How to Test MACsec

+ Network Traffic Generator

Test MACsec under realistic network loads at up to 800GE

Testing and benchmarking Media Access Control Security (MACsec) Layer 2 implementations under realistic network loads requires using a mix of traffic workloads with encryption while ensuring continuous line rate connectivity is maintained. This realistic mix of data is comprised of small and large packets across control plane protocols like OSPF, ISIS and BGP. Non-MACsec traffic may also be in the mix. The periodic key refresh with small frame sizes when traffic is already flowing at a 100% line rate is a particularly challenging scenario that requires testing.

On a typical test topology two ports on a network traffic generator serve as emulated MACsec devices with a device under test (DUT) connected between the ports. Engineers can then run the MACSec test scenarios, which include the use of different types of supported keys, control plane protocols, scalability in large topologies, mix of MACsec and non-MACsec traffic, vulnerability, and negative test cases. The result of this work is then a validated hardware design, software stack implementation, and system integration for the full coverage of MACsec functions for high speed designs up to 800GE.

MACsec layer 2 testing solution

Testing MACsec requires a dedicated network traffic generator and the DUT. Keysight’s network traffic generator and software provides a complete testing platform with encryption under realistic traffic mixes in cloud and data center workloads. Tests ensure service continuity during key rotation, and stability under various negative conditions at speeds up to 800GE. In addition, Keysight also provides a software-based solution with essential capability to help MACsec validation in industries where lower ethernet speeds are used.

Get quote