December 6, 2007 -- Ixia, a provider of IP performance test systems, has introduced a test interface module for MACSec link security.
MACSec, IEEE 802.1ae, which became an IEEE standard in June 2006, specifies how encryption is used to secure the links between major carrier and data center network devices. The MACSec standard protects high-speed links from a number of security risks, including impersonation, confidentiality, and data modification. MACSec operates by performing link layer encryption for each hop through a network. It works within carrier core networks and data centers, where 10-Gigabit Ethernet links are fast becoming the norm. Due to these speed requirements, vendors are developing chips specifically designed to handle MACSec encryption/decryption.
Ixia says its 10-GbE MACSec Load Module is designed to enable chip vendors and NEMs to completely test their designs prior to integration and deployment.
"Testing the performance of network security devices is essential to ensure that the infrastructure will be able to meet both capacity and security requirements under a variety of external and internal loads," says John Burke, principal research analyst at Nemertes Research. "Indeed, the performance of a security device can determine how secure the device is. Many exploits work only when the security appliance is subjected to extreme loads, leading to the exposure of a bug or inherent capacity limit. Proper testing can reveal those limits prior to release or deployment and allow for remediation."
The Ixia 10-GbE MACSec Load Module can be used in any of the company's chassis. The module offers line rate, link layer encryption using AES-GCM encryption (Advanced Encryption Standard - Galois Counter Mode), as specified in RFC 4106, in addition to the standard features available with the company's 10-GbE family of products.
Further, the company's IxExplorer test application and Tcl API provide complete access to all encryption parameters used to encode/decode MACSec encrypted traffic. The company notes that encryption and decryption works in conjunction with its patented stream generation hardware to provide line rate 10 Gbit/sec operation. The hardware/software combination allows vendors to be certain that their chip and device designs and network devices conform to standards and perform at the required levels, according to Ixia.
The company notes that, with the MACSec standard now ratified, the IEEE is turning its attention to an allied standard, IEEE 802.1af, also known as KEYSec. KEYSec addresses how MACSec endpoints exchange the encryption keys that they require, and is expected to form a key component of a complete link layer security ecosystem.