Thursday, September 23, 2021

Securing a 10gbit wireless bridge.

We're want to install a 10Gbit E-Band (70-80GHz) bridge between a couple of buildings where we can't run fibre. The radios are Layer 1 and implement 'scrambling', but it's of the kind that I guess anyone with the right hardware and knowledge of the likely config can unscramble.

I'd like the bridge to still be layer 2, but to book-end the radios with something capable of proper crypto to secure the link and to be able to keep the 10Gbit throughput (allowing for some acceptable encapsulation overhead). Ideally it would look like this:

[B1 Core]---[Crypto box]---[Radio1] -air- [Radio2]---[Crypto Box]---[B2 Core] 

Such that B1/B2 cores just treat it as a link. I see a lot of 'virtual-wire' ipsec type features available in beefy Cisco, Palo Alto gear, but nothing in the way of dedicated - and hopefully much cheaper - hardware. Can anyone suggest any alternatives?



No comments:

Post a Comment