Original Message:
Sent: Apr 12, 2023 06:08 AM
From: Steinar Grande
Subject: MacSec over ISP MPLS network Point to Multipoint
Thanks you again, i am waiting a decisive response.. :)
A negative one, will of course force me to get the excavator out and dig a secondary fiber channel ditch at Site A :(
At that point then, opens up a redundancy possibility,, with a site B ><C connection !
------------------------------
Steinar
Original Message:
Sent: Apr 12, 2023 05:55 AM
From: thomasbnc
Subject: MacSec over ISP MPLS network Point to Multipoint
Hi Steinar
>Can my single macsec switchport (A3)[Site A] handle two MacSec connections?
IMHO at the moment no, as there is no such extension documented. As I said, Cisco has such a feature and I found hint in Huawei docs as well. So maybe one day Aruba will implement it, too. Perhaps an Aruba employee can say something about this?
Did you think of posting this use case to Aruba Innovation Zone?
http://innovate.arubanetworks.com/
Regards,
Thomas
Original Message:
Sent: Apr 12, 2023 05:10 AM
From: Steinar Grande
Subject: MacSec over ISP MPLS network Point to Multipoint
Hi, thank you for your swift response.
The last first,
There will be no change to the topology now J,
(Meaning, no fan-out, due to no edge isp router, and IPSec is out)
Yes, the manual is somewhat unclear, I am aware,
I am chasing the carrier now, to have they clarify, their definition,
on the solution: point to MultiPoint (and Multipoint to Multipoint)
Yes, the manual for AOS-CX, clearly state on its first bullet point:
Provides a Layer 2 hop-by-hop encryption on point-to-point Ethernet links,
enabling a bi-directional secure link after an exchange and verification of security keys between two connected devices
Which of course was the basis for the setup A><B.
The real questing from me is whether or not:
- Can my single macsec switchport (A3)[Site A] handle two MacSec connections?
------------------------------
Steinar
------------------------------