Date: Tue, 25 Jun 2013 06:38:23 -0600 From: Phil Fagan <philfagan@gmail.com> Subject: Re: Security over SONET/SDH
Are these private links or customer links? Why encrypt at that layer? I'm looking for the niche usecase.
If I recall correctly the PCI stuff says an MPLS network is sufficiently safe. If I were a financial, I would mandate at the very least that all my communications extra-country be encrypted. Since we know how "young" some of the languages and protocols on which our financial infrastructure is built are, we can bet the house you need link-layer-level encryption to make that work. Now, whether the institution puts it in place, or requires the international transport carrier to do so (hey, howdy, SONET/SDH) is another thing. Nortel at one point had an OC192 AES256 encryption option: http://www.igrid2005.org/media/press_09.28.05_nortel.html In the end remember, a lot of trans/inter-national bandwidth is still SONET/SDH based and only slowly changing to Ethernet-like transports. Kind regards, JP Velders