Full Text

Ethernet services offer tremendous benefits for enterprises, including highly flexible bandwidth options, the ability to quickly and easily increase bandwidth to meet ever-growing application demands, and simplified network operations through a common technology for both LANs and WANs.

Ethernet technology has been augmented over the years to improve security, but at the expense of additional complexity. Such technologies included virtual LANs (VLANs) in IEEE 802.1Q, authentication via IEEE 802.1x (EAP) and IEEE 802.1ae (MACsec) and network access control solutions.

Despite these security improvements, enterprises know Ethernet predominantly as a LAN technology where all user data is multiplexed over the network with limited separation or isolation. Furthermore, Ethernet service deployments using IEEE 802.1ad (also known as Q-in-Q or VLAN stacking) expose the enterprise subscriber's host MAC addresses even though the Ethernet frame's IP payload may be encrypted. Therefore, the network is vulnerable to external threats such as MAC address spoofing, passive monitoring, man-inthe-middle attacks and MAC denial of service (DoS) attacks.

Security Business Drivers

Information privacy and protection are significant concerns for enterprises, especially for any traffic that traverses the metro or wide area network. In addition to information security, enterprises in vertical markets such as finance, government, health care, retail and manufacturing...