The ancient Chinese proverb below can be applied to solutions that network engineers must evaluate daily. When it comes to securing multiple data centers — we can read about it, see slide after slide, and understand it conceptually. We can even run it in a lab environment. But until we can test it live in a real-world facility (over the intended transport where we can understand its behavior and fine-tune for optimal performance and security) deployment will always be a guessing game.
“Tell me and I forget, teach me and I may remember, involve me and I learn”
– Ancient Chinese proverb
Recently, our Cisco networking experts teamed with Equinix to gain a clear understanding of how a secure multi-data center interconnect solution, protected with Cisco’s WAN MACsec encryption, would operate between two or more locations over an operational Equinix Fabric transport. By using this real-world environment, we were able to gain greater strategic insight into its inner workings and how to best apply those findings for securing multiple data centers for our public sector customers.
The WAN MACsec path to securing multiple data center connections
At Cisco, we’re finding that customers are searching for new secure transport options that have the capability to safely interconnect their multi–Regional Co-Location (Co-Lo) centers together. And it is key that any solution they deploy use encryption solutions that will not impede the high-performance, low latency transport needed between the centers. For Cisco and Equinix, our testing specifically targeted this capability for verification.
We’re pleased to present the results of our testing in a joint Cisco/Equinix White Paper titled Securing High-Speed Interconnection Over Equinix Fabric Using Cisco WAN MACsec For Public And Private Sector. In it, we detail the secure high-speed “Inter Region” interconnect solution, including:
- Configuration examples
- Router output
- Testing methods using Cisco WAN MACsec over the Equinix Fabric (between Equinix regions in Ashburn, VA and Miami, FL).
Securing multiple data centers
Our joint testing leveraged the Equinix Fabric offering to provide high-speed Ethernet transport. We then used Cisco WAN MACsec to secure the transport between the two Equinix data center locations. For those customers requiring multi-tenant Layer 3 segmentation across this service as well, the testing also demonstrated BGP/MPLS IP VPN’s (RFC 4364) over Segment Routing (RFC 8402). This approach is quickly establishing itself as the new software-defined MPLS transport for use in IP backbones and interconnections.
For government agencies, establishing a WAN (SD-WAN, Segment Routing, MPLS) presence within these cloud partner Co-Lo centers is a first step towards enabling a “Cloud Ready Network” architecture. Its value is critical. Co-Lo providers should be thought of as strategic “next-door-neighbors” for public cloud and SaaS providers. Especially since they can offer data center hosting services for those customers still hosting their own private applications; reducing their on-prem data center footprint and associated overhead.
At Cisco, we’re committed to providing a variety of secure and reliable solutions for customers operating Co-Lo space including routing, high speed encryption, security, and visibility. We’re also helping our customers meet the compute needed to host these private applications and with securing those connections into the cloud service providers.
Additional resources
- Securing High-Speed Interconnection Over Equinix Fabric Using Cisco WAN MACsec For Public And Private Sector
- Evolve your Data Center with Cisco and Equinix
- WAN Connectivity Matters in Delivering Exceptional Application Experiences
Authored by:
Craig Hill, Distinguished Architect, U.S. Public Sector at Cisco
Chris Hocker, Systems Architect, U.S. Public Sector at Cisco
Great article !