ROCHESTER, N.Y. — Crypto-chip specialist Hifn Inc. (Los Gatos, Calif.) has introduced a secure flow processor that combines packet classification and stateful analysis in the same piece of firewall silicon.
The 3010 processor handles functions like access control lists, where a firewall must analyze individual packets as well as the flows or applications with which those packets are associated. To date, designers have had to rely on a hardware/software combination to achieve this stateful analysis.
Rahul Patel, business-line manager at Hifn Inc., said designers to date have employed stateless packet-classification engines, which solely handled Layer 3 and Layer 4 classification. To bring a stateful approach, Patel said, designers have tapped software solutions, from Checkpoint Systems and others, that relate packets received at the classification to an overall flow.
The 3010 has a parsing engine and an analyzer engine. Maximum data throughput is 4 Gbits/second.
Classifies 800 protocols
The 3010 also helps designers deal with Internet Protocol fragments. If a fragment is received, the 3010 can look at the packet, determine what flow or session that packet is associated with and begin the process of piecing fragments back together in the proper order. By combining those capabilities on the same piece of silicon, the 3010 is said to classify 800 unique protocols.
Built in an 0.18-micron process, the 3010 consumes less than 5 watts. It will sample in June, priced at $350 each in volumes of 10,000.
Robert Keenan is the editor-in-chief of online sister publication CommsDesign.com.
