|
|
1 |
(% class="row" %) |
|
|
2 |
((( |
|
|
3 |
(% class="col-xs-12 col-sm-8 test-report-content" %) |
|
|
4 |
((( |
|
|
5 |
---- |
|
|
6 |
|
|
|
7 |
Security is a key factor in any network, and time synchronization is vital for time-sensitive applications such as industrial automation, financial trading, telecommunications, and smart grids, which rely on PTP synchronization. |
|
|
8 |
If the PTP packets sent within a network are tampered with, blocked, spoofed, or otherwise disrupted, it can cause serious degradation to these applications and networks. This highlights why securing PTP transfer is so important. |
|
|
9 |
To protect PTP traffic from such threats, MACsec (IEEE 802.1AE) is used for Layer 2 encryption. It ensures data confidentiality and integrity by encrypting Ethernet frames, defending against threats such as eavesdropping and tampering. However, running PTP over MACsec brings its own challenges: PTP requires very accurate packet timestamping to achieve the necessary accuracy and stability for network time synchronization. The encryption and decryption steps in MACsec pose significant challenges for sync-aware networks, introducing latency variations and asymmetry across timestamping points. This is a major issue since PTP assumes a constant link delay, which doesn’t hold true when using PTP over MACsec. That’s why this test case focuses on verifying that precise time synchronization can be maintained while maintaining network security. |
|
|
10 |
This year, due to a lack of support, only two vendors supported this feature: Cisco and HPE. |
|
|
11 |
|
|
|
12 |
[[~[~[Figure 90: PTP over MACsec~>~>image:487694052125376513_macsec2.png~|~|alt="Figure 90"~]~]>>attach:487694052125376513_macsec2.png||target="_blank"]] |
|
|
13 |
|
|
|
14 |
Three test runs were conducted: one with the HPE MX304 and the Cisco Nexus C93400LD-H1, another with the HPE MX304 and the Cisco Nexus 93180YC-FX3, and one with the HPE MX304 and the HPE MX301. |
|
|
15 |
For all three runs, the Calnex Paragon neo served as both the emulated Telecom Grandmaster (T-GM) and the frequency/phase analyzer. |
|
|
16 |
During all three runs, the vendor combinations were well within the limits of constant Time Error (cTE), dynamic Time Error Maximum Time Interval Error low-pass filtered (dTE,,L,, MTIE), and the Maximum Time Error (max|TE|) for media converter pairs Class C, as per ITU-T G.8273.2, Appendix V, table V.1. |
|
|
17 |
Additionally, we measured the devices' SyncE outputs, which were also working as expected. |
|
|
18 |
This marks a big step toward improving PTP security, demonstrating the functional interoperability of PTP over MACsec while maintaining tight time error limits. |
|
|
19 |
|
|
|
20 |
{{container cssClass="tc-role-table"}} |
|
|
21 |
(% class="table-bordered" %) |
|
|
22 |
|=Emulated Telecom Grandmaster|=Telecom Boundary Clock - 1|=Telecom Boundary Clock - 2|=Frequency/Phase Analyzer |
|
|
23 |
|Calnex Paragon neo|HPE MX304|Cisco Nexus C93400LD-H1 |
|
|
24 |
Cisco Nexus 93180YC-FX3 |
|
|
25 |
HPE MX301|Calnex Paragon neo |
|
|
26 |
|
|
|
27 |
{{/container}} |
|
|
28 |
|
|
|
29 |
Table 67: PTP over MACsec - Test combinations |
|
|
30 |
|
|
|
31 |
(% id="prev-next-links" %) |
|
|
32 |
|[[< Previous>>doc:Telecom Boundary Clock Class CD Conformance]]|[[Next ~>>>doc:PTP over DWDM transport]] |
|
|
33 |
))) |
|
|
34 |
|
|
|
35 |
(% class="col-xs-12 col-sm-4 test-report-sidebar" %) |
|
|
36 |
((( |
|
|
37 |
{{box}} |
|
|
38 |
{{include reference="Main.EANTC Transport & Cloud Networks Interop Test Report 2026.Sidebar Nav"/}} |
|
|
39 |
{{/box}} |
|
|
40 |
))) |
|
|
41 |
))) |
