Home page logo

nanog logo nanog mailing list archives

Re: Security over SONET/SDH
From: JP Velders <jpv () veldersjes net>
Date: Sat, 29 Jun 2013 12:49:37 +0200 (CEST)

Date: Tue, 25 Jun 2013 06:38:23 -0600
From: Phil Fagan <philfagan () gmail com>
Subject: Re: Security over SONET/SDH

Are these private links or customer links? Why encrypt at that 
layer? I'm looking for the niche usecase.

If I recall correctly the PCI stuff says an MPLS network is 
sufficiently safe. If I were a financial, I would mandate at the very 
least that all my communications extra-country be encrypted. Since we 
know how "young" some of the languages and protocols on which our 
financial infrastructure is built are, we can bet the house you need 
link-layer-level encryption to make that work.

Now, whether the institution puts it in place, or requires the 
international transport carrier to do so (hey, howdy, SONET/SDH) is 
another thing.

Nortel at one point had an OC192 AES256 encryption option:

In the end remember, a lot of trans/inter-national bandwidth is still 
SONET/SDH based and only slowly changing to Ethernet-like transports.

Kind regards,
JP Velders

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]