[j-nsp] Macsec over spiky links

james list jameslist72 at gmail.com
Thu May 23 16:28:46 EDT 2019


Dear experts
A customer of mine would like to run encryption over the core entire
network to encrypt traffic passing WAN links.
Currently on those links pass plain ip traffic (bgp, ospf, pim).

The links are 10 Gbs point2point links and are used to transport unicast
and multicast (trading) traffic, bursts are usual but encryption is
considered the only way forward due to auditing reasons.

I'd like to propose to insert on the two link end points an ex4300 macsec
device in order to run macsec in hardware and transport ethernet traffic
without any active action.

Does anybody have experiece in this kind of design? Is bursty multicast an
issue?
I am not able to find any test on the www..

Is there any other way to reach the target without rebuild the entire
network?

Thanks in advance for any hints/recommendation.

James


More information about the juniper-nsp mailing list