nanog mailing list archives
Re: MACsec SFP
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 24 Jun 2014 13:32:04 -0400
On Tue, Jun 24, 2014 at 1:19 PM, Saku Ytti <saku () ytti fi> wrote:
On (2014-06-24 12:30 -0400), Christopher Morrow wrote:it's going to be hard to schedule a key roll then, right? I would expect that in most/many deployments where someone enters a 'key' there has to be some compliance process that includes: "And you change that key every X days" right? So you'll NOT want to be in a situation that involves coordinating a few thousand truck rolls every X months to have this deployed.Hopefully you could offer date when new keys take effect.
sure, 'use new key in 37.243 minutes!' I still have to coordinate people showing up at all sites over N period of time to do this programming, and I'm SURE that some set of the programmed devices will get an l instead of a 1 ... so 'quick chuck, get in the truck!' is going to be an oft-heard refrain ;( Hand managing this just isn't feasible, I think.
Maybe some customer would then enter need for this in CLI in their multimillion dollar RFQ, and then we'd get the feature.maybe so... multi-million of sfp is a lot of sfp though.Of course this would be for the equipment where SFP sits, SFP vendor can't solve this. But if you're making it mandatory in router RFQ, it seems pretty much guaranteed vendors would comply and winning bid at least would implement it.
yes, I realized as I clicked 'send'... in any case :) the sfp manufacturer likely has to decide on some way to program the sfp (maybe there are already in-router/switch ways for other things like this? like wavelength...) which all router/switch vendors have to also agree to abide by.
Current thread:
- Re: MACsec SFP, (continued)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- Re: MACsec SFP Saku Ytti (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- RE: MACsec SFP Frank Bulk (iname.com) (Jun 24)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Saku Ytti (Jun 24)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Saku Ytti (Jun 24)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Eric Flanery (eric) (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 25)
- Re: MACsec SFP Eric Flanery (eric) (Jun 25)
- Re: MACsec SFP Saku Ytti (Jun 25)
- Re: MACsec SFP Tim Durack (Jun 25)
- Re: MACsec SFP Randy Bush (Jun 24)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Randy Bush (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- Re: MACsec SFP Aris Lambrianidis (Jun 24)