Tuesday, October 26, 2021

MACSec 10G link encryption device for Non-MACSec switches

Does anyone know of an enterprise class link encryption device that can do MACSec encryption on a WAN link at 1G, 10G or 100G SMF, for when the switches connected do not have MACSec support? Ideally a device with two ports, one Plain Text and the other Cipher text. IPSec devices generally do not have the performance.

I am thinking like a Mini Catapan encrypter for those of you who know what they are, but with merchant silicone 100 times faster and 1/10th the price.

I am trying to standardize on using MACSec for all L1 Wave WAN circuits but I have some smaller sites that have fairly new switches, but they don't support MACSec. The larger sites have WAN edge switches that do support it. I would like to drop a link encryption device in to fix this (If such a thing exists).

The primary reason I want to use MACSec over IPSec is it generally is baked into the switch port silicon, and will run at line rate with minimal overhead. I don't want to install firewalls just to encrypt a L1 Wave circuit. To get a Firewall to do IPSec at 10G is prohibitively expensive, and forget about 100G.



No comments:

Post a Comment