Not really a Cisco answer, but I had a similar problem and I solved it with
a few Linux boxes running IPSec and with L2TPv3 pseudo-wires (static mode)
over the link and bridged to an "inside" interface. It carries IPv4/IPv6
traffic with no issues. On a E3-1241 it takes around 15% CPU for 1Gbps of
Hi,
ask/verify with the WAN/ISP provider that they are handling ethertypes od
0x888a and 0x88e5 (these are the minimal extras - EAPOL and
MACSEC respectively) - and not just handling 0x800 and 0x86DD (and maybe one
or two others) - loads appear to not carry any other tags
(stops eg appletalk,
Herteen; cisco-nsp@puck.nether.net; Saku Ytti
Subject: Re: [c-nsp] Link encryption and scalability kit etc
Slightly larger frames and a bit more config. In terms of throughput its line
speed or near enough to not distinguishwe're doing it on 10Gb links.
Be aware though that any WAN carriers
Slightly larger frames and a bit more config. In terms of throughput its line
speed or near enough to not distinguishwe're doing it on 10Gb links.
Be aware though that any WAN carriers that might be doing tagged MPLS stuff
have to support the protocol our initial circuit was such and
, May 6, 2016 12:13 PM
To: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
Subject: [c-nsp] Link encryption and scalability kit etc
Link encryption and scalability kit etc
We have many clients connecting back to our DC using mostly 3rd party L2
circuits.
There has been an increasing
nether.net>
Subject: [c-nsp] Link encryption and scalability kit etc
Link encryption and scalability kit etc
We have many clients connecting back to our DC using mostly 3rd party L2
circuits.
There has been an increasing number of requests to encrypt these links - as
they want to protect again
net> on behalf of Nick Cutting
<ncutt...@edgetg.com>
Sent: Friday, May 6, 2016 12:13 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Link encryption and scalability kit etc
Link encryption and scalability kit etc
We have many clients connecting back to our DC using mostly 3rd party
On 6 May 2016 at 20:13, Nick Cutting wrote:
> What other technologies/products could I consider at either end, that are
> available in the enterprise space?
MACSEC seems to be increasingly available.
--
++ytti
___
cisco-nsp
Link encryption and scalability kit etc
We have many clients connecting back to our DC using mostly 3rd party L2
circuits.
There has been an increasing number of requests to encrypt these links - as
they want to protect against the "possibly many" service providers that are in
the transit