Cisco: New Nexus N9300 switches with security functions and AMD-DPU

At its in-house trade fair Cisco Live EMEA, network equipment provider Cisco presented two new "Smart" switch models of a new generation, which offer additional data processing units (DPU) from AMD and integration into the Hypershield platform in addition to the conventional features of a Nexus switch. Cisco had already presented a new security and firewalling approach called "Cisco Hypershield" at the beginning of 2024, which features micro-segmentation of workloads in containers and virtual machines via eBPF. Cisco acquired the technology behind this with the takeover of Isovalent.

Secure switches

Cisco's Executive Vice President and Chief Product Officer Jeetu Patel presented the two switches in the keynote speech at the event as a world first that could fundamentally change the switching market. However, the idea is not completely new: HPE had already announced its CX 10000 switch in 2022, which, like Cisco's new models, is based on AMD's "Pensando" DPU series through a cooperation with AMD. However, the special feature lies primarily in the software – where Cisco has a promising approach with Hypershield and also covers important and previously missing areas with the switches presented for its security platform.

The first switch model presented, the N9324C-SE1U, offers 24 100G ports and, according to Cisco, is intended to serve as a "data ramp" to the cloud ("OnRamp to the Cloud") as well as for segmentation between zones, for which a firewall has previously been used, as a data center interconnect and top-of-rack switch. The N9324C-SE1U will be available in April. The second model N9348Y2C6D-SE1U contains 48 25G ports as well as six 400G and two 100G ports. Cisco sees the switch as a top-of-rack model for data centers; it is due to be launched in July.

Both switches are based on Cisco's own Silicon One E100 switching chip, which provides a total throughput of up to 4.8 Tbps in both devices and a service throughput of 800 Gbps on the DPU. The N9324C-SE1U is equipped with four AMD DPUs, its brother model with two. Both are capable of MACsec, VXLAN and EVPN. Cisco's Nexus Dashboard serves as central management. It also offers DPU-based IPSec encryption and NAT. One disadvantage is that the switches can currently only be operated in NX-OS mode, as there is no support for Cisco's modern ACI platform. If you want to use the DPU features, the largest DataCenter Networking Premier license is required, and there are also licensing costs for the Hypershield platform.

Cisco offers a promising approach for IT infrastructures that are becoming more complex due to the increasing integration of AI workloads and distributed environments between data centers and public clouds. The novel combination of switches with offloading of security services into DPUs on the device and integration with Cisco's Hypershield platform opens up new technical possibilities. By combining these products, customers can build the Cisco Hybrid Mesh Firewall, with which the new and existing protection mechanisms and products converge in one management console; administrators should be able to centrally manage their security network from the transition to the Internet via the switches in the data center to containerized applications.

(olb)