Smart Networks Alliance Solutions Brief Freescale Semiconductor, Inc. Freescale Semiconductor, Inc... FEATURING CORRENT HIGH-PERFORMANCE SECURITY SOLUTIONS WITH MOTOROLA NETWORK PROCESSORS AND CORRENT SECURITY PROCESSORS There is a clear move to heighten security in all industries — migrating from unprotected networks to ones that support only encrypted or authenticated data. Corporations are expected to spend over $12 billion to ensure that sensitive corporate information is kept secure as they shift their mission-critical applications to the Internet. Network equipment vendors initially implemented security through software, enabling their customers to add security standards such as Internet Protocol Security (IPSec) or Secure Sockets Layer (SSL) to existing systems without changing hardware. While this allowed systems to claim Virtual Private Network (VPN) support, it quickly became apparent that customers actually intending to use their systems for terminating secure tunnels would be disappointed by security software running on general purpose hardware. Network processors have been more successful in implementing security capabilities with their software-optimized architectures, but internet speed-ups and increasing security demands have led to a requirement for special purpose devices that can provide hardware acceleration of security functions. Security processors are designed to accelerate the computationally intensive algorithms associated with encrypted and authenticated communications. They off-load the security functions from a network processor by serving as a coprocessor to the NPU (operating in a ‘look-aside’ fashion) or serving as a stand-alone processor within a network processing pipeline (operating ‘in-line’). Look-aside security processors tend to interoperate and take instruction from the host/control processor, often working through the NPU. In-line security processors interoperate directly with the forwarding path of an NPU to do fast path security processing. These processors are ‘packet aware’ and can interpret Encapsulating Security Payload (ESP) and Authentication Headers (AH) and apply all the necessary processing to pass a packet without aid of the NPU. The Fast Path to Secure Internet Communications Motorola’s C-PortTM Network Processor Family may be used in applications requiring wire-speed security capabilities in the Gigabit Ethernet to OC-48c range. To this end, Motorola has developed an alliance with CorrentTM Corporation to enable smooth integration of highperformance security functions with the C-Port family. Corrent is a fabless semiconductor company that develops high-speed silicon solutions that accelerate and secure Internet communications. The Corrent Packet ArmorTM family provides IPSec security solutions for enabling VPNs in access and routing devices. These security processors can be implemented in both look-aside and in-line configurations in system designs. Specific features of the Packet Armor family include: • Gigabit to OC-192 IPSec capabilities • Security Authentication engine — up to 5M SAs/sec • PCI/SPI-3 interfaces along with SPI-4.2 • Supports DES, 3DES, AES encryption algorithms • Supports SHA-1 and MD5 HMAC hash algorithms • On chip Modulo Engine • True 3-grade digital randomizer (pending FIPS-140-1) For More Information On This Product, Go to: www.freescale.com Freescale Semiconductor, Inc. Combining Corrent's Packet Armor Family of security processors with Motorola’s C-5e network processor provides a range of highperformance security capabilities from 1GbE to OC-48c bandwidths. Link-layer I/F PHY CP C-Port C-5e NP PHY Glue CP XP Freescale Semiconductor, Inc... PacketArmor Security Processor ‘In-line’ Security Processor Configuration Powerful, Flexible Security Combination From high-performance architectures to flexible configurations, the combination of Motorola’s C-Port family with Corrent’s Packet Armor family provides a powerful and flexible IPSec security solution. While the C-5e NP can perform the packet/cell parsing, classification, traffic management, and transformation functions, the Packet Armor family’s packet processing engine improves overall system performance by alleviating the processing burden associated with IPSec and SSL at Gigabit and above data rates. SMART NETWORKS ALLIANCE Motorola’s Smart Networks Alliance is designed to enable the broadest suite of solutions for communications OEM customers leveraging the Smart Networks Platform. Members of the Smart Networks Alliance exist for almost any hardware, software or tools category, including companion chips, hardware tools, software development tools, networking software, RTOS, and emulators. For more information, go to: www.motorola.com/smartnetworks/alliance The C-5e NP can connect to high-performance security processors in three ways: through the physical interfaces using look-aside mode, through the physical interfaces using in-line mode, and through the fabric interface using look-aside mode. This flexibility provides the system designer with various options for implementing a powerful security solution with the Corrent Packet Armor family. The alliance between Motorola and Corrent helps customers reap the benefits of a high-performance security solution by providing: • Application Notes and reference design for integrating the C-5e NP with Corrent’s Packet Armor family. • Coordinated development service and support for joint designs For more information, go to: • www.motorola.com/networkprocessors • www.corrent.com © Motorola, Inc. 2002. C-Port, C-5e and C-Ware are all trademarks of C-Port Corporation. Motorola and the stylized Motorola logo are registered trademarks of Motorola Inc. All other product or service names are the property of their respective owners. CORRENT-FACT/D Rev 02, July 2002 For More Information On This Product, Go to: www.freescale.com