MACSec in virtual Ethernet adapters

Question

Can I use MACSec in the virtual Ethernet adapters(containers or VMs) without configuring it in the physical MAC address?

There were multiple examples of MACSec implementation in VMs in the internet but all were using the physical address for the implementation of MACSec. (For example, see this page: https://costiser.ro/2016/08/01/macsec-implementation-on-linux/)

So I have to know whether MACSec can be implemented without the use of physical interface?

It is actually _MACsec_, not _MACSec_, and its frame format is similar to ethernet, so it has source and destination MAC addressing on the frame. You can basically think of the MACsec frame as an ethernet frame with a couple of extensions. — Ron Maupin, Mar 14 '19 at 20:38
Thanks for the input. I came to this question because I have experienced the below scenario. I have a Ubuntu 18.04 PC. I have created lxc container(Ubuntu 18.04) on this PC with nictype as macvlan for establishing communication between the container and the outside environment. Inside this container, now I have to create a MACsec device and start my communication. When I run this command "ip macsec add macsec0 tx sa 0 pn 1 on key 01 ...." after creating macsec0 interface, I am getting this error as "RTNETLINK answers: Operation not permitted". Help me out to fix this issue. — Lucid lynx, Mar 15 '19 at 15:58

score 0 · Accepted Answer · answered Nov 12 '19 at 03:51

0

I have found an answer to my question. Thought of sharing this.

MACsec can be used in both VMs and containers. Only thing is that they need to have all privileges. Using privileged containers solved my problem.

answered Nov 12 '19 at 03:51

Lucid lynx

1 Answers1