Technology Networking & Internet

Recovering from IPSEC failure

While IP as the backhaul brings in tremendous cost benefit, it is a public network and hence brings in additional challenges in maintaining data security.

Let us analyze a typical network implementation in a network.
  • First equipment in the Access Network handles the data from CPE in one side and transfers the data into IP backhaul of aggregation network. The aggregation network is typically a public IP network such as metro Ethernet.
  • At the end of the aggregation networks, security GWs are placed to enable IPSEC in aggregation network.
  • The aggregation network then connects to the operator's private network for management services and core network for further data forwarding.

The NMS systems of the operator configure necessary IPSEC parameters into first equipment and security GWs. In most installations, IPSEC will be set as mandatory and hence the NPEs will have to first successfully set up IPSEC SAs with Sec GW. Once such a configuration is enabled, even the O&M data should go through the IPSEC only.

All is well till now. Now let us imagine a situation that IPSEC fails for some reason. This will immediately isolate NPEs from the O&M. NPE will keep reattempting to establish tunnels but in vain. Since the O&M is now cut off from the operator, there is no way the operator can switch off the IPSEC as no more configuration changes are possible as connection is lost.

Once such a situation arises, there is no other means available to the operator except to arrange for a site visit to NPE to make configuration changes. This is way too expensive for the operator as the NPE site may be anywhere in the geographical location.

To avoid this situation, it is very important to impart certain intelligence into the NPEs to automatically disable IPSEC and accept plain traffic. The important considerations here are,
  • IPSEC should not be disabled for intermittent outages
  • IPSEC should be disabled only if certain Green flags are set by the operator to do so (Exact methodologies will not be discussed in this article)

When all the conditions described above are met, NPE will automatically switch off IPSEC and accept plain traffic. Thus, the NPEs are now accessible to the operator and they can be commissioned back into the service, albeit without IPSEC. This is one way to recover NPEs from IPSEC failures. Once the operator verifies that IPSEC can be reestablished, NPEs can be enabled for IPSEC again.

Leave a reply