Cavium Networks Introduces Industry's Highest Performance Network Security Processor Family
NITROX processors deliver a 15x improvement in SSL processing and a 3x improvement in IPsec processing
SAN JOSE, CA, October 15, 2001 -
Cavium Networks today announced the NITROX
family of Security Macro Processors that eliminate compute intensive security-processing bottlenecks while significantly reducing the cost and complexity of deploying security in VPN and e-Business applications. NITROX
is a programmable, highly integrated, single chip solution designed to combine all aspects of IPsec and SSL protocol security including extensive secure packet and record processing, bulk data encryption and public key processing. NITROX
will be used in a wide range of networking equipment such as routers, switches, web-servers, server load balancers, firewalls, SANs, and VPN gateways, enabling a secure and authenticated Internet (see attached Figures 1, 2 & 3).
The current generation of security accelerators are hard-wired, non-upgradeable, low performance and high cost solutions that selectively accelerate only portions of the security application, which results in the processing bottleneck moving to other parts of the system. The NITROX
is a packet aware and protocol aware processor that supports all IPsec and all SSL protocols. Multiple bulk encryption algorithms are supported including DES, 3DES, AES, ARC4 at peak performance rates up to 7 Gbps for minimum size packets. Public key processing algorithms are supported at a sustained rate of up to 60,000 1024-bit RSA operations/sec that enables 50,000 SSL transactions per second (TPS) or up to 40K 1024-bit Diffie-Hellman operations/sec. In addition to providing the industry's highest performance, Cavium Networks is delivering a complete turnkey solution with its processors including firmware, drivers, middleware, and an evaluation board to reduce customer's time to market.
"System vendors no longer have to make a choice between performance and security. Our processors will make security ubiquitous by eliminating the performance penalty associated with security while slashing cost of deployment." said Syed Ali, President and CEO of Cavium Networks. "Our vision is to enable a totally secure Internet."
Businesses are increasingly using the Internet for commerce and communication and are demanding security. "The market for security products continues its solid growth, even during a weak economy. VPN hardware and software brought in over a half billion dollars of revenue in 2Q01, while firewalls generated $430M during the same quarter. SSL, in addition to its usage in Web servers, is now being incorporated into a broad range of networking and content devices; revenue growth for SSL hardware devices is expected to grow 50% from 1H01 to 1H02," said John Lawler, Directing Analyst at Infonetics Research. "Security is evolving from a standalone 'edge' technology into a capability found within other network devices, and deployed throughout increasingly fast networks. The new generation of security products needs high performance, low cost security chips more than ever. Cavium Networks is well positioned to take advantage of this burgeoning market."
The NITROX Family of Security Macro Processors
family of Security Macro Processors has four members that target distinct price and performance points. The NITROX
1120 processor supports a 64-bit, 66MHz PCI bus and is targeted at applications requiring up to 1.0Gbps of secure bandwidth with 10K RSA ops/sec. The NITROX
1230 processor fields a 64-bit, 133MHz PCI-X bus along with a 64-bit DDR DRAM for local context or session storage and is ideally suited for applications requiring 2.0Gbps of secure bandwidth and 20K RSA ops/sec. The NITROX
1340 processors have an 8bit, 500MHz HyperTransport bus with a 64-bit DDR DRAM for local context or session storage and targets high-end applications requiring 3Gbps to 5Gbps and 30K to 50K RSA ops/sec. All these devices support a unique Adaptive Processing capability that allows their processing power to be flexibly allocated between session set up and bulk data encryption depending upon real time traffic conditions. For example, the NITROX
1340 running at 450MHz can process over 50,000 SSL TPS or 7 Gigabit/sec of bulk data encryption or any flexible combination of the two. Cavium Networks Macro Processing feature reduces bus bandwidth requirements enabling 10K to 20K SSL TPS depending on the record size over a standard 64bit, 66 PCIMHz bus. Multiple NITROX
processors can be cascaded in a system to enable hundreds of thousands of SSL TPS. The power consumption ranges from 4 Watts for the NITROX
1120 to 7 Watts for the NITROX
outstanding performance, efficient command structure, and flexible processing solve many of the problems facing designers who are incorporating security into their systems," said Linley Gwennap, principal analyst of the Linley Group. "I've followed Cavium Networks architects since their DEC Alpha days, and their latest effort looks like another industry-leading design."
Cavium Networks' roadmap includes higher frequency versions of the NITROX
line of processors and the NITROX
II In-Line Security Macro Processor that integrates more network functionality and adds the SPI-3 and SPI-4 interfaces.
Administration and Manageability
family of Security Macro Processors is a feature rich solution that includes dedicated administration processing resources to handle the myriad of administration and management functions such as tamper proof protection, error logging, statistics collection, billing information, error recovery, zeroing out of private keys, trusted path management, private key generation and primality checking that will dramatically ease the task of developing fully manageable FIPS 140-2 Level 1,2,3,4 compliant systems.
Pricing and Availability
All members of the NITROX
family will be sampling in Q4 2001. The NITROX
1120, in a 256 PBGA package, is priced at $295 while the NITROX
1230, in a 600 BGA package, is priced at $495, both in 1KU quantities. The NITROX
1340 is available in 350MHz and 450MHz versions in a 600 BGA package and priced at $595 and $895 respectively in 1KU quantities. The NITROX
Evaluation Kit which is priced at $9995 includes middleware, drivers and a board with a PCI or HyperTransport connector in a PCI card form factor.
About Cavium Networks
Cavium Networks is a venture backed fabless semiconductor company focused on delivering high performance security processing solutions that will enable the new Internet security infrastructure. Cavium Networks highly integrated, feature rich NITROX
family of Security Macro Processors deliver unprecedented performance in SSL based secure e-Business and IPsec based network security applications while significantly reducing the cost and complexity of deployment. Cavium Networks is headquartered in the heart of Silicon Valley in San Jose, CA with an IC design center in Marlboro, MA. For more information, please visit: http://www.cavium.com
Glossary of terms
| Figures 1, 2 & 3
||NITROXTM Block Diagrams (.pdf, 53KB)
||Advanced Encryption Standard (AES). A cryptographic algorithm to succeed DES
||A cryptographic algorithm
|DES / 3DES
||Data Encryption Standard cryptographic algorithms
||A key agreement algorithm published by Whitfield Diffie and Martin Hellman
||Federal Information Processing Standard for security requirements
||High-speed, high-performance, point-to-point link for integrated circuits
||IP security protocol
||Rivest-Shamir-Adleman (RSA). An algorithm for asymmetric cryptography
||Secure Socket Layer. An Internet protocol for web security
||Virtual Private Network
© Copyright Cavium Networks, Inc. 2001. All rights reserved. NITROX
(TM) is a trademark of Cavium Networks, Inc. The HyperTransport(TM) Consortium, HyperTransport(TM) Technology and combinations thereof are trademarks of HyperTransport(TM) Consortium. All other trademarks are the property of their respective owners.
For additional information, contact: