macsec over wan optical transport

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved.

MACsec over WAN Optical Transport Leveraging MACSec (802.1ae) on Core/Edge Router Links

Craig Hill Distinguished SE U.S. Federal CCIE #1628 – [email protected]

March 3, 2015

PONC - East

U//PROPIN

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

U//PROPIN

Challenges with Current WAN Encryption •  IPSec performance, complexity, and cost becoming more challenged

Performance a fraction of overall router throughput Performance constrained to the performance of the IPSec encryption engine

•  MPLS, Multicast, IPv6 in some cases require GRE tunneling to operate

•  GRE and IP overlays add an additional leverage of complexity and performance impact in certain router platforms

•  Innovations such as DMVPN, MPLS VPN over mGRE simplify this, but IPSec performance still lowest common denominator and performance impact

•  When possible, we need line-rate encryption, that is simpler to operate, and removes levels of complexity from the WAN solution

•  WAN MACsec targets addressing these challenges…


U//PROPIN

•  Simple •  Easy to configure. Simple configuration on interface level only. No GRE Tunnel establishment. •  Reduced interoperability issues with other L3 Features

•  Secure •  Leverage NSA Approved Suite B algorithms with MKA. DP, CP (ECC, SHA-2), CBC

•  Line Rate Encryption •  Leverages “line rate” Ethernet performance of the port (PHY). Speeds 1/10G, 40G, 100G •  Ethernet WAN deployments driving increasing need for higher crypto bandwidths.

What is MACSec? IEEE 802.1AE standard for strong cryptographic protection at Layer 2

MACSec Tag Format

DMAC SMAC

802.1AE Header 802.1Q

CMD

ETYPE

PAYLOAD

ICV

CRC

MACSec EtherType

TCI/AN SL

Packet Number

SCI (optional)

SGT Frame Format

ß

Encrypted Authenticated

0x88e5


U//PROPIN

AES-256-GCM Encryption

Hop-by-Hop Encryption via 802.1AE Standard •  “Bump-in-the-wire” model

- Packets are encrypted on egress, decrypted on ingress

- Packets are in the clear transiting the device

•  Offers line-rate encryption at any speed (1/10G, 40G, 100G)

•  Transparent to all upper layer protocols (IP, MPLS, IPv6)

•  Allows the network to continue to perform all the packet inspection features currently used

•  Can leverage any commercial Ethernet Services

AES-256-GCM Encryption 128bit AES GCM Encryption

011010010001100010010010001010010011101010 01101001000110001001001000 01001010001001001000101001001110101

01101001010001001 01101001010001001

PHY ASIC

Decrypt at Ingress

Encrypt at Egress

5

everything in clear

Encrypted Segment


U//PROPIN Use Cases –

SP and Enterprise/PS 1.  Secure Branch Router Backhaul - alternative to IPSec when Ethernet is WAN/MAN transport

(high-speed, HQoS, simple, No GRE) 2.  Secure Router Core links (IP/MPLS, PE-P, P-P) – Secure high-speed backbone transport links

(p2p links) A.  Optical transport hand-off is gray light B.  Optical transport hand-off is DWDM wavelengths (i.e. CRS-3)

3.  Secure Metro E Service – offer secure 10/40/100GE Metro E service, each link leveraging 802.1ae protection A.  Secure Ethernet Service (point to point) B.  Secure Ethernet Multipoint Service (i.e. VPLS)

4.  Secure PE-CE link transport – secure back-haul to an MPLS BGP VPN service (L3 service) 5.  Secure n-PE to u-PE/CPE - (L2 service) backbone PE 6.  Secure High-Speed Data Center Interconnect (DCI) Ethernet “services” – DCI, Cloud,

storage 7.  Secure “Over the Top” Ethernet Links – Enterprise/PS encrypts their Ethernet links on their

own CPE routers

7 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

(1) Purposely presented leveraging MEF slides


U//PROPIN

Source: Carrier Ethernet Services Overview - http://metroethernetforum.org/Presentations


U//PROPIN

CE1 CE2

CE3 CE4

P2P Ethernet Pseudo-wire

Service

•  More of a Edge/Core network deployment option •  Connection model is full/partial mesh via 802.1Q sub-int service

CE1 CE2

CE3 CE4 Ethernet Sub-interface with 802.1q support

Routers peer per VLAN sub-interface

per PW

Physical View Logical View

Ethernet Sub-interface with 802.1q support

Carrier Ethernet Service

E-LINE (P2P)


U//PROPIN

CE1 CE2

CE3 CE4

Flat Ethernet Bridge domain

•  Targets more Branch network deployment option •  Routers appear as part of a single “flat” Ethernet domain •  Caution required as IP Peering is N – 1 (N = router nodes)

•  Multicast replication is done in the “Core” of the network •  SP will dictate either port-based mode (no .1Q tag) or VLAN mode (sending .1Q tag)

CE1 CE2

CE3 CE4

Router peering is N – 1

Physical View Logical View


E-LAN (multi-pt)


U//PROPIN

•  Ability to support 802.1Q tags in clear Offset 802.1Q tags in clear before encryption (2 tags is optional) or 30B?

•  AES-256 (AES/GCM) support Target Next Generation Encryption (NGE) profile that currently leverages Suite B

•  Enhance MKA key framework (defined in 802.1X-2010) within Cisco security development (Cisco “NGE”) Leverage NSA Suite B algorithm set in target compliance with CSFC

•  System Interoperability Create a common MACsec integration among all MACsec platforms in Cisco

•  Vital Network Features to Interoperate over Public Carrier Ethernet Providers 802.1Q tag in the clear Ability to configure MKA EAPoL Destination Address type Ability to configure Anti-replay window sizes

MACsec Key Agreement (MKA): Protocol that discovers MACsec peers and negotiates the keys used by MACsec; MKA is defined in IEEE 802.1X-2010


U//PROPIN

•  IEEE 802.1AE The MAC security processing is compliant with IEEE 802.1EA-2006 as well as the amendments IEEE 802.1AEbn- 2011 (256-bit key) and IEEE 802.1AEbt Draft 1.0 (extended packet numbering).

•  MACsec Cypher Suites (at FCS) ASE-128-GCM, 128-bit key AES-256-GCM, 256-bit key

•  IEEE 802.1X-2010 – Authenticated Key Agreement for MACsec (MKA)

•  FCS will leverage Pre-shared keys (PSK)

•  PKI Post-FCS, and will leverage Elliptical Curve technology (per Suite B for Key Establishment and Digital Signatures)


U//PROPIN

•  Point to Point E-LINE Services Point to Point Point to Multipoint (Hub/spoke)

•  Multi-Point E-LAN Services Point to Point Point to Multipoint (Hub/spoke)

•  Relevant Feature and Control Capabilities 802.1Q tag in the clear Ability to configure MKA EAPoL Destination Address type Ability to configure Anti-replay window

MACsec Key Agreement (MKA): Protocol that discovers MACsec peers and negotiates the keys used by MACsec; MKA is defined in IEEE 802.1X-2010


U//PROPIN

MACsec Key Auth (MKA – 802.1x-2010)

Point to Point SA Configuration

Ethernet Service •  Point to point PW service (no MAC address lookup) •  Port-Base mode (existing MACsec solutions today) •  VLAN—Based (802.1Q offering, tag in the clear required)

Branch Site

Edge

Enterprise Network

Central Campus / DC

Enterprise Network


E-LINE (P2P)

•  MACsec enabled Interface •  Physical •  Sub-interface (802.1Q)

Customer Use Cases •  Secure: CE – CE link, PE-PE, P-P, PE-P, DC Interconnect, Branch Back-haul

MKA Session MACsec Flow MKA Key MACsec Interface

Edge


U//PROPIN

IP IPv6

Router w/ MACsec

Ethernet SDP

188 180

VLAN (802.1Q)

Q in Q (802.1ad)

Metro E Service

188 180 Label

180

188 180 Sec

Sec

188 180 Sec Label

§  MACsec solution requires 802.1Q tag pass thru §  All frames following first tag (top), including Ethertype, .1Q tags, and MPLS labels are hidden

(i.e. encrypted) §  Allows multi-function Ethernet capabilities on public Metro Ethernet service, including QoS,

EVC/EFP §  Routers allow multi-level tag pass thru

Q in Q + MPLS

Secure Network

180

Encrypted Fields


U//PROPIN

TEE

Multi-Site Use Case (Hub-and-Spoke)

Physical Ethernet Wire

Ethernet Interface Supporting 802.1q Trunking

C H 4 8

Secure Network

IPv4/v6 VLAN

Public Ethernet Transport

802.1Q VLAN tags to provider

§  Key to solution is use of 802.1q for logical connectivity to each site §  This is analogous to “channelization” in SONET §  Router enables logical IP sub-interface using with 802.1Q tag per location §  This will allow multiple connections into a single PHYSICAL interface

Encrypted Ethernet session per destination using 802.1q tag on SP n-PE

PHY


U//PROPIN

MKA Keying (802.1X-2010)

Point to Point SA Configuration – Hub and Spoke

Branch Site CE

Enterprise Network

Central Campus / DC

CE Enterprise Network


E-LINE (P2P)


Branch Site CE

Enterprise Network

Ethernet Service •  Point to point PW service (no MAC address lookup) •  Port-Base mode, or VLAN—Based (802.1Q offering)

Customer Use Cases •  Secure: CE – CE link, DC Interconnect, MPLS PE/P support


U//PROPIN

Multi-Point SA Configuration MKA Keying (802.1X-2010)

Branch Site CE

Enterprise Network

Central Campus / DC

CE Enterprise Network


E-LAN (multi-pt)


Branch Site CE

Enterprise Network

Ethernet Service •  Multi-Point service (MAC address lookup based) •  Port-Based mode, or VLAN-Based Mode (802.1Q offering)

Customer Use Cases •  Secure: CE – CE link, DC Interconnect


U//PROPIN

• MACSec on the egress PHY • MACsec per hop through provider owned core links • Offers protection over uncontrolled optical transport providers • Offers per-hop traffic inspection if desired • No “over-the-top” overlay solutions required • Allows full MPLS Core features (VPN, TE, convergence)

MPLS-PE

MPLS-PE

MACSec Protected Frame Format

Payload VLAN D/S MAC

VLAN Trunk

MACsec Router as the MPLS PE/P •  IPv4 / IPv6 •  MPLS labels & Ctrl Plane •  Routing protocols •  QoS (.1p bits) •  Multicast •  Leverage 802.1Q, Q-in-Q •  L2 Cntrl Plane, STP

VRF’s MPLS Labels

Payload VLAN MACSec Header

Outer D/S MAC

MPLS P

MPLS P

MPLS P


U//PROPIN

Security Briefings & Training

How is NGE Utilized? Commercial Solutions for Classified (CSfC) Overview and Architecture Options for Deployments


U//PROPIN

Commercial Solutions for Classified Website: http://www.nsa.gov/ia/programs/csfc_program/

“ 


U//PROPIN

Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/ )

Inner – IPSec Outer – IPSec


U//PROPIN

Red Network

IP/IPv6 Ethernet

INNER Encryption Domain

Black Network

OUTER Encryption Domain

•  802.1ae (MACsec) •  IPSec

•  802.1ae (MACsec) •  IPSec

“Multi Layered” Domain Encryption Topology Notional IPSec VPN Gateway and Client Solutions

Inner VPN Gateway

Outer VPN Gateway

Inner VPN Gateway

Outer VPN Gateway Optical

Ethernet SONET

IP

Gray Network IP/IPv6

Ethernet

CA Admin W/S

End User Device

End User Device CA Admin

W/S

•  IPSec (Client) •  TLS (application)

MACsec is not an approved CSFC solution as of today


U//PROPIN

Security Briefings & Training

Cisco NGE Innovation Focus Areas Optical Encryption MACSec Secure Mobility


U//PROPIN

Current MACsec and Optical Status… •  Currently, an Extended Package (EP) for MACsec (802.1AE) is being worked on

by NIAP

•  Target plan is to complete in the next several months

•  Cisco is continuing to drive Suite B algorithms as part of all next generation encryption (NGE) development

•  Goal is for Commercial Solutions for Classified (CSFC) compliance will align

•  For optical, there is currently no EP from NIAP

•  Customer interest for High Speed Line-Rate Encryption (Optical+MACSec) should initiate request (official email: [email protected] ask for “tailored COTS solution)


U//PROPIN

Secure Network

IP/IPv6 Ethernet

Inner Encryption Domain

Optical Transport

Secure Network

IP/IPv6 Ethernet

Outer Encryption Domain

“Notional Tailored COTS Solution for High-Speed Encryption”

MACsec (802.1AE) ASR 9000 w/ 100Gb MACsec

Encryption

NCS 2000 w/ 100Gb

OTN Encryption

MACSEC Interface

OTN Encryption

MACsec is not an approved CSFC solution as of today


U//PROPIN

•  IOS-XE MACsec Configuration Guide:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/macsec/configuration/xe-3s/macsec-xe-3s-book.html

ASR 1001-X

Thank you.

macsec over wan optical transport

Technology

cisco andor

cisco public

linerate encryption

cisco confidential

performance impact

aes gcm encryption

gcm encryption hop

challenged performance