2. The Enviroment
Universal connectivity is essential in
todayâs complex business
environments. Driven by the
convergence of data, voice and video
over sophisticated and expanding
networks, growth in demand for
bandwidth is outpacing Mooreâs Law to
supply sufďŹcient throughput
3. BeneďŹts of Layer 2 Carrier
⢠Scalability
⢠Predictability, Risk Reduction,
CertiďŹcation
⢠Control
4. BeneďŹts of Layer 2 Carrier
⢠Performance
⢠Key Carrier Ethernet attribute
⢠Redundant equipment architectures and fast re-routing
algorithms
5. BeneďŹts of Layer 2 Carrier
⢠Data Center & Server Consolidation
⢠Simplicity
6. The three main security risks within
an Ethernet network are:
⢠Data leakage - A sniffer could intercept data
streams allowing access to private company
data
⢠Data loss - A misconďŹgured router/switch
could send your unprotected data to an
unintended destination
⢠Data theft - An intruder can launch an
attack from a connected Layer 2 WAN to get
access to your data
7. Quick Facts
⢠At the average packet sizes typical in
todayâs converged networks at Layer
3, IPsec overhead reaches 40-50
percent of total bandwidth
⢠Ethernet encryption at Layer 2
virtually eliminates overhead, and
lowers total cost of ownership by
streamlining security measures
8. Metro Ethernet Carrier Standards
⢠TrafďŹc Separation and Isolation
⢠Authentication of interconnected
equipment
⢠Encryption of data in transit
9. TrafďŹc Separation and Isolation
⢠Ethernet Virtual Connection (EVC) is
a standard Ethernet interface that is the point of demarcation
between the customer equipment and the service provider's
metro Ethernet network.
⢠EVC is a logical tunnel that connects two (P2P) or more
(MP2MP) sites, enabling the transfer of Ethernet frames
between them.
10. Authentication of interconnected
equipment
⢠IEEE 802.1X to authenticate CE-1
and establish trust relationship
between PE-1 and CE-1
⢠Controls what devices are permitted
to access the network
⢠MACSec (IEEE 802.1AE) to
authenticate packets exchanged
between CE-1 and PE-1
11. Encryption of data in transit
⢠Encryption accomplished at
different levels
⢠Most commonly provided at IP Layer 3
⢠IPSec/SSL for IP
⢠Layer 2 Ethernet and IP Encryption
Standards
⢠MACSec for Ethernet