Intel Corp. (Nasdaq: INTC) plunged into security processing this week by adding cryptography engines to its highest-end network processor.

The resulting IXP2850, announced at this week's Microprocessor Forum in San Jose, Calif., represents Intel’s first foray into the security market. Other chip vendors such as Hifn Inc. (Nasdaq: HIFN) or Broadcom Corp. (Nasdaq: BRCM) sell separate chips that can run alongside a network processor or a more conventional microprocessor, but Intel is skipping that step by merging security hardware with a network processor -- a move that could spell trouble for security processors.

"Intel's trying to absorb the security-processor market,” says Linley Gwennap, president of consulting firm The Linley Group. “In typical Intel fashion, you add other functions onto your processor and put those guys out of business."

Other companies such as Agere Systems (NYSE: AGR) have tinkered with the idea of integrating security functions in their network processors (see Agere, Hifn Team on Securityand Agere and Intoto, too!). But Agere lacks Intel's reputation for absorbing entire markets.

For now, Intel is tackling very high- and low-end systems. The IXP2850 is derived from the IXP2800, which targets 10-Gbit/s line speeds. And back in February, Intel released the IXP425, a network processor with encryption hardware included, targeting low-end boxes such as enterprise routers (see Intel: The Prince of Processors?).

For both chips, Intel developed its own hardware to handle the DES, triple DES, AES, and SHA-1 encryption standards. In the case of the IXP2850, Intel had left room in the IXP 2800 to add these hardware blocks, because potential customers had shown enough interest in security. “We thought about adding crypto [to the IXP2800] as we were building it from the ground up,” says Rajneesh Gaur, Intel senior product marketing manager.

The IXP2850 won't run at a full 10 Gbit/s, however. Like an airport gate, a network processor bogs down as more security functions are added. The IXP2850 aims for systems that will see an actual throughput of 2 Gbit/s to 6 Gbit/s, Gaur said.

That's heartening news for the likes of Corrent Corp., a security-chip startup that's targeting full-blown 10-Gbit/s processing. It’s possible that network processors might absorb all of Corrent's functions, but that won’t happen “until four or five years from now,” says Richard Takahashi, Corrent CEO. In the intervening time, he adds, Corrent hopes to stay one step ahead of the integration monster by expanding into areas such as firewalls.

Other security-chip firms like Hifn are moving in similar directions, says Linley Gwennap. But he notes that it can take years to distill these functions into a chip. Firewall incorporation, for example, involves getting software to recognize hundreds of possible traffic types, a level of complexity that might give veterans like Hifn an edge over relative newcomers like Corrent. “The thing to keep in mind is, Hifn has been working on this firewall technology for three years. It’s not easy."

The IXP2850 is due to ship in the second quarter of 2003, at a price of $725.

— Craig Matsumoto, Senior Editor, Light Reading
www.lightreading.com