Unified Secure Channel
usc
In enterprise networks, more and more controller and network management systems are being deployed remotely, such as in the cloud. Additionally, enterprise networks are becoming more heterogeneous - branch, IoT, wireless (including cloud access control). Enterprise customers want a converged network controller and management system solution.
Typical Future Enterprise Networks
Network edge initiates the communication to the controller (NMS)
Scenario:
The network edge may be deployed behind a NAT or a firewall, thus the initiation of the session between the controller and network edge has to be from the network edge side; otherwise NAT/FW may drop the session setup request from controller side due to lack of proper states.
Challenges:
Scenario:
Rogue controller may behave as normal controller and respond to devices’ connection request;
Challenges:
Scenario:
Multi-protocol connections between network edge and controller:
Challenges:
A unified secure channel for management and service provisioning
Build a unified secure communication tunnel between network element and controller
1. Create a secure channel
1.1 Allow two-way initiation: Initiate the setup from either one of network element or Controller
1.2 Allow two-way authentication
2. Create a generic mechanism to support various communication protocols
2.1 Invisible to protocols carried
2.2 Multiple protocols share the same tunnel