summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-05-21 10:50:11 +0200
committerChristian Poessinger <christian@poessinger.com>2020-05-21 10:50:11 +0200
commit6c65fbc5f919546dcf539d30e527e754c622a6ae (patch)
tree48778b19fff5d93908ab3f40e05e8ce2145984dd
parent579ddff09f7c529d8000f5f9216f8f66633f7715 (diff)
downloadvyos-documentation-6c65fbc5f919546dcf539d30e527e754c622a6ae.tar.gz
vyos-documentation-6c65fbc5f919546dcf539d30e527e754c622a6ae.zip
macsec: initial documentation
Thank you Bootlin for the absract! https://bootlin.com/blog/network-traffic-encryption-in-linux-using-macsec-and-hardware-offloading/
-rw-r--r--docs/interfaces/advanced-index.rst1
-rw-r--r--docs/interfaces/macsec.rst23
2 files changed, 24 insertions, 0 deletions
diff --git a/docs/interfaces/advanced-index.rst b/docs/interfaces/advanced-index.rst
index e34cf2b0..c666f7ae 100644
--- a/docs/interfaces/advanced-index.rst
+++ b/docs/interfaces/advanced-index.rst
@@ -12,6 +12,7 @@ Advanced Network Interfaces
dummy
geneve
l2tpv3
+ macsec
pseudo-ethernet
qinq
tunnel
diff --git a/docs/interfaces/macsec.rst b/docs/interfaces/macsec.rst
new file mode 100644
index 00000000..578a1633
--- /dev/null
+++ b/docs/interfaces/macsec.rst
@@ -0,0 +1,23 @@
+.. _macsec-interface:
+
+######
+MACsec
+######
+
+MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006.
+It defines a way to establish a protocol independent connection between two
+hosts with data confidentiality, authenticity and/or integrity, using
+GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2
+protocol, which means it's designed to secure traffic within a layer 2 network,
+including DHCP or ARP requests. It does not compete with other security
+solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are
+used for their own specific use cases.
+
+
+Configuration
+#############
+
+Operation
+=========
+
+