Network Deployments of MACsec ARE Expanding Inside and Between Data Centers as more Links and Security Concerns are Driving Encryption at All Layers of the Network


Every day consumers put more data in the Cloud and enterprises increase their utilization of Cloud services to conduct business.  The Cloud and the digital content it holds continue to make up an increasing portion of the world’s economy – even more so with COVID-19 causing a rapid shift and acceleration in digital transformation projects in companies.

To keep up, modernizations that previously took years to deploy are being pushed through quickly because of COVID-19.  2020 is now the year where it is truly Cloud-first, whether that be consumers using Cloud services more for personal activities ranging from interacting with loved ones via Social Media websites to e-learning or the rapid shift to work-from-home (WFH).

With enterprises relying on the Cloud for daily operations, the importance of end-to-end security is increasing every day.  In the Ethernet Switch (L2) and Routing market (L3/L3+), the interest in MACsec increases with each speed transition.  There is a higher attach rate of MACsec with 400 Gbps products compared to 100 Gbps, and we expect with the data center rapidly moving towards 100G per Lambda and 112 Gbps SerDes that MACsec will play a pivotal and significant role in the 800 Gbps market.

Cloud providers and Telco Service Providers continue to increase their use of MACsec, both inside the data center and between data centers (Figure 1).

Figure 1.  MACsec deployment inside and between data centers

End-to-end encryption from the server, often via a SMartNIC, is becoming more common.  In the case where a packet crosses between two locations, MACsec encryption secures  user/enterprise data from the moment it leaves a Cloud’s data center to the moment it enters. As applications use edge computing resources and become distributed across multiple availability zones and countries, data sovereignty and security become more important and top-of-mind for data center architects.

As Cloud providers and Telco Service Providers adopt 400 Gbps and look toward 800 Gbps, we expect to see more purpose-built MACsec solutions.  The data center networking market is also transitioning away from Modular chassis, and toward more Fixed CLOS architectures, we expect more Fixed 1RU solution with MACsec, especially in the DCI layer.  DCI will be a new market for Ethernet platforms, and vendors will look towards new features beyond the ASIC, like MACsec, to compete in this space.

– Alan Weckel, Founding Technology Analyst at @650group