The IPsec Engine implements RFC4301 and other relevant RFCs, providing confidentiality, connectionless data integrity, data-origin authentication and replay protection on OSI layer 3.
The scalable architecture provides low-latency, line rate acceleration of packet encapsulation, encryption and replay protection. Its modular design not only gives the ability to choose between different cryptographic algorithms, but also provides fine-grained control on classification features, packet formats, and more. Integration with a wide range of performance or area-optimized cryptographic IP cores allows unrivalled trade-off possibilities between throughput, area and latency.
Implementation aspects
At its very core, the IPsec Engine is completely technology-agnostic and can be integrated in a wide range of FPGA and ASIC technologies. On FPGA, the engine can use vendor-specific optimizations to reach very high throughput goals.
IPsec Engine
Overview
Key Features
- Can aggregate several 10, 40 or 100 GbE link
- UDP encapsulation
- Compliant with RFC 4106, 4301, 4303, 7634
- Byte lifetime counters
- Supports AES-GCM-128/256, AES-CBC/SHA-2, ChaCha20 Poly1305
- Generic interface to TCAM
- 32 to 1024 bits datapath
- Supports IPv4 and IPv6
- ESP encapsulation/decapsulation
- 5-tuple classification
- Bypass mode
- Data interface: AMBA 4 AXI-Stream
- ASIC and FPGA
- Control interface: AMBA 4 APB
Benefits
- Scalable architecture
- Low-latency
Block Diagram
Applications
- Cloud computing
- Data center
- Edge router
- Edge networking for IoT data aggregation
Deliverables
- Netlist or RTL
- Scripts for synthesis
- Self-checking TestBench based on FIPS vectors
- Documentation
Technical Specifications
Availability
Now