Brocade Adds Inline MACsec Encryption to Routers

Brocade introduced native port-based encryption functionality for its family of MLXe modular routers.

The new security functionality added to the Brocade MLXe routers includes both 256-bit IPsec encryption and 128-bit MACsec encryption for ensuring end-to-end data protection. Both of these security protocols can be enabled at wire speed for up to 44 Gbps (IPsec) or 200 Gbps (MACsec) throughput per module, meeting the highest levels of network performance requirements. The encryption is interoperable with third-party IPsec Suite B-capable platforms, and it complements MACsec functionality available in the Brocade ICX family of switches.

Brocade said this update eliminates the need for expensive specialized switch/router encryption services blades or third-party security appliances, while also eradicating performance-inhibiting latency and complex operations that are inherent with these types of add-on devices. Adding encryption and decryption natively to the I/O modules of the router enables the network to ensure the privacy of all data that moves across it, without compromise, for the first time. By bringing wire-speed encryption into the router, customers can enable pervasive data privacy across their New IP initiatives while offloading their appliances, improving performance, and increasing their overall IT security profile.

IPsec interoperability with the Brocade Vyatta vRouter is targeted for a future release.

"With data breaches making headlines around the world, securing confidential information is top of mind for every organization. As customers tackle the data privacy challenge, they need security everywhere in their infrastructure, but especially for data-in-flight over the WAN. Historically, performance and cost have been key barriers to broad adoption of network encryption technology," said Jason Nolet, senior vice president Switching, Routing, and Analytics Products, at Brocade. "By utilizing innovative, I/O-based encryption in Brocade MLXe routers, organizations can now deploy up to 44 Gbps of wire-speed IPsec encryption per trunk and over 1 Tbps per router, achieving five times the performance at a third of the cost -- and without the operational complexity -- of comparable solutions."

"In a recent survey of IT professionals across North America, respondents stated they experienced a 75 percent decline in network performance when security appliance capabilities are enabled such as firewall, anti-virus, deep packet inspection, and encryption," said Zeus Kerravala, founder, ZK Research. "Additionally, 44 percent cited trade-offs being required between network performance and security, with nearly 40 percent of respondents stating they either decline to enable, or completely turn off, functions in their security devices to avoid impacting networking performance."

Hardware modules that support up to 200 Gbps of wire-speed MACsec encryption are priced starting at $90,000. A module that supports both IPsec and MACsec at up to 44 Gbps wire-speed performance is priced at $120,000.

http://newsroom.brocade.com/press-releases/brocade-enables-pervasive-data-privacy-across-publ-nasdaq-brcd-1171720#.VNAp0f6-2-0