nanog mailing list archives

Re: IEEE MACsec

From: Saku Ytti <saku () ytti fi>
Date: Mon, 21 Oct 2024 21:28:55 +0300

On Mon, 21 Oct 2024 at 20:34, John Schiel <jschiel () flowtools net> wrote:

     1) May not work over wireless LAN devices?

I guess it depends on wireless technology, but 802.11xyzzy comes with
an encryption solution already so isn't really a target of interest.

     2) Needs a centralized key server.

Not really, implementation detail.

     3) May not be supportable on all devices?

Definitely not supported on all devices, you tend to pay extra, but
getting an increasingly small premium to pay. May become essentially
free, depending on demand.

Purported to be faster on the LAN than IPsec because MACsec is on layer 2.


Speed doesn't have anything to do with layer2 or layer3, you may be
assuming that ipsec is software and macsec is hardware which may be
true, but is implementation detail. For example Juniper Trio can do
some forms of IPSEC on the same hardware as MACSEC at the same
performance profile.


It is not exactly new technology, these devices have existed for +decade now?

-- 
  ++ytti

Current thread:

IEEE MACsec John Schiel (Oct 21)
- Re: IEEE MACsec Saku Ytti (Oct 21)
  - Re: IEEE MACsec John Schiel (Oct 21)
    - Re: IEEE MACsec Tom Beecher (Oct 21)
    - Re: IEEE MACsec Crist Clark (Oct 21)
    - Re: IEEE MACsec Brandon Martin (Oct 22)
  - Re: IEEE MACsec Tarko Tikan (Oct 22)
    - Re: IEEE MACsec Stephen Stuart (Oct 22)
    - Re: IEEE MACsec Mark Tinka (Oct 22)
    - Re: IEEE MACsec Dave Cohen (Oct 22)
    - RE: IEEE MACsec Bertilsson , Björn via NANOG (Oct 23)
    - Re: IEEE MACsec John Schiel (Oct 23)

(Thread continues...)