networkZONE Products for the week of September 11, 2006
Cavium Networks Says…
10-Gigabit Ethernet Intelligent NIC In Volume Production
For Mainstream Server Market
Cavium Networks, a world leader in security, network services and embedded processor solutions, announced the NITROX PX Security Processor family with 8 new products targeted at next-generation IP Security (IPsec), Secure Sockets Layer (SSL) and Wireless security applications. The NITROX PX Family addresses requirements for new and essential security algorithms and product interfaces by including hardware acceleration for SHA-2, AES-GCM and KASUMI algorithms, and PCI-Express interface in a single chip. The NITROX PX security processors feature the GigaCipher v2 cores with increased code store and enhanced hardware queuing, which enables richer protocol processing and multi-protocol performance. All products are fully software compatible with Cavium Networks market-leading NITROX family of security processors and are offered with either a PCI-X 64/133 interface that is NITROX family pin-compatible or PCI-Express x4 interface. The NITROX PX Family delivers the industry's most scalable symmetric encryption performance, ranging from 500 Mbits/s to 2.5 Gbits/s, and asymmetric performance from 4000 to 17,000 RSA operations per second. Existing customers of Cavium Networks' NITROX Lite products can seamlessly upgrade to the NITROX PX PCI-X version and get the benefits of new algorithms, higher performance and new features. The PCI Express version enables customers to upgrade to new generation motherboards with PCI-Express interfaces. The NITROX PX Security Processors are being adopted by Tier-1 vendors for security and networking appliances, routing, L3+ switching, storage and wireless products.
NITROX PX Offload Supports the Latest IPsec and SSL Security Algorithms
Existing secure networking equipment is being upgraded to incorporate new
security algorithms that will be deployed in the market by 2008. These new
algorithms include SHA-2 and AES-GCM. SHA-2, which consists of the SHA-256,
SHA-384 and SHA-512 algorithms, offers increased and robust security protection
over the currently deployed SHA-1 algorithm for hashing and digital signature
applications. Rapid adoption of SHA-2 is being encouraged by the US National
Institute of Standards and Technology (NIST). AES-GCM is expected to replace
the existing 3DES and AES-CTR encryption algorithms used for IPsec VPN applications
as it provides an efficient implementation for confidentiality and data
origin authenticity. The NITROX PX family offers unmatched hardware acceleration
capability for these two algorithms. Additionally, NITROX PX integrates
RSA acceleration required for secure session setups with up to 4096-bit
key length support.
The NITROX PX Family of Security Processors provides customers with unique features that include:
NITROX PX Includes the Fastest Security Acceleration for Next Gen
Mobile Networks
Next-generation CDMA and GSM mobile networking equipment require the KASUMI
algorithm and its variants for confidentiality, integrity and encryption,
as mandated by the International Mobile Telecommunications (IMT-2000). Additionally,
performance requirements are increasing rapidly to support the wireless
transmission of voice and data at high data rates of 384 kbits/s - 2 Mbits/s
per user. The NITROX PX security processors support up to 2.5Gbits/s of
KASUMI performance.
"Upgrading to new encryption and authentication algorithms is critical for new network security equipment," said Bob Wheeler, senior analyst at The Linley Group. "Over the past 5 years, Cavium has gained significant customer adoption for its NITROX security processors and is now a leading supplier with the broadest and most versatile security processor product line. The NITROX PX processors will extend Cavium's leadership by providing Networking OEMs a compatible, scalable and ready-to-use solution with PCI-X and PCI Express connectivity."
NITROX PX CN15XX and CN16XX Security Processors
The NITROX PX processors are available in two host-bus interface options.
The CN15XX Security Processors, with PCI-X interface, and the CN16XX Security
Processors with x4 PCI-Express interface, each includes 4 different products,
ranging in IPsec, SSL or KASUMI performance from 500 Mbits/s to 2.5 Gbits/s,
and RSA ops performance from 4000/s to 17000/s. The CN15XX processors, available
in a 256PBGA package, are fully software-and pin-compatible with Cavium
Networks' NITROX Lite processors to allow for seamless transition in customer
designs. The CN16XX PCI-Express security processors also maintain full software
compatibility with Cavium's NITROX. The NITROX PX processors do not require
any external memory for reduced bill of material cost and consume very low
power from 2 watts to 3 watts. All NITROX PX products support the full range
of bulk encryption and hashing algorithms (DES, 3DES, AES, ARC4, KASUMI,
SHA1, SHA2, MD5), public key processing algorithms (RSA up to 4096-bit key
and Diffie-Hellman), and complete IPsec Packet, SSL record processing and
WLAN security for IPv4 and IPv6 traffic.
"We are committed to providing the most advanced security technology
and interfaces to our existing customer base, in a fully software- and hardware-compatible
manner," said Rajiv Khemani, VP of Marketing at Cavium Networks. "The
NITROX PX security processor family demonstrates this commitment by delivering
industry-leading performance, price, and power options to our customers."
analogZONE Says . . .
Given the rapid changes in security standards in
the past year or so, it's nice to see that Cavium has continued to update
their powerful multi-core architecture to meet the market's evolving needs.
Their latest eight-chip family extends their NITROX secure processor family
(reviewed here
in July 2002) with updated, more powerful accelerator cores for advanced
security capabilities and, of equal interest, now offers variants with a
PCI Express host interface. Targeting IPsec, SSL, Wireless LAN and WAN applications
with throughputs from 100 Mbit/s - 2.5 Gbit/s, they deliver a performance
improvement of up to 2.5x for 1 W or less more power. What's more, the PCI-X
versions of the devices are pin-compatible with earlier NITROX I and NIRTOX
Lite devices to enable painless design upgrades (see Fig. 1). It's also nice to see
that the new chips no longer require any external memory, something that
contributes to savings in power, space, and of course BOM costs.
The manufacturer's release above does a good (if not long-winded) job of listing the alphabet soup of security and encryption standards the new devices support but it's interesting to note that their hardware KASUMI accelerator capabilities should be of special interest to next-gen wireless systems designers who have mostly had to rely on software solutions until now. Another nice feature of their new architecture is their macro-processing capabilities for SSL handshake acceleration. To translate the marketing gobbledygook, this means that the engine handles multiple operations in multi-packet chunks to minimize bus transactions normally occurring with normal SSL operations.
As noted above, the cores can be loaded with different
firmware to support different applications to address security issues in
products such as VPN/firewall appliances, load balancers/L4+ switches, 3G
wireless infrastructure equipment, security gateways in telco infrastructure,
and SAN appliances. At the moment Cavium offers the following software configurations
for their family:
"s"version:
Supports complete SSL, TLS, WTLS Record Processing, Full SSL Handshakes
"i" version:
Supports IPsec(AH, ESP, Tunnel, Transport)(AH, ESP, Tunnel, Transport)
"w" version:
Supports CCMP, TKIP, CCMP, TKIP, IPsec
"p" version:
A multiprotocol package with a flexible mix of i, s, and w functionality
One of the few negative issues I'd bring up with an otherwise sterling product are a few rumblings in the field about earlier versions of Cavium's multi-protocol software. From the little I've been able to glean, the multi-core architecture and software are a little less flexible and able to re-allocate processing power on a dynamic basis than some other solutions, but cannot get any hard details. Since Cavium has always been very conscientious about the quality of whatever it makes, I'd imagine that they have been addressing this problem (if it actually exists), but I felt I had to at least mention the issue here.
One way to find out what the chips and software can really do would be to fire up one of their evaluation boards on your own target system. Since they are available at an awfully reasonable price in both standard PCI and PCIe form factors, it's an easy way to see if they're the right chips for your application. In fact, since their board-level products are priced at only 2 - 2.5x more than the price of the raw chips I expect that we'll see them appearing a lot of smaller production runs.
NITROX PX security processors and associated accelerator boards will sample in Q4 2006 with production quantities available in Q1 2007. Pricing ranges from $49 to $139 in 1-k quantities for 500 Mbit/s to 2.5 Gbit/s performance options.
|
| ||||
