnel between the two endpoints.
-Routing, either dynamic or static must be enabled over the IPSEC tunnel. This is to announce the RLOC IP address that are used by the LISP mapping system.
-The map-resolver ( MR ) and map-server ( MS ) can be enabled on the xTR in the Enterprise or the xTR in the cloud.
-Traffic symmetry is still required when you have stateful devices in the path.
LISP Stretched Subnets
The two modes of LISP operation are LISP “Across” subnet and LISP “Extended” subnet mode. With the LISP enabled CRS hybrid cloud deployment scenario, neither of these modes are used. The mode of operation utilized is called LISP stretched subnet mode ( SSM ). The same subnet is used on both sides of the network and mobility is performed between these two segments on the same subnet. You may think that this is the same as LISP “Extended” subnet mode but in this case we are not using a LAN extension between sites. Extended mode requires a LAN extension such as OTV.