Gigabit-plus security processing cards use Linux, PCI Express
Nov 8, 2004 — by Henry Kingman — from the LinuxDevices Archive — viewsCavium will launch a family of security accelerator cards based on the new PCI Express chip-to-chip interface, in Q1, 2005. The full-height Nitrox XL NPX cards will come with Linux drivers, and will target security appliances with multiple gigabit Ethernet interfaces. Models with 1.5- and 2.5-Gbps security processing will be offered initially.
What is PCI Express?
PCI Express is a new interface that provides a higher-bandwidth alternative to the PCI and PCI-X buses. Unlike PCI, the PCI Express interface offers multiple serial communications links or “lanes” in each direction, so it can't be saturated by a single gigabit Ethernet interface the way PCI buses can. It also offers reduced pin count and hence requires less board space. Cavium says that high-end server and desktop chipsets are continuing to include PCI and PCI-X buses in their southbridges, while integrating 16-lane point-to-point PCI Express support directly into their northbridges.
Cavium's PCI Express cards
The Nitrox XL NPX boards will be the industry's first security cards based on PCI Express, Cavium says. They will include a “standard” 4-lane PCI Express interface theoretically capable of supporting up to 10Gbps of throughput. They will be able to increase throughput and reduce CPU load in gigabit-plus L4+ switches, load balancers, web switches, and VPN appliances, Cavium says, with up to 2.5Gbps security processing, and 28,000 RSA operations per second.
Later, Cavium plans to integrate PCI Express support directly into its security processors. For now, though, PCI Express support will be available on add-in board products based on Cavium's Nitrox family of security processors.
Cavium's Nitrox security processors
Cavium claims its security processors are the world's fastest security processors. Its Nitrox chip line supports symmetric encryption algorithms that include DES, 3DES, AES (all modes up to 256 bit), CCMP and ARC4, as well as asymmetric encryption including RSA and Diffie Hellman.
Cavium's security processor chips are available with a development kit that includes Linux and OS-independent drivers, debug utilities, APIs, and optimized open-source implementations of SSL and IPsec/IKE stacks with both IPv4 and IPv6 support. Additionally, commercially supported IPsec/SSL software stacks are available from Intoto, Safenet Quicksec, and RSA Security, Cavium says.
Availability
Two NPX family boards are expected in Q1, 2005, including the CN1220-350-NPX model offering 1.5Gbps of security processing, and the CN1230-350-NPX, offering 2.5-Gbps. The full-height, 4.2 x 6.6-inch cards will be priced at $690 and $900, respectively, in 1K quantities.
Cavium will also offer “comprehensive software support” for the boards, it says.
Cavium additionally expects to sample in Q1, 2005, its Octeon chip family, featuring chips with two- to 16 cores. Cavium announced its Octeon cores in September.
More information on PCI Express is available in this whitepaper.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.