The IPsec/TLS Multi-protocol PDU Processor addresses today's security needs for a wide range of applications, including residential gateways, VPN and gateway appliances, LTE small cells, terminal servers and thin clients.
Network security protocols are computationally intensive, typically consuming a high percentage of the application processors' processing power. The IPsec/TLS Multi-protocol PDU Processor is a versatile processor, with a highly configurable architecture that can be tuned to provide the exact functionality required for specific applications, while allowing SoC manufacturers to efficiently balance power, performance and area.
The IPsec/TLS Multi-protocol PDU Processor offers Gigabit range performance by parsing and processing the ESP/AH and SSL/TLS/DTLS packet transforms, performing the cryptographic operations and maintaining the security state in a structure designated as a Security Association (SA). The internal state-of-the-art DMA engine has the ability to efficiently gather a packet from a fragmented memory buffer for processing, operate on the packet, then scatter the processed packet back to a fragmented memory, while avoiding memory copies to make fragmented packets/records contiguous. The level of protocol processing, plus the addition of SA management by the protocol engine directly in system memory, minimizes the overhead on the application processor, thus allowing today's high bandwidth requirements to be easily achieved in a wide range of networking applications.
Many applications have low latency requirements for certain data traffic. The IPsec/TLS Multi-protocol PDU Processor supports enhanced traffic management via the Quality-of-Service (QoS) feature which allows latency sensitive traffic to be placed into high priority queues and simultaneously manage larger packets through the low priority queues to ensure that the overall system performance objectives are achieved.
The IPsec/TLS Multi-protocol PDU Processor is delivered with software development kits, tools and drivers to allow for a seamless system integration into embedded Linux environments, ARM-based platforms and other systems.
- Highly configurable, proven security processor
- IPsec Protocol
- Complete ESP and AH packet transforms
- Full IPv4 and IPv6 support
- Tunnel and Transport mode
- Header and trailer processing
- Replay check with 32, 64, 128 or 256 packet window
- RFC-2403, 2404, 2405, 3566, 3602, 3686, 4106, 4301, 4302, 4303, 4304, 4309, 4434, 4494, 4543, 4868
- SSL / TLS / DTLS Protocols
- SSL 3.0 (RFC-6101)
- TLS 1.0, TLS 1.1, TLS 1.2 (RFC-2246, 4346, 5246)
- DTLS 1.0, DTLS 1.2 (RFC-4347, 6347)
- Full record processing
- Built-in scatter / gather DMA capability offloads system CPU
- Optimal bus utilization
- Command and status FIFO depth selection allows interrupt coalescence
- Dual-clock domain capability
- Support for big- or little-endian
- Configurable 32- or 64-bit bus interfaces
- AMBA AXI-3, AXI-4
- AMBA AHB
- Lower level
- Silicon proven
- Highly integrated
- Optimized for maximum performance and minimum footprint
- Best-in-class hardware offload for VPN applications
- Multiple contexts handled in hardware to support multiple connections with minimal software overhead
- Fully integrated with Linux Kernel and user space drivers
- Available TLS/SSL application SDK
- SoC / ASIC developers and embedded system OEMs benefit from
- Reduced time to market
- Reduced risk
- Highly tuned solutions for performance, power and size
- IP developed by industry experts through a structured and rigorous development and verification program
- World-class support
Block Diagram of the IPsec/TLS Multi-Protocol PDU Processor