Tampere University of Technology

TUTCRIS Research Portal

Feasibility of FPGA accelerated IPsec on cloud

Research output: Contribution to journalArticleScientificpeer-review

Details

Original languageEnglish
Article number102861
JournalMicroprocessors and Microsystems
Volume71
DOIs
Publication statusPublished - 1 Nov 2019
Publication typeA1 Journal article-refereed

Abstract

Hardware acceleration for famous VPN solution, IPsec, has been widely researched already. Still it is not fully covered and the increasing latency, throughput, and feature requirements need further evaluation. We propose an IPsec accelerator architecture in an FPGA and explain the details that need to be considered for a production ready design. This research considers the IPsec packet processing without IKE to be offloaded on an FPGA in an SDN network. Related work performance rates in 64 byte packet size for throughput is 1–2 Gbps with 0.2 ms latency in software, and 1–4 Gbps with unknown latencies for hardware solutions. Our proposed architecture is capable to host 1000 concurrent tunnels and have 10 Gbps throughput with only 10 µs latency in our test network. Therefore the proposed design is efficient even with voice or video encryption. The architecture is especially designed for data centers and locations with vast number of concurrent IPsec tunnels. The research confirms that FPGA based hardware acceleration increases performance and is feasible to integrate with the other server infrastructure.

Keywords

  • Accelerator, IPsec, Offloading, SDN

Publication forum classification

Field of science, Statistics Finland