Transcript
Precisely designed for SME applications Line rate performance across all packet sizes Full data plane offload for IPSec Maximized processing headroom on CPU Tightly integrated with QuickSec IPSec Toolkit Best cost advantage in the market
SafeXcel-5160 Cost-Effective Inline Security Processor for Gigabit Class SME Appliances The SafeXcel-5160 is a high-performance enterprise security processor specifically designed for OEMs building security appliances for the Small and Medium Enterprise market. The processor is primarily targeted at VPN gateway appliances with bandwidths of at least OC3/STM-1 rate. The SafeXcel-5160’s rich set of security features and interfaces also makes it an ideal choice for security-demanding applications like network interface cards, broadband access devices, and multimedia home network equipment. The SafeXcel-5160 integrates an industrystandard 32-bit RISC processor with a unique inline security packet engine and flow processor. The SafeXcel-5160 achieves 310 Mbps IPsec throughput with 64-byte packets, and 600 Mbps IPsec throughput with averagesize and larger packets. The SafeXcel-5160 is fully compatible with SafeNet’s SafeXcel-5140 and SafeXcel-5150 Enterprise Security Processors and provides OEMs an easy migration path in building higher-performance appliances.
State-of-the-Art Security and Networking Features The SafeXcel-5160 is a unique product, designed to provide superior security functionality, performance, and cost advantage to the SME market. While the SafeXcel-5160 provides hardware implementations for 3DES, AES, SHA-1, MD5, random number generation, and public-key acceleration, the SafeXcel- 5160 also features packet filtering and flow processing, NAT, NAT-T, NAPT, IPsec and Secure Realtime Transport Protocol (SRTP) processing, as well as SHA-256, AES Galois Counter Mode (GCM), AES-XCBC-MAC-96, and Extended Sequence Numbers.
Line-rate Small Packet Throughput As high bandwidths become more widely available to SMEs, the SafeXcel-5160 processor is precisely delivering the throughput levels this market requires, ranging from 310 Mbps for small packets to 600 Mbps for average-size and larger
packets. While existing security-enabled processors can handle large IPsec packets at reasonable data rates, they often perform very poorly when it comes to processing small packets. In contrast, the SafeXcel-5160 chip excels at all packet sizes and maximizes headroom on the embedded processor.
Full data plane hardware offload In traditional security-enabled processors, hardware assist is limited to security modules that perform cryptographic processing under control of the embedded CPU. The SafeXcel-5160 takes a significant step beyond this traditional security offload model. The unique value of the SafeXcel-5160 lies in its capability to fully offload data plane processing up to the IP/IPsec layer to dedicated hardware modules: the microengine-based Packet Filter / Flow Processor modules and the Inline Packet Engine. In addition to superior throughput, the full data plane hardware also brings along the advantage of maximized processing headroom on the embedded CPU. In traditional security-enabled communications processors and in dualchip solutions (consisting of a dedicated CPU and a stand-alone security coprocessor), the CPU needs to perform some level of processing on each packet. This leads to a significant processing load on the CPU. In the SafeXcel-5160 however, the embedded CPU is not involved in processing packets that belong to an existing data flow. This allows the embedded CPU to dedicate its precious cycles to flow setup (using hardware assist) and other processing tasks.
SafeXcel-5160 COST-EFFECTIVE SECURITY PROCESSOR FOR GIGABIT CLASS SME APPLIANCES
Benefits
Features • Embedded CPU • ARMv4®-compliant 32-bit RISC • 450 MHz clock frequency • 32 Kbyte data cache • 32 Kbyte instruction cache • Data Plane Security • IPSec • SRTP • DES, 3DES (ECB, CBC) • AES (ECB, CBC, CTR) • AES-Galois Counter Mode • MD5, SHA-1, SHA-256 • HMAC • AES-XCBC-MAC-96 • Pseudo Random Number Generation • Control Plane Security • True Random Number Generation • AES-XCBC-MAC-PRF • Public Key Acceleration • IPv4, IPv6 support • 9KB Jumbo frame support
SafeXcel-5160 Architecture Overview
• NAT, NAT-T, NAP-T support in hardware • Firewall support in hardware • Timer
Complete OEM Solution for SME Security Gateways
Migration Path to Higher Line Rates
The SafeXcel-5160 chips are pre-integrated with SafeNet’s QuickSec IPSec security platform to provide a complete, proven hardware/software security solution. This pre-integration significantly reduces design and integration cycles, resulting in accelerated time to market and reduced project cost for OEMs.
The SafeXcel-5160 is part of SafeNet’s line of Enterprise Security Processors, consisting of the following products:
• Interrupt controller • Realtime clock
Full-duplex Ethernet-to-Ethernet throughput for 64-byte packets
Embedded RISC clock frequency
SafeXcel-5140
T3 rate (aggregate 90 Mbit/s)
450 MHz
SafeXcel-5150
Fast Ethernet rate (aggregrate 200 Mbit/s)
450 MHz
SafeXcel-5160
STM-1 / OC3 rate (aggregate 310 Mbit/s)
450 MHz
Performance • Data plane: full-duplex 155 Mbit/s throughput for 64-byte packets (aggregate throughput 310 Mbit/s) Data plane: full-duplex 300 Mbit/s throughput for 350-byte and larger packets (aggregate throughput 600 Mbit/s) • PKA: 96 1024-bit exponentiations/sec, without use of CRT
Interfaces • PCI-X v1.0b, 66 MHz / 133 MHz, 32-bit / 64-bit, initiator and target mode, Backward-compatible with PCI v2.2 (33 MHz / 66 MHz). • Flash/SRAM memory • 32-bit DDR, 150 MHz
The Enterprise Security Processors are fully pin-compatible and software-compatible. This allows customers using the SafeXcel5140 or SafeXcel-5150 to easily migrate to the SafeXcel-5160 product.
• Dual MII/GMII • 10/100/1000BASE-T MACs • 802.11Q VLAN tag update/retrieve • Wake-on-LAN • UART • I 2C • 8-pin GPIO • USB 2.0 On-the-Go
Electrical • Core voltage: 1.2V • DDR I/O voltage: 2.5V • Other I/O voltage: 3.3V/5V-tolerant • Power consumption: 2W
Package • 502-pin BGA
Corporate Headquarters: 4690 Millennium Drive, Belcamp, Maryland 21017 USA Tel.: +1 410 931 7500 or 800 533 3958, Fax: +1 410 931 7524, Email:
[email protected] EMEA Headquarters: Tel.: + 44 (0) 1276 608 000, Email:
[email protected] APAC Headquarters: Tel: +852 3157 7111, Email:
[email protected] For all office locations and contact information, please visit www.safenet-inc.com/company/contact.asp
www.safenet-inc.com ©2006 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners.
