Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Ethernet switch packs security functions

Posted: 16 Mar 2007 ?? ?Print Version ?Bookmark and Share

Keywords:StrataXGS III? ContentAware? BroadShield? Ethernet switches? security processor?

The latest member of Broadcom Corp.'s StrataXGS III family of Ethernet switches is sophisticated enough to be called a true security processor. One of the BCM56510's on-chip engines, ContentAware, sets policies through seven layers of packet-header information; another, the new BroadShield, controls endpoint authentication and access through detailed content inspection.

Those functions come as close to a standalone security processor as to a GbE switch, said Eric Hayes, director of marketing for Broadcom's enterprise switching business.

The chip contains four 10Gbit/HiGig ports for Ethernet switching, but it also marries the two specialized processors with on-chip lookup tables for L2 and L3 switching. The chip further supports eight class-of-service levels for Ethernet.

The integrated BroadShield engine has four functions: host posture assessment and enforcement (HPAE) that supports industry network access standards; hardware protocol checker, using hardwired patterns to look for denial-of-service attacks; port security; and virtual route forwarding, which supports L3 traffic virtualization.

Broadcom emphasizes support within HPAE for Microsoft's Network Access Protection standards. NAP is gaining a lot of industry attention because of its use in both Vista and Longhorn. Moreover, the HPAE rules form a superset of policies for Cisco Systems' Network Admission Control and the Trusted Computing Group's Trusted Network Control.

On-chip engines expand switch's role and turns BCM56510 into data-center security monitor.

The hardware protocol checker provides direct hardwired support to prevent common attacks. The traffic virtualization and secure authentication functions make the chip a central security source for both server clusters and metropolitan WANs.

The BCM56510 is sampling now, priced at $435 each.

- Loring Wirbel
EE Times

Article Comments - Ethernet switch packs security funct...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top