PacketLight beefs up physical layer security with PL-2000AD

PacketLight Networks has added Layer 1 optical encryption capabilities to its PL-2000AD Optical Transport Network (OTN) platform in order to protect data in transit at the physical layer.

The PL-2000AD is a fully integrated, compact 1U multiprotocol, multi-rate platform that now equips enterprises and carriers with extended point-to-point Layer-1 encryption capabilities across their metro and long-haul routes.

For many years, cyber-security breaches were aimed at the data centre, cloud or the data itself in the enterprise environment. As security in those areas has strengthened, hackers have begun attacking the network directly, whether wireless or over fibre and cables, and the number of such attacks is on the increase, according to the company.

Conceptually, hacking into light waves seems excessively difficult but it turns out there are viable and practical ways of achieving this at low cost. Hence, Layer-1 or physical layer security has become a key part of a total cyber-security solution (see our feature Securing the cloud networking supernova).

The PacketLight platform is a muxponder/transponder/add-drop multiplexer that supports a mix of client protocols – including Ethernet, Fibre Channel, SONET/SDH and OTN – and aggregates them into dual 100G OTU4 uplinks using an OTN cross-connect matrix. By bundling the encryption capabilities into the same package, it provides a highly cost-effective approach to this task.

While the introduction of data encryption over the network can sometimes force massive and costly infrastructure migrations at upper layers, PacketLight says the bundled approach and ease of interconnection with other equipment allow security functions to be provisioned quickly and painlessly. The PL-2000AD encryption can interconnect with any Layer-2/3 switches, or to existing DWDM infrastructure.

“The challenge of protecting the network from hackers is hitting enterprises and service providers hard, while increasingly stringent regulations enforced by government and security managers are making encryption mandatory across organisations and countries,” explained Koby Reshef, PacketLight’s CEO. “Our customers are now able to comply with these regulations and deliver new types of encryption service without changes to existing infrastructure – making it quicker, less costly and faster to implement. PL-2000AD offers the most advanced Layer-1 security with minimal integration effort.”

PacketLight’s cryptography performs GCM-AES-256 Layer-1 encryption for up to 20 multi-rate Ethernet, Fibre channel or SONET/SDH services. The encrypted service provides end-to-end transparency of service data and clock with minimal latency. For even stronger security, PacketLight’s encryption uses periodical key exchange using the Elliptic Curve Cryptography Cofactor Diffie-Hellman (ECC CDH) algorithm.

The encryption system is fully compliant with NIST FIPS 140-2 Level 2 and with CNSA Top Secret Suite requirements (formerly NSA Suite B).


Cost and compatibility can make a compelling case for pushing 100Gb/s bandwidth over a single optical channel, both as individual links and supporting 400Gb/s Ethernet, finds Andy Extance

Analysis and opinion
Analysis and opinion

Robin Mersh takes a look at how the industry is creating next-generation optical access fit for 5G


Technological advances to aid the increasing demand for bandwidth, on the path towards the terabit network, should lead to optical signals that are flexible and adaptive, like water, argues Dr Maxim Kuschnerov and Dr Yin Wang