Manualshelf

Brocade Web Tools Administrator's Guide - Supporting Fabric OS v7.0.0 (53-1002152-01, March 2012)

ManualsBrandsHP ManualsComputer AccessoriesHP StorageWorks DC Backbone Switch FIPS Compliant Encryption Blade Option
221222223224225226227228229230
Web Tools Adminstrator’s Guide 201
53-1002152-01
IPsec concepts
16
Transport mode and tunnel mode
Transport mode adds an authentication header (AH) before the IP header. Only a single pair of
addresses is used (those in the IP header). When transport mode is used, both endpoints
implement IPsec.
Tunnel mode encapsulates an IP datagram in a new datagram, with a new IP header specifying the
addresses of the tunnel end points. IPsec is implemented between tunnel endpoints. IPsec is
transparent to the actual endpoints within the IP header in the original packet.
Figure 39 provides a basic visual comparison of how transport mode and tunnel mode modify an IP
datagram.
FIGURE 39 Transport mode and tunnel mode comparison
IPsec header options
IPsec adds headers to an IP datagram to enable authentication and privacy. There are two options:
Authentication Header (AH)
Encapsulating Security Payload (ESP)
RFC 4309 Using Advanced Encryption Standard (AES)
CCM Mode with IPsec Encapsulating Security
Payload (ESP)
RFC 4306 Internet Key Exchange Version 2 (IKEv2)
Protocol
RF C4307 Cryptographic Algorithms for Internet Key
Exchange Version 2 (IKEv2)
RFC 3971 Secure Neighbor Discovery
RFC 3972 Cryptographically Generated Addresses
RFC 3041 Privacy Extensions for Stateless Address Auto
configuration in IPv6
TABLE 17 Relevant RFCs (Continued)
RFC number Title