[Networkmanager] macsec - place inside the stack of ifaces ?

Beniamino Galvani bgalvani at redhat.com
Mon Jun 5 07:00:40 UTC 2023

On Sat, Jun 03, 2023 at 11:17:21AM +0200, lejeczek wrote:
> Hi guys.
> Looking at macsec I've only started - so go easy on me with possibly trivial
> questions -  and write here in hope, that some of you have expertise to
> tell...
> Having a bond device which is a slave to a bridge -> where must MACSEC go in
> order to - if feasible in NM at all that is - secure all the traffic going
> via the physical device(s)?
> Just to make it clear - though probably obvious - all traffic, say kernel
> VMs which use such bare-metal host's bridge iface for communication out/in
> of the host.


according to [1] (section "Link aggregation and MACsec"), MACsec
should be used on each physical device attached to the bond.


[1] https://legacy.netdevconf.info/1.1/proceedings/papers/MACsec-Encryption-for-the-wired-LAN.pdf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/networkmanager/attachments/20230605/1ea5abc3/attachment.sig>

More information about the Networkmanager mailing list