Industry’s First Wire-speed Inline Encryption for Modular Routers Now Available
With the global importance of data privacy at an all-time high, and in recognition of Data Privacy Day, Brocade today announced the industry’s first native port-based encryption functionality for modular routers. This offering delivers encryption embedded in-line with the I/O ports, enabling customers to avoid the significant performance loss, operational complexity, and prohibitive cost associated with services blades or external appliances used for encryption. The new capability better enables comprehensive privacy for all data across campus, data center, and wide area networks belonging to enterprises, service providers, and the public sector.
To protect data-in-flight between data centers, branch offices, and campus buildings, Brocade added the industry’s highest level of encryption, IPsec Suite B algorithms with support for AES 256-bit keys, to the family of Brocade® MLXe routers via a purpose-built line module and operating system enhancements. The updates eliminate the need for expensive specialized switch/router encryption services blades or third-party security appliances, while also eradicating performance-inhibiting latency and complex operations that are inherent with these types of add-on devices.
It’s common knowledge among IT teams that adding security devices severely impacts application performance and employee productivity, forcing difficult decisions that can put the business, as well as employees and customers, at risk.
“In a recent survey of IT professionals across North America, respondents stated they experienced a 75 percent decline in network performance when security appliance capabilities are enabled such as firewall, anti-virus, deep packet inspection, and encryption,” said Zeus Kerravala, founder, ZK Research. “Additionally, 44 percent cited trade-offs being required between network performance and security, with nearly 40 percent of respondents stating they either decline to enable, or completely turn off, functions in their security devices to avoid impacting networking performance.”
The new security functionality added to the Brocade MLXe routers includes both 256-bit IPsec encryption and 128-bit MACsec encryption, the gold-standard protocols used by organizations to help ensure end-to-end data protection. Both of these security protocols can be enabled at wire speed for up to 44 Gbps (IPsec) or 200 Gbps (MACsec) throughput per module, meeting the highest levels of network performance requirements.
“With data breaches making headlines around the world, securing confidential information is top of mind for every organization. As customers tackle the data privacy challenge, they need security everywhere in their infrastructure, but especially for data-in-flight over the WAN. Historically, performance and cost have been key barriers to broad adoption of network encryption technology,” said Jason Nolet, senior vice president Switching, Routing, and Analytics Products, at Brocade. “By utilizing innovative, I/O-based encryption in Brocade MLXe routers, organizations can now deploy up to 44 Gbps of wire-speed IPsec encryption per trunk and over 1 Tbps per router, achieving five times the performance at a third of the cost—and without the operational complexity—of comparable solutions.”
Adding encryption and decryption natively to the I/O modules of the router enables the network to ensure the privacy of all data that moves across it, without compromise, for the first time. By bringing wire-speed encryption into the router, customers can enable pervasive data privacy across their New IP initiatives while offloading their appliances, improving performance, and increasing their overall IT security profile.
The new IPsec and MACsec functionality for the Brocade MLXe routers is interoperable with third-party IPsec Suite B-capable platforms, and it complements MACsec functionality available in the Brocade ICX® family of switches. IPsec interoperability with the Brocade Vyatta® vRouter is targeted for a future release, enabling customers to deploy native network encryption for privacy of all their data across hybrid cloud deployments.
Pricing and Availability
The new IPsec encryption module for the Brocade MLXe, MACsec-capable modules, and supporting software are shipping now. Hardware modules that support up to 200 Gbps of wire-speed MACsec encryption are priced starting at $90,000. A module that supports both IPsec and MACsec at up to 44 Gbps wire-speed performance is priced at $120,000. The Brocade NetIron® OS 5.8 software that enables encryption functionality on these modules is available at no additional cost to customers with a Brocade service contract.