nanog mailing list archives

Re: IEEE MACsec

From: Stephen Stuart <stuart () tech org>
Date: Tue, 22 Oct 2024 15:23:59 +0000

If you are going to deploy MACSEC, my advice is test, test, and test,
especially (but not only) if you have different vendors'
implementations of MACSEC on either end of the link.

Test that MACSEC comes up.

Test that it recovers from link flaps.

Test key rotation.

Test recovery from link flaps during key rotation.

Test all permutations of recovery from admin down/up on both sides.

Test everything you can think of, then think of more things to test.

Stephen

Current thread:

IEEE MACsec John Schiel (Oct 21)
- Re: IEEE MACsec Saku Ytti (Oct 21)
  - Re: IEEE MACsec John Schiel (Oct 21)
    - Re: IEEE MACsec Tom Beecher (Oct 21)
    - Re: IEEE MACsec Crist Clark (Oct 21)
    - Re: IEEE MACsec Brandon Martin (Oct 22)
  - Re: IEEE MACsec Tarko Tikan (Oct 22)
    - Re: IEEE MACsec Stephen Stuart (Oct 22)
    - Re: IEEE MACsec Mark Tinka (Oct 22)
    - Re: IEEE MACsec Dave Cohen (Oct 22)
    - RE: IEEE MACsec Bertilsson , Björn via NANOG (Oct 23)
    - Re: IEEE MACsec John Schiel (Oct 23)
- Re: IEEE MACsec Andriy Bilous (Oct 25)
  - Re: IEEE MACsec Norman Jester (Oct 25)