SSL Acceleration .info |
Saturday, 31-Jul-2010 14:11:14 GMT |
TidbitsSun SPARC systems have builtin hardware crypto support and Apache software modules to use them. These machines are quite expensive. See T1000, T2000, and T5xxx models. Ever heard of the VIA C7 processor? There is a new sub-notebook "HP 2133 Mini-Note PC" that uses this processor although the chip seems to be a couple years years old already. Anyway, if you look at the brochure for this chip it claims to have hardware RSA support. I was very excited when I started reading this brochure, and less and less excited as I read on. The chip merely has some extra CPU instructions that help developers write faster multiplication loops so that existing modular exponentiation is improved. Unfortunately they are comparing apples with sea horses. Core 2 Duo and AMD64 can do RSA much faster than the VIA C7 in 64-bit mode, just not in the 32-bit mode with which they seem to be comparing. See "THE 64-bit FACTOR" to the right. So this processor would be really good for making a low-power SSL terminator router appliance. There seems to be a Linux PC, the TC2502 (gPC) that has this chip in it. But no software seems to make use of this nice feature. Pcworld.com says "The machine uses a 1.5GHz Via C7-D processor, Via UniChrome Pro IGP graphics core, and comes equipped with 512MB of memory, an 80GB hard drive, a DVD-ROM/CD-RW combo drive, and has built-in Ethernet."
Crypto Accelerator Chips - "Security Processors"Perhaps these chips are intended for IPSEC VPN tunnels, and less so for SSL. IPSEC is a slightly different application, and being packet based, it is probably easier to couple the crypto and the Ethernet mac.
BroadcomBroadcom makes a chip, the BCM5862 (brochure), that does 14000 RSA per second. But can you pass your RSA data between this chip and your PC fast enough to ever see 14000 new SSL connections per second? Myself I tested 1900 new SSL connections per second on a predecessor to this chip, the BCM5825. SSL is a complicated protocol. It is also layered on top of TCP. The accelerator needs to be tightly integrated with the processor. The designers of the chip are probably best equipped to integrate the whole thing - perhaps they have reference boards that combine a fast 64-bit processor, and the BCM5825, and a gigabit ethernet MAC. *shrug*
Cavium NetworksThis company has similar chips to BroadCom: http://www.cavium.com/pdfFiles/NITROX_PX_PB Rev 1.1.pdf |
|