MacSec looks interesting - what kind of overhead does it add? Would it generally work through a L2 MPLS circuit MTU wise?
Also - is the a feature support matrix anywhere for this ? From: Darin Herteen [mailto:syn...@live.com] Sent: Friday, May 6, 2016 1:57 PM To: Nick Cutting; cisco-nsp@puck.nether.net Subject: Re: Link encryption and scalability kit etc I'm currently testing MACSec using Cisco 3560-CX in the lab in a Switch-to-Switch manual deployment and so far so good. If you don't want to get elaborate the price point might be attractive.. Darin ________________________________________ From: cisco-nsp <cisco-nsp-boun...@puck.nether.net><mailto:cisco-nsp-boun...@puck.nether.net%3e> on behalf of Nick Cutting <ncutt...@edgetg.com><mailto:ncutt...@edgetg.com%3e> Sent: Friday, May 6, 2016 12:13 PM To: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> Subject: [c-nsp] Link encryption and scalability kit etc Link encryption and scalability kit etc We have many clients connecting back to our DC using mostly 3rd party L2 circuits. There has been an increasing number of requests to encrypt these links - as they want to protect against the "possibly many" service providers that are in the transit path. Management suggested firewalls (cisco only, no routed VPN's) - but I have two issues with this - no Routing protocols, and no VRF's on our Data Center end to terminate at a larger device. I was think of little routers capable of encrypting 1 VTI tunnels @100 meg on the client side And ASR1k would fit the bill on the DC end - and maybe would suffice for 30 or so P2P's if it was connected back to our core at 10G, but these are too expensive for the MGT team. What other technologies/products could I consider at either end, that are available in the enterprise space? Any direction greatly appreciated, Nick _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ________________________________ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
