DATA SHEET

High-capacity Wire-speed
Encryption Modules
For the 6500 Packet-Optical Platform

Designed to secure today’s web-scale networks, Features and Benefits

• Offers an ultra-low-latency
Ciena’s 6500 Packet-Optical Platform cost-effectively wire-speed encryption solution
enables a flexible 10G, 100G, or 200G protocol- for 10G/100G/200G highly secure
and transparent end-to-end
agnostic, wire-speed encryption solution that combines communications

ease of operation and administration to enable a • Features protocol-agnostic

encryption, offering flexibility
simple-to-implement data protection strategy for to support a variety of services
including Ethernet, Fibre Channel,
Ethernet, Fibre Channel, SONET/SDH, and Optical SONET/SDH, and OTN
Transport Network (OTN) services. • Secures all critical in-flight data
via FIPS-compliant Advanced
Ciena’s WaveLogic Encryption solution combines proven encryption technology, Encryption Standards (AES256)
deployed on platforms that have a large global installed base, with the proven reliability encryption solution
of the market-leading 6500, deployed by more than 500 operators around the globe. • Leverages enhanced security
Operators can benefit from a solution that simplifies the deployment of encryption by features, including two distinct sets
integrating encryption functionality directly into the network element within the transport of keys for authentication and data
network, reducing network complexity and eliminating the need to manage different encryption functions, with a fast
encryption key rotation interval
encryption solutions for various applications.
of seconds
• Integrates seamlessly into
A Highly Secure and Certified Solution
existing enterprise Public Key
As part of Ciena’s Assured Networking solution, which helps customers create trusted, Infrastructures (PKIs) using X.509
reliable, and secure networks, encryption is always enabled in Ciena’s WaveLogic certificate-based authentication
Encryption solution, ensuring the highest level of security, as all traffic is always • Enables secure management of
encrypted. Although the ability to turn encryption on or off may seem like added Encryption-as-a-Service capability
flexibility, simple human error can result in sensitive traffic being sent over the network by the end-user in carrier- or
unencrypted. The solution is validated externally and independently certified by a third enterprise-managed infrastructures
via an integrated management tool
party to ensure it is implemented with the standards-based AES engine and algorithms.
It provides a FIPS-certified AES-256 encryption engine with standards-based • Delivers a field-proven encryption
solution widely deployed across the
authentication mechanisms (such as X.509 certificates), enabling operational
globe in finance, legal, healthcare,
simplification with seamless integration into existing enterprise PKIs.
military, and government networks
 Ethernet ort
t transp
, cos t- efficien
re
OTN for secu
Scales
SONET/
SDH
Fibre 6500-D2 6500-D7 6500-S8 6500-D14 6500-S14 6500-S32
Channel
6500 D-Series & S-Series Shelf Configurations
Figure 1: 6500 protocol-agnostic, wire-speed WaveLogic Encryption solution that scales to meet your network requirements

Unmatched Flexibility Programmable 100G or 200G WaveLogic Encryption

With the flexibility of the 6500, customers can select the Ciena’s WaveLogic Encryption solution leverages industry-leading
optimal shelf size to best meet their site-specific capacity, WaveLogic coherent technology to enable a high-capacity,
space, and power requirements for cost-efficient transport flexible, and customizable encryption solution via a new
of encrypted services. An additional key benefit is that the WaveLogic 3 (WL3) Extreme line module. WL3 Extreme builds
solution is fully protocol-agnostic, supporting a wide range on the capabilities of WL3 and provides extreme performance for
of flexible clients to address multiple applications among all coherent networking applications through the use of additional
security-conscious customers. Customers can deploy modulations and enhanced mitigation of both linear and
differentiated services with ultra-low-latency connectivity non-linear impairments. This cutting-edge solution addresses
and several path/equipment protection options. all infrastructure requirements, from metro to long-haul, and
provides software-programmable modulation to enable both
Ironclad Encryption 100G encryption with QPSK modulation and 200G encryption
For enhanced data protection, two distinct and independent with 16QAM modulation—an industry first.
sets of keys are used for authentication and data encryption
By integrating this WL3 Extreme line module with any one of
functions, with a fast encryption key rotation interval of seconds
various client interfaces, operators have the flexibility to deploy
instead of minutes. The AES-256 data encryption session keys
a solution tailored to meet their specific traffic needs, be it
are autonomously negotiated and rotated every second,
10G, 40G, or 100G service transport. As demands increase,
independently on each line port, without impacting traffic or
the same WL3 Extreme line module can be programmed to
throughput and without user intervention. Operators can deploy
carry 200G of encrypted traffic simply by adding an additional
the next generation of public key cryptography algorithms with
client card. Additionally, operators can deploy high-capacity
support for Elliptic Curve Cryptography (ECC), which provides
encrypted services across the network by leveraging the
a significantly more secure strategy than first-generation public
6500’s high-capacity hybrid packet/OTN fabric, maximizing
key cryptography systems.
the efficiency of network resources.

10G Wire-speed Encryption 100G Encryption 200G Encryption

Operators can cost-effectively offer 10G
encrypted services by leveraging the single
slot 4x10G Optical Transponder (OTR) with
encryption module that enables 40G of
wire-speed encrypted service capacity via
four distinct, protocol-independent encrypted
line ports. This FIPS 140-2 Level 3-compliant
module provides enhanced protection for
critical information against physical tampering
via zeroisation; all data is set to zero the
moment any physical tampering of the 2x40G 100GE 2x100G
(or 2x10G) (or 4x40G)
Figure 2. cryptographic module is detected, even
4x10G OTR when the card is not plugged into the shelf. Figure 3. Examples of programmable 100G or 200G wire-speed
with Encryption encryption with WL3 Extreme line module
module

2
 End-user/Security Officer Encryption Management tool

managed managed
keys keys

10G, 100G or 200G

Interconnect

Carrier or Enterprise Managed Encrypted Service

Figure 4. MyCryptoTool dedicated encryption management interface

Ciena’s WaveLogic Encryption solution combines a high degree

Data Security with Optical Encryption of flexibility and security with ease of operation and administration
Dowload Infographic now to enable a cost-effective, protocol-agnostic, 10G/100G/200G
ultra-low-latency encryption solution for securing virtually all of
today’s web-scale communication applications.
Encryption Management Made Simple
Ciena’s WaveLogic Encryption solution includes MyCryptoTool,
a dedicated encryption management interface designed for Wire-speed Encryption
distributed management of the network that enables the Solution application note
end-user/security officer to independently manage the security Download now
parameters and alarms of 10G, 100G or 200G carrier- or
enterprise-managed services. MyCryptoTool is a user-friendly
interface that securely connects to the cryptographic module
and provides mutual authentication, limiting access to
authorized security personnel.

3
Technical Information

Circuit Pack 4x10G OTR with encryption WaveLogic 3 Extreme line module with encryption

System Requirements Operates in any 6500 S-Series or D-Series chassis Operates in any 6500 S-Series or D-Series chassis except
for the 6500-D2

Port Format OC-192/STM-64 OC-192/STM-64

Client supported interfaces 10GbE LAN, 10GbE WAN 10GbE LAN, 10GbE WAN, 40GbE, 100GbE
FC400, FC800, FC1200 FC800, FC1200
OTU2, OTU2e OTU2, OTU2e, OTU3, OTU4, ODU-Flex

Line supported interfaces OTU2 Coherent 100G (QPSK); 1xOTU4

OTU2e Coherent 200G (16QAM); 2xOTU4

Protection Options 1+1 line protection 1+1 line protection

1+1 client and equipment protection 1+1 client and equipment protection

FEC Modes G.709 compliant RS-8 FEC, UFEC, and OFF Soft FEC

Environmental Characteristics
Operating Temperature +41° F to +104° F (+5° C to +40° C );
+23° F to +131° F (-5° C to +55° C ) short term – ALL EXCEPT 6500-S32 and 6500-D32
+23° F to +122° F (-5° C to +50° C ) short term – 6500-S32 and 6500-D32 ONLY
Relative Humidity 5% to 85% (non-condensing)
Altitude 13,000 ft; 4000 m

Physical Characteristics 11.34 in (H) x 0.99 in (W) x 9.34 in (D)

288 mm (H) x 25 mm (W) x 237 mm (D)

Security features • NIST certified AES-256 encryption solution for data encryption
• Elliptic Curve Cryptography (ECC) algorithms
• Diffie-Hellman secured key negotiation (including Elliptic Curve)
• X.509 certificate support for authentication
• Support for Certificate Revocation List (CRL)
• Hitless AES-256 key rotation every second
• TLS-secured and mutually authenticated interface for encryption management
• Radius authentication support
• SNMPv3 support

• 2048-bit RSA certificates • Elliptic Curve certificates

• Elliptic Curve certificates

Certifications • FIPS 140-2 Level 3 – Certificate #2379, #2635 • FIPS 140-2 Level 2 – Certificate #2697
• FIPS 197 – AES–256 – Certificate #2964, #3599, • FIPS 197 – AES–256 – #3601, #3602
#3600 • IBM GDPS – in progress
• IBM GDPS • EMC, Brocade – in progress
• EMC, Brocade

Connect with Ciena Now

Ciena may make changes at any time to the products or specifications contained herein without notice. Ciena and the Ciena Logo are trademarks or registered
trademarks of Ciena Corporation in the U.S. and other countries. Third-party trademarks are the property of their respective owners and do not imply a partnership
between Ciena and any other company. Copyright © 2016 Ciena® Corporation. All rights reserved. DS289 11.2016