Using LISP for Secure Hybrid Cloud Extension

Similar documents
LISP Functional Overview

Preserve IP Addresses During Data Center Migration

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Going Hybrid. The first step to your! Enterprise Cloud journey! Eric Sansonny General Manager!

VMware vcloud Air Networking Guide

Configuration Procedure

Configuring Windows Server 2008 Network Infrastructure

Stretched Active- Active Application Centric Infrastructure (ACI) Fabric

Cisco Which VPN Solution is Right for You?

OpenFlow/SDN for IaaS Providers

CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

VXLAN: Scaling Data Center Capacity. White Paper

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

Hybrid Cloud: Overview of Intercloud Fabric. Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group

WHITE PAPER. Network Virtualization: A Data Plane Perspective

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud

Roman Hochuli - nexellent ag / Mathias Seiler - MiroNet AG

Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

Virtualization, SDN and NFV

STeP-IN SUMMIT June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case)

Extending Networking to Fit the Cloud

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

SAN/iQ Remote Copy Networking Requirements OPEN iscsi SANs 1

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Software-Defined Networks Powered by VellOS

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

VMUG - vcloud Air Deep Dive VMware Inc. All rights reserved.

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

R4: Configuring Windows Server 2008 Network Infrastructure

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

Connecting Remote Offices by Setting Up VPN Tunnels

Overlay Networks: Connecting and Protecting Across Regions with Docker. Patrick Kerpan, CEO

Remote Voting Conference

TRILL Large Layer 2 Network Solution

Network Services Internet VPN

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

Connecting to the Cloud with F5 BIG-IP Solutions and VMware VMotion

The networking declaration of independence

Virtual Privacy vs. Real Security

Lecture 02b Cloud Computing II

Strategies for Getting Started with IPv6

Course Venue :- Lab 302, IT Dept., Govt. Polytechnic Mumbai, Bandra (E)

Network Virtualization and its Application to M2M Business

SDN Unlocks New Opportunities for Cloud Service Providers

Networking with Windows Server vb. Day(s): 5. Version: Overview

Virtual Machine in Data Center Switches Huawei Virtual System

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

How To Orchestrate The Clouddusing Network With Andn

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

CompTIA Cloud+ 9318; 5 Days, Instructor-led

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

Cisco Intercloud Fabric for Business

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

Data Center Infrastructure of the future. Alexei Agueev, Systems Engineer

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Network performance in virtual infrastructures

ConnectX -3 Pro: Solving the NVGRE Performance Challenge

Cloud Computing and the Internet. Conferenza GARR 2010

Effective disaster recovery using Software defined networking

Securing the Virtualized Data Center With Next-Generation Firewalls

Branches as Nimble as the Cloud: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY

Configuring IPsec VPN between a FortiGate and Microsoft Azure

For extra services running behind your router. What to do after IP change

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Software Defined Network (SDN)

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer

Transition to IPv6 for Managed Service Providers: Meet Customer Requirements for IP Addressing

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

Reference to common tasks

Network Virtualization

Virtual Subnet: A Scalable Cloud Data Center Interconnect Solution

Chapter 3: IP Addressing and VLSM

HP LeftHand SAN Solutions

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Microsoft System Center

Cloud Networking: Framework and VPN Applicability. draft-bitar-datacenter-vpn-applicability-01.txt

How to Guide: StorageCraft Cloud Services VPN

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Deploying the BIG-IP System with VMware vcenter Site Recovery Manager

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

the Data Center Connecting Islands of Resources Within and Across Locations with MX Series Routers White Paper

SOFTWARE DEFINED NETWORKING

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE

NVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

How To Configure A Vyatta As A Ds Internet Connection Router/Gateway With A Web Server On A Dspv.Net (Dspv) On A Network With A D

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

Transcription:

Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF 89, London, UK

A New Use Case for LISP It s a use a use case draft. Covers the use of LISP to enable a secure layer 3-based Hybrid Cloud Extension. Relevant for Cloud bursting, Workload migration, Rapid provision of new applications in the cloud and disaster recovery use cases. 67% of Enterprises expected to be pursuing a hybrid cloud computing strategy by 2015 (47% the year before) Source: Gartner DC Summit 2012 3/March/2014 draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 2

A New Use Case for LISP LISP, in combination with IPsec or any other encryption mechanism, to be implemented on a virtualized router deployed on a public cloud and on the enterprise DC. Allows virtual machines (VMs) to be moved to the cloud without changing the VMs IP Address / Mask / Default Gateway; Same subnet on both sites. Running code available and tested on large cloud providers. 3/March/2014 draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 3

Advantages over other proposals Does not extend the failure domain Total isolation of broadcast (Layer 2) domains between Enterprise and Cloud. It allows a routed (Layer 3) connection between sites. Natively provides Gateway in the Cloud for optimal routing between servers moved to the Cloud. No hair pining save InterCloud bandwidth / latency. Works with any standard VM in the Cloud, no need to modify the VM for migration. Ingress Path-Optimization from remote sites to the Cloud easily achievable. 3/March/2014 draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 4

Using LISP for Secure Hybrid Cloud Extension 10.1.1.10 Hypervisor Enterprise Data Center Internet Public Cloud Provider Hypervisor 10.1.1.20 WAN 10.1.1.10 Branch Office Branch Office with Internet connec@on = Virtualized Router with LISP draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00

RLOC 10.5.5.5 10.1.1.20 Using LISP for Secure Hybrid Cloud Extension Hypervisor Hypervisor PxTR Not the Default Gateway = Non-intrusive Enterprise RLOC Data in Center the Enterprise address space MS/MR can be located on Enterprise or Cloud Internet Traffic between Enterprise and Cloud should be encrypted. IPSec or any other mechanism. WAN xtr Default Gateway for Servers (VMs) RLOC in the Enterprise Public Cloud address Provider space RLOC 10.5.5.6 10.1.1.10 - No change on server s IP address/mask/gateway - Enterprise owned / managed IP address in the Cloud. Subnet (not VLAN) extended into the cloud. Branch Office Branch Office with Internet connec@on = Virtualized Router with LISP draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00

RLOC 10.5.5.5 Using LISP for Secure Hybrid Cloud Extension Hypervisor Hypervisor PxTR Not the Default Gateway = Non-intrusive Enterprise Data Center RLOC in the Enterprise address space MS/MR can be located on Enterprise or Cloud Internet xtr Default Gateway for Servers (VMs) Public Cloud Provider RLOC in the Enterprise address space RLOC 10.5.5.6 10.1.1.10 WAN Branch Office Branch Office with Internet connec@on = Virtualized Router with LISP xtr draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00

Feedback received on Mailing List Concern with the use of pre-established IPsec tunnels Secure connection (encryption) between enterprise and cloud is needed, IPSec used as a transport to encrypt the LISP flow. It s one option, other options will be incorporated into future versions of the draft. How to extend the RLOC space into the cloud should also be considered; IPsec allows NAT, native LISP data plane and control plane address translation to be further investigated. Document should be more explicit about what the resulting message stack looks like. Will be covered on version 01. 3/March/2014 draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 8

Areas to be included on version 01 More explicitly stating where the IPsec tunnel is and incorporating other options for encryption where IPSec tunnel becomes optional. Discuss how private IPv4 addresses will be handled and where NAT devices will be deployed. Performance and Scalability Considerations Management and Automation Considerations Document the resulting encapsulation stack. 3/March/2014 draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 9

Ask to the Working Group Adopt this draft as one of the use cases for LISP. Consider the Secure Hybrid Cloud Extension Use Case to aid in future evolution of the protocol. 3/March/2014 draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information