IPsec-Protected Transport of HDTV over IP

Peter Bellows, Jaroslav Flidr, Ladan Gharai, Colin Perkins, Pawel Chodowiec and Kris Gaj

In P. Lysaght & W. Rosentiel, New Algorithms, Architectures and Applications for Reconfigurable Computing, Springer, January 2005.


Bandwidth-intensive applications compete directly with the operating system’s network stack for CPU cycles. This is particularly true when the stack performs security protocols such as IPsec; the additional load of complex cryptographic transforms overwhelms modern CPUs when data rates exceed 100 Mbps. This paper describes a network-processing accelerator which overcomes these bottle- necks by offloading packet processing and cryptographic transforms to an intelligent interface card. The system achieves sustained 1 Gbps host-to-host bandwidth of encrypted IPsec traffic on commodity CPUs and networks. It appears to the application developer as a normal network interface, because the hardware acceleration is transparent to the user. The system is highly programmable and can support a variety of offload functions. A sample application is described, wherein production-quality HDTV is transported over IP at nearly 900 Mbps, fully secured using IPsec with AES encryption.

Download: bellows2005ipsec-protected.pdf

Opinions expressed are my own, and do not represent those of my employers or the organisations that fund my research.