[j-nsp] LAN encription

Jeff McAdams jeffm at iglou.com
Mon Dec 14 18:23:54 EST 2015


Last I checked (a month or so ago?) there is only a single MIC (20x1gbps maybe) that can do MacSec on the MX. I think the plan is for future MPCs to support it with any enet MICs connected, but it's not there, yet.

I don't know for the full QFX line, but the EX4600s I have supposedly can do line-rate (or at least very close) MacSec on all ports.   I haven't had the opportunity, yet, to actually try it.

If FIPS 140-2 compliance is relevant for you, MacSec is currently excluded from FIPS 140-2 validation.

-- 
Jeff

On Dec 14, 2015 6:14 PM, Michael Gehrmann <mgehrmann at atlassian.com> wrote:
>
> Hi James,
>
> MACsec isn't done on the MS-MPC to my knowledge it's normally only L3
> services. It looks like MACsec is supported but you would have to check for
> this feature support per line card.
>
> Have a look here:
> http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/macsec-overview-mx-series.html#jd0e76
>
> On 15 December 2015 at 10:00, james list <jameslist72 at gmail.com> wrote:
>
> > Hi Mike
> > Does ms-mpc support l2 encryption?
> >
> > Indeed I was thinking mac-sec at 40/100gbs...
> >
> > Cheers
> > James
> > Il 14/Dic/2015 23:47, "Michael Gehrmann" <mgehrmann at atlassian.com> ha
> > scritto:
> >
> >> Hi James,
> >>
> >> A Juniper MX, MS-MPC is licensable up to 100Gbps so add the MS-MPC +
> >> License x 2 for cost.
> >>
> >> Cheers
> >> Mike
> >>
> >> On 15 December 2015 at 09:31, james list <jameslist72 at gmail.com> wrote:
> >>
> >>> Hi Mike
> >>> Beside the cost, are those speed supported by any juniper/arista/what
> >>> else device?
> >>>
> >>> Cheers
> >>> James
> >>> Il 14/Dic/2015 23:24, "Michael Gehrmann" <mgehrmann at atlassian.com> ha
> >>> scritto:
> >>>
> >>>> For those speeds you are better off getting the traffic encrypted by
> >>>> the end hosts/servers. Pushing encryption to the network will be more
> >>>> expensive.
> >>>>
> >>>> Mike
> >>>>
> >>>> > On 15 Dec 2015, at 02:15, james list <jameslist72 at gmail.com> wrote:
> >>>> >
> >>>> > Dear experts,
> >>>> >
> >>>> > a customer of mine is asking for LAN encryption at 40Gbs (with
> >>>> possibility
> >>>> > to increase at 100Gbs) for DC interconnection (30 km distance).
> >>>> >
> >>>> >
> >>>> > I’m wondering if QFX is the right device or any other recommendation
> >>>> with
> >>>> > Juniper ?
> >>>> >
> >>>> >
> >>>> >
> >>>> > I’m also having a look to Arista… any experience also with these
> >>>> boxes ?
> >>>> >
> >>>> >
> >>>> >
> >>>> > Greetings,
> >>>> >
> >>>> > James
> >>>> > _______________________________________________
> >>>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>>
> >>>
> >>
> >>
> >> --
> >> Michael Gehrmann
> >> Senior Network Engineer - Atlassian
> >> m: +61 407 570 658
> >>
> >
>
> -- 
> Michael Gehrmann
> Senior Network Engineer - Atlassian
> m: +61 407 570 658
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list