MACsec to edge hosts

Lyndon Nerenberg lyndon at
Wed Dec 23 02:14:56 UTC 2015

Are any of you pushing MACsec (802.1AE) out from your switches to the edge hosts?  Vs. just running it on the network cross-connect fabric?

We have a scenario where, if we could MACsec encrypt those (switch <-> host) links, we could eliminate a lot of application level TLS.  But searching for a list of PHYs that support this turned up a very thin set of chips, with most of them being several years old now.

Are people even using MACsec in anything other than an "encrypt cross connects between the cages" context?  I would be very interested in chatting with anyone who has tried pushing this out from their switches to the connected hosts.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the NANOG mailing list