HPE Aruba Networking: Highend-RZ-Switch CX 10040 mit 400G-Ports

The data center switch CX10000 with integrated DPU gets a big brother – the CX10040. The CX10040 delivers a higher port density on 100G ports and now also enables 400G in combination with an impressive stateful packet inspection performance of 1.6 Tbps. The encryption engine delivers up to 4.8 Tbps. A real attack on the competition in the data center switch sector. The fact that this architecture is an exciting approach is also demonstrated by Cisco Systems following suit with the same architecture.

With a switching capacity of 8 terabits per second and integrated stateful packet inspection, HPE Aruba and its partner AMD Pensando are focusing on high-end data center operation. On two height units, it offers 32 x QSFP28 ports with 100G, 6 x QSFP-DD with 400G and 2 x SFP+ with 10G. This means that it now also outperforms the new Cisco Nexus 9324C-SE1U Smart Switch with DPU and a packing density of 24x100G. The predecessor from HPE Aruba only provided 48 x 25G and 6 x 100G uplinks.

MACsec support with 4.8 Tbit/s

HPE has doubled the stateful inspection throughput to 1.6 Tbit/s in the four integrated DPUs from AMD Pensando. And MACsec support now delivers a remarkable 4.8 Tbit/s throughput – It is quite possible that HPE Aruba has responded here to the criticism of the CX10000, as formulated in the test in iX 04/2025. This makes the new switch more flexible than was previously the case, exclusively with IPSec on the CX 10000. It remains to be seen whether the configuration can now also be carried out in one place instead of previously on CLI and PSM. In addition, it now also supports the Precision Time Protocol (PTP).

As is usual with other data center switches, there is a variant with front-to-back ventilation and another with back-to-front as well as replaceable, redundant fans and power supplies. HPE expands the routing tables with up to 720,527 IPv4 and 368,404 IPv6 unicast routes. This should also be sufficient for large data centers. It is therefore not suitable for BGP full tables at the Internet transition, but this is not its intended use. It can be managed via CLI, REST-API, Aruba Fabric Composer (AFC) or Aruba Central.

With the CX 10040, HPE Aruba Networking is therefore targeting companies, authorities, and operators of cloud infrastructures that place great value on security as well as high performance. HPE also underlines this with the free AMD Pensando Policy and Services Manager (PSM), which, unlike the Cisco solution, can also be operated on-premise. The only thing missing now is an integrated IPS on the DPU.

In a spine-leaf architecture in combination with the HPE Aruba CX 9300-32D with 32x400G as a spine with a high throughput of 25.6 Tbit/s switching capacity and the CX 10040 as a leaf with stateful firewalling services, this results in an interesting architecture model in combination with EVPN/VXLAN in data centers. However, the switch also appears fascinating as a core switch in collapsed core designs with central firewalling on the switch and for high-performance data center coupling with MACsec encryption.

()