#CLUS

Introduction to WAN
MACsec
Aligning Encryption Technologies with
WAN Transport

Craig Hill – Distinguished SE (@netwrkr95)

Stephen Orr – Distinguished SE (@StephenMOrr)

BRKRST-2309

#CLUS
Agenda
• Introduction
• Transport Types
• MACSec overview
• MACSec Key Agreement (MKA)
• WAN MACSec Deployment
Models
• High Availability
• APIs/Programmability
• Conclusion

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session

How
1 Find this session in the Cisco Events App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#BRKRST-2309

by the speaker until June 18, 2018.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Session Presenters

Craig Hill Stephen Orr

Distinguished System Engineer Distinguished System Engineer
US Public Sector
US Public Sector
CCIE #1628
CCIE #12126
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
What we hope to Achieve in this session:
• Understanding that data transfer requirements are exceeding what
IPSec can deliver
• Introduce you to new encryption options evolving that will offer
alternative solutions to meet application demands
• Enable you to understand what is available, when and how to position
what solution
• Understand the right tool in the tool bag to meet encryption
requirements
• Understand the pros/cons and key drivers for positioning an encryption
solution
• What key capabilities drive the selection of an encryption technology

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Session Assumptions and Disclaimers
• Intermediate understanding of Cisco Site-to-Site Encryption
Technologies
• DMVPN
• GETVPN
• FlexVPN

• Intermediate understanding of Ethernet, VLANs, 802.1Q tagging

• Intermediate understanding of WAN design, IP routing topologies, peering
vs. overlay
• Basic understanding of optical transport and impact of OSI model on
various layers (L0 – L3) of network designs
• Many 2 hour breakout sessions will focus strictly on areas this
presentation touches on briefly (we will provide references to those
sessions)

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
 Public Link:
http://www.cisco.com/c/dam/en/us/td/docs/solutions/
Enterprise/Security/MACsec/WP-High-Speed-WAN-
Encrypt-MACsec.pdf

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Cisco’s Next Generation
Encryption Initiative
 Crytography is embedded in all of Cisco’s products

Cryptography Cryptography is critical to every solution and market

The Universal Vital to Cybersecurity efforts within all of our customers

Security Feature

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Where Cryptography is Deployed Today
Privacy/Confidentiality Management
Authentication

• TLS based Protocols • IPSec • SSH

• EAP-TLS • SRTP • sFTP
• PEAP • DTLS • SCP
• EAP-FAST • SSL • HTTPS
• Hashing • 802.1AE (MACSec) • FTPs
• SHA1 • 802.11i (802.11-2012)
• SHA256/384/512 • RADSec
• Digital Signatures
• Key Negotiation

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
What is Next Generation Encryption (NGE)?
• New/Upgraded algorithms, key sizes,
Cryptographic protocols and entropy
Technologies • Compatible with existing security
architectures

• Algorithm efficiency enabling increased

Secure and security
Efficient • Scales well to high/low throughput

Compatible with • CNSA(US)

Government • FIPS-140 (US/Canada)
Standards • NATO

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Next Generation Encryption: Why it’s Needed…
• Next Generation Encryption (NGE)
• A widely accepted and consistent set of cryptographic algorithms that provide strong security and
good performance
• Best standards that can be implemented today to meet the security and scalability requirements
for network security in the years to come
• No attacks against these algorithms have been demonstrated.

• Quantum Computing – a different paradigm in computing

• A quantum computer could break public key cryptography standards in use today.
• While no practical quantum computer is known to be available today, the risk does exist.
• Information with long-term confidentiality requirements should be protected against future
decryption (i.e., capture now, decrypt when quantum computers become viable.)
• Data-in-transit (e.g., capture data communications)
• Data-at-rest (e.g., capture file images)

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Cryptography Recommendations
Operation Algorithm
Acceptable NGE (preferred) QCR

Encryption AES-CBC mode — ✅ (256-bit)

Authenticated encryption — AES-GCM mode ✅ (256-bit)

Integrity — SHA-256 / 384 / 512 ✅ (384/512)

Integrity HMAC-SHA-1 HMAC-SHA-256 ✅ (256-bit key)

RSA: Key exchange /

DH / RSA / DSA -2048 / ECDHE / ECDSA-384 /
Encryption /
3072 / 4096 521
Authentication
ECC: Key exchange / ECDHE / ECDSA-384 /
ECDHE / ECDSA-256
Authentication 521

QCR = quantum computer resistant.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Recommended algorithms per security level
Algorithm
Security level
(strength)
Acceptable NGE (preferred)

AES-128-CBC AES-128-GCM
DH, DSA, RSA-3072 ECDHE, ECDSA-256
128 bits
- SHA-256
HMAC-SHA-1 HMAC-SHA-256
AES-192-CBC AES-192-GCM
- ECDHE, ECDSA-384
192 bits
- SHA-384
- HMAC-SHA-256
AES-256-CBC AES-256-GCM
- ECDHE, ECDSA-521
256 bits
- SHA-512
- HMAC-SHA-256
Customers concerned with QC Resistance should use NGE recommended algorithms (>128-bit security level)

BRKRST-2309 15
NGE Enabled Encryption Architectures:
Available Today GM3
GM4

ASA
GM2
Firewall

CSM /
GM5
ASDM
GM
1
.
GM6
. .
Remote Access GM9
KS
VPNs GM8 GM7

Guest User Data sent in clear GETVPN

Sp
Authenticated Encrypt Decrypt
ok User
e-3 802.1X
&^*RTW#(*J^*&*sd#J$%UJ&( &^*RTW#(*J^*&*sd#J$%UJWD

Site to Site,
&(

Supplicant

DMVPN, and
with
MACsec MACsec

FlexVPN
Capable
MACsec Link Devices

MACsec

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
VPN Solutions Compared
DMVPN FlexVPN GET VPN
 Any-to-Any;
 Large Scale Hub and Spoke  Converged Site to Site and Remote (Site-to-Site)
Network Style with dynamic Any-to-Any Access
 Up to 10000 sites  24,000 group members
 Up to 4000 sites
per KS
 Dyn Routing or IKEv2 Route
 A/A based on Dynamic Distribution  Transport Routing
Failover Redundancy Routing  Server Clustering
 COOP Based on GDOI
 Stateful Failover *
 Multicast replication at hub
 Multicast replication in IP
IP Multicast  Multicast replication at hub  Multicast replication in IP WAN WAN network
network *

 Per Tunnel QoS, Hub to  Per SA QoS, Hub to Spoke

QoS Spoke  Per SA QoS, Spoke to Spoke*
 Transport QoS

Policy Control  Locally Managed  Centralized Policy Management  Locally Managed

 Tunneled VPN  Tunneled VPN
 Tunnel-less VPN
Technology  Multi-Point GRE Tunnel  Point to Point Tunnels
 IKEv2 Only
 Group Protection
 IKEv1 or IKEv2
 Private IP Transport
Infrastructure  Public or Private Transport  Public or Private Transport
Network Overlay Routing  Flat/Non-Overlay IP
 Overlay Routing 
Routing
3 rd Party  No  Yes – up to 3 rd party
 No
Compatibility implementation

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
GETVPN
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Evolving Encryption
Solutions – Introduction
to MACsec
Challenges with Current WAN Encryption
• IPSec performance, complexity, and cost becoming more challenged
• Throughput constrained to the performance of the IPSec encryption engine
• MPLS, Multicast, IPv6 in some cases require GRE tunneling to operate
• GRE and IP overlays add an additional leverage of complexity and
performance impact in certain router platforms
• Innovations such as DMVPN, MPLS VPN over mGRE simplify this, but
IPSec performance still lowest common denominator and performance
impact
• Line-rate encryption is becoming a requirement, that is simpler to
operate, and removes levels of complexity from the WAN solution
WAN MACsec targets addressing these challenges…

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
 Link Speeds Out-Pacing IP Encryption
• Bandwidth application requirements out-pacing IP
encryption capabilities
• Bi-directional and packet sizes further impact
encryption performance
• IPSec engines dictate aggregate performance of
the platform (much less that router forwarding
capabilities)
link
BW • Encryption must align with link speed (100G+) to
Link speed = Encryption support next-generation applications
Engine

time

Link Speed
IPSec Encryption Speed
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Problems addressed by L2 Encryption

• IPSec performance, complexity, and cost becoming more challenged

• Performance at a fraction of overall router throughput
• High-speed solutions target line-rate encryption
• Solves Architectural complexity
• Removes packet size/MTU issues
• Obscures IP and MPLS content

OTN and WAN MACsec targets these challenges…

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
New Applications and Architectures Driving WAN
Encryption Rates

• Increasing bandwidth demands over the WAN for branch, applications and data centers

• Less applications run locally in branch locations, driving high-speed transport increases

• Highly resilient cloud computing architectures (C2S, GovCloud) driving high speed data center
replication requirements
• Traffic pattern changes dictated by cloud, M2M communications, IoT/IoE

• Encryption landscape is changing driving high speed layered encryption solution offerings

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
 What is MAC Security (MACsec)?
Hop-by-Hop Encryption via IEEE802.1AE

• Hop-by-Hop vs End-to-End “Bump-in-the-wire” model

-Packets are decrypted on ingress port
-Packets are in the clear in the device
-Packets are encrypted on egress port

• Allows the network to continue to perform all the packet

inspection features currently used
Decrypt at Encrypt at
Ingress Egress
everything in clear
01101001010001001 01101001010001001
128bit AES GCM Encryption 128bit AES GCM Encryption 128bit AES GCM Encryption

01001010001001001000101001001110101 011010010001100010010010001010010011101010 01101001000110001001001000

ASIC

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Confidentiality and Integrity 802.1AE based Encryption
• * NIST Special Publication 800-38D (http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf)

• MACsec provides Layer 2 hop-by-hop encryption and integrity, based on IEEE

802.1AE 802.1AE standard
• 128/256 bit AES-GCM (Galois/Counter Mode) – NIST Approved *
• Line rate Encryption / Decryption for both 1/10/40/100GbE interface
• Replay Protection of each and every frame

Customer Benefits
 Protects against man-in-the-middle attacks (snooping, tampering, replay)
 Standards based frame format and algorithm (AES-GCM)
 802.1X-2010/MKA addition supports per-device security associations in shared media
environments (e.g. PC vs. IP Phone) to provide secured communication
 Network service amenable hop-by-hop approach compared to end-to-end approach (e.g.
Microsoft Domain Isolation/virtualization)

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
MACsec Timeline
2013
802.1AEbw
2010 Amendment
2006 802.1af becomes MACSec defines
802.1AE part of 802.1x- AES-GCM-XPN -
MACSec AES- 2010 MACSec Key 128 ann AES-GCM-
128-GCM Agreement (MKA) XPN-256

2007 2011 2017

802.1af 802.1AEbn 802.1AEcg
Authenticated Key Amendment
Agreement for Current working
MACSec MACSec adds group adds support
AES-256-GCM for MACSec over
provider bridges

BRKRST-2309 48
 MACsec Protocols & Algorithms
Function Protocol Specification Encryption
Algorithms
1
Device Identification Secure Device IEEE 802.1AR RSA, ECC
Identification
2 Authentication and EAP: Extensible IEEE 802.1X (RFC 5126, TLS Based:
Key Establishment Authentication Protocol RFC 4851) RSA, ECC, AES,
(EAP-TLS, Cisco EAP-FAST) HMAC-SHA2

3 Control Key MKA: MACsec KEY IEEE 802.1X-2010 AES-128 KeyWrap,

AES-128-CMAC
Management Agreement AES-256-CMAC
4 Authorization and RADIUS with Cisco Key RFC 6218 AES-128-KeyWrap,
Key Distribution Wrap Attributes HMAC-SHA-2
DTLS
IPSec
5 Bulk Data MACsec IEEE 802.1 AE AES-GCM-128
Encryption 802.1AEbn AES-GCM-256
AES-GCM-128-XPN
802.1AEbw
AES-GCM-256-XPN
802.1AEcg

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
802.1AE (MASec) Tagging
TrustSec Frame Format
Authenticated
Encrypted
DMAC SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC

0x88e5
MACsec EtherType TCI/AN SL Packet Number SCI (optional)

 Frames are encrypted and protected with an integrity check value

(ICV)

 MACsec Ethertype is 0x88e5

 No impact to IP MTU/Fragmentation

 L2 Frame MTU Impact*: ~ 40 bytes = less than baby giant frame

(~1600 bytes with 1552 bytes MTU)

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Quick MACsec Terminology
Acronym Definition
MACsec Key Agreement – defined in IEEE 802.1XREV-2010 is a key agreement protocol
MKA for discovering MACsec peers and negotiating keys

Master Session Key, generated during EAP exchange. Supplicant and authentication server
MSK use the MSK to generate the CAK.

Connectivity Association Key is derived from MSK. CAK is a long-lived master key used to
CAK generate all other keys used for MACsec.

CKN Connectivity Association Key Name – identifies the CAK

Secure Association Key is derived from the CAK and is the key used by supplicant and
SAK switch to encrypt traffic for a given session.

Key Server
KS • responsible for selecting and advertising a cipher suite
• responsible for generating the SAK from the CAK.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
 MACsec Key Agreement (MKA) and EAP
Authentication
Authenticator/AS Supplicant

Mutual Authentication,
IEEE 802.1X/EAP MSK
MACsec Key Agreement
protected by key derived
from the EAP
IEEE 802.1X/MKA
MACsec Key
MACsec protecting
IEEE 802.1AE data

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
 MACsec Functional Sequence
Supplicant Authen cator Authen ca on Server

EAPoL: EAP Request-Iden ty

1 Authen ca on EAPoL: EAP-Response: Alice
RADIUS Access-Request

IEEE 802.1X
and Master Key [AVP: EAP-Response: Alice]
Distribu on RADIUS Access-Challenge
[AVP: EAP-Request: PEAP]
RADIUS Access-Accept
EAP Success [AVP: EAP Success]
[AVP: EAP Key Name]
[AVP: CAK]

EAPoL-MKA: Key Server

2 Session
EAPoL-MKA: MACSec Capable

MKA
Key
Agreement EAPoL-MKA: Key Name, SAK
EAPoL-MKA: SAK Installed

AES-GCM-128
Encrypted Data

MACSec
3 Session
Secure Encrypted Data

BRKRST-2309 53
 MACsec Key Hierarchy
• Two Methods to derive Encryption EAP MSK
Keys
• 802.1X/EAP CKN CAK
• Pre-shared Keys
ICK KEK SAK
• If EAP method is used – all keys are
generated from the Master Session
Key (MSK)
Pre-Shared Key
CAK CKN
• If Pre-shared Key is used the
CAK=PSK and the CKN must be
manually entered
ICK KEK SAK

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
 MKA with Pre-shared and cached CAKs
• When EAP is not used for Authentication – a pre-shared key (PSK) can be used.
The CAK is manually placed in the router/switch configuration and used as the PSK
EAP/MACsec use cases require the link to come up even if the AAA server
• Some
cannot be reached
• A preinstalled CAK can be cached in the configuration, and then used until such time as the
AAA server is reached and a new CAK is obtained.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Cryptography: Keys used in MKA (CAK/CKN)
• MKA uses a key hierarchy based on a single long-term key (CAK)
• CAK is derived from the EAP MSK using a key derivation function (KDF) defined in NIST
SP800-108. The following is for a 128-bit CAK. (The key is longer for a 256-bit CAK.)
CAK = KDF(MSK[0-15], "IEEE8021 EAP CAK”, mac1 | mac2, CAKlength)

• A unique name is derived for the CAK, called a CKN. This is like a KeyID
CKN = KDF(MSK[0-15], "IEEE8021 EAP CKN”, mac1 | mac2, CKNlength)

Note: A pre-shared or cached CAK requires both the CAK and CKN to
be saved in the network device configuration, as well as some policy
(e.g., cipher suite)

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Keys used in MKA (MKA keys/SAK)
• Two keys are generated from the CAK by MKA
• ICV Key (ICK) used to prove an authorized peer sent the message
• ICK = KDF(CAK, “IEEE8021 ICK”, Keyid, ICKLength)
• Key Encrypting Key (KEK) used to protect the MACsec keys (SAK)
• KEK = KDF(CAK, “IEEE8021 KEK”, Keyid, KEKLength)

• A MACsec key is called a Secure Association Key (SAK)

• It is typically generated using the KS FIPS 140-2 compliant random number generator
• Alternatively, it can be generated using a KDF, including randomness provided by other
participants as well as the KS. This protects against a failure in KS randomness
SAK = KDF(CAK, “IEEE8021 SAK”, KS-nonce | MI-value list | KN, SAKlength)
Where:
• KS-nonce is randomness provided by the KS,
• MI-value list includes a 32-bit value provided by each member in the group (not the MAC address)
• KN is a counter maintained by the KS

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Let’s talk MACsec Access Control
• Use the macsec access-control {must-secure | should-secure} command to control the
behavior of unencrypted packets.
• The should-secure keyword allows unencrypted packets from the physical interface or
subinterfaces to be transmitted or received.
• The must-secure keyword does not allow unencrypted packets from physical interface or
subinterfaces to be transmitted or received. All such packets are dropped except for MKA
control protocol packets

CAUTION
• If MACsec is enabled only on selected subinterfaces, configure the should-secure keyword
option on the corresponding interface.
• The default configuration for MACsec on subinterfaces is macsec access-control must-secure.
This option is enabled by default when the macsec command is configured on an interface.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
MKA Key Chain configuration
Key Chain Name

Connectivity Association Key

Name (CKN)
MKA Authentication
Cipher
Connectivity
Association Key (CAK)
• 32 Characters for 128bit
• 64 Characters for 256bit

Lifetime
Note: The lifetime is
for the CKN not the
#CLUS BRKRST-2309
CAK
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
MKA Policy

MKA Policy Name

MACsec Cipher suite for
Secure Association Key
(SAK)
Confidentiality Offset

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
MACSec Interface Configuration

MKA Policy Name

Key Chain Name

Enables MACSec

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
 MACSEC SA Scale with Re-Keying (ASR9K)
• We always allocate 2 SAs:
• 1st SA = Active SA has SAK
• 2nd SA = Idle SA reserved for re-keying, has no SAK

• During re-key time there is time overlap to:

1. Exchange and install new SAK key and bind it to idle SA
2. Purge the old SAK key and allocate an new idle SA

MACSEC Re-Keying R1 R2 AES-GCM-256-bit Effective Scale with Re-Keying

Total MACSEC Ports 10G = 1,600
Per System 40G = 320
Time Axis
100G = 160
Per Port SA Count 10G Tx/Rx SAs = 32/2 = 16
Only 1 SA Installed T1 SA1  SA1  Idle SA1  SAK1 SA1  Idle 40G Tx/Rx SAs = 128/2 = 64
SAK1
100G Tx/Rx SAs = 256/2 = 128
Re-Keying 2 T2 SA1  SA1  SAK1
SAK1
Total MACSEC SAs 10G Tx/Rx SAs = 51,200/2 = 25,600
SAs installed SA2  SAK2 Per System 40G Tx/Rx SAs = 40,960/2 = 20,480
SA2  100G Tx/Rx SAs = 40,960/2 = 20,480
SAK2
Re-Key Complete T3 SA2  Idle SA2  SA2  Idle
Purge Old SAK SA2 
SAK2
Reclaim SA SAK2

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
MACSEC SA Scale with Re-Keying (IOS-XE)
key chain key-roll macsec
key 01
cryptographic-algorithm aes-128-cmac
key-string 12345678901234567890123456789012
lifetime 14:59:59 Apr 4 2017 duration 5000
key 02
cryptographic-algorithm aes-128-cmac
key-string 12345678901234567890123456789011
lifetime 16:00:00 4 apr 2017 17:10:00 4 apr 2017
key 03
cryptographic-algorithm aes-128-cmac
key-string 12345678901234567890123456789013
lifetime 17:00:00 4 apr 2017 18:10:00 4 apr 2017
key 04
cryptographic-algorithm aes-128-cmac
key-string 12345678901234567890123456789014
lifetime 18:00:00 4 apr 2017 infinite

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
MACSEC SA Scale with Re-Keying (IOS-XE)
ASR-1000-B#
Apr 4 16:00:00.000: %MKA-5-CAK_REKEY: (Te0/0/1 : 8) MKA Session
is beginning a CAK Rekey for RxSCI b0aa.7741.3f01/0008,
AuditSessionID , AuthMgr-Handle 5F000003, Old CKN
0100000000000000000000000000000000000000000000000000000000000000

Apr 4 16:00:00.000: %MKA-4-MKA_MACSEC_CIPHER_MISMATCH: (Te0/0/1 :

8) Lower strength MKA-cipher than macsec-cipher for RxSCI
b0aa.7741.3f01/0000, AuditSessionID , CKN
0200000000000000000000000000000000000000000000000000000000000000

Apr 4 16:00:24.367: %MKA-6-SAK_REKEY_SUCCESS: (Te0/0/1 : 8) MKA

Session successfully completed a SAK Rekey (new Latest AN/KN 3/4,
Old AN/KN 2/3) for RxSCI b0aa.7741.3f01/0008, AuditSessionID , CKN
0200000000000000000000000000000000000000000000000000000000000000

Apr 4 16:00:24.367: %MKA-5-SESSION_SECURED: (Te0/0/1 : 8) MKA

Session was secured for RxSCI b0aa.7741.3f01/0008, AuditSessionID
, CKN
0200000000000000000000000000000000000000000000000000000000000000
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
MKA Info

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
MACSec Status

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Prerequisites for Certificate-based MACsec
Encryption
• Ensure that you have a Certificate Authority (CA) server configured for
your network.
• Generate a CA certificate.
• Ensure that you have configured Cisco Identity Services Engine (ISE)
Release 2.0. Refer to the Cisco Identity Services Engine Administrator
Guide, Release 2.3.
• Ensure that both the participating devices, the CA server, and Cisco
Identity Services Engine (ISE) are synchronized using Network Time
Protocol (NTP). If time is not synchronized on all your devices,
certificates will not be validated.
• Ensure that 802.1x authentication and AAA are configured on your
device.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Restrictions for Certificate-based MACsec
Encryption
• MKA is not supported on port-channels.
• High Availability for MKA is not supported.
• Certificate-based MACsec encryption on sub-interfaces is not
supported.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
 Call Flow for Certificate-based MACsec
Encryption using Remote Authentication
1. MACSec enabled routers will act
as both Supplicant and
Authenticator
2. Two EAP Sessions (with separate
EAP Session IDs) are initiated Red
and Blue
3. After mutual authentication, the
MSK of the flow corresponding to
the router with the higher MAC
address and role as authenticator is
picked to derive the CAK.
CAK = KDF(MSK[0-15], "IEEE8021 EAP CAK”, mac1 | mac2, CAKlength)
CKN = KDF(MSK[0-15], "IEEE8021 EAP CKN”, mac1 | mac2, CKNlength)

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
 Call Flow for Certificate-based MACsec
Encryption using Local Authentication
1. MACSec enabled routers will act
as both Supplicant and
Authenticator
2. Two EAP Sessions (with separate
EAP Session IDs) are initiated Red
and Blue
3. After mutual authentication, the
MSK of the flow corresponding to
the router with the higher MAC
address and role as authenticator is
picked to derive the CAK.
CAK = KDF(MSK[0-15], "IEEE8021 EAP CAK”, mac1 | mac2, CAKlength)
CKN = KDF(MSK[0-15], "IEEE8021 EAP CKN”, mac1 | mac2, CKNlength)

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Certificate Based MACSec Configuration .1X Config
aaa new-model eap profile EAPTLS-PROF-IOSCA
dot1x system-auth-control method tls
radius server ISE
pki-trustpoint IOS-CA

address ipv4 <ISE ipv4 address> auth-port 1645

acct-port 1646 automate-tester
dot1x credentials EAPTLSCRED-IOSCA
username dummy username asr1000@cisco.com
key dummy123 pki-trustpoint IOS-CA !
radius-server deadtime 2
aaa group server radius ISEGRP
server name ISE
aaa authentication dot1x default group ISEGRP
aaa authorization network default group ISEGRP

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Applying configuration to Interface
interface TenGigabitEthernet0/1
macsec network-link
authentication periodic authentication timer reauthenticate <reauthentication interval>
access-session host-mode multi-host
access-session closed
access-session port-control auto
dot1x pae both
dot1x credentials EAPTLSCRED-IOSCA
dot1x supplicant eap profile EAPTLS-PROF-IOSCA
service-policy type control subscriber DOT1X_POLICY_RADIUS

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Handing MACSEC Out-of-Sequence Frames
Replay-Protection-Window-Size Behavior
• Replay protection Window Size = Maximum out-of-sequence frames MACSEC
accepts and not discarded
• MACSEC Egress Decryption PE expects:
• All frames to be received in sequence as 1,2,3, etc … (ascending order)
• All out-or-order or out-of-sequence frames should not exceed “Replay Protection Window Size”
• If any frame with sequence number outside of window size arrives it will be discarded. Eg, window expects
1-64, but we get 100 then100 will be discarded.
Replay-Protection-Window-Size = 0 Replay-Protection-Window-Size = 64
Strict Discard Enforced Max 64 out of Sequence accepted

MACSEC Rx PHY MACSEC Rx PHY

Frame Sequence Number: Frame Sequence Number:

etc 62 …,15,14,63,64,11,10,8,7,9,6,5,4,3,2,1
…,15,14,13,12,11,10,8,7,9,6,5,4,3,2,1

All Discarded Accepted All Accepted Out-of-Sequence

Out-of-Sequence Detected
Detected #CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
WHY AES-GCM-XPN?

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
MACsec and IPsec Comparison
Category MACsec IPsec
Market Positioning 1. Aggregate Deployments such as Regional Hubs 1. Small Branches
2. Large Branches that require high throughput 2. High Scale deployments
3. Data Center Interconnects 3. Low throughput Branches
4. Beyond MetroE (International) Reach
Link Requires dedicated MetroE EVC circuits for L2 connectivity Easily Routable over many commonly available public
Requirement/Topolog between sites network
ies Point-to-Point, Point-to-MultiPoint Any Topology

Encryption Per PHY Link Speed (1G, 10G, 40G, 100G) Constrained by IPsec Crypto engine performance
Performance
Services Enablement No impact to encryption throughput Impacts encryption throughput

Peers Scale Limited by hardware resources Highly Scalable

Throughput Up to Line Rate on each port (limited only by the forwarding Aggregate throughput (limited by the encryption
capability) throughput)

Configurability Simple configuration More complex configuration and policy choices

Layer 3 Visibility for No. Except Layer 2 headers (and optionally VLAN/MPLS Visible. L3 info can be used for monitoring & policy
Monitoring Labels) everything else is encrypted enforcement purposes

#CLUS
Kural Arangasamy BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
MACsec Deployment
Models and Use Cases
What is WAN MACsec?
 What is “WAN MACsec?
Secure Ethernet Link(s) over Public Ethernet Transport
MKA Session
Service Provider
Owned Routers/Bridges

Data Data
Center Public Carrier Center
Ethernet
Service Central
Remote
Campus/DC Campus/DC

• Leverage “public” standard-based Ethernet transport

MACsec MKA Session

• Optimize MACsec + WAN features to accommodate running MACsec Secured Path / MKA
over public Ethernet transport Session
MACsec Capable Router
• Target “line-rate” encryption, regardless of packet size
MACsec Capable PHY
• Targets 100G, as well as 1/10/40G SP Owned Ethernet
Transport Device

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
 Router Peering Model View over E-LINE
Point to Point E-LINE Service
Physical View Logical View

CE2 CE2
CE1 CE1

Routers peer per

P2P “virtual” Carrier Ethernet
Ethernet
VLAN sub-interface
Service per PW
Pseudo-wire
E-LINE (P2P)

CE4 CE3
CE4 CE3 Ethernet Sub-interface with
Ethernet Sub- 802.1q support Central
Central
interface with Site
802.1q support Site

• E-LINE is a point-to-point virtual “Ethernet wire” service

IP Routing Peer
• Connection model can be point to point, with virtual
(BGP, Static, IGP)
multiplexing at hub site via 802.1Q/sub-interface offering
BRKRST-2309 83
 Router Peering Model View for E-LAN
Physical View Logical View
CE2 CE2
CE1 CE1
Routing Peers
(N – 1)

Carrier Ethernet
Service Flat Ethernet
Bridge domain
E-LAN (multi-pt)
Single VLAN

CE3 CE4 CE3

CE4
• E-LAN emulates the network as an “Ethernet switch”
• Routers appear as part of a single “flat” Ethernet domain
• Caution required as IP Peering is N – 1 (N = # of router nodes)
• Transport is MAC address aware of “well known” MAC addresses and Ether types
IP Routing Peer
(BGP, Static, IGP)
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
What is “WAN” MACsec?
New Enhancements to 802.1AE for WAN/Metro-E Transport

• AES-256 (AES/GCM) support – 1/10/40 and 100G rates

• Standards Based MKA key framework
• (defined in 802.1X-2010) within Cisco security
• Ability to support 802.1Q tags in clear
• Offset 802.1Q tags in clear before encryption (2 tags is optional)
• Vital Network Features to Interoperate over Public Carrier Ethernet
Providers
• 802.1Q tag in the clear
• Ability to change MKA EAPoL Destination Address, Ether-type value
• Ability to configure Anti-replay window sizes
• Interoperability among all MACsec platforms in Cisco, Open Standards
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
MACsec vs. “WAN” MACsec Support
Capability MACsec WAN MACsec
Data Plane Encryption AES-128 (AES-GCM) AES-128/AES-256 (AES-GCM)

1/10/40/100G AES-256/GCM No (AES-128 only) Yes

Control Plane Keying SAP (Cisco) MKA (IEEE)

802.1Q Tag in the Clear No Yes

Point to MultiPoint Topology No Yes

MKA EAPoL Tuning No Yes

MKA Ether Type Tuning No Yes

Anti Replay Window Support Limited Yes

Multi Vendor Support No Yes

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
WAN MACsec Use
Cases
Primary WAN MACsec Use Cases
• Point to Point
• Point to Multi Point / Multi-point to Multi-point
• Securing Private IP / MPLS / Segment Routing backbone
• Hybrid Encrypted WAN – WAN MACsec + IPSec

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Use Cases

Point to Point
Topologies
 WAN MACsec Use Cases
High Speed Site to Site
MKA Session

Data Data
Center Carrier Ethernet Center
Service

Central Central
Site Site

• Point to point PW (EPL) service MACsec Secured Path / MKA

Typically Port-mode, or 802.1Q offering

Session
• MACsec Capable Router

• Target Solution: High-speed (line-rate) transfers MACsec Capable PHY

• Speeds typically exceed IPSec SP Owned Ethernet

Transport Device

• Reduce IPSec complexity (DMVPN, GRE tunnels) MACsec MKA Session

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Use Cases

Point to MultiPoint
Topologies
WAN MACsec Use Cases
E-LINE Point to Multipoint Backhaul
MKA Session

Data
Carrier Ethernet Center
Service
Branch
Central
Site

MACsec Secured Path / MKA

Branch
Session
• Point to point PW service (no MAC address lookup)
MACsec Capable Router

• Must leverage 802.1Q offering at Central site MACsec Capable PHY

• Target Solution: Simple and/or high-speed Branch Backhaul SP Owned Ethernet

Transport Device
• Speeds typically exceed IPSec MACsec MKA Session

• Reduce IPSec complexity (DMVPN, GRE tunnels) 802.1Q MACsec PHY

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
 802.1AE (MACsec) “Tag in Clear”

Encrypted
DMAC SMAC 802.1AE Header 802.1Q CMD ETYPE PAYLOAD ICV CRC

0x88e5
MACsec Ether Type TCI/AN SL Packet Number SCI (optional)

802.1Q tag in clear

Encrypted
DMAC SMAC 802.1Q 802.1AE Header CMD ETYPE PAYLOAD ICV CRC

0x88e5
MACsec Ether Type TCI/AN SL Packet Number SCI (optional)

• 802.1Q tag offers significant network design options over the carrier network

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
 WAN MACsec Use Case – 802.1Q Tag in the
Clear
• Leverage 802.1Q for logical connectivity to each site MACsec
PHY

• This is analogous to “channelization” in SONET (802.1Q)

• Router leverages IP sub-interface tag per location

Physical Ethernet Wire

10 Public
MACsec 20 Ethernet
PHY Transport
30
40

802.1Q VLAN tags to provider

Ethernet Interface
Supporting 802.1q Trunking
Encrypted Ethernet session per
destination using 802.1q tag on SP n-PE

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
WAN MACsec – 802.1Q Tag in the Clear
Expose the 802.1Q tag “outside” the encrypted payload
• Example:
...
interface GigabitEthernet0/0/4
macsec dot1q-in-clear 1 Allows the ability to leverage
MACsec on a per sub-interface
Interface GigabitEthernet0/0/4.20 basis, exposing the “802.1Q
encapsulation dot1Q 20 tag” outside the encryption
ip address 10.3.2.1 255.255.255.0 header.
mka pre-shared-key key-chain k1
macsec
!
Interface GigabitEthernet0/0/4.30
encapsulation dot1Q 30
ip address 10.3.3.1 255.255.255.0
mka pre-shared-key key-chain k1 Note: “1” denotes
macsec one .1Q tag depth

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
 WAN MACsec Use Cases
Point to Multi-point Topology (Hub/Spoke) with 802.1Q Tag in Clear
• Use Case - Requirement E-LINE - Point to Multipoint
• High Speed hub-and-spoke Topology Support
• Leverage low-cost/high-speed Metro E transport Branch n

• Cost Effective Design where N x 10G is required Branch 2

• WAN MACsec Features

• Strong Encryption: AES-GCM-256 (Suite B) Carrier
Ethernet
• Leverage 802.1Q in the clear (Hub-Site logical Service
separation)
Branch 1 Central
• Key Benefits Site
• Simple to configure
• Encryption throughput = Router performance (BW/PPS) MACsec Capable Router

• 802.1Q Tag in Clear allows simple site aggregation MACsec Secure Path / MKA Session

• Flexible to support MACsec and IPSec at Central Site MACsec enable Ethernet PHY
MACsec 802.1Q Ethernet PHY

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Use Cases

Point to MultiPoint /
Multipoint to Multipoint
(E-LAN Transport)
 Router Peering Model View for E-LAN
Physical View Logical View
CE2 CE2
CE1 CE1
Routing Peers
(N – 1)

Carrier Ethernet
Service Flat Ethernet
Bridge domain
E-LAN (multi-pt)
Single VLAN

CE3 CE4 CE3

CE4

• E-LAN emulates the network as an “Ethernet switch”

• Routers appear as part of a single “flat” Ethernet domain
• Transport is MAC address aware of “well known” MAC
addresses and Ether types IP Routing Peer
(BGP, Static, IGP)
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
WAN MACsec Use Cases
E-LAN Point to Multipoint Backhaul

Data
Carrier Ethernet Center
Service
Branch
Central
Site

Branch MACsec Secured Path / MKA

Session
• Transport is based on MAC address lookup
MACsec Capable Router
• Option to leverage 802.1Q tags for partial-mesh topology
MACsec Capable PHY
• Implications – Ethernet provider may consumer (and delete) necessary MKA key
SP Owned Ethernet
exchange packets Transport Device
• EAPoL MAC address and Ether-type

• Must allow operator ability to modify EAPoL parameters

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Adapting to Service Provider Ethernet Services
Enhancement: Ability to Change EAPoL Destination Address

• MKA uses Extensible Authentication Protocol over LAN (EAPoL) as the

transport protocol
• By default, EAPoL uses a destination multicast MAC address of
01:80:c2:00:00:03
• Because EAPoL is a standards (802.1X), the SP may consume this
packet (based on the destination multicast MAC address)
• If so, the EAPoL packet will eventually get dropped, causing the MKA
session establishment process to fail
• We need a method to change the destination MAC address and the
ether-type of an EAPoL packet, to ensures the SP tunnels the packet
like any other data packet instead of consuming them.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
 WAN MACsec Use Cases
High Speed Site to Site

Data Data
Center MKA Session Center
Carrier Ethernet Service

Ethernet Frame
Ethernet DA Ethernet SA E-Type EAPoL Data CRC

01:80:C2:00:00:03 0x888e
Version, packet type,
length, packet body

• Provider bridge may be programmed to injest and inspect elements of the

EAPoL frame (destination address and/or ether-type)

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
 WAN MACsec Use Cases
High Speed Site to Site
Protocol Addr/ET Local Action
EAPoL MAC No Drop

EAPoL E-type No Drop

Data Data
Center MKA Session Center
Carrier Ethernet Service

Ethernet Frame
Ethernet DA Ethernet SA E-Type EAPoL Data CRC

01:80:C2:00:00:03 0x888e
Version, packet type,
length, packet body

• Provider bridge, if EAPoL is NOT destined for use, will DROP the frame
mid-stream of the EAPoL session between two MACsec stations

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
EAPoL “Destination Address” Change Command
• The “eapol destination-address” command allows the operator to
change the destination MAC address of an EAPoL frame
• This ensures EAPoL frame is “unknown” to service provider bridge

CLI Example (IOS-XE):

Leverage “broadcast”
... address as the destination
interface GigabitEthernet0/0/4 EAPoL address. Provider
macsec dot1q-in-clear 1* switch will forward as
macsec replay-protection-window-size 100 standard “broadcast”
Ethernet frame.
eapol destination-address broadcast

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
EAPoL “Ether Type” Change Command
• The “macsec eth-type” command allows the operator to change
the destination Ether Type value of an EAPoL frame
• This ensures EAPoL ether-type is “unknown” to service provider
bridge

CLI Example (IOS-XE)

...
interface GigabitEthernet0/0/4
Leverages a “well known”
macsec dot1q-in-clear 1* ether type value.
macsec replay-protection-window-size 100
eapol destination-address broadcast Provider bridge will NOT
ingest frame as ether-type
eapol eth-type 876F 0x876F as it is assumed “well
known”.
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
 WAN MACsec Use Cases
Point to Multi-point / Multi-point to Multi-point Topology
• Use Case - Requirement E-LAN - Multipoint to Multipoint
• High Speed Any-to-Any Topology Support
• Targets ~30 sites (10G PHY), 64 SA HW limit Branch n
• Traffic patterns dictated by business application
behavior Branch 2

• WAN MACsec Features

Carrier
• Leverage 802.1Q in the clear (Hub-Site logical Ethernet
separation) Service
• Leverage (if needed) use of EAPoL “destination- Central
address” and “ether type change control feature Branch 1
Site
• Key Benefits
• Simple to configure MACsec Capable Router

• Ability for router to adjust to providers Ethernet MACsec Secure Path / MKA Session
services MACsec enable Ethernet PHY
• 802.1Q Tag in Clear allows simple site MACsec 802.1Q Ethernet PHY
aggregation

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Use Cases

Securing Private IP /
MPLS / Segment
Routing Backbone
 WAN MACsec for Secure MPLS Backbone
Per Link Encryption at 100Gb+ with MACsec End-to-End
•IP/MPLS
•Segment Routing
•IPv6 Data
Center

P4 PE2 Enterprise
Site
Data P1
Center
P3
PE 1 Co Lo Facility
Enterprise
Site P2
PE3 (CoLo)
MPLS Core
• Leverage MACsec encryption on Ethernet WAN links connecting PE Public Cloud Providers
and P routers in MPLS Core (up to 100GE, N x 100GE)
• Offers “per hop” encryption and telemetry at each PE / P router MACsec Secured Path / MKA

• Transparent to MPLS/Segment Routing, TE, multicast (e.g. No GRE Session

Needed!!!  ) MACsec Capable Router

• Ideal solution for extending private backbone to CoLo (e.g.BRKRST-2309

Equinix)© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
#CLUS
High Availability Use
Case for WAN MACsec
Designs
 MACsec Configuration Recommendation
Implement Bi-Directional Forward Detection (per link)
• Pre-shared Key Templates
• CLI: SSH Push PSK Key info
MACsec MKA Session

Operator

Data Data
Center Center
Key Mis-match

Challenges:
• Updating Pre Shared Keys (PSK) is a manual process
• Opens possibility of mistakes during process (mis-types, comm loss)
• MKA keepalive intervals are much longer than IGP or BFD timers
• Mis-configured MACsec keys, cause a black-holing affect on traffic
Assumption: Link cost = 1 on all links
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
 MACsec Configuration Recommendation
Convergence Impacts Around MACsec Key Operations
• Pre-shared Key Templates
• CLI: SSH Push PSK Key info
MACsec MKA Session

BFD BFD
Operator

Data Data
Center Center
BFD
Assumption: Link cost = 1 on all links

• Solution: Network configurations should include the prevention of black-

holing traffic in the event there is a mis-configuration of PSK changes on a
router
• Apply Bi-Directional Forward Detection (BFD) to WAN Ethernet Links
running MACsec
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
 MACsec Configuration Recommendation
Inject BFD for Traffic Convergence Around MACsec Failures

10’s of Seconds using IGP/MKA Timers

Re-converged
Path

IGP/MKA Interval

• Mis-configured keys or MACsec

failures dependent on IGP or MKA
time-out to converge
• Convergence in 10’s of seconds
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
 MACsec Configuration Recommendation
Inject BFD for Traffic Convergence Around MACsec Failures

10’s of Seconds using IGP/MKA Timers Sub-second Convergence using BFD

Re-converged Re-converged
Path Path

IGP/MKA Interval BFD Interval

• Mis-configured keys or MACsec • Mis-configured keys or MACsec

failures dependent on IGP or MKA failures will trigger BFD process
time-out to converge
• Offer sub-second convergence
• Convergence in 10’s of seconds and protection
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Use Cases

Hybrid WAN Encryption

Design
WAN MACsec + IPSec
 Hierarchical “Hybrid” MACsec + IPSec Design
CSR MACsec IPsec
High Throughput Encryption + Lower Scale Sites Lower Throughput Encryption + High Scale Sites
Co Lo Facility Regional IPsec Sites
Hub 1 Branch

Branch
Internet
Carrier Ethernet Service Branch
Enterprise
IPsec
Network Branch

HUB Site Internet Branch

Regional Branch

MPLS WAN Hub 2

MACsec (WAN MACsec) MACsec
Metro E
IPsec Branch
Regional
Hub 3 + DC
• “Hybrid” design option for mix of scale, performance, leveraging Ethernet services

• MACsec: Backbone/Core – Targets Higher BW, Lower Number of Sites

• IPSec: Branch/back-haul – Targets Lower BW, high number of sites, cloud (CSR)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Public 121
Adding Automation to
Security Operations
 WAN MACsec Operations
Automating WAN MACsec Pre-Shared Key (PSK) Changes

YANG
Models YDK

Operator NETCONF NETCONF

SSH SSH

MKA Session

Data Data
Center Carrier Ethernet Center
Service

• Leverage open source automation tools to speed up operations

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
 MACsec Tasks That Could Leverage Automation

• Creating a MACsec Key Chain

• Chain, key string, key lifetime
• Creating a User-Defined MACsec Policy
• Cipher, confidentiality offset, priority
• Applying MACsec Configuration on an Interface
• Verifying MACsec Encryption enabled
• Assure policy enabled, secure peering, cipher’s used

Target those operations tasks that are repeatable, requires touching on all
security devices, and are often a burden to the Sec/NetOps teams
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
 Ansible for NetOps Host Inventory
Automating MACsec Key Chain Changes
Playbooks
• Ansible 2.2.1 (Linux VM)

• Cisco ASR 1001-X (XE 16.3.2) Ansible Host (Ubuntu 14.04 VM)

SSH
• Playbook:
- SSH credential
WAN
- key chain name: June-key
- Key number: 01
Herndon VA
- cryptographic-algorithm aes-128-cmac
- key-string: 1234567890..... 23456789011
- Lifetime: 00:00:00 Jun 1 2017 23:59:59 Jun 30 2017
ASR 1001-X ASR 1001-X

GitHub Repository to Example:

https://git.io/vQUR3 BRKRST-2309 134
Yang Models for
MACsec
 Yang Model Support for MACsec – IOS-XR
Source: https://github.com/YangModels/yang/tree/master/vendor/cisco/xr/621
• Cisco-IOS-XR-crypto-macsec-mka-cfg.yang
• Cisco-IOS-XR-crypto-macsec-mka-if-cfg.yang
• Cisco-IOS-XR-crypto-macsec-mka-oper-sub1.yang
• Cisco-IOS-XR-crypto-macsec-mka-oper.yang
• Cisco-IOS-XR-crypto-macsec-secy-oper-sub1.yang
• Cisco-IOS-XR-crypto-macsec-secy-oper.yang
• Cisco-IOS-XR-lib-keychain-macsec-cfg.yang
• Cisco-IOS-XR-macsec-ctrlr-oper-sub1.yang
• Cisco-IOS-XR-macsec-ctrlr-oper.yang
• Cisco-IOS-XR-ncs1k-macsec-ea-oper-sub1.yang
• Cisco-IOS-XR-ncs1k-macsec-ea-oper.yang

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
 External Resources (GitHub)
https://github.com/netwrkr95
• Ansible – MACsec Keychain Examples

• Ansible WAN MACsec Playbook and Configs (https://git.io/vQUR3 )

• YANG Models – MACsec Keychain Examples (Using YDK)
• MACsec Key Chain Configuration applications (https://git.io/vH7uD )
• What is YDK? (https://developer.cisco.com/site/ydk/ )
• Ansible Module Using YANG Models with YDK
• Ansible + YDK app (https://git.io/vH7XZ )

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
Solution Roadmap
 (Subject to change)

Cisco MACsec Portfolio (Summarized Version)

Platform Series MACsec Delivery MACsec Speed (AES-
256)
ISR 1K/4K Series • 1p/2p Ether NIM, fixed (on 1K) • 1GE

ASR 1000 Series • Fixed and Modular solutions • 1GE, 10GE

ASR 9xxx Series • Modular Line Cards • 1GE*, 10GE, 40GE, 100GE

NCS 55xx Series • Modular and Fixed (QSFP ports) • 100GE (QSFP only)

Nexus 7700 Series ** • Modular M3 Series Card • 1/10GE, 40GE, 100GE

Nexus 9000 Series • Fixed and Modular solutions • 10GE, 40GE, 100GE

Optical NCS Series • NCS2k, NCS4k, Client ports • 10GE, 40GE, 100GE

Catalyst Switching • C3650, C3850, C9xxx • 1GE, 10GE, 40GE

Catalyst Switching ** • Cat 4K, 6K • 1GE, 10GE

** Currently does NOT support MKA key negotiation (SAP only)
Cisco Account Teams can provide more details
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
Putting it All Together –
Positioning, Use Cases
Positioning the Proper Encryption Solution
• It is important NOT to position encryption solutions against one
another
• Rather, consider each as a tool in the tool bag, which requires a
positioning exercise to meet the technical and business req
• Key Factors for encryption decisions will include:
• Transport availability / options
• Performance requirements of the solution/application
• Scale of the design and requirements (number of spokes, connected
end-points, aggregate encryption)
• Beyond IPSec, “the underlying transport dictates the available
encryption options that can be leveraged”
#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Complete your online session evaluation

Give us your feedback to be entered

into a Daily Survey Drawing.
Complete your session surveys through
the Cisco Live mobile app or on
www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing
on demand after the event at www.CiscoLive.com/Online.

#CLUS BRKRST-2309 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings

#CLUS Presentation ID © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
Thank you

#CLUS