HPE Aruba Networking Blogs

The Next Evolution of Switching Architecture is Here

By David Hughes, Chief Product Officer

Aruba Pensando Distributed Services Switches

The world is shifting from traditional Data Centers to “Centers of Data.” Today's “traditional” enterprise data centers are being augmented by distributed and virtualized “edge” data centers where data is being created and processed.

While data center network fabrics have evolved over the past decade, providing higher-performing 25/100/400Gbps leaf-spine topologies to address the volume and velocity of emerging application architectures, security and services architectures have not kept pace.

Centralized security appliances weren’t designed to inspect and protect application traffic that is moving east-west within the data center. It’s not operationally or economically practical to deploy a suite of security appliances in every server rack. And hair-pinning traffic to an appliance sitting in a centralized services leaf comes with heavy performance and cost penalties.

Delivering network and security services at scale is a growing challenge for enterprises, whether expanding an existing data center to meet growing demand for digital services or establishing edge deployments at colocation facilities to support innovative new applications.

According to ESG research, 70% of organizations are running or plan to run cloud-native and container-based applications in hybrid environments. Enterprises need a modern distributed services environment to better support modern, cloud-native applications.

Aruba Delivers the Next Evolution of Switching Architecture

Recognizing the need and urgency to address these new realities, Aruba has partnered with Pensando Systems to create a new category of network switch—the Aruba Distributed Services Switch.

The Aruba CX 10000 Series Switch with Pensando represents the next evolution of data switching architecture, one that combines best-of-breed Aruba data center L2/3 switching with the industry's only fully programmable data processing unit (DPU) from Pensando. The Aruba CX 10000 delivers stateful software-defined services inline, at scale, with wire-rate performance and orders of magnitude scale and performance improvements over traditional data center L2/3 switches at a fraction of their TCO.

The Aruba CX 10000 allows advanced network and security services to be deployed as close as possible to where applications are processed—at the border between the server and the network, rather than at the perimeter as in a traditional data center network architecture. With firewall, encryption, tunneling, and other services running on a distributed services switch, organizations can scale new service capabilities faster.

Aruba’s innovative distributed services switch delivers wire-rate routing and switching with L4-L7 stateful software services, including firewall, DDoS, encryption, network address translation (NAT), load balancing, and network telemetry—for any workload, any server, or any deployment. Automation is enabled through the powerful and programmable Aruba AOS-CX operating system.

The Aruba CX 10000 is engineered to optimize network bandwidth and performance, delivering a jaw-dropping 100X the scale, 10X the performance at one-third the TCO of legacy switching and security solutions.

Unifying Networking and Security Policy and Automation

Aruba Fabric Composer is the primary unified network and security management engine for the Aruba CX 10000. It handles all switch and network configurations, plus all firewall policy definitions for both switch and distributed firewalls. Aruba Fabric Composer interacts with the switch itself and the embedded security policies as required.

This unified configuration includes automation of unified security policies across spine-leaf fabric creation, VSX (MLAG) switch provisioning, OSPF/BGP underlay and BGP EVPN overlay provisioning, server port provisioning, storage QoS provisioning, and end-to-end visualization that spans switches, servers, NICs, hypervisors, VMs, and containers.

The Aruba CX 10000 also integrates via REST APIs and provides flow data to a wide variety of security and network performance tools, including advanced security ML (XDR), application dependency mapping (ADM), network performance management (NPM), SIEM/SOAR, firewall compliance rules, and identity group mapping tools.

Use Cases for Distributed Services Switches

The Aruba CX 10000 provides a clear migration path for enterprises whose existing data centers will benefit from a distributed services model. For example, if you’re adding a new server rack or pod, you can deploy the Aruba CX 10000. Over time, you can replace existing leaf switches in the fabric with the Aruba CX 10000.

The new switch is also well-suited for colocation edge deployments where an organization may want security or encryption capabilities—but face space and/or power constraints. Instead of having to rack up security appliances and other infrastructure, the Aruba CX 10000 provides routing line-rate security and encryption embedded into the network fabric (top-of-server rack) rather than deploying costly security appliances in the colo or having backhaul traffic to a centralized on-premises security appliance.

It’s Time to Reimagine Data Center Switching

Enterprises accelerating their digital initiatives and cloud-native application development need an agile, scalable, and high-performance foundation. Next-generation data center switching from Aruba changes the game, allowing enterprises to deliver unparalleled digital experiences to your customers and employees with unprecedented scalability, performance, and operational efficiency.

Learn More About the Next Evolution in Data Center Switching Architecture

Aruba Pensando

Learn more about the next evolution in data center switching architecture.

Learn more about Aruba Distributed Services Switches.