Acceleration Software for Security and Cryptography

FPGA Acceleration for SSL/TLS Applications

Arrive Technologies’ SSL/TLS Acceleration solution provides up to 200Gbps throughput in cryptography offload for SSL/TLS, at ultra high density with 200K SSL sessions. Arrive’s SSL family supports 2x 100GbE, or 8x 25GbE, or 8x10GE with up to two PCIe Gen3 x16 lanes with SR-IOV enabled for virtualization. Targeting cloud/data center workload acceleration,  Arrive’s SSL family will enable cloud/data center vendors achieve higher throughput on SSL/TLS services with less CPU and RAM resource consumption.

Software drivers are delivered to open source communities: Linux, Ubuntu, FreeBSD, Redhat Enterprise and are workable with other open source software packages: OpenSSL, NGINX, and are compatible with virtual machine hyper visors: KVM, VMware Vsphere.

Applications include:

  • Smart NIC and Programmable Acceleration Cards
  • Secure Web/Exchange Servers
  • Cloud Workloads Offload
  • Virtual Private Network VPN Servers

Key Features

General

  • Acceleration software for SSL/TLS 200Gbps combining a full NIC 100Gbps, dynamic workloads on standard high-volume FPGA acceleration cards and FPGA Smart NICs
  • Ethernet Interfaces: 2 x100GbE or 8 x25GbE or 8 x 10GE
  • Host Interface: two by PCIe Gen3 x16/x8 lanes
  • Up to 100G bi-directional or 200G uni-directional in-line acceleration for SSL/TLS for in-line bulk encryption/ decryption
  • Up to 200K concurrent SSL/TLS sessions
  • Supports TLS v1.2, TLS v.1.3, DTLS
  • Supports TCP segment offloading for SSL/TLS records assembly
  • Integrates up to 200Gbps TCP/UDP offload
  • Supports SR-IOV with up to 2PF/256 Vfs

Features Detail

  • Physical throughput: up to 200Gbps
  • Packet size: 64 bytes – up to 10K bytes
  • Symmetric encryption: AES (128/192/256bits) CBC, AES (128/12/256bits) GCM and SHA-1, SHA-2 SHA512/384/ 256/224 for Authentication
  • Key Exchange and Authentication is handled by host
  • Supports TLS v1.2, TLS v1.3, DTLS
  • Supports TCP segment offloading for SSL/TLS records assembly
  • Up to 200K simultaneous TCP/UDP sessions
  • Supports TCP/UDP checksum
  • Supports TCP/UDP segmentation and reassembly
  • Supports up to 16Kbytes frame size at Ethernet side, and up to 64Kbytes TCP/UDP frame sizes at host side
  • Variant to support up to 200Gbps TCP/UDP Offload on lower cost FPGA acceleration cards and up to 16k simultaneous TCP/UDP sessions, and 100G bidirectional in-line SSL/TLS acceleration

Acceleration Card Support

  • Intel Programmable Acceleration Card (PAC) with Intel Arria 10, Stratix 10 FPGA
  • Xilinx Acceleration Card with Xilinx Ultrascale Plus FPGA, without/with an embedded HBM memory

OS Support

  • Linux Ubuntu, FreeBSD, Red Hat Enterprise Linux

Software Solutions

  • Compatible with OpenSSL, Apache, NGINX
  • Portable C source code
  • Multicore capable control plane
  • Supports Virtual Machines with different Hypervisor such as KVM, VMware Vsphere
  • Supports both in-line and look-aside acceleration
  • Provides customized API to adapt with 3rd party software
  • Portable to multiple platforms such as Linux, FreeBSD etc.