In case you'll find it interesting - all three major cloud providers (AWS, Azure, GCP) support MACSec on their circuits dedicated to customers (restictions may apply).

https://aws.amazon.com/directconnect/locations/
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/choosing-colocation-facilities

Can't find the similar table for Azure unfortunately but MACSec is there https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-encryption

On Mon, Oct 21, 2024 at 9:11 PM John Schiel <jschiel@flowtools.net> wrote:
I know this is a NANOG forum but curious how widespread usage of MACsec
might be. (https://1.ieee802.org/security/802-1ae/).Currently reading
the spec but wanted to pose some questions.

I'm seeing some pitfalls:
     1) May not work over wireless LAN devices?
     2) Needs a centralized key server.
     3) May not be supportable on all devices?

Purported to be faster on the LAN than IPsec because MACsec is on layer 2.

Thoughts?