Stay organized with collections
Save and categorize content based on your preferences.
This page describes how to modify MACsec for Cloud Interconnect
fail-open behavior.
You can choose to enable MACsec for Cloud Interconnect with fail-open
behavior. Fail-open means that if Google's edge routers can't establish a MACsec
key agreement (MKA) session with your router, then the Cloud Interconnect
connection remains operational with unencrypted traffic. The default setting
drops all traffic if an MKA session can't be established with your router.
You can change MACsec fail-over behavior only by using the Google Cloud CLI.
Enable fail-open behavior
Verify that there is no traffic on your Cloud Interconnect connection before
enabling MACsec for Cloud Interconnect with fail-open behavior.
If you have fail-open behavior enabled for MACsec for Cloud Interconnect,
you can choose to later disable fail-open behavior. After fail-open behavior is
disabled, if Google's edge routers can't establish a MACsec key agreement (MKA)
session with your router, then the connection drops all traffic.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-27 UTC."],[],[]]
