Search

AWS Direct Connect Announced That It Supports Macsec Encryption For Dedicated 10Gbps And 100Gbps Connections

Different from the flow of entertainment, at the beginning of the birth of the data flow corresponding to enterprise applications, security has become the first problem that CIOs should consider to solve. After all, key and sensitive information supports various major decisions of the organization. If the confidentiality, availability and integrity of information are challenged, the enterprise's data flow would rather be closed than transmitted at risk. With the increasing data scale of enterprises, the security capability of public cloud is also improving in coordination with the performance requirements. Recently, AWS cloud direct cloud connectivity now provides IEEE 802.1ae MAC security standard (macsec) encryption for 10Gbps and 100gbps private connections at specific sites to protect users' high-speed private cloud connections.



Macsec is an IEEE standard and belongs to layer 2 protocol. 

It relies on GCM-AES-128 to provide integrity and confidentiality, and operates through Ethernet. It can protect all traffic in the LAN, including DHCP and ARP, as well as traffic from higher-level protocols. IEEE 802.1X-2010 defines a companion protocol, MACsec key agreement (MKA), which provides key exchange and allows mutual authentication of nodes who want to participate in MACsec connection Association. On Linux machines, this is in WPA_supplicant Implemented in supplicant. Wpa_supplicant uses some authentication tokens (pre shared key or username / password pair, similar to the authentication mechanism used in WiFi) to establish a session with the authentication server, which can be a switch or a Linux host running hostapd. After authentication, the key is generated and exchanged (through the encrypted channel) and used to configure the MACsec secure link.



On the line, the MACsec packet starts with the Ethernet header of EtherType 88E5. 

This is followed by MACsec SecTAG, which contains information to help the receiver identify the decryption key and the packet number (for replay protection). After the SecTAG is the payload that can be encrypted and the ICV (integrity check value) generated by GCM-AES, which ensures that the data packet is indeed created by the node with the key and has not been modified in the middle of link transmission.


Because AWS's Direct Connect service itself is a transmission service established for dedicated line networks, in addition to solving the concerns about network performance, users need to solve the problems of authentication and replay attacks at the security level. If the sd wan professional services provider assisting in providing Direct Connect services is unreliable, there is actually such a potential threat. After the introduction of MACsec encryption, the above concerns can be well resolved.


After solving the depth of security function, in the past, to solve the problem of data transmission at the speed of several GBbps between the user's private network and AWS, multiple IPSec VPN tunnels need to be aggregated in order to break through the throughput limit of using a single VPN connection. The complexity of such solutions increases operational risk and makes high-speed connection protection over 10Gbps less attractive. After the introduction of MACsec support, AWS WS Direct Connect can now provide native, near line rate point-to-point encryption for 10Gbps and 100gbps private connections to ensure the continuous protection of data communication between AWS and users' private networks, data centers, offices or host hosting facilities.



GoSDWAN customers who want to use highly available broadband to securely exchange data with AWS will benefit from the MACsec encryption feature. 

Users involving sensitive personal information such as edge computing in financial services or health care, as well as high bandwidth workload customers who need to comply with strict security requirements (such as manufacturing, transportation and public utilities). As an sd wan managed service provider, Gosdwan strongly recommends using more than one connection at the AWS direct connection site to ensure high service availability against device or host hosting level link failure. Gosdwan also recommends that you use the elastic failover toolkit test function to comprehensively switch and drill your configuration before going online. Contact us now!


Recommended Smart Managed SD-WAN Solutions & Services

Recommended Smart Managed SD-WAN Cases

Global ICT integrated operation and full-scenario business connection help Real Estate and Property Management enterprises drive the digital and Intelligent transformation.
VIEW MORE
Help Logistics and Transportation industries overcome the unprecedented pressure for business continuity under the impact of COVID-19, ensure excellent customer experience and create new opportunities for the development.
VIEW MORE
Help Manufacturing enterprises gain highly secure, flexible and cost-effective intelligent connectivity and enter the era of cloud computing.
VIEW MORE
GOSDWAN's News & Blog
The Potential for Edge Computing in Real Estate
25
Jan
2024
The Potential for Edge Computing in Real Estate
Edge computing has the potential to bring significant benefits to the real estate industry by enabling enhanced connectivity, data processing, and automation at the edge of the network. Here are sever...
VIEW MORE
What is Dedicated Internet Access?
29
May
2023
What is Dedicated Internet Access?
Dedicated internet access (DIA) is a high-speed, reliable, and uncontended (non-shared) internet connection that provides a dedicated link between the customer's premises and the internet. DIA is ...
VIEW MORE
Cloud Connectivity Technology in IoT
16
Feb
2023
Cloud Connectivity Technology in IoT
The concept of the Internet of Things (IoT) was first proposed in 1999. Although it appears to be the communication connection of physical objects, its core is the interconnection and integration of i...
VIEW MORE
Copyright © GOSDWAN. All Rights Reserved.
Room A1,11/F Winner Building, 36 Manyue Street, Hunghom, Kowloon, Hongkong
inquiry@gosdwan.com
+86-400-859-9983