Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lucy Yong lucy.yong@huawei.com Tom Herbert therbert@google.com Generic UDP Encapsulation (GUE) for Network Virtualization Overlay (NVO) draft-hy-nvo3-gue-4-nvo-00.

Published byLeslie May Modified over 8 years ago

Similar presentations

Presentation on theme: "Lucy Yong lucy.yong@huawei.com Tom Herbert therbert@google.com Generic UDP Encapsulation (GUE) for Network Virtualization Overlay (NVO) draft-hy-nvo3-gue-4-nvo-00."— Presentation transcript:

1 Lucy Yong lucy.yong@huawei.com Tom Herbert therbert@google.com
Generic UDP Encapsulation (GUE) for Network Virtualization Overlay (NVO) draft-hy-nvo3-gue-4-nvo-00 Lucy Yong Tom Herbert * Here to present November Honolulu USA

2 Generic UDP Encapsulation (GUE)
Design for tunneling a network protocol & network virtualization Generic and extensible for a wide range of UDP tunnel applications Provide enhanced UDP tunnel transport to meet various environments Aim to unified method for DCs, (get rid of many silo methods) Have a GUE header after UDP header specify 5 key common fields in base header applying to for all applications provide extensible structure for tunnel transport and tunnel applications UDP Header GUE Header

3 GUE for Network Virtualization
Allocate one flag bit, ‘v’, from GUE undefined flag field for NVO Define Virtual Network Identifier (VN ID) field (32 bits) that associates w/ ‘v’ flag MUST present when flag ‘v’ is set, MUST NOT present when clear Specify use of GUE secure transport in NVO (optional) VN ID is critical data for virtual network isolation, need to be secure Specify the value choice of the fields of UDP/GUE header for NVO UDP Header GUE Header For the detail, read draft-hy-nvo3-gue-4-nvo

4 GUE for NVO Design Merits
Use of unified UDP tunnel transport in DCs With rich set of transport features such as security, offload VN ID is in option field, extensible in future, e.g. Define a new option to supersede it or New flag to add more bits, e.g. 64 No requirement on VN ID structure, local site matter Fully compliant with NVO3 architecture Potential for extensibility in future Read draft-herbert-gue-02 for more information

5 Generic UDP Encapsulation (GUE) For Secure Transport
draft-hy-gue-4-secure-transport-00 Lucy Yong Tom Herbert November Honolulu USA

6 GUE for Secure Transport
Secure Transport over IP networks is important Generic UDP encapsulation provides UDP tunnel transport for arbitrary applications Secure UDP tunnel transport for the applications are very important in some environment Present as optional feature for the applications Secure UDP tunnel transport provides integrity and authentication of the GUE header

7 GUE for Secure Transport Schema
Allocate two flags ‘SEC’ from GUE undefined flag fields for secure transport Specify ‘SEC’ flags as of: o No security field o bit security field o bit security field o bit security field Specify the Security field that MUST be present if ‘SEC’ is set UDP Header GUE Header

8 GUE for Secure Transport
UDP tunnel ingress and egress MUST negotiate the values in the security field of GUE header UDP tunnel egress MUST perform security validation before the payload process GUE may be used to encapsulate IPsec packets Benefit: providing a flow hash for the inner packets The value in GUE security field may be a cookie The value in GUE security field may be the secure hash For the detail, read: draft-herbert-gue-02 draft-hy-gue-4-secure-transport-00

Download ppt "Lucy Yong lucy.yong@huawei.com Tom Herbert therbert@google.com Generic UDP Encapsulation (GUE) for Network Virtualization Overlay (NVO) draft-hy-nvo3-gue-4-nvo-00."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
TRILL Header Extension Simplifications Donald Eastlake 3 rd Huawei Technologies 1July 2011.

TRILL Header Extension Simplifications Donald Eastlake 3 rd Huawei Technologies 1July 2011.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Similar presentations

Ads by Google