The NGE feature uses the Encapsulating Security Payload (ESP) protocol according to IETF RFC 4303. ESP maintains data integrity, ensuring privacy and confidentiality for encrypted traffic.
The ESP protocol used by NGE relies on symmetric ciphers, meaning that the same key is used for encryption and decryption. The NGE node supports Cipher Block Chaining (CBC) encryption mode. Block ciphers used by NGE include:
AES128 with a 128-bit key using 128-bit blocks
AES256 with a 256-bit key using 128-bit blocks
For authentication, the integrity check value (ICV) size is as follows:
HMAC-SHA-256 (16 bytes or 128 bits)
HMAC-SHA-512 (32 bytes or 256 bits)