Ah July. For me in the Northeast, that means beach weather, backyards BBQs, and the 4th of July.
As many of you know the 4th of July, America's Independence Day, traditionally calls for fireworks. Well, for today's Feature Friday, I wanted to discuss with you the feature that creates the most fireworks in the routing world: Secure Vector Routing (SVR) (sorry, couldn't help it).
Secure Vector Routing (SVR) Overview
Secure Vector Routing is a protocol that two Session Smart Routers (SSRs) use when they are sending traffic back and forth to each other. The best part of SVR is that it provides Security (through encryption, authentication, and NAT) without adding additional headers to packets, unlike tunnel-based protocols, such as GRE and IPsec.
Secure Vector Routing enables security without additional headers through a metadata exchange between two SSRs. This is basically like a secret message that is passed between SSRs sharing information such as:
- Original Source and Destination IP addresses and Ports
- Tenant (user access group)
- Service (destination of traffic)
- Path conditions
- And more
We'll get into this more next week. But to learn more about the metadata exchange now, check out this article.
There are many benefits to using SVR over a tunnel-based protocol, but just to name a few:
- Tunnel add overhead and bandwidth consumption
- Tunnels sometimes require fragmentation, which is inefficient on the router and is not compatible with all firewalls
- Tunnels limit scale as there is a limit to the number of tunnels a router can support
- Tunnels have security concerns as they are bi-directional flows. This means that if one side of a tunnel is compromised, the other is susceptible as well.
To learn more about the downfalls of tunnel-based protocols and why we avoid them, take a look at these resources:
Well, that's it for now. We're keeping it short this week as next week we will dive into SVR part two: Packet Walkthrough. In the meantime, let us know what's on your mind!
- Have you had negative experiences with tunnel-based architectures?
- Do you have examples of how SVR has improved your network?
- Where is the best place to see Fireworks on the 4th of July? (I'll travel)
Looking forward to hearing from you and I can't wait to dig in to the Packet Walkthrough next week!
#FeatureFridays #SVR #SecureVectorRouting #metadata #tunnels
------------------------------
Justin Melloni
------------------------------