CAVIUM NETWORKS
NITROX™Soho
CN220 & CN225
Secure Communication Processor
Product Brief
PRODUCT FEATURES & BENEFITS
NITROX
Soho
CN220 & CN225 Overview
The
NITROX
Soho
CN22x Secure Communication Processor
(SCP) are the highest performing, value solution for Soho and
Robo (remote office / branch office) IPSec and SSL VPN
products. The
NITROX
Soho
CN22x SCP incorporates the
best elements of Cavium Networks’ market leading security
technology with a MIPS32 core and three Ethernet MACs.
This combination provides the highest IPsec, SSL, Wireless
security and tunnel set-up performance and the lowest system
cost in the industry.
Market leading IPsec performance for all packet sizes
•
Highest minimum size packet performance: >30 Mbps.
•
Highest large packet performance: 170 Mbps.
•
Multi-tunnel IPSec with no performance degradation
Highest SSL VPN performance for SoHo/SME
•
High performance SSL VPN throughput of >25Mbps
•
900 1024bit-exponent RSA operations/second.
Highest performance Public Key Processor for target
applications
•
Hundreds of tunnels/second.
•
1550 ops/second at 180bit-exponent Diffie Hellman.
•
Supports up to 2048-bit modulus size.
Provides IPv6 and IPv4 support (complete AH and ESP)
Multi Algorithm and Protocol Support
•
RSA and Diffie-Hellman.
•
3DES, AES, ARC4.
•
Modes: ECB, CBC; and 1, 8, 64-bit CFB (DES), 128-bit
CFB (AES), CCMP.
•
AES – supported key lengths: 128, 192, and 256-bit
•
MD5, SHA-1, HMAC-MD5, HMAC-SHA-1.
Low System Power: <2.5W
Small package: 276 PBGA
NITROX
Soho
™
CN220-200BG276
0501
Taiwan
PROTOCOL & MANAGEMENT SUPPORT
Multi Protocol Software Support
•
SSL, IPsec and IKE. Wireless (802.11i) options.
Full IPsec Protocol Processing with specialized
TurboIPsec and TurboSSL Macro API functions
•
Macro API functions result in dramatic reduction of
required I/O bus bandwidth.
100%
75%
50%
25%
Typical Crypto Acceleration
Macro Processing
Comparison of relative I/O usage
between Typical Crypto Acceleration and
Macro Processing
Adaptive capability to handle various bandwidth
requirements of different cryptographic
operations
•
Truly balanced systems can be designed using
NITROX
Soho
CN22x products’ flexibility to
perform asymmetric, symmetric, hash and
protocol processing in a single chip.
Dedicated Resources for Administration &
Management
•
Extensive functionality to assist a range of
functions including statistics collection, logging,
etc.
Software driver support for Linux, and VxWorks
Modified IPsec, IKE and SSL software stack to
incorporate Cavium Networks’ macro calls
•
FreeS/WAN, OpenSSL.
Processors and Interfaces
System Processors
•
166/200MHz MIPS32 4Km processor
16KB I-Cache, 16KB D-Cache
•
Cavium Networks’ GigaCipher security processing
core
Interfaces
•
3 independent MII/RMII 10/100 Ethernet MACs
Supports 802.1p VLAN tagging
•
PCI v2.1 & 2.2 compatible (32-bit, 33MHz)
•
Other: 2 x UART, SPI/MPI, Two-Wire
Figure 1: Example CN22x VPN Firewall Router
See over for more information
APPLICATIONS
SOHO and Small to Medium Enterprise
•
SSL / IPSec VPN Gateways
•
Remote Access Gateways, Residential Gateways
•
Broadband Routers
Network Access
•
DSL Modems, Cable Modems, FTTH
•
Switches, Routers
Wireless LAN / WAN
•
802.11 Gateways (supports AES acceleration and
802.11i security protocols)
BENEFITS TO DESIGNERS
Reduced system cost and complexity
•
Single chip high performing solution with low power
and small footprint
Reduced system cost and complexity
•
Single
to market with complete
Quick time
custom processor solution
solution
•
Quick time to
board, processor, software
Evaluation
market with complete
••
Software driver and application
Evaluation board, processor, software
•
Software driver and application
Flexible Protocol Processing
•
Flexible Protocol Processing
advanced processing
Flexible microcode allows for
•
with field microcode allows for advanced processing
Flexible upgrade option
with field upgrade option
Highly Scaleable solution with NITROX
Soho
Family
•
Common MIPS32 4Km Processor, API and Footprint
PRODUCT SUMMARY
The
NITROX
Soho
CN22x Secure Communication Processors integrate Cavium Networks’ widely deployed security
technology with a MIPS32 CPU and several system peripherals. This combination results in a market leading product
with high throughput multi-tunnel IPSec and SSL performance for Soho/SME VPN and IPsec Gateway solutions.
Additionally, Cavium Networks complements this highly integrated solution with IPSec and SSL software solutions for
fastest time to market for new products. The heart of
NITROX
Soho
CN22x SCP are the MIPS32 CPU and the micro-
programmed GigaCipher core, which allow for future upgrades and flexibility in supporting all cryptographic operations
and protocol layer functions.
Figure 3: Adaptive Security Processing
Packet Processing in Mbps
Figure 3 shows how the CN22x core provides adaptive processing
power that can be used for all cryptographic operations and
protocol processing. This feature is unique to
NITROX
family
and allows for flexible response to dynamic load. Dynamic
Adaptive processing is enabled by the GigaCipher’s ability to
accelerate both the asymmetric algorithms used for tunnel
establishment and the symmetric ciphers + hashing algorithms
used in bulk data encryption. This adaptive nature of
NITROX
Soho
allows vendors to build balanced systems that can
handle dynamic traffic conditions.
NI
T
Adaptive security processing
allows vendors to build balanced
RO
X
Ad
ap
tiv
eP
er
for
ma
nc
e
Cu
rve
IKE Tunnel Establishment per second
NITROX
Soho
is the only processor to integrate a flexible MIPS32 4Km CPU, LAN interfaces and the innovative Cavium
Networks GigaCipher security macro processor to enable systems designers to execute full Soho/SME SSL, IPsec and
IKE protocol applications as an integrated security system in a single package. The
NITROX
Soho
CDK includes an
evaluation board with modified OpenSSL and Free S/WAN drivers using Cavium Networks’ TurboIPsec and TurboSSL
Macro APIs and software drivers for Linux, and VxWorks.
Ordering Information
Part Number
CN225-200BG276
CN225-166BG276
CN220-200BG276
CN220-166BG276
System Interfaces
PCI 32bit 33MHz,
3 x RMII/MII
PCI 32bit 33MHz,
3 x RMII/MII
PCI 32bit 33MHz,
3 x RMII/MII
PCI 32bit 33MHz,
3 x RMII/MII
Package
276 PBGA
276 PBGA
276 PBGA
276 PBGA
IPSec VPN
performance
170Mbps
150Mbps
125Mbps
100Mbps
SSL VPN
Performance
>25Mbps
22Mbps
20Mbps
15Mbps
IKE
Performance
200tps
200tps
100tsp
100tsp
Simultaneous Multi-Protocol
(SSL & IPSEC)
Yes
Yes
No
No
*
All parts now available in lead-free packages
805 E. Middlefield Road, Mountain View, CA 94043, Phone: 650-623-7000, Email:
sales@caviumnetworks.com,
Web: http://www.caviumnetworks.com
2005 Cavium Networks. All Rights reserved.
NITROX
is a trademark of Cavium Networks. All other brands and product names are trademarks of their respective owners
.
CN220-CN225-PB-0.99 Printed in the USA
