x
Optical/IP

Intel Moves on Security

Intel Corp. (Nasdaq: INTC) plunged into security processing this week by adding cryptography engines to its highest-end network processor.

The resulting IXP2850, announced at this week's Microprocessor Forum in San Jose, Calif., represents Intel’s first foray into the security market. Other chip vendors such as Hifn Inc. (Nasdaq: HIFN) or Broadcom Corp. (Nasdaq: BRCM) sell separate chips that can run alongside a network processor or a more conventional microprocessor, but Intel is skipping that step by merging security hardware with a network processor -- a move that could spell trouble for security processors.

"Intel's trying to absorb the security-processor market,” says Linley Gwennap, president of consulting firm The Linley Group. “In typical Intel fashion, you add other functions onto your processor and put those guys out of business."

Other companies such as Agere Systems (NYSE: AGR) have tinkered with the idea of integrating security functions in their network processors (see Agere, Hifn Team on Securityand Agere and Intoto, too!). But Agere lacks Intel's reputation for absorbing entire markets.

For now, Intel is tackling very high- and low-end systems. The IXP2850 is derived from the IXP2800, which targets 10-Gbit/s line speeds. And back in February, Intel released the IXP425, a network processor with encryption hardware included, targeting low-end boxes such as enterprise routers (see Intel: The Prince of Processors?).

For both chips, Intel developed its own hardware to handle the DES, triple DES, AES, and SHA-1 encryption standards. In the case of the IXP2850, Intel had left room in the IXP 2800 to add these hardware blocks, because potential customers had shown enough interest in security. “We thought about adding crypto [to the IXP2800] as we were building it from the ground up,” says Rajneesh Gaur, Intel senior product marketing manager.

The IXP2850 won't run at a full 10 Gbit/s, however. Like an airport gate, a network processor bogs down as more security functions are added. The IXP2850 aims for systems that will see an actual throughput of 2 Gbit/s to 6 Gbit/s, Gaur said.

That's heartening news for the likes of Corrent Corp., a security-chip startup that's targeting full-blown 10-Gbit/s processing. It’s possible that network processors might absorb all of Corrent's functions, but that won’t happen “until four or five years from now,” says Richard Takahashi, Corrent CEO. In the intervening time, he adds, Corrent hopes to stay one step ahead of the integration monster by expanding into areas such as firewalls.

Other security-chip firms like Hifn are moving in similar directions, says Linley Gwennap. But he notes that it can take years to distill these functions into a chip. Firewall incorporation, for example, involves getting software to recognize hundreds of possible traffic types, a level of complexity that might give veterans like Hifn an edge over relative newcomers like Corrent. “The thing to keep in mind is, Hifn has been working on this firewall technology for three years. It’s not easy."

The IXP2850 is due to ship in the second quarter of 2003, at a price of $725.

— Craig Matsumoto, Senior Editor, Light Reading
www.lightreading.com

Off_the_shelf 12/4/2012 | 9:32:21 PM
re: Intel Moves on Security How can Intel possibly say they will have this part in 2Q03 when they won't even have the IXP2800 until 2Q03? The marketing folks should really back off and talk to the product folks once in a while. Some people might get tired of this "wolf" story.
SiVlyGuy 12/4/2012 | 9:32:20 PM
re: Intel Moves on Security The IXP2850 aims for systems that will see an actual throughput of 2 Gbit/s to 6 Gbit/s

I thought the IXP2800 was a 10G (simplex) NP.
The press release from Intel also implied that the 2800 was delayed in favor of this 2850.
Seems like Cart Before the Horse.
edgecore 12/4/2012 | 9:32:17 PM
re: Intel Moves on Security
What is really going on with NPU's?

Intel seems to have some that are being accepted, AMCC seems to be the market "experts", Motorola seems to be nowhere with their architecture, IBM is in and out and in again...the market is a fraction of what Intel seems to invest in it...

Are NPU's a module that can be bought off the shelf to save money, or is developing data plane ASIC's a competitive advantage of telecom OEM's that they are not willing to let go of?

Hardware/Software engineers, any thoughts

EC
BobbyMax 12/4/2012 | 9:32:14 PM
re: Intel Moves on Security By the end of the year the cocept of network processors had almost disappeared. To the best of my knowledge, there is not much demand for the NPUs.

Intel is very brused now and it has no place to go. There are no tricks it can play. The stock is down to $13.50 with further possibility of drop.


It appears INtel thinks that it has perenial market for its products. IT wishes that PCs would be replced every six months.

The chip market size is going down every year. So it is unclear what tricks Intel is going to pull out.
SiO2 12/4/2012 | 9:32:14 PM
re: Intel Moves on Security edgecore writes:

> What is really going on with NPU's?
>
> Intel seems to have some that are being
> accepted, AMCC seems to be the market
> "experts", Motorola seems to be nowhere
> with their architecture, IBM is in and
> out and in again...the market is a fraction
> of what Intel seems to invest in it...

IBM (4GS3), Motorola (C5), and Intel (IXP)
have been pretty dominant in this space,
although the space has cooled off considerably
with the downturn. AMCC (by way of MMC) had a
decent mkt footprint, but their offerings are
getting a bit long in the tooth ... and the
roots of their chipset is still clearly in
ATM.

To me, the most recent interesting development
was Intel announcing its 0.09 micron mfg process,
which represents the latest iteration of
Moore's Law. Chips using this process
are said to sample late 03. But, what
is really interesting about it is that
the process provides the potential
capability of integrating 10G SERDES
onto their NPUs.

The IXP 2850 mentioned in this article
is still vaporware, as is the chip that
its based on (the 2800), so I won't
really talk about it other than to say
that it would present problems for folks
like HiFn, if realized. Clearly targets
secure VPN, as discussed in the article.

> Are NPU's a module that can be bought
> off the shelf to save money, or is
> developing data plane ASIC's a competitive
> advantage of telecom OEM's that they are
> not willing to let go of?

The real router cowboys would probably
eschew COTS NPU devices in lieu of
rolling their own in order to more
keenly differentiate their product.
However, its likely that virtually
all of the vendors targeting spaces
like SAN QoS, Service Creation, GGSN/SMS,
and higher layer content switching will
use COTS NPUs due to time-to-market and
lack of in-house IP expertise.

You may want to check out NPC West
next week in San Jose. The URL is
http://www.networkprocessors.c....

SiO2



AAL5 12/4/2012 | 9:32:11 PM
re: Intel Moves on Security
Subject says it all.

AAL5
MrLight 12/4/2012 | 9:28:13 PM
re: Intel Moves on Security Good post SiO2 on NPUs.

I would like to add a refence to one of my posts on the subject http://www.lightreading.com/bo... and on the "Secretive Seranoa scores $15.75M" thread and RoutedWorld post http://www.lightreading.com/bo... on the same thread.

I would like to add to a few of your statements:

SiO2"The IXP 2850 mentioned in this article
is still vaporware, as is the chip that
its based on (the 2800), so I won't
really talk about it other than to say
that it would present problems for folks
like HiFn, if realized. "

Definitely, the IXP2800 is not out [I try to avoid the vaporware term], and probably won't be out in the .13 process but rather in the .09, which will push its availabilty date out.

SiO2"The real router cowboys would probably
eschew COTS NPU devices in lieu of
rolling their own in order to more
keenly differentiate their product.
However, its likely that virtually
all of the vendors targeting spaces
like SAN QoS, Service Creation, GGSN/SMS,
and higher layer content switching will
use COTS NPUs due to time-to-market and
lack of in-house IP expertise."

Absolutely. Cisco is the classic on this. See http://www.lightreading.com/bo... in the "switching silicon goes scaleable thread".


MrLight :)
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE