[c-nsp] Link encryption and scalability kit etc

Darin Herteen synack at live.com
Fri May 6 13:56:43 EDT 2016


I'm currently testing MACSec using Cisco 3560-CX in the lab in a Switch-to-Switch manual deployment and so far so good. If you don't want to get elaborate the price point might be attractive..

Darin
________________________________________
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> on behalf of Nick Cutting <ncutting at edgetg.com>
Sent: Friday, May 6, 2016 12:13 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Link encryption and scalability kit etc

Link encryption and scalability kit etc

We have many clients connecting back to our DC using mostly 3rd party L2 circuits.
There has been an increasing number of requests to encrypt these links - as they want to protect against the "possibly many" service providers that are in the transit path.

Management suggested firewalls (cisco only, no routed VPN's) - but I have two issues with this - no Routing protocols, and no VRF's on our Data Center end to terminate at a larger device.

I was think of little routers capable of encrypting 1 VTI tunnels @100 meg on the client side And ASR1k would fit the bill on the DC end - and maybe would suffice for 30 or so P2P's if it was connected back to our core at 10G, but these are too expensive for the MGT team.

What other technologies/products could I consider at either end, that are available in the enterprise space?

Any direction greatly appreciated,
Nick
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list