csperkins.org

IPsec-Protected Transport of HDTV over IP

Peter Bellows, Jaroslav Flidr, Ladan Gharai, Colin Perkins, Pawel Chodowiec and Kris Gaj

Proceedings of the 13th International Conference on Field Programmable Logic and Applications (LNCS 2778), Lisbon, Portugal, September 2003.

DOI:10.1007/978-3-540-45234-8_84

Bandwidth-intensive applications compete directly with the operating system’s network stack for CPU cycles. This is particularly true when the stack performs security protocols such as IPsec; the additional load of complex cryptographic transforms overwhelms modern CPUs when data rates exceed 100 Mbps. This paper describes a network-processing accelerator which overcomes these bottlenecks by offloading packet processing and cryptographic transforms to an intelligent interface card. The system achieves sustained 1 Gbps host-to-host bandwidth of encrypted IPsec traffic on commodity CPUs and networks. It appears to the application developer as a normal network interface, because the hardware acceleration is transparent to the user. The system is highly programmable and can support a variety of offload functions. A sample application is described, wherein production-quality HDTV is transported over IP at nearly 900 Mbps, fully secured using IPsec with AES encryption.

Download: fpl2003.pdf

Opinions expressed are my own, and do not represent those of my employers or the organisations that fund my research.