| Order a report

A Guide to Processors for Network Security

Tenth Edition

Published January 2012

Authors: Tom R. Halfhill and Joseph Byrne

Corporate License: $5,995

Pages: 160

Ordering Information



An In-Depth Look at Processors for Network-Security Applications

The network-security market remains as dynamic as the threats that are driving its growth. Security-equipment vendors must scale the performance of their VPN/firewall products while adding application-level features. To satisfy enterprise customers, security-software vendors are turning to hardware-accelerated appliances for intrusion prevention (IDS/IPS), antivirus, antispam, and content filtering. The convergence of these hardware and software products is creating Unified Threat Management (UTM) platforms, which have the most demanding processing requirements.

For anything above SOHO-class equipment, standard processors cannot deliver the required performance in a cost-effective and power-efficient manner. As a result, security-equipment and -software vendors have turned to a new breed of processors that integrate one or more CPUs, memory and I/O controllers, and special-purpose engines for security functions. For mid-range designs, these integrated security processors often replace a standard processor. For the most demanding designs, these integrated processors can also offload data-plane processing, working alongside a standard x86 processor.

Get Up to Speed Quickly

This report covers processors that integrate hardware acceleration for security functions, including high-throughput encryption, content inspection, compression, and/or packet processing. Such integrated processors include Cavium's Octeon II family, NetLogic's XLP family, Freescale’s QorIQ P3 and P4 families, LSI’s Axxia, Netronome’s NFP, and Tilera’s Tile-Gx. We also cover separate content-inspection accelerators where offered by these processor vendors: Cavium Nitrox DPI, LSI Tarari, NetLogic NETL7. Finally, we cover Intel’s newest embedded Xeon processors, which include specialized instructions for encryption and other security-related functions. With one report, you can quickly compare the key vendors and their products and accelerate your selection process.

This report analyzes each vendor and each product, probing their strengths and weaknesses and presenting key details in a consistent, easy to compare fashion. We focus on network-security applications, examining hardware-acceleration features, performance, and system design. Because selecting a processor architecture has long-term implications, we also look at the vendors’ roadmap where possible.

Make Informed Decisions

As the leading vendor of technology analysis for networking silicon, The Linley Group has the expertise to deliver a comprehensive look at these technologies. Authors Joseph Byrne and Tom Halfhill use their broad experience to deliver the technical and strategic information you need to make informed business decisions. And in case you are not familiar with all of the concepts involved in this combination of security technology and networking, the report includes several introductory chapters that define and describe terms such as Diffie-Hellman, SHA-2, and FIPS 140-2.

This report is written for

  • Engineers who are designing network-security equipment and need to select a processor
  • Marketing and engineering staff at companies that sell networking chips that connect to security processors
  • Technology professionals who wish an introduction to network-security processors
  • Financial analysts who desire a detailed analysis and comparison of security-processor companies and their chances of success
  • Government researchers who need up to date information on commercial network-security technology

Don’t wait! Get your copy now to track the latest developments in this fast-paced market!

What's New in this Edition

Updates to the Ninth Edition of “A Guide to Processors for Network Security”. Formerly “A Guide to Security Processors and Accelerators”

Reflecting the integration trend in security processing, we have structured this report to focus on processors that integrate hardware acceleration for security functions. Where a processor vendor also offers its content-inspection technology as a standalone accelerator, we cover those accelerator chips as well. We have dropped coverage of standalone encryption accelerators, which have been replaced for most new designs by processors with integrated encryption engines.

Changes in this edition include:

  • New coverage of Intel’s Xeon E3 (Sandy Bridge) platforms
  • Coverage of Cavium’s new Octeon II CN66xx multicore processors
  • Coverage of NetLogic’s new XLP II multicore processors
  • Coverage of Freescale’s new QorIQ P5020 processor
  • Coverage of vendors’ intelligent network interface cards based on their multicore processors
  • Market forecast through 2015 for security processors and accelerators
  • 2010 market-size and vendor-share data for security accelerators

List of Figures
List of Tables
About the Authors
About the Publisher
Preface
Executive Summary
1 Security Processing Overview
Securing In-Flight Data
Virtual Private Networks
Secure Browsing
Wireless Voice and Data Security
Securing Private Networks
Firewalls
Intrusion Detection and Prevention
Application-Level and XML Security
Virus and Spam Prevention
Network-Security Equipment
VPN/Firewall
Single-Application Appliances
Layer 4–7 Switches With SSL Termination
Unified Threat Management Systems
2 Security Technology
Cryptography Concepts
Why Use Encryption?
What Is Encryption?
Keys and Key Exchange
Hashing
Authentication
Cryptographic Algorithms
DES and 3DES
Advanced Encryption Standard (AES)
RC4
SHA-1, SHA-2, MD5, and HMAC
Diffie-Hellman Key Exchange
RSA
Elliptic-Curve Cryptography
DSS and DSA
NSA Suite B
LZS and Deflate
Security Protocols and Standards
IPSec
IKE
SRTP
SSL and TLS
FIPS 140
Port-Based Network Access Control and MACSec
3G and 4G Wireless
Layer 4–7 Processing
TCP Termination and Proxies
Content Inspection and DPI
Regular-Expression Matching
3 Processor Technology
Processor Basics
Central Processing Unit (CPU)
Caches
MMUs and TLBs
Bus Bandwidth
CPU Microarchitecture
RISC vs. CISC
Scalar and Superscalar
Multicore
Multithreading
I/O and Network Interfaces
Ethernet Interfaces
Interlaken
PCI Express
RapidIO
USB
4 Security Processors
Common Characteristics
Encryption Acceleration
Content-Inspection Acceleration
Software Issues
Measuring Performance
Layer 3 Forwarding
Algorithms
Measuring Wire Speed
Packet Size
Protocol Throughput
Content Inspection
5 Market and Technology Trends
Technology Trends
System Architecture
Security Processors
Content-Inspection Accelerators
Market Trends
Market Size and Segmentation
Accelerator Market Share by Vendor
Market Forecast
6 Cavium
Company Background
Key Features and Performance
Octeon Processors
Nitrox DPI Accelerators
Security-Design Details
Product Roadmap
Conclusions
7 Freescale
Company Background
Key Features and Performance
QorIQ P1- and P2-Series Processors
QorIQ P3- and P4-Series Processors
QorIQ P5-Series Processors
Security-Design Details
Product Roadmap
Conclusions
8 Intel
Company Background
Key Features and Performance
Security-Design Details
Product Roadmap
Conclusions
9 LSI
Company Background
Key Features and Performance
Axxia Processors
Tarari Accelerators
Security-Design Details
Product Roadmap
Conclusions
10 NetLogic
Company Background
Key Features and Performance
XLP Processors
XLP II Processors
NETL7 Accelerators
Security-Design Details
Product Roadmap
Conclusions
11 Netronome
Company Background
Key Features and Performance
Security-Design Details
Product Roadmap
Conclusions
12 Tilera
Company Background
Key Features and Performance
Security-Design Details
Internal Architecture
System Design
Development Tools
Product Roadmap
Conclusions
13 Product Comparisons
Security Processors
Enterprise-Class Processors
Midrange Data-Plane Processors
High-Throughput Data-Plane Processors
Content-Inspection Accelerators
Enterprise-Class Accelerators
10Gbps-and-Above Accelerators
14 Conclusions
Vendor Outlook
Cavium
NetLogic
Freescale
Intel
Other Vendors
Closing Thoughts
Appendix: Further Reading
Index
Figure 1-1. Firewalls and the DMZ
Figure 2-1. Header and trailer format for ESP tunnel mode
Figure 3-1. Basic processor design
Figure 3-2. Simple superscalar processor design
Figure 3-3. Interleaved tasks on a multithreaded CPU
Figure 4-1. Block diagram of processor with network-security accelerators
Figure 5-1. Security-processor and security-accelerator forecast through 2015
Figure 6-1. Cavium Octeon II CN6880 block diagram
Figure 6-2. Block diagram of security appliance based on Cavium Octeon II CN68xx
Figure 6-3. Photo of Cavium CN6645 intelligent network adapter
Figure 7-1. Freescale QorIQ P4080 block diagram
Figure 7-2. Photo of Interface Masters’ Niagara 710 dual-port 10GbE NIC
Figure 8-1. Block diagram of Intel Xeon E3-1275 security appliance
Figure 9-1. LSI ACP3448 block diagram
Figure 9-2. Block diagram of security appliance based on LSI ACP3448
Figure 9-3. Photo of LSI Intelligent Services Adapter
Figure 10-1. NetLogic XLP832 block diagram
Figure 10-2. Block diagram of security appliance based on NetLogic XLP316S processor
Figure 11-1. Netronome NFP-3240 block diagram
Figure 11-2. Netronome NFE-3240 accelerator card
Figure 12-1. Tilera Tile-Gx block diagram
Table 2-1. OSI seven-layer mode
Table 5-1. Security-accelerator market share by revenu
Table 6-1. Key parameters for selected Cavium Octeon II processor
Table 6-2. Key parameters for Cavium Nitrox DPI II device
Table 7-1. Key parameters for Freescale QorIQ P3041 and P4080 processor
Table 7-2. Key parameters for Freescale QorIQ P5010 and P5020 processor
Table 7-3. Key parameters for Freescale QorIQ T-series processor
Table 8-1. Key parameters for Intel Sandy Bridge Xeon E3-1275 processor
Table 9-1. Key parameters for LSI ACP3400 device
Table 9-2. Key parameters for LSI T10xx and T2xxx processor
Table 10-1. Key parameters for selected NetLogic XLP processor
Table 10-2. Key parameters for selected NetLogic XLP II processor
Table 10-3. Key parameters for selected NetLogic NETL7 device
Table 11-1. Key parameters for Netronome NFP-32xx processor
Table 12-1. Key parameters for Tilera Tile-Gx8000 processor
Table 13-1. Comparison of selected enterprise-class security processor
Table 13-2. Comparison of selected midrange data-plane processor
Table 13-3. Comparison of selected high-throughput data-plane processor

Free Newsletter

Linley Newsletter
Analysis of new developments in microprocessors and other semiconductor products
Subscribe to our Newsletter »

Events

Linley Spring Processor Conference 2021
April 19 - 23, 2021
Virtual Event
Register Now!
More Events »