EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USSecure DataPlane Bringup
Secure DataPlane Bringup
Once all the Viptela device are available and are part of Overlay network , DTLS tunnels are created between all the Viptela Devices and over which Control plane information is shared. For data traffic separate One to one IPsec tunnel is formed between each vEdge device and data are sent via proper encryption method.
A overview of the DTLS and IPsec Tunnel are shown in below figure.
Centralized Encryption Key Distribution
In order to make the secure data plane, following Key distribution is done between vEdge router and vSmart Controller.
- Each vEdge advertises its own AES256 IPSec encryption key in control plane updates
- IPSec encryption keys are distributed by the vSmart Controllers
- IPSec encryption keys are frequently rotated (default 2h)
Traffic Encryption Data Privacy
Each site vEdge Router has another Site Remote IPsec Key listed, and as soon as IPsec Tunnel is created, data is encrypted by remote IPSec Key based on site and is sent over tunnel.
Following keys are used for encryption:
- Strong IPSec AES256 ESPv3 encryption
- Symmetric keys used asymmetrically
- HMAC SHA-1 hashing
Over tunnel, it send Bi-directionally echoes liveliness messages. Detects loss, latency, jitter and max-MTU for the IPSec tunnels between all vEdge routers. Helps make forwarding decisions based on actual underlying transport performance.
Tunnel Liveliness Detection
BFD packets are bi-directionally echoed between two vEdge’s
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.