• United States
Senior Editor

Aruba switch can cut the need for separate, single-function appliances

News Analysis
Oct 19, 20214 mins
HPENetwork SecurityNetworking

The Aruba CX 10000 switch integrates a DPU from Pensando that helps support firewall, DDoS, encryption, network-address translation, load balancing, network telemetry, and automation.

networking background
Credit: Thinkstock

Hewlett Packard Enterprise company Aruba is taking the wraps of a new flagship data-center switch aimed at helping to better control and secure hybrid-cloud traffic in the enterprise.

The Aruba CX 10000 Series switch is a top-of-rack, L2/3 data-center box with 3.2Tbps of switching capacity, 48 ports of line rate 10/25GbE and six 40/100GbE ports, the company says. But its most intriguing component is an integrated Elba programmable data processing unit (DPU) from Pensando that helps eliminate the need for separate appliances for security and load balancing, for example.

Pensando is a startup lead by a crew of ex-Cisco stars including its chairmen of the board, former Cisco CEO John Chambers. Others leaders of the company include former Cisco engineering icons Mario Mazzola, Prem Jain, Luca Cafiero and Soni Jiandani, collectively known as MPLS based on their first initials. The MPLS group has founded a number of companies that were spun back into Cisco during Chamber’s time as CEO including Andiamo Systems for SAN switching, Nuova Systems for data-center switching and Insieme Networks for software-defined networking systems.

HPE is a big investor in Pensando having been part of its Series C funding, along with Lightspeed Venture Partners, of some $145 million in 2019.  HPE too has implemented the Pensando technology in some of its server line

The Pensando DPU can support software-defined cloud, compute, networking, storage and security services that run in combination with Aruba’s AOS-CX network operating system. That combination can provide wire-rate routing and switching with L4-L7 stateful software services including firewall, DDoS, encryption, network address translation, load balancing, network telemetry, and automation that can be applied to widely distributed workloads.

For example, the DPU can create port-level application or network segmented security policies across the enterprise, Aruba stated.

The CX 10000 also runs Aruba Fabric Composer software that promises to simplify network provisioning across the company’s CX switches and automates operations across a wide variety of virtualized, hyper-converged, and HPE compute and storage environments.

The idea with the CX10000 is to bring advanced network and security services as close as possible to where applications are processed—at the border between the server and the network—rather than at the perimeter as in a traditional data-center network. With firewall, encryption, tunneling, and other services running on a distributed services switch, organizations can scale new service capabilities faster, wrote David Hughes, Aruba’s chief technology and product officer in a blog about the introduction.

The CX10000 switch will have 100 times the scale and 10 times the performance at a third the cost of traditional switching, hardware firewall, and server agents, Hughes said.

Chambers said the integrated features of the new Aruba switch with Pensando technology creates a “new category of network switches where customers can redefine everything in software, simplify their environments by reducing the need for all types of legacy hardware appliances, and support integrated security and automation. “It really is the next big thing,” Chambers said.

The CX10000 offers organizations some intriguing options as they build out their data-center networks to handle ever-more diverse and distributed workloads, experts said.

“Enterprise customers struggle with the amount of data, location of data, and security in the hybrid and multi-cloud world,” said Alan Weckel, founder and technology analyst with the 650 Group. “This switch helps change some of these boundaries and simplifies deployment compared to existing solutions. In addition, customers should be excited to see new approaches as the current way of architecting networking isn’t scaling with the data.”

“Adding a DPU allows customers to rethink security policy and how they deploy in colocation in the future,” Weckel said. “In addition, this new Aruba switch will enable them to rethink costs and come up with a total solution that is lower cost compared to existing solutions.”

Weckel said that Aruba and Pensando have enabled a new type of distributed services architecture that lets enterprises create and operate network infrastructures that perform and scale just like the hyperscale infrastructure giants.

“I think other vendors will look to expand their existing lines. In the case of Cisco and Arista, they have FPGA accelerated switches today, mostly targeting high-frequency trading, that could be expanded to include a DPU, or they could come out with a new platform with a DPU in it,” Weckel said. 

“Every vendor targets the enterprise slightly differently, and I would expect many vendors to come out with similar products.  Launches may be delayed somewhat due to semiconductor and supply-chain shortages as well,” Weckel said.

The Aruba CX 10000 will be generally available in January 2022 with pricing starting at $45,000 and will include  a stateful firewall, zero trust, segmentation, telemetry, and DDoS security features.