Overlay Tunnels Flashcards
What is GRE?
Generic Routing Encapsulation (GRE) is a tunneling protocol that provides connectivity to a wide variety of network-layer protocols by encapsulating and forwarding packets over an IP-based network.
When configuring a GRE tunnel interface, what is required?
When configuring a tunnel interface, the tunnel source, tunnel destination, and IP address are required.
How does recursive routing occur when in Tunnels?
Recursive routing occurs when a router tries to reach the remote router’s encapsulating interface (transport IP) via the tunnel (overlay network). This is a common issue when the transport network is advertised into the same routing protocol that runs on the relay network.
What is ESP and what does it provide?
Encapsulating Security Payload (ESP) provides data confidentiality, authentication, and protection from hackers replaying packets.
What does Tunnel mode do?
Tunnel mode encrypts the entire original packet and adds a new set of IPsec headers. These new headers are used to route the packet and also provide overlay functions.
What does Transport mode do?
Transport mode encrypts and authenticates only the packet payload. This mode does not provide overlay functions and routes based on the original IP headers.
What is IKE?
Internet Key Exchange (IKE) is a protocol that performs authentication between two endpoints to establish security associations (SAs), also known as IKE tunnels.
What are two different ways to encrypt traffic over a GRE tunnel?
Two ways to encrypt traffic over a GRE tunnel:
Using crypto maps and using tunnel IPsec profiles.
What is LISP and why was it created?
Location/ID Separation Protocol (LISP) is a routing architecture and a data and control plane protocol that was created to address routing scalability problems on the internet.
How does the LISP Routing Architecture function?
LISP separates IP addresses into endpoint identifiers (EIDs) and routing locators (RLOCs). This way, endpoints can roam from site to site, and the only thing that changes is their RLOC; the EID remains the same.
How does the LISP Control Plane operate?
LISP resolves an EID into an RLOC by sending map requests tot he MR.
What is VXLAN?
VXLAN is an overlay data plane encapsulation scheme that was developed to address the various issues seen in traditional Later 2 networks.
What is a VNI?
VXLAN network identifier (VNI) is used to provide segmentation for Layer 2 and Layer 3 traffic.
What are VTEPs and how are they used?
Virtual Tunnels Endpoints (VTEPs) are entities that originate or terminate VXLAN tunnels. They have local LAN interfaces and a core-face network interface known as the IP interface.