advanced computer networking (acn) · vxlan ipsec security databases internet key exchange version...
TRANSCRIPT
Chair of Network Architectures and ServicesDepartment of InformaticsTechnical University of Munich
Advanced Computer Networking (ACN)
IN2097 – WiSe 2019-2020
Prof. Dr.-Ing. Georg Carle
Sebastian Gallenmüller, Max Helm,Benedikt Jaeger, Patrick Sattler, Johannes Zirngibl
Chair of Network Architectures and ServicesDepartment of Informatics
Technical University of Munich
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
Security databases
Internet Key Exchange version 2
Encapsulating Security Payload
IPsec Example
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-1
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-2
IntroductionTunneling
Definition
• Tunneling encapsulates one datagram within another datagram.• The outer packet and its headers are regarded for switching / routing purposes of the underlay network.• The inner packet is opaque to the underlay network.• The overlay network handles the inner packet, including switching and routing.• May be used at any layer of the ISO OSI model.
Possible benefits• Build overlay structure• Deal with heterogeneous protocols• Protect traffic• Isolate customers (data center)
But ...• More overhead• Configuration effort• MUCH room for misconfiguration
Tunnel Endpoint 1 Tunnel Endpoint 2
Network Network
Chapter 8: Tunnel Protocols – Introduction 8-3
IntroductionPossible Tunneling Use Cases
What can be achieved with a tunnel?
• Force packet to reach specific node in the network (different path than from regular routing), e.g. usingIP-in-IP tunnel - RFC 2003
• Traverse incompatible nodes, e.g. IPv6 tunnel over IPv4 only nodes• Provide secure connection between different nodes, e.g. using IPsec
Which considerations when using tunneling?
• Performance• Processing overhead• Packet length overhead: reduced MTU, possible fragmentation, limited visibility to end systems
• Security• Correct configuration and tunnel setup not trivial• Inner and outer headers need to be verified• Tunnels may circumvent security policies (e.g. bypassing filters / firewalls)
Chapter 8: Tunnel Protocols – Introduction 8-4
IntroductionTunneling Technologies
Representative Tunneling Technologies
• Traffic management and isolation• VLAN• MPLS• VXLAN
• Secure tunnels• IPsec• TLS, DTLS• Wireguard• ssh• TOR - Onion Routing Overlay
• Protocol innovation; incremental protocol deployment• IP multicast overlays, e.g. “Mbone” (“multicast backbone”)• various IPv6 transition technologies• Peer-to-Peer overlays
Chapter 8: Tunnel Protocols – Introduction 8-5
IntroductionVirtual Private Network (VPN)
What is a VPN?
• In general, just another tunneling protocol• VPNs are usually encrypted• Provide secured connections between different nodes
Use cases:
• Securely connect different offices to HQ• Build secure connection from a laptop to a company network• Anonymization• Example: LRZ offers two types of VPN:
• Cisco AnyConnect (use this): TLS-based signalling, and DTLS transport of tunneled VPN traffic, with possible fallback to TLS-based transport where UDP traffic is blocked.
• Cisco IPsec-based VPN (deprecated): with IKEv1 signalling protocol
Chapter 8: Tunnel Protocols – Introduction 8-6
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-7
VLANVirtual Local Area Network [1]
General Information
• Standardized in IEEE 802.1Q• Incorporated inside the Ethernet header• Tunnel endpoints are managed switches• One physical network provides multiple virtualized networks
Use cases
• Separate “secure” network from “public” network (e. g. CCTV cams)• Separate different business units (Development, HR, Finances, . . . )• Characterize traffic (see QoS)
Chapter 8: Tunnel Protocols – VLAN 8-8
VLANVirtual Local Area Network Header Layout
Preamble
SFD Destination MAC Source MAC VLAN Type Data (L3-PDU) FCS (CRC-32)
7 B 1 B 6 B 6 B 4 B 2 B 42 – 1500 B 4 B
Ethernet Frame 64 − 1522 B
TPID
PC
P
DE
I
VID
2 B 2 BField Length
PCP 3 BitDEI 1 BitVID 12 Bit
TCI
• VLAN header is inserted between source MAC and ethertype• Ethernet frames having a VLAN header are called tagged (normal frames are called untagged)• VLAN header consists of 4 fields:
• TPID: “Tag Protocol Identifier”, always 0x8100, used to indicate that a frame is tagged• PCP: “Priority Code Point”, prioritization of traffic, can be used to prioritize different classes of traffic (c.f. IEEE
802.1p)• DEI: “Drop Eligible Indicator”, describes if the frame may be dropped in case of congestion• VID: “VLAN Identifier”, identifies to which VLAN this frame belongs, from 1 to 4094 (0 and 4095 reserved), most
important field
Chapter 8: Tunnel Protocols – VLAN 8-9
VLANAccess Ports and Trunk Ports
Access Ports
• Traffic sent to / from this port is not tagged• Network connected to an access port is logically in one single VLAN• “The port you connect your desktop to”
Trunk Ports
• Can send / receive traffic from multiple VLANs• Tagged frames are forwarded unchanged• Every untagged frame is tagged using the native VLAN• Typical switch-to-switch link• Use with VLAN aware hosts
Chapter 8: Tunnel Protocols – VLAN 8-10
VLANExample network
CCTV Camera CCTV Camera
Internet
VLAN 1 (untagged)
VLAN 2 (untagged)
VLAN 3 (untagged)
Mixed (tagged)
• Switch-to-Switch ports are trunk ports• Switch-to-Server port is a trunk port• All other switch ports are access ports
Chapter 8: Tunnel Protocols – VLAN 8-11
VLANQ-in-Q (stacked VLANs)
Encapsulate VLANs in VLANs
• Defined in IEEE 802.1ad• Two VLAN headers instead of one (Dst MAC | Src MAC | VLAN | VLAN | Ethertype | ... | FCS)• Total of 4094 · 4094 = 16760836 VIDs
Use Case: 4094 VIDs are not sufficient
• Large networks may need more than 4094 VLANs• Expanding the VID space is enough
Use Case: Customer network on top of provider network
• ISPs or data centers use one VLAN per customer• Customer are isolated from each other• Customers want to use VLANs themselves• “Lower” VLAN header is managed by the datacenter / provider• “Upper” VLAN header is managed by the customer
Chapter 8: Tunnel Protocols – VLAN 8-12
VLANVirtual Local Area Network inside (home) routers
Managed Switch
Port 3Port 2Port 1 Port 4 Port 5
CPU
specific VLAN Tags
Untagged
Managing multiple ports using one network controller
• Managed switch is configured to assign one VLAN tag for WAN port, and another for LAN ports• CPU is only needed for WAN routing, control (ARP,ICMP) and management, not for switching• VLAN tags allow CPU to distinguish if frame origin is LAN or WAN• Often seen in consumer hardware
Chapter 8: Tunnel Protocols – VLAN 8-13
VLANVirtual Local Area Network inside (enterprise) routers
Managed Switch
Port 3Port 2Port 1 Port 4 Port 5
Router
CPU
specific VLAN Tags
Untagged
Extra routing component
• Offload most traffic to dedicated hardware device• Handle special cases in Software (slower, higher latency)
Chapter 8: Tunnel Protocols – VLAN 8-14
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-15
VXLANMotivation - Virtual eXtensible Local Area NetworkGeneral Information
• Standardized in 2014 in RFC 7348 [2] (rather short standard)• Builds layer 2 overlay network on top of a layer 4 (UDP) underlay network• Has 24 bit VXLAN network identifier (VNI), which allows 16 million virtualized networks• Suitable to reach VMs in large data centers / “the cloud”
Problem Statement
• Servers host a large number of VMs• Each VM has its own MAC address• VMs need to connect to VMs on other servers• Switch needs to handle thousands of MAC addresses of VMs
Another Problem Statement
• Provider and clients both want to use VLANs• Provider allocates VLANs to clients• Very limited amount of VLANs per client• Clients may misconfigure the VMs• Also solved by Q-in-Q (stacked VLANs), but this is not always applicable
Chapter 8: Tunnel Protocols – VXLAN 8-16
VXLANApproach
Ethernet Header
14 B
IP Header
20/40 B
UDP Header
8 B
VXLAN Header
8 B
L2 Frame (Payload)
variable size
Flags
1 B
Reserved
3 B
VNI
3 B
Reserved
1 B
Encapsulation Strategy
• Encapsulate original layer 2 frame inside UDP• Virtual networks enumerated by VXLAN Network Identifier (VNI)
UDP header fields
• Source Port: Hash of inner 5-tuple great for load balancing• Destination Port: Always 4789• Length: Length of layer 2 frame + UDP header size
Chapter 8: Tunnel Protocols – VXLAN 8-17
VXLANBenefits
What makes VXLAN a “good” tunneling protocol?
• Builds on top of a layer 3 with only multiplexing on layer 4 (done by UDP)• Network may belong to an ISP• “The Internet” is layer 3• VXLAN can be used over the Internet, VLAN cannot
• Layer 3 routing protocols can be used (BGP, OSPF, . . . )• Better multipath support
Chapter 8: Tunnel Protocols – VXLAN 8-18
VXLANExample network
CCTV Camera CCTV Camera
Internet
VNI 1
VNI 2
VNI 3
Layer 3 underlay network
• Links marked as VNI 1/2/3 contain normal Ethernet frames• Layer 3 network is some arbitrary layer 3 network (e.g. an ISP)• The two switches encapsulate (/ decapsulate) to (/ from) the VXLAN frames• Remark: Real world VXLAN-capable switches violate strict layering and use L3 information
Chapter 8: Tunnel Protocols – VXLAN 8-19
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
Security databases
Internet Key Exchange version 2
Encapsulating Security Payload
IPsec Example
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography Chapter 8: Tunnel Protocols 8-20
IPsecInternet Protocol Security
• Standardized by a number of RFCs (most important RFC 4301 [3])• 2 modes of operation
• Tunnel Mode: (a) Subnet to Subnet, Endpoints are called Security Gateways, or (b) Host to Security Gateway• Transport Mode: Host to Host
• 2 phases of operation• Handshake: Establish one or more Security Associations (SA), IPsec signalling protocols that establish SAs:
IKEv1 (old), IKEv2• Data transfer: Use SAs to send encrypted and/or integrity protected traffic, Protocols used: Encapsulated Security
Payload (ESP), Authentication Header (AH)
• Implementations• Commercial implementations by major hardware vendors (Cisco, Juniper, Arista, ...)• Open Source implementations (IKEv1 / IKEv2 / ESP / AH)
• IKEv1 (deprecated - don’t use it) - implementations include: vpnc• IKEv2 (State-of-the-art) - implementations include: strongSwan, libreswan• ESP / AH: Linux / FreeBSD kernel
• Usage scenarios• Connections between different sites (e.g. branch office to HQ)• Connection of client into enterprise network (road warrior scenario)
Chapter 8: Tunnel Protocols – IPsec 8-21
IPsecModes of operation
EP EP
SG EP
SG SG
Figure 1: Typical setups
Chapter 8: Tunnel Protocols – IPsec 8-22
IPsecIPsec handshake and encryption
...
...
initiator responder
IKE
ESP
Chapter 8: Tunnel Protocols – IPsec 8-23
Security databasesStructural Overview
• Handshake (IKEv1/2) establishes Security Associations (SA)• SA is used to secure traffic in accordance with Security Policies (SP)• A SP can choose to protect, bypass or discard traffic• An example SP may say “All traffic to IP subnet 131.159.0.0/24 needs to be encrypted”• SAs and SPs are stored in databases called Security Association Database (SAD) and Security Policy
Database (SPD)• SAs are identified by Security Parameter Indices (SPIs)
Chapter 8: Tunnel Protocols – IPsec 8-24
Security databasesContent
Security Policy Database
• Discard, bypass, protect• Direction• Selectors
• Local, remote IP address ranges• Next layer protocol
• Local, remote ports• ICMP type/code
• Populate from packet flag
• Name (Fully qualified domain name)• IPsec mode• IPsec protocol
Security Association Database
• Security Parameter Index (SPI)• 64 bit sequence number counter• Anti-replay window• Algorithms, keys, Initialisation Vector (IV)• Lifetime• IPsec mode
Chapter 8: Tunnel Protocols – IPsec 8-25
Security databasesDatabase relashionships
Internal Network (Overlay)
SPD lookup
SAD lookup
apply SA transformations create SA
forwarding
External Network (Underlay)
protect
SA found
discard
bypass
Figure 2: Traffic from internal to external network
External Network (Underlay)
wait for fragments
lookup SA using SPI
process ESP/AH
check SPD inbound selector
SPD check
forwarding
IPsec
found SA
matches
bypass
discard
Internal Network (Overlay)
Figure 3: Traffic from external to internal network
Chapter 8: Tunnel Protocols – IPsec 8-26
Internet Key Exchange version 2IKEv2 concepts
• Nodes: initiator, responder• Pairs of messages: request, response
Shared state can also be established by hand.
Chapter 8: Tunnel Protocols – IPsec 8-27
Internet Key Exchange version 2IKEv2 formatheader format (on port 4500 preceeded by 4 zero octets):
0 7 8 11 12 15 16 23 24 31
initiator Security Parameter Index (SPI)
responder SPI
next payload maj. v. min. v. exchange type flags
message ID
length
generic payload format:0 7 8 9 15 16 31
next payload C reserved payload length
Chapter 8: Tunnel Protocols – IPsec 8-28
Internet Key Exchange version 2Security Associations and Traffic Selectors
Traffic selectors (TS)
• IP version• IP protocol• Port range or ICMP code/type• IP address range
SA proposals
• IKE/ESP/AH• SPI, size• Encryption algorithm• Integrity protection algorithm• PRF (Pseudorandom Function Family) algorithm• DH group (Diffie-Hellman group)
“Assembly of Security Association payloads requires great peace of mind.” — RFC 7296
Chapter 8: Tunnel Protocols – IPsec 8-29
Internet Key Exchange version 2IKEv2 overview
initiator responder
IKE SA,key agreement
authentication,child SA
SAIKEi , DHi , Ni
SAIKEr , DHr , Nr
IDi , CERTi , IDr , AUTHi , SAchildi , TSi , TSr
IDr , CERTr , AUTHr , SAchildr , TSi , TSr
SKd |SKai |SKa
r |SKei |SKe
r |SKpi |SKp
r := KDF(Ni |Nr , DH, SPIi |SPIr )
AUTHi ← sign(msg1, Nr , prf (SKpi , id))
Chapter 8: Tunnel Protocols – IPsec 8-30
Internet Key Exchange version 2IKEv2 messages
• IKE_SA_INIT• IKE_AUTH• CREATE_CHILD_SA• INFORMATIONAL
Chapter 8: Tunnel Protocols – IPsec 8-31
Internet Key Exchange version 2CREATE_CHILD_SA
initiator responder
SAi , Ni , DHi , TSi , TSr
SAr , Nr , DHr , TSi , TSr
• Sent in IKE SA• May include additional information, e. g. signal rekeying
Chapter 8: Tunnel Protocols – IPsec 8-32
Encapsulating Security PayloadESP format
source port destination port = 4500
length checksum
0 7 8 15 16 31
SPI
sequence number (optional)
initialization vector (variable)
payload (variable)
Traffic Flow Confidentiality padding (optional,variable)
block cipher padding (optional, variable)
pad length next header
Integrity Check Value (variable)
Chapter 8: Tunnel Protocols – IPsec 8-33
Encapsulating Security PayloadProtocols and modes
plain IP IP TCP L7
ESP tunnel IP ESP IP TCP L7 ESP
ESP transport IP ESP TCP L7 ESP
AH tunnel IP AH IP TCP L7
AH transport IP AH TCP L7
Chapter 8: Tunnel Protocols – IPsec 8-34
Encapsulating Security PayloadReplay protection and integrity
• Check ICV• Some fields are not transmitted, e. g. part of the sequence number
Replay protection:
• Counter starts at zero• Right window edge: highest received• 64 lower allowed; even lower: discard• Bit mask in between
Chapter 8: Tunnel Protocols – IPsec 8-35
IPsec ExampleExample Message Exchange
SG 1
131.159.0.0/24
SG 2
131.159.1.0/24
From clientTo server
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect -131.159.1.0/24 131.159.0.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect -131.159.0.0/24 131.159.1.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
Security Association Database (SG 2)
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect 0x1234131.159.1.0/24 131.159.0.0/24 Protect 0x5678
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect 0x5678131.159.0.0/24 131.159.1.0/24 Protect 0x1234
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 2)
Chapter 8: Tunnel Protocols – IPsec 8-36
IPsec ExampleExample Message Exchange
SG 1
131.159.0.0/24
SG 2
131.159.1.0/24
IKEv2 Handshake
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect -131.159.1.0/24 131.159.0.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect -131.159.0.0/24 131.159.1.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
Security Association Database (SG 2)
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect 0x1234131.159.1.0/24 131.159.0.0/24 Protect 0x5678
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect 0x5678131.159.0.0/24 131.159.1.0/24 Protect 0x1234
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 2)
Chapter 8: Tunnel Protocols – IPsec 8-36
IPsec ExampleExample Message Exchange
SG 1
131.159.0.0/24
SG 2
131.159.1.0/24
ESP Tunnel
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect -131.159.1.0/24 131.159.0.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect -131.159.0.0/24 131.159.1.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
Security Association Database (SG 2)
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect 0x1234131.159.1.0/24 131.159.0.0/24 Protect 0x5678
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect 0x5678131.159.0.0/24 131.159.1.0/24 Protect 0x1234
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 2)
Chapter 8: Tunnel Protocols – IPsec 8-36
IPsec ExampleExample Message Exchange
SG 1
131.159.0.0/24
SG 2
131.159.1.0/24
ESP Tunnel
From clientTo server
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect -131.159.1.0/24 131.159.0.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect -131.159.0.0/24 131.159.1.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
Security Association Database (SG 2)
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect 0x1234131.159.1.0/24 131.159.0.0/24 Protect 0x5678
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect 0x5678131.159.0.0/24 131.159.1.0/24 Protect 0x1234
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 2)
Chapter 8: Tunnel Protocols – IPsec 8-36
IPsec ExampleExample Message Exchange
SG 1
131.159.0.0/24
SG 2
131.159.1.0/24
ESP Tunnel
From clientTo server
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect -131.159.1.0/24 131.159.0.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect -131.159.0.0/24 131.159.1.0/24 Protect -
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
Security Association Database (SG 2)
Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect 0x1234131.159.1.0/24 131.159.0.0/24 Protect 0x5678
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 1)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 1)
Source Destination Action SPI131.159.1.0/24 131.159.0.0/24 Protect 0x5678131.159.0.0/24 131.159.1.0/24 Protect 0x1234
0.0.0.0/0 0.0.0.0/0 Bypass -
Security Policy Database (SG 2)
SPI Algorithms Keys
0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)
0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)
Security Association Database (SG 2)
Chapter 8: Tunnel Protocols – IPsec 8-36
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-37
TLS/SSL-based VPNsOpenVPN [4]
Overview
• Key exchange is based on TLS/SSL• Can be used on top of UDP or TCP (Why is TCP a bad idea?)• Traffic encryption uses custom scheme• Good NAT traversal properties• Easy to use• Not an industry standard• Not very “professional”, but hacker community likes it• Open Source
Use case:
• Road warriors (laptops connecting to the office)• Students etc. building a cheap VPN
Chapter 8: Tunnel Protocols – TLS/SSL-based VPNs 8-38
TLS/SSL-based VPNsCisco AnyConnect [5][6]
Overview
• Proprietary Cisco software• Supports several protocols:
• (Mostly) SSL/TLS based• Can use Datagram TLS (DTLS), DTLS uses UDP instead of TCP• Can run on port 443 (HTTPS)→ usually no problem with firewalls
• No problems with NAT
Use cases:
• Big corporations supporting mobile endpoints (laptops)• Corporations with existing Cisco infrastructure• Academic compute centers (e.g. LRZ) deployed Cisco AnyConnect
Chapter 8: Tunnel Protocols – TLS/SSL-based VPNs 8-39
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-40
VPN Performance MeasurementsEvaluation setup
forwardgenerate
traffic
encryptdecrypt encrypted traffic
DuTload generator
NIC
NIC
NIC
NIC
Figure 4: Setup
• Hardware: Intel Xeon E3-1230 v2 (4 cores, 3.3 GHz), Intel X520 NIC• Single core measurements• NIC supports IPsec encrypt/decrypt in hardware• Comparison of IPsec in three test setups:
• NIC offload IPsec• Linux IPsec• Linux IPsec with CPU encrypt/decrypt acceleration (AES-NI)
Chapter 8: Tunnel Protocols – VPN Performance Measurements 8-41
VPN Performance MeasurementsEvaluation results
64 256 512 1,0240
2,0004,0006,0008,000
10,000
1,462
[Mbi
t/s]
Figure 5: Throughput with different packet lengths
64 256 512 1,0240
50
100
1,462Packet size [Byte]
[cyc
les/
byte
]
MoonGen IPsecLinux 3.16 (AES-NI)Linux 3.16 (standard)
Figure 6: Costs per packets with different packet lengthsChapter 8: Tunnel Protocols – VPN Performance Measurements 8-42
VPN Performance MeasurementsCPU Load and DPDK
• NIC hardware acceleration utilizes DPDK• DPDK produces 100% CPU utilization• Effective load ∼ 10%
(90% of free capacity)• Reduce CPU clock while throughput of DPDK solution is still comparable with Linux
Chapter 8: Tunnel Protocols – VPN Performance Measurements 8-43
VPN Performance MeasurementsEnergy consumption
Power Drain Throughput CPU Load Energy/B[W] [Gbit/s] [3.3 GHz] [mJ]
NIC IPsec offload 100 1.00 20% 0.100Linux 3.16 (AES-NI) 108 1.00 100% 0.108Linux 3.16 107 0.48 100% 0.208
• Data sheet: NIC cryptographic engine uses 0.2 W
Chapter 8: Tunnel Protocols – VPN Performance Measurements 8-44
VPN Performance MeasurementsVPN Acceleration Conclusion
IPsec on the NIC is more energy efficient, faster, and saves CPU resources. Why is it not used more often?
• Not every NIC supports feature• Not supported by the official NIC driver• NIC does not do key exchange, CPU/OS still need to take care of initial setup and later rekeying
Chapter 8: Tunnel Protocols – VPN Performance Measurements 8-45
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-46
Other protocolsPoint-to-Point Tunneling Protocol (PPTP) [7]
• Standardized in 1999• Mostly deployed in Microsoft Windows environments• Weak authentication and encryption schemes• Should not be used anymore• Uses a modified version GRE for tunneling
Chapter 8: Tunnel Protocols – Other protocols 8-47
Other protocols
Other well-known tunneling protocols
• Generic Routing Encapsulation (GRE)• Layer 2 Tunneling Protocol (L2TP, RFC 3355)• SSH tunnel (port forwarding)• IP-over-IP (RFC 2003)• HTTP tunnel• ICMP tunnel• DNS tunnel• . . .
Chapter 8: Tunnel Protocols – Other protocols 8-48
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-49
Summary
Different protocols for different use-cases
• Simplifying L2 networks administration and separation: VLAN, VXLAN• Connect remote workers to company resources over the Internet: IPsec, SSL-based VPNs• Evade some firewalls: IP-over-(HTTP/DNS/ICMP), . . .
Different protocols for different features
• Encryption and authentication• Easier addressing• Performance (e.g. TCP-over-TCP)
Different protocols for different software support
• Some tunneling protocols are directly supported by operating systems
Chapter 8: Tunnel Protocols – Summary 8-50
Chapter 8: Tunnel Protocols
Introduction
VLAN
VXLAN
IPsec
TLS/SSL-based VPNs
VPN Performance Measurements
Other protocols
Summary
Bibliography
Chapter 8: Tunnel Protocols 8-51
Chapter 8: Tunnel Protocols
[1] Wikipedia Contributors. IEEE 802.1Q. https://en.wikipedia.org/wiki/IEEE_802.1Q. 2017.
[2] M. Mahalingam et al. Virtual eXtensible Local Area Network (VXLAN). https://tools.ietf.org/html/rfc7348.2014.
[3] S. Kent and K. Seo. Security Architecture for the Internet Protocol. https://tools.ietf.org/html/rfc4301.2005.
[4] OpenVPN Developers. OpenVPN Security Overview.https://openvpn.net/index.php/open-source/documentation/security-overview.html. 2017.
[5] Cisco. Cisco IOS Secure Sockets Layer (SSL) VPN Technology Overview.https://www.cisco.com/c/dam/en/us/products/collateral/security/ios-sslvpn/IOS_SSL_VPN_TDM_v8-jz-an.pdf.2008.
[6] Cisco. Cisco AnyConnect Secure Mobility Client Data Sheet.https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/datasheet-c78-733184.html.2017.
[7] K. Hamzeh et al. Point-to-Point Tunneling Protocol. https://tools.ietf.org/html/rfc2637. 1999.
Chapter 8: Tunnel Protocols 8-52