2 Features
2.1 All VPN Processing On-chip
• All IPsec and IPcomp processing occurs on chip; Host CPU not affected by VPN
security
• Supports up to 256 on-chip policy entries (typically 128 per direction)
• Unlimited policy support via host-provided policy headers (EPP option)
• Up to 32,000 SA support via off-chip DDR2 SDRAM
• Optional IKE firmware available for execution in the on-chip eSC processor
2.2 High Performance
• Supports full duplex IPsec and IPcomp processing up to 4 Gbps data rates (2 Gbps
full-duplex)
• Policy look-up, SA look-up, and secure packet processing at up to 700K packets per
second (SDRAM enabled firmware)
• Performs all security processing through a single transit between host and network
ports
• Integrated, enhanced public-key processor
For complete details about performance differences between algorithms and modes on the
4450 with the latest SDK firmware, please see 4450/8450 Performance Application Note,
AN-0168. The 4450/8450 Product Release Note, RN-0118, for the SDK may also provide
additional performance information.
2.3 Supports All Standard IPsec and IPcomp Modes &
Algorithms
• IPsec in transport and tunnel modes: ESP with or without authentication enabled
• Full support for IPv4 and IPv6, including IPv4-in-IPv6 and IPv6-in-IPv4
• 128/256-bit AES (Advanced Encryption Standard) in CBC, CTR, GCM modes, DES/
3DES in CBC mode
• SHA-1, SHA-256, MD5, (with HMAC) and AES-XCBC-MAC for authentication
• IP payload Compression (IPcomp) with LZS support
• Public-key support includes RSA, DSA, and Diffie-Hellmann
• Supports up to 8,192-bit modular arithmetic and exponentiation for public key
operations (Note that the 4450/8450 Software Development Kit only supports
4,096-bit)
4450 – Data Sheet, DS-0131-06
Page18
Hifn Confidential