This will be great. Especially documenting real world scenarios - IS-IS over MACSec, MPLS and IP. Putting PCAPs is also very good idea.
I'm speaking for myself, but I think many here will agree - such documentation will really address current state of affairs. Thank you. Alex. בתאריך יום ג׳, 24 באפר' 2018, 10:01, מאת Graham Bartlett (grbartle) < grbar...@cisco.com>: > Hi Antoine > > The details are; > > IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, > IPsec VPNs, and FlexVPN in Cisco IOS > > > http://www.ciscopress.com/store/ikev2-ipsec-virtual-private-networks-understanding-9781587144608 > > Amjad, Alex and myself didn’t write this in our work day. It’s pretty much > all written in personal time. I’m guestimating I spent between 800 and 1000 > hours developing this, as you might imagine this didn’t have the same sales > as Harry Potter, so we wont be taking early retirement in the near future. > Hence the reasons for the Qs on a MACsec book. > > With regards to MACsec, if there was some material on the handshake, maybe > with decrypted PCAPs to illustrate what is going on under the hood and the > relevant commands, would this be on interest ? Once again this isn’t my > day-job so I don’t want to promise anything, but have an idea what would > help folk understand. > > cheers > > From: Antoine Monnier <mrantoinemonn...@gmail.com> > Date: Monday, 23 April 2018 at 07:31 > To: grbartle Graham <grbar...@cisco.com> > Cc: Nick Cutting <ncutt...@edgetg.com>, "Alex K." <nsp.li...@gmail.com>, > Alan Buxey <alan.bu...@gmail.com>, cisco-nsp <cisco-nsp@puck.nether.net> > Subject: Re: [c-nsp] MACSec Stages > > Hi Graham, > > Kind of OT, but what is the title of your book on IPsec VPN? > > thanks > > On Fri, Apr 20, 2018 at 7:55 AM, Graham Bartlett (grbartle) < > grbar...@cisco.com> wrote: > Hi > > A few of us in Cisco were thinking of writing a CiscoPress book on MACsec, > which would include details of the inner workings, including protocol flows > and how the various key material is derived etc. > > If this was available would there be interest in this ? > > The reason I ask is, I spent a lot of time and effort developing a book on > IPsec VPNs and it’s got a very narrow audience. I would imagine that > there’s even less interest in MACsec. But if we could produce something > that meets your needs and there is interest we could reconsider. > > cheers > > On 17/04/2018, 14:18, "cisco-nsp on behalf of Nick Cutting" < > cisco-nsp-boun...@puck.nether.net on behalf of ncutt...@edgetg.com> wrote: > > I agree - I spent weeks with TAC cases open etc. and Cisco has no idea > how this works either. > > I gave up and built a L3 routed VPN. > > I am waiting for the How-to article by Jeremey Stretch! > -----Original Message----- > From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> On Behalf Of Alex > K. > Sent: Tuesday, April 17, 2018 4:13 AM > To: Alan Buxey <alan.bu...@gmail.com> > Cc: cisco-nsp <cisco-nsp@puck.nether.net> > Subject: Re: [c-nsp] MACSec Stages > > This message originates from outside of your organisation. > > Hello Alan and thank you for answering. > > That's the point - all one can find by searching the standard ID, is a > bunch of unrelated documents, some from IEEE, some from independent sources > - none display any coherent picture whatsoever. > > Not to mention none provide any overview of the protocol. Just some > not connected points. > > Such lack of the documentation by all major vendors (white paper > stating MACSEC is an encryption protocol, doesn't count as a documentation) > hit the hardest when it comes to troubleshooting. No explanation for > debugs, no known steps for endpoints to pass through, you're pretty much on > your own trying to figure out what's going on. > > Alex. > > בתאריך יום ג׳, 10 באפר' 2018, 16:06, מאת Alan Buxey < > alan.bu...@gmail.com>: > > > 802.1AE > > > > Look that up for how it works > > > > alan > > > > On Wed, 4 Apr 2018, 00:32 Alex K., <nsp.li...@gmail.com> wrote: > > > >> Hello everyone, > >> > >> After a few implementations of MACSec, I began wondering is there a > >> complete documentation of that technology out there? > >> > >> For example, I have quite an experience with L2TP. Now, SCCRP may > >> sound like a bad language to some, but as we all know, it's an > >> important step in tunnel setup. The internet is literally brimming > >> with information about L2TP. As for MACSec, maybe it's only me - > but > >> I'm having a hard time finding information on MACSec internal > >> workings (beyond packets formats) especially - when it comes to > protocols stages and related cisco debugs. > >> > >> All I was able to find this far, are some really general sketches > of > >> MACSec exchanges and seemingly unrelated debug commands. > >> > >> Am I missing something? Any help, such as linking to proper > >> documentation, successful and unsuccessful debug outputs and such, > on > >> and off-list, will be gladly appreciated. > >> > >> > >> Thank you, > >> Alex. > >> _______________________________________________ > >> cisco-nsp mailing list cisco-nsp@puck.nether.net > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >> > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/