We Re-Wrote the Security Service Edge Story

In our earlier weblog submit, we mentioned how Cisco has reimagined Zero Trust, delivering an in-office expertise for customers and issues from anyplace accessing sources all over the place. You’re most likely considering “Ok, however how? How precisely has Cisco reimagined Zero Trust Access?” You’re in the proper place to get a glance into the technical particulars.

In this weblog submit, I’ll unpack a few of the technological parts that enable us to leapfrog legacy approaches, and in doing so, keep away from lots of the limitations of final era ZTNA and Security Service Edge (SSE) options. If this piques your curiosity, I want to invite you to dig deeper and get your palms on the capabilities, in one in all the upcoming Cisco Secure Access Hands-on Introductory Labs.

Unlocking next-generation efficiencies with MASQUE, QUIC and VPP

As exponential development in internet, SaaS and personal utility site visitors continues unabated, so does the demand for Zero Trust Access (ZTA) primarily based on extra environment friendly and safe networking protocols. To keep not only a good — however glorious — finish user-experience, we’d like seamless, quick and safe information transport. This has led to the improvement of cutting-edge applied sciences and protocols like MASQUE, QUIC and VPP. Each of those protocols is poised to considerably influence how we deal with community information and when put collectively, they’re a severe sport changer.

Let’s dive into how they work and what their mixed potential can provide for community effectivity and efficiency.

What is QUIC (Quick UDP Internet Connections)?

An straightforward method to think about QUIC is to check a brand new excessive pace rail system. QUIC is the underlying observe system that permits high-speed customized trains to maneuver numerous sorts of cargo (all ports/protocols as the payload). QUIC is a transport protocol initially designed by Google and later adopted by Internet Engineering Task Force (IETF). It operates on prime of UDP and brings a number of efficiency benefits in comparison with conventional TCP.

Key efficiency advantages embody:

1. Connection institution: Unlike TCP, which requires a number of spherical journeys to determine a connection, QUIC minimizes the connection setup time by combining the handshake and encryption setup into one step. This drastically reduces latency.
2. Built-in safety: QUIC integrates Transport Layer Security (TLS) to offer encrypted connections by default, enhancing each privateness and safety.
3. Multiplexing streams: QUIC permits a number of unbiased streams of knowledge inside a single connection, stopping head-of-line blocking — a typical downside with TCP. This characteristic improves consumer expertise by making information supply quicker and extra dependable, particularly for functions like streaming, gaming and internet shopping.
4. Connection migration: This permits us to seamlessly migrate connections with out requiring IP renegotiation in low connectivity environments or with a workforce that’s on the transfer.

By leveraging UDP as an alternative of TCP, QUIC sidesteps many inefficiencies associated to congestion management, retransmissions, and connection administration, finally making it a perfect companion to MASQUE for contemporary community site visitors optimization.

Lastly, if QUIC is blocked in a corporation, which may be the case for a wide range of causes, there’s a built-in fallback functionality to HTTP2 if required.

What is MASQUE (Multiplexed Application Substrate over QUIC Encryption)?

Continuing with our high-speed rail analogy, contemplate MASQUE to be the high-speed trains designed to run on these environment friendly tracks that we laid down. From a technical perspective, MASQUE is a brand new customary developed to effectively tunnel community site visitors over QUIC. It goals to boost privateness and scale back overhead whereas offering seamless assist for various protocols.

The key advantages of MASQUE are:

1. Encryption: MASQUE operates on prime of QUIC, inheriting its robust built-in encryption.
2. Multiplexing: MASQUE permits totally different sorts of site visitors (e.g., HTTP/3, VPN site visitors) to be carried over a single connection while not having a number of protocols.
3. Performance: MASQUE reduces latency and overhead, significantly in cellular and constrained environments, by eliminating the want for a number of TCP connections.

The integration of MASQUE and QUIC into current functions, similar to internet browsers and cellular gadgets, is predicted to enhance end-user expertise by making community operations extra clear and lowering the complexity of site visitors routing and encryption. An actual-world instance of MASQUE and QUIC may be seen in iCloud Private Relay. It enhances privateness and efficiency by securely routing web site visitors by way of a number of relay servers, guaranteeing customers’ information stays personal. These applied sciences are seamlessly built-in into iOS and Samsung gadgets, offering sturdy, safe connectivity for customers throughout each platforms.

What is the function of VPP (Vector Packet Processing)?

Given the world footprint of Zero Trust Access by Cisco, we’d like a high-speed, high-performing packet processing engine and that’s precisely what VPP delivers. VPP is a sophisticated, high-performance packet processing framework that operates on a software-based community stack. Unlike conventional processing, which handles packets separately, VPP processes vectors (or batches) of packets. This vectorized strategy will increase throughput by using the CPU cache extra effectively.

Key advantages of VPP embody:

1. Speed: VPP can obtain multi-million packets per second (pps) processing charges, making it superb for high-performance, low-latency environments.
2. Scalability: VPP’s potential to deal with giant volumes of site visitors with low latency permits it to scale up in environments like information facilities and ISPs, the place dealing with large quantities of knowledge effectively is essential.
3. Flexibility: VPP helps a variety of protocols and may be personalized for various use instances, similar to VPN acceleration, community perform virtualization (NFV), and software-defined networking (SDN).

Combining MASQUE, QUIC and VPP for a future-ready community

Each of those applied sciences represents a big enchancment in community design. But their true energy comes when used collectively. Here’s how they complement one another:

1. MASQUE over QUIC: MASQUE tunnels community site visitors over QUIC to enhance safety and effectivity, particularly for cellular customers and personal functions. With QUIC’s quick connection institution and robust encryption, MASQUE can provide excessive efficiency with out sacrificing privateness.
2. VPP optimizing QUIC: VPP’s high-performance packet processing permits networks to deal with QUIC’s UDP-based site visitors effectively at scale. As extra functions and providers undertake QUIC, VPP ensures that the community can course of the elevated load with out bottlenecks.
3. Unified end-user expertise: For end-users, the mixture of MASQUE, QUIC and VPP will end in quicker, extra dependable connections which might be inherently safe, an absolute requirement for high-demand environments.

Reimagining Zero Trust: Powering a safe, in-office expertise, for an anyplace office

Zero Trust Access by Cisco is offered simply through our User Protection Suite licensing, which incorporates Cisco Secure Access. With the industry-leading applied sciences outlined on this weblog submit and an identity-first strategy, Cisco Zero Trust Access (and Cisco Secure Access) gives an easy-to-manage and deploy SSE platform. Whether your group is remote-first or hybrid, now you can ship constant in-office expertise all over the place, guaranteeing that safety doesn’t hinder productiveness.

Discover extra about Cisco Zero Trust Access, and the way it can remodel your safety strategy, by registering for an upcoming workshop or exploring a product tour of Cisco Secure Access.

We’d love to listen to what you assume. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn

Share: