Upload
dodat
View
310
Download
5
Embed Size (px)
Citation preview
Introduction to WAN MACsec and Encryption
PositioningCraig Hill – Distinguished SE
Stephen Orr – Distinguished SE
BRKRST-2309
Craig Hill
Distinguished System Engineer
US Federal - Public Sector
CCIE #1628
Stephen Orr
Distinguished System Engineer
US Public Sector
CCIE #12126
Session Presenters
What we hope to Achieve in this session:
• Understanding that data transfer requirements are exceeding what IPSec can deliver
• Introduce you to new encryption options evolving that will offer alternative solutions to meet application demands
• Enable you to understand what is available, when and how to position what solution
• Understand the right tool in the tool bag to meet encryption requirements
• Understand the pros/cons and key drivers for positioning an encryption solution
• What key capabilities drive the selection of an encryption technology
Session Assumptions and Disclaimers
• Intermediate understanding of Cisco Site-to-Site Encryption Technologies
• Static IPSec
• DMVPN
• GETVPN
• FlexVPN
• Intermediate understanding of Ethernet, VLANs, 802.1Q tagging
• Intermediate understanding of WAN design, IP routing topologies, peering vs. overlay
• Basic understanding of optical transport and impact of OSI model on various layers (L0 – L3) of network designs
• Many 2 hour breakout sessions will focus strictly on areas this presentation touches on briefly (we will provide references to those sessions)
• Introduction
• Cisco’s Next Generation Encryption Initiative
• Understanding Service Provider Transport options
• WAN Encryption Options Existing Today
• Introduction to MACSec
• WAN MACSec Deployment Deep Dive and Use Cases
• Putting it all together… Key Decision Criteria for Designs and Positioning
• Solution Roadmap
Agenda
Cryptography
The Universal Security Feature
Crytography is embedded in all of Cisco’s products
Cryptography is critical to every solution and market
Vital to Cybersecurity efforts within all of our customers
How is Cryptography Deployed Today
Authentication
• TLS based Protocols
• EAP-TLS
• PEAP
• EAP-FAST
• Hashing
• SHA1
• SHA256/384/512
• Digital Signatures
• Key Negotiation
Privacy/Confidentiality
• IPSec
• SRTP
• DTLS
• SSL
• 802.1AE
• 802.11i (802.11-2012)
• Radius Key-Wrap
Management
• SSH
• sFTP
• SCP
• HTTPS
• FTPs
802.11i WPA2 Wireless Security
Application
Presentation
Session
Transport
Network
Link
Physical
802.11i
Defense in Depth
IPsec802.11i
MACsecTLS SRTP
Application
Presentation
Session
Transport
Network
Link
Physical
SSH
Security Briefings & Training
What is Next Generation Encryption (NGE)?
• New/Upgraded algorithms, key sizes, protocols and entropy
• Compatible with existing security architectures,
Cryptographic Technologies
• Algorithm efficiency enabling increased security
• Scales well to high/low throughput
Secure and Efficient
• Suite B (US)
• FIPS-140 (US/Canada)
• NATO
Compatible with Government Standards
Next Generation Encryption… Why its important?
• Crypto moves in 10 year investment waves / cycles– starting with Governments, Financials etc
• The Explosion of Mobile Devices (BYOD)• Low power Endpoint evolution driving need for more efficient, stronger crypto
• Higher data throughputs driving scalability needs• Current cryptographic implementations WILL NOT scale to 10G, 40G and 100G
• Vulnerabilities and threats continue to change, and hackers are becoming more skilled and funded
Next Generation Encryption: Why it’s Needed…
• Cryptography is a fundamental underpinning of nearly all security products, solutions, and architectures
• Cisco has increased the R&D and innovation focus on Security portfolio
• NGE is the strongest, most efficient commercial cryptography
• Leverages standards-based solutions
• Elliptic Curve, AES-GCM, etc…
• Networking Technologies Continue to evolve:
• Ethernet (10/100Mb,1G,10G, 40G, 100G…)
• Wi-Fi (11, 54, 150, 300, 450, etc… )
• Cryptography (3DES, AES-CBC, AES-GCM)
Next Generation Encryption Protocol Suite – New Ciphers
Key Establishment ECDH-P256/384/521
Digital Signatures ECDSA-P256/384/521
Hashing SHA-256/384/512
Authenticated Encryption AES-128/256-GCM
Authentication HMAC-SHA-256/384/512
Entropy SP800-90
What is Suite B?
“Suite B” is not a protocol – but a profile for consistent security when using multiple cryptographically strong protocols.
WHY Suite B?
• Enables government customers to adhere to stronger consistent security requirements
• Suite B offers the best technologies for future-proof cryptography, setting the trend for the industry
• Eliminates the “mix and match” selection of protocols and key lengths.
The following documents provide guidance for using Suite B cryptography with internet protocols:
IPsec using the Internet Key Exchange Version 2 (IKEv2): "Suite B Profile for Internet Protocol Security (IPsec)," RFC 6380SSH: "Suite B Cryptographic Suites for Secure Shell (SSH),” RFC 6239TLS: "Suite B Profile for Transport Layer Security (TLS)," RFC 6460Enrollment over Secure Transport," RFC 7030S/MIME: "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)," RFC 6318
Next Generation Encryption vs Suite B
Encryption
Data Authentication
Key Establishment
Signatures
Hashing
AES-128-
GCMECDH-P256 SHA-256ECDSA-P256
AES-256-GCM
ECDH-P384 SHA-384ECDSA-P384
ECDH-P521 SHA-512ECDSA-
P521
AES-192-GCM
Suite B
mLoS 128
Suite B
mLoS 192
NGE Enabled Encryption Architectures:Available Today
Remote
Access VPNs
ASA Firewall
CSM / ASDM
Sp
ok
e-3
. .
.
Site to Site,
DMVPN, and
FlexVPN
GM
1
GM2
GM3GM4
GM5
GM6
GM7GM8
GM9KS
GETVPN
&^*RTW#(*J^*&*sd#J$%UJ&(
802.1X
Supplicant
with
MACSec
Guest User
MACSec
Capable
Devices
&^*RTW#(*J^*&*sd#J$%UJWD
&(
Data sent in clear
MACSec Link
Encrypt DecryptAuthenticated
User
MACSec
© 2013 Cisco and/or its affiliates. All rights reserved.
Add Strong Encryption: Branch to HQ Suite-B Support
• Communications and IT infrastructures must be
defended against cyber attacks and exploitation
• Attackers are persistent and well funded
• Computing advances are driving a move to
higher cryptographic strengths
• Future-ready: Meets security and scalability requirements for 20 years
• Efficiency and scale: Hardware crypto acceleration
Threat Landscape Is Changing
ISR and ASR1K Platforms
Cisco
Suite-B
Old Encryption
Hazards
Commodity
Routers
DH,
RSASignificant Risk
RSA Significant Risk
MD5,
SHA1Collision Attacks
AES,
3DES1GB Encryption Limit
HMAC-
MD5Theoretical Weaknesses
Entropy Significant Risk
TLS1.0,
IKEv1
Known Flaws, Lack of
Authenticated EncryptionIKEv2
Today’s WAN Transport Catalog
Transport
Layer
Transport Offerings Connectivity
Layer 3MPLS IP VPN
Any to AnyInternet / Broadband
Layer 2 Ethernet (E-LINE, E-LAN)
Point to Point
Point to Multipoint
Multipoint to Multipoint
Layer 0 / 1OTN, SONET
Point to PointDWDM / Dark Fiber
Other L3: Carrier Supporting Carrier, IP SatCom
Other L2: ATM/FR, Ethernet/E-TREE, L2 SatCom
Other L1: T1/E1, T3/ E3, DSx, OC-3/12/48/192
Layer 3 - Provider Offered Transport OptionsSP Offered IP VPN Service (Layer 3 Service) - Customer owns CE
SP Managed “IP VPN” Service
L3 VPN
Service
ProviderSite 2
Site 3
Site1
IP Routing Peer
(BGP, Static, IGP)
PE PE
CE
CE
CE
SP Managed Domain
• CE Routers owned by customer
• PE Routers owned by SP
• Customer “peers” to “PE” via IP
• No labels are exchanged with SP PE
• No end-to-end visibility of other CE’s
• Route exchange with SP done via eBGP/static
• Customer relies on SP to advertise their internal routes to all CE’s in the VPN for reachability
• SP can offer multiple services: QoS, multicast, IPv6
Customer
Managed Domain
Customer
Managed Domain
* No Labels Are Exchanged with the SP
Layer 3 “IP VPN” Transport Services
Layer 2 - Provider Offered Transport Options VPN
Service (Layer 3 Service) - Customer owns CE
SP Managed “Ethernet” Service
Ethernet
Service
ProviderSite 2
Site 3
Site 1
IP Routing Peer
(BGP, Static, IGP)
Ethernet
PECE
CE
CE
SP Managed Domain
Ethernet Service
• CE Routers owned by customer
• PE Routers owned by SP
• Customer “peers” to own “CE” via IP
• IP Route exchange done through the SP Ethernet service (not to it)
• SP is nothing more than Ethernet (L2) “wire” transport
• All IP (v4/v6, OSPF/EIGRP, MPLS, etc…) transparent to service Customer
Managed Domain
Customer
Managed Domain
Layer 2 “Ethernet” Transport Services
Same IP characteristics that apply to Ethernet, also apply to Optical/DWDM, ATM/FR, SONET/SDH, and T1/T3 Services
Ethernet
PE
Layer 0/1 - Provider Offered Transport OptionsOffered IP
VPN Service (Layer 3 Service) - Customer owns CE
SP Managed “Optical” Service
Optical
TransportSite 2
Site 3
Site 1
IP Routing Peer
(BGP, Static, IGP)
Optical
Mux
CE
CE
CE
SP Managed Domain
Optical Service
• CE Routers owned by customer
• Optical Mux owned by SP (or customer)
• Customer “peers” to own “CE” via IP
• IP Route exchange done through the SP optical service (not to it)
• SP is nothing more than Optical “wire” transport for “CE to CE” traffic
• All IP (v4/v6, OSPF/EIGRP, MPLS, etc…) transparent to service
Customer
Managed Domain
Customer
Managed Domain
Layer 0/1 “Optical” Transport Services
Typical Optical offerings include: dark fiber, or lambda service
Optical
Mux
Today’s WAN Transport Catalog + Encryption
Transport
Layer
Transport
Offerings
Connectivity Network
Topologies
Layer 3
MPLS IP VPN
Any to Any • Point-to-Point
• Full Mesh
• Partial Mesh
• Hub/Spoke
• Multi-tier
• Hybrid
(combination of
any)
Internet /
Broadband
Layer 2Ethernet (E-LINE,
E-LAN)
Point to Point
Point to Multipoint
Multipoint to Multipoint
Layer 0 / 1OTN, SONET
Point to PointDWDM
Today’s WAN Transport Catalog + Encryption
Transport
Layer
Transport
Offerings
Connectivity Network
Topologies
Encryption Criteria
Layer 3
MPLS IP VPN
Any to Any • Point-to-Point
• Full Mesh
• Partial Mesh
• Hub/Spoke
• Multi-tier
• Hybrid
(combination of
any)
Available Options?
Evaluation criteria ?
Recent Innovations?
Impact of choice via:
- Transport ?
- Connectivity ?
- Performance ?
- Topology ?
Internet /
Broadband
Layer 2Ethernet (E-LINE,
E-LAN)
Point to Point
Point to Multipoint
Multipoint to Multipoint
Layer 0 / 1OTN, SONET
Point to PointDWDM
Goal of this session
Cryptography
Building Blocks
Key Negotiation
Encryption
Needs Secure Communications over Insecure Channel
VPN Tunnel
Encryption
Algorithms
and Standards
Hash
Algorithms
Tunneling
Technology
What is a VPN?
A B
Proposals ProposalsKey Generation
Key Management
Security Association
Internet/Private WAN
What is Dynamic Multipoint VPN?
DMVPN is a Cisco IOS software solution
for building IPsec+GRE VPNs in an
easy, dynamic and scalable manner
Configuration reduction and no-touch deployment
Dynamic spoke-spoke tunnels for partial/full mesh scaling
Can be used without IPsec Encryption (optional)
Wide variety of network designs and options
Over-the-Top WAN Design WithDynamic Multipoint VPN (DMVPN)
• Branch spoke sites establish an IPsec tunnel to and register with the hub site
• Only the WAN IP addresses need to be known by the WAN transport• WAN interface IP address can be used for the tunnel source address
• IP routing exchanges prefix information for each site
• BGP or EIGRP are typically used for scalability
• Data traffic flows over the DMVPN tunnels
• When traffic flows between spoke sites, the hub assists the spokes to establish a site-to-site tunnel
• Per-tunnel QOS is applied to prevent hub site oversubscription to spoke sites
Branch 2
Traditional Static Tunnels
DMVPN On-Demand Tunnels
Static Known IP Addresses
Dynamic Unknown IP Addresses
ISR G2
Branch 1
Hub
IPsec
VPN
Branch n
SECURE ON-DEMAND TUNNELS
ASR 1000
ISR G2ISR G2
Flexible Secure WAN Design Over Any TransportDynamic Multipoint VPN (DMVPN)
Simplifies WANDesign
Dynamic Full-Meshed Connectivity
Proven RobustSecurity
SecureFlexible
• Easy multi-homing over any carrier
service offering
• Single routing control plane with
minimal peering to the provider
• Consistent design over all transports
• Automatic site-to-site IPsec tunnels
• Zero-touch hub configuration for
new spokes
• Certified crypto and firewall for
compliance
• Scalable design with high-
performance cryptography in
hardware
ISR-G2
WAN
Internet
MPLSASR 1000
ASR 1000
Transport-Independent
Data CenterBranch
Network Designs – When to deploy
Hub and spoke Spoke-to-spoke
Server Load Balancing Hierarchical
VRF-lite
2547oDMVPN
Spoke-to-hub tunnels
Spoke-to-spoke tunnels
2547oDMVPN tunnels
What is FlexVPN?Overview
• VPN solution that combines site-to-site, remote-access, hub-spoke and spoke-spoke topologies
• Utilizes IKEv2 (only) for performing mutual authentication and establishing and maintaining Security Associations (SAs)
• FlexVPN combines multiple frameworks into a single, comprehensive set of CLI and binds it together offering more flexibility and a means to extend functionality in the future
• FlexVPN offers a simple but modular framework that extensively uses the tunnel interface paradigm
Benefits of FlexVPN
• You can run Flex along all your previous IPsec VPNs
• Based on IKEv2 and can distribute routes via IKEv2
• Using GRE over IPsec or VTI as encapsulation
• Utilizing virtual interfaces - allowing per-spoke features like firewall, QoS, ACLs, etc
• Remote access server and client (software and hardware)
• Dynamic spoke to spoke tunnels
• Ease of configuration by using built-in defaults
When To Use It?
Customer desires to build site-to-site, remote-access, hub-spoke and spoke-spoke topologies utilizing a unified CLI
Large Scale deployment (of spoke to spoke and hub and spoke)
Customer wishes to reduce learning curve of implementing multiple different types of VPN connectivity
Customer requires IKEv2 features
• One VPN to develop and position
• Everything works – Simplify Deployment and Operation
FlexVPN Unifies!
48
What is Group Encrypted Transport (GET) VPN?
Cisco GET VPN delivers a revolutionary solution for tunnel-less, any-to-any branch confidential communications
• Large-scale any-to-any encrypted communications
• Native routing without tunnel overlay
• Native Multicast support -improves application performance
• Transport agnostic - private LAN/WAN, FR/ATM, IP, MPLS
Any-to-Any Connectivity
Real TimeScalable
Any-to-AnyConnectivity
Cisco GET
VPN
Header PreservationIPSec Tunnel Mode vs. GETVPN
IP Packet
IP PayloadIP HeaderIPSecTunnel Mode
ESPNew IP Header
IP PayloadIP Header
IPSec header inserted by VPN Gateway New IP Address requires overlay routing
IP Packet
IP PayloadIP HeaderESPPreserved HeaderGETVPN
IP PayloadIP Header
IP header preserved by VPN Gateway Preserved IP Address uses original routing plane
Main Components of GETVPN
Key Servers (KSs) • IOS devices responsible for creating
/maintaining control plane
• Distributing keys to the group members
Group Members (GMs) IOS devices used for encryption/decryption
GDOI (Group Domain of Interpretation,RFC 6407) Cryptographic protocol for group key management
Group Security Associations • Tunnel-less Network
• No Peer-to-Peer Tunnel required
• IPsec SAs shared by GM’s
How does it work?• Group Members (GMs) “register” via GDOI with the Key Server (KS)
• KS authenticates & authorizes the GMs
• KS returns a set of IPsec SAs for the GMs to use
GM1
GM2
GM3 GM4
GM5
GM6
GM7GM8
GM9 KS
How does it work? (cont’d)
• Data Plane Encryption
• GMs exchange encrypted traffic using the group keys
• Traffic uses IPSec Tunnel Mode with “address preservation”
GM1
GM2
GM3
GM4
GM5
GM6
GM7GM8
GM9 KS
How does it work? (cont’d)
• Periodic Rekey of Keys
• KS pushes out replacement IPsec keys before current IPsec keys expire
• Unicast rekey or Multicast rekey
GM1
GM2
GM3 GM4
GM5
GM6
GM7GM8
GM9 KS
When should I use GETVPN?
• Securing an already secure network (Private Transport)
• Efficient secure multicast traffic
• Deploying voice or similar collaborative applications requiring any-to-any encryption
• Encrypting IP packets over satellite links
VPN Solutions Compared
58
DMVPN FlexVPN GET VPN
Network Style
Large Scale Hub and Spoke with dynamic Any-to-Any
Up to 4000 sites
Converged Site to Site and Remote Access
Up to 10000 sites
Any-to-Any; (Site-to-Site)
24,000 group members per KS
Failover Redundancy
A/A based on Dynamic Routing
Dyn Routing or IKEv2 Route Distribution
Server Clustering
Stateful Failover *
Transport Routing
COOP Based on GDOI
IP Multicast Multicast replication at hub Multicast replication at hub
Multicast replication in IP WAN network *
Multicast replication in IP WAN network
QoS Per Tunnel QoS, Hub to
Spoke
Per SA QoS, Hub to Spoke
Per SA QoS, Spoke to Spoke* Transport QoS
Policy Control Locally Managed Centralized Policy Management Locally Managed
Technology
Tunneled VPN
Multi-Point GRE Tunnel
IKEv1 or IKEv2
Tunneled VPN
Point to Point Tunnels
IKEv2 Only
Tunnel-less VPN
Group Protection
Infrastructure Network
Public or Private Transport
Overlay Routing
Public or Private Transport
Overlay Routing
Private IP Transport
Flat/Non-Overlay IP Routing
3rd Party Compatibility
No Yes – up to 3rd party
implementation No
Challenges with Current WAN Encryption
• IPSec performance, complexity, and cost becoming more challenged
• Throughput constrained to the performance of the IPSec encryption engine
• MPLS, Multicast, IPv6 in some cases require GRE tunneling to operate
• GRE and IP overlays add an additional leverage of complexity and performance impact in certain router platforms
• Innovations such as DMVPN, MPLS VPN over mGRE simplify this, but IPSec performance still lowest common denominator and performance impact
• Line-rate encryption is becoming a requirement, that is simpler to operate, and removes levels of complexity from the WAN solution
WAN MACsec targets addressing these challenges…
What is MAC Security (MACsec)?Hop-by-Hop Encryption via IEEE802.1AE
• Hop-by-Hop vs End-to-End “Bump-in-the-wire” model
-Packets are decrypted on ingress port
-Packets are in the clear in the device
-Packets are encrypted on egress port
• Allows the network to continue to perform all the packet inspection features currently used
128bit AES GCM Encryption 128bit AES GCM Encryption 128bit AES GCM Encryption
011010010001100010010010001010010011101010 0110100100011000100100100001001010001001001000101001001110101
everything in clear01101001010001001 01101001010001001
ASIC
Decrypt at
Ingress
Encrypt at
Egress
Confidentiality and Integrity 802.1AE based Encryption• * NIST Special Publication 800-38D (http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf)
802.1AE
• MACSec provides Layer 2 hop-by-hop encryption and integrity, based on IEEE
802.1AE standard
• 128/256 bit AES-GCM (Galois/Counter Mode) – NIST Approved *
• Line rate Encryption / Decryption for both 100/40/10/1GbE interface
• Replay Protection of each and every frame
Protects against man-in-the-middle attacks (snooping, tampering, replay)
Standards based frame format and algorithm (AES-GCM)
802.1X-2010/MKA addition supports per-device security associations in shared media environments (e.g. PC vs. IP Phone) to provide secured communication
Network service amenable hop-by-hop approach compared to end-to-end approach (e.g. Microsoft Domain Isolation/virtualization)
Customer Benefits
MACSec Protocols & AlgorithmsFunction Protocol Specification Encryption
Algorithms1 Device Identification Secure Device
Identification
IEEE 802.1AR RSA, ECC
2 Authentication and
Key Establishment
EAP: Extensible
Authentication Protocol (EAP-TLS, Cisco EAP-FAST)
IEEE 802.1X (RFC 5126,
RFC 4851)
TLS Based:
RSA, ECC, AES,
HMAC-SHA2
3 Control Key
Management
MKA: MACSEC KEY
Agreement
IEEE 802.1X-2010 AES-128 KeyWrap,
AES-128-CMAC
AES-256-CMAC
4 Authorization and
Key Distribution
RADIUS with Cisco Key
Wrap Attributes
RFC 6218 AES-128-KeyWrap,
HMAC-SHA-2
DTLS
5 Bulk Data
Encryption
MACSEC IEEE 802.1 AE AES-GCM-128, AES-
GCM-256
802.1AE (MacSec) Tagging
DMAC SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC
MISEec EtherType TCI/AN SL Packet Number SCI (optional)
TrustSec Frame Format
Encrypted
Authenticated
0x88e5
Frames are encrypted and protected with an integrity check value (ICV)
MACsec Ethertype is 0x88e5
No impact to IP MTU/Fragmentation
L2 Frame MTU Impact*: ~ 40 bytes = less than baby giant frame
(~1600 bytes with 1552 bytes MTU)
Quick MACSec Terminology
Acronym Definition
MKAMACsec Key Agreement – defined in IEEE 802.1XREV-2010 is a key agreement protocol for
discovering MACsec peers and negotiating keys
MSKMaster Session Key, generated during EAP exchange. Supplicant and authentication server
use the MSK to generate the CAK.
CAKConnectivity Association Key is derived from MSK. CAK is a long-lived master key used to
generate all other keys used for MACsec.
CKN Connectivity Association Key Name – identifies the CAK
SAKSecure Association Key is derived from the CAK and is the key used by supplicant and switch
to encrypt traffic for a given session.
KSKey Server
• responsible for selecting and advertising a cipher suite
• responsible for generating the SAK from the CAK.
MACSec Key Agreement (MKA) and EAP Authentication
Authenticator/AS Supplicant
IEEE 802.1X/EAP
Mutual Authentication,
MACsec Key Agreement protected by key derived from the EAP
IEEE 802.1X/MKA
MSK
MACsec Key
IEEE 802.1AEMACsec protecting
data
MACSec Functional Sequence
EAPoL: EAPRequest-Iden ty
EAPoL: EAP-Response:AliceRADIUS Access-Request
[AVP:EAP-Response:Alice]
EAP Success
RADIUS Access-Accept
[AVP:EAPSuccess][AVP:EAPKeyName]
[AVP:CAK]
RADIUS Access-Challenge
[AVP:EAP-Request:PEAP]
Authen ca onandMasterKeyDistribu on
SessionKeyAgreement
Authen cator Authen ca onServerSupplicant
1
2
SessionSecure
3
EAPoL-MKA: KeyServer
EAPoL-MKA: MACSecCapable
EAPoL-MKA: KeyName,SAK
EAPoL-MKA: SAKInstalled
Encrypted Data
Encrypted Data
AES-GCM-128
IEEE 802.1X
MKA
MAC
Sec
MKA with Pre-shared and cached CAKs• When EAP is not used for Authentication – a pre-shared key (PSK) can be used.
The CAK is manually placed in the router/switch configuration and used as the PSK
• Some EAP/MACsec use cases require the link to come up even if the AAA server cannot be reached
• A preinstalled CAK can be cached in the configuration, and then used until such time as the AAA server is reached and a new CAK is obtained.
MACsec Key
Agreement protected
by CAKIEEE 802.1X/MKA
IEEE 802.1AEMACsec protecting
data
MACsec Key
Switch 1 Switch 2
MACSec Key Hierarchy
• Two Methods to derive Encryption Keys
• 802.1x/EAP
• Pre-shared Keys
• If EAP method is used – all keys are generated from the Master Session Key (MSK)
• If Pre-shared Key is used the CAK=PSK and the CKN must be manually entered
EAP MSK
CAK
CKN SAKICK KEK
CAK CKN
SAKICK KEK
Pre-Shared Key
MKA uses a key hierarchy based on a single long-term key (CAK)
CAK is derived from the EAP MSK using a key derivation function (KDF) defined in NIST SP800-108. The following is for a 128-bit CAK. (The key is longer for a 256-bit CAK.)
CAK = KDF(MSK[0-15], "IEEE8021 EAP CAK”, mac1 | mac2, CAKlength)
A unique name is derived for the CAK, called a CKN. This is like a KeyID
CKN = KDF(MSK[0-15], "IEEE8021 EAP CKN”, mac1 | mac2, CKNlength)
Note: A pre-shared or cached CAK requires both the CAK and CKN to be
saved in the network device configuration, as well as some policy (e.g.,
cipher suite)
• Two keys are generated from the CAK by MKA
ICV Key (ICK) used to prove an authorized peer sent the message
ICK = KDF(CAK, “IEEE8021 ICK”, Keyid, ICKLength)
Key Encrypting Key (KEK) used to protect the MACsec keys (SAK)
KEK = KDF(CAK, “IEEE8021 KEK”, Keyid, KEKLength)
• A MACsec key is called a Secure Association Key (SAK)
• It is typically generated using the KS FIPS 140-2 compliant random number generator
• Alternatively, it can be generated using a KDF, including randomness provided by other participants as well as the KS. This protects against a failure in KS randomness
SAK = KDF(CAK, “IEEE8021 SAK”, KS-nonce | MI-value list | KN, SAKlength)
Where:
KS-nonce is randomness provided by the KS,
MI-value list includes a 32-bit value provided by each member in the group (not the MAC address)
KN is a counter maintained by the KS
WAN MACsec Targeted Business Applications & Use Cases
Use Cases
Point to Point – E-LINE Service:• Point to Point (Port based EPL)• Hub and Spoke (VLAN based EVPL)• DC Interconnect
Multi-Point - E-LAN Service:• Point-to-multipoint (Port based EP-LAN)• Hub and Spoke (VLAN based EVP-LAN)• DC Interconnect
MACSecBusinessApplica on2DataCenterInterconnect
HeartbeatPrivateLAN
PublicLAN VIPCluster
ClusterANode2
ClusterANode1
MACSecOpportunity
ASR1K ASR1K ASR1K ASR1K
Kural Arangasamy
MACSec Benefits
• Deployment Models• Point-to-point (P2P)
• Point-to-Multipoint (P2MP)
• P2P and P2MP deployments on the same physical interface
• Mix of MACsec and Non-MACsec sub interfaces
• Encryption• Per Port – line rate
• 128/256 bit AES-GCM Data packets encryption
• No impact to IP MTU/Fragmentation
• Ease of configuration
MACsec and IPsec Comparison
Category MACsec IPsec
Market Positioning 1. Aggregate Deployments such as Regional Hubs
2. Large Branches that require high throughput
3. Data Center Interconnects
1. Small Branches
2. High Scale deployments
3. Low throughput Branches
4. Beyond MetroE (International) Reach
Link
Requirement/Topologi
es
Requires dedicated MetroE EVC circuits for L2 connectivity
between sites
Point-to-Point, Point-to-MultiPoint
Easily Routable over many commonly available public
network
Any Topology
Encryption
Performance
Per PHY Link Speed (1G, 10G, 40G, 100G) Constrained by IPsec Crypto engine performance
Services Enablement No impact to encryption throughput Impacts encryption throughput
Peers Scale Limited by hardware resources Highly Scalable
Throughput Up to Line Rate on each port (limited only by the forwarding
capability)
Aggregate throughput (limited by the encryption
throughput)
Configurability Simple configuration More complex configuration and policy choices
Layer 3 Visibility for
Monitoring
No. Except Layer 2 headers (and optionally VLAN/MPLS Labels)
everything else is encrypted
Visible. L3 info can be used for monitoring & policy
enforcement purposes
Kural Arangasamy
What is “WAN” MACSec?New Enhancements to 802.1AE for WAN/Metro-E Transport
• Ability to support 802.1Q tags in clear
• Offset 802.1Q tags in clear before encryption (2 tags is optional) or 30B?
• AES-256 (AES/GCM) support• Target Next Generation Encryption (NGE) profile that currently leverages Suite B
• Enhanced MKA key framework • (defined in 802.1X-2010) within Cisco security development (Cisco “NGE”)
• Leverage NSA Suite B algorithm set in target compliance with CSFC
• System Interoperability
• Create a common MACsec integration among all MACsec platforms in Cisco
• Vital Network Features to Interoperate over Public Carrier Ethernet Providers
• 802.1Q tag in the clear
• Ability to configure MKA EAPoL Destination Address type
• Ability to configure Anti-replay window sizes
WAN MACSec TopologyBasic Site to Site Example
• Leverage “public” standard-based Ethernet transport
• Optimize MACSec + WAN features to accommodate the service provider transport requirements
• Offer “line-rate” alternatives to IPSec when high-speed encryption is required for certain applications (DCI, storage replication, service provider backbone WAN links
Public Carrier
Ethernet
Service
Data
Center
Central
Campus/DC
MACsec Secured Path / MKA
Session
MACsec Capable Router
MACsec Capable PHY
SP Owned Ethernet Transport Device
Data
Center
Remote
Campus/DC
WAN MACSec: Top Enterprise and SP Use CasesUse Case Applicability Key WAN MACsec Feature Focus Transport
High-speed Branch
Router Back-haul
Leverage MACSec encryption rates
without need for expensive IPSec
engine
Line-rate encryption 10Gb+, 802.1Q tag in the
clear, Carrier-E adaption features, no GREE-LINE
E-LAN
High Speed Data Center
Interconnections (DCI)
Targets 10Gbps – 100Gbps DC
interconnect links for DC replication and
workload movement
100Gb Line-rate encryption, 802.1Q tag in the
clear, Carrier-E adaption features, no GRE
Simplified encryption
solutions where
Leverage lower-cost
Ethernet is offered
Leverage MACsec over Ethernet back-
haul service
Line-rate encryption 10Gb+, 802.1Q tag in the
clear, Carrier-E adaption features, no GRE
Securing MPLS links in
Self Managed MPLS
backbone
Encrypt all PE-P, P-P links inside of an
MPLS backbone. Allows transparency
of MPLS labels, MPLS TE, Segment
Routing, etc…
100Gb Line-rate encryption, 802.1Q tag in the
clear, no MPLS over GRE requirements
Securing PE-CE links to
Trusted SP Service
SP option for offering secure PE-CE
transport when PE is in Co-Lo over
untrusted links
Line-rate encryption 10Gb+, 802.1Q tag in the
clear, Carrier-E adaption features
Secure Metro Ethernet
Service Offering
SP option for offering “secure” Metro
Ethernet services to end customers
Line-rate encryption 100Gb+, 802.1Q tag in
the clear
Use Case Transport Examples Leveraged
• E-LINE
• point to point
• Point to Multipoint
• E-LAN
• Point to Multipoint
• Multipoint to Multipoint
Source: Overview presentation of the MEF - http://metroethernetforum.org/Presentations
CE1CE2
CE3CE4
P2P “virtual”
Ethernet
Pseudo-wire
Router Peering Model View over E-LINEPoint to Point E-LINE Service
Physical View
Ethernet Sub-interface with
802.1q support
Carrier Ethernet
Service
E-LINE (P2P)
IP Routing Peer
(BGP, Static, IGP)
Central
Site
CE1CE2
CE3CE4
• E-LINE is a point-to-point virtual “Ethernet wire” service
• Connection model can be point to point, with virtual multiplexing at hub site via 802.1Q/sub-interface offering
CE1CE2
CE3CE4Ethernet Sub-interface with
802.1q support
Routers peer per
VLAN sub-
interface per PW
Router Peering Model View over E-LINEPoint to Point E-LINE Service
Physical View Logical View
Ethernet Sub-
interface with
802.1q support
Carrier Ethernet
Service
E-LINE (P2P)
IP Routing Peer
(BGP, Static, IGP)
Central
SiteCentral
Site
P2P “virtual”
Ethernet
Pseudo-wire
WAN MACSec Use CasesE-LINE – Single Site to Site
• Point to point PW service (no MAC address lookup)
• Typically Port-mode, or 802.1Q offering
• Target Solution: High-speed (line-rate) transfers
• Speeds typically exceed IPSec
• Reduce IPSec complexity (DMVPN, GRE tunnels)
Carrier Ethernet
Service
Data
Center
Central
Site
MACsec Secured Path / MKA
Session
MACsec Capable Router
MACsec Capable PHY
SP Owned Ethernet Transport Device
Data
Center
Central
Site
WAN MACSec Use CasesE-LINE – Single Site to Site
• Use Cases – Requirement• 10GE 100GE High speed Site to Site requirement
• Data Center Interconnect (replication, massive storage transfers)
• IP/MPLS core/edge links (PE – P, P – P, PE – PE)
• H-QOS: per sub-interface
• WAN MACSec Features• Strong Encryption: AES-GCM-256 (Suite B)
• 802.1Q in the clear (VRF-lite option)
• Target Customer• Enterprise, Cloud Provider, Federal/Government
• Service provider desiring secure WAN links
E-LINE - Point to Point
Central
Site / DC 1
MACSec Capable Router
MACSec Secure Path / MKA Session
MACSec enable Ethernet PHY
Central
Site / DC 2
CarrierEthernetService
WAN MACSec Use CasesE-LINE Point to Multipoint Backhaul
• Point to point PW service (no MAC address lookup)
• Must leverage 802.1Q offering at Central site
• Target Solution: Simple and/or high-speed Branch Backhaul
• Speeds typically exceed IPSec
• Reduce IPSec complexity (DMVPN, GRE tunnels)
Data
CenterCarrier Ethernet
Service
Central
Site
Branch
Branch MACsec Secured Path / MKA
Session
MACsec Capable Router
MACsec Capable PHY
SP Owned Ethernet Transport Device
802.1AE (MacSec) Tagging
DMAC SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC
MISEec EtherType TCI/AN SL Packet Number SCI (optional)
TrustSec Frame Format
Encrypted
Authenticated
0x88e5
Frames are encrypted and protected with an integrity check value (ICV)
MACsec Ethertype is 0x88e5
No impact to IP MTU/Fragmentation
L2 Frame MTU Impact*: ~ 40 bytes = less than baby giant frame
(~1600 bytes with 1552 bytes MTU)
802.1AE (MacSec) Tag in “Clear”
• 802.1Q tag offers major network design options over the carrier network
DMAC SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC
MISEec EtherType TCI/AN SL Packet Number SCI (optional)
Encrypted
0x88e5
DMAC SMAC 802.1AE Header802.1Q CMD ETYPE PAYLOAD ICV CRC
MISEec EtherType TCI/AN SL Packet Number SCI (optional)
Encrypted
0x88e5
802.1Q tag in clear
MKA Session
WAN MACSec Use Case – 802.1Q Tag in the Clear
Data
CenterCarrier Ethernet
Service
Central
Site
Branch
Branch
Physical Ethernet cable
Expanded PHY View
Sub-int
Sub-int
PHYEncrypted Ethernet session per
destination using 802.1q tag on SP n-PE PHY
20
30
WAN MACSec Use Case – 802.1Q Tag in the Clear
Physical Ethernet Wire
Ethernet Interface
Supporting 802.1q Trunking
C
H
4
8
Public
Ethernet
Transport
802.1Q VLAN tags to provider
Key to solution is use of 802.1q for logical connectivity to each site
This is analogous to “channelization” in SONET
Router enables logical IP sub-interface using with 802.1Q tag per location
This will allow multiple connections into a single PHYSICAL interface
Encrypted Ethernet session per
destination using 802.1q tag on SP n-PE
MacSec
PHY
10
20
3040
WAN MACSec – 802.1Q Tag in the ClearExpose the 802.1Q tag “outside” the encrypted payload
...
interface GigabitEthernet0/0/4
macsec dot1q-in-clear 1
Interface GigabitEthernet0/0/4.20
encapsulation dot1Q 20
ip address 10.3.2.1 255.255.255.0
mka pre-shared-key key-chain k1
macsec
!
Interface GigabitEthernet0/0/4.30
encapsulation dot1Q 30
ip address 10.3.3.1 255.255.255.0
mka pre-shared-key key-chain k1
macsec
Allows the ability to leverage
MACsec on a per sub-interface
basis, exposing the “802.1Q tag”
outside the encryption header.
Note: “1” denotes one .1Q tag depth
Example:
WAN MACSec Use CasesE-LINE – Point to Multi-point Topology
• Use Case - Requirement• High Speed hub-and-spoke requirement
• Targets < 30 Site Remote Branch back-haul topology (SA Limit)
• Ability to leverage low-cost/high-speed local Metro E transport
• May require H-QOS: per sub-interface (Hub), Sub-rate (spoke)
• Desire is to eliminate IPSec complexity
• WAN MACSec Features• Strong Encryption: AES-GCM-256 (Suite B)
• Ability to leverage 802.1Q in the clear (Hub-Site logical separation), offering flexible topology options
• Target Customer• Low cost Ethernet transport service available
• May require encryption exceeding IPSec capabilities, specifically at the Hub location
• Targets: Enterprise, Commercial, Federal/Government
E-LINE - Point to Multipoint
Branch 1
MACSec Capable Router
MACSec Secure Path / MKA Session
MACSec enable Ethernet PHY
Central
Site
CarrierEthernetService
Branch 2
Branch n
MACSec 802.1Q Ethernet PHY
Source: Overview presentation of the MEF - http://metroethernetforum.org/Presentations
CE1CE2
CE3CE4
Flat Ethernet
Bridge domain
• E-LAN emulates the network as an “Ethernet switch”
• Routers appear as part of a single “flat” Ethernet domain
• Caution required as IP Peering is N – 1 (N = # of router nodes)
• Transport is MAC address aware of “well known” MAC addresses and Ether types
CE1CE2
CE3CE4
Single VLAN
Router Peering Model View for E-LAN
Physical View Logical View
Carrier Ethernet
Service
E-LAN (multi-pt)
IP Routing Peer
(BGP, Static, IGP)
Routing Peers
(N – 1)
CE1CE2
CE3CE4
Flat Ethernet
Bridge domain
• E-LAN emulates the network as an “Ethernet switch”
• Enterprise can enable “private” 802.1Q tags, allowing the
customer to build their own topology over the service provider
transport
• Example: Central Site enable internal 802.1Q tags to create
Hub/Spoke topology
Router Peering Model View for E-LANCreate Private Topology “over” Provider
Physical View
Carrier Ethernet
Service
E-LAN (multi-pt)
IP Routing Peer
(BGP, Static, IGP)
CE1CE2
CE3CE4Ethernet Sub-interface with
802.1q support
Routers peer per
VLAN sub-
interface per PW
Logical View
Central
Site
WAN MACSec Use CasesE-LAN Point to Multipoint Backhaul
• MAC address lookup based service
• WAN MACSec destination EAPoL address change may be required
• Allows MKA session over any Carrier Ethernet transport
• Leveraging 802.1Q offering at Central site
• Target Solution: Simple and/or high-speed Branch Backhaul
Data
CenterCarrier Ethernet
Service
Central
Site
Branch
Branch MACsec Secured Path / MKA
Session
MACsec Capable Router
MACsec Capable PHY
SP Owned Ethernet Transport Device
Adapting to Service Provider Ethernet ServicesEnhancement: Ability to Change EAPoL Destination Address
• MKA uses Extensible Authentication Protocol over LAN (EAPoL) as the transport protocol
• By default, EAPoL uses a destination multicast MAC address of 01:80:c2:00:00:03
• Because EAPoL is a standards (802.1X), the SP may consume this packet (based on the destination multicast MAC address)
• If so, the EAPoL packet will eventually get dropped, causing the MKA session establishment process to fail.
• We need a method to change the destination MAC address of an EAPoL packet, to ensures the SP tunnels the packet like any other data packet instead of consuming them.
EAPoL Destination Address Change Command
• The “eapol destination-address” command allows the operator to change the destination MAC address of an EAPoL packet that is transmitted on an interface towards the service provider.
• This ensures that the service provider tunnels the packet like any other data packet instead of consuming them.
• Example:
...
interface GigabitEthernet0/0/4
macsec dot1q-in-clear 1*
macsec replay-protection-window-size 100
eapol destination-address broadcast
Leverage “broadcast” address
as the destination EAPoL
address. Provider switch will
forward as standard
“broadcast” Ethernet frame.
WAN MACSec Use CasesE-LAN – Point to Multi-point Topology
• Use Case - Requirement• High Speed hub-and-spoke requirement
• Targets < 30 Site Remote Branch back-haul topology (SA Limit)
• Ability to leverage low-cost/high-speed local Metro E transport
• May require H-QOS: per sub-interface (Hub), Sub-rate (spoke)
• Desire is to eliminate IPSec complexity
• WAN MACSec Features• Leverage (if needed) use of EAPoL “destination-address” feature, to
overcome legacy MACSec keying limitations
• Strong Encryption: AES-GCM-256 (Suite B)
• 802.1Q in the clear (Hub-Site logical separation)
• Target Customer• Leverage multipoint capability based on business traffic patterns
• Desire to leverage low-cost E-LAN Ethernet transport services
• Enterprise, Commercial, Federal/Government
E-LINE - Point to Multipoint
Branch 1
MACSec Capable Router
MACSec Secure Path / MKA Session
MACSec enable Ethernet PHY
Central
Site
CarrierEthernetService
Branch 2
Branch n
MACSec 802.1Q Ethernet PHY
WAN MACSec Use CasesE-LINE Point to Multipoint Backhaul
• MAC address lookup based service
• WAN MACSec destination EAPoL address change may be required
• Allows MKA session over any Carrier Ethernet transport
• Leverage any-to-any forwarding of E-LAN service
• Target Solution: Traffic patterns that require any to any connectivity (voice, video, distributed application locations)
Data
CenterCarrier Ethernet
Service
Central
Site
Branch
Branch MACsec Secured Path / MKA
Session
MACsec Capable Router
MACsec Capable PHY
SP Owned Ethernet Transport Device
WAN MACSec Use CasesE-LAN – Multipoint to Multipoint Topology
• Use Case - Requirement• Any to Any (spoke to spoke, spoke to hub… ) node connectivity, typically
dictated by business applications and requirements
• Leverage inexpensive multipoint (ELAN) local Metro E service
• Variable site traffic patterns
• Must remain under the ~30 encryption key limit per node (full mesh)
• WAN MACSec Features• Leverage (if needed) use of EAPoL “destination-address” feature, to
overcome legacy MACSec keying limitations
• Strong Encryption: AES-GCM-256 (Suite B)
• 802.1Q in the clear capability (Hub-Site logical separation)
• Ability to change EAPoL target MAC address thru provider
• Target Customer• Low cost Ethernet transport service available
• Enterprise, Commercial, Federal/Government
• High volume of branch to branch interaction
E-LAN - Multipoint to Multipoint
Branch 1
MACSec Capable Router
MACSec Secure Path / MKA Session
MACSec enable Ethernet PHY
Central
Site
CarrierEthernetService
Branch 2
Branch n
MACSec 802.1Q Ethernet PHY
WAN MACSec for Secure MPLS BackbonePer Link Encryption at 100Gb+ with MACSec End-to-End
PE 1
PE2
PE3
P2
P4
P1
P3
• Leverage MACSec encryption on WAN links connecting PE and P
routers in MPLS Core up to 100Gb, N x 100Gb
• Offers the ability of “per hop” analytics at P/PE hops
• WAN links transparent to: MPLS, MPLS-TE, IPv4/v6, QoS, routing,
multicast, Segment Routing
Enterprise
Site
Data
Center
Enterprise
Site
Data
Center
Enterprise
Site
Data
Center
MACsec Secured Path / MKA
Session
MACsec Capable Router
WAN MACSec with PfRHybrid WAN Leveraging MACsec for High Speed Encryption
Branch
DMVPN
One IPsec OverlayDMVPN
One WAN Routing
DomainiBGP, EIGRP, or OSPF
Active/Active
WAN Paths
One MACsec UnderlayDMVPN + MACsec
HYBRID Encryption Option
IPSec + MACSec
Data Center
ISP A SP V
MACSec Capable Router
MACSec Secure
Path / MKA Session
Leverage MACsec
when encryption
requirement
exceeds IPSec
This is NOT IWAN, but leverages common components
CarrierEthernet
• Leverage MACSec for data transport that
exceeds IPSec’s performance capability
• Leverage IPSec/DMVPN for backup path
over the Internet
• If MACSec link fails, operator has choice
to throttle down high-speed application -
or- wait for high-speed link to recover
• Leverage Policy Based Routing (PBR) or
PfR to dictate application paths for
MACSec and IPSec/DMVPN paths
Internet
Hierarchical “Hybrid” MACSec + IPSec Design
Carrier Ethernet
WAN
Enterprise
Network
Central
Campus / DC Regional
Hub 1
Regional
Hub 2
Branch
IPsec Sites
Branch
Branch
Internet
Branch
Branch
Branch
MACsec IPsec
IPsec
Regional
Hub 3 + DC
MACsec
IPsec
MACsec
Line Rate Encryption + Lower Scale Sites
• “Hybrid” design option for mix of scale, performance, leveraging Ethernet services
• MACsec: Core/Backbone Transport – Higher throughput BW, Lower Scale Requirement
• IPSec: Branch/back-haul – Lower throughput BW, higher scale remote sites, could
leverage DMVPN, GET VPN, etc…
Branch
Lower Throughput Encryption + High Scale Sites
Internet
Metro E
What is OTN?
• OTN = Optical Transport Network
• Standards docs:
• G.709 Hierarchy and frame structures
• G.872 Architecture
• G.798 Management functions etc
• OTN defines a framing technology that is very similar to SONET/SDH (TDM)
• OTN started as a digital wrapper around WDM client signals to improve reach and manageability
• Evolved to a complex multiplexing hierarchy that enables a service layer
Payload
k OTUk OPUk Payload
0 1,238,954 k
1 2,666,057 k 2,488,320 k
2 10,709,225 k 9,995,277 k
3 43,018,414 k 40,150,519 k
4 111,809,974 k 104,355,975 k
Why OTN Encryption?
Data Center B
Data Center A
OTN
Overhead PAYLOAD
OC-192/STM-64 Fibre Channel Ethernet OTU-2
• Bulk Encapsulation of the client signal ensures line rate
• Encrypting the OTN Payload allows Transparency and Interoperability
The Role of Layer 1 encryption in securing your network
• Bulk Encryption at the OTN layer provides agnostic, line rate, client payload encapsulation security across the transport network
• Current encryption devices are not protocol agnostic
• They only encrypt a single type of traffic type
i.e. Ethernet, IP, SONET requiring “stacking” of multiple types of Encryption devices driving interface count and complexity
• If the ability for the customer can leverage encryption at the optical layer, it eliminates the need for ALL layers above it
Wire Speed Encryption (WSE)10G Multi-Rate OTN/DWDM Encryption
L1
L3
L2
• Robust Key Exchange Mechanism over G.709 GCC2 using TLS and ECDH
• AES-256 Data Payload Encryption
• Card Authentication, GMAC Frame Authentication
• FIPS 140-2 level 2 Certified, Common Criteria Certified
• OTN Encryption
• IPSec
• MACSec
Optical Transport Network (OTN) Encryption
Data Center #1
Data Center #2
Data Center #3
DC
Edge
Router OTN
OTN
OTN
OTN
DC
Edge
Router
DC
Edge
Router
OTN Secured Path / MKA
Session
NCS 2000 + OTN Encryption Interface
• Bulk Encryption at the OTN layer provides protocol agnostic, line rate, client payload encapsulation security across the transport network
• Eliminates the need to encrypt at the IP, Ethernet, SONET or application layers
• Encryption is line-rate at 10Gbps (100 Gbps future)
• Idea, solution: DCI, or when fiber channel needs protection
WSE - Wire Speed Encryption Card10G Multi-Rate OTN/DWDM Encryption Card
• Single slot card for 2, 6, and 15 slot chassis – ONS-MSTP/NCS 2000
• 10x SFP+ ports supporting 5x completely independent Encrypted 10Gbps streams
• Real-time Encryption and Authentication of Multiple Client types
• CTC & CPO controlled
• Integrated Transponder Functionalities
• Trunk SFP+’s can be grey (SR, LR, ER, ZR) or WDM (Full C-band Tunable)
• FEC or E-FEC can be SW Provisioned on Trunk
• OTN Ports can be interconnected with 40G or 100G MXP for wavelength
aggregation
Positioning the Proper Encryption Solution
• It is important NOT to position encryption solutions against one another
• Rather, consider each as a tool in the tool bag, which requires a positioning exercise to meet the technical and business requirement
• Remember, beyond IPSec, “the underlying transport dictates the available encryption options that can be leveraged”
• Understand the sum of the requirements, available technology options in the router, and align the solution with this combination
• Key Factors for encryption decisions will include:
1. Transport availability / options
2. Performance requirements of the solution/application
3. Scale of the design and requirements (number of spokes, connected end-
points, aggregate encryption)
Multi-Layer Encryption Options
L3
L2
L1
• Link encryption options offer alternatives to IPSec
• Link encryption offers trade-off’s (speed vs. scale) when high-speed encryption (N x 10G or 100Gbps) is required
• IPSec
• Ethernet• ATM
• OTN• SONET
Link Encryption
options
Encryption Positioning MatrixDesign Component OTN MACsec IPSec
Topology – Point to Point
Topology – Multipoint Capable (P2MP, MP2MP) Per Port per site x x
Transport Service Support
Ethernet (P2P, Point to Multipoint) x x
IP (MPLS VPN, broadband, Internet) x
Optical / Lambda / Dark fiber x x (to xponder) X (speed limited)
Logical Link Segmentation (802.1Q/sub-int capable) x x
Leverage legacy transport (T1/E1/T3/E3, SONET/SDH) x
Encryption Performance
Encryption Line rate per the PHY interface (1/10/40/100G) x x
Encryption process NOT dependent on physical interface x x
Encryption rate limited by packet size, MTU, PPS of engine
Scale
Hub Site Scale (Hub/Spoke Topology) (1 int/site/link) (PHY dependent) x (1000+ sites)
Simplicity of Configuration x x x
Transparent to IPv4/v6, MPLS, IGP/BGP, IP Multicast x x X (needs GRE)
Excellent Not SupportedSupported (with Limitations)
Summary – Key Advantages
Encryption Key Factors Technology Options
IPSec • IPSec by far the most flexible encryption option (completely
agnostic to underlying transport)
• Is limited by packet size and packet per second performance
(IPSec performance not typically equal to router performance)
• Together with other enhancements (DMVPN for example), IPSec
can support massive scale (beyond 4000 connections)
DMVPN, GETVPN (typically paired
with MPLS VPN over mGRE, LISP,
and is native multicast capable),
FlexVPN, TLS
MACSec • Supports line-rate Ethernet performance (100+ Gb) regardless of
MTU, packet size
• Is transparent to upper layer IP protocols
• No performance impact on router forwarding capabilities
Supported in the router/switch
Ethernet PHY, WAN MACsec
Enhancements, transparent to IP
and MPLS over encrypted links
OTN • Supports of line-rate performance at optical/OTN layer
• Encapsulation frame formats include: 10Gb, 100+ Gb, rich
client-side encapsulation options at OTU2
• Transparent to both Layer 2 (Ethernet) and Layer 3 (IP) upper
layer IP protocols
Optical transport capabilities, with
handoff to other optical platforms
(transponder, OADM, etc…)
Solutions are complimentary and can be run together for additional security
Roadmap – WAN MACSec
Platform Module /
Linecard
Encryption Speed Target
when Shipping
Timeframe Target Use
Cases
ISR 4k Platform 1 or 2-port GE
NM (RJ45/SFP)
AES-GCM-128
or 256
1G 2H - 2015 Branch, WAN
edge
ASR 1001-X 2 x 10G, 6 x 1G
(on board ports)
AES-GCM-128
or 256
100Mb, 1G, 10G NOW Branch, WAN
Aggregation, DCI
ASR 1000 Series Modular LC
6x10G,
2x40G,18x1G
AES-GCM-128
or 256
100Mb, 1G, 10G 1H - 2016 WAN
Aggregation, DCI
ASR 9000 Series 4 or 8-port 800G
Linecard
AES-GCM-128
or 256
1/10G, 40G, 100G 2H - 2015 WAN
Aggregation,
high-speed DCI,
MPLS Edge/Core
NCS 2000/WSE 5-port (client
Tx/Rx pair)
10Gbps
AES-GCM-128
or 256
10Gbps NOW Optical core, DCI
* All roadmap dates are subject to change
Participate in the “My Favorite Speaker” Contest
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle <Speaker—enter your Twitter handle here>
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could Be a Winner
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions