Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF.

Published byJanice Hilda Booth Modified over 8 years ago

Similar presentations

Presentation on theme: "Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF."— Presentation transcript:

1 Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF 89, London, UK

2 A New Use Case for LISP It’s a use a use case draft. Covers the use of LISP to enable a secure layer 3-based Hybrid Cloud Extension. –Relevant for Cloud bursting, Workload migration, Rapid provision of new applications in the cloud and disaster recovery use cases. 67% of Enterprises expected to be pursuing a hybrid cloud computing strategy by 2015 (47% the year before) –Source: Gartner DC Summit 2012 3/March/2014draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 2

3 A New Use Case for LISP LISP, in combination with IPsec or any other encryption mechanism, to be implemented on a virtualized router deployed on a public cloud and on the enterprise DC. –Allows virtual machines (VMs) to be moved to the cloud without changing the VMs IP Address / Mask / Default Gateway; Same subnet on both sites. Running code available and tested on large cloud providers. 3/March/2014draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 3

4 Advantages over other proposals Does not extend the failure domain –Total isolation of broadcast (Layer 2) domains between Enterprise and Cloud. –It allows a routed (Layer 3) connection between sites. Natively provides Gateway in the Cloud for optimal routing between servers moved to the Cloud. –No hair pining save “InterCloud” bandwidth / latency. Works with any standard VM in the Cloud, no need to modify the VM for migration. Ingress Path-Optimization from remote sites to the Cloud easily achievable. 3/March/2014draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 4

5 WAN Internet Enterprise Data Center Hypervisor Public Cloud Provider Hypervisor Branch Office with Internet connection Branch Office WAN Acceleration (optional) WAN Acceleration (optional) 10.1.1.10 10.1.1.20 10.1.1.10 Using LISP for Secure Hybrid Cloud Extension = Virtualized Router with LISP draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00

6 WAN Internet Enterprise Data Center Hypervisor Public Cloud Provider Hypervisor Branch Office with Internet connection Branch Office WAN Acceleration (optional) WAN Acceleration (optional) 10.1.1.20 10.1.1.10 Using LISP for Secure Hybrid Cloud Extension = Virtualized Router with LISP PxTR Not the Default Gateway = Non-intrusive RLOC in the Enterprise address space MS/MR can be located on Enterprise or Cloud PxTR Not the Default Gateway = Non-intrusive RLOC in the Enterprise address space MS/MR can be located on Enterprise or Cloud - No change on server’s IP address/mask/gateway - Enterprise owned / managed IP address in the Cloud. Subnet (not VLAN) extended into the cloud. - No change on server’s IP address/mask/gateway - Enterprise owned / managed IP address in the Cloud. Subnet (not VLAN) extended into the cloud. Traffic between Enterprise and Cloud should be encrypted. IPSec or any other mechanism. xTR Default Gateway for Servers (VMs) RLOC in the Enterprise address space xTR Default Gateway for Servers (VMs) RLOC in the Enterprise address space draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 RLOC 10.5.5.5 RLOC 10.5.5.6

7 WAN Internet Enterprise Data Center Public Cloud Provider Branch Office with Internet connection Branch Office WAN Acceleration (optional) WAN Acceleration (optional) Hypervisor 10.1.1.10 Using LISP for Secure Hybrid Cloud Extension = Virtualized Router with LISP xTR draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 PxTR Not the Default Gateway = Non-intrusive RLOC in the Enterprise address space MS/MR can be located on Enterprise or Cloud PxTR Not the Default Gateway = Non-intrusive RLOC in the Enterprise address space MS/MR can be located on Enterprise or Cloud xTR Default Gateway for Servers (VMs) RLOC in the Enterprise address space xTR Default Gateway for Servers (VMs) RLOC in the Enterprise address space RLOC 10.5.5.5 RLOC 10.5.5.6

8 Feedback received on Mailing List Concern with the use of pre-established IPsec tunnels –Secure connection (encryption) between enterprise and cloud is needed, IPSec used as a transport to encrypt the LISP flow. It’s one option, other options will be incorporated into future versions of the draft. –How to extend the RLOC space into the cloud should also be considered; IPsec allows NAT, native LISP data plane and control plane address translation to be further investigated. Document should be more explicit about what the resulting message stack looks like. –Will be covered on version 01. 3/March/2014draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 8

9 Areas to be included on version 01 More explicitly stating where the IPsec tunnel is and incorporating other options for encryption where IPSec tunnel becomes optional. Discuss how private IPv4 addresses will be handled and where NAT devices will be deployed. Performance and Scalability Considerations Management and Automation Considerations Document the resulting encapsulation stack. 3/March/2014draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 9

10 Ask to the Working Group Adopt this draft as one of the use cases for LISP. Consider the Secure Hybrid Cloud Extension Use Case to aid in future evolution of the protocol. 3/March/2014draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 10

Download ppt "Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF."

Similar presentations

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
A Unified LISP Mapping Database for L2 and L3 Network Virtualization Overlays Draft-hertoghs-nvo3-lisp-unfied- control-plane Yves Hertoghs.

A Unified LISP Mapping Database for L2 and L3 Network Virtualization Overlays Draft-hertoghs-nvo3-lisp-unfied- control-plane Yves Hertoghs.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:01008672.

IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Understanding Internet Protocol

Understanding Internet Protocol
Kako uklopiti oblak u svoju postojeću infrastrukturu? Tomica Kaniški CITUS d.o.o.

Kako uklopiti oblak u svoju postojeću infrastrukturu? Tomica Kaniški CITUS d.o.o.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.

Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Presenter: Vikash Nath MCP, CCNA, MCTS. On-Premise Private Cloud Public Cloud Hybrid Cloud.

Presenter: Vikash Nath MCP, CCNA, MCTS. On-Premise Private Cloud Public Cloud Hybrid Cloud.
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 1 VPN Last Update 2010.11.29 1.3.0.

Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Similar presentations

Ads by Google