[c-nsp] Link encryption and scalability kit etc

Eugeniu Patrascu eugen at imacandi.net
Tue May 10 10:35:50 EDT 2016


Not really a Cisco answer, but I had a similar problem and I solved it with
a few Linux boxes running IPSec and with L2TPv3 pseudo-wires (static mode)
over the link and bridged to an "inside" interface. It carries IPv4/IPv6
traffic with no issues. On a E3-1241 it takes around 15% CPU for 1Gbps of
traffic with AES256GCM128-SHA512.

The overhead is a bit bigger than MACSEC, but it works over any IP
transport.

On Mon, May 9, 2016 at 4:19 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> ask/verify with the WAN/ISP provider that they are handling ethertypes od
> 0x888a and 0x88e5 (these are the minimal extras - EAPOL and
> MACSEC respectively) - and not just handling 0x800 and 0x86DD  (and maybe
> one or two others) - loads appear to not carry any other tags
> (stops eg appletalk, DECnet, trill, ARP etc traversing the link(!)
>
> alan
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list