Cavium Networks Announces Industry's First In-line Security Processor Family.

Business Editors/High-Tech Writers

NOTE: Multimedia assets available

A photo is available at URL URL
in full Uniform Resource Locator

Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. :

http://www.businesswire.com/cgi-bin/photo.cgi?pw.030303/bb6

SANTA CLARA Santa Clara, city, Cuba
Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. , Calif.--(BUSINESS WIRE)--March 3, 2003

Cavium's NITROX II(TM) Family of Security

Processors Delivers In-line IPsec and SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. Processing

at Performance Ranges from 2 Gbps to 10 Gbps

Cavium Networks Cavium Networks is a Mountain View, California-based company specializing in MIPS-based network and security processors. Cavium Networks offers processor and board level solutions targeting Routers, Switches, Appliances, Storage and Servers. , the cost and performance leader in security processing today announced the NITROX II(TM) family of In-line Security Macro Processors that eliminates the security processing bottleneck by providing a range of true "bump-in-the-wire" processors with performance ranging from 2 Gbps to 10 Gbps of IPsec or SSL security protocol processing. The single chip NITROX II family equipped with high performance, streaming SPI-3 and SPI-4 interfaces complements Cavium's award-winning NITROX Lite, NITROX and NITROX Plus family of security processors, which started shipping in production volumes in 2002. The NITROX II family of processors will be used in a wide range of multi-gigabit networking equipment such as routers, switches, web-servers, server load balancers, firewalls, SANs, and VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. gateways, enabling a secure and authenticated Internet (see attached Figures 1, 2 & 3).

"IPSec VPNs are mainstream, and SSL-based VPN products are starting to ship in volume, " said Jeff Wilson There are a number of people named Jeff Wilson.

Jeff Wilson (cartoonist), Canadian cartoonist.
Jeff Wilson (sportsman), New Zealand Rugby Union and Cricket player.
Jeff Wilson, contestant on reality series Survivor.
Jeffrey A. Wilson, paleontologist.

Executive Director, of Infonetics Research. "All types and sizes of organizations are rolling out encrypted network services. NITROX II, with its in-line functionality and wide performance range will enable networking vendors to quickly integrate cost effective, wire speed security into existing networking equipment and meet the market demand of wide-spread security deployment."

Existing security processors that off-load IPsec security protocol processing are look-aside architectures that sit off a host CPU CPU
in full central processing unit

Principal component of a digital computer, composed of a control unit, an instruction-decoding unit, and an arithmetic-logic unit. or NPU (Network Processing Unit) Same as network processor. . This look-aside architecture requires a substantial number of host processor cycles to do packet parsing See parse.

parsing - parser , classification, lookups and management for the traffic between the host and the security processor, so the host CPU or NPU becomes the performance bottleneck. Cavium's NITROX II with its built-in capability to sit in-line between the MAC and the host processor completely off-loads security processing from the host processor and eliminates this bottleneck.

"An in-line design is a must for high-performance security processing, because the look-aside approach runs out of gas in multi-gigabit applications," noted Linley Gwennap, principal analyst of The Linley Group. "Cavium is the first vendor to build an in-line security processor and, not coincidentally, has the industry's fastest chip for both IPSec and SSL applications. Yet the flexibility and price/performance range of the NITROX II family make it well suited to a variety of security appliances, data-center equipment, networked storage devices, and edge routers."

NITROX II: Comprehensive In-line Multi-Protocol Security Processing

The NITROX II family supports a choice of industry standard, single or dual, streaming SPI-3 or SPI-4.2 interfaces, a 64-bit PCI-X (PCI eXtended) An enhanced PCI bus technology originally developed by IBM, HP and Compaq that is backward compatible with existing PCI cards. PCI and 32-bit PCI-X slots are physically the same, and PCI cards can plug into PCI-X slots. bus for control and data path applications and a local 72-bit DDR SDRAM See DDR. bus. These interfaces facilitate integration into both in-line and look-aside line-card and security appliance architectures. The NITROX II is a programmable processor that provides a comprehensive solution including protocol processing, symmetric, and asymmetric encryption See public key cryptography. for IPsec, SSL, iSCSI and WEP (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. protocol based applications. The NITROX II's complete packet and protocol processing functions support both IPv4 and IPv6, packet classification, Layer 2 and IP header parsing, checksum A value used to ensure data are stored or transmitted without error. It is created by calculating the binary values in a block of data using some algorithm and storing the results with the data. , inbound SA lookup, fragmentation support, IPsec selector checks, and exception generation for bad IP packets, ICMP (Internet Control Message Protocol) A TCP/IP protocol used to send error and control messages. For example, a router uses ICMP to notify the sender that its destination node is not available. , IKE etc. NITROX II also supports extensive per SA statistics collection along with built-in high availability Also called "RAS" (reliability, availability, serviceability) or "fault resilient," it refers to a multiprocessing system that can quickly recover from a failure. There may be a minute or two of downtime while one system switches over to another, but processing will continue. features like SA mirroring. The NITROX II accelerates the complete suite of standard symmetric encryption Same as secret key cryptography. and hashing algorithms such as 3DES, AES, ARC4, SHA-1, SHA-2 and MD-5 with their multiple modes, options and key lengths at performance ranges from 2Gbps to 10Gbps. Asymmetric algorithms such as RSA (1) (Rural Service Area) See MSA.

(2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. , DH and DSS (1) (Digital Signature Standard) A National Security Administration standard for authenticating an electronic message. See RSA and digital signature.

(2) (Digital Satellite S with key lengths up to 4096-bits are supported with a peak performance of 60K 180-bit exponent DH or 40K 1024-bit exponent RSA operations per second.

"Furthering Cavium's tradition of introducing innovative and disruptive technologies to the security market, we are proud to announce the NITROX II family of In-line Security Macro Processors," said Syed Ali, President and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Cavium Networks. "Cavium's product portfolio delivers an unmatched end-to-end footprint with performance points from 50 Mbps to 10 Gbps, which meets customer needs across the entire security processing spectrum. Cavium is very well positioned to become the one-stop shop One-Stop Shop

A company or a location that offers a multitude of services to a client or a customer. The idea is to provide convenient and efficient service and also to create the opportunity for the company to sell more products to clients and customers. for security processors."

Cavium's NITROX II also has the ability to process multiple security protocols like IPsec, SSL and WEP simultaneously with guaranteed bandwidth reservation options to enable quality of service (QOS) applications using Internet security ''This article or section is being rewritten at

Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. . Applications that require QOS include implementation of service level agreements (SLAs) by service providers, Voice plus Video over IPsec, and Storage using iSCSI.

Administration and Manageability

The NITROX II family of Security Macro Processors is a feature-rich solution that includes dedicated administrative processing resources to handle a myriad of management functions such as tamper-proof protection, error logging, statistics collection, billing information, error recovery, zeroing out of private keys, trusted path A trusted path is simply some mechanism that provides confidence that the user is communicating with what the user intended to communicate with, ensuring that attackers can't intercept or modify whatever information is being communicated. management, private key generation and primality checking. These resources dramatically ease the task of developing fully manageable FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. 140-2 Level 1,2,3,4 compliant systems.

Complete Solution

Cavium delivers a complete security solution including chips, evaluation boards and reference software. The NITROX II evaluation board offers a choice of PCI-X, SPI-3 and SPI-4.2 interface options along-with Gigabit Ethernet An Ethernet standard that transmits at 1 Gbps. Used mostly to connect high-end workstations and servers as well as for network backbones, Gigabit Ethernet transmits full duplex from point to point using switches and half duplex in a shared environment (CSMA/CD) using a hub. connectivity. The NITROX II is supported by an array of software support utilities and applications based on open-source and third party software. The complete software suite of reference code includes drivers for Linux and popular real-time-operating-systems with chip configuration utilities, power on test tools, a modified FreeS/WAN IPsec stack and a modified OpenSSL stack integrated with open-source application software.

Product Pricing and Availability

All members of the NITROX II family are housed in a 1096 BGA (Ball Grid Array) A popular surface mount chip package that uses a grid of solder balls as its connectors. Available in plastic and ceramic varieties, BGA is noted for its compact size, high lead count and low inductance, which allows lower voltages to be used. package and will commence sampling in April 2003. The NITROX II family of Security Macro Processors has five members that target distinct price and performance points. The CN2130 processor supports a single SPI-3 streaming interface and delivers up to 3 Gbps of secure bandwidth or 18K DH ops/sec. The CN2240 processor supports dual SPI-3 interfaces with performance up to 6 Gbps of secure bandwidth or 36K DH ops/sec. The CN2340 processor supports dual interfaces, which includes a SPI-3 and a SPI-4.2 interface. This dual interface option also allows glueless bridging between SPI-3 and SPI-4.2 devices and is targeted at applications requiring up to 6 Gbps of secure bandwidth or 36K DH ops/sec. The CN2450 processor supports a single SPI-4.2 interface and is designed for applications requiring up to 10 Gbps of secure bandwidth or 50K DH ops/sec. The CN2560 processor supports dual SPI-4.2 interfaces supports applications requiring over 10 Gbps of secure bandwidth or 60K DH ops/sec. The power consumption ranges from 6 Watts for the NITROX 2130 to 15 Watts for the NITROX 2560. For more information, please visit http://www.cavium.com/

Product pricing at 1KU lot quantities ranges from $295 for the CN2130 to $795 for the CN2560.

The NITROX II Software Development Kit is priced at $9995.

About Cavium Networks

Cavium Networks is a semiconductor company that is delivering the industry's largest family of network security processors. Cavium's award winning NITROX family of security processors are single chip solutions that deliver 100Mbs to 10Gbps of encryption bandwidth with 1K to 50K RSA/DH operations per second. Cavium's highly integrated, feature rich NITROX families of Security Macro Processors deliver unprecedented performance in wired and wireless IPsec based network security applications and SSL based secure e-Business while significantly reducing the cost and complexity of deployment. Cavium Networks is headquartered in the heart of Silicon Valley in Santa Clara, CA with an IC design center in Marlboro, MA. For more information, please visit: http://www.cavium.com

Attachments


--------------------- ------------------------------------------------
                                        Description
--------------------- ------------------------------------------------
Figures 1, 2 & 3      NITROX II(TM) Block Diagrams
                      (Cavium_NITROX-II.pdf, 117KB)
--------------------- ------------------------------------------------

    Glossary of terms

--------------------- ------------------------------------------------
        Term                             Definition
--------------------- ------------------------------------------------
AES                   Advanced Encryption Standard (AES).  A
                       cryptographic algorithm to succeed DES
--------------------- ------------------------------------------------
ARC4                  A cryptographic algorithm
--------------------- ------------------------------------------------
DES / 3DES            Data Encryption Standard cryptographic
                       algorithms
--------------------- ------------------------------------------------
DH                    A key agreement algorithm published by Whitfield
                       Diffie and Martin Hellman
--------------------- ------------------------------------------------
FIPS 140-2            Federal Information Processing Standard for
                       security requirements
--------------------- ------------------------------------------------
IPsec                 IP security protocol
--------------------- ------------------------------------------------
RSA                   Rivest-Shamir-Adleman (RSA). An algorithm for
                       asymmetric cryptography
--------------------- ------------------------------------------------
SA                    Security Association, used in IPsec security
                       protocol
--------------------- ------------------------------------------------
SSL                   Secure Socket Layer. An Internet protocol for
                       web security
--------------------- ------------------------------------------------
VPN                   Virtual Private Network
--------------------- ------------------------------------------------

Note to Editors: Product photos, datasheets and application notes are available upon request. NITROX(TM) is a trademark of Cavium Networks, Inc. All other trademarks are the property of their respective owners. All rights reserved.

Note: A photo is available at URL:

http://www.businesswire.com/cgi-bin/photo.cgi?pw.030303/bb6

COPYRIGHT 2003 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	Mar 3, 2003
Words:	1444
Previous Article:	SanDisk Introduces New Line of Digital Film Cards for the Retail Photography Channel -- SanDisk Extreme.
Next Article:	Fog Cutter Capital Group Inc. Reports 2002 Operating Results.

Related Articles
Inline skating: coming to a community near you.(inline skating increasingly popular)(includes related information on health benefits, instructors,...
On a Roll.(inline hockey popular and supported by organizations)
On a Roll.(the increasing use and diversification of inline skating, since its introduction in 1984)
K2 Stock Price Not in Line With Its Earnings Growth.(Brief Article)(Statistical Data Included)
MOTOROLA'S NEW MPC7410 MICROPROCESSOR DELIVERS ON THE PROMISE OF HIGH PERFORMANCE SMART NETWORKS.(Product Announcement)
Cavium Networks NITROX Lite security macro processors slash cost for SOHO and SME security markets.
Cavium Wins Prestigious Microprocessor Report Analysts' Choice Award for Best Security Processor.
IDT and Cavium Networks Deliver Complete Linux-Based SME/VPN Security-Accelerated Gateway Platform.
Astute Networks and Cavium Networks Partner to Deliver Industry's Highest Performance iSCSI and TCP-offload Adapters.
Leveling the playing field: should the sport of inline hockey be relegated to costly, private skate rinks?(inline hockey)(private inline hockey...