Hardware

CLP Security Modules

CLP-25: Configurable IPsec Engine

The CLP-25 engine bridges the gap between raw cryptographic offload and complete IPsec offload. The IPsec Offload Engine combines hash and cryptographic engines, a special purpose DMA engine, and ESP/AH packet processing logic to offload most of the IPsec protocol from the host processor. The SDMA block alleviates bandwidth on the system bus through dual targeting of the hash and encryption cores. The CLP-25 engine can be tailored to achieve throughput from 40 Mbps up to 1Gbps. The design integrates silicon proven ciphers and hashing cores into a single, configurable IPsec engine.

Key Features:

The following is a complete list of features supported by the CLP-25. A particular implementation of the design will typically support a subset of these features.

• AES-CBC mode cipher supporting 128, 192 and 256-bit key sizes
• DES-CBC mode cipher supporting 56 and 168-bit (3DES) key sizes
• HMAC-MD5 and HMAC-SHA-1 mode hash
• Configurable command and status FIFOs up to 256 entries deep
• Supports interrupt coalescence to enhance overall system throughput
• AH & ESP mode processing
• Transport mode processing
• Tunnel mode processing
• Extended Sequence Numbers
• Scatter-gather DMA based packet memory architecture

Applications:

• IPsec
• Gateways
• VPN Appliances
• Edge Routers

Search