6533b855fe1ef96bd12afe19

RESEARCH PRODUCT

Feasibility of FPGA accelerated IPsec on cloud

Arto OinonenTimo HämäläinenVili ViitamakiAri KulmalaJouni MarkunmakiMarkku Vajaranta

subject

Network securityComputer Networks and CommunicationsComputer sciencecomputer.internet_protocolPacket processingCloud computing02 engineering and technologycomputer.software_genreEncryptionGeneralLiterature_MISCELLANEOUSArtificial IntelligenceServer0202 electrical engineering electronic engineering information engineeringField-programmable gate arrayVirtual network0505 lawbusiness.industryNetwork packet05 social sciencesComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS020208 electrical & electronic engineeringByteVirtualization020202 computer hardware & architectureHardware and ArchitectureEmbedded systemIPsec050501 criminologyHardware accelerationbusinesscomputerSoftware

description

Abstract Hardware acceleration for famous VPN solution, IPsec, has been widely researched already. Still it is not fully covered and the increasing latency, throughput, and feature requirements need further evaluation. We propose an IPsec accelerator architecture in an FPGA and explain the details that need to be considered for a production ready design. This research considers the IPsec packet processing without IKE to be offloaded on an FPGA in an SDN network. Related work performance rates in 64 byte packet size for throughput is 1–2 Gbps with 0.2 ms latency in software, and 1–4 Gbps with unknown latencies for hardware solutions. Our proposed architecture is capable to host 1000 concurrent tunnels and have 10 Gbps throughput with only 10 µs latency in our test network. Therefore the proposed design is efficient even with voice or video encryption. The architecture is especially designed for data centers and locations with vast number of concurrent IPsec tunnels. The research confirms that FPGA based hardware acceleration increases performance and is feasible to integrate with the other server infrastructure.

https://doi.org/10.1016/j.micpro.2019.102861