End-to-End MACsec Encryption in a Two-Data Centre Network Over Routed WAN

In an era of increasing data loss and theft, ensuring end-to-end encryption in highly available data centres is crucial. This need becomes even more critical when data centres span multiple locations, relying on telecom providers for WAN connectivity, where data may be susceptible to interception. Media Access Control Security (MACsec) provides robust layer 2 encryption to ensure data integrity and confidentiality but is limited to point-to-point links and lacks inherent support over routed or internet networks. This research evaluates the effectiveness of deploying MACsec over a routed WAN using an overlay Layer 2 Tunnel Protocol version 3 (L2TPv3) solution. The experiment examines the integration of MACsec with MTU adjustments to achieve end-to-end encryption across interconnected data centres. Findings demonstrate that the combined solution enables seamless, secure data centre connectivity, delivering end-to-end encryption without significant performance degradation, making it a practical approach for modern data centre networks.