Using Encryption in Transit with Megaport Services
Encryption in transit refers to protecting data while it moves from one place to another.
There are many options available for encrypting data as it moves over a network. The most common are MACsecMedia Access Control security (MACsec) is a security protocol that encrypts data traffic between Ethernet-connected devices. The MACsec protocol is defined by IEEE standard 802.1ae. When MACsec is enabled, a bi-directional secure link is established after an exchange and verification of security keys between the two connected devices. A combination of data integrity checks and encryption is used to safeguard the transmitted data.
, IPsecInternet Protocol Security (IPsec) is a secure network protocol suite for Internet Protocol (IP) communications that works by authenticating and encrypting packets of data in a communication session. It provides secure encrypted communication between two computers over an Internet Protocol network and is used in virtual private networks.
, and host-level encryption. Each of these approaches has its advantages and disadvantages, and each operates at a different level of the network stack.
Using the OSI Model, MACsec operates at Layer 2Layer 2 of the OSI model is the data link layer. This provides node-to-node data transfer (a link between two directly connected nodes). Most Megaport Virtual Cross Connects (VXCs) operate at this layer. Layer 2 is divided into Media Access Control (MAC) layer (controls how devices in a network gain access to medium and permission to transmit), and Logical Link Control (LLC) layer (responsible for identifying network layer protocols and then encapsulating them and controls error checking and frame synchronization).
, IPsec operates at Layer 3Layer 3 of the OSI model is the network layer. It translates logical network address into physical machine address (IP addressing). Layer 3 routers analyze traffic based on address details and forward appropriately, requiring knowledge of the details generally exchanged in BGP sessions for routing table exchanges.
, and host level, including TLS and SSH, typically operates at Layers 4-7 within the clients and servers rather than at the network level.
Megaport works with customers using various combinations of all of these protocols, along with many others.
For more information about using MACsec with your Megaport services, see Using MACsec with Megaport.
For more information about using IPsec with your Megaport services, see Using IPsec with Megaport.