Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1967
Views
5
Helpful
3
Replies

MACSEC on Nexus N9K-C93180YC-FX-24 with VXLAN EVPN

Darshan Bhat
Level 1
Level 1

‎03-30-2020 04:16 AM

Hi Guys,

Could you please someone help regarding below query. 

1. Is MACSEC supported at full line rate on the 100GB interfaces? 

2. Is there any issues with VXLAN EVPN being carried over MACSEC.

 

Answer

Labels:
0 Helpful
3 Replies 3

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎03-30-2020 05:31 AM

Hi,

According to release notes, encryption is being done at line rate:

Provides line rate encryption capabilities.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/92x/security/configuration/guide/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x_chapter_011001.html 

Also, there should not be any issues for vxlan over macsec enabled interfaces.

 

Cheers,

Sergiu

Darshan Bhat
Level 1
Level 1
In response to Sergiu.Daniluk

‎03-30-2020 05:55 AM

Thank you Sergiu for your quick help.

 

But I am unable find exact details through url. If you copy paste related information here, It will be great help. 

0 Helpful

Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Darshan Bhat

‎03-30-2020 11:33 PM

Hi,

The section I was referring to:

Media Access Control Security (MACsec) an IEEE 802.1AE along with MACsec Key Agreement (MKA) protocol provide secure communications on Ethernet links. It offers the following :

  • Provides line rate encryption capabilities.

 

Here is another document where it is mentioned:

The 6 uplink ports can be configured as 40 and 100-Gbps Ethernet or FCoE ports, offering flexible migration options. The switch has IEEE compliant, FC-FEC and RS-FEC enabled for 25-Gbps support. All ports support wire-rate MACsec encryption[2]. Please see the Licensing guide section to enable features on the platform.

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/datasheet-c78-742284.html 

 

Regards,

Sergiu

 

0 Helpful
Customers Also Viewed These Support Documents