To help eliminate security processing bottlenecks in multigigabit networking equipment, Cavium Networks Inc. today will unveil a family of in-line security processors designed to support IPsec and SSL security protocols at performance up to 10Gbits/s.
The Nitrox II devices offer designers of security appliances, SANs, routers, and switches an alternative to existing "look-aside" security co-processor architectures, which consume host CPU or NPU cycles to perform security processing functions.
"Co-processors are good for performance up to 2Gbits/s, but to go beyond that efficiently, in-line is the way to go," said Sayed Ali, president and chief executive of Cavium, Santa Clara, Calif.
"With a co-processor, there's a lot of traffic to be shuttled between the MAC, host, memory, and security processor," Ali said. "As a result, the performance of the system is limited by the capability of the memory controller instead of the security co-processor."
By contrast, traffic passes only once through a Nitrox II processor and the host before going into the fabric, he said.
The Nitrox II devices are "bump in the wire" processors, which means they can sit directly between the MAC and host processor without any glue logic, and offload the host from security processing overhead. To use a co-processor in a similar fashion would require the use of an FPGA, adding to system complexity, according to Ali.
While acknowledging that demand for new networking gear is practically nonexistent, Ali cited a recent third-party survey in which 80% of chief information officers said the one piece of equipment they will buy this year is security equipment.
The Nitrox II family offers a choice of single or dual SPI-3 and SPI-4.2 interfaces, a 64-bit PCI-X bus for control and datapath applications, and a local 72-bit DDR SDRAM bus for easy hookup to in-line and look-aside linecard and security appliance architectures, according to Cavium.
The CN2130 supports one SPI-3 interface and processing performance up to 3Gbits/s. The CN2240 offers two SPI-3 interfaces and up to 6Gbit/s performance. The CN2340 is also a 6Gbit/s device, but has both a SPI-3 and SPI-4.2 interface. The CN2450 and CN2560 offer 10Gbit/s processing performance with one and two SPI-4.2 interfaces, respectively.
Cavium's security processors are packaged in 1,096-ball BGAs, with sampling starting in April. Pricing ranges from $295 to $795 in 1,000-unit quantities. The Nitrox II software development kit is $9,995.
