[AusNOG] dark fibre encryption
markzzzsmith at gmail.com
Wed Apr 8 19:54:30 EST 2020
On Wed, 8 Apr 2020 at 17:49, Phillip Grasso <phillip.grasso at gmail.com> wrote:
> Cheapest is ipsec and there's plenty of options there.
End-to-end crypto via IPsec or TLS/HTTPS is really the best option,
you then don't have to trust the network.
Also makes network engineers' lives easier - "I just shift the
packets, I don't know what's in them."
>There's cheaper companies that do macsec support. Arista is the other option on major vendor options but there's a bunch of yumcha ones you can get if you don't mind some foreign government's having your keys :-p
> On Wed, 8 Apr 2020, 5:30 pm Alex Samad, <alex at samad.com.au> wrote:
>> Quick check of my network vendor , the equipment that has it is out of price range :(
>> On Wed, 8 Apr 2020 at 15:43, Phillip Grasso <phillip.grasso at gmail.com> wrote:
>>> macsec is your best bet. Lots of vendors support it and is reasonably mature. better if you pick one that allows dual keys, no downtime with rotating keys or certs. Watch out bunch of platforms will HALVE or worse the performance of your gear by turning on macsec. e.g. cisco rosco
>>> On Tue, 7 Apr 2020 at 10:36, Alex Samad <alex at samad.com.au> wrote:
>>>> I find myself in the situation that I need to look at purchasing some DC to DC. But I find I am not that well informed about whats available. what people are doing as best practise.
>>>> Quick google doesn't fill me with lots of options.
>>>> So packetlight is the current recommended vendor (their 2000 option). Just looking to see whats to judge next to it
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
> AusNOG mailing list
> AusNOG at lists.ausnog.net
More information about the AusNOG