Mountain View, California-based Cavium is best known for its Nitrox line of co-processors for accelerating both SSL and IPsec encryption/decryption operations. Its internal estimate is that it has about an 80% share of the hardware acceleration for SSL market.

The Linley Group is predicting it will achieve overall market leadership in the security co-processor market during 2007, overtaking heavyweight competitor Broadcom Corp, which only offers SSL acceleration, and Hifn Inc, which only does IPsec.

Amer Haider, Cavium’s director of strategic marketing and ecosystem development, said the company’s strength in this segment comes from a variety of factors. He said first, there was the strategy of doing both IPsec and SSL on the same chip, which was made possible by going the custom route, using its own instruction set developed specifically for the purpose, while the use of programmable microcode meant that Nitrox can adapt to new tech developments such as version 2.0 of the SSL standard, TLS, and Internet Key Exchange.

Second, he said there is Cavium’s use of Adaptive Processing, which allows the Nitrox’s processing power to be flexibly allocated between session set-up (the handshake transactions measured in so-called RSA operations per second) and bulk data encryption, depending on real-time traffic conditions. He said this was a real breakthrough when Nitrox was introduced in 2001, and remains a differentiator.

Third, he said there is the sheer horsepower of the devices, which came in at 10 times the capacity of their competitors in SSL and 3-4 times on the IPsec side. So powerful was the line when first introduced, in fact, that it was almost overkill, given the level of WAN network development back then.

More recently, Cavium has further grown the Nitrox portfolio with a MIPS32 offering, Nitrox Soho, which is the result of its 2004 acquisition of the secure comms processor line from Brecis Communications Inc in August 2004. The Soho product line enabled Cavium to enter the CPE and smaller business market. This is the processor in the Netgear SSL box, which sells for $500, Haider said.

However, he said in more recent times, the company has recognized that there is change under way in the market. Security is increasingly going into the host processor, he said. The company launched its first host device incorporating the security co-processor functionality in 2004, when it unveiled the first generation of its Octeon Multi-Core MIPS64 processor family.

He said Cavium moved beyond the narrow field of competition of security processors and out into the broader environment populated by the likes of Intel Corp, with the IXP network processor line, Freescale with the PowerPC, all the X.86 manufacturers, and Broadcom with the technology it got from its 2000 acquisition of SiByte.

The Octeon’s claim to fame is that it provides the control plane in the MIPS processor, the data plane in the integrated hardware and services such as QoS and pattern matching, with security, compression and TCP acceleration, he said. With all the firmware on the device written in C++, Cavium also boasts software compatibility from the single-core entry-level device up to the 16-core high-end that the Octeon Plus range now provides and touts the multi-core approach vis-Ã -vis the X.86 vendors. The Xeon is at 3GHz, whereas we were at 600MHz, he said.

The Plus family, announced in October, is the second generation of Octeon processors, taking the top speed from the original products’ 600MHz to 1GHz. It doubles performance per Watt thanks to new fab techniques and adds internal power regulation on the actual chip, said Haider.

He said Cavium will be targeting the new family of processors at markets including LAN bandwidth requirements, security in both wired and WLAN environments and in the cellular space, as we’re the only silicon vendor to have incorporate the 3GPP-mandated Kasumi algorithm in high-performance products.

The Plus family goes from four to 16 cores, which begs the question whether Cavium will also introduce lower-core versions. Haider was non-committal, but he acknowledged that the company’s general practice is to come in at the high end and then go down.