The product is the third generation of the Irvine, California-based semiconductor company’s GbE products, called StrataXGS III BCM56510, and the security technology is called the BroadShield framework.
Ammar Khan, senior product line manager in Broadcom’s network switching business unit, said the two previous generations of StrataXGS had already had security features such as access control lists and policy-based security generally, not to mention port-level security for blocking storms.
We also have something called the Protocol Checker to fend of known DoS threats, he said.
However, around two years ago the company began work on enabling the next generation to become an enforcement point for NAC, and since there are standards efforts but not one single standard for NAC, it came up with what Khan called a superset of the requirements of the leading players, with APIs for them to incorporate the 56510 in their infrastructure.
As for the players in question, Khan mentioned the Trusted Computing Group, where Juniper and Extreme are among the networking vendors pushing the so-called Trusted Network Connect protocol spec based on AAA security with network clients authorized on the basis of hardware config, BIOS, kernel version and so on; Cisco’s Network Admission Control; Enterasys with its Sentinel appliance and Microsoft with Network Access Protection, which is also mentioned by name in the press release.
The security features the 56510 will be able to bring to bear in enforcing NAC will be standards-based authentication, user quarantining, DoS, spoofing and man-in-the-middle attack prevention, and the portfolio’s existing support for advanced ACLs.
Martin Lund, VP and GM of the network switching business unit, said the 56510 won’t immediately replace the previous generation, namely the 56500, and there is no end-of-life announcement for the latter, but Broadcom clearly expects the new silicon to start off in high-end enterprise switches and gradually work its way down, eventually superseding the 56500 entirely.
