"This really is an appropriate scale for a device - if you want to encrypt individual data streams on an OC48, you do that at the edges before feeding them to routers or muxes, so your PPP comment isn't relevant. It's an IPSEC processor, which says it's handling a combined big fat IP stream on a router/switch, not a bunch of layer 2 encapsulations of individual IP streams, so it's for people like big ISPs and big hosting centers and big LANs. If you're trying to do link encryption on arbitrary muxed SONET, that's a job for a physical layer raw-bits link encryptor, not IPSEC."
OK, I have to admit that my knowledge decreases exponentially after SONET hands of the signal.
But basically I was thinking about Packet-over-SONET (POS), which is "PPP encapsulated HDLC framed IP". So after the POS link was terminated, I imagined that this little device would basically now look at the raw IP and do some pre-processing before the packets hit either an NP or switch fabric. However, in the vast majority of commercial POS links, they're not mapped over a pipe as big as STS-48c...they'd be mapped over STS-3c or below. This would mean the device is not super-suitable for most SONET-mapped applications.
But I guess that's OK...it's not supposed to be. It's really geared for MAN/WAN Ethernet (which once in a while is mapped over SONET). But it always pisses me off when GbE=WAN in marketing product literature. Nobody actually runs GbE outside their TSB (Tall Shiny Building) or campus...yet (and to date there's no strong indication they will).
From: Bill Stewart <[EMAIL PROTECTED]> To: "Tyler Durden" <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Cavium Security Processor Date: Mon, 03 Mar 2003 14:14:15 -0800
At 11:23 AM 03/03/2003 -0500, Tyler Durden wrote:Maybe they actually plan on making their money from selling those SDKs! (Perhaps they hope for some trickle down from the all the $ startups get for making Powerpoint slides.)
And I see they don't really have an architecture suitable for SONET-mapped services...gotta be 1GbE or 2GbEs maped over OC-48 or a single 10GbE (802.11 WAN).
and some time around then, also wrote
> You'd need a chip for every POS/PPP/HDLC connection in the SONET signal.
> This could be a single connection (unlikely, OC-192c is rare), or hundreds
> (DS-1s? If not, 16 STS-3cs).
I don't know the SPI-3 / SPI-4 interfaces, but it sounds like this is meant to sit on the electronics side of things, not the optics, which you'd handle on separate components. Devices that say "2-10Gbps" are usually either talking about GigE (2Gbps for bidirectional) or OC48 or up to OC192 / 10GigE (though that really needs 20Gbps to cover both directions.)
This really is an appropriate scale for a device - if you want to encrypt individual data streams on an OC48, you do that at the edges before feeding them to routers or muxes, so your PPP comment isn't relevant. It's an IPSEC processor, which says it's handling a combined big fat IP stream on a router/switch, not a bunch of layer 2 encapsulations of individual IP streams, so it's for people like big ISPs and big hosting centers and big LANs. If you're trying to do link encryption on arbitrary muxed SONET, that's a job for a physical layer raw-bits link encryptor, not IPSEC.
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
