The historical Chinese proverb beneath could be utilized to options that community engineers should consider day by day. When it involves securing a number of knowledge facilities — we will examine it, see slide after slide, and perceive it conceptually. We may even run it in a lab surroundings. But till we will check it reside in a real-world facility (over the meant transport the place we will perceive its conduct and fine-tune for optimum efficiency and safety) deployment will at all times be a guessing sport.
“Tell me and I forget, teach me and I may remember, involve me and I learn”
– Ancient Chinese proverb
Recently, our Cisco networking consultants teamed with Equinix to achieve a transparent understanding of how a safe multi-data heart interconnect answer, protected with Cisco’s WAN MACsec encryption, would function between two or extra areas over an operational Equinix Fabric transport. By utilizing this real-world surroundings, we have been capable of achieve larger strategic perception into its inside workings and how you can finest apply these findings for securing a number of knowledge facilities for our public sector prospects.
The WAN MACsec path to securing a number of knowledge heart connections
At Cisco, we’re discovering that prospects are trying to find new safe transport choices which have the aptitude to soundly interconnect their multi–Regional Co-Location (Co-Lo) facilities collectively. And it’s key that any answer they deploy use encryption options that won’t impede the high-performance, low latency transport wanted between the facilities. For Cisco and Equinix, our testing particularly focused this functionality for verification.
We’re happy to current the outcomes of our testing in a joint Cisco/Equinix White Paper titled Securing High-Speed Interconnection Over Equinix Fabric Using Cisco WAN MACsec For Public And Private Sector. In it, we element the safe high-speed “Inter Region” interconnect answer, together with:
- Configuration examples
- Router output
- Testing strategies utilizing Cisco WAN MACsec over the Equinix Fabric (between Equinix areas in Ashburn, VA and Miami, FL).
Securing a number of knowledge facilities
Our joint testing leveraged the Equinix Fabric providing to offer high-speed Ethernet transport. We then used Cisco WAN MACsec to safe the transport between the 2 Equinix knowledge heart areas. For these prospects requiring multi-tenant Layer 3 segmentation throughout this service as properly, the testing additionally demonstrated BGP/MPLS IP VPN’s (RFC 4364) over Segment Routing (RFC 8402). This strategy is rapidly establishing itself as the brand new software-defined MPLS transport to be used in IP backbones and interconnections.
For authorities companies, establishing a WAN (SD-WAN, Segment Routing, MPLS) presence inside these cloud associate Co-Lo facilities is a primary step in the direction of enabling a “Cloud Ready Network” structure. Its worth is important. Co-Lo suppliers ought to be regarded as strategic “next-door-neighbors” for public cloud and SaaS suppliers. Especially since they’ll supply knowledge heart internet hosting companies for these prospects nonetheless internet hosting their very own non-public purposes; lowering their on-prem knowledge heart footprint and related overhead.
At Cisco, we’re dedicated to offering a wide range of safe and dependable options for purchasers working Co-Lo house together with routing, excessive pace encryption, safety, and visibility. We’re additionally serving to our prospects meet the compute wanted to host these non-public purposes and with securing these connections into the cloud service suppliers.
Additional sources
Authored by:
Craig Hill, Distinguished Architect, U.S. Public Sector at Cisco
Chris Hocker, Systems Architect, U.S. Public Sector at Cisco
Share: