On Wed, 8 Apr 2020 at 17:49, Phillip Grasso <[email protected]> wrote: > > Cheapest is ipsec and there's plenty of options there.
End-to-end crypto via IPsec or TLS/HTTPS is really the best option, you then don't have to trust the network. Also makes network engineers' lives easier - "I just shift the packets, I don't know what's in them." >There's cheaper companies that do macsec support. Arista is the other option >on major vendor options but there's a bunch of yumcha ones you can get if you >don't mind some foreign government's having your keys :-p > > On Wed, 8 Apr 2020, 5:30 pm Alex Samad, <[email protected]> wrote: >> >> Quick check of my network vendor , the equipment that has it is out of price >> range :( >> >> A >> >> On Wed, 8 Apr 2020 at 15:43, Phillip Grasso <[email protected]> wrote: >>> >>> macsec is your best bet. Lots of vendors support it and is reasonably >>> mature. better if you pick one that allows dual keys, no downtime with >>> rotating keys or certs. Watch out bunch of platforms will HALVE or worse >>> the performance of your gear by turning on macsec. e.g. cisco rosco >>> >>> On Tue, 7 Apr 2020 at 10:36, Alex Samad <[email protected]> wrote: >>>> >>>> Hi >>>> >>>> I find myself in the situation that I need to look at purchasing some DC >>>> to DC. But I find I am not that well informed about whats available. what >>>> people are doing as best practise. >>>> >>>> Quick google doesn't fill me with lots of options. >>>> >>>> >>>> So packetlight is the current recommended vendor (their 2000 option). >>>> Just looking to see whats to judge next to it >>>> >>>> Alex >>>> _______________________________________________ >>>> AusNOG mailing list >>>> [email protected] >>>> http://lists.ausnog.net/mailman/listinfo/ausnog > > _______________________________________________ > AusNOG mailing list > [email protected] > http://lists.ausnog.net/mailman/listinfo/ausnog _______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
