MACsec encryption enhances the security and performance benefits of interconnection
The availability of MACsec encryption is another important point that sets Equinix Fabric apart from the public internet. Using MACsec encryption can further amplify security without compromising the performance benefits of Equinix Fabric. In contrast, IPsec encryption on the public internet relies on virtual private networking (VPN) technology to protect data in transit, which could further exacerbate the performance issues found on the public internet.
IPsec runs at Layer 3 of the networking stack, while MACsec runs at Layer 2. IPsec has the additional complexity of an encryption engine and the additional overhead of a larger Ethernet header. MACsec, on the other hand, is a simpler protocol that is embedded in the silicon of the network card responsible for transmitting and receiving data, and expands the header only minimally.
From a performance perspective, this is important because it means that MACsec provides line-rate speed of encryption for the given media. That is, MACsec provides encryption while fully leveraging the performance capabilities of the underlying hardware. If you have a connection speed of 10 Gbps, you can get close to 10 Gbps of encrypted throughput with MACsec. If you use the IPsec alternative, your throughput will be throttled. Depending on the hardware and the cloud provider you use, the encryption speed could be as low as 1–3 Gbps for the given IPsec tunnel.
OCI FastConnect supports MACsec encryption on all 10 Gbps and 100 Gbps direct cross-connects in all commercial and government regions. Customers can take full advantage of the many benefits of MACsec encryption when moving their FastConnect data sets, including line-rate encryption, data confidentiality, data integrity and origin authentication. The best part is that this functionality is available at no additional cost.
Equinix and Oracle provide a proven solution for encrypting data in transit to the cloud
To help our customers access MACsec encryption capabilities on a global scale, Equinix and Oracle came together to test and document our joint solution, which uses Equinix Fabric to extend the reach of MACsec-enabled OCI FastConnect.
To take advantage of MACsec encryption, enterprises need their network infrastructure to be fully transparent. An EPL connection passes unsegmented traffic between two ports, enabling the level of transparency required for MACsec. Customers looking to move encrypted data via OCI FastConnect and Equinix Fabric should therefore choose the EPL service option.
Customers can enable MACsec encryption on OCI FastConnect Direct connections, which are dedicated physical connections between OCI FastConnect and customer edge routers. These connections are usually limited within a particular colocation facility or metro region. Using Equinix Fabric EPL ports alongside OCI FastConnect Direct, customers can extend that dedicated connection between the original metro and any other Equinix Fabric metro, effectively allowing them to take their MACsec encryption capabilities global.
Inter-metro FastConnect with MACsec using Equinix Fabric
The two companies came together to test the solution inside an Equinix Solution Validation Center. This allowed us to demonstrate exactly how the solution would perform in a real-world environment. Following the successful validation of the solution, Equinix and Oracle also collaborated to produce detailed documentation for customers looking to get started with the combined solution.
The documentation provides details about the basic requirements customers need to meet in order to deploy the solution, and then walks them through the process of deploying the solution step by step. This includes setting up the OCI cross connect, acquiring Equinix Fabric ports in both the origin and destination metros, and then setting up the connections to bring them all together.
Enabling modern digital infrastructure with MACsec encryption on Equinix Fabric and OCI FastConnect
The combined performance and security benefits of MACsec encryption will become even more important as businesses increasingly use hybrid multicloud architectures to run advanced digital applications that require extremely large volumes of data. Moving data in a hybrid multicloud environment is complex enough as it is, so you’ll likely want to choose an encryption technology that won’t slow things down even further.
Businesses that frequently handle sensitive information on behalf of their customers—such as those operating in the financial services, healthcare and government sectors—have the most to gain from using MACsec encryption. These businesses are often required to comply with a complex web of data privacy regulations across the many different jurisdictions in which they operate.
They also have the most to lose if they ever fall victim to a data breach—not just the legal repercussions, but also the loss of trust from customers. These companies acknowledge that encrypting data is something they absolutely must do in order to ensure compliance and mitigate risk. The joint solution from Oracle and Equinix proves that they can extend MACsec encryption across their entire cloud environment without having to sacrifice performance or flexibility in the process.
Check out the guide to Equinix Fabric for a closer look at how the solution can optimize your infrastructure across the globe, and the technical specifications it uses to do that.
You may also be interested in
Read the OCI blog “Announcing MACsec encryption for Oracle Cloud Infrastructure FastConnect” for more information.