Skip to content
Juan Carlos Villén Molina edited this page Sep 5, 2024 · 3 revisions

Centrally Controlled IPSec (CCIPS)

The CCIPS goes beyond the classical point-to-point IPsec setup and provides a centralized architectural solution to control multiple IPsec endpoints or gateways. The CCIPS is composed by a controller and two or more agents, deployed where the IPsec tunnel is established. In this IKE-less case, the RFC specifies a procedure on the re-keying process that is handled by the controller, when requested by the nodes.

On one side, the CCIPS controller architecture relies on a REST API as the central component to provide the NBI and establish sessions with the agents using the NETCONF protocol.

Contribution

  • SPIRS CCIPS Controller migration from existing standalone python script to an App in ONOS controller.
    • SBI interface YANG using RFC9061 with IPsec agents.
    • NBI for controlling from external system.
Clone this wiki locally