Want CNET to notify you of price drops and the latest stories?

Switches look to security to recapture lost luster

When the dot-com boom went bust so did the market for switches that shuttle traffic between servers, but as security concerns mount, these network elements have found new ways to make themselves useful.

Marguerite Reardon Former senior reporter
Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.
Marguerite Reardon
3 min read
When the dot-com boom went bust so did the market for switches that shuttle traffic between servers, but as security concerns mount, these intelligent network elements have found new ways to make themselves useful.

On Monday, Foundry Networks will follow major competitors Cisco Systems, F5 Networks, Nortel Networks and Radware, in introducing switches meant to provide better security to data centers in addition to handling traditional load balancing tasks.

Foundry's new ServerIron 450 and ServerIron 850, due out later this quarter, are designed to support Secure Socket Layer encryption and decryption and provide protection against denial-of-service attacks and spam. With the new stackable and modular switches, Foundry has also doubled the number of ports without increasing the size of the switches, and it's also worked to double performance.

"Security is probably the most important thing we look for," said Greg Conroy, a senior network engineer for Interland, an Atlanta-based Web hosting company that plans to test Foundry's new switches. "But performance is just as important."

Data center switches, or "Web switches," were originally engineered to balance traffic across servers. Unlike simple Layer 2-3 switches, which forward data packets by reading headers that show where the packets originated and where they're meant to go, more sophisticated Layer 4-7 switches look deeper into the packets and send them along based on the type of application they're associated with--e-mail, Oracle-like business programs, Web traffic and so on.

Back in 1999 and 2000, these switches were viewed as critical elements in the e-commerce infrastructure. Cisco and Nortel each spent billions of dollars to acquire the technology from start-ups. In May 2000, Cisco bought Arrowpoint Communications in a deal valued at about $5.6 billion. In July of the same year, Nortel bought Alteon WebSystems for $7.8 billion.

Research firm IDC predicted an explosion in the market for data center switches, with revenue jumping from $203 million in 1999 to $4 billion by 2004. After the tech craze died, many large companies and Web hosting businesses consolidated their data centers and drastically cut spending, slowing the pace of revenue growth for data center switches. According to Infonetics Research, the market was $511 million in 2003 and is expected to grow to only $594 million by 2007.

That small amount of growth will likely come from products touting new security features, according to Neil Osipuk, a directing analyst at Infonetics. F5 Networks, Nortel and Radware have formed partnerships with well-known security companies to offer firewall, antivirus and intrusion-prevention features. F5 has even acquired a start-up as it looks to offer virtual private networks using SSL encryption.

"The reason we have gone into security is because it's what our customers have demanded," said Michael Rothchild, senior manager of product management at Radware. "While many companies have cut IT spending overall, they haven't cut spending on security."

All of these companies, including Foundry, have also added features to protect against denial-of-service attacks. With its new products, Foundry has also become the latest company to offer SSL encryption and decryption. By offloading this function to switches, servers are able to focus on delivering Web pages and processing transactions.

Data center switches can also be used to identify spam traffic and redirect it to special servers, leaving the mail server unhampered as it handles legitimate messages.

While adding security functions to these switches is largely viewed as a good idea by customers, they don't expect the products to completely replace traditional security equipment.

"I'd rather have a separate device doing firewall or antivirus," Conroy said. "It would be a lot of functionality to pack into one box."