4 4450 Operation
4.1 4450 Chip Architecture
The 4450 FlowThrough Security Processor contains several processing units comprising two
major subsystems.
The “control path” subsystem contains the embedded Session Controller (eSC), Random
Number Generator (RNG), the Public Key processor and an RMII interface for an out-of-
band host control port or inter-chip communications in multi-chip applications. The eSC
subsystem hosts the IKE protocol & exception handling and provides public key and RNG
services.
ECC DDR2
SDRAM
32/39-bit
Memory Bridge
SA
RAM
RNG
Post
Crypto
Processor
(Fast Path)
Code
RAM
Policy
TCAM
eSC
(Control Path)
DPU
(Fast Path)
Control
Port
(RMII)
Data
RAM
Code
RAM
Public-Key
Engine
Data
RAM
RGMII/
RTBI
Bridge
N1
H0
H1
N0
Crypto
Engine 0
Post
Crypto
Proc. 0
Buffer
Buffer
Buffer
Buffer
Packet
Queue
Manager
SGMII/
SerDes
SGMII/
SerDes
N0
H1
H0
N1
Post
Crypto
Proc. 1
Crypto
Engine1
SGMII/
SerDes
SGMII/
SerDes
Figure 4-1. 4450 Block Diagram
The “fast data path” packet handling subsystem consists of all the blocks necessary for
packet parsing and classification as well as the blocks to perform IPsec and IPcomp
processing. Four full-duplex GbE MAC (Media Access Controller) cores provide the primary
packet I/O. The packets are automatically moved through the crypto-processing pipeline
via the Packet Queue Manager and DMA engines. The programmable DPU and PCP
processors perform hardware-assisted packet policy look-up, SA look-up, and packet
header and trailer processing.
4450 – Data Sheet, DS-0131-06
Page23
Hifn Confidential
EXAR [ EXAR CORPORATION ]
