Feasibility of FPGA accelerated IPsec on cloud

• Published in: Microprocessors and microsystems Vol. 71; p. 102861
• Main Authors: Vajaranta, Markku, Oinonen, Arto, Hämäläinen, Timo D., Viitamäki, Vili, Markunmäki, Jouni, Kulmala, Ari
• Format: Journal Article
• Language: English
• Published: Kidlington Elsevier B.V 01.11.2019; Elsevier BV
• Subjects: Acceleration; Accelerator; Data centers; Encryption; Feasibility; Field programmable gate arrays; Hardware; IP (Internet Protocol); IPsec; Offloading; SDN; Software-defined networking; Tunnels; Virtual private networks; IPsec; Offloading; SDN; Accelerator
• ISSN: 0141-9331; 1872-9436
• DOI: 10.1016/j.micpro.2019.102861

Hardware acceleration for famous VPN solution, IPsec, has been widely researched already. Still it is not fully covered and the increasing latency, throughput, and feature requirements need further evaluation. We propose an IPsec accelerator architecture in an FPGA and explain the details that need to be considered for a production ready design. This research considers the IPsec packet processing without IKE to be offloaded on an FPGA in an SDN network. Related work performance rates in 64 byte packet size for throughput is 1–2 Gbps with 0.2 ms latency in software, and 1–4 Gbps with unknown latencies for hardware solutions. Our proposed architecture is capable to host 1000 concurrent tunnels and have 10 Gbps throughput with only 10 µs latency in our test network. Therefore the proposed design is efficient even with voice or video encryption. The architecture is especially designed for data centers and locations with vast number of concurrent IPsec tunnels. The research confirms that FPGA based hardware acceleration increases performance and is feasible to integrate with the other server infrastructure.