Intel Corp. is taking steps to bridge the gap between the dataplane and security processing in high-speed networking equipment designs by embedding security processing capabilities into the IXP2850, a 10-Gbit/second network processing unit unveiled at this week's Microprocessor Forum.

Security processing tasks are traditionally handled in networking equipment by an add-on card dedicated to crypto functions, like DES and AES, and by protocol functions such as IPSec and SSL. But with line rates on the rise, designers at both the system and chip level have been eyeing the movement of security processing tasks to the dataplane, sparking the development of security processors from companies like Layer N, Corrigent, NetOctave, Hifn, and Broadcom.

But standalone security processors have made only minor strides to date, finding use mainly in traditional add-in processing cards or as control-plane processors, leaving them as more of an adjunct to datapath processing tasks. "Security processors provide the crypto capabilities required in the dataplane," said Doug Carrigan, director of product strategy at Intel. But they fall short in delivering those capabilities at 10-Gbit/s line rates, he said. To be successful in 10-Gbit/s networks, security processors must perform packet-processing tasks like parsing and lookups, and most security processors don't deliver these packet-processing capabilities, Carrigan said.