Tuesday, October 20, 2009

MPLS wrap-up & IPSEC Intro.

Well I finished up MPLS today by finishing the rest of my reading, looking over weak areas, and doing shows and debugs from my already constructed labs. Trying to explain everything to another guy on the networking team felt like it helped my understanding out as well. We looked through the MPLS VPN lab, and traced labels throughout the topology, and also verified them against the routes in the routing tables (both the main routing table, and the vrf's). Very much worth the time! Also, by chance, learned that the command show ip protocols vrf [name] had ALOT of pertinent information in it...especially regarding redistributed protocols/AS's as well as neighbors.

Then I watched the nuggets regarding IPSEC introduction.  Much of it a review for me at this point, but still learned some good stuff.  IPSEC attempts to achieve:
  1. Authentication
  2. Data Integrity (SHA1 -{160 bit}, MD5 {128 bit}, etc...)
  3. Confidentiality (DES, 3DES, AES, RSA)
  4. Anti-replay
These are negotiated via IKE (internet key exchange)

There are 2 IPSEC modes:
Transparent and Tunnel

Symmetric encryption == both ends have the same keys (DES, 3DES, AES)
Asymmetric encryption == public/private keys (RSA, DH)

IPSEC is a "protocol suite"

No comments:

Post a Comment