Encryption Modes
LinkSec provides assorted flavors of aegis modes to accommodated altered use cases. LinkSec is
enabled on a link-by-link basis, which allows you to run it in a approach that makes faculty for
a accustomed link.
LinkSec allows for the afterward encryption modes on a accustomed link:
• GCM. Typical approach area anniversary packet on the wire is encrypted and authenticated.
• GMAC only. The packet is not encrypted; however, it is authenticated. This ability be
useful in deployments area affair is not a concern, but antecedent actuality and
data-tampering apprehension are a requirement. In this mode, average devices—not
part of the SA—can see the absolute packet burden but cannot alter with it. This
might be all-important to accredit assertive appearance on an average accessory that relies on
information from aural the packet, such as flow-based features.
• Null encryption. No aegis measures are used. Packets go in the bright after any
authentication. This approach is finer the aforementioned as axis off 802.1AE. However, it
might be advantageous for troubleshooting the ascendancy plane—authentication and key
exchange protocols (802.1af). That is, acquiesce the user to accredit 802.1AE/af on a link
and verify that affidavit and key-exchange appearance of the articulation bring-up are
working as per apprehension afore axis on abstracts cartage encryption/authentication.
The key point is that LinkSec is a adjustable aegis archetypal that you can clothier to accommodated various
deployment requirements. In abounding action networks, acceptance anniversary anatomy is a
compelling affection because abstracts affair ability not be a above concern; however, data
integrity is.