Peter Bellows, Jaroslav Flidr, Ladan Gharai, Colin Perkins, Pawel Chodowiec, and Kris Gaj
Proceedings of the 13th International Conference on Field Programmable Logic and Applications (LNCS 2778),
Lisbon, Portugal,
September 2003.
DOI:10.1007/978-3-540-45234-8_84
Bandwidth-intensive applications compete directly with the operating
system’s network stack for CPU cycles. This is particularly true when
the stack performs security protocols such as IPsec; the additional
load of complex cryptographic transforms overwhelms modern CPUs when
data rates exceed 100 Mbps. This paper describes a network-processing
accelerator which overcomes these bottlenecks by offloading packet
processing and cryptographic transforms to an intelligent interface
card. The system achieves sustained 1 Gbps host-to-host bandwidth of
encrypted IPsec traffic on commodity CPUs and networks. It appears to
the application developer as a normal network interface, because the
hardware acceleration is transparent to the user. The system is highly
programmable and can support a variety of offload functions. A sample
application is described, wherein production-quality HDTV is
transported over IP at nearly 900 Mbps, fully secured using IPsec with
AES encryption.
Download: fpl2003.pdf