In case you'll find it interesting - all three major cloud providers (AWS, Azure, GCP) support MACSec on their circuits dedicated to customers (restictions may apply). https://aws.amazon.com/directconnect/locations/ https://cloud.google.com/network-connectivity/docs/interconnect/concepts/cho... Can't find the similar table for Azure unfortunately but MACSec is there https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-encr... On Mon, Oct 21, 2024 at 9:11 PM John Schiel <jschiel@flowtools.net> wrote:
I know this is a NANOG forum but curious how widespread usage of MACsec might be. (https://1.ieee802.org/security/802-1ae/).Currently reading the spec but wanted to pose some questions.
I'm seeing some pitfalls: 1) May not work over wireless LAN devices? 2) Needs a centralized key server. 3) May not be supportable on all devices?
Purported to be faster on the LAN than IPsec because MACsec is on layer 2.
Thoughts?