BCM5840 [ETC]
;
ETC 
B C M 5 8 4 0
P RODUCT
Brie f
B C M 5 8 4 0 G I G A B I T S E C U R I T Y P R O C E S S O R
B C M 5 8 4 0 F E A T U R E S
S U M M A R Y O F B E N E F I T S
World’s first multi-gigabit security processor
• 2.4 Gbps wirespeed IPsec acceleration (3DES-CBC,
HMAC-SHA-1)
Highest performance security processor enables
security in high-bandwidth applications
•
•
• Enterprise routers
• Layer 3+ switches
• VPN appliances
• Edge and core routers
• Access concentration
• Firewalls
• AH and ESP support (DES, 3DES, HMAC-SHA-1,
HMAC- MD5)
No performance degradation for small packets
• Ensures highest performance in realistic conditions
• 3DES-CBC, new SA per packet
Sustainable 2.4 Gbps wirespeed on small packets
•
•
•
•
•
Flow-through architecture
• Order preservation logic on a per-direction basis
Fast path processing makes security ubiquitous
• Minimizes packet handling by processor
• Security processing occurs in-line
POS-PHY Level 3 interface
• 4.2 Gbps available bandwidth
•
•
•
On-chip security association storage and look-up
• CAM accelerated look-up supports 2048 SAs
IPsec-aware architecture optimizes security
processing
• Flexible packet processing options
• Packet header processing
Flexible packet processing options
• Can support unlimited SAs via in-band keying
• SAs can be looked-up on chip
• On-chip SA storage and look-up
On-chip packet header processing
• Automatically handles mutable fields
• Direct parsing of IPv4 headers
Scalability offers OC48 IPsec performance
•
•
•
Complete high-performance VPN solution
• BCM5840 for high-speed IPsec functionality
• BCM5820 for fast IKE (public key) functionality
• IPv4 header checksum calculation
Low-power 0.18u, 1.8V operation
208 MQFP package
•
•
VP N Gig a b it Tu n n e l S e rve r Ap p lic a t io n
Memory
Clear Traffic
BCM5402
Gigabit
Transceiver
Network
Processor
BCM5 8 4 0
Glue
Gigabit IPsec
Secure Traffic
Memory
P
C
I
Control
Processor
BCM5820
IKE
B C M 5
8
4
0
O V E R V I E W
9,000
8,000
7,000
6,000
ESP 3DES+SHA-1
ESP 3DES+MD5
SHA-1
5,000
4,000
MD5
3,000
2,000
1,000
0
500
1,000
1,500
2,000
2,500
Packet Size (bytes)
The BCM5840, the world’s first single-chip Gigabit security
processor, removes barriers to providing efficient, wire-speed
security across an entire LAN or WAN network infrastructure at
multi-Gigabit data rates. Broadcom’s latest security processor
sustains throughputs of 2.4 Gbps for wirespeed IPsec encryption
and authentication, regardless of packet size. The BCM5840
provides breakthrough performance, until now, unavailable in
commercial products, thereby enabling ubiquitous wirespeed
security in routers, firewalls, switches and accesses servers at
data rates up to full-duplex OC-48 (4.8 Gbps) using a BCM5840
in each direction.
The BCM5840’s on-chip SA storage utilizes a CAM accelerated
look-up and supports as many as 2,048 SAs on-chip.
Packet header processing in the BCM5840 includes the IPv4
header checksum and the handling of mutable fields associated
with the checksum calculation.
The BCM5840 is optimized to function as an IPsec co-
processor that off-loads computationally demanding
cryptographic operations for a host protocol processor. A typical
application might utilize a custom ASIC or network processor
unit (NPU) to receive outbound cleartext packets, perform
Security Policy Database (SPD) lookup, insert security headers,
access keys from a security association database (SAD), send
encapsulated packets along with keys to the BCM5840 for
encryption, receive encrypted packets from the BCM5840 and
update the SAD as needed.
The innovative BCM5840 sustains multi-Gigabit performance
for 3DES-CBC and HMAC-SHA-1 or HMAC-MD5 IPsec
processing. The unprecedented performance levels of the
BCM5840 are quickening the pace at which the Internet, in the
form of virtual private networks (VPN), is replacing expensive,
dedicated networks for remote access to corporate Intranets and
business-to-business transactions.
For inbound packets, the ASIC or NPU would lookup the
security association and associated key vectors, send the packet
and keys to the BCM5840 for decryption, receive decrypted
packets back, perform decapsulation on the cleartext packets,
update the SAD, verify that processing was consistent with the
SPD, and return successfully processed packets to the system.
Flexible enough to work in most applications, the BCM5840
utilizes a POS-PHY level 3 interface in its flow-through
architecture. Multiple keying mechanisms are supported,
allowing keys to be sent directly in-band with the packet or
stored in the on-chip security association (SA) cache.
Broadcom®, the pulse logo® and Connecting EverythingTM are trademarks of
Broadcom Corporation and/or its subsidiaries in the United States and certain other countries.
All other trademarks are the property of their respective owners.
Phone: 949-450-8700
FAX: 949-450-8710
Email: info@broadcom.com
Web: www.broadcom.com
BROADCOM CORP ORATION
16215 Alton Parkway, P.O. Box 57013
Irvine, California 92619-7013
© 2002 by BROADCOM CORPORATION. All rights reserved.
5840-PB01-R-3.5.02
相关型号:
BCM5848U
24-PORT FAST ETHERNET AND 2-PORT GIGABIT ETHERNET MULTILAYER SWITCH WITH ONE 10-GIGABIT ETHERNET/HIGIG+ PORT
BOARDCOM
©2020 ICPDF网 联系我们和版权申明