diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-21 10:50:11 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-21 10:50:11 +0200 |
commit | 6c65fbc5f919546dcf539d30e527e754c622a6ae (patch) | |
tree | 48778b19fff5d93908ab3f40e05e8ce2145984dd /docs/interfaces/macsec.rst | |
parent | 579ddff09f7c529d8000f5f9216f8f66633f7715 (diff) | |
download | vyos-documentation-6c65fbc5f919546dcf539d30e527e754c622a6ae.tar.gz vyos-documentation-6c65fbc5f919546dcf539d30e527e754c622a6ae.zip |
macsec: initial documentation
Thank you Bootlin for the absract!
https://bootlin.com/blog/network-traffic-encryption-in-linux-using-macsec-and-hardware-offloading/
Diffstat (limited to 'docs/interfaces/macsec.rst')
-rw-r--r-- | docs/interfaces/macsec.rst | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/docs/interfaces/macsec.rst b/docs/interfaces/macsec.rst new file mode 100644 index 00000000..578a1633 --- /dev/null +++ b/docs/interfaces/macsec.rst @@ -0,0 +1,23 @@ +.. _macsec-interface: + +###### +MACsec +###### + +MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. +It defines a way to establish a protocol independent connection between two +hosts with data confidentiality, authenticity and/or integrity, using +GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 +protocol, which means it's designed to secure traffic within a layer 2 network, +including DHCP or ARP requests. It does not compete with other security +solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are +used for their own specific use cases. + + +Configuration +############# + +Operation +========= + + |