TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Feasibility of FPGA accelerated IPsec on cloud

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
Artikkeli102861
JulkaisuMicroprocessors and Microsystems
Vuosikerta71
DOI - pysyväislinkit
TilaJulkaistu - 1 marraskuuta 2019
OKM-julkaisutyyppiA1 Alkuperäisartikkeli

Tiivistelmä

Hardware acceleration for famous VPN solution, IPsec, has been widely researched already. Still it is not fully covered and the increasing latency, throughput, and feature requirements need further evaluation. We propose an IPsec accelerator architecture in an FPGA and explain the details that need to be considered for a production ready design. This research considers the IPsec packet processing without IKE to be offloaded on an FPGA in an SDN network. Related work performance rates in 64 byte packet size for throughput is 1–2 Gbps with 0.2 ms latency in software, and 1–4 Gbps with unknown latencies for hardware solutions. Our proposed architecture is capable to host 1000 concurrent tunnels and have 10 Gbps throughput with only 10 µs latency in our test network. Therefore the proposed design is efficient even with voice or video encryption. The architecture is especially designed for data centers and locations with vast number of concurrent IPsec tunnels. The research confirms that FPGA based hardware acceleration increases performance and is feasible to integrate with the other server infrastructure.