Cavium's recent Nitrox II announcement led me to wonder how a startup could, in a single year, roll out a product line offering both IPsec and SSL from 100 Mbits/second to 10 Gbits/s. The answer lies in the company's highly flexible chip architecture.

Most chip designers face a trade-off between putting functions in hardware (hardwired function units) or in software (programmable elements). Except at a few processor vendors, the balance usually tips toward hardware, which is generally faster and uses less power than a soft implementation. This method, however, requires designing a new set of logic for each algorithm and protocol supported.

Cavium took a different tack, designing a programmable processor called GigaCipher that contains special function units to accelerate cryptographic operations. It can be programmed for any particular algorithm (3DES, AES, SHA-1) or protocol (Internet Protocol Secure, IKE, Secure Sockets Layer). This flexibility lets Cavium offer both IPsec and SSL products using the same chip, reducing design costs. From the time it deployed its first product, the startup addressed the two largest markets for security processors.

Cavium gains flexibility by using multiple GigaCipher cores per chip. The fastest Nitrox chips employ more than 20 cores, but Cavium also has low-cost devices with only a few cores. This stamp-and-repeat method also cuts design time and effort. As a result, Cavium was able to sample its first products within 18 months of being founded and an entire product line 12 months later.

The downside of Cavium's architecture, as with most programmable solutions, is power dissipation. Despite its advanced 0.13-micron process, Nitrox II burns up to 15 W at top speed, though slower versions use less power. Many system designers just use a heat sink, but others are driven to Cavium's competitors.

Flexibility is best in markets with short product cycles and changing standards. For example, when AES was released two years ago, it was first put in programmable security processors. And in WLANs, chip sets with programmable MACs are already including the newest protocol, 802.11g, whereas vendors with hardwired MACs must redesign their chips.

Fixed-function chips are still the best choice in high-volume markets where cost or power is tightly restricted. But as Cavium shows, a flexible architecture can provide many benefits, to both the chip vendor and its customers.

Linley Gwennap is founder and principal analyst of the Linley group (www.linleygroup.com)