[j-nsp] MACsec interoperability between MX10003 and Cisco ASR 9k?

Christian Seitz chris at in-berlin.de
Wed Oct 24 08:42:07 EDT 2018


Hello,

Am 24.09.18 um 23:29 schrieb Christian Seitz:

> I'm currently trying to find out if somebody has already tested if MACsec can
> be used on a 100G port between MX10003 and Cisco ASR 9k (required licenses
> will be installed on both routers). Yes, MACsec is a standard, but... ;-)
> 
> Unfortunately Juniper currently has no MX10003 available in the loaner pool.
> They have an MX10003 in their lab in Amsterdam, but no ASR 9k. Therefore I
> cannot test is by myself and hope somebody else already made some experience.

nobody answered this email yet so I would like to answer it myself in case
somebody else is interested in this information.

Juniper was now able to deliver a loaner so we could test MACsec between the
MX10003 and an ASR 9910. As long as your JunOS is recent enough that PR1336834
("MACSec AES-GCM-256 hashing algorithm is not compatible with other vendors")
is fixed and your IOS XR has fixed CSCvg91792 ("STARLORD MACSEC - ARP is not
resolved in Octane starlord interop") MACsec just works. I have tested AES-256
between both boxes on a 100G interconnect and unicast and multicast traffic
pass the link.

Thanks and regards,

Chris


More information about the juniper-nsp mailing list