wdiff draft-ietf-lisp-alt-02.txt draft-ietf-lisp-alt-03.txt

Network Working Group V. Fuller
Internet-Draft D. Farinacci
Intended status: Experimental D. Meyer
Expires: July 29, September 30, 2010 D. Lewis
Cisco
January 25,
March 29, 2010

LISP Alternative Topology (LISP+ALT)
draft-ietf-lisp-alt-02.txt
draft-ietf-lisp-alt-03.txt

Abstract

This document describes a method of building an alternative, logical
topology for managing simple mapping database to be used by the
Locator/ID Separation Protocol (LISP) to find Endpoint Identifier
(EID) to Routing Locator mappings
using (RLOC) mappings. Termed the Locator/ID Separation Protocol. The logical network Alternative
Logical Topology (ALT), the database is built as an overlay network
on the public Internet using existing
technologies and tools, specifically the Border Gateway Protocol (BGP) and
the Generic Routing Encapsulation. An important design goal for
LISP+ALT is to allow for Encapsulation (GRE). Using these proven
protocols, the ALT can be built and deployed relatively easy deployment of an
efficient mapping system while minimizing quickly
without major changes to the existing
hardware and software. routing infrastructure.

Status of this Memo

This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on July 29, September 30, 2010.

This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.

Table of Contents

1. Requirements Notation Introduction . . . . . . . . . . . . . . . . . . . . . 4
2. Introduction . . . . 4
2. Definition of Terms . . . . . . . . . . . . . . . . . . . . . 5
3. Definition of Terms . . The LISP+ALT model . . . . . . . . . . . . . . . . . . . 6
4. The LISP 1.5 model . . . 8
3.1. Routeability of EIDs . . . . . . . . . . . . . . . . . . . 8
4.1. Routeability of EIDs
3.1.1. Mechanisms for an ETR to originate EID-prefixes . . . 9
3.1.2. Mechanisms for an ITR to forward to EID-prefixes . . . 9
3.1.3. Map Server Model preferred . . . . . . . . . . . . . 8
4.2. . 9
3.2. Connectivity to non-LISP sites . . . . . . . . . . . . . . 9
4.3.
3.3. Caveats on the use of Data Probes . . . . . . . . . . . . 9
5. 10
4. LISP+ALT: Overview . . . . . . . . . . . . . . . . . . . . . . 10
5.1. 11
4.1. ITR traffic handling . . . . . . . . . . . . . . . . . . . 11
5.2. 12
4.2. EID Assignment - Hierarchy and Topology . . . . . . . . . 11
5.3. LISP+ALT Router (or ALT router for short) . . . . . . . . 12
5.4. ITR and ETR in a LISP+ALT Environment . . . . . . . . . . 13
5.5.
4.3. Use of GRE and BGP between LISP+ALT Routers . . . . . . . 13
6. EID Prefix 14
5. EID-prefix Propagation and Map-Request Forwarding . . . . . . 14
6.1. 15
5.1. Changes to ITR behavior with LISP+ALT . . . . . . . . . . 14
6.2. 15
5.2. Changes to ETR behavior with LISP+ALT . . . . . . . . . . 14
7. 15
6. BGP configuration and protocol considerations . . . . . . . . 16
7.1. 17
6.1. Autonomous System Numbers (ASNs) in LISP+ALT . . . . . . . 16
7.2. 17
6.2. Sub-Address Family Identifier (SAFI) for LISP+ALT . . . . 16
8. EID-Prefix 17
7. EID-prefix Aggregation . . . . . . . . . . . . . . . . . . . . 17
8.1. Traffic engineering with LISP and LISP+ALT . . . 18
7.1. Stability of the ALT . . . . . 17
8.2. Edge aggregation and dampening . . . . . . . . . . . . . . 18
9. Connecting sites to the ALT network . . . .
7.2. Traffic engineering using LISP . . . . . . . . . 19
9.1. ETRs originating information into the ALT . . . . . 18
7.3. Edge aggregation and dampening . . . 19
9.2. ITRs Using the ALT . . . . . . . . . . . . 19
7.4. EID assignment flexibility vs. ALT scaling . . . . . . . . 19
10.
8. Connecting sites to the ALT network . . . . . . . . . . . . . 21
8.1. ETRs originating information into the ALT . . . . . . . . 21
8.2. ITRs Using the ALT . . . . . . . . . . . . . . . . . . . . 21
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
11. 23
10. Security Considerations . . . . . . . . . . . . . . . . . . . 22
11.1. 24
10.1. Apparent LISP+ALT Vulnerabilities . . . . . . . . . . . . 22
11.2. 24
10.2. Survey of LISP+ALT Security Mechanisms . . . . . . . . . . 23
11.3. Using existing 25
10.3. Use of new IETF standard BGP Security mechanisms . . . . . . . . . . 23
12. 25
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 24
13. 26
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25
13.1. 27
12.1. Normative References . . . . . . . . . . . . . . . . . . . 25
13.2. 27
12.2. Informative References . . . . . . . . . . . . . . . . . . 25 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 28

1. Requirements Notation

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].

2. Introduction

This document describes a method of building an alternative logical
topology for managing Endpoint identifier the LISP+ALT mapping database, to Routing Locator mappings be used by
LISP to find EID-to-RLOC mappings. The ALT network is built using
the Locator/ID Separation Protocol [LISP]. This logical
topology uses existing technology and tools, specifically the Border Gateway Protocol [RFC4271] and its (BGP, [RFC4271]), the BGP multi-protocol
extension
[RFC2858], along with [RFC4760], and the Generic Routing Encapsulation [RFC2784]
protocol (GRE,
[RFC2784]) to construct an overlay network nnetwork of devices that advertise (ALT Routers)
which operate on EID-prefixes only. These Endpoint Identifier Prefix Aggregators hold
hierarchically-assigned pieces and use EIDs as forwarding
destinations.

ALT Routers advertise hierarchically-delegated segments of the Endpoint Identifier space EID
namespace (i.e., prefixes) and their next hops toward the rest of the ALT; they also
forward traffic destined for an EID covered by one of those prefixes
toward the network element which is authoritative for Endpoint Identifier-to-Routing Locator that EID (i.e.
is the origin of the advertisement of the EID-to-RLOC mapping
for which
applies to that prefix. EID). Map Resolvers (MRs; see [LISP-MS]) and, in
some cases, Ingress Tunnel routers can Routers (ITRs) use this overlay to make queries
against and respond to send
mapping requests made against the distributed
Endpoint Identifier-to-Routing Locator mapping database. Note the
database is distributed (as described in (using [LISP]) and is stored in to the
ETRs.

Note Egress Tunnel Routers (ETRs)
that an important design goal of LISP+ALT hold the EID-to-RLOC mappings for a particular EID-prefix

It is important to minimize note that the
number of changes ALT does not distribute actual EID-
to-RLOC mappings. What it does provide is a forwarding path from an
ITR (or MR) which requires an EID-to-RLOC mapping to existing hardware and/or software an ETR which
holds that are
required mapping. The ITR/MR uses this path to deploy send an ALT
Datagram (see Section 3) to an ETR which then responds with a Map-
Reply containing the needed mapping system. It information.

One design goal for LISP+ALT is envisioned that in most
cases to use existing technology can be used wherever
possible. To this end, the ALT is intended to be built using off-
the-shelf routers which already implement and deploy LISP+
ALT. Since the deployment of LISP+ALT adds new required protocols (BGP
and GRE); little, if any, LISP-specific modifications should be
needed for such devices to be deployed on the
network, existing devices not need changes or upgrades. They can
function as they ALT. Note, though,
that organizational and operational considerations suggest that ALT
Routers be both logically and physically separate from the "native"
Internet packet transport system; deploying this overlay on those
routers which are to realize an underlying already participating in the global routing system
and robust physical
topology. actively forwarding Internet traffic is not recommended.

The remainder of this document is organized as follows: Section 3 2
provides the definitions of terms used in this document. Section 4 3
outlines the basic LISP 1.5 model. Section 5 4 provides a basic
overview of the LISP Alternate Topology architecture, and Section 6 5
describes how the ALT uses BGP to propagate Endpoint Identifier
reachability over the overlay network. network and Section 8 6 describes other
considerations for using BGP on the ALT. Section 7 describes the
construction of the ALT aggregation hierarchy, and Section 9 8
discusses how LISP+ALT elements are connected to form the overlay
network.

2. Definition of Terms

LISP+ALT operates on two name spaces and introduces a new network
element, the LISP+ALT Router (see below). This section provides
high-level definitions of the LISP+ALT name spaces, network elements,
and message types.

The

Alternative Logical Topology (ALT): The virtual overlay network
made up of tunnels between EID Prefix Aggregators. LISP+ALT Routers. The Border Gateway
Protocol (BGP) runs between ALT routers Routers and is used to carry
reachability information for EID prefixes. EID-prefixes. The ALT provides a way
to forward Map-Requests (and, if supported, Data Probes) toward
the ETR that "owns" an EID-prefix. As a tunneled overlay, its
performance is expected to be quite limited so use of it to
forward high-bandwidth flows of Data Probes is strongly
discouraged (see Section 3.3 for additional discussion).

Legacy Internet: The portion of the Internet which does not run
LISP and does not participate in LISP+ALT.

LISP+ALT

ALT Router: The devices which run on the ALT. The ALT is a static
network built using tunnels between LISP+ALT routers. ALT Routers. These routers
are deployed in a hierarchy roughly-hierarchical mesh in which routers at
each level in the this hierarchy topology are responsible for aggregating all
EID EID-
prefixes learned from those logically "below" them and advertising
summary prefixes to the routers those logically "above" them. All prefix Prefix learning
and propagation between levels ALT Routers is done using BGP. A LISP+ALT router An ALT
Router at the lowest level, or "edge" of the ALT, learns EID EID-
prefixes from its "client" ETRs. See Section 4.1 3.1 for a
description of how EID prefixes EID-prefixes are learned at the "edge" of the
ALT. See also Section 7 6 for details on how BGP is configured
between the different network elements.

The primary function of LISP+ALT routers is to provide a
lightweight When an ALT Router
receives an ALT Datagram, it looks up the destination EID in its
forwarding infrastructure for LISP control-plane
messages (Map-Request and Map-Reply), table (composed of EID prefix routes it learned from
neighboring ALT Routers) and forwards it to transport data
packets when the packet has the same destination address in both logical next-hop
on the inner (encapsulating) destination and outer destination
addresses ((i.e., a Data Probe packet). overlay network.

Endpoint ID (EID): A 32-bit (for IPv4) or 128-bit (for ipv6) value
used in to identify the ultimate source and or destination address fields of the first
(most inner) LISP header of for a LISP-
encapsulated packet. See [LISP] for details.

EID-prefix: A packet that is emitted by
a system contains set of EIDs delegated in its headers and LISP headers a power-of-two block. EID-
prefixes are
prepended only when routed on the packet reaches an Ingress Tunnel Router
(ITR) ALT (not on the data path global Internet) and
are expected to the destination EID.

In LISP+ALT, EID-prefixes MUST BE be assigned in a hierarchical manner (in power-of-two) such that
they can be aggregated by LISP+ ALT routers. In addition, Routers. Such a block is
characterized by a prefix and a length. Note that while the ALT
routing system considers an EID-prefix to be an opaque block of
EIDs, an end site may have site-local put site-local, topologically-relevant
structure in
how EIDs are topologically organized (subnetting) into an EID-prefix for routing
within the site; this structure is not visible to the global
routing system.

EID-Prefix Aggregate: intra-site routing.

Aggregated EID-prefixes: A set of individual EID-prefixes said to be aggregatable that have
been aggregated in the [RFC4632] sense. That is, an EID-Prefix aggregate is
defined to be a single contiguous power-of-two EID-prefix block.
Such a block is characterized by

Map Server (MS): An edge ALT Router that provides a prefix registration
function for non-ALT-connected ETRs, originates EID-prefixes into
the ALT on behalf of those ETRs, and a length. forwards Map-Requests to
them. See [LISP-MS] for details.

Map Resolver (MR): An edge ALT Router that accepts an Encapsulated
Map-Request from a non-ALT-connected ITR, decapsulates it, and
forwards it on to the ALT toward the ETR which owns the requested
EID-prefix. See [LISP-MS] for details.

Ingress Tunnel Router (ITR): A router which sends LISP Map-
Requests or encapsulates IP datagrams with LISP headers, as
defined in [LISP]. In this document, the term refers to any
device implementing ITR functionality, including a Proxy-ITR (see
[LISP-IW]). Under some circumstances, a LISP Map Resolver may
also originate Map-Requests (see [LISP-MS]).

Egress Tunnel Router (ETR): A router which sends LISP Map-Replies
in response to LISP Map-Requests and decapsulates LISP-
encapsulated IP datagrams for delivery to end systems, as defined
in [LISP]. In this document, the term refers to any device
implementing ETR functionality, including a Proxy-ETR (see
[LISP-IW]). Under some circumstances, a LISP Map Server may also
respond to Map-Requests (see [LISP-MS]).

Routing Locator (RLOC): An A routable IP address of an egress for a LISP tunnel
router
(ETR). It (ITR or ETR). Interchangeably referred to as a "locator"
in this document. An RLOC is also the output of a an EID-to-RLOC
mapping lookup. An EID lookup; an EID-prefix maps to one or more RLOCs.
Typically, RLOCs are numbered from topologically-aggregatable
blocks that are assigned to a site at each point to which where it attaches
to the global Internet; where the topology is defined by the
connectivity of provider networks, RLOCs can be thought of as
Provider Aggregatable (PA) addresses.
Note that in LISP+ALT, Routing for RLOCs are is not
carried by LISP+ALT routers. on the ALT.

EID-to-RLOC Mapping: A binding between an EID EID-prefix and the RLOC-set set of
RLOCs that can be used to reach the EID. The term "mapping" refers it; sometimes referred to an
EID-to-RLOC mapping.

EID Prefix simply
as a "mapping".

EID-prefix Reachability: An EID prefix EID-prefix is said to be "reachable" if
at least one or more of its locators are is reachable. That is, an EID prefix EID-prefix
is reachable if the ETR (or its proxy) that is authoritative for a given EID-to-RLOC EID-to-
RLOC mapping is reachable.

Default Mapping: A Default Mapping is a mapping entry for EID-
prefix 0.0.0.0/0 (0::/0 for ipv6). It maps to a locator-set used
for all EIDs in the Internet. If there is a more specific EID-
prefix in the mapping cache it overrides the Default Mapping
entry. The Default Mapping route can be learned by configuration or
from a Map-Reply message.

ALT Default Route: A Default Route in the context of LISP+ALT is a EID-
prefix An EID-prefix value of 0.0.0.0/0 (or 0::/0 for
ipv6) which is advertised
by BGP on top of may be learned from the ALT. ALT or statically configured
on an edge ALT Router. The Default ALT-Default Route is used to create defines a forwarding
path for a packet to be sent into the ALT (and ALT
datagram) on a router which does
not have a full ALT forwarding database.

3. The LISP 1.5 LISP+ALT model

As documented in [LISP], the LISP 1.5

The LISP+ALT model uses the same basic query/response protocol machinery as LISP 1.0. that
is documented in [LISP]. In particular, LISP+
ALT LISP+ALT provides two mechanisms for types
of packet that an ITR can originate to obtain EID-to-RLOC mappings
(both mappings:

Map-Request: A Map-Request message is sent into the ALT to request
an EID-to-RLOC mapping. The ETR which owns the mapping will
respond to the ITR with a Map-Reply message. Since the ALT only
forwards on EID destinations, the destination address of these techniques are described in more detail in
Section 9.2): the Map-
Request sent on the ALT must be an EID. See [LISP] for the format
of Map-Request and Map-Reply packets.

Data Probe: An Alternatively, an ITR may encapsulate and send the first few
data packets packet destined for an EID with no known RLOCs into the ALT
to
as a Data Probe. This might be done minimize packet loss and to
probe for the mapping; mapping. As above, the authoritative ETR for the
EID-prefix will respond to the ITR with a Map-Reply message when
it receives the data packet over the ALT. As a side-effect, the
encapsulated data packet is delivered to the end-system at the ETR
site. Note that in this
case, the Data Probe's inner Destination Address (DA), IP destination address,
which is an EID, is copied to the outer DA and is IP destination address so
that the resulting packet can be routed over the ALT.

Map-Request: An ITR may also send a Map-Request message into the ALT
to request the mapping. As in the Data Probe case, the
authoritative ETR will respond to the ITR with a Map-Reply
message. Since the ALT only forwards on EID destinations, the DA
of the Map-Request sent in to the ALT MUST be an EID. See [LISP]
Section 3.3 for caveats on the format usability of Map-Request and Map-Reply packets.

ALT datagram: A Data Probes.

The term "ALT Datagram" is short-hand for a Map-Request or Data Probe
to be sent into or forwarded on the ALT.

4.1. Routeability Note that while the outer
header Source Address of EIDs

As with LISP 1.0, EIDs are routable and can an ALT Datagram is currently expected to be used, unaltered, as
the source and destination addresses in IP datagrams. Unlike in LISP
1.0, LISP 1.5
an RLOC, there may be situations (e.g. for experimentation with
caching in intermediate ALT nodes) where an EID would be used to
force a Map-Reply to be routed back through the ALT.

3.1. Routeability of EIDs

A LISP EID has the same syntax as IP address and can be used,
unaltered, as the source or destination of an IP datagram. In
general, though, EIDs are not routable on the public Internet; instead,
they are only routed over LISP+
ALT provides a separate, virtual topology referred to network, known as the LISP
Alternative Virtual Network. Logical Topology (ALT) on which a datagram using an EID
as an IP destination address may be transmitted. This network is
built as an overlay on the public Internet using tunnels to
interconnect LISP+ALT
routers. ALT Routers. BGP is run runs over these tunnels to propagate the
path information needed to route forward ALT datagrams. Datagrams. Importantly, while
the ETRs are the source(s) of the unaggregated EID prefix data, EID-prefixes, LISP+ALT
uses existing BGP mechanisms to aggressively aggregate this information. Note that

3.1.1. Mechanisms for an ETR is not required to participate (or prevented from
participating) in LISP+ALT; originate EID-prefixes

There are three ways that an ETR may choose to communicate originate its mappings to its serving LISP+ALT router(s) using subscription time
static configuration or through into the
ALT:

1. By registration with a dynamic mechanism such Map Server as that
described documented in [LISP-MS]. An ITR may similarly use a static EID
"default route" or other configuration as described in [LISP-MS] to
avoid the complexity of participating in
This is the ALT.

4.2. Connectivity common case and is expected to non-LISP sites

As stated above, EIDs be used as IP addresses by LISP sites are not
routable on the public Internet. This implies that, absent
majority of ETRs.

2. Using a
mechanism for communication between LISP and non-LISP sites,
connectivity between them is not possible. To resolve this problem,
an "interworking" technology has been defined; see [Interworking] for
details.

4.3. Caveats "static route" on the use of Data Probes

It ALT. Where no Map-Server is worth noting that there has been
available, an edge ALT Router may be configured with a great deal of discussion and
controversy about "static
EID-prefix route" pointing to an ETR.

3. Edge connection to the ALT. If a site requires fine- grained
control over how its EID-prefixes are advertised into the ALT, it
may configure its ETR(s) with tunnel and BGP connections to edge
ALT Routers.

3.1.2. Mechanisms for an ITR to forward to EID-prefixes

There are three ways that an ITR may send ALT Datagrams:

1. Through a Map Resolver as documented in [LISP-MS]. This is the
common case and is expected to be used by the majority of ITRs.

2. Using a "default route". Where a Map Resolver is not available,
an ITR may be configured with a static ALT Default Route pointing
to an edge ALT Router.

3. Edge connection to the ALT. If a site requires fine-grained
knowledge of what prefixes exist on the ALT, it may configure its
ITR(s) with tunnel and BGP connections to edge ALT Routers.

3.1.3. Map Server Model preferred

The ALT-connected ITR and ETR cases are expected to be rare, as the
Map Server/Map Resolver model is both simpler for an ITR/ETR operator
to use, and provides a more general service interface to not only the
ALT, but also to other mapping databases that may be developed in the
future.

3.2. Connectivity to non-LISP sites

As stated above, EIDs used as IP addresses by LISP sites are not
routable on the public Internet. This implies that, absent a
mechanism for communication between LISP and non-LISP sites,
connectivity between them is not possible. To resolve this problem,
an "interworking" technology has been defined; see [LISP-IW] for
details.

3.3. Caveats on the use of Data Probes

It is worth noting that there has been a great deal of discussion and
controversy about whether Data Probes are a good idea. On the one
hand, using them offers a method of avoiding the "first packet drop"
problem when an ITR does not have a mapping for a particular EID-
prefix. On the other hand, forwarding data packets on the ALT would
require that it either be engineered to support relatively high
traffic rates, which is not generally feasible for a tunneled
network, or that it be carefully designed to aggressively rate- limit rate-limit
traffic to avoid congestion or DoS attacks. There are may also other be issues involving
caused by different latency or other differences performance characteristics
between the ALT path
that taken by an initial a Data Probe would take and the
"Internet" path that taken by subsequent packets on the same flow would take once a
mapping were is in place on an ITR. For these and other reasons reasons, the use of Data
Probes is not recommended at this time; they should only be
considered experimental
originated an ITR when explicitly configured to do so and such
configuration should only be disabled by default in all ITR
implementations.

5. enabled when performing experiments
intended to test the viability of using Data Probes.

4. LISP+ALT: Overview

LISP+ALT is a hybrid push/pull architecture. Aggregated EID prefixes EID-prefixes
are "pushed" advertised among the LISP+ALT routers and, optionally, out ALT Routers and to those (rare) ITRs
(which may elect that
are directly connected via a tunnel and BGP to receive the aggregated information, as opposed to
simply using a default mapping). ALT. Specific
EID-to-RLOC mappings are
"pulled" requested by ITRs an ITR (and returned by an ETR)
using LISP when they it sends a request either send explicit LISP requests via a Map Resolver or data
packets on the alternate topology that result in triggered replies
being generated by ETRs. to an
edge ALT Router.

The basic idea embodied in LISP+ALT is to use BGP, running over on a
tunneled overlay network, network (the ALT), to establish reachability required to route between
ALT datagrams over an alternate logical topology (ALT). Routers. The ALT
BGPRoute BGP Route Information Base (RIB) is comprised
of EID prefixes EID-prefixes and associated next hops. LISP+ALT routers ALT Routers interconnect
using eBGP BGP and propagate EID EID-prefix updates among themselves. EID-
prefix updates, which are information is learned over eBGP connections
to authoritative ETRs, or by from ETRs at the "edge" of the ALT
either through the use of the Map Server interface (the commmon
case), static configuration. ITRs may also
eBGP peer with one configuration, or more LISP+ALT by BGP-speaking ETRs.

An ITR uses the ALT to learn the best ALT router to
use to forward path for forwarding an ALT datagram for
Datagram destined to a particular prefix; in most
cases, an EID-prefix. An ITR will have normally
use a default EID mapping pointing Map Resolver to one send its ALT Datagrams on to the ALT but may,
in unusual circumstances, use a static ALT Default Route or more
LISP+ALT routers. connect
to the ALT using BGP.

Note that while this document specifies the use of Generic Routing
Encapsulation (GRE) as a tunneling mechanism, there is no reason that
an
parts of the ALT cannot be built using other tunneling technologies. In technologies,
particularly in cases where GRE does not meet security, management,
or other operational
requirements, it is reasonable to use another tunneling technology
that does. References requirements. References to "GRE tunnel" in
later sections of this document should therefore not be taken as
prohibiting or precluding the use of other, available other tunneling mechanisms.
Note also that two
LISP+ALT routers ALT Routers that are directly adjacent (with no
layer-3 router hops between them) need not use a tunnel between them;
in this case, BGP may be configured across the interfaces that
connect to their common subnet and that subnet is then considered to
be part of the ALT topology. Use of techniques, techniques such as "eBGP multihop",
multihop" to forward connect ALT
datagrams through routers Routers that do not participate share a tunnel or common
subnet is not recommended as the non-ALT Routers in between the ALT routing, is
Routers in such a configuration may not recommended. have information necessary to
forward ALT Datagrams destined to EID-prefixes exchanged across that
BGP session.

In summary, LISP+ALT uses BGP to propagate EID-prefix update
information to facilitate forwarding build paths through ALT Routers so
that an ALT datagram Datagram sent into the ALT can be forwarded to the ETR
that holds the EID-to-RLOC mapping for that EID-prefix. This
reachability is carried as IPv4 or IPv6 ipv6 NLRI without modification
(since an EID
prefix EID-prefix has the same syntax as IPv4 or IPv6 ipv6 address
prefix). LISP+ALT
routers eBGP peer ALT Routers establish BGP sessions with one another,
forming the ALT. A LISP+ALT
router near An ALT Router at the edge "edge" of the topology learns EID prefixes
EID-prefixes originated by authoritative ETRs. This Learning may be via eBGP with
though the ETRs, Map Server interface, by static configuration, or through some other dynamic mechanism such as that defined in
[LISP-MS]. A LISP+ALT router via BGP
with the ETRs. An ALT Router may also be configured to aggregate EID
prefixes
EID-prefixes received from ETRs or from other LISP+ALT routers that
are topologically "downstream" from it.

5.1.

4.1. ITR traffic handling

When an ITR receives a packet originated by an end system within its
site (i.e. a host for which the ITR is the exit path out of the site)
and the destination EID for that packet is not known in the ITR's
mapping cache, the ITR encapsulates the packet in creates either a LISP header, copying Map-Request for the
inner
destination address (EID) to EID or the outer destination address
(RLOC), and transmits it through a GRE tunnel to original packet encapsulated as a LISP+ALT router in Data Probe
(see Section 3.3 for caveats on the usability of Data Probes). The
result, known as an ALT Datagram, is then sent to an ALT Router (see
also [LISP-MS] for non-ALT-connected ITRs, noting that
an ITR cannot send Data Probes
cannot be sent to a Map-Server). Map-Resolver). This "first hop"
LISP+ALT router ALT Router uses
EID-prefix routing information learned from other LISP+ALT routers ALT Routers via BGP
to guide the packet to the ETR which "owns" the prefix. Upon receipt
by the ETR, normal LISP processing occurs: the ETR responds to the
ITR with a LISP Map-Reply that lists the RLOCs (and, thus, the ETRs
to use) for the EID prefix. The EID-prefix. For Data Probes, the ETR also de-encapsulates
decapsulates the packet and transmits it toward its destination.

Upon receipt of the Map-Reply, the ITR installs the RLOC information
for a given prefix into a local mapping database. With these mapping
entries stored, additional packets destined to the given EID prefix EID-prefix
are routed directly to a viable ETR an RLOC without use of the ALT, until either
the entry's TTL has expired, or the ITR can otherwise find no
reachable ETR. Note that a valid current mapping (not timed-out) may exist that contains
no reachable RLOCs (i.e. all paths to that ETR are
down); in RLOCs; this case, is known as a Negative Cache Entry and it
indicates that packets destined to the EID prefix EID-prefix are dropped,
not routed through the ALT. to be dropped.

Full details on Map-Request/Map-Reply processing may be found in
[LISP].

Traffic routed over on to the ALT therefore consists of:

o EID prefix Map-Requests, and

o data packets destined for those EID prefixes while solely of ALT Datagrams, i.e.
Map-Requests and Data Probes (if supported). Given the ITR awaits
map replies

5.2. relatively
low performance expected of a tuneled topology, ALT Routers (and Map
Resolvers) should aggressively rate-limit the ingress of ALT
Datagrams from ITRs and, if possible, should be configured to not
accept packets that are not ALT Datagrams.

4.2. EID Assignment - Hierarchy and Topology

EID-prefixes will are expected to be allocated to a LISP site by Internet
Registries.
Multiple Where a site has multiple allocations may not be in which are aligned
on a power-of-2 blocks. But when they
are, block boundary, they will should be aggregated into a single, advertised EID-prefix.
single EID-prefix for advertisement. The ALT network is built in a tree-structured hierarchy
roughly hierarchical, partial mesh which is intended to allow
aggregation at merge points in the tree. where clearly-defined hierarchical boundaries exist.
Building such a structure should minimize the number of EID-prefixes
carried by LISP+ALT nodes near the top of the hierarchy.

Since

Routes on the ALT will do not need to change due respond to subscription changes in policy,
subscription, or policy
reasons, underlying physical connectivity, so the topology
can remain relatively static and aggregation can be sustained.
Because routing on the ALT uses BGP, the same rules apply for
generating aggregates; in particular, a LISP+ALT
router ALT Router should only be
configured to generate an aggregate if it is configured with BGP
sessions to all of the originators of components
(more-specifics (more-specific
prefixes) of that aggregate; not aggregate. Not all of the components of need to be
present for the aggregate to be originated (some may be holes in the
covering prefix and some may be down) but the aggregating router must
be configured to learn the state of all of the components.

As an example, consider ETRs that are originating EID prefixes for
10.1.0.0/24, 10.1.64.0/24, 10.1.128.0/24, and 10.1.192.0/24. An ALT
router should only be configured to generate an aggregate for
10.1.0.0/16 if it has BGP sessions configured with all of these ETRs,
in other words, only if it has sufficient knowledge about the state
of those prefixes to summarize them.

Under what circumstances the ALT router Router actually generates the
aggregate is a matter of local policy: in some cases, it will be
statically configured to do so at all times with a "static discard"
route. In other cases, it may be configured to only generate the
aggregate prefix if at least one of the components of the aggregate
is learned via BGP.

An ALT Router must not generate an aggregate that includes a non-
LISP-speaking hole unless it can be configured to return a Negative
Map-Reply with action="Natively-Forward" (see [LISP]) if it receives
an ALT Datagram that matches that hole. If it receives an ALT
Datagram that matches a LISP-speaking hole that is currently not
reachable, it should return a Negative Map-Reply with action="drop".
Negative Map-Replies should be returned with a short TTL, as
specified in [LISP-MS]. Note that an off-the-shelf, non-LISP-
speaking router configured as an aggregating ALT Router cannot send
Negative Map-Replies, so such a router must never originate an
aggregate that includes a non-LISP-speaking hole.

This implies that two ALT routers Routers that share an overlapping set of
prefixes must exchange those prefixes if either is to generate and
export a covering aggregate for those prefixes. It also implies that
an ETR which connects to the ALT using BGP must maintain BGP sessions
with all of the ALT routers Routers that are configured to originate an
aggregate which covers that prefix. See also [LISP-MS] for an
example prefix and that each of those ALT Routers
must be explicitly configured to know the set of EID-prefixes that
make up any aggregate that it originates. See also [LISP-MS] for an
example of other ways that prefix origin consistency and aggregation
are
can be maintained.

As an example, consider ETRs that are originating EID-prefixes for
10.1.0.0/24, 10.1.64.0/24, 10.1.128.0/24, and 10.1.192.0/24. An ALT
Router should only be configured to generate an aggregate for
10.1.0.0/16 if it has BGP sessions configured with all of these ETRs,
in other words, only if it has sufficient knowledge about the state
of those prefixes to summarize them. If the Router originating
10.1.0.0/16 receives an ALT Datagram destined for 10.1.77.88, a non-
LISP destination covered by the aggregate, it returns a Negative Map-
Reply with action "Natively-Forward". If it receives an ALT Datagram
destined for 10.1.128.199 but the configured LISP prefix
10.1.128.0/24 is unreachable, it returns a Negative Map-Reply with
action "drop".

Note: much is currently uncertain about the best way to build the ALT
network; as testing and prototype deployment proceeds, a guide to how
to best build the ALT network will be developed.

5.3. LISP+ALT Router (or ALT router for short)

A LISP+ALT Router has the following functionality:

1. It runs, at a minimum, the eBGP part

4.3. Use of the BGP protocol.

2. It supports a separate RIB which uses next-hop GRE tunnel
interfaces for forwarding ALT datagrams.

3. It can act as a "proxy-ITR" to support non-LISP sites.

4. It can act as an ETR, or as a recursive or re-encapsulating ITR
to reduce mapping tables in site-based LISP routers.

5.4. ITR and ETR in a LISP+ALT Environment

An ITR using BGP between LISP+ALT may have additional functionality as follows:

1. If it Routers

The ALT network is also acting as a LISP+ALT Router, it sends built using GRE tunnels between ALT datagrams
on the Routers. BGP best path computed GRE tunnel for
sessions are configured over those tunnels, with each EID prefix.

2. When ALT Router
acting solely as a ITR, it sends ALT datagrams directly to a
configured LISP+ALT router.

An ETR using LISP+ALT may also behave slightly differently:

1. If it is also acting as a LISP+ALT router, it advertises its
configured EID-prefixes into BGP for distribution through the
ALT.

2. It receives ALT datagrams only from its "upstream" LISP+ALT
routers over the GRE tunnel(s) configured to it/them. It
responds with Map-Replies for the EID prefixes that it "owns".

5.5. Use of GRE and BGP between LISP+ALT Routers

The ALT network is built using GRE tunnels between LISP+ALT routers.
eBGP sessions are configured over those tunnels, with each LISP+ALT
router acting as a separate AS "hop" in separate AS "hop" in a Path Vector for BGP. For the
purposes of LISP+ALT, the AS-path is used solely as a shortest-
path shortest-path
determination and loop-avoidance mechanism. Because all next-
hops next-hops
are on tunnel interfaces, no IGP is required to resolve those
next-hops next-
hops to exit interfaces.

LISP+ALT's use of GRE and BGP reduces provider Operational Expense
(OPEX) facilities deployment and operation of
LISP because no new protocols need to be either defined defined, implemented, or
used on the overlay topology. Also, topology; existing BGP/GRE tools and operational
expertise are also re-used. Tunnel address assignment is also easy:
since the addresses on an ALT tunnel are only used by the pair of
routers connected to the tunnel, the only requirement of the IP
addresses are local in
scope, no coordination used to establish that tunnel is needed for their assignment; that the attached routers
be reachable by each other; any addressing
scheme (including plan, including private addressing)
addressing, can therefore be used for tunnel
addressing.

6. EID Prefix ALT tunnels.

5. EID-prefix Propagation and Map-Request Forwarding

As described in Section 9.2, 8.2, an ITR may send either a Map-Request or
a data probe sends an ALT Datagram to find a given
EID-to-RLOC mapping. The ALT provides the infrastructure that allows
these requests to reach the authoritative ETR.

Note that, that under normal circumstances, circumstances Map-Replies are not sent over
the ALT - an ETR sends a Map-Reply to the source RLOC learned from
the original Map-Request. There may be scenarios, perhaps to
encourage caching of EID-to-RLOC mappings by ALT routers, Routers, where Map-
Replies could be sent over the ALT or where a "first-hop" ALT router
might modify the originating RLOC on a Map-Request received from an
ITR to force the Map-Reply to be sent returned to it; these the "first-hop" ALT
Router. These cases will not be supported by initial LISP+ALT
implementations but may be subject to future experimentation.

LISP+ALT routers

ALT Routers propagate mapping path information for use via BGP ([RFC4271]) that is
used by ITRs (when
sending to send ALT datagrams) using eBGP [RFC4271]. eBGP Datagrams toward the appropriate ETR for
each EID-prefix. BGP is run on the
inter-LISP+ALT router inter-ALT Router links, and
possibly between an edge ("last hop") LISP+ALT router ALT Router and an ETR or
between an edge ("first hop")
LISP+ALT router ALT Router and an ITR. The ALT eBGP BGP RIB
consists of aggregated
EID prefixes EID-prefixes and their next hops toward the
authoritative ETR for that EID prefix.

6.1. EID-prefix.

5.1. Changes to ITR behavior with LISP+ALT

When using LISP+ALT,

As previously described, an ITR sends ALT datagrams to one of will usually use the Map Resolver
interface and will send its
"upstream" LISP+ALT routers; these are sent only to Map Requests to a Map Resolver. When an
ITR instead connects via tunnels and BGP to the ALT, it sends ALT
Datagrams to one of its "upstream" ALT Routers; these are sent only
to obtain new EID-
to-RLOC EID-to-RLOC mappings - RLOC probe and cache TTL refresh
Map-Requests are not sent on the ALT. As in basic LISP, it should
use one of its RLOCs as the source address of these queries; it
should explicitly not use a tunnel interface as the source address as doing so
will cause replies to be forwarded over the tunneled topology and may
be problematic if the tunnel interface address is not explicitly routed
throughout the ALT. If the ITR is running BGP with the LISP+ALT
router(s), it selects the appropriate LISP+ALT router ALT Router based on the BGP
information received. If it is not running BGP, it uses static
configuration a
statically-configued ALT Default Route to select a LISP+ALT router; in the general case, this
will effectively be an "EID-prefix default route".

6.2. ALT Router.

5.2. Changes to ETR behavior with LISP+ALT

As previously described, an ETR will usually use the Map Server
interface (see [LISP-MS]) and will register its EID-prefixes with its
configured Map Servers. When an ETR instead connects using BGP to
one or more LISP+ALT router(s), ALT Routers, it
simply announces its EID-prefix EID-prefix(es) to those LISP+ALT routers. ALT
Routers. Note that when an ETR generates a Map-Reply message to
return to a querying ITR, it sends it to the ITR's source-RLOC (i.e.,
on the underlying Internet topology, not on the ALT; this avoids any
latency penalty (or "stretch") that might be incurred by routing over
the ALT).

6. BGP configuration and protocol considerations

7.1.

6.1. Autonomous System Numbers (ASNs) in LISP+ALT

The primary use of BGP today is to define the global Internet routing
topology in terms of its participants, known as Autonomous Systems.
LISP+ALT specifies the use of BGP to create a global overlay network
(the ALT) for finding EID-to-RLOC
mapping database which, while mappings. While related to the
global routing database, the ALT serves a very different purpose and
is organized into a very different hierarchy. Because LISP+ALT does
use BGP, however, it uses ASNs in the paths that are propagated among LISP+ALT routers.
ALT Routers. To avoid confusion, it needs to be stressed that that
these LISP+ALT ASNs use a new numbering space that is unrelated to
the ASNs used by the global routing system. Exactly how this new
space will be assigned and managed will be determined during experimental the
deployment of LISP+ALT.

Note that the LISP+ALT routers ALT Routers that make up the "core" of the ALT will not
be associated with any existing core-Internet ASN because
topology, hierarchy, and aggregation boundaries are the ALT
topology is completely separate from from, and independent of of, the global
Internet routing system.

7.2.

6.2. Sub-Address Family Identifier (SAFI) for LISP+ALT

As defined by this document, LISP+ALT may be implemented using BGP
without modification. Given the fundamental operational difference
between propagating global Internet routing information (the current, current
dominant use of BGP) and managing the global EID-to-RLOC database creating an overlay network for finding EID-
to-RLOC mappings (the use of BGP proposed by this document), it may
be desirable to assign a new SAFI [RFC2858] [RFC4760] to prevent operational
confusion and difficulties, including the inadvertent leaking of
information from one domain to the other. Use of a separate SAFI
would make it easier to debug many operational problems but would
come at a significant cost: unmodified, off-the-shelf routers which
do not understand the new SAFI could not be used to build any part of
the ALT network. At present, this document does not require request the
assignment of a new SAFI but the authors anticipate that SAFI; additional experimentation may suggest the
need for one in the future.

8. EID-Prefix

7. EID-prefix Aggregation

The ALT BGP peering topology should be arranged in a tree-like
fashion (with some meshiness), with redundancy to deal with node and
link failures. A basic assumption is that as long as the routers are
up and running, the underlying topology Internet will provide alternative
routes to maintain BGP connectivity among LISP+ALT routers. ALT Routers.

Note that, as mentioned in Section 5.2, 4.2, the use of BGP by LISP+ALT
requires that information can only be aggregated where all active
more-specific more-
specific prefixes of a generated aggregate prefix are known. This implies, for example, that if a given set of prefixes is used by
multiple, ALT networks, those networks must interconnect and share
information about all of the prefixes if either were to generate an
aggregate prefix that covered all of them. This is
no different than the way that BGP route aggregation works in the
existing global routing system: a service provider only generates an
aggregate route if it is configured to learn to all prefixes that
make up that aggregate.

8.1. Traffic engineering with LISP and LISP+ALT

7.1. Stability of the ALT

It is worth noting that LISP+ALT does not directly propagate EID-to-
RLOC mappings. What it does is provide a mechanism for a LISP an ITR to
find
commonicate with the ETR that holds the mapping for a particular EID EID-
prefix. This distinction is important for several reasons. First, it means
that when considering the reachability stability
of RLOCs is learned through BGP on the LISP ITR-ETR
exchange ALT network as compared to the global routing system.
It also has implications for how site-specific EID-prefix information
may be used by LISP but not propagated by LISP+ALT (see Section 7.2
below).

RLOC prefixes are not propagated through the ALT so "flapping" their
reachability is not determined through use of state information LISP+ALT. Instead,
reachability of RLOCs is learned through the LISP ITR-ETR exchange.
This means that link failures or other service disruptions that may
cause the reachability of an RLOC to change are not known to the ALT.
Changes to the presence of an EID-prefix on the ALT occur much less
frequently: only at subscription time or in the event of a failure of
the ALT infrastructure itself. This means that "flapping" (frequent
BGP updates and withdrawals due to prefix state changes) is not
likely
nor can and mapping information cannot become "stale" by due to slow
propagation through the ALT BGP mesh. Second, by deferring

7.2. Traffic engineering using LISP

Since an ITR learns an EID-to-RLOC mapping
to an ITR-ETR exchange, directly from the ETR that
owns it, it is possible to perform site-to-site traffic engineering through a combination of
by setting the preference
and and/or weight fields fields, and by returning including
more-specific EID-to-RLOC information in LISP Map-Reply messages.

This is a powerful mechanism that can conceivably replace the
traditional practice of routing prefix deaggregation for traffic
engineering purposes. Rather than propagating more-specific
information into the global routing system for local- or regional-optimization regional-
optimization of traffic flows, such more-
specific more-specific information can be
exchanged, through LISP (not LISP+ALT), on an as-needed basis between
only those ITRs/ETRs (and, thus, site pairs) that need it; should it. Should a
receiving ITR decide that it does not wish to store such more-specific more-
specific information, it has the option of discarding it as long as a
shorter, covering EID prefix EID-prefix exists. Not
only does this greatly improve the scalability Such an exchange of the global routing
system but it also allows improved "more-
specifics" between sites facilitates traffic engineering techniques engineering, by allowing
richer and more fine-grained policies to be applied.

8.2. applied without
advertising additional prefixes into either the ALT or the global
routing system.

Note that these new traffic engineering capabilities are an attribute
of LISP and are not specific to LISP+ALT; discussion is included here
because the BGP-based global routing system has traditionally used
propagation of more-specific routes as a crude form of traffic
engineering.

7.3. Edge aggregation and dampening

Note also that normal

Normal BGP best common practices apply to the ALT network. In
particular, first-hop ALT routers Routers will aggregate EID prefixes and
dampen changes to them in the face of excessive updates. Since EID EID-
prefix assignments are not expected to change with anywhere as frequently as global
routing BGP prefix reachability on the Internet, reachability, such dampening should be very rare rare,
and might be worthy of logging as an exceptional event. It is again
worth noting that the ALT carries only EID
prefixes, along with BGP-generated EID-prefixes, used to
construct BGP paths to their owning ETRs; it does not carry
reachability about RLOCs. In addition, EID-prefix information may be
aggregated as the topology and address assignment hierarchy allow.
Since the topology is all tunneled and can be modified as needed,
reasonably good aggregation should be possible. In addition, since
most ETRs are expected to connect to the ALT using the Map Server
interface, Map Servers will implement a natural "edge" for the ALT
where dampening and aggregation can be applied. For these reasons,
the ETRs that source
those prefixes as advertisements travel over the logical topology;
this set of prefix information is considerablly on the ALT can be expected to be both
better aggregated and considerably less volatile than the actual EID-to-RLOC EID-
to-RLOC mappings.

7.4. EID assignment flexibility vs. ALT scaling

There are major open questions regarding how the ALT will be deployed
and what organization(s) will operate it. In a simple, non-
distributed world, centralized administration of EID prefix
assignment and ALT network design would facilitate a well- aggregated
ALT routing system. Business and other realities will likely result
in a more complex, distributed system involving multiple levels of
prefix delegation, multiple operators of parts of the ALT
infrastructure, and a combination of competition and cooperation
among the participants. In addition, re-use of existing IP address
assignments, both "PI" and "PA", to avoid renumbering when sites
transition to LISP will further complicate the processes of building
and operating the ALT.

A number of conflicting considerations need to be kept in mind when
designing and building the ALT. Among them are:

1. Target ALT routing state size and level of aggregation. As
described in Section 7.1, the ALT should not suffer from some of
the performance constraints or stability issues as the Internet
global routing system, so some reasonable level of deaggregation
and increased number of EID prefixes beyond what might be
considered ideal should be acceptable. That said, measures, such
as tunnel rehoming to preserve aggregation when sites move from
one mapping provider to another and implementing aggregation at
multiple levels in the hierarchy to collapse de-aggregation at
lower levels, should be taken to reduce unnecessary explosion of
ALT routing state.

2. Number of operators of parts of the ALT and how they will be
organized (hierarchical delegation vs. shared administration).
This will determine not only how EID prefixes are assigned but
also how tunnels are configured and how EID prefixes can be
aggregated between different parts of the ALT.

3. Number of connections between different parts of the ALT. Trade-
offs will need to be made among resilience, performance, and
placement of aggregation boundaries.

4. EID prefix portability between competing operators of the ALT
infrastructure. A significant benefit for an end-site to adopt
LISP is the availability of EID space that is not tied to a
specific connectivity provider; it is important to ensure that an
end site doesn't trade lock-in to a connectivity provider for
lock-in to a provider of its EID assignment, ALT connectivity, or
Map Server facilities.

This is, by no means, and exhaustive list.

While resolving these issues is beyond the scope of this document,
the authors recommend that existing distributed resource structures,
such as the IANA/Regional Internet Registries and the ICANN/Domain
Registrar, be carefully considered when designing and deploying the
ALT infrastructure.

8. Connecting sites to the ALT network

9.1.

8.1. ETRs originating information into the ALT

EID prefix

EID-prefix information is originated into the ALT by two three different
mechanisms:

eBGP: An ETR usually participates

Map Server: In most cases, a site will configure its ETR(s) to
register with one or more Map Servers (see [LISP-MS]), and does
not participate directly in the ALT.

BGP: For a site requiring complex control over their EID-prefix
origination into the ALT, an ETR may connect to the LISP+ALT
overlay network by running eBGP BGP to one or more LISP+ALT router(s) ALT Router(s) over
tunnel(s). The ETR advertises reachability for its EID prefixes EID-prefixes
over these
eBGP BGP connection(s). The LISP+ALT router(s) edge ALT Router(s) that
receive(s) these prefixes then propagate(s) them into the ALT.
Here the ETR is simply an eBGP BGP peer of LISP+ALT router(s) ALT Router(s) at the edge of
the ALT. Where possible, a LISP+ALT router an ALT Router that receives EID prefixes EID-prefixes
from an ETR via eBGP BGP should aggregate that information.

Configuration: One or more LISP+ALT router(s) ALT Router(s) may be configured to
originate an EID prefix EID-prefix on behalf of the non-BGP-speaking ETR that
is authoritative for a prefix. As in the case above, the ETR is
connected to LISP+ALT router(s) ALT Router(s) using GRE tunnel(s) but rather than BGP
being used, the LISP+ALT router(s) ALT Router(s) are configured with what are in
effect "static routes" for the EID prefixes EID-prefixes "owned" by the ETR.
The GRE tunnel is used to route Map-Requests to the ETR.
Note that the LISP+ALT router could also serve as a proxy for its
TCP-connected ETRs.

Note: in both all cases, an ETR may have connections register to multiple Map Servers or
connect to multiple
LISP+ALT routers ALT Routers for the following reasons:

* redundancy, so that a particular ETR is still reachable through
the ALT even if
one path or tunnel is unavailable.

* to connect to different parts of the ALT hierarchy if the ETR
"owns" multiple EID-to-RLOC mappings for EID prefixes EID-prefixes that
cannot be aggregated by the same LISP+ALT router ALT Router (i.e. are not
topologically "close" to each other in the ALT).

9.2.

8.2. ITRs Using the ALT

In order to source Map-Requests to the ALT or common configuration, an ITR does not need to route a Data Probe
packet over know anything
about the ALT, each ITR participating in the ALT establishes a
connection since it sends Map-Requests to one or more LISP+ALT routers. These connections can be
either eBGP or TCP (as described above).

In the case in which the ITR of its configured
Map-Resolvers (see [LISP-MS]). There are two exceptional cases:

Static default: If a Map Resolver is running eBGP, the peer LISP+ALT
routers use these connections to advertise highly aggregated EID-
prefixes to the peer ITRs. The not available but an ITR then installs the received
prefixes into a forwarding table that is used to to send LISP Map-
Requests
adjacent to an ALT Router (either over a common subnet or through
the appropriate LISP+ALT router. In most cases, use of a LISP+ tunnel), it can use an ALT router will send a default mapping Default Route route to its client ITRs so
cause all ALT Datagrams to be sent that
they can send request for any EID prefix into the ALT.

In the ALT Router. This case in which the ITR is connected
expected to some set of LISP+ALT
routers without eBGP, the ITR sends Map-Requests be rare.

Connection to any ALT: A site with complex Internet connectivity needs
may need more fine-grained distinction between traffic to LISP-
capable and non-LISP-capable sites. Such a site may configure
each of its
connected LISP+ALT routers.

An ITR may also choose ITRs to send the first few data packets over the
ALT connect directly to minimize packet loss the ALT, using a tunnel
and reduce mapping latency. BGP connection. In this case, the data packet serves as a mapping probe (Data Probe) and the
ETR which receives the data packet (over the ALT) responds with a
Map-Reply is sent ITR will receive EID-prefix
routes from its BGP connection to the ITR's source-RLOC using ALT Router and will LISP-
encapsulate and send ALT Datagrams through the underlying
topology. Note tunnel to the ALT
Router. Traffic to other destinations may be forwarded (without
LISP encapsulation) to non-LISP next-hop routers that the use of Data Probes is discouraged at this
time (see Section 4.3). ITR
knows.

In general, an ITR will establish connections that connects to the ALT does so only to LISP+ALT
routers to ALT
Routers at the "edge" of the ALT (typically two for redundancy) but
there may also redundancy).
There may, though, be situations where an ITR would connect to
other
LISP+ALT routers ALT Routers to receive additional, shorter path information
about a portion of the ALT of interest to it. This can be
accomplished by establishing GRE tunnels between the ITR and the
set of LISP+ALT routers ALT Routers with the additional information. This is a
purely local policy issue between the ITR and the LISP+ALT routers ALT Routers in
question.

10.

As described in [LISP-MS], Map-Resolvers do not accept or forward
Data Probes; in the rare scenario that an ITR does support and
originate Data Probes, it must do so using one of the exceptional
configurations described above. Note that the use of Data Probes is
discouraged at this time (see Section 3.3).

9. IANA Considerations

This document makes no request of the IANA.

11.

10. Security Considerations

LISP+ALT shares many of the security characteristics of BGP. Its
security mechanisms are comprised of existing technologies in wide
operational use today. Securing LISP+ALT is much simpler than today, so securing BGP.

Compared to BGP, LISP+ALT routers are not topologically bound,
allowing them to the ALT should be put in locations away from mostly a matter
of applying the vulnerable AS
border (unlike eBGP speakers).

11.1. same technology that is used to secure the BGP-based
global routing system (see Section 10.3 below).

10.1. Apparent LISP+ALT Vulnerabilities

This section briefly lists of the apparent known potential vulnerabilities of LISP+
ALT.
LISP+ALT.

Mapping Integrity: Can an attacker insert bogus mappings to black-
hole (create a DoS) Denial-of-Service, or DoS attack) or intercept LISP
data-plane packets?

LISP+ALT router

ALT Router Availability: Can an attacker DoS the LISP+ALT
routers ALT Routers
connected to a given ETR? without access to If a site's ETR cannot advertise its
EID-to-RLOC mappings,
a the site is essentially unavailable.

ITR Mapping/Resources: Can an attacker force an ITR or LISP+ALT
router ALT Router to
drop legitimate mapping requests by flooding it with random
destinations that for which it will have to query for. generate large numbers of Map-
Requests and fill its mapping cache? Further study is required to
see the impact of admission control on the overlay network.

EID Map-Request Exploits for Reconnaissance: Can an attacker learn
about a LISP destination sites' site's TE policy by sending legitimate mapping
requests messages and then observing the RLOC mapping replies? Is this
information useful in attacking or subverting peer relationships?
Note that any public LISP 1.0 has a mapping database will have similar data-plane data-
plane reconnaissance issue.

Scaling of LISP+ALT router ALT Router Resources: Paths through the ALT may be of
lesser bandwidth than more "direct" paths; this may make them more
prone to high-volume denial-of-service attacks. For this reason,
all components of the ALT (ETRs and ALT routers) Routers) should be
prepared to rate-limit traffic (ALT datagrams) Datagrams) that could be
received across the ALT.

UDP Map-Reply from ETR: Since Map-Replies packets are sent directly from the
ETR to the ITR's RLOC, ITR's RLOC, the ITR's RLOC may be vulnerable to various
types of DoS attacks (this is a general property of LISP, not an
LISP+ALT vulnerability).

More-specific prefix leakage: Because EID-prefixes on the ALT are
expected to be fairly well-aggregated and EID-prefixes propagated
out to the global Internet (see [LISP-IW] much more so, accidental
leaking or malicious advertisement of an EID-prefix into the ITR's RLOC may
global routing system could cause traffic redirection away from a
LISP site. This is not really a new problem, though, and its
solution can only be vulnerable
to various types of DoS attacks.

11.2. achieved by much more strict prefix filtering
and authentication on the global routing system.

10.2. Survey of LISP+ALT Security Mechanisms

Explicit peering: The devices themselves can both prioritize
incoming packets packets, as well as potentially do key checks in hardware
to protect the control plane.

Use of TCP to connect elements: This makes it difficult for third
parties to inject packets.

Use of HMAC Protected TCP BGP/TCP Connections: HMAC is used to verify
message integrity and authenticity, making it nearly impossible
for third party devices to either insert or modify messages.

Message Sequence Numbers and Nonce Values in Messages: This allows
for devices
an ITR to verify that the mapping-reply packet was Map-Reply from an ETR is in response to the mapping-request
a Map-Request originated by that they sent.

11.3. Using existing ITR (this is a general property
of LISP; LISP+ALT does not change this behavior).

10.3. Use of new IETF standard BGP Security mechanisms

LISP+ALT's use of BGP allows for the ALT to take advantage of BGP
security features designed for existing Internet BGP use.

For example, should either sBGP S-BGP [I-D.murphy-bgp-secr] or soBGP
[I-D.white-sobgparchitecture] become widely deployed it expected that
LISP+ALT could use these mechanisms to provide authentication of EID-
to-RLOC mappings, and EID origination.

12.

11. Acknowledgments

Many

The authors would like to specially thank J. Noel Chiappa who was a
key contributer to the design of the LISP-CONS mapping database (many
ideas described in this document were developed during
detailed discussions with Scott Brim from which made their way into LISP+ALT) and Darrel Lewis, who made many
insightful comments on earlier versions of this document. Additional
thanks are due has continued
to provide invaluable insight as the LISP effort has evolved. Others
who have provided valuable contributions include John Zwiebel, Hannu Flinck and
Flinck, Amit Jain who offered many helpful
suggestions for the -02 version.

13. Jain, John Scudder, and Scott Brim.

12. References

13.1.

12.1. Normative References

[RFC2119] Bradner, S., "Key words for use

[LISP] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis,
"Locator/ID Separation Protocol (LISP)",
draft-ietf-lisp-06.txt (work in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. progress), January 2010.

[LISP-MS] Fuller, V. and D. Farinacci, "LISP Map Server",
draft-ietf-lisp-ms-04.txt (work in progress),
October 2009.

[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
March 2000.

[RFC2858] Bates, T., Rekhter, Y., Chandra, R., and D. Katz,
"Multiprotocol Extensions for BGP-4", RFC 2858, June 2000.

[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
Protocol 4 (BGP-4)", RFC 4271, January 2006.

[RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing
(CIDR): The Internet Address Assignment and Aggregation
Plan", BCP 122, RFC 4632, August 2006.

13.2.

[RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter,
"Multiprotocol Extensions for BGP-4", RFC 4760,
January 2007.

12.2. Informative References

[I-D.murphy-bgp-secr]
Murphy, S., "BGP Security Analysis",
draft-murphy-bgp-secr-04 (work in progress),
November 2001.

[I-D.white-sobgparchitecture]
White, R., "Architecture and Deployment Considerations for
Secure Origin BGP (soBGP)",
draft-white-sobgparchitecture-00 (work in progress),
May 2004.

[Interworking]

[LISP-IW] Lewis, D., Meyer, D., Farinacci, D., and V. Fuller,
"Interworking LISP with IPv4 and ipv6",
draft-ietf-lisp-interworking-01.txt (work in progress),
January 2010.

[LISP] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis,
"Locator/ID Separation Protocol (LISP)",
draft-ietf-lisp-06.txt
draft-ietf-lisp-interworking-02.txt (work in progress), January
February 2010.

[LISP-MS] Fuller, V. and D. Farinacci, "LISP Map Server",
draft-ietf-lisp-ms-04.txt (work in progress),
October 2009.

Authors' Addresses

Vince Fuller
Cisco
Tasman Drive
San Jose, CA 95134
USA

Email: vaf@cisco.com

Dino Farinacci
Cisco
Tasman Drive
San Jose, CA 95134
USA

Email: dino@cisco.com

Dave Meyer
Cisco
Tasman Drive
San Jose, CA 95134
USA

Email: dmm@cisco.com

Darrel Lewis
Cisco
Tasman Drive
San Jose, CA 95134
USA

Email: darlewis@cisco.com