Saturday, January 13, 2018

Recommendations for Switch-to-Switch encryption of a 40Gbps Dark Fiber link?

Greetings all. Hopefully I haven't jumped over my head here...

Background:

I'm the de-facto IT admin for a small video post-production company that has another location a couple miles away. IT is not my primary role at this company, so I know just enough to get myself into trouble.

Anyway, the city has relatively inexpensive Dark Fiber, so our plan was to go for it. There'd be a Dell N4064 on each end with the 40Gbps uplinks connected via the DF and we'll be using every bit of that throughput.

The Problem:

We have several high profile clients that regularly do their own security audits of our facility and I recently mentioned our dark fiber intentions to them. They said that if we do it, they'll demand that we encrypt all traffic that flows over it.

So, I've been reading up on switch-to-switch encryption. Sounds like 802.1AE (MACSec) does the trick, but the Dells don't seem to support that. In fact, I haven't found many switches that do, aside from a few top tier Cisco and Juniper switches.

My questions:

1 - Is 802.1AE what I should be looking into? Can it handle a 40Gbps link (or four 10Gbps links)?

2 - Is there a device I can add that'll handle doing just the link encryption without needing to mothball my Dells? (I.e. Bldg1 N4064 to Device-A to Dark Fiber to Device-B to Bldg2 N4064)

3 - If I do need to rip and replace, any recommendations on what switch to go with that will support encrypting one 40Gbps link or four 10Gbps links? (Preferably with a web GUI [Laugh if you must.])

Thank you!



No comments:

Post a Comment