BCM5840 ? BCM5840 gigabit security processor gsm handset terminal using BCM5840 ? world?s first multi-gigabit security processor 2.4-gbps wirespeed ipsec acceleration (3des-cbc, hmac-sha-1) ah and esp support (des, 3des, hmac-sha-1, hmac- md5) sustainable 2.4-gbps wirespeed on small packets flow-through architecture order preservation logic on a per-direction basis pos-phy level 3 interface 4.2 gbps available bandwidth on-chip security association storage and lookup cam accelerated lookup supports 2048 sas flexible packet processing options can support unlimited sas via in-band keying sas can be looked-up on chip on-chip packet header processing automatically handles mutable fields direct parsing of ipv4 headers ipv4 header checksum calculation low-power 0.18, 1.8v operation 208 mqfp package highest performance security processor enables security in high-bandwidth applications enterprise routers edge and core routers layer 3+ switches access concentration vpn appliances firewalls no performance degradation for small packets ensures highest performance in realistic conditions 3des-cbc, new sa per packet fast path processing makes security ubiquitous minimizes packet handling by processor security processing occurs in-line ipsec-aware architecture optimizes security processing flexible packet processing options packet header processing on-chip sa storage and lookup scalability offers oc48 ipsec performance complete high-performance vpn solution BCM5840 for high-speed ipsec functionality bcm5820 for fast ike (public key) functionality features summary of benefits clear traffic secure traffic memory network processor glue bcm5820 ike memory control processor p c i transceiver bcm5402 gigabit BCM5840 gigabit ipsec
overview ? phone: 949-450-8700 fax: 949-450-8710 e-mail: info@broadcom.com web: www.broadcom.com broadcom corporation 16215 alton parkway, p.o. box 57013 irvine, california 92619-7013 ? 2004 by broadcom corporation. all rights reserved. 5480-pb03-r 04/08/04 broadcom ? , the pulse logo, and connecting everything ? are trademarks of broadcom corporation and/ or its subsidiaries in the united states and certain other countries. all other trademarks mentioned are the property of their respective owners. the BCM5840, the world?s first single-chip gigabit security processor, removes barriers to providing efficient, wire-speed security across an entire lan or wan network infrastructure at multi-gigabit data rates. broadcom?s latest security processor sustains throughputs of 2.4 gbps for wirespeed ipsec encryption and authentication, regardless of packet size. the BCM5840 provides breakthrough performance, until now, unavailable in commercial products, thereby enabling ubiquitous wirespeed security in routers, firewalls, switches and accesses servers at data rates up to full-duplex oc-48 (4.8 gbps) using a BCM5840 in each direction. the innovative BCM5840 sustains multi-gigabit performance for 3des-cbc and hmac-sha-1 or hmac-md5 ipsec processing. the unprecedented performance levels of the BCM5840 are quickening the pace at which the internet, in the form of virtual private networks (vpn), is replacing expensive, dedicated networks for remote access to corporate intranets and busine ss-to-business transactions. flexible enough to work in most applications, the BCM5840 utilizes a pos-phy level 3 interface in its flow-through architecture. multiple keying mechanisms are supported, allowing keys to be sent directly in- band with the packet or stored in the on-chip security association (sa) cache. the BCM5840 device?s on-chip sa storage utilizes a cam accelerated lookup and supports as many as 2,048 sas on-chip. packet header processing in the BCM5840 includes the ipv4 header checksum and the handling of mutable fields associated with the checksum calculation. the BCM5840 is optimized to function as an ipsec co-processor that off- loads computationally demanding cryptographic operations for a host protocol processor. a typical application might utilize a custom asic or network processor unit (npu) to receive outbound cleartext packets, perform security policy database (spd) lookup, insert security headers, access keys from a security association database (sad), send encapsulated packets along with keys to the BCM5840 for encryption, receive encrypted packets from the BCM5840 and update the sad as needed. for inbound packets, the asic or npu would lookup the security association and associated key vectors, send the packet and keys to the BCM5840 for decryption, receive decrypted packets back, perform decapsulation on the cleartext packets, update the sad, verify that processing was consistent with the spd, and return successfully processed packets to the system. 9,000 8,000 7,000 6,000 5,000 4,000 3,000 2,000 1,000 0 500 1,000 1,500 2,000 2,500 t h r oughpu t ( m bp s ) p acke t s iz e ( b y t es ) esp 3des+sha-1 esp 3des+md5 sha-1 md5
|