Peter Bellows, Jaroslav Flidr, Ladan Gharai, Colin Perkins, Pawel Chodowiec, and Kris Gaj
In P. Lysaght & W. Rosentiel, New Algorithms, Architectures and Applications for Reconfigurable Computing, Springer,
January 2005.
DOI:10.1007/1-4020-3128-9_15
Bandwidth-intensive applications compete directly with the operating
system’s network stack for CPU cycles. This is particularly true when
the stack performs security protocols such as IPsec; the additional
load of complex cryptographic transforms overwhelms modern CPUs when
data rates exceed 100 Mbps. This paper describes a network-processing
accelerator which overcomes these bottle- necks by offloading packet
processing and cryptographic transforms to an intelligent interface
card. The system achieves sustained 1 Gbps host-to-host bandwidth of
encrypted IPsec traffic on commodity CPUs and networks. It appears to
the application developer as a normal network interface, because the
hardware acceleration is transparent to the user. The system is highly
programmable and can support a variety of offload functions. A sample
application is described, wherein production-quality HDTV is
transported over IP at nearly 900 Mbps, fully secured using IPsec with
AES encryption.
Download: bellows2005ipsec-protected.pdf