Abstract
Layer-2 virtual private network (L2VPN) services from providers can be incorporated into customer networks to build cost-efficient wide area networks. L2VPN services can come with a requirement to provide entropy, e.g., visibility into attributes of customer traffic, to enable implementation of traffic engineering strategies. However, media access control security encrypts L2 payloads, preventing the identification of flows. This disclosure describes vendor-neutral techniques for a customer network to incorporate WAN links over a layer-2 virtual private network service and to secure network traffic with media access control security (MACsec). The techniques provide entropy in the header of an ethernet frame carrying MACsec traffic for the provider network to distribute flows across members of link aggregation groups. The techniques avoid congesting physical links, which is especially important when the physical links have less capacity than the provider edge.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
NA, "Vendor-Neutral MACsec over L2VPN", Technical Disclosure Commons, (October 17, 2024)
https://www.tdcommons.org/dpubs_series/7440