MACSEC

How widespread is the use of and availability of MACSEC?

Quite a bit I’d say, particularly in WAN. It’s an easy and excellent go-to for line rate encryption along waves and some transparent layer 2 services state they support it but haven’t had an opportunity to test personally. Double check the implementation for continuation of rolling keys and so forth to ensure your expectations are met.

It also has gained wider support amongst CSP to on-prem users, ie direct connect.

J~

On the DWDM side, expect to add between 0.3W of energy @ 100G, and 0.6W @ 400G, when encryption is enabled.

Something to keep in mind if power and/or thermal management are crucial for you.

Mark.

On the DWDM side, expect to add between 0.3W of energy @ 100G, and 0.6W
@ 400G, when encryption is enabled.

Something to keep in mind if power and/or thermal management are crucial
for you.

Are you talking about L1OE here, not MACSEC?

Generally widely available and supported by all the major vendors, although to the best of my knowledge only on specific hardware. Linux implementation is pretty robust at this point as well.

Like anything else, different vendors have some implementation quirks , but by and large the spec has been defined for almost 20 years, so it’s mostly fleshed out and quite stable at this point.

Correct.

GCM-AES-256 encryption at Layer 1, to be exact.

It was in reference to Jason's comments about encryption over "waves".

Mark.

Gotcha. I think when I read Jason’s comments, I xlated ‘waves’ as ‘leased circuits’ in my head, not native WDM. :slight_smile:

I find that people say "waves" as shorthand for DWDM-based services a la "wavelengths".

I'd say that the majority of new leased circuit services are based on EoDWDM, in 2024.

Mark.