RealTime IT News

Switch Vendor Builds in Encryption Chip

Legra Systems of Burlington, Mass., said this week that its product line, announced in April 2003 with the first wave of WLAN switches, is now generally available. Since that initial announcement, the company has added a couple of things to spice up the products, not the least of which is a built-in chip devoted entirely to traffic encryption.

The Legra switch is a Layer 2/3 unit which controls a series of light access points called Legra Radios. These "thinAPs" follow the Lightweight Access Point Protocol (LWAPP) an Internet Engineering Task Force (IETF) draft standard developed with Legra's competition at Airespace. LWAPP is not yet finalized, but the Legra Radios will be upgradeable to the final spec when available.

Being relatively late to the market against other switch vendors like Airespace, Aruba, Trapeze, and many other startups (and established companies like Nortel), Legra wants to set itself apart with "high speed performance for security" according to Paul DeBeasi, Legra's vice president of marketing.

"We've looked at WLAN networking and seen it for what it is: it's traditional Layer 2 switching with some cryptography, security and radio technology. It's not enough to just have switching. So we've integrated all the security in the switch itself. Other solutions have security in the access point."

In-house, Legra has developed a Parallel Priority Cryptography (PPC) chip called CryptoFlex to handle performance issues with security, by working to encrypt or decrypt multiple streams of traffic at the same time. DeBeasi says the parallel nature of the chip beats the single input/single output of off-the-shelf chips used in other switch products.

The central Legra Switch (model LS2012) will also include its own wireless network processor, a 30GB hard drive, and run an embedded Linux-based wireless operating system called WOS that can be used to do fast upgrades to the system. The system also includes a network management appliance (LM6000) to monitor multiple switches for larger deployments. It can integrate with management systems like HP OpenView and CA's Unicenter. The manager appliance also can take plug-in applications. The first one Legra will ship is called Automatic Optimizer, which will automatically configure Legra Radios to reduce interference or kill rogue APs.

LS2012 will work with 12 Legra Radios directly, and can also handle up to 60 remote connections sprinkled throughout a building or campus.

The Legra Radios do not need a direct connection via Ethernet back to the switch. "Our competitors need a cable between the two," says DeBeasi. "This just lets you plug in. As a manager, you manage just the switch. You never know where the radio even is; you don't have to."

There are two types of Legra Radios: an 802.11b version (model LR11b) and a high-speed dual-band version (model LR54a/g). Both use Atheros chips -- the only third-party chips in Legra's products. Since they don't have to connect to the Legra Switch itself, the Radios will work off power from any secondary 802.3af Power over Ethernet (PoE) switch on the network. Each radio is agnostic to any security protocols in use, from WEP up to 802.1X for authentication, since all the security is run by the switch. The CryptoFlex chip will run all of the security types needed simultaneously.

The company is not announcing any pricing for the product line, instead saying that channel partners will be setting the street price to avoid setting a price ceiling artificially. DeBeasi says they'll be "less than some" others on the market.