Re: [c-nsp] Link encryption and scalability kit etc

2016-05-10 Thread Eugeniu Patrascu
Not really a Cisco answer, but I had a similar problem and I solved it with a few Linux boxes running IPSec and with L2TPv3 pseudo-wires (static mode) over the link and bridged to an "inside" interface. It carries IPv4/IPv6 traffic with no issues. On a E3-1241 it takes around 15% CPU for 1Gbps of

Re: [c-nsp] Link encryption and scalability kit etc

2016-05-09 Thread A . L . M . Buxey
Hi, ask/verify with the WAN/ISP provider that they are handling ethertypes od 0x888a and 0x88e5 (these are the minimal extras - EAPOL and MACSEC respectively) - and not just handling 0x800 and 0x86DD (and maybe one or two others) - loads appear to not carry any other tags (stops eg appletalk,

Re: [c-nsp] Link encryption and scalability kit etc

2016-05-09 Thread Nick Cutting
Herteen; cisco-nsp@puck.nether.net; Saku Ytti Subject: Re: [c-nsp] Link encryption and scalability kit etc Slightly larger frames and a bit more config. In terms of throughput its line speed or near enough to not distinguishwe're doing it on 10Gb links. Be aware though that any WAN carriers

Re: [c-nsp] Link encryption and scalability kit etc

2016-05-06 Thread Alan Buxey
Slightly larger frames and a bit more config. In terms of throughput its line speed or near enough to not distinguishwe're doing it on 10Gb links. Be aware though that any WAN carriers that might be doing tagged MPLS stuff have to support the protocol our initial circuit was such and

Re: [c-nsp] Link encryption and scalability kit etc

2016-05-06 Thread Darin Herteen
, May 6, 2016 12:13 PM To: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> Subject: [c-nsp] Link encryption and scalability kit etc Link encryption and scalability kit etc We have many clients connecting back to our DC using mostly 3rd party L2 circuits. There has been an increasing

Re: [c-nsp] Link encryption and scalability kit etc

2016-05-06 Thread Nick Cutting
nether.net> Subject: [c-nsp] Link encryption and scalability kit etc Link encryption and scalability kit etc We have many clients connecting back to our DC using mostly 3rd party L2 circuits. There has been an increasing number of requests to encrypt these links - as they want to protect again

Re: [c-nsp] Link encryption and scalability kit etc

2016-05-06 Thread Darin Herteen
net> on behalf of Nick Cutting <ncutt...@edgetg.com> Sent: Friday, May 6, 2016 12:13 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Link encryption and scalability kit etc Link encryption and scalability kit etc We have many clients connecting back to our DC using mostly 3rd party

Re: [c-nsp] Link encryption and scalability kit etc

2016-05-06 Thread Saku Ytti
On 6 May 2016 at 20:13, Nick Cutting wrote: > What other technologies/products could I consider at either end, that are > available in the enterprise space? MACSEC seems to be increasingly available. -- ++ytti ___ cisco-nsp

[c-nsp] Link encryption and scalability kit etc

2016-05-06 Thread Nick Cutting
Link encryption and scalability kit etc We have many clients connecting back to our DC using mostly 3rd party L2 circuits. There has been an increasing number of requests to encrypt these links - as they want to protect against the "possibly many" service providers that are in the transit