News Stay informed about the latest enterprise technology news and product updates.

Inline IPsec and MACsec encryption on Brocade MLXe repels prying eyes

With inline IPsec and MACsec encryption, the Brocade MLXe can encrypt data across WANs, LANs and the cloud.

Brocade is adding IPsec and MACsec encryption to its enterprise routers and campus switches to address the increasing...

demand to secure data everywhere, from the LAN to the WAN and the cloud.

Brocade introduced new port modules for its MLXe router/switch chassis that support Layer 3 IPsec encryption and Layer 2 MACsec encryption inline and at wire speed. The company also added MACsec encryption to its FastIron campus switches, starting with the ICX-6610.

The IPsec encryption on the Brocade MLXe will allow enterprises and cloud providers to encrypt data transiting routed networks, including the WAN, without an external appliance or specialized chassis module. The MACsec encryption will allow enterprises to encrypt data from the campus access layer to the network core.

The combination of IPsec and MACsec encryption gives Brocade an end-to-end security capability, said Bob Laliberte, principal analyst with Milford, Mass.-based Enterprise Strategy Group. "Right now all the research we're doing points to network security being a top priority of IT organizations. This provides encryption at different layers, not just in the external network and the DMZ, but also internal to the organization," he said.

With the new Brocade MLXe port modules, an enterprise can protect data at Layer 2 from the access layer with MACsec encryption, decrypt the data at the MLXe core, then re-encrypt it with IPsec before sending it over a routed network, he said.

More on network security and encryption

Silver Peak enhances encryption on WAN optimization appliances

Can next-generation firewalls detect encrypted malware?

The six ways hackers break SSL encryption

Best encryption products of 2013

Enterprises and cloud providers are clamoring for ways to encrypt data in more places on the network in light of high-profile security breaches and revelations about the U.S. National Security Agency and foreign intelligence agencies trying -- and succeeding -- to penetrate enterprise network security.

"We still need to encrypt across the public network, but there is also a recognized need that even links that were thought of as private links -- like MPLS purchased from a provider or private fiber between data centers -- must be encrypted," said Daniel Williams, director of product marketing at Brocade. "Also, there is an increasing need to do bulk encryption at the network link layer."

IPsec and MACsec encryption on the MLXe address these requirements, he said. This encryption can enhance privacy by obscuring even the metadata that some malicious hackers and intelligence agencies can typically gather from data encrypted only at the application layer via SSL, he said.

Inline encryption on the network port

Inline IPsec encryption on the MLXe line cards differentiates Brocade's approach from competitors, Williams said. Other vendors either offer a standalone appliance or a dedicated service module for a chassis. Encryption on the Brocade MLXe modules eliminates the cost of a second device or component, removes a secondary level of configuration, and helps the company deliver these encryption features at wire speed, he said.

"We're seeing networking vendors thinking creatively about how they can continue to leverage and use their PHY/MAC hardware assets for defensible and sustainable differentiation and value," said Brad Casemore, research director at Framingham, Mass.-based IDC. "In this context, baking security into the mix is a logical move."

The new MLXe line cards include a new 20-port 10 Gigabit Ethernet (GbE) module with 128-bit MACsec encryption at wire speed, which enables end-to-end, hop-by-hop Layer 2 encryption to and from the access layer ICX-6610 switch.  It will be available in mid-summer.

The other module is a 256-bit IPsec device with 4 GbE ports and 4 10 GbE ports. The module provides 44 Gbps of IPsec at wire speed, which translates to more than 1 Tbps of wire speed IPsec encryption on the largest MLXe chassis, Williams said. The IPsec module will be available near the end of this year.

Let us know what you think about the story; email: Shamus McGillicuddy, news director or follow him on Twitter @ShamusTT

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.