diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-21 10:50:11 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-21 10:50:11 +0200 |
commit | 6c65fbc5f919546dcf539d30e527e754c622a6ae (patch) | |
tree | 48778b19fff5d93908ab3f40e05e8ce2145984dd | |
parent | 579ddff09f7c529d8000f5f9216f8f66633f7715 (diff) | |
download | vyos-documentation-6c65fbc5f919546dcf539d30e527e754c622a6ae.tar.gz vyos-documentation-6c65fbc5f919546dcf539d30e527e754c622a6ae.zip |
macsec: initial documentation
Thank you Bootlin for the absract!
https://bootlin.com/blog/network-traffic-encryption-in-linux-using-macsec-and-hardware-offloading/
-rw-r--r-- | docs/interfaces/advanced-index.rst | 1 | ||||
-rw-r--r-- | docs/interfaces/macsec.rst | 23 |
2 files changed, 24 insertions, 0 deletions
diff --git a/docs/interfaces/advanced-index.rst b/docs/interfaces/advanced-index.rst index e34cf2b0..c666f7ae 100644 --- a/docs/interfaces/advanced-index.rst +++ b/docs/interfaces/advanced-index.rst @@ -12,6 +12,7 @@ Advanced Network Interfaces dummy geneve l2tpv3 + macsec pseudo-ethernet qinq tunnel diff --git a/docs/interfaces/macsec.rst b/docs/interfaces/macsec.rst new file mode 100644 index 00000000..578a1633 --- /dev/null +++ b/docs/interfaces/macsec.rst @@ -0,0 +1,23 @@ +.. _macsec-interface: + +###### +MACsec +###### + +MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. +It defines a way to establish a protocol independent connection between two +hosts with data confidentiality, authenticity and/or integrity, using +GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 +protocol, which means it's designed to secure traffic within a layer 2 network, +including DHCP or ARP requests. It does not compete with other security +solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are +used for their own specific use cases. + + +Configuration +############# + +Operation +========= + + |