TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Feasibility of FPGA accelerated IPsec on cloud

Tutkimustuotosvertaisarvioitu

Standard

Feasibility of FPGA accelerated IPsec on cloud. / Vajaranta, Markku; Oinonen, Arto; Hämäläinen, Timo D.; Viitamäki, Vili; Markunmäki, J.; Kulmala, Ari.

julkaisussa: Microprocessors and Microsystems, Vuosikerta 71, 102861, 01.11.2019.

Tutkimustuotosvertaisarvioitu

Harvard

Vajaranta, M, Oinonen, A, Hämäläinen, TD, Viitamäki, V, Markunmäki, J & Kulmala, A 2019, 'Feasibility of FPGA accelerated IPsec on cloud', Microprocessors and Microsystems, Vuosikerta. 71, 102861. https://doi.org/10.1016/j.micpro.2019.102861

APA

Vajaranta, M., Oinonen, A., Hämäläinen, T. D., Viitamäki, V., Markunmäki, J., & Kulmala, A. (2019). Feasibility of FPGA accelerated IPsec on cloud. Microprocessors and Microsystems, 71, [102861]. https://doi.org/10.1016/j.micpro.2019.102861

Vancouver

Vajaranta M, Oinonen A, Hämäläinen TD, Viitamäki V, Markunmäki J, Kulmala A. Feasibility of FPGA accelerated IPsec on cloud. Microprocessors and Microsystems. 2019 marras 1;71. 102861. https://doi.org/10.1016/j.micpro.2019.102861

Author

Vajaranta, Markku ; Oinonen, Arto ; Hämäläinen, Timo D. ; Viitamäki, Vili ; Markunmäki, J. ; Kulmala, Ari. / Feasibility of FPGA accelerated IPsec on cloud. Julkaisussa: Microprocessors and Microsystems. 2019 ; Vuosikerta 71.

Bibtex - Lataa

@article{7e0c768f1b384389a0b20852eb3e1294,
title = "Feasibility of FPGA accelerated IPsec on cloud",
abstract = "Hardware acceleration for famous VPN solution, IPsec, has been widely researched already. Still it is not fully covered and the increasing latency, throughput, and feature requirements need further evaluation. We propose an IPsec accelerator architecture in an FPGA and explain the details that need to be considered for a production ready design. This research considers the IPsec packet processing without IKE to be offloaded on an FPGA in an SDN network. Related work performance rates in 64 byte packet size for throughput is 1–2 Gbps with 0.2 ms latency in software, and 1–4 Gbps with unknown latencies for hardware solutions. Our proposed architecture is capable to host 1000 concurrent tunnels and have 10 Gbps throughput with only 10 µs latency in our test network. Therefore the proposed design is efficient even with voice or video encryption. The architecture is especially designed for data centers and locations with vast number of concurrent IPsec tunnels. The research confirms that FPGA based hardware acceleration increases performance and is feasible to integrate with the other server infrastructure.",
keywords = "Accelerator, IPsec, Offloading, SDN",
author = "Markku Vajaranta and Arto Oinonen and H{\"a}m{\"a}l{\"a}inen, {Timo D.} and Vili Viitam{\"a}ki and J. Markunm{\"a}ki and Ari Kulmala",
note = "EXT={"}Viitam{\"a}ki, Vili{"} EXT={"}Kulmala, Ari{"}",
year = "2019",
month = "11",
day = "1",
doi = "10.1016/j.micpro.2019.102861",
language = "English",
volume = "71",
journal = "Microprocessors and Microsystems",
issn = "0141-9331",
publisher = "Elsevier",

}

RIS (suitable for import to EndNote) - Lataa

TY - JOUR

T1 - Feasibility of FPGA accelerated IPsec on cloud

AU - Vajaranta, Markku

AU - Oinonen, Arto

AU - Hämäläinen, Timo D.

AU - Viitamäki, Vili

AU - Markunmäki, J.

AU - Kulmala, Ari

N1 - EXT="Viitamäki, Vili" EXT="Kulmala, Ari"

PY - 2019/11/1

Y1 - 2019/11/1

N2 - Hardware acceleration for famous VPN solution, IPsec, has been widely researched already. Still it is not fully covered and the increasing latency, throughput, and feature requirements need further evaluation. We propose an IPsec accelerator architecture in an FPGA and explain the details that need to be considered for a production ready design. This research considers the IPsec packet processing without IKE to be offloaded on an FPGA in an SDN network. Related work performance rates in 64 byte packet size for throughput is 1–2 Gbps with 0.2 ms latency in software, and 1–4 Gbps with unknown latencies for hardware solutions. Our proposed architecture is capable to host 1000 concurrent tunnels and have 10 Gbps throughput with only 10 µs latency in our test network. Therefore the proposed design is efficient even with voice or video encryption. The architecture is especially designed for data centers and locations with vast number of concurrent IPsec tunnels. The research confirms that FPGA based hardware acceleration increases performance and is feasible to integrate with the other server infrastructure.

AB - Hardware acceleration for famous VPN solution, IPsec, has been widely researched already. Still it is not fully covered and the increasing latency, throughput, and feature requirements need further evaluation. We propose an IPsec accelerator architecture in an FPGA and explain the details that need to be considered for a production ready design. This research considers the IPsec packet processing without IKE to be offloaded on an FPGA in an SDN network. Related work performance rates in 64 byte packet size for throughput is 1–2 Gbps with 0.2 ms latency in software, and 1–4 Gbps with unknown latencies for hardware solutions. Our proposed architecture is capable to host 1000 concurrent tunnels and have 10 Gbps throughput with only 10 µs latency in our test network. Therefore the proposed design is efficient even with voice or video encryption. The architecture is especially designed for data centers and locations with vast number of concurrent IPsec tunnels. The research confirms that FPGA based hardware acceleration increases performance and is feasible to integrate with the other server infrastructure.

KW - Accelerator

KW - IPsec

KW - Offloading

KW - SDN

U2 - 10.1016/j.micpro.2019.102861

DO - 10.1016/j.micpro.2019.102861

M3 - Article

VL - 71

JO - Microprocessors and Microsystems

JF - Microprocessors and Microsystems

SN - 0141-9331

M1 - 102861

ER -