MACsec to edge hosts

[Lyndon Nerenberg <lyndon () orthanc ca>]

Are any of you pushing MACsec (802.1AE) out from your switches to the edge hosts?  Vs. just running it on the network 
cross-connect fabric?

We have a scenario where, if we could MACsec encrypt those (switch <-> host) links, we could eliminate a lot of 
application level TLS.  But searching for a list of PHYs that support this turned up a very thin set of chips, with 
most of them being several years old now.

Are people even using MACsec in anything other than an "encrypt cross connects between the cages" context?  I would be 
very interested in chatting with anyone who has tried pushing this out from their switches to the connected hosts.

--lyndon

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail