16. Overlay Tunnels Flashcards

1
Q

What is GRE (Generic Routing Encapsulation)?

A

A tunneling protocol that provides connectivity to a wide variety of network-layer protocols by encapsulating and forwarding packets over an IP-based network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What was GRE originally created for?

A

To provide transport for non-routable legacy protocols such as IPX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is added for the encapsulation of GRE?

A

An extra header with the remote endpoints IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the command needed to establish a tunnel?

A

Interface tunnel
Tunnel source
Tunnel destination
IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the optional commands needed to establish a tunnel?

A

Bandwidth
Keepalive
IP mtu

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the size of the GRE header?

A

Minimum 24 bytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is recursive routing?

A

This occurs when a router has a next hop that is not directly connected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Hoe can recursive routing be solved?

A

By adding a static route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is IPsec?

A

A framework of open standards for creating highly secure VPNs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the security services for IPsec?

A
  • Peer authentication
  • Data confidentiality
  • Data integrity
  • Replay detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 2 packet headers of IPsec?

A
  • Authentication header

- Encapsulating Security Payload (ESP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does ESP do?

A

It provides ecryption for the payload and adds a header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 2 modes of packet transport for IPsec?

A
  • Tunnel mode

- Transport mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the difference between tunnel and transport mode?

A

Tunnel encrypts the complete packet and supports NAT-T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 8 encryption methods IPsec supports?

A
  • DES
  • 3DES
  • AES
  • MD5
  • SHA
  • DH
  • RSA signature
  • Pre-Shared key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is IKE?

A

The Internet Key Exchange is a protocol that performs authentication between 2 endpoints to establish security associations (ASs). Known as IKE tunnels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the two phases of key negotiation for IKE and IPsec?

A
  • Phase 1: Establishes a bidrectional SA between two IKE peers. Both peers can negotiate for phase 2
  • Phase 2: Establishes unidirectional IPsec SA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the two modes for phase 1?

A
  • Main mode

- Aggresive mode

19
Q

What are the 5 IPsec VPN solutions?

A
  • Site-to-site
  • DMVPN
  • GET-VPN
  • FlexVPN (combines all
  • Remote Access VPN
20
Q

What is LISP?

A

A routing architecture and a data & control plane protocol that was created to address routing scalability problems on the internet

21
Q

What is an EID?

A

The IP address of an endpoint within a LISP site

22
Q

What is an ITR?

A

LISP router that LISP-encapsulate IP-packets coming from EIDs that are destined outside the LISP site

23
Q

What is an ETR?

A

LISP router that LISP-deencapsulate IP-packets coming from sites outside the LISP site and destined to EIDs within the LISP site

24
Q

What is an xTR?

A

A tunnel router that performs ETR and ITR functions

25
Q

What is a PITR?

A

Just like ITR but for non-LISP sites

26
Q

What is a PxTR

A

A router that performs PITR and PETR functions

27
Q

What is a LISP router?

A

A router that persoms ITR, ETR, PITR, PETR functions

28
Q

What is a RLOC?

A

An IPv4 of IPv6 address of an ETR taht is internet facing or network core facing

29
Q

What is a MS?

A

Map server

30
Q

What is a MR?

A

Map resolver

31
Q

What is a MS/MR?

A

When both functions are placed on 1 device

32
Q

What are the three main components of LISP?

A
  • LISP architecture
  • LISP control plane protocol
  • LISP data plane protocol
33
Q

What is the LISP control plane?

A

Operates in a similar way as DNS. Translates EID into RLOC

34
Q

What is the LISP data plane?

A

Encapsulation with a:

  • Outer LISP IP header
  • Outer LISP UDP header
  • Instance ID
35
Q

What is the LISP port number?

A

4341

36
Q

What are the LISP operations?

A
  • Map registration and notify
  • Map request and map reply
  • LISP data path
  • Proxy ETR
  • Proxy ITR
37
Q

What is the Map registration and notify process?

A
  • The ETR sends a map register message to the MS to register associated EIDs and RLOC
  • MS sends a map notify voor acknowledgement
38
Q

How can the MS be chosen to reply for the ETR?

A

By setting the proxy map reply flag (P-bit) in the map register message

39
Q

What is the Map request and map reply process?

A
  • Host sends a packet
  • When it reaches the ITR, the ITR send a map request to the MR
  • MR sends to MS
  • MS sends to ETR
  • ETR sends the EID to RLOC
40
Q

What is the port for VXLAN?

A

UDP 4789

41
Q

What is the difference between VLAN and VXLAN?

A

Vlan is 12 bits

Vxlan is 24 bits

42
Q

What is VTEP?

A

Virtual tunnel endpoint

43
Q

What zijn de interfaces van een VTEP?

A
  • Local LAN

- IP interface

44
Q

What are the supported control planes for VXLAN?

A
  • Multicast
  • Unicast VXLAN tunnels
  • MP-BGP EVPN
  • LISP