nanog mailing list archives
Re: MACsec SFP
From: Pieter Hulshoff <phulshof () aimvalley nl>
Date: Wed, 25 Jun 2014 22:45:38 +0200
On 25-06-14 22:17, John Schiel wrote:
Would be nice if we knew what the protocol was that communicated this information down to the SFP and would also be nice if that was an open protocol subject to review. UDP something? is my guess but ow do those messages look?I'm new to the MACsec idea but I would hope we could watch for such key exchange traversing the wire and have some method to ignore spurious messages and keys that may lock up a valid, working SFP.
It hasn't been decided yet. For our current portfolio of managed device we use a proprietary layer-2 protocol, and offer a network management module that can be integrated into a network management system, a smart device gateway with SNMP support, and an integrated network management in Creanord's EchoVault system. Layer-3 management support is under investigation. Obviously, any key communication over the line would be encrypted, but what security system will be used will depend greatly on the chosen communication protocol. This will in part depend on the customer feedback I get, which currently range from our current layer-2 solution to a web interface to a CLI. If we go layer-3, we'll probably use a standard like SSL/TLS for web pages, and SSH for CLI.
Kind regards, Pieter Hulshoff
Current thread:
- Re: MACsec SFP, (continued)
- Re: MACsec SFP Randy Bush (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- Re: MACsec SFP Aris Lambrianidis (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- Re: MACsec SFP John Schiel (Jun 25)
- Re: MACsec SFP Christopher Morrow (Jun 25)
- Re: MACsec SFP Pieter Hulshoff (Jun 25)
- Re: MACsec SFP Christopher Morrow (Jun 25)
- Re: MACsec SFP Tim Durack (Jun 25)
- RE: MACsec SFP Michael O Holstein (Jun 25)
- Re: MACsec SFP Pieter Hulshoff (Jun 25)
- Re: MACsec SFP Saku Ytti (Jun 25)
- Re: MACsec SFP Glen Turner (Jun 29)
- Re: MACsec SFP Saku Ytti (Jun 29)
- Re: MACsec SFP Glen Turner (Jun 30)
- Re: MACsec SFP Saku Ytti (Jun 30)