Layer 2: encryption on the Ethernet layer

The Ethernet frame is encrypted by inserting a secure header on the MAC layer (layer 2). The low overhead leads to only minor losses in data throughput and performance compared with layer 3 encryption, especially when encryption is hardware-based. The encryption is used for local and metro networks with high volumes of data and all applications due to the low latency. Encryption is standardised, but the key exchange is often specific to manufacturer.

  • Encryption with the aid of MACsec
  • Little impact on runtime
  • Little data overload
Encryption levels

ADVA: FSP 150 ConnectGuard

ECI: Neptune (NPT) platform NPT DHXE 4sec

NPT DHXE 4sec
MACsec support for 1G and 10G WAN ports, based on new HW (DHXE_4Sec)
  • 40G packet card with MACsec capability
  • Supports
    • 2 x 10G/OTU-2 (SFP+)
    • 2 x 10G/GE multirate
    Provides network-wide hop-by-hop L2 traffic encryption (port-to-port encryption)
    • Compliant with IEEE 802.1AE
    • Strong encryption based on GCM-AES-256
      Compatible with NPT-1022, NPT-1200, NPT-1300, NPT-1800

Actelis: QuFast SHDSL systems technology

Due to increasingly stringent security requirements, particular from network operators with critical infrastructure, encryption of the whole transmission path is becoming more and more interesting. Our solution, based on the QuFast SHDSL 600 EL range of devices, encrypts all traffic based on MACsec on layer 2. In this case, encrypted traffic is routed via the SHDSL or optical fibre line (up to 1GE wire speed). Therefore, the QuFast SHDSL 600 EL can also be used just as L2 encryption terminals/switches. For applications with SHDSL transmission, devices with 4 or 16 twisted pairs (can be bundled to increase the bandwidth) are available as desktop units or as top hat rails with up to four twisted pairs (two directions).
Characteristics:
  • MACsec encryption over SHDSL and/or optical fibre (also possible over L2 networks)
  • SHDSL solutions with 4 and 16 twisted pairs (can be bundled – 15 Mbit/s per DA)
  • Extensive L2 Ethernet features/QoS, QinQ, Ethernet measurements (ITU-T Y1564) etc.
  • Powerful SHDSL feature with bonding of up to 16 DAs
  • Optional SHDSL repeater solution available
  • Desktop units and top hat rails
  • Greater temperature range/industrial Ethernet
  • Graphical software and optional management system

DNWP: Dyna Wiz

Dyna Wiz is a strong IP-based access point for telecommunications networks in critical infrastructure. The compact design is ideal for hard-to-access or remote locations such as wind and solar farms. It fits easily into confined spaces such as substations, gas and oil block valve stations, airport shelters and railway track shelters. The IP-based access point supports technology platforms with MPLS-TP, carrier Ethernet 2.0 and TDM over Packet, making it compatible with all critical IP applications. It also provides cyber security for all services routed through Dyna Wiz.
Key features:
  • 8G MPLS-TP switch
    • Linear protection switching 1:1<
    • Virtual private wire and LAN service (VPLS/VPWS)
    • 8 x CoS
    • OAM for MPLS-TP (G.8113.1/G8113.2/Y.1372)
  • Linear protection switching 1:1
    • 8 Ethernet SFP ports
    • 2 x 2.5 GbE
    • 6 x GbE
  • TDM over packet with optional TDM SFP adapters
    • E1
    • 94
    • 24 E
  • Optional AES256-GCM user data encryption and authentication
    • Manual key configuration or automated key exchange
  • Measures: L95 x H175 x W130 power consumption
  • Power options: two battery inputs 24-110V DC 20W max.
  • Operating temperature: -20 … +65 C
Dyna Wiz

DNWP: Connection Master

Due to its hybrid node design, the DNWP Connection Master offers full support for both TDM-based and packet-driven services in one single system family and is predestined for multi-service voice and data applications.
6 Slot connect master chassis
16 Slot connect master chassis
SDH/TDM-based key features:
  • STM-1/4/16 SDH trunk
  • For multi-service voice and data applications
  • Data interfaces: E1, V.24, V.11, X.21, G703/64k, C37.94
  • Voice interfaces: E&M, FXS, FXO
  • Total non-blocking capacity of the cross connector up to 128 x 2 Mbit/s at 64k bit level
  • Real-time-critical, low-latency applications (e.g. teleprotection compliant with IEEE 37.94)
  • Enhanced for highly time-critical applications with low latency
  • Redundant expansion option for the control and power supply units
  • Ethernet and TDM in the first mile compliant with IEEE 802.3
  • 6 and 16 slot versions
  • Superior MTBF of over 50 years
  • Protects the investment of Dynanet and FMX2 infrastructure installed
  • User-friendly user interface
  • Network management system with alarm, configuration and E2E management
  • TDM cross-connect matrix from the SDH level to single TDM channels
  • Next-generation system and full compatibility with Nokia Dynanet and Siemens FMX2 product families (supports Nokia Dynanet and Siemens FMX voice and data interfaces)<
Packet-based (MPLS) key features:
  • STM-1/4/16 SDH trunk
  • 1GE/10GE IP packet trunk
  • Carrier Ethernet 2.0
  • TDM over Packet
  • MPLS-TP: 1GE/2.5GE/10GE
  • SyncE and IEEE 1588v2
  • Advanced encryption
  • Full number of subrate interfaces
  • Network management system including MPLS-TP service provisioning