16. Overlay Tunnels

Question 1

What is GRE (Generic Routing Encapsulation)?

Answer 1

A tunneling protocol that provides connectivity to a wide variety of network-layer protocols by encapsulating and forwarding packets over an IP-based network.

Question 2

What was GRE originally created for?

Answer 2

To provide transport for non-routable legacy protocols such as IPX

Question 3

What is added for the encapsulation of GRE?

Answer 3

An extra header with the remote endpoints IP

Question 4

What are the command needed to establish a tunnel?

Answer 4

Interface tunnel
Tunnel source
Tunnel destination
IP address

Question 5

What are the optional commands needed to establish a tunnel?

Answer 5

Bandwidth
Keepalive
IP mtu

Question 6

What is the size of the GRE header?

Answer 6

Minimum 24 bytes

Question 7

What is recursive routing?

Answer 7

This occurs when a router has a next hop that is not directly connected

Question 8

Hoe can recursive routing be solved?

Answer 8

By adding a static route

Question 9

What is IPsec?

Answer 9

A framework of open standards for creating highly secure VPNs

Question 10

What are the security services for IPsec?

Answer 10

• Peer authentication
• Data confidentiality
• Data integrity
• Replay detection

Question 11

What are the 2 packet headers of IPsec?

Answer 11

• Authentication header

- Encapsulating Security Payload (ESP)

Question 12

What does ESP do?

Answer 12

It provides ecryption for the payload and adds a header

Question 13

What are the 2 modes of packet transport for IPsec?

Answer 13

• Tunnel mode

- Transport mode

Question 14

What is the difference between tunnel and transport mode?

Answer 14

Tunnel encrypts the complete packet and supports NAT-T

Question 15

What are the 8 encryption methods IPsec supports?

Answer 15

• DES
• 3DES
• AES
• MD5
• SHA
• DH
• RSA signature
• Pre-Shared key

Question 16

What is IKE?

Answer 16

The Internet Key Exchange is a protocol that performs authentication between 2 endpoints to establish security associations (ASs). Known as IKE tunnels

Question 17

What are the two phases of key negotiation for IKE and IPsec?

Answer 17

• Phase 1: Establishes a bidrectional SA between two IKE peers. Both peers can negotiate for phase 2
• Phase 2: Establishes unidirectional IPsec SA

Question 18

What are the two modes for phase 1?

Answer 18

• Main mode

- Aggresive mode

Question 19

What are the 5 IPsec VPN solutions?

Answer 19

• Site-to-site
• DMVPN
• GET-VPN
• FlexVPN (combines all
• Remote Access VPN

Question 20

What is LISP?

Answer 20

A routing architecture and a data & control plane protocol that was created to address routing scalability problems on the internet

Question 21

What is an EID?

Answer 21

The IP address of an endpoint within a LISP site

Question 22

What is an ITR?

Answer 22

LISP router that LISP-encapsulate IP-packets coming from EIDs that are destined outside the LISP site

Question 23

What is an ETR?

Answer 23

LISP router that LISP-deencapsulate IP-packets coming from sites outside the LISP site and destined to EIDs within the LISP site

Question 24

What is an xTR?

Answer 24

A tunnel router that performs ETR and ITR functions

Question 25

What is a PITR?

Answer 25

Just like ITR but for non-LISP sites

Question 26

What is a PxTR

Answer 26

A router that performs PITR and PETR functions

Question 27

What is a LISP router?

Answer 27

A router that persoms ITR, ETR, PITR, PETR functions

Question 28

What is a RLOC?

Answer 28

An IPv4 of IPv6 address of an ETR taht is internet facing or network core facing

Question 29

What is a MS?

Answer 29

Map server

Question 30

What is a MR?

Answer 30

Map resolver

Question 31

What is a MS/MR?

Answer 31

When both functions are placed on 1 device

Question 32

What are the three main components of LISP?

Answer 32

- LISP architecture - LISP control plane protocol - LISP data plane protocol

Question 33

What is the LISP control plane?

Answer 33

Operates in a similar way as DNS. Translates EID into RLOC

Question 34

What is the LISP data plane?

Answer 34

Encapsulation with a: - Outer LISP IP header - Outer LISP UDP header - Instance ID

Question 35

What is the LISP port number?

Answer 35

4341

Question 36

What are the LISP operations?

Answer 36

- Map registration and notify - Map request and map reply - LISP data path - Proxy ETR - Proxy ITR

Question 37

What is the Map registration and notify process?

Answer 37

- The ETR sends a map register message to the MS to register associated EIDs and RLOC - MS sends a map notify voor acknowledgement

Question 38

How can the MS be chosen to reply for the ETR?

Answer 38

By setting the proxy map reply flag (P-bit) in the map register message

Question 39

What is the Map request and map reply process?

Answer 39

- Host sends a packet - When it reaches the ITR, the ITR send a map request to the MR - MR sends to MS - MS sends to ETR - ETR sends the EID to RLOC

Question 40

What is the port for VXLAN?

Answer 40

UDP 4789

Question 41

What is the difference between VLAN and VXLAN?

Answer 41

Vlan is 12 bits | Vxlan is 24 bits

Question 42

What is VTEP?

Answer 42

Virtual tunnel endpoint

Question 43

What zijn de interfaces van een VTEP?

Answer 43

- Local LAN | - IP interface

Question 44

What are the supported control planes for VXLAN?

Answer 44

- Multicast - Unicast VXLAN tunnels - MP-BGP EVPN - LISP