Acceleration Software for Security and Cryptography

FPGA Acceleration for IPSec Applications

Arrive’s IPSec solution provides up to 200Gbps wire speed in cryptography processing to support IPsec, and ultra-high density with One Million Security Associations (SAs). Targeting NFV and cloud computing applications, Arrive’s IPSec solution will enable vendors to satisfy 5G IPSec security requirements and achieve the industry’s highest throughput, low latency of IPSec on a single server with less CPU and RAM resource consumption as compared to other acceleration technologies. Arrive’s IPSec supports full NIC functionality with 2x 100GbE, or 8x 25GbE, or 8x 10GbE.  Arrive’s IPSec also supports various virtualization technologies like SR-IOV, Virtual Ethernet Bridging (VEB/VEPA).

Arrive’s IPSec software drivers are validated with other open source software packages: DPDK- Data Plant Development Kit project, OVS- Open vSwitch project, VPP/FDIO- Vector Packet Processing/The Fast Data project and are compatible with virtual machine hyper visors: KVM, VMware Vsphere.

Applications include:

  • Smart NIC and Programmable Acceleration Cards
  • Network Functions Virtualization NFV
  • Bare Metal Services
  • Virtual Private Network VPN Servers

Key Features

General

  • Acceleration software for IPsec 200Gbps combining a full NIC 200Gbps, dynamic workloads on standard high-volume FPGA acceleration cards and FPGA Smart NICs
  • Ethernet Interfaces: 2x 100GbE, or 8x 25GbE, or 8x 10GbE
  • Host Interface: two PCIe Gen3 x16/x8 lanes
  • Up to 200Gbps, bi-directional in-line/look-aside acceleration for IPSec for traffic encryption/decryption and authentication
  • Various cryptography modes: AES-GCM (128/192/256), AES-CBC (128/192/256), SHA-1/2, and others
  • Up to 1 Million concurrent flows (IPSec SA) with enhanced DDR4 and embedded HBM
  • Virtualization technologies SR-IOV, VEB for multiple VMs
  • NFV software solutions: Compatible with DPDK- Data Plant Development Kit project, OVS- Open vSwitch project, VPP/FDIO- Vector Packet Processing/The Fast Data project

Features Detail

  • Physical throughput: up to 200Gbps
  • Number of packets per second: up to 170 Mpps
  • Packet size: 64 bytes – up to 10K bytes
  • Supports host-terminated model and device terminated model
  • Supports IPv4/IPv6 with ESP Transport/Tunnel modes
  • Supports AES-CBC (128/192/256bits), AES-GCM (128/192/256bits), AES-CCM (128/192/256bits) for encryption/decryption
  • Supports AES-GMAC, CBC-MAC, XCBC-MAC, HMAC authentication with (SHA-1, SHA-2 512/384/256/224)
  • Security Association database SADB Size (depending to the type of FPGA SmartNIC)
    • Set SA16K: 16K IPv4/IPv6 Host; 16K SPI; 16K SA (Security Association) in total
    • Set SA1M: 1M IPv4/IPv6 Host; 1M SPI; 1M SA (Security Association) in total
  • Supports Virtual Ethernet Bridging VEB/VEPA
  • Supports Server virtualization, SR-IOV: 8PFs, 256 Vfs

Acceleration Card Support

  • Intel Programmable Acceleration Card (PAC) with Intel Arria 10, Stratix 10 FPGA; Intel FPGA board
  • Xilinx Acceleration Card with Xilinx Ultrascale Plus FPGA, without/with an embedded HBM memory; Xilinx FPGA board
  • Custom Acceleration Card owned by customers

OS Support

  • Linux Ubuntu, FreeBSD, Red Hat Enterprise Linux

NFV Software Solutions

  • Compatible with DPDK- Data Plant Development Kit project, OVS- Open vSwitch project, VPP/FDIO- Vector Packet Processing/The Fast Data project
  • Multicore capable control plane
  • Supports IKEv1/v2 with Auto-Negotiation and IKEv1 fallback features
  • Supports Virtual Machines with different Hypervisor such as KVM, VMware Vsphere
  • Supports Open vSwitch (OVS) with/without DPDK
  • Supports both in-line and look-aside acceleration
  • Provides customized API to adapt with 3rd party software
  • Portable to multiple platforms such as Linux, FreeBSD etc.