Re: IEEE MACsec

[Dave Cohen <craetdave () gmail com>]

I would caution anyone running MACsec on a link leveraging a provider
circuit between them to quadruple check that the provider link supports
customer use of MACsec. In theory MACsec will operate just fine over a
Layer 2 link but carriers tend to not like unanticipated bits get appended
or inserted into frame headers. In my carrier days, $dayjob's L2 products
tended to be highly interoperable relative to the industry norm, and we
still forced customers into a L1 service if they need MACsec. My
understanding is that said carrier did start supporting it on its L2
services off of certain devices a couple of years ago, but I don't believe
this is common for most providers.

On Tue, Oct 22, 2024 at 2:27 PM Mark Tinka <mark@tinka.africa> wrote:

> On 10/22/24 16:56, Tarko Tikan wrote:
>
> > What we are seeing now is MACsec getting integrated into latest NPUs
> > directly. So far it has been mostly implemented by separate chips or
> > in PHYs (or combination). This has, in some cases, limited you to what
> > ports you can use MACsec on. It also had challenges with sync/PTP,
> > per-vlan MACsec etc.
> >
> > So while it is proven technology and works well we are still seeing
> > innovation/improvements.
>
> It is also now shipping in coherent pluggables as a native feature.
>
> Mark.

-- 
- Dave Cohen
craetdave () gmail com
@dCoSays
www.venicesunlight.com