• Tidak ada hasil yang ditemukan

Local security breakout pdf

N/A
N/A
Info
Unduh - Bebas
advertronics systems

Academic year: 2023

Membagikan "Local security breakout pdf"

Copied!
16
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 16 Halaman )

Teks penuh

(1)

Local security breakout

cont

(2)

vEdge router bringup

Only one peer per OMP session

(3)

Show control connections from the WAN Edge router

- Two control connections

- Only one omp peer

OMP Routes

(4)

OMP update

(5)

Let’s look at an example

OMP peers for E32

(6)

TLOC

TLOC {10.4.0.1, private1, ipsec}

IPSec Tunnel established

(7)

Route Selection

TLOC {System-ip,color,encp-IPSec}

Service VPN – data, voice, partners, Service VPNS (1 to 65530 except 512) Site IDs: 1 to 2^32

Security levels (0 and 100) - internet 0, internal 100, external – 40

Intent-based networking – applications can request for network resources

ISR – integrated services routers – (SD-WAN services + more – cloud computing, security) – small/medium size branches

ASR – Aggregation Service routers – (SD-WAN services) – large branches and DC CSR – Cloud Service Routers – implement virtualized environment

Nat traversal Sdwan

vEdge, vSmart, vManage, vAnalytics, vBond – nat traversal

Ip nat tanslations

Color – identifying connection for each transport type – MPLS and 5G OMP routes

3 routes – vRoute, TLOCs, Service Route (Service Insertion – process service chaining ) SDWAN node

- System-IP - Site-ID

Multiprotocol BGP or MPBGP (because of RD an RT)

(8)
(9)

Security levels

Application

(10)

Example of route leaking

(11)

0 and 0 = 0 1 XOR 0 = 1 x XOR 1 = 0 Stream cipher

Block cipher

Martin --- 001010010101110 Symmetric Encryption

- Uses same key to encrypt and decrypt the data

- Safer than stream, fast, uses less computing resources con: single point of attack (same key) Asymmetric Encryption

- Two different sets of keys: public and private - Public is known by everyone

- Private is unkown to everyone and not shared - When sending data encypt using public key

- When receiving you only use your private key to decrypt

(12)

Martin --- Martin Cipher amtinr Martin - 001000100111000

Stream cipher – encryption bit by bit – fast, uses less computing resources con: is not very secure Block cipher -

Asymmetric Encryption

(13)

Public key cryptography

Pros: securest –the best con: slow and computing-intensive e.g. RSA algorithm

(14)

SDWAN Hybrid

1. Use Asymmetric algorithm to share key (one off event) – vBond-vEdge 2. Actual data symmetric (regular event) vEdge - vEdge

Aspects of ipsec

1. Confidentiality – by encryption

2. Integrity – hashing algorithms (MD5, SHA)

IKE protocol – brings these security protcols to gether to create a secure IP tunnel (IPSec) Has two phases:

1. Phase: - authentication and exchange keys Use Asymmetric Algorithms e.g. RSA, DH

End of this phase – IKE Security Association Tunnel (IKE SA tunnel) 2. Follows phase 1

Exchanging encypted data – fast and less computing load Use symmetric algorithms e.g. AES, 3DES, DES

End of this phase – IPSec Security Association tunnel (IPSec SA)

1. Confidentiality 2. Integrity 3. Authentication 4. Anti-replay

Control elements – vBond, vManage, vSmart, vAnalytics

IPSEC IKE Phases

(15)

Control plane – we pass OMP control messages(vSmart), authentication configurations(vManage), Performances (vAnalytics)vEdge (vBond),

Single Tenancy management headache

(16)

Multi-tenant

Referensi

Unduh sekarang ( DOCX - 16 Halaman - 1.60 MB )

Dokumen terkait