nanog mailing list archives
Re: SRv6
From: Wilco Baan Hofman <wilco () baanhofman nl>
Date: Fri, 18 Sep 2020 13:28:11 +0200
On 18/09/2020 12:07, Mark Tinka wrote:
There was a time when the use-case for MACSec was to move banks away from running their own DWDM/FC networks, and letting operators do it.
Well, the other use case is access networks with 802.1x. With 802.1x as long as the port stays up the session cookie (whatever is set as authenticated) is the MAC address. So once a port is authenticated, it's really easy to spoof a MAC and still be on the network. With WPA2 enterprise on WiFi, this problem does not exist, because then there is a cryptographic session. MACsec fixes that gap on wired. Not all that relevant for long-distance links though :) -- Wilco
Current thread:
- Re: SRv6, (continued)
- Re: SRv6 Mark Tinka (Sep 16)
- Re: SRv6 Anoop Ghanwani (Sep 16)
- Re: SRv6 Randy Bush (Sep 16)
- Re: SRv6 Mark Tinka (Sep 17)
- Re: SRv6 mark seery (Sep 17)
- Re: SRv6 Mark Tinka (Sep 17)
- Re: SRv6 mark seery (Sep 17)
- Re: SRv6 Mark Tinka (Sep 17)
- Re: SRv6 tim () pelican org (Sep 18)
- Re: SRv6 Mark Tinka (Sep 18)
- Re: SRv6 Wilco Baan Hofman (Sep 18)
- Re: SRv6 mark seery (Sep 18)
- Re: SRv6 Mark Tinka (Sep 19)
- Re: SRv6 Valdis Klētnieks (Sep 19)
- Re: SRv6 Mark Tinka (Sep 20)
- Re: SRv6 Łukasz Bromirski (Sep 21)
- Re: SRv6 Mark Tinka (Sep 16)
- Re: SRv6 James Bensley (Sep 16)
- Re: SRv6 Randy Bush (Sep 16)
- Re: SRv6 Paul Timmins (Sep 16)
- Re: SRv6 James Bensley (Sep 18)