Re: [AusNOG] dark fibre encryption

2020-04-08 Thread Iain Ashley
Hi Alex We do this - happy to contact off list. Norwegian company, solid tech - L1 hitless crypto, upstream vendor agnostic. Regards Iain Ashley CTO Independent Data Solutions Pty. Ltd. +61 406 537 128 +61 2 8205 3139 iain.ash...@ids-g.com www.ids-g.com The information transmitted, including at

Re: [AusNOG] dark fibre encryption

2020-04-08 Thread Alex Samad
Hi I do agree with the statement, but I need encryption at the phy layer. A On Wed, 8 Apr 2020 at 19:54, Mark Smith wrote: > On Wed, 8 Apr 2020 at 17:49, Phillip Grasso > wrote: > > > > Cheapest is ipsec and there's plenty of options there. > > End-to-end crypto via IPsec or TLS/HTTPS is real

Re: [AusNOG] dark fibre encryption

2020-04-08 Thread Mark Smith
On Wed, 8 Apr 2020 at 17:49, Phillip Grasso wrote: > > Cheapest is ipsec and there's plenty of options there. End-to-end crypto via IPsec or TLS/HTTPS is really the best option, you then don't have to trust the network. Also makes network engineers' lives easier - "I just shift the packets, I do

Re: [AusNOG] dark fibre encryption

2020-04-08 Thread Alex Samad
ta On Wed, 8 Apr 2020 at 17:49, Phillip Grasso wrote: > Cheapest is ipsec and there's plenty of options there. There's cheaper > companies that do macsec support. Arista is the other option on major > vendor options but there's a bunch of yumcha ones you can get if you don't > mind some foreign

Re: [AusNOG] dark fibre encryption

2020-04-08 Thread Phillip Grasso
Cheapest is ipsec and there's plenty of options there. There's cheaper companies that do macsec support. Arista is the other option on major vendor options but there's a bunch of yumcha ones you can get if you don't mind some foreign government's having your keys :-p On Wed, 8 Apr 2020, 5:30 pm Al

Re: [AusNOG] dark fibre encryption

2020-04-08 Thread Alex Samad
Quick check of my network vendor , the equipment that has it is out of price range :( A On Wed, 8 Apr 2020 at 15:43, Phillip Grasso wrote: > macsec is your best bet. Lots of vendors support it and is reasonably > mature. better if you pick one that allows dual keys, no downtime with > rotating

Re: [AusNOG] dark fibre encryption

2020-04-07 Thread Phillip Grasso
macsec is your best bet. Lots of vendors support it and is reasonably mature. better if you pick one that allows dual keys, no downtime with rotating keys or certs. Watch out bunch of platforms will HALVE or worse the performance of your gear by turning on macsec. e.g. cisco rosco On Tue, 7 Apr 20

Re: [AusNOG] dark fibre encryption

2020-04-07 Thread Scott Weeks
--- dale.shaw+aus...@gmail.com wrote: From: Dale Shaw >> Australian, ASX listed company if that matters. > > And closely related to the military and gov't... :) Tin foil hat: off Crackpot mode: disabled Backyard baked bean-filled bunker: non-existent Well, I'm not sure what you're implying he

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Peter Fern
On 7/4/20 1:01 pm, Dale Shaw wrote: Tin foil hat: off Crackpot mode: disabled Backyard baked bean-filled bunker: non-existent Well, I'm not sure what you're implying here, but having met the Senetas folks at trade shows, and listened to their CTO (Julian Fay) talk crypto on the Risky Business

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Dale Shaw
Hi Scott, On Tue, 7 Apr 2020 at 11:07, Scott Weeks wrote: > >> --- p...@ge3k.net wrote: >> From: Patrick Ohearn >> >> Senetas's CN series hardware are another option - >> https://www.senetas.com/products/cn-encryptors/ >> >> Australian, ASX listed company if that matters. > > And closely related

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Simon Scott
> MACSEC is worth considering – it’s been baked into most switches and >> routers, though some vendors still make it a licensed feature. >> >> Regards, >> -Brad. >> >> *From:* AusNOG *On Behalf Of *Alex >> Samad >> *Sent:* Tuesday, 7 April 2020 8:36 A

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Alex Samad
7 April 2020 8:36 AM > *To:* Ausnog > *Subject:* [AusNOG] dark fibre encryption > > Hi > > I find myself in the situation that I need to look at purchasing some DC > to DC. But I find I am not that well informed about whats available. what > people are doing as best p

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Matthew Moyle-Croft
> though some vendors still make it a licensed feature. > > Regards, > -Brad. > > From: AusNOG <mailto:ausnog-boun...@lists.ausnog.net>> On Behalf Of Alex Samad > Sent: Tuesday, 7 April 2020 8:36 AM > To: Ausnog mailto:ausnog@lists.ausnog.net>> > Subje

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Jackson Fisher
Senetas are the big player in the point to point space. If you are looking at running DWDM (you should) then Smartoptics DCP series DWDM + Modular Transponders + Tuneable Optics tell a pretty compelling story. Thanks, Jackson Fisher On Tue, Apr 7, 2020 at 10:36 AM Alex Samad wrote: > Hi > >

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Scott Weeks
--- p...@ge3k.net wrote: From: Patrick Ohearn Senetas's CN series hardware are another option - https://www.senetas.com/products/cn-encryptors/ Australian, ASX listed company if that matters. And closely related to the military and gov't... :

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Patrick Ohearn
Hi Alex, Senetas's CN series hardware are another option - https://www.senetas.com/products/cn-encryptors/ Australian, ASX listed company if that matters. On Tue, 7 Apr 2020 at 10:36, Alex Samad wrote: > Hi > > I find myself in the situation that I need to look at purchasing some DC > to DC.

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Alex Samad
Hi It looks like Senetas is going out of the hardware encryption .. their 9000, 6000's, 3000,1000 series are all EOL with no replacement from what i can see ? A On Tue, 7 Apr 2020 at 10:48, Patrick Ohearn wrote: > Hi Alex, > > Senetas's CN series hardware are another option - > https://www.sene

Re: [AusNOG] dark fibre encryption

2020-04-06 Thread Brad Peczka
MACSEC is worth considering – it’s been baked into most switches and routers, though some vendors still make it a licensed feature. Regards, -Brad. From: AusNOG On Behalf Of Alex Samad Sent: Tuesday, 7 April 2020 8:36 AM To: Ausnog Subject: [AusNOG] dark fibre encryption Hi I find myself in

[AusNOG] dark fibre encryption

2020-04-06 Thread Alex Samad
Hi I find myself in the situation that I need to look at purchasing some DC to DC. But I find I am not that well informed about whats available. what people are doing as best practise. Quick google doesn't fill me with lots of options. So packetlight is the current recommended vendor (their 20