In a recent discussion with fellow network engineers about encryption in a DC network, I made an observation that in some cases it might be better to simply enforce end-to-end encryption directly between applications rather than in the underlying infrastructure (MACsec, IPSEC etc.).

Looking at MACsec for example, as crypto is done by the ASIC, the general opinion was that ...

read more>