Advanced Computer Networking (ACN) · VXLAN IPsec Security databases Internet Key Exchange version...

transcript

Chair of Network Architectures and ServicesDepartment of InformaticsTechnical University of Munich

Advanced Computer Networking (ACN)

IN2097 – WiSe 2019-2020

Prof. Dr.-Ing. Georg Carle

Sebastian Gallenmüller, Max Helm,Benedikt Jaeger, Patrick Sattler, Johannes Zirngibl

Chair of Network Architectures and ServicesDepartment of Informatics

Technical University of Munich

Chapter 8: Tunnel Protocols

Introduction

Security databases

Internet Key Exchange version 2

Encapsulating Security Payload

IPsec Example

TLS/SSL-based VPNs

VPN Performance Measurements

Other protocols

Summary

Bibliography

Chapter 8: Tunnel Protocols 8-1

Introduction

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography

IntroductionTunneling

Definition

• Tunneling encapsulates one datagram within another datagram.• The outer packet and its headers are regarded for switching / routing purposes of the underlay network.• The inner packet is opaque to the underlay network.• The overlay network handles the inner packet, including switching and routing.• May be used at any layer of the ISO OSI model.

Possible benefits• Build overlay structure• Deal with heterogeneous protocols• Protect traffic• Isolate customers (data center)

But ...• More overhead• Configuration effort• MUCH room for misconfiguration

Tunnel Endpoint 1 Tunnel Endpoint 2

Network Network

Chapter 8: Tunnel Protocols – Introduction 8-3

IntroductionPossible Tunneling Use Cases

What can be achieved with a tunnel?

• Force packet to reach specific node in the network (different path than from regular routing), e.g. usingIP-in-IP tunnel - RFC 2003

• Traverse incompatible nodes, e.g. IPv6 tunnel over IPv4 only nodes• Provide secure connection between different nodes, e.g. using IPsec

Which considerations when using tunneling?

• Performance• Processing overhead• Packet length overhead: reduced MTU, possible fragmentation, limited visibility to end systems

• Security• Correct configuration and tunnel setup not trivial• Inner and outer headers need to be verified• Tunnels may circumvent security policies (e.g. bypassing filters / firewalls)

IntroductionTunneling Technologies

Representative Tunneling Technologies

• Traffic management and isolation• VLAN• MPLS• VXLAN

• Secure tunnels• IPsec• TLS, DTLS• Wireguard• ssh• TOR - Onion Routing Overlay

• Protocol innovation; incremental protocol deployment• IP multicast overlays, e.g. “Mbone” (“multicast backbone”)• various IPv6 transition technologies• Peer-to-Peer overlays

IntroductionVirtual Private Network (VPN)

What is a VPN?

• In general, just another tunneling protocol• VPNs are usually encrypted• Provide secured connections between different nodes

Use cases:

• Securely connect different offices to HQ• Build secure connection from a laptop to a company network• Anonymization• Example: LRZ offers two types of VPN:

• Cisco AnyConnect (use this): TLS-based signalling, and DTLS transport of tunneled VPN traffic, with possible fallback to TLS-based transport where UDP traffic is blocked.

• Cisco IPsec-based VPN (deprecated): with IKEv1 signalling protocol

Introduction

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography

VLANVirtual Local Area Network [1]

General Information

• Standardized in IEEE 802.1Q• Incorporated inside the Ethernet header• Tunnel endpoints are managed switches• One physical network provides multiple virtualized networks

Use cases

• Separate “secure” network from “public” network (e. g. CCTV cams)• Separate different business units (Development, HR, Finances, . . . )• Characterize traffic (see QoS)

Chapter 8: Tunnel Protocols – VLAN 8-8

VLANVirtual Local Area Network Header Layout

Preamble

SFD Destination MAC Source MAC VLAN Type Data (L3-PDU) FCS (CRC-32)

7 B 1 B 6 B 6 B 4 B 2 B 42 – 1500 B 4 B

Ethernet Frame 64 − 1522 B

2 B 2 BField Length

PCP 3 BitDEI 1 BitVID 12 Bit

• VLAN header is inserted between source MAC and ethertype• Ethernet frames having a VLAN header are called tagged (normal frames are called untagged)• VLAN header consists of 4 fields:

• TPID: “Tag Protocol Identifier”, always 0x8100, used to indicate that a frame is tagged• PCP: “Priority Code Point”, prioritization of traffic, can be used to prioritize different classes of traffic (c.f. IEEE

802.1p)• DEI: “Drop Eligible Indicator”, describes if the frame may be dropped in case of congestion• VID: “VLAN Identifier”, identifies to which VLAN this frame belongs, from 1 to 4094 (0 and 4095 reserved), most

important field

VLANAccess Ports and Trunk Ports

Access Ports

• Traffic sent to / from this port is not tagged• Network connected to an access port is logically in one single VLAN• “The port you connect your desktop to”

Trunk Ports

• Can send / receive traffic from multiple VLANs• Tagged frames are forwarded unchanged• Every untagged frame is tagged using the native VLAN• Typical switch-to-switch link• Use with VLAN aware hosts

VLANExample network

CCTV Camera CCTV Camera

Internet

VLAN 1 (untagged)

VLAN 2 (untagged)

VLAN 3 (untagged)

Mixed (tagged)

• Switch-to-Switch ports are trunk ports• Switch-to-Server port is a trunk port• All other switch ports are access ports

VLANQ-in-Q (stacked VLANs)

Encapsulate VLANs in VLANs

Use Case: 4094 VIDs are not sufficient

• Large networks may need more than 4094 VLANs• Expanding the VID space is enough

Use Case: Customer network on top of provider network

• ISPs or data centers use one VLAN per customer• Customer are isolated from each other• Customers want to use VLANs themselves• “Lower” VLAN header is managed by the datacenter / provider• “Upper” VLAN header is managed by the customer

VLANVirtual Local Area Network inside (home) routers

Managed Switch

Port 3Port 2Port 1 Port 4 Port 5

specific VLAN Tags

Untagged

Managing multiple ports using one network controller

• Managed switch is configured to assign one VLAN tag for WAN port, and another for LAN ports• CPU is only needed for WAN routing, control (ARP,ICMP) and management, not for switching• VLAN tags allow CPU to distinguish if frame origin is LAN or WAN• Often seen in consumer hardware

VLANVirtual Local Area Network inside (enterprise) routers

Managed Switch

Port 3Port 2Port 1 Port 4 Port 5

Router

specific VLAN Tags

Untagged

Extra routing component

• Offload most traffic to dedicated hardware device• Handle special cases in Software (slower, higher latency)

Introduction

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography

VXLANMotivation - Virtual eXtensible Local Area NetworkGeneral Information

• Standardized in 2014 in RFC 7348 [2] (rather short standard)• Builds layer 2 overlay network on top of a layer 4 (UDP) underlay network• Has 24 bit VXLAN network identifier (VNI), which allows 16 million virtualized networks• Suitable to reach VMs in large data centers / “the cloud”

Problem Statement

• Servers host a large number of VMs• Each VM has its own MAC address• VMs need to connect to VMs on other servers• Switch needs to handle thousands of MAC addresses of VMs

Another Problem Statement

• Provider and clients both want to use VLANs• Provider allocates VLANs to clients• Very limited amount of VLANs per client• Clients may misconfigure the VMs• Also solved by Q-in-Q (stacked VLANs), but this is not always applicable

Chapter 8: Tunnel Protocols – VXLAN 8-16

VXLANApproach

Ethernet Header

IP Header

20/40 B

UDP Header

VXLAN Header

L2 Frame (Payload)

variable size

Reserved

Encapsulation Strategy

• Encapsulate original layer 2 frame inside UDP• Virtual networks enumerated by VXLAN Network Identifier (VNI)

UDP header fields

• Source Port: Hash of inner 5-tuple great for load balancing• Destination Port: Always 4789• Length: Length of layer 2 frame + UDP header size

VXLANBenefits

What makes VXLAN a “good” tunneling protocol?

• Builds on top of a layer 3 with only multiplexing on layer 4 (done by UDP)• Network may belong to an ISP• “The Internet” is layer 3• VXLAN can be used over the Internet, VLAN cannot

• Layer 3 routing protocols can be used (BGP, OSPF, . . . )• Better multipath support

VXLANExample network

CCTV Camera CCTV Camera

Internet

Layer 3 underlay network

• Links marked as VNI 1/2/3 contain normal Ethernet frames• Layer 3 network is some arbitrary layer 3 network (e.g. an ISP)• The two switches encapsulate (/ decapsulate) to (/ from) the VXLAN frames• Remark: Real world VXLAN-capable switches violate strict layering and use L3 information

Introduction

Security databases

Internet Key Exchange version 2

Encapsulating Security Payload

IPsec Example

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography Chapter 8: Tunnel Protocols 8-20

IPsecInternet Protocol Security

• Standardized by a number of RFCs (most important RFC 4301 [3])• 2 modes of operation

• Tunnel Mode: (a) Subnet to Subnet, Endpoints are called Security Gateways, or (b) Host to Security Gateway• Transport Mode: Host to Host

• 2 phases of operation• Handshake: Establish one or more Security Associations (SA), IPsec signalling protocols that establish SAs:

IKEv1 (old), IKEv2• Data transfer: Use SAs to send encrypted and/or integrity protected traffic, Protocols used: Encapsulated Security

Payload (ESP), Authentication Header (AH)

• Implementations• Commercial implementations by major hardware vendors (Cisco, Juniper, Arista, ...)• Open Source implementations (IKEv1 / IKEv2 / ESP / AH)

• IKEv1 (deprecated - don’t use it) - implementations include: vpnc• IKEv2 (State-of-the-art) - implementations include: strongSwan, libreswan• ESP / AH: Linux / FreeBSD kernel

• Usage scenarios• Connections between different sites (e.g. branch office to HQ)• Connection of client into enterprise network (road warrior scenario)

Chapter 8: Tunnel Protocols – IPsec 8-21

IPsecModes of operation

Figure 1: Typical setups

IPsecIPsec handshake and encryption

initiator responder

Security databasesStructural Overview

• Handshake (IKEv1/2) establishes Security Associations (SA)• SA is used to secure traffic in accordance with Security Policies (SP)• A SP can choose to protect, bypass or discard traffic• An example SP may say “All traffic to IP subnet 131.159.0.0/24 needs to be encrypted”• SAs and SPs are stored in databases called Security Association Database (SAD) and Security Policy

Database (SPD)• SAs are identified by Security Parameter Indices (SPIs)

Security databasesContent

Security Policy Database

• Discard, bypass, protect• Direction• Selectors

• Local, remote IP address ranges• Next layer protocol

• Local, remote ports• ICMP type/code

• Populate from packet flag

• Name (Fully qualified domain name)• IPsec mode• IPsec protocol

Security Association Database

• Security Parameter Index (SPI)• 64 bit sequence number counter• Anti-replay window• Algorithms, keys, Initialisation Vector (IV)• Lifetime• IPsec mode

Security databasesDatabase relashionships

Internal Network (Overlay)

SPD lookup

SAD lookup

apply SA transformations create SA

forwarding

External Network (Underlay)

protect

SA found

discard

bypass

Figure 2: Traffic from internal to external network

External Network (Underlay)

wait for fragments

lookup SA using SPI

process ESP/AH

check SPD inbound selector

SPD check

forwarding

found SA

matches

bypass

discard

Internal Network (Overlay)

Figure 3: Traffic from external to internal network

Internet Key Exchange version 2IKEv2 concepts

• Nodes: initiator, responder• Pairs of messages: request, response

Shared state can also be established by hand.

Internet Key Exchange version 2IKEv2 formatheader format (on port 4500 preceeded by 4 zero octets):

0 7 8 11 12 15 16 23 24 31

initiator Security Parameter Index (SPI)

responder SPI

next payload maj. v. min. v. exchange type flags

message ID

length

generic payload format:0 7 8 9 15 16 31

next payload C reserved payload length

Internet Key Exchange version 2Security Associations and Traffic Selectors

Traffic selectors (TS)

• IP version• IP protocol• Port range or ICMP code/type• IP address range

SA proposals

• IKE/ESP/AH• SPI, size• Encryption algorithm• Integrity protection algorithm• PRF (Pseudorandom Function Family) algorithm• DH group (Diffie-Hellman group)

“Assembly of Security Association payloads requires great peace of mind.” — RFC 7296

Internet Key Exchange version 2IKEv2 overview

initiator responder

IKE SA,key agreement

authentication,child SA

SAIKEi , DHi , Ni

SAIKEr , DHr , Nr

IDi , CERTi , IDr , AUTHi , SAchildi , TSi , TSr

IDr , CERTr , AUTHr , SAchildr , TSi , TSr

SKd |SKai |SKa

r |SKei |SKe

r |SKpi |SKp

r := KDF(Ni |Nr , DH, SPIi |SPIr )

AUTHi ← sign(msg1, Nr , prf (SKpi , id))

Internet Key Exchange version 2IKEv2 messages

• IKE_SA_INIT• IKE_AUTH• CREATE_CHILD_SA• INFORMATIONAL

Internet Key Exchange version 2CREATE_CHILD_SA

initiator responder

SAi , Ni , DHi , TSi , TSr

SAr , Nr , DHr , TSi , TSr

• Sent in IKE SA• May include additional information, e. g. signal rekeying

Encapsulating Security PayloadESP format

source port destination port = 4500

length checksum

0 7 8 15 16 31

sequence number (optional)

initialization vector (variable)

payload (variable)

Traffic Flow Confidentiality padding (optional,variable)

block cipher padding (optional, variable)

pad length next header

Integrity Check Value (variable)

Encapsulating Security PayloadProtocols and modes

plain IP IP TCP L7

ESP tunnel IP ESP IP TCP L7 ESP

ESP transport IP ESP TCP L7 ESP

AH tunnel IP AH IP TCP L7

AH transport IP AH TCP L7

Encapsulating Security PayloadReplay protection and integrity

• Check ICV• Some fields are not transmitted, e. g. part of the sequence number

Replay protection:

• Counter starts at zero• Right window edge: highest received• 64 lower allowed; even lower: discard• Bit mask in between

IPsec ExampleExample Message Exchange

131.159.0.0/24

131.159.1.0/24

From clientTo server

Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect -131.159.1.0/24 131.159.0.0/24 Protect -

0.0.0.0/0 0.0.0.0/0 Bypass -

Security Policy Database (SG 1)

SPI Algorithms Keys

Security Association Database (SG 1)

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

Source Destination Action SPI131.159.0.0/24 131.159.1.0/24 Protect 0x1234131.159.1.0/24 131.159.0.0/24 Protect 0x5678

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0x1234 (AES-CTR, HMAC(SHA256)) (0xa1b2 , 0x5e37)

0x5678 (AES-CTR, HMAC(SHA256)) (0x86ac , 0x9fa9)

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

131.159.0.0/24

131.159.1.0/24

IKEv2 Handshake

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

131.159.0.0/24

131.159.1.0/24

ESP Tunnel

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

131.159.0.0/24

131.159.1.0/24

ESP Tunnel

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

131.159.0.0/24

131.159.1.0/24

ESP Tunnel

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

0.0.0.0/0 0.0.0.0/0 Bypass -

SPI Algorithms Keys

Introduction

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography

TLS/SSL-based VPNsOpenVPN [4]

Overview

• Key exchange is based on TLS/SSL• Can be used on top of UDP or TCP (Why is TCP a bad idea?)• Traffic encryption uses custom scheme• Good NAT traversal properties• Easy to use• Not an industry standard• Not very “professional”, but hacker community likes it• Open Source

Use case:

• Road warriors (laptops connecting to the office)• Students etc. building a cheap VPN

Chapter 8: Tunnel Protocols – TLS/SSL-based VPNs 8-38

TLS/SSL-based VPNsCisco AnyConnect [5][6]

Overview

• Proprietary Cisco software• Supports several protocols:

• (Mostly) SSL/TLS based• Can use Datagram TLS (DTLS), DTLS uses UDP instead of TCP• Can run on port 443 (HTTPS)→ usually no problem with firewalls

• No problems with NAT

Use cases:

• Big corporations supporting mobile endpoints (laptops)• Corporations with existing Cisco infrastructure• Academic compute centers (e.g. LRZ) deployed Cisco AnyConnect

Chapter 8: Tunnel Protocols – TLS/SSL-based VPNs 8-39

Introduction

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography

VPN Performance MeasurementsEvaluation setup

forwardgenerate

traffic

encryptdecrypt encrypted traffic

DuTload generator

Figure 4: Setup

• Hardware: Intel Xeon E3-1230 v2 (4 cores, 3.3 GHz), Intel X520 NIC• Single core measurements• NIC supports IPsec encrypt/decrypt in hardware• Comparison of IPsec in three test setups:

• NIC offload IPsec• Linux IPsec• Linux IPsec with CPU encrypt/decrypt acceleration (AES-NI)

Chapter 8: Tunnel Protocols – VPN Performance Measurements 8-41

VPN Performance MeasurementsEvaluation results

64 256 512 1,0240

2,0004,0006,0008,000

10,000

Figure 5: Throughput with different packet lengths

64 256 512 1,0240

1,462Packet size [Byte]

MoonGen IPsecLinux 3.16 (AES-NI)Linux 3.16 (standard)

Figure 6: Costs per packets with different packet lengthsChapter 8: Tunnel Protocols – VPN Performance Measurements 8-42

VPN Performance MeasurementsCPU Load and DPDK

• NIC hardware acceleration utilizes DPDK• DPDK produces 100% CPU utilization• Effective load ∼ 10%

(90% of free capacity)• Reduce CPU clock while throughput of DPDK solution is still comparable with Linux

VPN Performance MeasurementsEnergy consumption

Power Drain Throughput CPU Load Energy/B[W] [Gbit/s] [3.3 GHz] [mJ]

NIC IPsec offload 100 1.00 20% 0.100Linux 3.16 (AES-NI) 108 1.00 100% 0.108Linux 3.16 107 0.48 100% 0.208

• Data sheet: NIC cryptographic engine uses 0.2 W

VPN Performance MeasurementsVPN Acceleration Conclusion

IPsec on the NIC is more energy efficient, faster, and saves CPU resources. Why is it not used more often?

• Not every NIC supports feature• Not supported by the official NIC driver• NIC does not do key exchange, CPU/OS still need to take care of initial setup and later rekeying

Introduction

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography

Other protocolsPoint-to-Point Tunneling Protocol (PPTP) [7]

• Standardized in 1999• Mostly deployed in Microsoft Windows environments• Weak authentication and encryption schemes• Should not be used anymore• Uses a modified version GRE for tunneling

Chapter 8: Tunnel Protocols – Other protocols 8-47

Other protocols

Other well-known tunneling protocols

• Generic Routing Encapsulation (GRE)• Layer 2 Tunneling Protocol (L2TP, RFC 3355)• SSH tunnel (port forwarding)• IP-over-IP (RFC 2003)• HTTP tunnel• ICMP tunnel• DNS tunnel• . . .

Chapter 8: Tunnel Protocols – Other protocols 8-48

Introduction

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography

Summary

Different protocols for different use-cases

• Simplifying L2 networks administration and separation: VLAN, VXLAN• Connect remote workers to company resources over the Internet: IPsec, SSL-based VPNs• Evade some firewalls: IP-over-(HTTP/DNS/ICMP), . . .

Different protocols for different features

• Encryption and authentication• Easier addressing• Performance (e.g. TCP-over-TCP)

Different protocols for different software support

• Some tunneling protocols are directly supported by operating systems

Chapter 8: Tunnel Protocols – Summary 8-50

Introduction

TLS/SSL-based VPNs

Other protocols

Summary

Bibliography

[1] Wikipedia Contributors. IEEE 802.1Q. https://en.wikipedia.org/wiki/IEEE_802.1Q. 2017.

[2] M. Mahalingam et al. Virtual eXtensible Local Area Network (VXLAN). https://tools.ietf.org/html/rfc7348.2014.

[3] S. Kent and K. Seo. Security Architecture for the Internet Protocol. https://tools.ietf.org/html/rfc4301.2005.

[4] OpenVPN Developers. OpenVPN Security Overview.https://openvpn.net/index.php/open-source/documentation/security-overview.html. 2017.

[5] Cisco. Cisco IOS Secure Sockets Layer (SSL) VPN Technology Overview.https://www.cisco.com/c/dam/en/us/products/collateral/security/ios-sslvpn/IOS_SSL_VPN_TDM_v8-jz-an.pdf.2008.

[6] Cisco. Cisco AnyConnect Secure Mobility Client Data Sheet.https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/datasheet-c78-733184.html.2017.

[7] K. Hamzeh et al. Point-to-Point Tunneling Protocol. https://tools.ietf.org/html/rfc2637. 1999.

Advanced Computer Networking (ACN) · VXLAN IPsec Security databases Internet Key Exchange version...

Documents