Identifier Locator Separation

What Is Identifier-Locator Separation?

Identifier-locator separation is a networking architecture principle that divides the two semantic roles of an IP address into distinct namespaces: one for identifying an endpoint (who or what it is) and one for locating it (where it is currently attached to the network). In the conventional IPv4 and IPv6 address model, a single address simultaneously serves both functions, and this dual role creates difficulties for mobility, multihoming, and scalable global routing. When a device changes its network attachment point, its IP address changes, which breaks open transport-layer sessions and complicates route aggregation in the global routing table. Identifier-locator separation resolves this by assigning endpoints stable identifiers that persist across location changes, while routing operates on separately managed locators tied to current attachment points.

The problem was recognized in early internet engineering work. RFC 814, published in 1982, distinguished between names, addresses, and routes as conceptually separate concerns. Decades of routing table growth and the rise of mobile computing brought renewed urgency, leading to two major protocol approaches: the Locator/ID Separation Protocol (LISP) and the Host Identity Protocol (HIP).

The Locator/ID Separation Protocol

LISP, standardized by the IETF in RFC 9300, defines two address spaces: Endpoint Identifiers (EIDs), which identify end hosts independent of their topological location, and Routing Locators (RLOCs), which are topologically assigned addresses used for routing traffic through the internet core. LISP-capable routers called Ingress Tunnel Routers (ITRs) and Egress Tunnel Routers (ETRs) encapsulate packets at the network edge, looking up the current RLOC for a destination EID from a distributed mapping system. This overlay approach is incrementally deployable: neither end hosts nor core routers need modification, because the encapsulation and mapping resolution are handled at the LISP-enabled edges. LISP supports flexible traffic engineering by associating multiple RLOCs with a single EID prefix, each with priority and weight values for load balancing and failover.

The Host Identity Protocol

HIP, defined in RFC 7401, takes a different approach by introducing a new namespace at the host layer based on public key cryptography. Each host generates a public/private key pair; the public key, called the Host Identity (HI), is hashed to produce a Host Identity Tag (HIT), a 128-bit value that serves as the stable endpoint identifier. Transport-layer connections (TCP, UDP) bind to HITs rather than IP addresses, so a device can change its IP address (locator) without interrupting application sessions. The cryptographic basis of HITs provides built-in identity verification and resistance to address spoofing. HIP operates below the transport layer, making it largely transparent to applications, though it does require host-level implementation, unlike LISP's edge-router approach.

Benefits and Deployment Considerations

Both LISP and HIP address the same fundamental tension in IP addressing: the global routing table grows because every multihomed or mobile site requires distinct address prefixes to be advertised. By separating the routing locator from the endpoint identifier, LISP allows provider-independent addressing without injecting new prefixes into the global routing system, reducing routing table growth. HIP provides uninterrupted mobility and session continuity for individual hosts, keeping TCP connections alive across IP address changes, at the cost of a new protocol layer at endpoints. RFC 9299, the architectural introduction to LISP, identifies four foundational principles underlying the design: locator/identifier separation, an overlay architecture, decoupled data and control planes, and incremental deployability. Neither approach has achieved universal internet-wide deployment, but LISP is widely used in enterprise software-defined networking and cloud data center fabrics, while HIP has seen deployment in research networks and specific military communications systems.

Applications

Identifier-locator separation has applications in a range of fields, including:

  • Mobile network handover and session continuity across attachment points
  • Enterprise multihoming without global routing table expansion
  • Software-defined wide-area networking (SD-WAN) and cloud interconnect
  • Internet of Things device mobility and persistent addressing
  • Secure endpoint identification and anti-spoofing in military networks
Loading…