Video: Cavium Software Toolkits
We have the expertise to ensure your software is fully optimized so you get the highest possible performance from your Cavium technology.
Reduce Time to Market
CSS puts you on the most efficient development vector. In fact, we've helped many equipment manufacturers cut product development time in half.
Don't let needless risk threaten your project. We can help you recognize, prioritize and mitigate project risk factors.
IPSec Software Toolkit
Internet Protocol security (IPSec) is a framework of open standards for protecting communications over Internet Protocol (IP) networks through the use of cryptographic security services and can provides cryptographic security to the IP packets. Our IPSec toolkit provides end-to-end security, including authentication, confidentiality, data integrity and replay protection of data communications across a public network. This toolkit is optimized for maximum performance and supports all members of the OCTEON family of processors.
The following figure shows the location of the IPSec toolkit.
The IPSec toolkit, which runs in Simple Executive mode, can be used by any application that requires IPSec support. Our IPSec toolkit works in a Cavium multi-core environment and can be integrated with your own applications, where you have a great deal of control over which cores run the IPSec application.
The IPSec toolkit contains Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols, which define the header format for secured IP packets. The IP packets are secured using encryption/authentication algorithms and key material. Then ESP/AH headers are added. On the receiving end, the key material and encryption/ authentication algorithms are identified and an authentication check and decryption is performed on the packet to reveal the original clear packet.
The IPSec toolkit can be integrated with Internet Key Exchange (IKE) protocol software. IKE negotiates the Security Association (SA) between the end points. You can use the IPSec toolkit with any IKE stack with the included APIs.
The toolkit supports tunnel and transport mode operations. In tunnel mode, the entire original IP packet is secured and ESP/AH headers and outer IP headers are added to it. In transport mode, only the IP payload is secured and ESP/AH headers are inserted between the original IP header and secured payload. A Security Policy Database contains multiple security policies, including selectors, protocols, transforms and peer gateway information.
Other technical specifications include:
- IPv4/IPv6 ESP (Tunnel/Transport) (RFC 2406/4303)
- IPv4/IPv6 AH (Tunnel/Transport) (RFC 2402/4302)
- Anti-Replay Window (32 to 1024 bytes)
- Extended Sequence Number
- Fast inbound 3-tuple lookup
- Lifetime: byte
- Global and per SA Statistics
- Bundles support
- Selector checks
- NAT/UDP encapsulation
- NAT-T L4 Checksum compute/Update
- Qos/TOS copy support (inner to outer for tunnel)
- DF copy support (inner to outer for tunnel)
- Address copy support (inner to outer for tunnel)
- Jumbo packet support
- Tunnel Mode
- Transport Mode
- Pre and Post Fragmentation
IPSec Supported Cipher Suite:
- RFC 2405 : DES
- RFC 1851 : DES3-CBC
- RFC 3602 : AES-CBC (128/192/256)
- RFC 3686 : AES-CNTR (128/192/256)
- RFC 2410 : NULL
IPSec Supported Authentication Suite:
- RFC 2403 : MD5
- RFC 2404 : SHA1
- RFC 4868 : SHA2 (256, 384, 512)
- RFC 3566 : AESXCBC
- NULL (with ESP only)
By adopting hardware acceleration and software optimization, the IPSec toolkit achieves high performance in typical uses.
- Data throughput of 16 Gbps for 16 cores or 1 Gbps for 1 core with a packet size of 300 bytes (AES128,SHA1)
- Data throughput of 25 Gbps for 16 cores or 1.56Gbps for 1 core with a packet size of 1024 bytes (AES128,SHA1)
To learn more about our Protocol Analysis Toolkit, call us today: 650-623-7000