Announcement

Collapse
No announcement yet.

Systemd Picks Up Support For MACsec To Better Secure Ethernet Connections

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bsdisbetter
    replied
    A few years ago we looked at this. Perhaps nice to have BUT, high overhead, especially on VOIP traffic (small packets). If I recall correctly, only cisco had it implemented, so it's basically just switch to switch. Ok, it does multi and broad-cast, but...
    I guess having it as an option is a good thing (whether in bloatware like systemd or an individual suite of programs matters not). Anyone implementing it ought look at the overheads for this protocol - it's a LAN capacity muncher.

    Leave a comment:


  • NotMine999
    replied
    Originally posted by hreindl View Post

    if you only would understand the topic....
    I see that last timeout that you got has not improved your attitude at all. You are still as anti-social as ever. What you get for drinking burnt coffee.

    Leave a comment:


  • skeevy420
    replied
    Originally posted by starshipeleven View Post
    choke me, daddy

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by Candy View Post
    The tie is getting tighter around the neck ...
    choke me, daddy

    Leave a comment:


  • Candy
    replied
    The tie is getting tighter around the neck ...

    Leave a comment:


  • wswartzendruber
    replied
    Originally posted by LoneVVolf View Post
    Thanks for the explanation / links, starshipeleven.

    Could somebody explain why this support is added to userspace (systemd-networkd) and not to the kernel network code ?
    The kernel component to MACsec appeared in 4.6, it seems. This looks to be just the user space configuration component.

    Leave a comment:


  • LoneVVolf
    replied
    Thanks for the explanation / links, starshipeleven.

    Could somebody explain why this support is added to userspace (systemd-networkd) and not to the kernel network code ?

    Leave a comment:


  • Britoid
    replied
    systemd-filterouttrollsd when?

    Leave a comment:


  • skeevy420
    replied
    Originally posted by Weasel View Post
    systemd-antivirusd when?
    That's something I actually want...but it's not like it doesn't already exist either...

    Leave a comment:


  • starshipeleven
    replied
    For those wondering wtf is this, since the description in the article is a bit lacking:

    tl;dr It is a "LAN-only VPN" so that people wiretapping your own internal ethernet network can't just see everything going on. This matters for large companies that fill entire buildings and have hundreds of systems in their own internal network.
    it's usually available in high end networking equipment, and you need support for this also in the end point PC or server if you want to use it.


    https://howdoesinternetwork.com/2017/macsec

    MACSec is standardized IEEE 802.1AE hop-by-hop encryption that enables confidentiality and integrity of data at layer 2.
    It encrypts entire Ethernet packet except Source and Destination MAC addresses on any device-to-device, switch-to-switch, router-to-switch, host-to-switch directly connected wired L2 connection.

    If we compare MACSec with, for example, IPsec, MACsec provides same security but on layer 2 for each hop separately. On each hop, packets are received and decrypted enabling other features like QoS and load balancing to function. Same data is again encrypted before being sent out to next device on the way towards the destination. MACsec works on host-to-switch connection and on switch-to-switch connection enabling line-rate up to 10 GigabitEthernet fast encryption.

    Leave a comment:

Working...
X