Peter Bellows, Jaroslav Flidr, Ladan Gharai, and Colin Perkins
Proceedings 6th International Conference on Military and Aerospace Programmable Logic Devices,
Washington, DC, USA,
September 2003.
This paper describes an FPGA-based system for IPsec security of
high-speed data across commodity IP networks. To demonstrate the
system, we have transmitted 890 Mbps raw HDTV video across a commodity
network, secured on the fly with the IPsec protocol and AES encryption.
Such performance is impossible with software-only implementations, for
full line-rate data overwhelms typical CPUs. This is particularly true
when cryptographic transforms are required, such as those required by
the IP Security (IPsec) protocol. This protocol processing overhead
competes directly for CPU cycles against the applications trying to
process the high-speed data. We have developed an "intelligent network
interface" card based on Xilinx Virtex FPGAs for the purpose of
offloading arbitrary protocol processing bottlenecks from the network
stack. The network accelerator, named "GRIP" (Gigabit-Rate IPsec),
integrates seamlessly into a standard Linux network stack to provide
gigabit-rate acceleration of network processing from any of the layers
in the stack.
Download: mapldcon03.pdf