Overlay Protocols

Question 1

What is Generic Routing Encapsulation?

Answer 1

A layer 3 over layer 3 encapsulation protocol

Question 2

What are some common use cases of GRE?

Answer 2

Site to site vpn (with IPsec)

Multicast traffic over unicast

IPv6 over ipv4 (for devices which do not support ipv6)

Question 3

What 3 data security features does IP sec offer?

Answer 3

Encryption
Data integrity
Authentication

Question 4

What is the connection establishment process of IPsec?

Answer 4

Peers authenticate and share symmetric crypto keys

Once connected an IPSec tunnel is formed.

Question 5

What is internet key exchange (IKE)?

Answer 5

Protocol used by IPsec to exchange crypto keys using diffie Hellman algorithm.

A SA (security association) is formed over UDP port 500

Question 6

What is Encapsulating Security Payload (ESP)?

Answer 6

Encryption and authentication mechanism used by IPsec

Question 7

What ESP header fields ensure authentication and integrity ?

Answer 7

Security parameter index : identifies which Packets to SA

Sequence number : prevents replay attacks

Integrity check value : calculates checksum over unencrypted data

Question 8

What are ESPs 2 modes of operation?

Answer 8

Transport: only IP payload is encrypted. Source and destination IP is left intact and assigned protocol 50

Tunnel: entire IP packet is encrypted. ESP then appends it’s own IP information with the tunnel source and destination.

Question 9

What is Location/ID Separation Protocol?

Answer 9

Protocol designed to reduce growth of global routing tables.

Question 10

How does LISP work?

Answer 10

LISP routers advertise their prefix’s (endpoint IDs) to a map resolver/map server (mutuality reachable by each site)

EIDs are mapped to RLOC (routing locators) by mr/ms servers and relayed to LISP routers searching for a prefix

Question 11

What UDP port does LISP use for map request and reply’s?

Answer 11

Port 4342

Question 12

What are the 3 types of LISP router?

Answer 12

Ingress tunnel router (ITR)
Egress tunnel router (ETR)
Ingress/egress router (xTR)

Question 13

What is a ingress tunnel routers role?

Answer 13

Encapsulate endpoint traffic inside LISP packet and forwards to a ETR RLOC

iTR also send EID-to-RLOC requests to map server

Question 14

What is a egress tunnel routers role?

Answer 14

ETR decapsulate packets received by ITR and forward to the EID address.

Question 15

What is a RLOC

Answer 15

The IP address of a ETR router which is globally reachable.

Question 16

What role does the map server/map resolver serve?

Answer 16

2 functionally seperate processes which typically reside on the one host

Map server : receives and stores ETR EID-RLOC mappings

Map resolver : replies to ITR requests EID requests

Question 17

What is LISP?

Answer 17

LISP is a shared routing table which is distributed across the ITR,ETR and mapper server.

EIDs are the prefix with the RLOC acting as the ‘next hop’ address.

LISP does not consider routing distance and cost so should not be considered a routing protocol

Question 18

What does VXLAN achieve?

Answer 18

Layer 2 tunnels over layer 3

Question 19

How does VXLAN work?

Answer 19

1. VTEP switch interface receives frame from host
2. VTEP encapsulates inside vxlan header and prepends ip information
3. Packet is routed to destination VTEP
4. Destination VTEP decapsulates and forwards traffic.

Question 20

How do VTEPs flood unknown unicast traffic to other VTEPs?

Answer 20

All VTEPs join a multicast group.

When a VTEP receives a unknown unicast or broadcast on its switch interface, it forwards to the multicast group.

Each VTEP records the transmitting VTEPs IP and source MAC address

Question 21

What types of control plane learning does VXLAN support?

Answer 21

Multicast flooding, LISP and EVPN

Question 22

What does a VRF enable on routers?

Answer 22

The ability to have seperate and isolated routing tables.