Last I checked (a month or so ago?) there is only a single MIC (20x1gbps maybe) that can do MacSec on the MX. I think the plan is for future MPCs to support it with any enet MICs connected, but it's not there, yet.
I don't know for the full QFX line, but the EX4600s I have supposedly can do line-rate (or at least very close) MacSec on all ports. I haven't had the opportunity, yet, to actually try it. If FIPS 140-2 compliance is relevant for you, MacSec is currently excluded from FIPS 140-2 validation. -- Jeff On Dec 14, 2015 6:14 PM, Michael Gehrmann <mgehrm...@atlassian.com> wrote: > > Hi James, > > MACsec isn't done on the MS-MPC to my knowledge it's normally only L3 > services. It looks like MACsec is supported but you would have to check for > this feature support per line card. > > Have a look here: > http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/macsec-overview-mx-series.html#jd0e76 > > On 15 December 2015 at 10:00, james list <jameslis...@gmail.com> wrote: > > > Hi Mike > > Does ms-mpc support l2 encryption? > > > > Indeed I was thinking mac-sec at 40/100gbs... > > > > Cheers > > James > > Il 14/Dic/2015 23:47, "Michael Gehrmann" <mgehrm...@atlassian.com> ha > > scritto: > > > >> Hi James, > >> > >> A Juniper MX, MS-MPC is licensable up to 100Gbps so add the MS-MPC + > >> License x 2 for cost. > >> > >> Cheers > >> Mike > >> > >> On 15 December 2015 at 09:31, james list <jameslis...@gmail.com> wrote: > >> > >>> Hi Mike > >>> Beside the cost, are those speed supported by any juniper/arista/what > >>> else device? > >>> > >>> Cheers > >>> James > >>> Il 14/Dic/2015 23:24, "Michael Gehrmann" <mgehrm...@atlassian.com> ha > >>> scritto: > >>> > >>>> For those speeds you are better off getting the traffic encrypted by > >>>> the end hosts/servers. Pushing encryption to the network will be more > >>>> expensive. > >>>> > >>>> Mike > >>>> > >>>> > On 15 Dec 2015, at 02:15, james list <jameslis...@gmail.com> wrote: > >>>> > > >>>> > Dear experts, > >>>> > > >>>> > a customer of mine is asking for LAN encryption at 40Gbs (with > >>>> possibility > >>>> > to increase at 100Gbs) for DC interconnection (30 km distance). > >>>> > > >>>> > > >>>> > I’m wondering if QFX is the right device or any other recommendation > >>>> with > >>>> > Juniper ? > >>>> > > >>>> > > >>>> > > >>>> > I’m also having a look to Arista… any experience also with these > >>>> boxes ? > >>>> > > >>>> > > >>>> > > >>>> > Greetings, > >>>> > > >>>> > James > >>>> > _______________________________________________ > >>>> > juniper-nsp mailing list juniper-nsp@puck.nether.net > >>>> > https://puck.nether.net/mailman/listinfo/juniper-nsp > >>>> > >>> > >> > >> > >> -- > >> Michael Gehrmann > >> Senior Network Engineer - Atlassian > >> m: +61 407 570 658 > >> > > > > -- > Michael Gehrmann > Senior Network Engineer - Atlassian > m: +61 407 570 658 > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp