[186560] in North American Network Operators' Group
MACsec to edge hosts
daemon@ATHENA.MIT.EDU (Lyndon Nerenberg)
Tue Dec 22 21:14:33 2015
X-Original-To: nanog@nanog.org
From: Lyndon Nerenberg <lyndon@orthanc.ca>
Date: Tue, 22 Dec 2015 18:14:56 -0800
To: "North American Network Operators' Group" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_FD0B7F11-2A0D-4147-9A61-2B5FD9553D28
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Are any of you pushing MACsec (802.1AE) out from your switches to the =
edge hosts? Vs. just running it on the network cross-connect fabric?
We have a scenario where, if we could MACsec encrypt those (switch <-> =
host) links, we could eliminate a lot of application level TLS. But =
searching for a list of PHYs that support this turned up a very thin set =
of chips, with most of them being several years old now.
Are people even using MACsec in anything other than an "encrypt cross =
connects between the cages" context? I would be very interested in =
chatting with anyone who has tried pushing this out from their switches =
to the connected hosts.
--lyndon
--Apple-Mail=_FD0B7F11-2A0D-4147-9A61-2B5FD9553D28
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJWegOgAAoJEG8PnXiV/JnUcYgP/2M2rn9Q5NJSGYBGjobrfY4h
0cOIRWUvD19rj9eKHzDyLClCjDNbt9dhJOKvVkKhB+FowWZr28PLJVFuQmbdJJQp
wEXJhTvzYV7uWWzkidJDTm/29Lyou65sL9D6qcHpjgVVHGa2t651RjzWHYPu/1hJ
LPPMtpl40E7Uglb8hSj3ktY5QIgdKSfaSr5aU90I3FYZ7QkY2GpyKGubINcDtwNJ
qPSs7/qMJrMx4CH8B7yZUkNAltz8tsPGzxhifZIDzKHiC8nF3asOTSRJ1YWhQ9Yy
BT0T9wt39YLtwDS94Z5Q5CChK8GhthA3eWcYYggdqTpIk5DTEFxT8NS7OkDcu52c
0thdUCEYUb2PoYF5oFVry9SMGYduA5233oOQpH25YMBFpQDJfezcgaHTPS8dm8R3
wwpBVzJXRG1m/9y84YRC7K3sdGGkuVUhGNyRl6boXEFzhH0L9/V9LKVs/p7dsmFe
uJBEROulo3Kj1CpwHhrbWFs4MCxFYE87E5GuQE47JufzbqNkeVQ7Rm8SI+txOtih
6Z54COg7jkV2mkJiJxhgmfRxPwr+f7G+s5aDgajm8ANlQlNBkUopMzThKeTh6cll
nKXPuSAf7EavBeEmLKxmdRsezqxOXX1fLwgZu3qmpqHP8AbM0GHMoE932fTVOVxE
CdVAZ3wBK5v90we6/9rE
=/WL8
-----END PGP SIGNATURE-----
--Apple-Mail=_FD0B7F11-2A0D-4147-9A61-2B5FD9553D28--
