Virtio-IPsec-LA PoC Implementation

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Fluffy’s Safe Right? If you want to limit a user’s functionality, don’t make them an administrator.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
Internet Security CSCE 813 IPsec
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
Accelerating the Path to the Guest
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)
Cryptography and Network Security
DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
K. Salah1 Security Protocols in the Internet IPSec.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.
© 2010 IBM Corporation Plugging the Hypervisor Abstraction Leaks Caused by Virtual Networking Alex Landau, David Hadas, Muli Ben-Yehuda IBM Research –
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
SeGW function offload 1/4 SeGW VNF SmGW VNF Virtual Switch Other VNF VNFs NFVI Network Processor Offload “programming” 1)VNF need to talk to Packet Processor.
CSCE 715: Network Systems Security
1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.
C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
FreeS/WAN & VPN Cory Petkovsek VPN: Virtual Private Network – a secure tunnel through untrusted networks. IP Security (IPSec): a standardized set of authentication.
1 Networking. 2 Network “... communication system for connecting end-systems” End-systems a.k.a. “hosts” PCs, workstations dedicated computers network.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Planning and Implementing a Basic SOHO Network using Network Segmentation COMP 316.
1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.
DPACC IPSEC Performance Testing
Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
Figure A: From Openstack Nomad. Figure B: From Gap on OpenStack ① ① ④ ④.
K. Salah1 Security Protocols in the Internet IPSec.
DPACC Metadata Update Discussion Lingli Deng 2016/05/05.
Opnfv Summit 2016 (Berlin) DPACC and DPDK solving NFV acceleration
Chapter 4 Introduction to Network Layer
Netconf 2006 Tokyo Paul Moore
Virtio Inline Accelerator
Chapter 4 Introduction to Network Layer
CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.
ECEN “Internet Protocols and Modeling”
Virtio Keith Wiles July 11, 2016.
Implementing an OpenFlow Switch on the NetFPGA platform
Accelerate Vhost with vDPA
Reprogrammable packet processing pipeline
Networking.
Cengage Learning: Computer Networking from LANs to WANs
Networking.
Update Summary of DPACC docs
Flow Processing for Fast Path & Inline Acceleration
DPACC API Guidelines 2019/10/12.
Update Summary of DPACC docs
Latest Update DPACC Use-cases
Virtio-ipsec F.F. Ozog (6WIND) v1 (2015/05/29).
Platform Performance Acceleration
Latest Update DPACC Use-cases
Accelerator Management g-API’s
Figure 3-2 VIM-NFVI acceleration management architecture
Presentation transcript:

Virtio-IPsec-LA PoC Implementation Subha Venkataramanan, Denis Crasta, Srini Addepalli subhaav@freescale.com denis.crasta@freescale.com

Virtio-IPsec-LA PoC Setup Freescale LS2085RDB Hosts the IPsec VNF Implements Virtio-IPsec-LA acceleration Another laptop (LT2) is used for remote GW. IPsec implemented in Linux Laptop LT1 is used to generate clear traffic from LAN side. IPsec GW in VNF using Look-aside IPsec acceleration implemented in Freescale LS2085RDB LS2085 RDB LT1 Remote IPsec GW LT2 WAN side (encrypted traffic) LAN side (clear traffic)

Virtio-IPsec-LA PoC implementation details IPsec Packet Processing – Look Aside Accelerator Flow Fastpath Receives packets from virtio- net devices and does forwarding and IPsec Registers with Linux kernel for offload of flows, routes and Sas Both the above are facilitated by fastpath patch to Linux kernel Virtio-IPsec Frontend IPsecFP uses g-API to access the virtio-IPsec device Virtio-IPsec Backend Uses the user mode driver for the IPsec accelerator hardware VNF Linux Kernel (iptables, route, IPsec) LAN side (clear) traffic WAN side (encrypted) traffic Look-aside IPsec Path SW Interfaces FastPath IPsecFP IPsec g-API Virtio-net Frontend Virtio-net Frontend Virtio-IPsec Frontend Host Linux User QEMU VRING Transport Virtio-IPsec Backend Host Linux Kernel VHOST-NET KVM br0 br1 Hardware NICs IPsec Accelerator Hardware To LAN side LT1 To peer IPsec GW (LT2)

g-API for IPSec Data API Control API Management API g_ipsec_la_packet_encap() Send a packet for encapsulation g_ipsec_la_packet_decap() Send a packet for decapsulation g_ipsec_la_mult_packet_encap() Send multiple packets for encapsulation g_ipsec_la_multi_packet_decap() Send multiple packets for decapsulation Control API g_ipsec_la_capabilities_get() Get the capabilities of the underlying devices g_ipsec_la_sa_add() Add SA g_ipsec_la_sa_del() Delete SA g_ipsec_la_sa_mod() Modify SA g_ipsec_la_sa_flush() Flush SA g_ipsec_la_sa_get() Read and Traversal SA g_ipsec_la_notifications_hook_register() Register hooks for optional notifications such as Sequence number overflow or lifetime in kilobytes expiry etc. Management API g_ipsec_la_get_api_version() Get the API version g_ipsec_la_avail_devices_getinfo() Get the information on available devices g_ipsec_la_active_devices_getinfo() Get the information on active devices g_ipsec_la_open() Open a device g_ipsec_la_close() Close a device g_ipsec_la_group_create() Create a logical group for grouping SAs g_ipsec_la_group_delete() Delete a logical group

OPNFV Introduction

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.