Does anyone have a contact at Amazon AWS?
I own fiber between the USA and Mexico and we would like to discuss a
relationship with them to bring AWS X-connects into the Tijuana Baja
California region.
We connect from One Wilshire all the way to Mexico.
Norman Jester
Global Exchange Telecom
619-319-
In case you'll find it interesting - all three major cloud providers (AWS,
Azure, GCP) support MACSec on their circuits dedicated to customers
(restictions may apply).
https://aws.amazon.com/directconnect/locations/
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/choosing-
will
start to drift quite badly until they go out of spec.
/Björn
*From:*NANOG *On
Behalf Of *Dave Cohen
*Sent:* Tuesday, October 22, 2024 8:39 PM
*To:* Mark Tinka
*Cc:* nanog@nanog.org
*Subject:* Re: IEEE MACsec
I would caution anyone running MACsec on a link leveraging a provider
circuit
: Tuesday, October 22, 2024 8:39 PM
To: Mark Tinka
Cc: nanog@nanog.org
Subject: Re: IEEE MACsec
I would caution anyone running MACsec on a link leveraging a provider circuit
between them to quadruple check that the provider link supports customer use of
MACsec. In theory MACsec will operate
I would caution anyone running MACsec on a link leveraging a provider
circuit between them to quadruple check that the provider link supports
customer use of MACsec. In theory MACsec will operate just fine over a
Layer 2 link but carriers tend to not like unanticipated bits get appended
or inserted
On 10/22/24 16:56, Tarko Tikan wrote:
What we are seeing now is MACsec getting integrated into latest NPUs
directly. So far it has been mostly implemented by separate chips or
in PHYs (or combination). This has, in some cases, limited you to what
ports you can use MACsec on. It also had ch
If you are going to deploy MACSEC, my advice is test, test, and test,
especially (but not only) if you have different vendors'
implementations of MACSEC on either end of the link.
Test that MACSEC comes up.
Test that it recovers from link flaps.
Test key rotation.
Test recovery from link flaps
hey,
It is not exactly new technology, these devices have existed for +decade now?
What we are seeing now is MACsec getting integrated into latest NPUs
directly. So far it has been mostly implemented by separate chips or in
PHYs (or combination). This has, in some cases, limited you to what
On 10/22/24 00:12, Crist Clark wrote:
It is definitely deployed out there. I wouldn't worry too much about
reading the specs. All of the implementations I've dealt with are only
partial implementations. They almost all are limited to "point to point"
functionality.
As for comparing to IPsec,
It is definitely deployed out there. I wouldn't worry too much about
reading the specs. All of the implementations I've dealt with are only
partial implementations. They almost all are limited to "point to point"
functionality.
As for comparing to IPsec, IPsec came out of a different time. It is m
>
> Regarding speed, the first few pages I hit made a comment that it was
> slower because of packet overhead. I'm reading more and that is less of
> a concern.
>
There's certainly a penalty paid for the extra time encrypting and
decrypting , which of course can aggregate over a large number of pr
Thanks.
I threw this out there not knowing how fast someone would respond.
I only heard about this recently and am surprised it as as old as it is.
Regarding speed, the first few pages I hit made a comment that it was
slower because of packet overhead. I'm reading more and that is less of
a
On Mon, 21 Oct 2024 at 20:34, John Schiel wrote:
> 1) May not work over wireless LAN devices?
I guess it depends on wireless technology, but 802.11xyzzy comes with
an encryption solution already so isn't really a target of interest.
> 2) Needs a centralized key server.
Not really, impl
I know this is a NANOG forum but curious how widespread usage of MACsec
might be. (https://1.ieee802.org/security/802-1ae/).Currently reading
the spec but wanted to pose some questions.
I'm seeing some pitfalls:
1) May not work over wireless LAN devices?
2) Needs a centralized key serve
14 matches
Mail list logo
