When looking at some NetDevConf papers, I opened up MACsec, which is "Encryption for the wired LAN". The biggest advantage illustrated was in a cloud environment where traffic from one guest to another via a third party's infrastructure could be easily and application-transparently encrypted. The slide deck has a number of actual usage examples. Sabrina Dubroca writes an article on the redhat developers blog: MACsec: a different way to encrypt network traffic.
Which, come to think of it, would be a dead simple way to encrypt L2 WAN traffic.
- MACsec Implementation on Linux: an in depth tutorial written by costier ntework engineering.
- MACsec on Linux: another well documented example of using MACsec on Linux.