Hi guys.

Looking at macsec I've only started - so go easy on me with possibly trivial questions -  and write here in hope, that some of you have expertise to tell...

Having a bond device which is a slave to a bridge -> where must MACSEC go in order to - if feasible in NM at all that is - secure all the traffic going via the physical device(s)?

Just to make it clear - though probably obvious - all traffic, say kernel VMs which use such bare-metal host's bridge iface for communication out/in of the host.

Or even most basic of what I ponder over - macsec with 'bond' as parent?

All & any thoughts shared are much appreciated. many thanks, L.