Printable Version

Data Sheets
White Papers

Protocol-independent, deterministic, hierarchical, flow-through architecture
Fully Integrated Policy Database
Up to 1.3 Billion packet operations and 187 Million service operations per second-sustained
Atomic policy updates: In-band, Out-of-band, rule-generated
Sophisticated statistics / policy engine processes security, accounting and bandwidth management applications
Multifunction I/Os handle SPI4-2, SPI4-1, XGMII interfaces, eliminating expensive shims
16K policy entries on-chip supports 32-bit exact, LPM and range matches
Optional expansion chip supports millions of policy entries
Industrial temperature version available.

Fast-Chip, Inc.
950 Kifer Rd.
Sunnyvale, CA 94086
D 408 523.8050
F 408 523.8051




The PolicyEdge is the world’s first 10 gigabit capable packet processor. Devices are offered for both 2.5 and 10 gigabit interfaces.  PolicyEdge utilizes a patented deterministic table-driven flow-through architecture to provide multi-pass classification, modification, forwarding and statistics collection capabilities with no external support chips. The PolicyEdge can provide service functions for existing ASICs or other Network Processing Elements (NPEs), including multi-protocol translation, policing, and billable bandwidth services.

The PolicyEdge deterministic table-driven architecture executes a service operation each clock period, providing multiple clocks per packet. Every service operation consists of up to 7 packet operations and is both hierarchical and intelligent – ie all new operations are based on information from previous operations. This intelligence greatly simplifies programming and compresses the policy database over competing solutions. The PolicyEdge classifies packets to up to 2K bytes deep for any layer 2 – 7 application and supports multiple edits (insert, overwrite and delete) per packet anywhere up to 64K bytes.  Multi-pass classification, bit level editing and robust policing / statistic capabilities distinguish PolicyEdge as the leader among programmable packet processors.

PolicyEdge’s powerful per rule statistics and policing capabilities can be based on any combination of four independent sources:

  • Data contained within the packet itself
  • Programmable timers
  • Packet or byte counts
  • Traffic bandwidth

Statistics resources include a byte, packet and programmable timer per rule. Adding two low cost PCDRAMs, yields four policing filters per rule, providing on-the-fly enforcement for QoS/CoS SLAs, bandwidth metering and DoS hardening. For example, PolicyEdge can be used to implement fine-grained traffic monitoring along with associated actions based on time based packet information. Programmers can set various rate-based thresholds based on any information in the packet. For example, PolicyEdge can be programmed to monitor the rate of traffic from a particular IP source address to a particular IP destination address, say UC Santa Barbara directed at eBay (pick your favorite combination of fields of interest in a packet – it’s totally programmable). Should that rate of traffic from UCSB exceed the rate threshold for a programmable amount of time, PolicyEdge will detect it and take action. Actions are programmable as well and could be any combination of marking the packet differently (for reduced priority at the traffic manager for example), to a host alert, to dropping the packet entirely.

The PolicyEdge’s high performance, flow through design accepts network packets on industry standard and OEM specific interfaces, processing and forwarding modified packets with minimum latency. Sustained performance of 187 million intelligent service operations-per-second is guaranteed for 32 MPPS at OC192.  Multiple actions can be taken as part of each intelligent operation resulting in over 1.3 billion packet actions per second. Collected statistics and user-defined filter thresholds can drive each new service operation to automatically police, meter and mark packets for bandwidth management, ACL processing, QoS, and a host of other services processing functions. The control CPU can be notified whenever thresholds indicate policy events.

I/O Flexibility
In addition to its superior classification, editing and policing abilities, the PolicyEdge multi-functional I/Os are independently selectable between the input and output thereby eliminating expensive FPGA shims between other processing elements. PolicyEdge 6402 supports SPI4.2, SPI4.1, xGMII, and specific OEM standards on both ingress or egress interfaces.

PolicyEdge is ideal for all high-service requirements and applications:

  • Multi-Protocol Label Switching (MPLS)
  • Access Control Lists (ACL)
  • Committed Access Rates (CAR)
  • Virtual Private Networks (VPN)
  • Premium Billable Services (PBS)
  • Transparent LAN Services (TLAN)
  • DoS attack detection / hardening
  • Layer 2-4, 4-7 switches
  • Fast firewalls, BW managers
  • Service aggregation devices
  • Core and edge routers
  • Access routers
  • Voice over IP devices
  • Network probes

PolicyEdge’s unique hierarchical table-driven architecture matches the system designers approach to network programming, speeding time to functionality. There are no proprietary compilers, linkers, assemblers or debuggers required. The designer uses C code running on a host CPU to program the PolicyEdge’s single-threaded, run-to-completion model.  All code is targeted to the control plane processor, which generates the necessary rule table behaviors of the PolicyEdge. To further simplify programming, Fast-Chip provides a powerful API, also in C, and an embedded silicon API on the PolicyEdge.  PolicyEdge has a dedicated host port and supports control plane requests / messages “on-the-fly”.  Because the architecture is optimized for general purpose multi-pass bit-level classification, editing and policing, the device is completely protocol agnostic and therefore can be programmed to process SONET, Frame Relay or Ethernet frames as easily as AppleTalk.  Programming efforts that previously took months using micro-coded NPs and/or multiple RISC engines, can be completed in a matter of weeks using PolicyEdge.


  • Up to 32 MPPS sustained
  • Up to 1.3 billion packet actions per second-sustained
  • Up to 187 million service operations per second-sustained
  • Deterministic hierarchical processing for any set of protocols
  • Programmable, protocol-independent description of policies
  • Scalable policy depth and complexity Layer 2-7 packet classification
  • Embedded classification database with on-the-fly update capability
  • Multiple field extractions per packet, in any order
  • Full Packet Editing each service operation:
  • Field insertion, deletion, or overwrite, anywhere within a packet multiple times per packet, Hash, checksum and accumulator calculations
  • Full support for MPLS based PUSH / POP / SWAP and Time-To-Live (TTL)
  • Stateful inspection with Control / Session Plane Processor


  • LAN port speeds at 10 GE, xGMII
  • WAN port speeds at
  • OC-192, OC-192c (9.953 Gbps)
  • OC-48, OC-48c (2.5 Gbps)
  • N x OC-12, OC3
  • Multiple packet interfaces between ingress and egress eliminate shims:
  • SPI4-Phase 2, 16 bit / 400Mhz / DDR, LVDS
  • SPI-4 Phase 1, 64 bit / 200 MHz / HSTL-1
  • XGMII 32 bit / 156Mhz / DDR
  • SPI-3/PL3, 32 bit / 104 MHz / LVTTL
  • Focus™ 16 or 32 bit / 100 MHz / LVTTL
  • Glueless Host Processor interfaces:
  • MIPS R4000, R5000, R7000 (64 bit)
  • Industry Standard JTAG Interface


  • 100, 133, 156, 187 Mhz system clock rates
  • 892 EBGA: 40mm x 40mm package size


  • Power Supply Voltage:
    (VDD Internal) 1.2 +/- 5% V
    (LVTTL I/O) 3.3 +/- 5%
    (HSTL I/O 1.5 +/- 5% V
  • Commercial and industrial Temperature Ranges

Part Numbers

  • FC6302 – OC-48 PL3 and FOCUS interfaces
  • FC6402 – OC-192 interfaces and 10 GbE