Cisco has unwrapped a new family of data center switches it says will help customers more securely support large workloads and facilitate AI development across the enterprise.
The N9300 Smart Switch series is built on the vendor’s powerful 4.8T capacity Silicon One chip and includes built-in programmable data processing units (DPU) from AMD to offload complex data processing work and free up the switches for AI and large workload processing. The AMD DPUs are based on technology developed by Pensando, which AMD bought in 2022 for $1.9 billion. (HPE Aruba’s CX 10000 high-end switch uses AMD DPUs, and other vendors such as Microsoft and IBM use the technology as well.)
DPU acceleration unlocks a variety of network and security services such as stateful segmentation, large-scale NAT, IPsec encryption, IDS/IPS, event-based telemetry, and DDoS protection, according to Kevin Wollenweber, senior vice president and general manager of Cisco’s data center and service provider business.
“With the 9300 Smart Switches, we are bringing security technologies into a fabric, so customers can [have] protection baked into their architecture from the network interface card to the switch,” Wollenweber said. “We can protect AI fabrics, both for access rights and segmentation of people that should or shouldn’t have access to them, or for the models themselves to be protected in terms of the data that they have access to and kind of where they’re pulling things from,” he said.
The first major service these DPUs will perform on the switch will be Layer 4 stateful segmentation through Cisco’s Hypershield security architecture. Hypershield uses AI to dynamically refine security policies based on application identity and behavior. It automates policy creation, optimization, and enforcement across workloads. In addition, Hypershield promises to let organizations autonomously segment their networks when threats are a problem, gain exploit protection without having to patch or revamp firewalls, and automatically upgrade software without interrupting computing resources.
The N9300 for now will come in two forms: the N9324C, a 24-port, 100G switch with 800G throughput; and the N9348Y2C6D, which will feature 48 25G ports, two 100G ports, and six 400G ports with 800G throughput, Wollenweber said.
The N9324C, available soon, is positioned as an edge device where customers can inspect and protect traffic and access as users come in and out of the network, Wollenweber said. The second model, which will be released towards the middle of the year, is a top-of-rack switch with 25G ports as well as 100/400G uplinks for server connectivity.
“We have some customers that are going to deploy these when they do their next network refresh. When they start to look at new switches, they’ll deploy these smart switches today and deploy it with Hypershield. Or, they’ll even add these network services over time, because they now have a more intelligent device that can take on new personas or new features and functions,” Wollenweber said.
Integrated security with Cisco Hypershield a draw for enterprises
The range of networking and security services the new N9300s support will make them attractive to data center customers, experts said.
“While AI applications have brought the bandwidth and latency concerns back to the top of the networking requirements, additional capabilities are also top-of-mind. Security, especially in hybrid and multi-cloud networks, requires segmentation and enforcement, and the Cisco N9300 can be hooked into Cisco Hypershield to be a network-based enforcement node for certain policies,” said Paul Nicholson, research vice president, cloud and datacenter networks, with IDC.
“Also, the digital twin capabilities, where upgrades and changes can be tested on a shadow data plane before going into production, will be attractive to IT operations, especially if they do not have the capability today,” Nicholson said.
Additional hardware capabilities can offer multiple benefits – accelerating security policies, offloading other processors to concentrate on their core tasks for better networking performance, and adding capabilities at scale that would not be practical before, Nicholson said.
“The Cisco N9300 has both the Cisco Silicon One E100 ASIC and the AMD/Pensando DPU, thus multiple networking and security services can be accelerated or enhanced with them, when enabled,” Nicholson said. “For example, the stateful segmentation mentioned in the launch. And, Cisco stated more functionality is to follow.”
Enterprises are already planning to deploy many genAI apps this year, according to IDC’s “AI in Networking Special Report,” published at the end of 2024. The research showed that 74.4% of respondents are planning between 11 and 30+ applications with genAI, so plans are already in motion, Nicholson said.
“This represents an opportunity for vendors like Cisco to upgrade their customers to meet the throughput and latency requirements of genAI applications. This extends to both the learning/training phase, to also encompassing the inference/delivery phase, to the end-user,” Nicholson said.