<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hay Folks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Don’t want to bombard you with marketing crap, but if you divide the cost of the module by the total aggregate speed (44Gb encryption engine) the cost per 1Gb
of encrypted throughput is the lowest in the market; the module is still 2X the throughput of the closest module available on the Juniper MS-DPC; the encryption engine on a Catalyst WS-IPSEC-3 module is only 8 Gbps. If you’re deploying IPSec on a Cisco ASR,
you’re also looking at an additional $10K charge for the IPSEC license in IOS after you buy the actual module. We don’t license any software features, IPSec included, on the MLXe. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The IPSec module has 4X10G and 4X1G interfaces and uses an FPGA based encryption engine that sits directly on the module, so you don’t have to dedicate a separate
slot on the router for an encryption service module. The up side to this approach is that data doesn’t make a U-turn through the chassis to a service module to be encrypted; every time you’re sending any data to a separate service module, you’re burning backplane
banwidth twice because of the intermediate hop to the service module. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">We’re not bullshi**ing on performance; you can push *<b>bidirectional</b>* line-rate encrypted traffic streams across all the 10G and 1G ports, with 9.2K Jumbo
packets, and the module will never drop a packet. You can also stack every module in an MLXe with an IPSec module, while still running line-rate, and we actually support running 32 IPSec module in an MLXe-32 (yes, there are actually customers that need this
amount of encryption). This module was primarily built for Federal/DOD customers, so it support Common Criteria & FIPS with Elliptic Curve encryptio<a name="_MailEndCompose">n and AES-256, again…all in an FPGA based engine, not a L7 application process in
our code. The module contains 3GB of buffers to help with bursty traffic and supports 512 IPv4 routs, so you can use it as an egress port into a large BGP core. All of the existing IPv4/IPv6 & L2 features on the MLXe work across the module, so it can be inserted
into an existing MPLS or BGP backbone. <o:p></o:p></a></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">But yeah, it’s still an expensive module. Part of the target market are customers with FIPS, HIPPA, or PCI requirements who are required to bulk encrypt traffic
across their WAN or at their datacenter’s edge. If someone needs less than 10Gb or encrypted throughput, then the IPSec module for the ICX is a much better fit and shares a lot of the architecture of the MLXe IPSec module. The MLXe IPSec module can terminate
IPSec tunnels for the ICX, so it’s a good solution for aggregating multiple IPSec tunnels from remote sites. Later this year we should also be able to support terminating IPSec tunnels from vRouter, so you will be able to leverage it as a IPSec cloud-bridging
solution for applications running in AWS. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Wilbur<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> foundry-nsp [mailto:foundry-nsp-bounces@puck.nether.net]
<b>On Behalf Of </b>Eldon Koyle<br>
<b>Sent:</b> Monday, August 15, 2016 8:32 AM<br>
<b>To:</b> Michael Gehrmann <mgehrmann@atlassian.com><br>
<b>Cc:</b> foundry-nsp <foundry-nsp@puck.nether.net><br>
<b>Subject:</b> Re: [f-nsp] Brocade IPSEC modules<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p>I'm still trying to recover from the sticker shock. They only have one option for ipsec, a 4-port 10g card that lists for $120k in the US.<o:p></o:p></p>
<p>-- <br>
Eldon<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Aug 14, 2016 22:21, "Michael Gehrmann" <<a href="mailto:mgehrmann@atlassian.com" target="_blank">mgehrmann@atlassian.com</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Has anyone experienced/used the IPSEC modules for MLX or the like?<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Good/Bad/Ugly?<o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Michael Gehrmann<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
foundry-nsp mailing list<br>
<a href="mailto:foundry-nsp@puck.nether.net">foundry-nsp@puck.nether.net</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_mailman_listinfo_foundry-2Dnsp&d=DQMFaQ&c=IL_XqQWOjubgfqINi2jTzg&r=l86Fj-WC0GHHSCjQjuUvTzxOj0iW25AHL3VIC5Dog8o&m=kMlOv2qnUiPnfc42sOTnEFeFcn73KW8Fzu4vdzYoLio&s=sfWvpeKTr5SD77pBtArKs7aqoLaYHf5tERLTXiS-eys&e=" target="_blank">http://puck.nether.net/mailman/listinfo/foundry-nsp</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</div>
</body>
</html>