0 Replies Latest reply on Nov 20, 2008 12:43 PM by EricEtheridge

    Cutting Network Security Costs

    Community Member

      Congratulations to Advantech for developing a new generation of solution for mid-size VPN appliances. Reading “Help Cut Network Security Cost”, I became very curious about how they built the FWA-3240. Maybe it is because my current evening entertainment involves repairing the controller for my Asteroids Deluxe machine (I’m thinking one of the 27 year old ROMs has forgotten a bit), but I wanted to see the register or, as it turns out, the command descriptions for the EP80579’s Acceleration and Security Services Unit. This I am not finding, but there is an API for driving these functionalities. Is this style of embedded development the predominant paradigm now? I am familiar with squeezing the most performance and minimum memory foot print out of whichever processor I am developing for. Having the common low level functionalities packaged moves the development up a level to system integration rather than bit banging. Presumably, we are talking about the same amount of engineering effort for an appliance with a considerably larger suite of functionality.


      With some eight fold increase in VPN throughput and lots of head room on the CPU, what are the architectural elements of the EP80579 vs. the add-on, PCI Crypto accelerator that enable this new benchmark? There could be several sources of these performance enhancements. Does the FWA-3700 have some hardware based packet classification or processing, or are these accelerations unique to the FWA-3270 with Quick Assist technology? Is the EP80579’s crypto engine faster than the PCI Crypto accelerator? Or, is a large part of this speed up afforded by removing the PCI express pipe from the packet pipeline?


      It has been a while since I checked in on IP security evolution and these Time To Live, Initial Sequence Number, and IPID scramblings are pretty interesting. The FWA-3700 does not appear to provide hardware acceleration for these functionalities. In the broader scope of Network Security, I suppose I was hoping to see some accelerated support for 3GPP, 3GPP2, and/or VoIP style securities. Some candidates here would be RANAP, A5/1, or BEANO.


      Any comments or suggestions?


      Message was edited by: Eric Etheridge See original article at: http://communities.intel.com/servlet/JiveServlet/downloadBody/2344-102-1-3282/Advantech_v11_cm.pdf