Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 16: OVERLAY TUNNELS (IPSEC VPNs (Site-to-Site VPN (Site-to-Site…
CHAPTER 16:
OVERLAY TUNNELS
Generic Routing Encapsulation (GRE)
Protocol 47
Encapsulation Overhead: 24-bytes (without IPSec)
Recursive Routing: Destination learned over tunnel itself
IPSec
Packet Headers
Authentication Header (AH)
Protocol 51
Doesn't support encryption or NAT-T
Encapsulation Security Payload (ESP)
Protocol 50
Transport Modes
Transport Mode (Encrypts the payload)
Tunnel Mode (Encrypts the entire packet)
Encryption
Data Encryption Standard (DES) (56-bit)
Triple DES (3DES) (56-bit)
Advanced Encryption Standard (AES) :check:
Authentication HASH
Message Digest (MD5) (128-bit)
Secure Hash Algorithm (SHA) (160-bit)
Key Exchange Protocol
Diffie-Hellman (DH) Groups
Authentication
RSA Signatures
Pre-Shared Key
Transform Sets
AH
ah-md5-hmac
ah-sha-mac
ah-sha256-hmac
ah-sha384-hmac
ah-sha512-hmac
ESP
Encryption
esp-aes
esp-aes192
esp-aes256
esp-des
esp-3des
Authentication
esp-md5-hmac
esp-sha-hmac
Internet Key Exchange
IKEv1
Phase 1
Main Mode
Aggresive Mode
Phase 2
Quick Mode
IKEv2
Exchanges
IKE_SA_INIT
IKE_AUTH
CREATE_CHILD_SA
IPSEC VPNs
DMVPN
Site-to-Site VPN
Site-to-Site GRE over IPSec
Site-to-Site static VTI over IPSec
GET-VPN
FlexVPN
Remote Accses VPN
Cisco Location/ID Separation Protocol (LISP)
Operation
Map Reply (ETR -> ITR) UDP 4342
Map Request (ITR -> MR -> MS -> ETR) UDP 4342
Map Notify (MS->ETR) UDP 4342
Map Registration (ETR->MS)
Proxy LISP Routers
PITR
non-LISP to LISP
PETR
LISP to non-LISP
Negative Map
Architecture
LISP Data-Plane
IP-in-IP/UD Header
RFC 6830
LISP Control-Plane
MR: Map Resolver
MS: Map Server
Routing Architecture
RLOC: Routing Locator
EID: Endpoint Identifier
VXLAN
MAC-in-IP/UDP Tunneling
UDP 4789, UDP 8472 (Linux)
24-bit VXLAN Network Identifier
Virtual Tunnel Endpoints (VTE)
Local LAN Interface
IP Interface
Request/Response Pairs