<div dir="ltr">Isn't MACSEC a hardware implementation at the switchport? I didn't think it was possible to do it on a VLAN... if it is, I'd LOVE to know... that would be awesome and if the kit supported it, I'd use it for every VLAN crossing someone elses network.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><br>...Skeeve</div><div><br></div><div><div><b style="font-size:13px;font-family:Calibri">Skeeve Stevens - </b><span style="font-size:13px;font-family:Calibri">eintellego Networks Pty Ltd</span></div><div><div><span style="font-family:Calibri;font-size:13px"><a href="mailto:skeeve@eintellegonetworks.com" target="_blank">skeeve@eintellegonetworks.com</a> ; <a href="http://www.eintellegonetworks.com/" target="_blank">www.eintellegonetworks.com</a></span><font><p style="font-family:Calibri;font-size:13px;margin:0px">Phone: 1300 239 038; Cell +61 (0)414 753 383 ; <a>skype://skeeve</a></p><p style="font-family:Calibri;font-size:13px;margin:0px"><a href="http://facebook.com/eintellegonetworks" target="_blank">facebook.com/eintellegonetworks</a> ; <a href="http://twitter.com/networkceoau" target="_blank"></a><a href="http://linkedin.com/in/skeeve" target="_blank">linkedin.com/in/skeeve</a> </p><p style="font-family:Calibri;font-size:13px;margin:0px"><a href="http://twitter.com/theispguy" target="_blank">twitter.com/theispguy</a><span style="color:rgb(0,0,0)"> ; blog: </span><a href="http://www.theispguy.com/" target="_blank">www.theispguy.com</a><br></p><p style="font-family:Calibri;font-size:13px;margin:0px"><img src="http://eintellegonetworks.com/logos/ein09.png"><br></p><p style="margin:0px"><span style="color:rgb(127,0,127);font-family:Calibri,sans-serif;font-size:13px">The Experts Who The Experts Call</span></p></font></div><div style="font-family:Calibri,sans-serif;font-size:14px;color:rgb(127,0,127)"><span style="color:rgb(0,32,96);font-size:13px">Juniper - Cisco </span><span style="color:rgb(0,32,96);font-size:13px">- Cloud</span><span style="color:rgb(0,32,96);font-size:13px"> </span><span style="color:rgb(0,32,96);font-size:13px">- Consulting</span><span style="color:rgb(0,32,96);font-size:13px"> </span><span style="color:rgb(0,32,96);font-size:13px">- IPv4 Brokering</span></div></div></div></div></div></div>
<br><div class="gmail_quote">On 11 November 2014 20:01, Shaun Dwyer <span dir="ltr"><<a href="mailto:shaun@dwyer.id.au" target="_blank">shaun@dwyer.id.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div>This actually brings up an interesting point…</div><div><br></div><div>Shane: The realities of LI are more or less that Megaport would have to comply with any valid request to snoop on traffic… I’m sure you already know this though… “Secure” is a relative term in this case.</div><div><br></div><div>As a network operator with supposedly ‘secure’ VXCs (not on Megaport mind you), is it time I start investing in routers/switches that support 802.1AE (MACSec) in hardware?</div><div><br></div><div>Is it worth encrypting traffic on my VXCs to prevent LI without my knowledge?</div><div> </div><div>With the questionable laws that are forced on us these days in terms of LI and data retention, how far should should a network operator go to protect data from snooping without our knowledge? I’m all for catching legitimate bad guys, but personally I feel that some of our current laws are over-reaching.</div><div><br></div><div><br></div><div>Cheers!</div><div><div>
<div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div>Shaun</div><div><br></div></div></div><div><blockquote type="cite"><div>On 11 Nov 2014, at 4:30 pm, Bevan Slattery <<a href="mailto:bevan@slattery.net.au" target="_blank">bevan@slattery.net.au</a>> wrote:</div><br><div>Two words. Straw man.<br><br><a href="http://en.m.wikipedia.org/wiki/Straw_man" target="_blank">http://en.m.wikipedia.org/wiki/Straw_man</a><br><br>B<br><br><br><blockquote type="cite">On 10 Nov 2014, at 10:29 pm, Shane Short <<a href="mailto:shane@short.id.au" target="_blank">shane@short.id.au</a>> wrote:<br><br>Hi Bevan,<br><br>I think you're missing my point here-- my post wasn't taking a shot at Megaport, you're the one who took it that way.<br>I'm fully aware of the benefits of Virtual Cross Connects, I was simply asking if the service *must* be delivered via VXC, as by doing so-- he's narrowing his list of possible providers.<br><br>I'm glad you've touched on Security below-- are the VXC products encrypted in any way? As Megaport is a licensed carrier-- if they get a LI request, can that traffic be intercepted at the layer 2 level?<br><br>-Shane<br><br><br>Bevan Slattery wrote:<br><blockquote type="cite">I¹ll move past the name calling :)<br><br>To directly answer your question I¹ll provide three (3) examples of other<br>providers offering customers the ability to direct connect networks as an<br>alternative to peering or transit.<br><br>Amazon quote 6 main reasons for Direct Connect<br><a href="http://aws.amazon.com/directconnect/" target="_blank">http://aws.amazon.com/directconnect/</a><br><br>- Reduces your bandwidth costs<br>- Consistent Network Performance<br>- Compatible with all your Amazon VPC<br>- Private Connectivty to your Amazon VPC<br>- Elastic<br>- Simple<br><br>Microsoft provides 6 main reasons for Azure ExpressRoute:<br><a href="http://azure.microsoft.com/en-us/services/expressroute/" target="_blank">http://azure.microsoft.com/en-us/services/expressroute/</a><br><br>- Private Connections to Azure<br>- Increased Reliability and Speed<br>- Lower Latencies<br>- Higher Security<br>- Significant Costs Benefits<br>- Directly Connect from your WAN<br><br>Google Cloud/Compute States about their GCI product<br><a href="https://cloud.google.com/interconnect" target="_blank">https://cloud.google.com/interconnect</a><br><br>"Connecting with GCI will enable your infrastructure to connect to Google<br>Cloud with higher availability and lower latency connections."<br><br>The Megaport VXC info is available here<br><a href="http://www.megaport.com/services/megaport-vxcs.html" target="_blank">http://www.megaport.com/services/megaport-vxcs.html</a><br><br>You can light up a VXC (think VLAN) from as little as 100Mbps to<br>10,000Mbps between ports for $20 per day or $200/month regardless of<br>speed.  So you want to spin up a 5,000Mbps connection to someone to backup<br>200TB of data - $20/day.  You have greater protection of being DDoS¹d,<br>interception, greater stability in latency and have guaranteed capacity.<br><br>But where it gets sexy and where the other guys are already taking it is<br>that they have integrated our API into their systems, so that if someone<br>wants to buy a service from AWS they automagically provision the silicon<br>at AWS and the circuit for that customer without touching a single thing.<br>Some hosting providers are already taking it the other way.  Transit<br>providers will be doing the same very soon.<br><br>If you want to actually take time to read about what we are doing, I think<br>you could be pleasantly surprised.<br><br>Cheers<br><br>[b]<br><br><br>From:  Shane Short<<a href="mailto:shane@short.id.au" target="_blank">shane@short.id.au</a>><br>Date:  Monday, 10 November 2014 9:36 pm<br>To:  Bevan Slattery<<a href="mailto:bevan@slattery.net.au" target="_blank">bevan@slattery.net.au</a>><br>Cc:  Skeeve Stevens<<a href="mailto:skeeve%2Bausnog@eintellegonetworks.com" target="_blank">skeeve+ausnog@eintellegonetworks.com</a>>,<br>"<a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a>"<<a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a>><br>Subject:  Re: [AusNOG] Hosted SBC on Megaport<br><br><br>If you're implying what I<br>think you're implying-- I wasn't schilling for a specific product (link<br>you were the other day), I was simply asking for a qualification if the<br>Megaport portion was actually required, as there's a heap of options<br>that he's ruling out by requiring it.<br><br>But hey, if we want to be fangirls for the sake of being fangirls-- go<br>for it.<br><br>Kind Regards,<br>Shane Short<br><br>Bevan Slattery wrote:<br><br><br>  Hahaha.  The irony here is delicious.<br><br>[b]<br><br>On 10 Nov 2014, at 9:16 pm, Shane Short<<a href="mailto:shane@short.id.au" target="_blank">shane@short.id.au</a>><br> wrote:<br><br><br><br>Excuse my ignorance, but<br>what does doing this specifically over Megaport really buy you?<br><br>I'm sure there's heaps of providers that could offer you this service<br>over any number of methods including IX, Peering Arrangements and<br>Transit.<br><br>-Shane<br><br>Skeeve Stevens wrote:<br><br>This might be an odd question.<br>Anyone<br><br> out there who would offer virtualised Session Border Controller's<br>deliverable over Megaport.<br><br>Not knowing much<br>about VoiP and SBC's... Sorry if this is a stupid question.<br><br>Replies<br><br> off-list<br><br>...Skeeve<br><br>Skeeve Stevens - eintellego Networks Pty Ltd<br><a href="mailto:skeeve@eintellegonetworks.com" target="_blank">skeeve@eintellegonetworks.com</a> ; <a href="http://www.eintellegonetworks.com" target="_blank">www.eintellegonetworks.com</a><br><<a href="http://www.eintellegonetworks.com/" target="_blank">http://www.eintellegonetworks.com/</a>>Phone: 1300 239<br>038; Cell +61 (0)414 753 383 ; skype://skeeve<br><a href="http://facebook.com/eintellegonetworks" target="_blank">facebook.com/eintellegonetworks</a><<a href="http://facebook.com/eintellegonetworks" target="_blank">http://facebook.com/eintellegonetworks</a>>  ;<br><a href="http://linkedin.com/in/skeeve" target="_blank">linkedin.com/in/skeeve</a><<a href="http://linkedin.com/in/skeeve" target="_blank">http://linkedin.com/in/skeeve</a>><br><a href="http://twitter.com/theispguy" target="_blank">twitter.com/theispguy</a><<a href="http://twitter.com/theispguy" target="_blank">http://twitter.com/theispguy</a>>  ;<br><br> blog: <a href="http://www.theispguy.com" target="_blank">www.theispguy.com</a><<a href="http://www.theispguy.com/" target="_blank">http://www.theispguy.com/</a>><br><br><br><br>The<br><br> Experts Who The Experts Call<br><br>Juniper - Cisco - Cloud - Consulting - IPv4 Brokering<br><br><br><br><br><br><br><br><br><br>  _______________________________________________<br>AusNOG mailing list<br>AusNOG@lists.ausnog.nethttp://<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">lists.ausnog.net/mailman/listinfo/ausnog</a><br><br><br><br><br>  _______________________________________________<br>AusNOG<br> mailing list<br><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br><br><br></blockquote></blockquote>_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br></div></blockquote></div><br></div></div><br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>