Secure Transmission of Data

Carrier Ethernet for Business

The Enviroment

Universal connectivity is essential in today’s complex business environments. Driven by the convergence of data, voice and video over sophisticated and expanding networks, growth in demand for bandwidth is outpacing Moore’s Law to supply sufficient throughput

• Scalability

• Predictability, Risk Reduction, Certification

• Control

Benefits of Layer 2 Carrier

• Performance

• Key Carrier Ethernet attribute• Redundant equipment architectures and fast re-routing

algorithms

Benefits of Layer 2 Carrier

• Data Center & Server Consolidation

• Simplicity

Benefits of Layer 2 Carrier

The three main security risks within an Ethernet network are:

• Data leakage - A sniffer could intercept data streams allowing access to private company data

• Data loss - A misconfigured router/switch could send your unprotected data to an unintended destination

• Data theft - An intruder can launch an attack from a connected Layer 2 WAN to get access to your data

Quick Facts

• At the average packet sizes typical in today’s converged networks at Layer 3, IPsec overhead reaches 40-50 percent of total bandwidth

• Ethernet encryption at Layer 2 virtually eliminates overhead, and lowers total cost of ownership by streamlining security measures

Metro Ethernet Carrier Standards

• Traffic Separation and Isolation

• Authentication of interconnected equipment

• Encryption of data in transit

Traffic Separation and Isolation

• Ethernet Virtual Connection (EVC) is a standard Ethernet interface that is the point of demarcation between the customer equipment and the service provider's metro Ethernet network.

• EVC is a logical tunnel that connects two (P2P) or more (MP2MP) sites, enabling the transfer of Ethernet frames between them.

Authentication of interconnected equipment

• IEEE 802.1X to authenticate CE-1 and establish trust relationship between PE-1 and CE-1• Controls what devices are permitted

to access the network

• MACSec (IEEE 802.1AE) to authenticate packets exchanged between CE-1 and PE-1

Encryption of data in transit

• Encryption accomplished at different levels • Most commonly provided at IP Layer 3

• IPSec/SSL for IP

• Layer 2 Ethernet and IP Encryption Standards

• MACSec for Ethernet

Questions