Introduction to WAN MACsec and Encryption

PositioningCraig Hill – Distinguished SE

Stephen Orr – Distinguished SE

BRKRST-2309

Craig Hill

Distinguished System Engineer

US Federal - Public Sector

CCIE #1628

Stephen Orr

Distinguished System Engineer

US Public Sector

CCIE #12126

Session Presenters

What we hope to Achieve in this session:

• Understanding that data transfer requirements are exceeding what IPSec can deliver

• Introduce you to new encryption options evolving that will offer alternative solutions to meet application demands

• Enable you to understand what is available, when and how to position what solution

• Understand the right tool in the tool bag to meet encryption requirements

• Understand the pros/cons and key drivers for positioning an encryption solution

• What key capabilities drive the selection of an encryption technology

Session Assumptions and Disclaimers

• Intermediate understanding of Cisco Site-to-Site Encryption Technologies

• Static IPSec

• DMVPN

• GETVPN

• FlexVPN

• Intermediate understanding of Ethernet, VLANs, 802.1Q tagging

• Intermediate understanding of WAN design, IP routing topologies, peering vs. overlay

• Basic understanding of optical transport and impact of OSI model on various layers (L0 – L3) of network designs

• Many 2 hour breakout sessions will focus strictly on areas this presentation touches on briefly (we will provide references to those sessions)

• Introduction

• Cisco’s Next Generation Encryption Initiative

• Understanding Service Provider Transport options

• WAN Encryption Options Existing Today

• Introduction to MACSec

• WAN MACSec Deployment Deep Dive and Use Cases

• Putting it all together… Key Decision Criteria for Designs and Positioning

• Solution Roadmap

Agenda

Cisco’s Next Generation Encryption Initiative

Cryptography

The Universal Security Feature

Crytography is embedded in all of Cisco’s products

Cryptography is critical to every solution and market

Vital to Cybersecurity efforts within all of our customers

How is Cryptography Deployed Today

Authentication

• TLS based Protocols

• EAP-TLS

• PEAP

• EAP-FAST

• Hashing

• SHA1

• SHA256/384/512

• Digital Signatures

• Key Negotiation

Privacy/Confidentiality

• IPSec

• SRTP

• DTLS

• SSL

• 802.1AE

• 802.11i (802.11-2012)

• Radius Key-Wrap

Management

• SSH

• sFTP

• SCP

• HTTPS

• FTPs

Security at Different Layers

802.11i WPA2 Wireless Security

Application

Presentation

Session

Transport

Network

Link

Physical

802.11i

Ethernet 802.1AE MACsec

Application

Presentation

Session

Transport

Network

Link

Physical

MACsec

IPsec

Application

Presentation

Session

Transport

Network

Link

Physical

IPsec

Transport Layer Security (TLS)

Application

Presentation

Session

Transport

Network

Link

Physical

TLS

Secure Shell (SSH)

Application

Presentation

Session

Transport

Network

Link

Physical

SSH

Secure RTP

Application

Presentation

Session

Transport

Network

Link

Physical

SRTP

Defense in Depth

IPsec802.11i

MACsecTLS SRTP

Application

Presentation

Session

Transport

Network

Link

Physical

SSH

Security Briefings & Training

What is Next Generation Encryption (NGE)?

• New/Upgraded algorithms, key sizes, protocols and entropy

• Compatible with existing security architectures,

Cryptographic Technologies

• Algorithm efficiency enabling increased security

• Scales well to high/low throughput

Secure and Efficient

• Suite B (US)

• FIPS-140 (US/Canada)

• NATO

Compatible with Government Standards

Next Generation Encryption… Why its important?

• Crypto moves in 10 year investment waves / cycles– starting with Governments, Financials etc

• The Explosion of Mobile Devices (BYOD)• Low power Endpoint evolution driving need for more efficient, stronger crypto

• Higher data throughputs driving scalability needs• Current cryptographic implementations WILL NOT scale to 10G, 40G and 100G

• Vulnerabilities and threats continue to change, and hackers are becoming more skilled and funded

Next Generation Encryption: Why it’s Needed…

• Cryptography is a fundamental underpinning of nearly all security products, solutions, and architectures

• Cisco has increased the R&D and innovation focus on Security portfolio

• NGE is the strongest, most efficient commercial cryptography

• Leverages standards-based solutions

• Elliptic Curve, AES-GCM, etc…

• Networking Technologies Continue to evolve:

• Ethernet (10/100Mb,1G,10G, 40G, 100G…)

• Wi-Fi (11, 54, 150, 300, 450, etc… )

• Cryptography (3DES, AES-CBC, AES-GCM)

Next Generation Encryption Protocol Suite – New Ciphers

Key Establishment ECDH-P256/384/521

Digital Signatures ECDSA-P256/384/521

Hashing SHA-256/384/512

Authenticated Encryption AES-128/256-GCM

Authentication HMAC-SHA-256/384/512

Entropy SP800-90

What is Suite B?

“Suite B” is not a protocol – but a profile for consistent security when using multiple cryptographically strong protocols.

WHY Suite B?

• Enables government customers to adhere to stronger consistent security requirements

• Suite B offers the best technologies for future-proof cryptography, setting the trend for the industry

• Eliminates the “mix and match” selection of protocols and key lengths.

The following documents provide guidance for using Suite B cryptography with internet protocols:

IPsec using the Internet Key Exchange Version 2 (IKEv2): "Suite B Profile for Internet Protocol Security (IPsec)," RFC 6380SSH: "Suite B Cryptographic Suites for Secure Shell (SSH),” RFC 6239TLS: "Suite B Profile for Transport Layer Security (TLS)," RFC 6460Enrollment over Secure Transport," RFC 7030S/MIME: "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)," RFC 6318

Next Generation Encryption vs Suite B

Encryption

Data Authentication

Key Establishment

Signatures

Hashing

AES-128-

GCMECDH-P256 SHA-256ECDSA-P256

AES-256-GCM

ECDH-P384 SHA-384ECDSA-P384

ECDH-P521 SHA-512ECDSA-

P521

AES-192-GCM

Suite B

mLoS 128

Suite B

mLoS 192

NGE Enabled Encryption Architectures:Available Today

Remote

Access VPNs

ASA Firewall

CSM / ASDM

Sp

ok

e-3

. .

.

Site to Site,

DMVPN, and

FlexVPN

GM

1

GM2

GM3GM4

GM5

GM6

GM7GM8

GM9KS

GETVPN

&^*RTW#(*J^*&*sd#J$%UJ&(

802.1X

Supplicant

with

MACSec

Guest User

MACSec

Capable

Devices

&^*RTW#(*J^*&*sd#J$%UJWD

&(

Data sent in clear

MACSec Link

Encrypt DecryptAuthenticated

User

MACSec

© 2013 Cisco and/or its affiliates. All rights reserved.

Add Strong Encryption: Branch to HQ Suite-B Support

• Communications and IT infrastructures must be

defended against cyber attacks and exploitation

• Attackers are persistent and well funded

• Computing advances are driving a move to

higher cryptographic strengths

• Future-ready: Meets security and scalability requirements for 20 years

• Efficiency and scale: Hardware crypto acceleration

Threat Landscape Is Changing

ISR and ASR1K Platforms

Cisco

Suite-B

Old Encryption

Hazards

Commodity

Routers

DH,

RSASignificant Risk

RSA Significant Risk

MD5,

SHA1Collision Attacks

AES,

3DES1GB Encryption Limit

HMAC-

MD5Theoretical Weaknesses

Entropy Significant Risk

TLS1.0,

IKEv1

Known Flaws, Lack of

Authenticated EncryptionIKEv2

Service Provider Transport Options

Today’s WAN Transport Catalog

Transport

Layer

Transport Offerings Connectivity

Layer 3MPLS IP VPN

Any to AnyInternet / Broadband

Layer 2 Ethernet (E-LINE, E-LAN)

Point to Point

Point to Multipoint

Multipoint to Multipoint

Layer 0 / 1OTN, SONET

Point to PointDWDM / Dark Fiber

Other L3: Carrier Supporting Carrier, IP SatCom

Other L2: ATM/FR, Ethernet/E-TREE, L2 SatCom

Other L1: T1/E1, T3/ E3, DSx, OC-3/12/48/192

Layer 3 - Provider Offered Transport OptionsSP Offered IP VPN Service (Layer 3 Service) - Customer owns CE

SP Managed “IP VPN” Service

L3 VPN

Service

ProviderSite 2

Site 3

Site1

IP Routing Peer

(BGP, Static, IGP)

PE PE

CE

CE

CE

SP Managed Domain

• CE Routers owned by customer

• PE Routers owned by SP

• Customer “peers” to “PE” via IP

• No labels are exchanged with SP PE

• No end-to-end visibility of other CE’s

• Route exchange with SP done via eBGP/static

• Customer relies on SP to advertise their internal routes to all CE’s in the VPN for reachability

• SP can offer multiple services: QoS, multicast, IPv6

Customer

Managed Domain

Customer

Managed Domain

* No Labels Are Exchanged with the SP

Layer 3 “IP VPN” Transport Services

Layer 2 - Provider Offered Transport Options VPN

Service (Layer 3 Service) - Customer owns CE

SP Managed “Ethernet” Service

Ethernet

Service

ProviderSite 2

Site 3

Site 1

IP Routing Peer

(BGP, Static, IGP)

Ethernet

PECE

CE

CE

SP Managed Domain

Ethernet Service

• CE Routers owned by customer

• PE Routers owned by SP

• Customer “peers” to own “CE” via IP

• IP Route exchange done through the SP Ethernet service (not to it)

• SP is nothing more than Ethernet (L2) “wire” transport

• All IP (v4/v6, OSPF/EIGRP, MPLS, etc…) transparent to service Customer

Managed Domain

Customer

Managed Domain

Layer 2 “Ethernet” Transport Services

Same IP characteristics that apply to Ethernet, also apply to Optical/DWDM, ATM/FR, SONET/SDH, and T1/T3 Services

Ethernet

PE

Layer 0/1 - Provider Offered Transport OptionsOffered IP

VPN Service (Layer 3 Service) - Customer owns CE

SP Managed “Optical” Service

Optical

TransportSite 2

Site 3

Site 1

IP Routing Peer

(BGP, Static, IGP)

Optical

Mux

CE

CE

CE

SP Managed Domain

Optical Service

• CE Routers owned by customer

• Optical Mux owned by SP (or customer)

• Customer “peers” to own “CE” via IP

• IP Route exchange done through the SP optical service (not to it)

• SP is nothing more than Optical “wire” transport for “CE to CE” traffic

• All IP (v4/v6, OSPF/EIGRP, MPLS, etc…) transparent to service

Customer

Managed Domain

Customer

Managed Domain

Layer 0/1 “Optical” Transport Services

Typical Optical offerings include: dark fiber, or lambda service

Optical

Mux

Today’s WAN Transport Catalog + Encryption

Transport

Layer

Transport

Offerings

Connectivity Network

Topologies

Layer 3

MPLS IP VPN

Any to Any • Point-to-Point

• Full Mesh

• Partial Mesh

• Hub/Spoke

• Multi-tier

• Hybrid

(combination of

any)

Internet /

Broadband

Layer 2Ethernet (E-LINE,

E-LAN)

Point to Point

Point to Multipoint

Multipoint to Multipoint

Layer 0 / 1OTN, SONET

Point to PointDWDM

Today’s WAN Transport Catalog + Encryption

Transport

Layer

Transport

Offerings

Connectivity Network

Topologies

Encryption Criteria

Layer 3

MPLS IP VPN

Any to Any • Point-to-Point

• Full Mesh

• Partial Mesh

• Hub/Spoke

• Multi-tier

• Hybrid

(combination of

any)

Available Options?

Evaluation criteria ?

Recent Innovations?

Impact of choice via:

- Transport ?

- Connectivity ?

- Performance ?

- Topology ?

Internet /

Broadband

Layer 2Ethernet (E-LINE,

E-LAN)

Point to Point

Point to Multipoint

Multipoint to Multipoint

Layer 0 / 1OTN, SONET

Point to PointDWDM

Goal of this session

Traditional WAN Encryption Technologies

DMVPN, FlexVPN, GETVPN

Cryptography

Building Blocks

Key Negotiation

Encryption

Needs Secure Communications over Insecure Channel

VPN Tunnel

Encryption

Algorithms

and Standards

Hash

Algorithms

Tunneling

Technology

What is a VPN?

A B

Proposals ProposalsKey Generation

Key Management

Security Association

Internet/Private WAN

DMVPN

What is Dynamic Multipoint VPN?

DMVPN is a Cisco IOS software solution

for building IPsec+GRE VPNs in an

easy, dynamic and scalable manner

Configuration reduction and no-touch deployment

Dynamic spoke-spoke tunnels for partial/full mesh scaling

Can be used without IPsec Encryption (optional)

Wide variety of network designs and options

Over-the-Top WAN Design WithDynamic Multipoint VPN (DMVPN)

• Branch spoke sites establish an IPsec tunnel to and register with the hub site

• Only the WAN IP addresses need to be known by the WAN transport• WAN interface IP address can be used for the tunnel source address

• IP routing exchanges prefix information for each site

• BGP or EIGRP are typically used for scalability

• Data traffic flows over the DMVPN tunnels

• When traffic flows between spoke sites, the hub assists the spokes to establish a site-to-site tunnel

• Per-tunnel QOS is applied to prevent hub site oversubscription to spoke sites

Branch 2

Traditional Static Tunnels

DMVPN On-Demand Tunnels

Static Known IP Addresses

Dynamic Unknown IP Addresses

ISR G2

Branch 1

Hub

IPsec

VPN

Branch n

SECURE ON-DEMAND TUNNELS

ASR 1000

ISR G2ISR G2

Flexible Secure WAN Design Over Any TransportDynamic Multipoint VPN (DMVPN)

Simplifies WANDesign

Dynamic Full-Meshed Connectivity

Proven RobustSecurity

SecureFlexible

• Easy multi-homing over any carrier

service offering

• Single routing control plane with

minimal peering to the provider

• Consistent design over all transports

• Automatic site-to-site IPsec tunnels

• Zero-touch hub configuration for

new spokes

• Certified crypto and firewall for

compliance

• Scalable design with high-

performance cryptography in

hardware

ISR-G2

WAN

Internet

MPLSASR 1000

ASR 1000

Transport-Independent

Data CenterBranch

Network Designs – When to deploy

Hub and spoke Spoke-to-spoke

Server Load Balancing Hierarchical

VRF-lite

2547oDMVPN

Spoke-to-hub tunnels

Spoke-to-spoke tunnels

2547oDMVPN tunnels

FlexVPN

What is FlexVPN?Overview

• VPN solution that combines site-to-site, remote-access, hub-spoke and spoke-spoke topologies

• Utilizes IKEv2 (only) for performing mutual authentication and establishing and maintaining Security Associations (SAs)

• FlexVPN combines multiple frameworks into a single, comprehensive set of CLI and binds it together offering more flexibility and a means to extend functionality in the future

• FlexVPN offers a simple but modular framework that extensively uses the tunnel interface paradigm

19

2.1

68

.10

1.0

/24

.1

FlexVPN Hub & Spoke Network Diagram192.168.100.0/24.1

172.16.0.1

.254

45

Benefits of FlexVPN

• You can run Flex along all your previous IPsec VPNs

• Based on IKEv2 and can distribute routes via IKEv2

• Using GRE over IPsec or VTI as encapsulation

• Utilizing virtual interfaces - allowing per-spoke features like firewall, QoS, ACLs, etc

• Remote access server and client (software and hardware)

• Dynamic spoke to spoke tunnels

• Ease of configuration by using built-in defaults

When To Use It?

Customer desires to build site-to-site, remote-access, hub-spoke and spoke-spoke topologies utilizing a unified CLI

Large Scale deployment (of spoke to spoke and hub and spoke)

Customer wishes to reduce learning curve of implementing multiple different types of VPN connectivity

Customer requires IKEv2 features

• One VPN to develop and position

• Everything works – Simplify Deployment and Operation

FlexVPN Unifies!

48

GETVPN

What is Group Encrypted Transport (GET) VPN?

Cisco GET VPN delivers a revolutionary solution for tunnel-less, any-to-any branch confidential communications

• Large-scale any-to-any encrypted communications

• Native routing without tunnel overlay

• Native Multicast support -improves application performance

• Transport agnostic - private LAN/WAN, FR/ATM, IP, MPLS

Any-to-Any Connectivity

Real TimeScalable

Any-to-AnyConnectivity

Cisco GET

VPN

Header PreservationIPSec Tunnel Mode vs. GETVPN

IP Packet

IP PayloadIP HeaderIPSecTunnel Mode

ESPNew IP Header

IP PayloadIP Header

IPSec header inserted by VPN Gateway New IP Address requires overlay routing

IP Packet

IP PayloadIP HeaderESPPreserved HeaderGETVPN

IP PayloadIP Header

IP header preserved by VPN Gateway Preserved IP Address uses original routing plane

Main Components of GETVPN

Key Servers (KSs) • IOS devices responsible for creating

/maintaining control plane

• Distributing keys to the group members

Group Members (GMs) IOS devices used for encryption/decryption

GDOI (Group Domain of Interpretation,RFC 6407) Cryptographic protocol for group key management

Group Security Associations • Tunnel-less Network

• No Peer-to-Peer Tunnel required

• IPsec SAs shared by GM’s

How does it work?• Group Members (GMs) “register” via GDOI with the Key Server (KS)

• KS authenticates & authorizes the GMs

• KS returns a set of IPsec SAs for the GMs to use

GM1

GM2

GM3 GM4

GM5

GM6

GM7GM8

GM9 KS

How does it work? (cont’d)

• Data Plane Encryption

• GMs exchange encrypted traffic using the group keys

• Traffic uses IPSec Tunnel Mode with “address preservation”

GM1

GM2

GM3

GM4

GM5

GM6

GM7GM8

GM9 KS

How does it work? (cont’d)

• Periodic Rekey of Keys

• KS pushes out replacement IPsec keys before current IPsec keys expire

• Unicast rekey or Multicast rekey

GM1

GM2

GM3 GM4

GM5

GM6

GM7GM8

GM9 KS

When should I use GETVPN?

• Securing an already secure network (Private Transport)

• Efficient secure multicast traffic

• Deploying voice or similar collaborative applications requiring any-to-any encryption

• Encrypting IP packets over satellite links

VPN Summary

VPN Solutions Compared

58

DMVPN FlexVPN GET VPN

Network Style

Large Scale Hub and Spoke with dynamic Any-to-Any

Up to 4000 sites

Converged Site to Site and Remote Access

Up to 10000 sites

Any-to-Any; (Site-to-Site)

24,000 group members per KS

Failover Redundancy

A/A based on Dynamic Routing

Dyn Routing or IKEv2 Route Distribution

Server Clustering

Stateful Failover *

Transport Routing

COOP Based on GDOI

IP Multicast Multicast replication at hub Multicast replication at hub

Multicast replication in IP WAN network *

Multicast replication in IP WAN network

QoS Per Tunnel QoS, Hub to

Spoke

Per SA QoS, Hub to Spoke

Per SA QoS, Spoke to Spoke* Transport QoS

Policy Control Locally Managed Centralized Policy Management Locally Managed

Technology

Tunneled VPN

Multi-Point GRE Tunnel

IKEv1 or IKEv2

Tunneled VPN

Point to Point Tunnels

IKEv2 Only

Tunnel-less VPN

Group Protection

Infrastructure Network

Public or Private Transport

Overlay Routing

Public or Private Transport

Overlay Routing

Private IP Transport

Flat/Non-Overlay IP Routing

3rd Party Compatibility

No Yes – up to 3rd party

implementation No

Evolving Encryption Solutions – Introduction to

MACSec

Challenges with Current WAN Encryption

• IPSec performance, complexity, and cost becoming more challenged

• Throughput constrained to the performance of the IPSec encryption engine

• MPLS, Multicast, IPv6 in some cases require GRE tunneling to operate

• GRE and IP overlays add an additional leverage of complexity and performance impact in certain router platforms

• Innovations such as DMVPN, MPLS VPN over mGRE simplify this, but IPSec performance still lowest common denominator and performance impact

• Line-rate encryption is becoming a requirement, that is simpler to operate, and removes levels of complexity from the WAN solution

WAN MACsec targets addressing these challenges…

What is MAC Security (MACsec)?Hop-by-Hop Encryption via IEEE802.1AE

• Hop-by-Hop vs End-to-End “Bump-in-the-wire” model

-Packets are decrypted on ingress port

-Packets are in the clear in the device

-Packets are encrypted on egress port

• Allows the network to continue to perform all the packet inspection features currently used

128bit AES GCM Encryption 128bit AES GCM Encryption 128bit AES GCM Encryption

011010010001100010010010001010010011101010 0110100100011000100100100001001010001001001000101001001110101

everything in clear01101001010001001 01101001010001001

ASIC

Decrypt at

Ingress

Encrypt at

Egress

Confidentiality and Integrity 802.1AE based Encryption• * NIST Special Publication 800-38D (http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf)

802.1AE

• MACSec provides Layer 2 hop-by-hop encryption and integrity, based on IEEE

802.1AE standard

• 128/256 bit AES-GCM (Galois/Counter Mode) – NIST Approved *

• Line rate Encryption / Decryption for both 100/40/10/1GbE interface

• Replay Protection of each and every frame

Protects against man-in-the-middle attacks (snooping, tampering, replay)

Standards based frame format and algorithm (AES-GCM)

802.1X-2010/MKA addition supports per-device security associations in shared media environments (e.g. PC vs. IP Phone) to provide secured communication

Network service amenable hop-by-hop approach compared to end-to-end approach (e.g. Microsoft Domain Isolation/virtualization)

Customer Benefits

MACSec Protocols & AlgorithmsFunction Protocol Specification Encryption

Algorithms1 Device Identification Secure Device

Identification

IEEE 802.1AR RSA, ECC

2 Authentication and

Key Establishment

EAP: Extensible

Authentication Protocol (EAP-TLS, Cisco EAP-FAST)

IEEE 802.1X (RFC 5126,

RFC 4851)

TLS Based:

RSA, ECC, AES,

HMAC-SHA2

3 Control Key

Management

MKA: MACSEC KEY

Agreement

IEEE 802.1X-2010 AES-128 KeyWrap,

AES-128-CMAC

AES-256-CMAC

4 Authorization and

Key Distribution

RADIUS with Cisco Key

Wrap Attributes

RFC 6218 AES-128-KeyWrap,

HMAC-SHA-2

DTLS

5 Bulk Data

Encryption

MACSEC IEEE 802.1 AE AES-GCM-128, AES-

GCM-256

802.1AE (MacSec) Tagging

DMAC SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC

MISEec EtherType TCI/AN SL Packet Number SCI (optional)

TrustSec Frame Format

Encrypted

Authenticated

0x88e5

Frames are encrypted and protected with an integrity check value (ICV)

MACsec Ethertype is 0x88e5

No impact to IP MTU/Fragmentation

L2 Frame MTU Impact*: ~ 40 bytes = less than baby giant frame

(~1600 bytes with 1552 bytes MTU)

Quick MACSec Terminology

Acronym Definition

MKAMACsec Key Agreement – defined in IEEE 802.1XREV-2010 is a key agreement protocol for

discovering MACsec peers and negotiating keys

MSKMaster Session Key, generated during EAP exchange. Supplicant and authentication server

use the MSK to generate the CAK.

CAKConnectivity Association Key is derived from MSK. CAK is a long-lived master key used to

generate all other keys used for MACsec.

CKN Connectivity Association Key Name – identifies the CAK

SAKSecure Association Key is derived from the CAK and is the key used by supplicant and switch

to encrypt traffic for a given session.

KSKey Server

• responsible for selecting and advertising a cipher suite

• responsible for generating the SAK from the CAK.

MACSec Key Agreement (MKA) and EAP Authentication

Authenticator/AS Supplicant

IEEE 802.1X/EAP

Mutual Authentication,

MACsec Key Agreement protected by key derived from the EAP

IEEE 802.1X/MKA

MSK

MACsec Key

IEEE 802.1AEMACsec protecting

data

MACSec Functional Sequence

EAPoL: EAPRequest-Iden ty

EAPoL: EAP-Response:AliceRADIUS Access-Request

[AVP:EAP-Response:Alice]

EAP Success

RADIUS Access-Accept

[AVP:EAPSuccess][AVP:EAPKeyName]

[AVP:CAK]

RADIUS Access-Challenge

[AVP:EAP-Request:PEAP]

Authen ca onandMasterKeyDistribu on

SessionKeyAgreement

Authen cator Authen ca onServerSupplicant

1

2

SessionSecure

3

EAPoL-MKA: KeyServer

EAPoL-MKA: MACSecCapable

EAPoL-MKA: KeyName,SAK

EAPoL-MKA: SAKInstalled

Encrypted Data

Encrypted Data

AES-GCM-128

IEEE 802.1X

MKA

MAC

Sec

MKA with Pre-shared and cached CAKs• When EAP is not used for Authentication – a pre-shared key (PSK) can be used.

The CAK is manually placed in the router/switch configuration and used as the PSK

• Some EAP/MACsec use cases require the link to come up even if the AAA server cannot be reached

• A preinstalled CAK can be cached in the configuration, and then used until such time as the AAA server is reached and a new CAK is obtained.

MACsec Key

Agreement protected

by CAKIEEE 802.1X/MKA

IEEE 802.1AEMACsec protecting

data

MACsec Key

Switch 1 Switch 2

MACSec Key Hierarchy

• Two Methods to derive Encryption Keys

• 802.1x/EAP

• Pre-shared Keys

• If EAP method is used – all keys are generated from the Master Session Key (MSK)

• If Pre-shared Key is used the CAK=PSK and the CKN must be manually entered

EAP MSK

CAK

CKN SAKICK KEK

CAK CKN

SAKICK KEK

Pre-Shared Key

MKA uses a key hierarchy based on a single long-term key (CAK)

CAK is derived from the EAP MSK using a key derivation function (KDF) defined in NIST SP800-108. The following is for a 128-bit CAK. (The key is longer for a 256-bit CAK.)

CAK = KDF(MSK[0-15], "IEEE8021 EAP CAK”, mac1 | mac2, CAKlength)

A unique name is derived for the CAK, called a CKN. This is like a KeyID

CKN = KDF(MSK[0-15], "IEEE8021 EAP CKN”, mac1 | mac2, CKNlength)

Note: A pre-shared or cached CAK requires both the CAK and CKN to be

saved in the network device configuration, as well as some policy (e.g.,

cipher suite)

• Two keys are generated from the CAK by MKA

ICV Key (ICK) used to prove an authorized peer sent the message

ICK = KDF(CAK, “IEEE8021 ICK”, Keyid, ICKLength)

Key Encrypting Key (KEK) used to protect the MACsec keys (SAK)

KEK = KDF(CAK, “IEEE8021 KEK”, Keyid, KEKLength)

• A MACsec key is called a Secure Association Key (SAK)

• It is typically generated using the KS FIPS 140-2 compliant random number generator

• Alternatively, it can be generated using a KDF, including randomness provided by other participants as well as the KS. This protects against a failure in KS randomness

SAK = KDF(CAK, “IEEE8021 SAK”, KS-nonce | MI-value list | KN, SAKlength)

Where:

KS-nonce is randomness provided by the KS,

MI-value list includes a 32-bit value provided by each member in the group (not the MAC address)

KN is a counter maintained by the KS

WAN MACsec Targeted Business Applications & Use Cases

Use Cases

Point to Point – E-LINE Service:• Point to Point (Port based EPL)• Hub and Spoke (VLAN based EVPL)• DC Interconnect

Multi-Point - E-LAN Service:• Point-to-multipoint (Port based EP-LAN)• Hub and Spoke (VLAN based EVP-LAN)• DC Interconnect

MACSecBusinessApplica on2DataCenterInterconnect

HeartbeatPrivateLAN

PublicLAN VIPCluster

ClusterANode2

ClusterANode1

MACSecOpportunity

ASR1K ASR1K ASR1K ASR1K

Kural Arangasamy

MACSec Benefits

• Deployment Models• Point-to-point (P2P)

• Point-to-Multipoint (P2MP)

• P2P and P2MP deployments on the same physical interface

• Mix of MACsec and Non-MACsec sub interfaces

• Encryption• Per Port – line rate

• 128/256 bit AES-GCM Data packets encryption

• No impact to IP MTU/Fragmentation

• Ease of configuration

MACsec and IPsec Comparison

Category MACsec IPsec

Market Positioning 1. Aggregate Deployments such as Regional Hubs

2. Large Branches that require high throughput

3. Data Center Interconnects

1. Small Branches

2. High Scale deployments

3. Low throughput Branches

4. Beyond MetroE (International) Reach

Link

Requirement/Topologi

es

Requires dedicated MetroE EVC circuits for L2 connectivity

between sites

Point-to-Point, Point-to-MultiPoint

Easily Routable over many commonly available public

network

Any Topology

Encryption

Performance

Per PHY Link Speed (1G, 10G, 40G, 100G) Constrained by IPsec Crypto engine performance

Services Enablement No impact to encryption throughput Impacts encryption throughput

Peers Scale Limited by hardware resources Highly Scalable

Throughput Up to Line Rate on each port (limited only by the forwarding

capability)

Aggregate throughput (limited by the encryption

throughput)

Configurability Simple configuration More complex configuration and policy choices

Layer 3 Visibility for

Monitoring

No. Except Layer 2 headers (and optionally VLAN/MPLS Labels)

everything else is encrypted

Visible. L3 info can be used for monitoring & policy

enforcement purposes

Kural Arangasamy

MACSec Deployment Models and Use Cases

What is “WAN” MACSec?New Enhancements to 802.1AE for WAN/Metro-E Transport

• Ability to support 802.1Q tags in clear

• Offset 802.1Q tags in clear before encryption (2 tags is optional) or 30B?

• AES-256 (AES/GCM) support• Target Next Generation Encryption (NGE) profile that currently leverages Suite B

• Enhanced MKA key framework • (defined in 802.1X-2010) within Cisco security development (Cisco “NGE”)

• Leverage NSA Suite B algorithm set in target compliance with CSFC

• System Interoperability

• Create a common MACsec integration among all MACsec platforms in Cisco

• Vital Network Features to Interoperate over Public Carrier Ethernet Providers

• 802.1Q tag in the clear

• Ability to configure MKA EAPoL Destination Address type

• Ability to configure Anti-replay window sizes

WAN MACSec TopologyBasic Site to Site Example

• Leverage “public” standard-based Ethernet transport

• Optimize MACSec + WAN features to accommodate the service provider transport requirements

• Offer “line-rate” alternatives to IPSec when high-speed encryption is required for certain applications (DCI, storage replication, service provider backbone WAN links

Public Carrier

Ethernet

Service

Data

Center

Central

Campus/DC

MACsec Secured Path / MKA

Session

MACsec Capable Router

MACsec Capable PHY

SP Owned Ethernet Transport Device

Data

Center

Remote

Campus/DC

WAN MACSec: Top Enterprise and SP Use CasesUse Case Applicability Key WAN MACsec Feature Focus Transport

High-speed Branch

Router Back-haul

Leverage MACSec encryption rates

without need for expensive IPSec

engine

Line-rate encryption 10Gb+, 802.1Q tag in the

clear, Carrier-E adaption features, no GREE-LINE

E-LAN

High Speed Data Center

Interconnections (DCI)

Targets 10Gbps – 100Gbps DC

interconnect links for DC replication and

workload movement

100Gb Line-rate encryption, 802.1Q tag in the

clear, Carrier-E adaption features, no GRE

Simplified encryption

solutions where

Leverage lower-cost

Ethernet is offered

Leverage MACsec over Ethernet back-

haul service

Line-rate encryption 10Gb+, 802.1Q tag in the

clear, Carrier-E adaption features, no GRE

Securing MPLS links in

Self Managed MPLS

backbone

Encrypt all PE-P, P-P links inside of an

MPLS backbone. Allows transparency

of MPLS labels, MPLS TE, Segment

Routing, etc…

100Gb Line-rate encryption, 802.1Q tag in the

clear, no MPLS over GRE requirements

Securing PE-CE links to

Trusted SP Service

SP option for offering secure PE-CE

transport when PE is in Co-Lo over

untrusted links

Line-rate encryption 10Gb+, 802.1Q tag in the

clear, Carrier-E adaption features

Secure Metro Ethernet

Service Offering

SP option for offering “secure” Metro

Ethernet services to end customers

Line-rate encryption 100Gb+, 802.1Q tag in

the clear

Use Case Transport Examples Leveraged

• E-LINE

• point to point

• Point to Multipoint

• E-LAN

• Point to Multipoint

• Multipoint to Multipoint

E-LINE Use Cases

Source: Overview presentation of the MEF - http://metroethernetforum.org/Presentations

CE1CE2

CE3CE4

P2P “virtual”

Ethernet

Pseudo-wire

Router Peering Model View over E-LINEPoint to Point E-LINE Service

Physical View

Ethernet Sub-interface with

802.1q support

Carrier Ethernet

Service

E-LINE (P2P)

IP Routing Peer

(BGP, Static, IGP)

Central

Site

CE1CE2

CE3CE4

• E-LINE is a point-to-point virtual “Ethernet wire” service

• Connection model can be point to point, with virtual multiplexing at hub site via 802.1Q/sub-interface offering

CE1CE2

CE3CE4Ethernet Sub-interface with

802.1q support

Routers peer per

VLAN sub-

interface per PW

Router Peering Model View over E-LINEPoint to Point E-LINE Service

Physical View Logical View

Ethernet Sub-

interface with

802.1q support

Carrier Ethernet

Service

E-LINE (P2P)

IP Routing Peer

(BGP, Static, IGP)

Central

SiteCentral

Site

P2P “virtual”

Ethernet

Pseudo-wire

WAN MACSec Use CasesE-LINE – Single Site to Site

• Point to point PW service (no MAC address lookup)

• Typically Port-mode, or 802.1Q offering

• Target Solution: High-speed (line-rate) transfers

• Speeds typically exceed IPSec

• Reduce IPSec complexity (DMVPN, GRE tunnels)

Carrier Ethernet

Service

Data

Center

Central

Site

MACsec Secured Path / MKA

Session

MACsec Capable Router

MACsec Capable PHY

SP Owned Ethernet Transport Device

Data

Center

Central

Site

WAN MACSec Use CasesE-LINE – Single Site to Site

• Use Cases – Requirement• 10GE 100GE High speed Site to Site requirement

• Data Center Interconnect (replication, massive storage transfers)

• IP/MPLS core/edge links (PE – P, P – P, PE – PE)

• H-QOS: per sub-interface

• WAN MACSec Features• Strong Encryption: AES-GCM-256 (Suite B)

• 802.1Q in the clear (VRF-lite option)

• Target Customer• Enterprise, Cloud Provider, Federal/Government

• Service provider desiring secure WAN links

E-LINE - Point to Point

Central

Site / DC 1

MACSec Capable Router

MACSec Secure Path / MKA Session

MACSec enable Ethernet PHY

Central

Site / DC 2

CarrierEthernetService

WAN MACSec Use CasesE-LINE Point to Multipoint Backhaul

• Point to point PW service (no MAC address lookup)

• Must leverage 802.1Q offering at Central site

• Target Solution: Simple and/or high-speed Branch Backhaul

• Speeds typically exceed IPSec

• Reduce IPSec complexity (DMVPN, GRE tunnels)

Data

CenterCarrier Ethernet

Service

Central

Site

Branch

Branch MACsec Secured Path / MKA

Session

MACsec Capable Router

MACsec Capable PHY

SP Owned Ethernet Transport Device

802.1AE (MacSec) Tagging

DMAC SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC

MISEec EtherType TCI/AN SL Packet Number SCI (optional)

TrustSec Frame Format

Encrypted

Authenticated

0x88e5

Frames are encrypted and protected with an integrity check value (ICV)

MACsec Ethertype is 0x88e5

No impact to IP MTU/Fragmentation

L2 Frame MTU Impact*: ~ 40 bytes = less than baby giant frame

(~1600 bytes with 1552 bytes MTU)

802.1AE (MacSec) Tag in “Clear”

• 802.1Q tag offers major network design options over the carrier network

DMAC SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC

MISEec EtherType TCI/AN SL Packet Number SCI (optional)

Encrypted

0x88e5

DMAC SMAC 802.1AE Header802.1Q CMD ETYPE PAYLOAD ICV CRC

MISEec EtherType TCI/AN SL Packet Number SCI (optional)

Encrypted

0x88e5

802.1Q tag in clear

MKA Session

WAN MACSec Use Case – 802.1Q Tag in the Clear

Data

CenterCarrier Ethernet

Service

Central

Site

Branch

Branch

Physical Ethernet cable

Expanded PHY View

Sub-int

Sub-int

PHYEncrypted Ethernet session per

destination using 802.1q tag on SP n-PE PHY

20

30

WAN MACSec Use Case – 802.1Q Tag in the Clear

Physical Ethernet Wire

Ethernet Interface

Supporting 802.1q Trunking

C

H

4

8

Public

Ethernet

Transport

802.1Q VLAN tags to provider

Key to solution is use of 802.1q for logical connectivity to each site

This is analogous to “channelization” in SONET

Router enables logical IP sub-interface using with 802.1Q tag per location

This will allow multiple connections into a single PHYSICAL interface

Encrypted Ethernet session per

destination using 802.1q tag on SP n-PE

MacSec

PHY

10

20

3040

WAN MACSec – 802.1Q Tag in the ClearExpose the 802.1Q tag “outside” the encrypted payload

...

interface GigabitEthernet0/0/4

macsec dot1q-in-clear 1

Interface GigabitEthernet0/0/4.20

encapsulation dot1Q 20

ip address 10.3.2.1 255.255.255.0

mka pre-shared-key key-chain k1

macsec

!

Interface GigabitEthernet0/0/4.30

encapsulation dot1Q 30

ip address 10.3.3.1 255.255.255.0

mka pre-shared-key key-chain k1

macsec

Allows the ability to leverage

MACsec on a per sub-interface

basis, exposing the “802.1Q tag”

outside the encryption header.

Note: “1” denotes one .1Q tag depth

Example:

WAN MACSec Use CasesE-LINE – Point to Multi-point Topology

• Use Case - Requirement• High Speed hub-and-spoke requirement

• Targets < 30 Site Remote Branch back-haul topology (SA Limit)

• Ability to leverage low-cost/high-speed local Metro E transport

• May require H-QOS: per sub-interface (Hub), Sub-rate (spoke)

• Desire is to eliminate IPSec complexity

• WAN MACSec Features• Strong Encryption: AES-GCM-256 (Suite B)

• Ability to leverage 802.1Q in the clear (Hub-Site logical separation), offering flexible topology options

• Target Customer• Low cost Ethernet transport service available

• May require encryption exceeding IPSec capabilities, specifically at the Hub location

• Targets: Enterprise, Commercial, Federal/Government

E-LINE - Point to Multipoint

Branch 1

MACSec Capable Router

MACSec Secure Path / MKA Session

MACSec enable Ethernet PHY

Central

Site

CarrierEthernetService

Branch 2

Branch n

MACSec 802.1Q Ethernet PHY

E-LAN Use Cases

Source: Overview presentation of the MEF - http://metroethernetforum.org/Presentations

CE1CE2

CE3CE4

Flat Ethernet

Bridge domain

• E-LAN emulates the network as an “Ethernet switch”

• Routers appear as part of a single “flat” Ethernet domain

• Caution required as IP Peering is N – 1 (N = # of router nodes)

• Transport is MAC address aware of “well known” MAC addresses and Ether types

CE1CE2

CE3CE4

Single VLAN

Router Peering Model View for E-LAN

Physical View Logical View

Carrier Ethernet

Service

E-LAN (multi-pt)

IP Routing Peer

(BGP, Static, IGP)

Routing Peers

(N – 1)

CE1CE2

CE3CE4

Flat Ethernet

Bridge domain

• E-LAN emulates the network as an “Ethernet switch”

• Enterprise can enable “private” 802.1Q tags, allowing the

customer to build their own topology over the service provider

transport

• Example: Central Site enable internal 802.1Q tags to create

Hub/Spoke topology

Router Peering Model View for E-LANCreate Private Topology “over” Provider

Physical View

Carrier Ethernet

Service

E-LAN (multi-pt)

IP Routing Peer

(BGP, Static, IGP)

CE1CE2

CE3CE4Ethernet Sub-interface with

802.1q support

Routers peer per

VLAN sub-

interface per PW

Logical View

Central

Site

WAN MACSec Use CasesE-LAN Point to Multipoint Backhaul

• MAC address lookup based service

• WAN MACSec destination EAPoL address change may be required

• Allows MKA session over any Carrier Ethernet transport

• Leveraging 802.1Q offering at Central site

• Target Solution: Simple and/or high-speed Branch Backhaul

Data

CenterCarrier Ethernet

Service

Central

Site

Branch

Branch MACsec Secured Path / MKA

Session

MACsec Capable Router

MACsec Capable PHY

SP Owned Ethernet Transport Device

Adapting to Service Provider Ethernet ServicesEnhancement: Ability to Change EAPoL Destination Address

• MKA uses Extensible Authentication Protocol over LAN (EAPoL) as the transport protocol

• By default, EAPoL uses a destination multicast MAC address of 01:80:c2:00:00:03

• Because EAPoL is a standards (802.1X), the SP may consume this packet (based on the destination multicast MAC address)

• If so, the EAPoL packet will eventually get dropped, causing the MKA session establishment process to fail.

• We need a method to change the destination MAC address of an EAPoL packet, to ensures the SP tunnels the packet like any other data packet instead of consuming them.

EAPoL Destination Address Change Command

• The “eapol destination-address” command allows the operator to change the destination MAC address of an EAPoL packet that is transmitted on an interface towards the service provider.

• This ensures that the service provider tunnels the packet like any other data packet instead of consuming them.

• Example:

...

interface GigabitEthernet0/0/4

macsec dot1q-in-clear 1*

macsec replay-protection-window-size 100

eapol destination-address broadcast

Leverage “broadcast” address

as the destination EAPoL

address. Provider switch will

forward as standard

“broadcast” Ethernet frame.

WAN MACSec Use CasesE-LAN – Point to Multi-point Topology

• Use Case - Requirement• High Speed hub-and-spoke requirement

• Targets < 30 Site Remote Branch back-haul topology (SA Limit)

• Ability to leverage low-cost/high-speed local Metro E transport

• May require H-QOS: per sub-interface (Hub), Sub-rate (spoke)

• Desire is to eliminate IPSec complexity

• WAN MACSec Features• Leverage (if needed) use of EAPoL “destination-address” feature, to

overcome legacy MACSec keying limitations

• Strong Encryption: AES-GCM-256 (Suite B)

• 802.1Q in the clear (Hub-Site logical separation)

• Target Customer• Leverage multipoint capability based on business traffic patterns

• Desire to leverage low-cost E-LAN Ethernet transport services

• Enterprise, Commercial, Federal/Government

E-LINE - Point to Multipoint

Branch 1

MACSec Capable Router

MACSec Secure Path / MKA Session

MACSec enable Ethernet PHY

Central

Site

CarrierEthernetService

Branch 2

Branch n

MACSec 802.1Q Ethernet PHY

WAN MACSec Use CasesE-LINE Point to Multipoint Backhaul

• MAC address lookup based service

• WAN MACSec destination EAPoL address change may be required

• Allows MKA session over any Carrier Ethernet transport

• Leverage any-to-any forwarding of E-LAN service

• Target Solution: Traffic patterns that require any to any connectivity (voice, video, distributed application locations)

Data

CenterCarrier Ethernet

Service

Central

Site

Branch

Branch MACsec Secured Path / MKA

Session

MACsec Capable Router

MACsec Capable PHY

SP Owned Ethernet Transport Device

WAN MACSec Use CasesE-LAN – Multipoint to Multipoint Topology

• Use Case - Requirement• Any to Any (spoke to spoke, spoke to hub… ) node connectivity, typically

dictated by business applications and requirements

• Leverage inexpensive multipoint (ELAN) local Metro E service

• Variable site traffic patterns

• Must remain under the ~30 encryption key limit per node (full mesh)

• WAN MACSec Features• Leverage (if needed) use of EAPoL “destination-address” feature, to

overcome legacy MACSec keying limitations

• Strong Encryption: AES-GCM-256 (Suite B)

• 802.1Q in the clear capability (Hub-Site logical separation)

• Ability to change EAPoL target MAC address thru provider

• Target Customer• Low cost Ethernet transport service available

• Enterprise, Commercial, Federal/Government

• High volume of branch to branch interaction

E-LAN - Multipoint to Multipoint

Branch 1

MACSec Capable Router

MACSec Secure Path / MKA Session

MACSec enable Ethernet PHY

Central

Site

CarrierEthernetService

Branch 2

Branch n

MACSec 802.1Q Ethernet PHY

Additional Customer Use Cases

WAN MACSec for Secure MPLS BackbonePer Link Encryption at 100Gb+ with MACSec End-to-End

PE 1

PE2

PE3

P2

P4

P1

P3

• Leverage MACSec encryption on WAN links connecting PE and P

routers in MPLS Core up to 100Gb, N x 100Gb

• Offers the ability of “per hop” analytics at P/PE hops

• WAN links transparent to: MPLS, MPLS-TE, IPv4/v6, QoS, routing,

multicast, Segment Routing

Enterprise

Site

Data

Center

Enterprise

Site

Data

Center

Enterprise

Site

Data

Center

MACsec Secured Path / MKA

Session

MACsec Capable Router

WAN MACSec with PfRHybrid WAN Leveraging MACsec for High Speed Encryption

Branch

DMVPN

One IPsec OverlayDMVPN

One WAN Routing

DomainiBGP, EIGRP, or OSPF

Active/Active

WAN Paths

One MACsec UnderlayDMVPN + MACsec

HYBRID Encryption Option

IPSec + MACSec

Data Center

ISP A SP V

MACSec Capable Router

MACSec Secure

Path / MKA Session

Leverage MACsec

when encryption

requirement

exceeds IPSec

This is NOT IWAN, but leverages common components

CarrierEthernet

• Leverage MACSec for data transport that

exceeds IPSec’s performance capability

• Leverage IPSec/DMVPN for backup path

over the Internet

• If MACSec link fails, operator has choice

to throttle down high-speed application -

or- wait for high-speed link to recover

• Leverage Policy Based Routing (PBR) or

PfR to dictate application paths for

MACSec and IPSec/DMVPN paths

Internet

Hierarchical “Hybrid” MACSec + IPSec Design

Carrier Ethernet

WAN

Enterprise

Network

Central

Campus / DC Regional

Hub 1

Regional

Hub 2

Branch

IPsec Sites

Branch

Branch

Internet

Branch

Branch

Branch

MACsec IPsec

IPsec

Regional

Hub 3 + DC

MACsec

IPsec

MACsec

Line Rate Encryption + Lower Scale Sites

• “Hybrid” design option for mix of scale, performance, leveraging Ethernet services

• MACsec: Core/Backbone Transport – Higher throughput BW, Lower Scale Requirement

• IPSec: Branch/back-haul – Lower throughput BW, higher scale remote sites, could

leverage DMVPN, GET VPN, etc…

Branch

Lower Throughput Encryption + High Scale Sites

Internet

Metro E

Optical Encryption Options

What is OTN?

• OTN = Optical Transport Network

• Standards docs:

• G.709 Hierarchy and frame structures

• G.872 Architecture

• G.798 Management functions etc

• OTN defines a framing technology that is very similar to SONET/SDH (TDM)

• OTN started as a digital wrapper around WDM client signals to improve reach and manageability

• Evolved to a complex multiplexing hierarchy that enables a service layer

Payload

k OTUk OPUk Payload

0 1,238,954 k

1 2,666,057 k 2,488,320 k

2 10,709,225 k 9,995,277 k

3 43,018,414 k 40,150,519 k

4 111,809,974 k 104,355,975 k

Why OTN Encryption?

Data Center B

Data Center A

OTN

Overhead PAYLOAD

OC-192/STM-64 Fibre Channel Ethernet OTU-2

• Bulk Encapsulation of the client signal ensures line rate

• Encrypting the OTN Payload allows Transparency and Interoperability

The Role of Layer 1 encryption in securing your network

• Bulk Encryption at the OTN layer provides agnostic, line rate, client payload encapsulation security across the transport network

• Current encryption devices are not protocol agnostic

• They only encrypt a single type of traffic type

i.e. Ethernet, IP, SONET requiring “stacking” of multiple types of Encryption devices driving interface count and complexity

• If the ability for the customer can leverage encryption at the optical layer, it eliminates the need for ALL layers above it

Wire Speed Encryption (WSE)10G Multi-Rate OTN/DWDM Encryption

L3

L2

OpticalTransport

Wire Speed Encryption (WSE)10G Multi-Rate OTN/DWDM Encryption

L1

OTN Layer

L3

L2

Wire Speed Encryption (WSE)10G Multi-Rate OTN/DWDM Encryption

L1

L3

L2

• Robust Key Exchange Mechanism over G.709 GCC2 using TLS and ECDH

• AES-256 Data Payload Encryption

• Card Authentication, GMAC Frame Authentication

• FIPS 140-2 level 2 Certified, Common Criteria Certified

• OTN Encryption

• IPSec

• MACSec

Optical Transport Network (OTN) Encryption

Data Center #1

Data Center #2

Data Center #3

DC

Edge

Router OTN

OTN

OTN

OTN

DC

Edge

Router

DC

Edge

Router

OTN Secured Path / MKA

Session

NCS 2000 + OTN Encryption Interface

• Bulk Encryption at the OTN layer provides protocol agnostic, line rate, client payload encapsulation security across the transport network

• Eliminates the need to encrypt at the IP, Ethernet, SONET or application layers

• Encryption is line-rate at 10Gbps (100 Gbps future)

• Idea, solution: DCI, or when fiber channel needs protection

WSE - Wire Speed Encryption Card10G Multi-Rate OTN/DWDM Encryption Card

• Single slot card for 2, 6, and 15 slot chassis – ONS-MSTP/NCS 2000

• 10x SFP+ ports supporting 5x completely independent Encrypted 10Gbps streams

• Real-time Encryption and Authentication of Multiple Client types

• CTC & CPO controlled

• Integrated Transponder Functionalities

• Trunk SFP+’s can be grey (SR, LR, ER, ZR) or WDM (Full C-band Tunable)

• FEC or E-FEC can be SW Provisioned on Trunk

• OTN Ports can be interconnected with 40G or 100G MXP for wavelength

aggregation

Putting it All Together –Positioning, Use Cases

Positioning the Proper Encryption Solution

• It is important NOT to position encryption solutions against one another

• Rather, consider each as a tool in the tool bag, which requires a positioning exercise to meet the technical and business requirement

• Remember, beyond IPSec, “the underlying transport dictates the available encryption options that can be leveraged”

• Understand the sum of the requirements, available technology options in the router, and align the solution with this combination

• Key Factors for encryption decisions will include:

1. Transport availability / options

2. Performance requirements of the solution/application

3. Scale of the design and requirements (number of spokes, connected end-

points, aggregate encryption)

Multi-Layer Encryption Options

L3

L2

L1

• Link encryption options offer alternatives to IPSec

• Link encryption offers trade-off’s (speed vs. scale) when high-speed encryption (N x 10G or 100Gbps) is required

• IPSec

• Ethernet• ATM

• OTN• SONET

Link Encryption

options

Encryption Positioning MatrixDesign Component OTN MACsec IPSec

Topology – Point to Point

Topology – Multipoint Capable (P2MP, MP2MP) Per Port per site x x

Transport Service Support

Ethernet (P2P, Point to Multipoint) x x

IP (MPLS VPN, broadband, Internet) x

Optical / Lambda / Dark fiber x x (to xponder) X (speed limited)

Logical Link Segmentation (802.1Q/sub-int capable) x x

Leverage legacy transport (T1/E1/T3/E3, SONET/SDH) x

Encryption Performance

Encryption Line rate per the PHY interface (1/10/40/100G) x x

Encryption process NOT dependent on physical interface x x

Encryption rate limited by packet size, MTU, PPS of engine

Scale

Hub Site Scale (Hub/Spoke Topology) (1 int/site/link) (PHY dependent) x (1000+ sites)

Simplicity of Configuration x x x

Transparent to IPv4/v6, MPLS, IGP/BGP, IP Multicast x x X (needs GRE)

Excellent Not SupportedSupported (with Limitations)

Summary – Key Advantages

Encryption Key Factors Technology Options

IPSec • IPSec by far the most flexible encryption option (completely

agnostic to underlying transport)

• Is limited by packet size and packet per second performance

(IPSec performance not typically equal to router performance)

• Together with other enhancements (DMVPN for example), IPSec

can support massive scale (beyond 4000 connections)

DMVPN, GETVPN (typically paired

with MPLS VPN over mGRE, LISP,

and is native multicast capable),

FlexVPN, TLS

MACSec • Supports line-rate Ethernet performance (100+ Gb) regardless of

MTU, packet size

• Is transparent to upper layer IP protocols

• No performance impact on router forwarding capabilities

Supported in the router/switch

Ethernet PHY, WAN MACsec

Enhancements, transparent to IP

and MPLS over encrypted links

OTN • Supports of line-rate performance at optical/OTN layer

• Encapsulation frame formats include: 10Gb, 100+ Gb, rich

client-side encapsulation options at OTU2

• Transparent to both Layer 2 (Ethernet) and Layer 3 (IP) upper

layer IP protocols

Optical transport capabilities, with

handoff to other optical platforms

(transponder, OADM, etc…)

Solutions are complimentary and can be run together for additional security

Solution Roadmap

Roadmap – WAN MACSec

Platform Module /

Linecard

Encryption Speed Target

when Shipping

Timeframe Target Use

Cases

ISR 4k Platform 1 or 2-port GE

NM (RJ45/SFP)

AES-GCM-128

or 256

1G 2H - 2015 Branch, WAN

edge

ASR 1001-X 2 x 10G, 6 x 1G

(on board ports)

AES-GCM-128

or 256

100Mb, 1G, 10G NOW Branch, WAN

Aggregation, DCI

ASR 1000 Series Modular LC

6x10G,

2x40G,18x1G

AES-GCM-128

or 256

100Mb, 1G, 10G 1H - 2016 WAN

Aggregation, DCI

ASR 9000 Series 4 or 8-port 800G

Linecard

AES-GCM-128

or 256

1/10G, 40G, 100G 2H - 2015 WAN

Aggregation,

high-speed DCI,

MPLS Edge/Core

NCS 2000/WSE 5-port (client

Tx/Rx pair)

10Gbps

AES-GCM-128

or 256

10Gbps NOW Optical core, DCI

* All roadmap dates are subject to change

Summary

Participate in the “My Favorite Speaker” Contest

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include

• Your favorite speaker’s Twitter handle <Speaker—enter your Twitter handle here>

• Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could Be a Winner

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.

Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

• Related sessions

Thank you

Backup