750 University Avenue
Los Gatos, CA 95032
408.399.3500 tel
408.399.3501 fax
info@hifn.com
www.hifn.com
Easy Integration
The Hifn FlowThrough design enables easy integration
into a variety of systems, including I/O blades in VPN
appliances, Secure Network Interface Cards (NIC’s),
and Media Gateway appliances.
The 8450 supports four full-duplex 10/100/1000
Ethernet interfaces and is typically inserted between
the network processor or GMAC, and an Ethernet
PHY. A wide selection of industry-standard Ethernet
interfaces, including RGMII/RTBI, SGMII and SerDes,
for both the host and network, are supported in the
8450. Additionally, the GMII/TBI interface modes are
supported on the host ports. The network- and host-
side interfaces may be configured differently, allowing
the 8450 to provide interface conversion. These
flexible interface options allow glueless interfacing in
most systems.
The control interface to the 8450 is typically achieved
using in-band Ethernet frames via the Host Interface.
An additional 100Mbps Ethernet RMII port allows
for an optional out-of-band control port interface
to the device if desired. The RMII port may also be
used to establish an inter-chip link or control path for
multi-chip designs.
The 8450 supports a 32/39-bit DDR2 SDRAM with
optional ECC error protection. The memory interface
provides for additional SA record storage should
more than 200 SAs be required. This feature is also
necessary if IKE and/or fragment reassembly is being
executed on-chip.
Features and Benefits
Single-chip, low-cost solution
• 4Gbps IPsec/IPcomp/SRTP processing (Dual Full
Duplex GigEthernet) for large packets
• Minimal part count: one bank of inexpensive DDR2
SDRAM required only for on-chip IKE or extended SAs
FlowThrough security processing
• In-line IPsec, IPcomp, and SRTP protocol and
algorithm processing
• Streamlined and optimized for VPN applications
• On-chip hardware Public Key accelerator
• Optional on-chip IKE processing
• Complete IPsec/IKE integration for easy system
implementation
Optimized for Layer-2 and Layer-3 Security
• 200 SAs supported on-chip
• 1M SAs with external DDR2 SDRAM
• 256 on-chip policy entries (128 per direction)
IETF/IEEE Compliant Functionality
• Supports IPsec ESP, AH & IPcomp
• Tunnel and Transport modes
• Performs SRTP packet security processing (AES-
CM and SHA-1)
• Full support for IPv4 and IPv6, including IPv4 in
IPv6 and IPv6 in IPv4.
• AES (CBC, CTR, CCM, GCM), DES/3DES, SHA-1,
SHA-256, MD5, AES-XCBC-MAC
Specifications
• .13μ process, 324 low-profile BGA (19mm square)
• ~2.5W Typical Power Dissipation
• RoHS Compliant package
Ordering Information
Two options are available for these parts. Add the
appropriate suffix to the part number. Both options
can be added to either part:
• Add “-K” to add an IKE license
• Add “I” to order Industrial Temperature Grade parts
Part Number Speed Package
8450HG/2 200 MHz 324 HSBGA
(RoHS compliant)
8450HA/2 200 MHz 324 HSBGA
(RoHS-5 compliant)
Applied ServiceS proceSSor – 8450
APPLICATIONS
• VPN Appliances
• Secure NIC Card for Servers
• Security Routers
• Media Gateways
STANDARDS
• RFC 4301 – IPsec
• RFC 3173 – IPcomp
• RFC 2395 – LZS with IPcomp
• RFC 4303 – ESP Encryption
• RFC 2403 – HMAC-MD5
• RFC 2404 – HMAC-SHA-1
• RFC 3610 – CCM Mode
• RFC 4106 – GCM Mode
• RFC 3711 – SRTP
© 2007 by Hi/fn, Inc. Patent pending. Diversion contrary to U.S. law prohibited. Hifn and FlowThrough are trademarks of Hi/fn, Inc. Hi/fn and LZS are
registered trademarks of Hi/fn, Inc. All other trademarks are the property of their respective owners. PB-8450-ver5.
DDR2
SDRAM
8450
RGMII
RGMII RGMII
RGMII
Dual 1 Gbps
GMAC
or
Network
Processor
Dual
GigE
PHY
PCI-X