Chapter 2 Cisco 3270 Rugged Router Card

Cisco 3270 Rugged Router Card Encryption Module

The integrated security engine (SEC 2.0) is optimized to handle all the algorithms associated with IP security (IPSec), Secure Sockets Layer (SSL)/Transport Layer Security (TLS), Secure Real-time Transport Protocol (SRTP), 802.11i, Internet Small Computer System Interface (iSCSI), and Internet Key Exchange (IKE) processing. The security engine contains four crypto channels, a controller, and a set of crypto execution units (EUs). The security engine can act as a master on the internal bus. This allows the security engine to alleviate the data movement bottleneck normally associated with slave-only cores.

The host processor accesses the security engine through device drivers, using system memory for data storage. The security engine resides in the peripheral memory map of the processor; therefore, when an application requires cryptographic functions, it simply creates descriptors for the security engine that define the cryptographic function to be performed and the location of the data.

The security engine bus-mastering capability permits the host processor to set up a crypto-channel with a few short register writes, leaving the security engine to perform reads and writes on system memory.

Security Engine Features

The execution units are:

Public Key Execution Unit (PKEU) supporting the following:

RSA and Diffie-Hellman

Programmable field size up to 2048 bits

Elliptic curve cryptography

Data Encryption Standard Execution Unit (DEU)

DES, 3DES

Two key (K1, K2) or Three Key (K1, K2, K3)

Electronic codebook (ECB) and cipher-block chaining (CBC) modes for both DES and 3DES

Advanced Encryption Standard Unit (AESU)

Implements the Rinjdael symmetric key cipher

Key lengths of 128, 192, and 256 bits

ECB, CBC, Counter with CBC-MAC (CCM), and Counter modes

ARC Four execution unit (AFEU)

Implements a stream cipher compatible with the RC4 algorithm

40- to 128-bit programmable key

Message Digest Execution Unit (MDEU)

SHA-1 with 160-bit or 256-bit message digest

MD5 with 128-bit message digest

Keyed-Hash Message Authentication Code (HMAC) with either SHA or MD5 algorithm (HMAC-MD5 or HMAC-SHA)

Random Number Generator (RNG)

Cisco 3200 Series Router Hardware Reference

 

OL-5816-10

2-7

 

 

 

Page 43
Image 43
Cisco Systems 3200 manual Cisco 3270 Rugged Router Card Encryption Module, Security Engine Features

3200 specifications

Cisco Systems 3200 Series routers are designed to deliver high-performance, reliable networking solutions for enterprise and service provider environments. They are part of Cisco's extensive portfolio that addresses the challenges of modern networking, particularly in connecting remote offices and branch locations efficiently and securely.

One of the standout features of the Cisco 3200 Series is its scalability. The routers support a variety of modular interfaces, allowing organizations to tailor their network infrastructure according to specific needs. This modularity ensures that as businesses grow and their networking requirements evolve, the Cisco 3200 can adapt without necessitating a complete overhaul of existing hardware.

Security is another critical characteristic of the Cisco 3200 routers. They incorporate robust security features such as integrated firewall capabilities, advanced encryption standards, and Virtual Private Network (VPN) support. This ensures that sensitive data transmitted over the network is protected from potential threats, making them ideal for businesses that prioritize security, especially in regulated industries.

Performance-wise, the Cisco 3200 is equipped with advanced processing capabilities, enabling it to handle high data throughput even in demanding environments. This performance is bolstered by the use of Cisco's proprietary technologies, such as Quality of Service (QoS) and traffic shaping, which allow the prioritization of critical applications to ensure seamless connectivity.

The router series also benefits from Cisco's extensive software ecosystem, which includes Cisco IOS (Internetwork Operating System). IOS provides a familiar interface for network administrators, alongside a wealth of features for configuration and management. Furthermore, the Cisco 3200 Series is designed to integrate with Cisco's Application Policy Infrastructure Controller (APIC) and Software-Defined Networking (SDN) solutions, offering enhanced flexibility in managing network resources.

Connectivity options for the Cisco 3200 Series are extensive, offering support for various WAN technologies, including MPLS, LTE, and broadband internet. This versatility enables organizations to choose the best connectivity solutions according to their geographic and operational requirements.

Finally, the Cisco 3200 Series routers are built with reliability in mind. They are designed for high availability and redundancy, ensuring that network services remain uninterrupted in the event of hardware failures or maintenance activities.

In conclusion, Cisco Systems 3200 routers represent a comprehensive networking solution, combining scalability, security, performance, and reliability, making them a preferred choice for organizations looking to enhance their networking infrastructure in a dynamic digital landscape.