Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Controls/MCUs

Cavium processors add Nitrox security engine

Posted: 19 Jan 2005 ?? ?Print Version ?Bookmark and Share

Keywords:vavium networks? nitrox? security engine? nitrox soho? security-processor?

Cavium Networks Inc. has added its own Nitrox security engine to two versions of the Nitrox Soho security-processor family. Soho was based on designs acquired from Brecis Communications Inc., which used a MIPS-32 core as a control-plane processor.

Nitrox Soho CN220 and CN225 add one and two security engine processors, respectively, to the overall floor plan of the processor. The security engines come from Cavium's own family of Nitrox and Nitrox II engines and offer hardwired support for encryption, Internet Protocol Secure virtual private networks, Secure Sockets Layer VPNs and crypto-based digital-signature functions.

Rajneesh Gaur, director of product marketing at Cavium, said the two high-end members of the Nitrox Soho family probably will have minimal overlap with existing Nitrox and Nitrox II families. Soho products are intended for networks with speeds rated in the tens to low hundreds of megabits per second, where the size of the access device warrants combining a control-plane processor and security processing in a single device. The standard Nitrox families are intended for systems with performance of several hundreds of megabits per second, where a separate control-plane processor and security coprocessors make sense.

Cavium also offers the very high-end Octeon family, in which multiple cores of MIPS control plane and security engine processors are combined in one design to provide multigigabit applications.

SSL response

Gaur said that a primary driver for the Soho 22x family is the rise in popularity of VPNs based on the Secure Sockets Layer.

SSL's growing use requires a security processor capable of operations at several layers in the Open Systems Interconnect protocol stack. The Soho 220 and 225 not only accelerate IPsec performance beyond the Soho CN200 and CN201, but they also add hardwired support for SSL VPNs to the mix.

When OEMs elect to offer VPN capability at the IPsec level, the Nitrox Soho family uses special hardwired P-trie lookup algorithms, which allow multiple IPsec tunnels to be created, with no performance hits over single IPsec tunnels.

The CN220 and CN225 are offered in core clock frequencies of 166MHz and 200MHz. Typical IPsec performance is 170Mbps, and more than 100 Internet key exchange operations per second are supported. Both chips provide full IP version 6 support, and both are offered in the same 276-lead PBGA package as the 200 and 201.

Volume pricing in lots of 10,000 comes close to that of microcontrollers, less than $20 for the CN220 and less than $25 each for the CN225. Samples are available now, with production to begin in the current quarter. A Nitrox Soho 22x development system, now available, sells for $9,000.

- Loring Wirbel

EE Times

Article Comments - Cavium processors add Nitrox securit...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top