Encryption Support

Scenario

The 

Background Information

• Refer to the background information in Basic Service Availability - DNS.
• The
  Unable to show "metadata-from": No such page "_space_variables"
  supports various encryption protocols such as TLS, IPsec and SRTP.
• Since the peers are trusted in the core network, encryption protocols may not be necessary on this side.

Description

Encryption support

• IADs may use secure paths, such as TLS, IPsec and SRTP for encryption.
• The
  Unable to show "metadata-from": No such page "_space_variables"
  performs scaling as each end point requires a separate connection/tunnel. With support for encryption protocols, the
  Unable to show "metadata-from": No such page "_space_variables"
  transmits the message to the core network.

DTLS Encryption

The following cipher suites are supported for DTLS encryption:

• rsa-with-3des-ede-cbc-sha
• rsa-with-aes-128-cbc-sha
• rsa-with-aes-128-cbc-sha-256
• rsa-with-aes-256-cbc-sha
• rsa-with-aes-256-cbc-sha-256
• rsa-with-null-sha
• tls_ecdh_ecdsa_with_aes_256_cbc_sha384
• tls_ecdh_ecdsa_with_aes_256_gcm_sha384
• tls_ecdhe_rsa_with_aes_128_cbc_sha
• tls_ecdhe_rsa_with_aes_256_cbc_sha384

SRTP Encryption

The Secure Real-time Transport Protocol (SRTP) is an IETF protocol used for securing communication across untrusted networks as described in RFC 3711.  SRTP provides confidentiality, message authentication, and optional replay protection to RTP traffic and to the control traffic for RTP and RTCP (Real-time Transport Control Protocol). The SBC 5000 series, SBC 7000, and SBC SWe Cloud support following crypto suites for SRTP and SRTCP encryption:

• AES-CM-128-HMAC-SHA1-32 
• AES-CM-128-HMAC-SHA1-80 
• AES-CM-192-HMAC-SHA1-32
• AES-CM-192-HMAC-SHA1-80
• AES-CM-256-HMAC-SHA1-32
• AES-CM-256-HMAC-SHA1-80
• AEAD-AES-128-GCM
• AEAD-AES-256-GCM