MACsec SFP

Pieter Hulshoff phulshof at aimvalley.nl
Wed Jun 25 20:45:38 UTC 2014


On 25-06-14 22:17, John Schiel wrote:
> Would be nice if we knew what the protocol was that communicated this 
> information down to the SFP and would also be nice if that was an open 
> protocol subject to review. UDP something? is my guess but ow do those 
> messages look?
>
> I'm new to the MACsec idea but I would hope we could watch for such 
> key exchange traversing the wire and have some method to ignore 
> spurious messages and keys that may lock up a valid, working SFP.

It hasn't been decided yet. For our current portfolio of managed device 
we use a proprietary layer-2 protocol, and offer a network management 
module that can be integrated into a network management system, a smart 
device gateway with SNMP support, and an integrated network management 
in Creanord's EchoVault system. Layer-3 management support is under 
investigation. Obviously, any key communication over the line would be 
encrypted, but what security system will be used will depend greatly on 
the chosen communication protocol. This will in part depend on the 
customer feedback I get, which currently range from our current layer-2 
solution to a web interface to a CLI. If we go layer-3, we'll probably 
use a standard like SSL/TLS for web pages, and SSH for CLI.

Kind regards,

Pieter Hulshoff




More information about the NANOG mailing list