Towards high-performance IPsec on cavium OCTEON platform

Authors:
Jinli Meng;Xinming Chen;Zhen Chen;Chuang Lin;Beipeng Mu;Lingyun Ruan
Affiliations:
Department of Computer Science and Technology, Tsinghua University, Beijing, China;Department of Automation, Tsinghua University, Beijing, China;Research Institute of Information Technology (RIIT), Tsinghua University, Beijing, China;Research Institute of Information Technology (RIIT), Tsinghua University, Beijing, China;Department of Automation, Tsinghua University, Beijing, China;Department of Automation, Tsinghua University, Beijing, China
Venue:
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Year:
2010

Citing 1
Cited 0

Encrypting the internet

Proceedings of the ACM SIGCOMM 2010 conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Providing secure, reliable communications is a big challenge to guarantee confidentiality, integrity, and anti-replay protection, especially between endpoints in current Internet. As one of the popular secure communication protocol, IPsec usually limits the throughput and increases the latency due to its heavy encryption/decryption processing. In this paper, we propose a hardware solution to accelerate it. To achieve high performance processing, we have successfully designed and implemented IPsec on Cavium OCTEON 5860 multi-core network processor platform. We also compare the performance under different processing mechanisms and discover that pipleline works better than run-to-completion for different sizes of packets in our experiments. In order to achieve the best performance, we select different encryption algorithms and core numbers. Experimental results on 5860 processors show that our work achieves 20 Gbps throughput with AES128 encryption, 16 cores for 512-byte packet traffic.