RE: MACsec SFP

["Frank Bulk \(iname.com\)" <frnkblk () iname com>]

DIP switches?

Frank

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Saku Ytti
Sent: Tuesday, June 24, 2014 3:21 AM
To: nanog () nanog org
Subject: Re: MACsec SFP

On (2014-06-24 09:59 +0200), Pieter Hulshoff wrote:

Hi Pieter,

> I've seen this request from others as well. Do you have any
> proposal/preference to limit the data rate from the switch?

For this solution to be marketable, it needs to be extremely cheap, as
you're
essentially competing against cheapest consumer grade switches to subrate a
port.
These ports would not be revenue generating, but almost invariably MGMT
ports
to legacy equipment, issues like QoS are not relevant, price point is.  From
switch POV, packets would be lost on-link when rate exceeds, and TCP would
then decrease rate.

So SFP would need to implement rudimentary buffering and packet dropping.

And as always, it's best if there is some way for these to work without any
configuration, as the moment you need to configure 1 thing, you need to
develop provisioning system and potentially also configuration backups,
which
may in some organizations make solution prohibitively expensive compared to
using small switch from existing vendor, which is already supported by
systems.


-- 
  ++ytti