Security over SONET/SDH
JP Velders
jpv at veldersjes.net
Sat Jun 29 10:49:37 UTC 2013
> Date: Tue, 25 Jun 2013 06:38:23 -0600
> From: Phil Fagan <philfagan at gmail.com>
> Subject: Re: Security over SONET/SDH
> Are these private links or customer links? Why encrypt at that
> layer? I'm looking for the niche usecase.
If I recall correctly the PCI stuff says an MPLS network is
sufficiently safe. If I were a financial, I would mandate at the very
least that all my communications extra-country be encrypted. Since we
know how "young" some of the languages and protocols on which our
financial infrastructure is built are, we can bet the house you need
link-layer-level encryption to make that work.
Now, whether the institution puts it in place, or requires the
international transport carrier to do so (hey, howdy, SONET/SDH) is
another thing.
Nortel at one point had an OC192 AES256 encryption option:
http://www.igrid2005.org/media/press_09.28.05_nortel.html
In the end remember, a lot of trans/inter-national bandwidth is still
SONET/SDH based and only slowly changing to Ethernet-like transports.
Kind regards,
JP Velders
More information about the NANOG
mailing list