The Aruba CX 10000 Series Switch creates a new product category that protects east-west traffic in the data centre, brings new economies of scale, performance and price, and won’t compete directly with partners’ existing firewall business.
Today, Aruba, a Hewlett Packard Enterprise company that handles all their networking, is announcing the introduction of the Aruba CX 10000 Series Switch With this offering. Aruba leverages the HPE relationship with, and investment in Pensando, to bring to market a switch that protects east-west traffic in the data centre, and which has much greater scalability and performance than traditional L3 switches, at about one third of the cost.
“Traffic application architectures have changed with containerization and microarchitectures,” said John Gray, Aruba’s Data Center Marketing Lead. “Most traffic in the data centre today is east-west, and there is no optimal way to provide security for that for microservices. What we offer with the Aruba CX10000 is the ability to deploy an industry standard top of rack switch that will work with any spine. Instead of having to hairpin all the traffic connections, this switch can provide stateful service at a fraction of the cost of the traditional centralized model.” It allows the extension of industry standard leaf-spine networking with stateful distributed micro-segmentation, east-west firewalling, network address translation, encryption and telemetry services – all delivered inline, all the time, on every access port.
The Aruba CX 10000 Series Switch combines best-of-breed Aruba data center L2/3 switching with the Pensando Elba, the industry’s only fully programmable DPU.
Pensando is a well-funded startup, which has taken in over $300 million in investment to date, and which has attracted a lot of attention because former Cisco CEO John Chambers is the Chairman there.
“Pensando is an ASIC company, which develops their own silicon focused on networking services and security services,” Gray said. “Their first product was a PCI DPU that does hardware acceleration of certain functions and services. The old Cisco MPLS team is there, as are a bunch of their engineers, with a mission of democratizing the cloud. For over a year, we have been working with Pensando to embed their capabilities into the switch itself, which has been a 12-15 month project.”
Pensando also has a strong relationship with HPE, which has invested $50 million in the company. HPE and Pensando first partnered around the Pensando Distributed Services Platform for HPE Servers, which is available as a factory option in HPE ProLiant servers, HPE Apollo systems, and HPE Edgeline Converged Edge systems.
“We do have an exclusive with them around this for 12 months after integration,” Gray said. “There are other ASIC vendors in this space, like Broadcom, Mellanox and NVIDIA, but we believe our relationship and investment will keep us sticky for some time.”
Gray said that this new Distributed Services Switch is not only an entirely new category, but should have a revolutionary impact on the market.
“[HPE CEO] Antonio Neri believes that putting this technology in a top of rack switch makes this a next generation switching architecture,” he stated. “Nobody else in the industry offers this category of switch. It allows delivery of 100x the scale and 10x the performance of traditional L3 switches, at a third the cost of cobbling together traditional switching, or using an agent option. We believe that this makes it very disruptive.”
At first glance, this seems to be a telco product, but Gray stressed that its market is significantly broader than that.
“It’s not just for telcos,” he said. “The big differentiator here is large enterprises in brown field environments that don’t want to go put NIC cards in, and that could be Fortune 2000 or even smaller enterprises. If they are doing a 25 GB refresh, they could deploy this for a slight premium over a top of the rack switch for full east -west coverage, and can drop it at the top of the rack. There’s no agent and no NIC card. It’s a networking-centric sales motion that integrates security.”
Gray also said that partners who might be leery that the Aruba CX 10000 might disrupt their established firewall businesses have no real concerns here.
“The CX 10000 is not a replacement for perimeter firewalls,” he stated. “We don’t complete with traditional firewalls. This is an east-west firewall, which isn’t done at all, so this is an added capability partners can bring to customers. In addition, this is cutting edge technology, and if partners aren’t offering it, their competitors will. This is why the channels we have worked with the last couple months around this are excited about it.”
The Aruba CX 10000 Series Switch with Pensando will begin shipping in January 2022. List pricing starts at $USD 45,000, and includes a base service license that includes accelerated Stateful Firewall, Zero Trust Segmentation, ERSPAN, Telemetry, and DDoS protection.