MACSEC, defined in the IEEE 802.1AE standard, is a connectionless secure communication protocol that was initially defined for point-to-point security between two devices. Over time usage of MACSEC has been extended to provide end-to-end encryption across a third party network using tunnels, bridges, and labels. Today, to transport MACSEC packets across third party networks requires at least two devices or boxes. The first box encrypts the packet with and the second box tunnels the packet through the network.
The security information is inserted in the packet immediately following the destination address/source address (DA/SA) fields, and all of the lower level packet information is hidden from the network that is forwarding the packets.