Overview
IPsec (short for IP security) is defined by a set of protocols which were developed
by the IETF to allow secure communication of IP datagrams over untrusted networks.
The IPsec standards are defined in a series of RFC's which describe the access control,
encryption, authentication, data integrity and key exchange mechanisms required to
ensure security between two communicating network devices at the IP layer.
The most commonly used IPsec protocol for providing security services for
IPv4 and IPv6 network traffic is Encapsulating Security Payload (ESP). ESP provides data
confidentiality, origin authentication, data integrity, an anti-replay service, and
traffic flow confidentiality.
The Helion ESP Engine is designed to provide hardware acceleration of the key packet
processing tasks required to implement a high throughput IPsec ESP solution. In
addition to greatly increasing the IPsec data throughput, offloading ESP processing to
hardware allows the system CPU to concentrate on the more complex IPsec protocol tasks
which are better suited to software. Our
ESP Primer provides an introduction to ESP and how the Helion ESP Engine may be
utilised to accelerate IPsec packet processing.
The Helion ESP Engine is available in versions for use in Altera and Xilinx FPGA, and can
be configured to support any combination of the supported ESP security algorithms.
In common with all Helion IP cores they have been designed with each target technology
in mind to give the most efficient results in terms of logic area and performance.
The table below shows typical area and maximum performance for two example ESP Engine
security configurations in Altera and Xilinx FPGA. More detail can be found in the
datasheets downloadable via the links below the table.
| TARGET |
ENGINE
CONFIGURATION |
MAX DATA
RATE |
AREA |
Altera FPGA
(Arria II GX C4) |
AES-CBC/CTR + HMAC-SHA-1
AES-CBC/CTR + AES-XCBC-MAC
|
1222 Mbps
2249 Mbps |
3334 ALMs + 19 M9Ks
3512 ALMs + 29 M9Ks |
Altera FPGA
(Stratix IV C2) |
AES-CBC/CTR + HMAC-SHA-1
AES-CBC/CTR + AES-XCBC-MAC
|
1300 Mbps
2425 Mbps |
3311 ALMs + 19 M9Ks
3378 ALMs + 29 M9Ks |
Xilinx FPGA
(Virtex-5 -3) |
AES-CBC/CTR + HMAC-SHA-1
AES-CBC/CTR + AES-XCBC-MAC
|
1507 Mbps
2797 Mbps |
2161 Slices + 0 BRAM
2627 Slices + 0 BRAM |
Xilinx FPGA
(Spartan-6 -3) |
AES-CBC/CTR + HMAC-SHA-1
AES-CBC/CTR + AES-XCBC-MAC
|
829 Mbps
1447 Mbps |
2099 Slices + 0 BRAM
2201 Slices + 0 BRAM |
Xilinx FPGA
(Virtex-6 -3) |
AES-CBC/CTR + HMAC-SHA-1
AES-CBC/CTR + AES-XCBC-MAC
|
1792 Mbps
3237 Mbps |
1857 Slices + 0 BRAM
2201 Slices + 0 BRAM |
Datasheets
Click here for the Altera FPGA core data sheet (PDF format)
Click here for the Xilinx FPGA core data sheet (PDF format)
Whitepapers
Click here for the Helion IPsec ESP Primer (PDF format)
Contact
For more detailed information on this or any of our other products and services,
please feel free to email us at
helioncores@heliontech.com and we will be pleased to discuss how we can assist
with your individual requirements.
| 
