Support for Intel Coleto SSL chip based platforms

The following appliances ship with Intel Coleto chips:

  • MPX 59xx
  • MPX/SDX 89xx
  • MPX/SDX MPX 26xxx
  • MPX/SDX 26xxx-50S
  • MPX/SDX 26xxx-100G
  • MPX/SDX 15xxx-50G

Use the ‘show hardware’ command to identify whether your appliance has Coleto (COL) chips.

> sh hardware

    Platform: NSMPX-8900 8*CPU+4*F1X+6*E1K+1*E1K+1*COL 8955 30010
    Manufactured on: 10/18/2016
    CPU: 2100MHZ
    Host Id: 0
    Serial no: CRAC5CR8UA
    Encoded serial no: CRAC5CR8UA
 Done

Note: Secure renegotiation is supported on the back end for these platforms.

Limitations:

  • DH 512 cipher is not supported.
  • SSLv3 protocol is not supported.
  • Hardware security module (HSM) is not supported.
  • GnuTLS is not supported.
  • ECDSA certificates with ECC curves P_224 and P521 are not supported (Not supported on platforms with Cavium chips also.)
  • DNSSEC offload is not supported. (DNSSEC is supported in software but offload to hardware is not supported.)

View the SSL chip utilization

From release 13.0 build 47.x, you can view the SSL chip utilization on appliances that ship with Intel Coleto chips.

At the command prompt, type:

> stat ssl


SSL Summary


# SSL cards present                                4

# SSL cards UP                                     4

SSL engine status                                  1

SSL sessions (Rate)                              0

SSL Crypto Utilization Asym (%)                    67

SSL Crypto Utilization Symm (%)                    19

Support for Intel Coleto SSL chip based platforms