Chapter 16 - Overlay Tunnels Flashcards
egress tunnel router (ETR)
A router that de-encapsulates LISP-encapsulated IP packets coming from other sites and destined to EIDs within a LISP site.
endpoint identifier (EID)
The IP address of an endpoint within a LISP site.
ingress tunnel router (ITR)
A router that LISP-encapsulates IP packets coming from EIDs that are destined outside the LISP site.
Internet Key Exchange (IKE)
A protocol that performs authentication between two endpoints to establish security associations (SAs), also known as IKE tunnels. IKE is the implementation of ISAKMP using the Oakley and Skeme key exchange techniques.
Internet Protocol Security (IPsec)
A framework of open standards for creating highly secure VPNs using various protocols and technologies for secure communication across unsecure networks such as the Internet.
Internet Security Association Key Management Protocol (ISAKMP)
A framework for authentication and key exchange between two peers to establish, modify, and tear down SAs that is designed to support many different kinds of key exchanges. ISAKMP uses UDP port 500 to communicate between peers.
LISP router
A router that performs the functions of any or all of the following: ITR, ETR, PITR, and/or PETR.
LISP site
A site where LISP routers and EIDs reside.
map resolver (MR)
A network device (typically a router) that receives LISP-encapsulated map requests from an ITR and finds the appropriate ETR to answer those requests by consulting the map server. If requested by the ETR, the MS can reply on behalf of the ETR.
map server (MS)
A network device (typically a router) that learns EID-to-prefix mapping entries from an ETR and stores them in a local EID-to-RLOC mapping database.
map server/map resolver (MS/MR)
A device that performs MS and MR functions. The MS function learns EID-to-prefix mapping entries from an ETR and stores them in a local EID-to-RLOC mapping database. The MR function receives LISP-encapsulated map requests from an ITR and finds the appropriate ETR to answer those requests by consulting the mapping server. If requested by the ETR, the MS can reply on behalf of the ETR.
nonce
A random or pseudo-random number issued in an authentication protocol that can be used just once to prevent replay attacks.
overlay network
A logical or virtual network built over a physical transport network referred to as an underlay network.
proxy ETR (PETR)
An ETR but for LISP sites that sends traffic to destinations at non-LISP sites.
proxy ITR (PITR)
An ITR but for a non-LISP site that sends traffic to EID destinations at LISP sites.