Data Center

Data Privacy without Impact and Complexity for all! The what and why’s of Brocade’s Announcement

by Ed O'Connell on ‎01-28-2015 07:19 AM (6,263 Views)

Today (January 28th) is Data Privacy day. To mark this ever important event, Brocade announced a new interface module for the MLXe routing chassis with in-line IPsec and MACsec wire-speed encryption services. Our goal is true, pervasive data privacy for all without impact to network performance or added complexity. The new Interface module is designed to help solve a painful problem for a number of organizations that need to protect valuable data (e.g. intellectual property, customer data) over WAN or in hybrid cloud environments.


The IPsec interface module delivers 4 ports of 10GbE and 4 ports 1GbE that can push data into either IPsec (256-bit AES Suite B) or MACsec (128-bit) encryption at wire speed. And the 8 ports can be link aggregated to create a simple, single, large 44Gbps pipe. Simple protection of data in -flight across the WAN or in hybrid cloud environments.


So that is pretty much the ‘what’ is in the announcement in a nutshell. There are a number of use cases and configurations that I will cover over time in the Brocade Data Center blogs. It would be a bit much try to discuss some of them in a single blog.


Now comes the ‘why’ question? Isn’t IPsec old news? Why would Brocade introduce an Interface module with IPsec? Simple, our customers asked us to. Today, too many of them are having challenges with encrypting network traffic and asked us to help. Here’s an example of a customer who came to Brocade about their challenge of encrypting their intellectual property when it travels across the world.


They need to continually transfer large video (REALLY BIG) files all over the world for post-production work and then distribution of final video. Today they have 5 Firewalls rated at 20Gbps of traffic throughput that they use to do the encryption. But the firewalls can only encrypt data at 4Gbps. So to get to the desired 20Gbps of throughput they need 5 firewalls (2U of rack space each). Firewalls are not optimized for encrypting and decrypting traffic hence 4Gbps of encryption throughput per firewall. So for each 1U of rack space taken by the firewalls, the customer is getting 2Gbps of encryption speed. OPEX-wise this is very expensive and complex to setup and manage. And it scaling up for greater capacity just adds to the pain.


In 5U of rack space, a single Brocade MLX4-4 with one IPsec module can be configured to meet their 20Gbps requirements. Network administrators can configure the network connection (link aggregate to create a ‘single pipe’) as they do naturally and the MLX-4 with the IPsec module will transfer data at up to 44Gbps of 256-bit Suite B IPsec encryption. That’s 8Gbps+ per 1U of rack space. If the customer needs more IPsec encryption throughput, just add another module into the MLXe-4 in the same 5U of rack space and now you’re up to 16Gbps+ of IPsec throughput (88Gbps). That’s scalability without escalating complexity or OPEX.


If you’re a Brocade MLXe customer today and want to ‘test drive’ the new IPsec modules, contact your Brocade Account Executive or drop me an email at


If you’re not a Brocade customer today but want to have a simple, scalable data privacy for data in-flight, give Brocade a call and ask for a test-drive.