IPsec as a hardware block to accelerate IoT, cloud, or edge servers
Today, there are excellent implementations of IPsec in software, but these require considerable processing bandwidth which is seriously missed by the main applications. This makes software-implemented IPsec especially cumbersome for time-critical, high-throughput applications. The solution to free up the processor, and still have excellent security, is to relay all security processing to hardware. Today, such hardware is made available by the integration of FPGA systems on data and compute servers used for cloud applications (like the AWS F1). Security processing can be accelerated by complementing such hardware with dedicated IP blocks.
The BA454 easily integrates with both ASIC designs and FPGA implementations of the major vendors. It supports a wide range of applications on various technologies, and allows aggregating 10, 40 or 100 GbE links with throughputs up to 100’s of Gbps and data paths from 128 to 1024 bits. As for the cryptography engine, it offers a choice between AES-GCM-128/256, AES-CBC/SHA-2 or our latest high-throughput ChaCha20-Poly1305 implementation (BA420).
IPsec is the security protocol for the network layer in the OSI communication model. It is deployed to make IP networks safe by encrypting/decrypting and authenticating all packets of data. It is the basis for virtual private networks (VPNs), the way to run safe connections over public networks.
Silex Insight – www.silexinsight.com