[AusNOG] dark fibre encryption
Alex Samad
alex at samad.com.au
Wed Apr 8 21:03:48 EST 2020
Hi
I do agree with the statement, but I need encryption at the phy layer.
A
On Wed, 8 Apr 2020 at 19:54, Mark Smith <markzzzsmith at gmail.com> wrote:
> On Wed, 8 Apr 2020 at 17:49, Phillip Grasso <phillip.grasso at gmail.com>
> wrote:
> >
> > Cheapest is ipsec and there's plenty of options there.
>
> End-to-end crypto via IPsec or TLS/HTTPS is really the best option,
> you then don't have to trust the network.
>
> Also makes network engineers' lives easier - "I just shift the
> packets, I don't know what's in them."
>
> >There's cheaper companies that do macsec support. Arista is the other
> option on major vendor options but there's a bunch of yumcha ones you can
> get if you don't mind some foreign government's having your keys :-p
> >
> > On Wed, 8 Apr 2020, 5:30 pm Alex Samad, <alex at samad.com.au> wrote:
> >>
> >> Quick check of my network vendor , the equipment that has it is out of
> price range :(
> >>
> >> A
> >>
> >> On Wed, 8 Apr 2020 at 15:43, Phillip Grasso <phillip.grasso at gmail.com>
> wrote:
> >>>
> >>> macsec is your best bet. Lots of vendors support it and is reasonably
> mature. better if you pick one that allows dual keys, no downtime with
> rotating keys or certs. Watch out bunch of platforms will HALVE or worse
> the performance of your gear by turning on macsec. e.g. cisco rosco
> >>>
> >>> On Tue, 7 Apr 2020 at 10:36, Alex Samad <alex at samad.com.au> wrote:
> >>>>
> >>>> Hi
> >>>>
> >>>> I find myself in the situation that I need to look at purchasing some
> DC to DC. But I find I am not that well informed about whats available.
> what people are doing as best practise.
> >>>>
> >>>> Quick google doesn't fill me with lots of options.
> >>>>
> >>>>
> >>>> So packetlight is the current recommended vendor (their 2000
> option). Just looking to see whats to judge next to it
> >>>>
> >>>> Alex
> >>>> _______________________________________________
> >>>> AusNOG mailing list
> >>>> AusNOG at lists.ausnog.net
> >>>> http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200408/e622cad9/attachment.html>
More information about the AusNOG
mailing list