Microwave Engineering Europe - December 2008 - (Page 26) 26 WIRELESS ACCESS POINTS an important purchasing consideration for a growing number of consumers. Developing low power 802.11n APs is a substantially different prospect compared to 802.11a/g designs given the increase in bandwidth, as well as the need of a dedicated application processor. With 6 W already accounted for by the presence of both 5 GHz and 2.4 GHz radios (3 W for each radio module), managing the remaining power budget early in the design process becomes increasingly critical. By assessing the needs of the market, it’s clear that developers of APs will need alternatives to off-the-shelf processors that consume between 4- and 5-W. Some of the processors used in AP designs today operate at lower frequencies and provide virtually none of the hardware-based security capabilities required for new AP designs. Processors using less than 2 W at 533 MHz for the entire chip will be essential to meet the demands of 802.11n access point system developers. Additionally, the processor will need to provide dual Gigabit Ethernet interfaces, hardware-based security acceleration and USB 2.0 support at less than half the power of competing devices. Offering all of these features in a host processor that operates at less than 2 W allows designers to meet tight power budget constraints. Differentiation through security While wireless access grants users greater mobility and freedom, such open accessibility also exposes networks to undesirable intrusion. Security over the wireless link itself is enabled using 802.11i-based security (also known as WPA2) and is typically managed by the wireless radio. However, the connection from wireless AP to the enterprise network can also present security vulnerabilities and so, in order to achieve comprehensive security, the wired connection needs a security layer of its own. For 802.11a/g APs, lack of processing resources on the radio chip made it unreasonable to implement security over the wired link without using an inline coprocessor. As these coprocessors significantly impacted system cost, many manufacturers were unable to support comprehensive security. The infeasibility of implementing such security, however, did not reduce its need. With a new generation of embedded processors, comprehensive security for both wireless and wired links becomes possible through an integrated security engine that avoids the cost and complexity of an external security coprocessor. The ideal security engine should support IPSec, SSL, and DTLS security protocols, and incorporate Figure 3: An integrated Turbo Security Engine – with support for standard IPSec, SSL, and DTLS security protocols, as well as Public Key Acceleration and True Random Number Generation – enables cost-effective wiredside security such as Virtual Private Network (VPN) processing in next-generation access points and gateways. Full header/ trailer protocol processing, as well as a direct connection to the Processor Local Bus (PLB), simplifies the packet processing pipeline while eliminating unnecessary latency when working with secure traffic. Public Key Acceleration and True Random Number Generation, enabling administrators to bring security services such as Virtual Private Network (VPN) processing out to the edge of the wired network. By being fully compatible with FIPS-140-2 and ANSI X9.17 Annex C, the security engine can maximize it’s performance and design versatility. The availability of integrated hardwareaccelerated security processing of 802.11n packets at up to 500 Mbps data rates will quickly make support for wired security a key differentiating feature in next-generation enterprise wireless APs (See Figure 3). In contrast to security implementations from the previous generation of processors, an integrated security engine that supports full header/trailer protocol processing reduces the CPU workload while increasing the throughput. While other hardware security measures require multiple passes to handle headers, trailers, and payload security processing, a security engine with header/trailer processing capability performs all these tasks in a single pass. From a design standpoint, single-pass processing simplifies the packet inspection pipeline since packets do not have to be temporarily stored during multiple passes or interleaved with other packets waiting to be processed. Additionally, the security engine should be directly attached to the processor’s main data bus and operate at the same frequency. This will maximize the security engine performance, allowing it more direct access to the CPU core, system memory and high speed IO, such as Gigabit Ethernet and PCI Express, thereby eliminating any unnecessary latency when processing secure data traffic. An integrated, single-pass security engine with header/trailer protocol processing can also give designers greater flexibility in their choice of packet inspection implementation. By providing an integrated security engine, together with the drivers, and an API, designers are given the option of implementing the packet inspection software for of their choice with the packet engine, whether proprietary or open source. The complete offering In order to process 802.11n traffic without bottlenecks, developers need scalable and versatile platforms that provide a high level of integration to simplify design. These platforms should also enable faster time-tomarket, and substantially lower system BOM cost. AMCC has optimized its PowerPC 405EX and 405EXr processors to deliver this level of performance, power efficiency, and integrated security for wireless applications. AMCC is recognized as the market leader in enterprise Wi-Fi AP designs over the years by carefully assessing customer needs and providing processors that are ideally suited for their needs. This is why the PowerPC 405EX and 405EXr can deliver the performance, integration and efficiency for under $20. But wireless AP developers are always interested in more than just device features. When considering a processor for a line of products, they should also consider the ecosystem that supports the processor. Crucial items such as third-party development tools, operating systems, turnkey software, development kit ease-of-use and reference design availability are all significant factors when making the right choice. In fact, a company called Syncromesh developed a whitepaper on the importance of system designer’s development kit experience and how it figures prominently into the selection of an embedded processor. For more information, go to: www.amcc.com /Company/SynchromeshComputing_AMCC_ OOB-Final-copyright.pdf. Microwave Engineering Europe ● December 2008 ● www.mwee.com http://www.amcc.com/Company/SynchromeshComputing_AMCC_OOB-Final-copyright.pdf http://www.amcc.com/Company/SynchromeshComputing_AMCC_OOB-Final-copyright.pdf http://www.mwee.com
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.