Secure EVPN
draft-sajassi-bess-secure-evpn-02

Document Type Expired Internet-Draft (individual)
Last updated 2020-01-09 (latest revision 2019-07-08)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-sajassi-bess-secure-evpn-02.txt

Abstract

The applications of EVPN-based solutions ([RFC7432] and [RFC8365]) have become pervasive in Data Center, Service Provider, and Enterprise segments. It is being used for fabric overlays and inter- site connectivity in the Data Center market segment, for Layer-2, Layer-3, and IRB VPN services in the Service Provider market segment, and for fabric overlay and WAN connectivity in Enterprise networks. For Data Center and Enterprise applications, there is a need to provide inter-site and WAN connectivity over public Internet in a secured manner with same level of privacy, integrity, and authentication for tenant's traffic as IPsec tunneling using IKEv2. This document presents a solution where BGP point-to-multipoint signaling is leveraged for key and policy exchange among PE devices to create private pair-wise IPsec Security Associations without IKEv2 point-to-point signaling or any other direct peer-to-peer session establishment messages.

Authors

Ali Sajassi (sajassi@cisco.com)
Ayan Banerjee (ayabaner@cisco.com)
Samir Thoria (sthoria@cisco.com)
David Carrel (carrel@cisco.com)
Brian Weis (bew.stds@gmail.com)
John Drake (jdrake@juniper.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)