1 4450 Product Description
The 4450 is the 2nd generation security processor in the FlowThroughTM family. The 4450
security processor combines high performance throughput in a FlowThroughTM architecture,
supporting Internet Protocol Security (IPsec) and Internet Protocol Compression (IPcomp)
processing. A single packet can be processed through all three protocols in a pipelined
manner, if required. Secure Real-Time Protocol (SRTP) and IPsec are supported as a
prototype implementation in a single firmware build.
High Performance iSCSI & FCIP Security: The Hifn 4450 FlowThrough Security
processor supports complete IPsec and IPcomp protocol processing on a single chip.
Optimized for dual gigabit in-line applications, the 4450 Security Processor achieves up to
4Gbps (2 Gbps full-duplex) sustained performance with simultaneous encryption/
compression and authentication. At small packet sizes, the 4450 without IKE or SDRAM can
process up to 900,000 IPsec packets per second.
Protocol Support: The 4450 FlowThrough Security Processor performs Ethernet link
processing, security policy enforcement, Security Association (SA) look-up, and IPsec and
IPcomp packet processing. The 4450 offers complete support for both IPv4 and IPv6
protocols and supports Jumbo (9022 byte) Ethernet frames. The host configures the
security policy database (SPD), and the 4450 stores the security association database
(SAD) context data for each security association in its on-chip memory or in off-chip DDR2
SDRAM.
The 4450 Security Processor is the ideal bump in the wire (BITW) flow-through security
solution for iSCSI Host Bus Adapters (HBAs), iSCSI Target Bus Adaptors (TBAs), SAN
switches, FCIP bridges, storage routers & appliances, storage arrays (RAID), storage
servers, and secure TCP Offload Engine (TOE) card applications. The 4450 also supports
RFC3948 NAT traversal using ESP over UDP.
Simple System Interfacing: The 4450 is designed to easily and seamlessly interface with
Gigabit MACs and PHYs, including all leading Storage Processors, TOEs and Gigabit Ethernet
Switch and MAC devices, providing a turnkey security/compression solution with minimal
development effort. It provides two independent pairs of gigabit Ethernet interfaces, that
gluelessly connect to standard RGMII/RTBI/SGMII or SERDES Interfaces on both the Host
and Network ports. GMII/TBI are also available on the Host-side interfaces. The network-
side and host-side interfaces may be configured differently, allowing the 4450 to provide
interface conversion. The 4450 GMII (Host Only), and RGMII/SGMII (Host/Network)
Interfaces can also be run in 10/100 speeds for Fast Ethernet applications. Both the Host-
side and Network-side interfaces are independently configurable as either PHY or MAC
personality.
On-Chip RAM: Integrated on-chip RAM is used for SPD, SAD, packet processing, Public
Key processing, and RNG Processing. On-chip packet buffering enables optimal processing
performance with minimal processing latency. The 4450 can store up to 200 SA's in on-chip
memory for low tunnel-count systems. The number of SA's supported on-chip may vary
depending on the software release and the supported features. Please refer to the Product
Release Notes, RN-0118, for additional information.
4450 – Data Sheet, DS-0131-06
Page16
Hifn Confidential
EXAR [ EXAR CORPORATION ]
