MACsec SFP
Pieter Hulshoff
phulshof at aimvalley.nl
Wed Jun 25 20:45:38 UTC 2014
On 25-06-14 22:17, John Schiel wrote:
> Would be nice if we knew what the protocol was that communicated this
> information down to the SFP and would also be nice if that was an open
> protocol subject to review. UDP something? is my guess but ow do those
> messages look?
>
> I'm new to the MACsec idea but I would hope we could watch for such
> key exchange traversing the wire and have some method to ignore
> spurious messages and keys that may lock up a valid, working SFP.
It hasn't been decided yet. For our current portfolio of managed device
we use a proprietary layer-2 protocol, and offer a network management
module that can be integrated into a network management system, a smart
device gateway with SNMP support, and an integrated network management
in Creanord's EchoVault system. Layer-3 management support is under
investigation. Obviously, any key communication over the line would be
encrypted, but what security system will be used will depend greatly on
the chosen communication protocol. This will in part depend on the
customer feedback I get, which currently range from our current layer-2
solution to a web interface to a CLI. If we go layer-3, we'll probably
use a standard like SSL/TLS for web pages, and SSH for CLI.
Kind regards,
Pieter Hulshoff
More information about the NANOG
mailing list