A 2Gb/s network processor with a 24mW IPsec offload for residential gateways

Y. Nishida, K. Kawai, K. Koike
{"title":"A 2Gb/s network processor with a 24mW IPsec offload for residential gateways","authors":"Y. Nishida, K. Kawai, K. Koike","doi":"10.1109/ISSCC.2010.5433917","DOIUrl":null,"url":null,"abstract":"The Internet has become an important tool to deliver services such as Voice over Internet Protocol (IP) and high-definition video. To enable the widespread use of these services, it is essential to ensure quality-of-service (QoS) and security protection in communication. In using consumer-oriented gateway equipment (GW) consisting of low-cost network processors (NPs), however, it is difficult to ensure QoS because the CPU load becomes 100% when packets are received at a traffic load of 1Gb/s. A packet engine (PE) achieving a throughput of 2Gb/s (i.e., bidirectional 1Gb/s communication) and offloading the network processing from CPUs solves the problem as shown in Fig. 15.4.1. The PE achieves a 2Gb/s throughput for all cases as shown in Fig. 15.4.2 as follows: (1) inline-type IPsec circuits whose transmitting/receiving blocks independently process enc/decryption, authentication, and encapsulation [1] achieve a total processing speed of 2Gb/s; (2) an IP-forwarding performance of 2Gb/s is achieved by adopting a high-speed, compact look-up circuit [1] that searches by providing an action rule from one memory read-out circuit to multiple comparators in an IP switch (IP-SW); and (3) a local-area-network switch (LAN-SW) achieves 5Gb/s forwarding by 5 parallel look-up engines and a high-speed internal packet buffer.","PeriodicalId":6418,"journal":{"name":"2010 IEEE International Solid-State Circuits Conference - (ISSCC)","volume":"117 1","pages":"280-281"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Solid-State Circuits Conference - (ISSCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSCC.2010.5433917","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

Abstract

The Internet has become an important tool to deliver services such as Voice over Internet Protocol (IP) and high-definition video. To enable the widespread use of these services, it is essential to ensure quality-of-service (QoS) and security protection in communication. In using consumer-oriented gateway equipment (GW) consisting of low-cost network processors (NPs), however, it is difficult to ensure QoS because the CPU load becomes 100% when packets are received at a traffic load of 1Gb/s. A packet engine (PE) achieving a throughput of 2Gb/s (i.e., bidirectional 1Gb/s communication) and offloading the network processing from CPUs solves the problem as shown in Fig. 15.4.1. The PE achieves a 2Gb/s throughput for all cases as shown in Fig. 15.4.2 as follows: (1) inline-type IPsec circuits whose transmitting/receiving blocks independently process enc/decryption, authentication, and encapsulation [1] achieve a total processing speed of 2Gb/s; (2) an IP-forwarding performance of 2Gb/s is achieved by adopting a high-speed, compact look-up circuit [1] that searches by providing an action rule from one memory read-out circuit to multiple comparators in an IP switch (IP-SW); and (3) a local-area-network switch (LAN-SW) achieves 5Gb/s forwarding by 5 parallel look-up engines and a high-speed internal packet buffer.
一个2Gb/s的网络处理器,具有24mW的IPsec卸载,用于住宅网关
Internet已经成为提供诸如IP (Voice over Internet Protocol)和高清视频等服务的重要工具。为了使这些服务得到广泛使用,必须确保通信中的服务质量(QoS)和安全保护。然而,在使用由低成本网络处理器(NPs)组成的面向消费者的网关设备(GW)时,很难保证QoS,因为当流量负载为1Gb/s时,接收数据包的CPU负载变为100%。如图15.4.1所示,通过实现2Gb/s吞吐量(即双向1Gb/s通信)并将网络处理从cpu上卸载的分组引擎PE (packet engine)解决了这个问题。如图15.4.2所示,PE在所有情况下都实现了2Gb/s的吞吐量:(1)内联式IPsec电路,其发送/接收块独立处理加密/解密、认证和封装[1],总处理速度为2Gb/s;(2)采用高速、紧凑的查找电路[1]实现2Gb/s的IP转发性能,该电路通过在IP交换机(IP- sw)中提供从一个存储器读出电路到多个比较器的操作规则进行搜索;(3)局域网交换机(LAN-SW)通过5个并行查找引擎和一个高速内部数据包缓冲区实现5Gb/s转发。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信