ChipFind - документация

Электронный компонент: 4300

Скачать:  PDF   ZIP
Hifn
HIPP III
Storage Security Processor
4300
Protocols
IPsec ESP
Tunnel or
Transport Mode
Supports L2TP
Security
ESP/UDP for NAT
Encryption
AES
(128 and 256-bit)
DES
3DES
Authentication
SHA-1
MD5
AES-XCBC-MAC
Interface Bus
2x GMII or TBI
with 1x failover
port
On-Chip IKE
Optional ICSA-
compliant IKE
running on-board
Supports Main
Mode & Quick
Mode
Pre-shared Key
or RSA certificate
authentication
Supports iSCSI
session
establishment
& teardown
The HIPP III 4300 Storage Security
Processor efficiently addresses
your needs for a standards
compliant gigabit Ethernet solution
The HifnTM HIPP III 4300 Storage Security
Processor is the first security processor designed for
the specific requirements of IP Storage applications.
The 4300 offers a complete IPSec data path solution
optimized for IP Storage based systems, combining
inbound and outbound policy processing, SA lookup,
SA context handling, and packet formatting all
within a single chip. Hifn's 4300 delivers industry-
leading cryptographic functionality, supporting the
DES/3DES-CBC, AES-CBC, AES-CTR, MD5, SHA-1
and AES-XCBC-MAC algorithms. Hifn also provides
complete software support, including an optional on-
board iSCSI-compliant IPSec software stack, offering
an embedded HTML manager application.
The HIPP III 4300 employs Hifn's FlowThroughTM
Security Architecture to deliver full-duplex Gigabit
Ethernet encrypted throughput in iSCSI (Internet
Small Computer System Interface), FCIP (Fibre
Channel over IP) and other IP-based storage network-
ing systems. The high-speed HIPP III 4300 is opti-
mized for use in server host bus adapters, FCIP
bridges, storage routers, and storage arrays.
Hifn's FlowThrough Security Architecture
Hifn's FlowThrough Security Architecture is the
cornerstone of a new family of solutions that vitally
change the way security is built into the network.
The new architecture enables security processors
that sit directly in the data path, eliminating the inef-
ficiencies of existing "look-aside" security designs.
Fundamental to the new FlowThrough architec-
ture is the acceleration of the entire data path of the
IPSec protocol, which previously represented a heavy
processing load on the Storage Processor or other
processing elements in the system. The new archi-
tecture incorporates packet processing, link layer
processing for Ethernet, security association han-
dling, and IPSec encryption/ authentication functions
into silicon-based products. Hifn's FlowThrough
Security Architecture enables high-performance,
cost-effective security processors that provide wire-
speed performance for encrypted traffic in IP Storage
and high-performance network equipment.
Easy Integration
The HIPP III 4300 uses industry-standard GMII/TBI
interfaces, supported by numerous GigE TOE (TCP
Offload Engine) and Storage Processor vendors. It is
typically interfaced between the GMII port on a GigE
TOE or Storage Processor and the Ethernet PHY. A
second failover port on the Network side allows the
4300 to provide recovery if the primary data link goes
down.
The control interface to the 4300 is achieved
using in-band Ethernet frames. An additional
100Mbps Ethernet MII port allows an optional out-of-
band control port, or it may be used to establish an
inter-chip link for multi-chip designs. The chip also
includes a 16-bit SDRAM memory interface for pro-
gram and data storage for the on-board auxiliary
processor. A single low-cost SDRAM is the only
external part needed to work with the 4300. (For
designs that don't require on-chip IKE, this RAM can
be omitted.) These standard interfaces enable easy
integration into a variety of systems.
Preserve Data Security
and Integrity for Both
iSCSI and FCIP Hardware
GMII/TBI
GMII/TBI
GMAC
GMAC
Memory
Bridge
Policy
TCAM
eSC
Processor
HIPP III Core
DMA, I/O Buffer & Packet Queue Manager
SA
RAM
RNG
DPU II
Packet
Processor
Crypto
Algorithm
Processors
GMII/TBI
MII
GMAC
GMAC
MAC
x16
SDRAM
HIPP III 4300 Block Diagram
Product Brief Version 1.0
Features & Benefits
Supports Layer 3
and Layer 2
protocols.
Ethernet (Layer 2)
Ethernet DIX
IEEE 802.3 10Base-T
IEEE 802.3u 100Base-TX
IEEE 802.3ab 1000Base-X
IEEE 802.3x Flow Control
IEEE 802.2 LLC
IEEE 802.1q VLAN
RFC1042 SNAP
Jumbo 9K frame support
IPSec (Layer 3)
RFC 2401 IP Security
Architecture
RFC 2406 IP Encryption
RFC 2405 DES-CBC Cipher
Algorithm
RFC 2403 HMAC-MD5
RFC 2404 HMAC-SHA-1
RFC 2409 - IKE
Hifn
HIPP III
Storage Security Processor
4300
Part
Number
Speed
Package
4300
133 Mhz
324 LBGA
Documentation:
Datasheet
User's Manual
Programmers Reference Guide
Performance Application Note
Reference Hardware Document
Ordering Information
750 University Avenue
Los Gatos, CA 95032
408.399.3500 tel
408.399.3501 fax
info@hifn.com
www.hifn.com
2003 by Hi/fn, Inc. This product must be exported from the United States in accordance with the Export Administration Regulations. Diversion contrary to U.S. law prohibited.
Hifn and FlowThrough are trademarks of Hi/fn, Inc. Hi/fn and LZS are registered trademarks of Hi/fn, Inc. All other trademarks are the property of their respective owners.
Hifn
Products
HIPP II 8065
HIPP II 8165
Hifn Product Selection Guide
PCI
Streaming
Bus
LZS
MPPC
3-DES
AES
SHA
MD5
RSA
DSA
1k-bit
RSA SSL
signatures
set-ups
per second
IKE
main-mode
tunnels
per second
Hardware
support
for public
keys up to
Hifn
Intelligent
Packet
Processing
Package
2000
1750
3K bits
576-pin TBGA
576-pin TBGA
4500
1750
3K bits
HIPP I 7815
HIPP I 7855
120
85
2K bits
480-pin BGA
480-pin BGA
HIPP II 8154
906
1000
3K bits
576-pin TBGA
HIPP III 8300
250
10
90
5
4K bits
4K bits
324-pin LBGA
241
150
2K bits
HIPP III 8350
HIPP III 4300
400
150
HIPP III 4350
4K bits
324-pin LBGA
324-pin LBGA
300
75
4K bits
324-pin LBGA
Single-chip, low-cost solution
2Gbps IPSec processing (Full Duplex GigEthernet)
600,000 Packets Per Second, back-to-back SAs variation
Minimal part count: Only 1 PC-133 SDRAM required for
on-chip IKE
FlowThrough
TM
security processing
In-line IPSec protocol and algorithm processing
Streamlined & optimized for storage security
On-chip IKE processing (optional)
Complete IPSec/IKE processing enables easiest IPSec
system implementation
Optimized for site-to-site tunnels
200 SAs supported on-chip
256 on-chip policy entries
Full IPSec Compliant Functionality
Full compliance with IP Storage Security draft
IPsec ESP in tunnel and transport modes
AES (CBC & CTR), DES/3DES, SHA-1, MD5, AES-XCBC-MAC
Specifications
13 process, 324 LBGA (19mm square)
<1.25W Power consumption
Applications
IP Storage
Host Bus Adaptors (HBA's)
Target Bus Adaptors (TBA's)
SAN Switches
Storage Servers
SDRAM
HIPP III
4300
GMII/TBI
GMII/TBI
1 Gbps
TCP Offload
Engine
(TOE)
Dual
GigE
PHY
PCI-X
3.3V & 1.2V
Regulator
Primary Port
Failover Port
125 Mhz
Example Host Bus Adaptor with HIPP III 4300