LISP usage for DC migration Patrice Bellagamba Max Ardica

Enable LISP for Migration PxTR MS/MR ETR Using ASR1K as PxTR No modification of existing DC Need LISP PxTR in the flow Using Nexus 7K ETR with Mobility LISP ETR (using M1-32) can be either at aggregation or in Octopus Brownfield DC Greenfield DC

Control-plane event MS cache: 10.17.0.0/24 10.17.0.31/32 PiTR cache: 10.17.0.0/24 send map-request 10.17.0.0/24 forward-native 10.17.0.0/28 forward-native 10.17.0.31/32 complete ETR dyn EID cache: 10.17.0.31 Vlan1300 /32 ‘Send-map request’ is data-plane driven and triggers after ‘forward-native’ times out every 30s

Packet flow for North-West Ingress flow is tunnelled by PiTR toward Greenfield Return flow is in clear, using IP path PxTR Asymetric flow (ingress LISP, egress IP) is optimal if no Firewall between WAN edge & PiTR)

Packet flow for North-West Existance of a Firewall between WAN edge & PxTR requires symatrical flow  Use PeTR PeTR PeTR allows return flow to go thru LISP Path, nevertheless it requires ETR to work with default routing

Packet flow for West-East Need a /32 (today manually) to enable proxy-ARP Inter-subnet routing Still option of return traffic using PeTR Need a /32

Convergence testing Any failure on Browfield (PxTR side) is sub-second Failure on Greenfield (ETR with mobility side): If no default routing Sub second convergence But vPC peer-link failure (requires EEM script to get sub-second) If default routing: Requires RLOC Probing per EID  60s

Caveat PxTR is not (yet?) advertizing map-cache entries to routing Moved VM is not know in Brownfield Requires a manual /32 Route watch is not working with default routing But there is always in general a default route RLOC probing is per EID (scale ?) and slow (60s) LSB bits is not working with Nexus 7K vPC peer-link failure is not handled well Workaround using script Globally the solution works well and is deployable