November 30th, 2011
MACsec encryption has become increasing popular and important to campus network design, but previous switch performance degraded when encrypted traffic was passing through it. Here we show that the catalyst 6500 does not suffer a performance degrade while MACsec traffic is passing through it. We tested the Catalyst 6500 via the cPacket Networks cTap 10G passive probe to verify traffic flows were either MACsec encrypted or unencrypted. We found that there is no material difference in throughput performance, other than 802.1ae encryption key overhead, thanks to 16 additional bytes per packet. The cPacket passive probe also measured line rate throughput performance. This is a great short video that verifies how the old encryption performance penalty is now gone.
Download “A Comprehensive Testing of Cisco Systems Catalyst 6500 Sup2T” report here.