Data integrity and confidentiality at Layer 2
New Soft-MACsec is a modular, portable implementation of the IEEE Std 802.1AE-2006 MACsec standard for network Layer 2 integrity and confidentiality. Soft-MACsec uses a software implementation of the Advanced Encryption Standard, Galois Counter Mode (AES-GCM) crypto-library, and is intended to handle moderate data-rate applications, such as control plane traffic.
Soft-MACsec serves two primary functions in the target platform:it provides software-driven integrity and confidentiality for Layer 2 protocol traffic and it provides a common framework that can be adapted to support the control and configuration of MACsec with hardware assist, once silicon supporting IEEE Std. 802.1AE is readily available in the market.
The use case for 802.1AE Link Layer Security (MACsec) is network data integrity and optional confidentiality protection at Layer 2 on a hop-by-hop basis. Whenever network traffic passes over physically unprotected links or multiple systems have the ability to send or forward traffic onto a physically protected link, it may be desirable to cryptographically protect the traffic at Layer 2. MACsec is complementary to similar protection provided at Layer 3 by IPsec, and at Layer 4 by SSL/TLS.
For protocols that do not run over Layers 3 and 4, a Layer 2 network security mechanism can be important. This can be a significant product differentiator, and one element of a comprehensive network security architecture.