Scribd Logo
Carica

Benvenuto in Scribd!

  • Revised IPsec Processing Model

    Caricato da

    Andra Cojocariu
    5 visualizzazioni7 pagine
    The document outlines revisions to the IPsec processing model, including: - SPDs no longer defined per interface but can support multiple contexts. - Forwarding decisions are separate from SPD selection and can use packet headers and metadata. - Nested SA support is now optional and requires coordination between forwarding tables and SPD entries. It provides diagrams of the revised outbound and inbound processing models showing the flow through SPD selection, SA lookup, forwarding decisions, and interfaces.

    Descrizione originale:

    IPSEC

    Titolo originale

    ipsec-2

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    The document outlines revisions to the IPsec processing model, including: - SPDs no longer defined per interface but can support multiple contexts. - Forwarding decisions are separate from SPD selection and can use packet headers and metadata. - Nested SA support is now optional and requires coordination between forwarding tables and SPD entries. It provides diagrams of the revised outbound and inbound processing models showing the flow through SPD selection, SA lookup, forwarding decisions, and interfaces.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    5 visualizzazioni7 pagine

    Revised IPsec Processing Model

    Caricato da

    Andra Cojocariu
    The document outlines revisions to the IPsec processing model, including: - SPDs no longer defined per interface but can support multiple contexts. - Forwarding decisions are separate from SPD selection and can use packet headers and metadata. - Nested SA support is now optional and requires coordination between forwarding tables and SPD entries. It provides diagrams of the revised outbound and inbound processing models showing the flow through SPD selection, SA lookup, forwarding decisions, and interfaces.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 7

    2401bis: Revised Processing Model (v2)

    Steve Kent BBN Technologies

    Processing Model Highlights


    SPDs no longer per interface; support as many as are needed in a specific context Forwarding decision separate from SPD selection decision
    SPD may be selected via packet header and local metadata (e.g., inbound interface) Forwarding performed after traffic passes through IPsec

    Nested SA support now optional, requires coordination between forwarding tables and SPD entries

    IPsec Processing Model


    BLACK

    AH/ESP
    IKE

    IPsec boundary

    RED

    Next Layer of Model (Outbound)


    Black Interface

    Forwarding

    SPD cache

    AH/ESP

    SPD Selection

    Red Interface

    Next Layer of Model (Inbound)


    Black Interface

    demux

    Bypass/ discard

    AH/ESP
    IKE SAD check

    Forwarding

    Red Interface

    IPsec Outbound Traffic Processing


    discard

    SPD Selection

    Red interface

    SPD outbound cache


    miss
    create SA

    bypass Forwarding AH/ESP SAD SA creation (IKE) SPD-I cache


    Black interface

    create new cache entry

    SPD lookup

    This example assumes a decorrelated cache

    IPsec Handling of Inbound Packet


    discard

    Red interface

    SAD Selector check

    IKE discard SPD outbound cache SPD

    forwarding

    AH/ESP

    SAD lookup SPD-I

    IPsec

    IP proc
    ~IPsec

    Black interface

    Potrebbero piacerti anche