Overview
What is the IPsec ESP protocol?
IPsec is defined by a set of protocols developed by the IETF to allow secure
communication of IP traffic over untrusted networks. It is described in a series of RFC's
which define the access control, encryption, authentication, integrity and key exchange
services required to support data security between two network devices. The
most commonly used IPsec protocol for protecting network traffic is Encapsulating
Security Payload (ESP) as defined in RFC 4303.
What does the Helion ESP Engine do?
The Helion ESP Engine provides hardware acceleration of the main cryptographic algorithms
required to implement an IPsec endpoint. In addition to greatly increasing the
IPsec data throughput, offloading ESP cryptographic processing to hardware allows a system CPU
to concentrate on the more complex IPsec control plane tasks better suited to software.
Our
ESP Primer provides a basic introduction to ESP and shows how the Helion ESP Engine may
be used to accelerate packet processing as part of an IPsec endpoint design.
Which ESP algorithms are supported?
The modular architecture of the Helion ESP Engine provides support for any combination
of encryption and authentication algorithms, including those specified in RFC 4835 plus several
other RFC specified algorithms.
| IETF RFC NUMBER |
ENCRYPTION ALGORITHM |
IETF RFC NUMBER |
AUTHENTICATION ALGORITHM |
| RFC 2451 |
TripleDES-CBC |
RFC 2403 |
HMAC-MD5-96 |
| RFC 3602 |
AES-CBC |
RFC 2404 |
HMAC-SHA-1-96 |
| RFC 3686 |
AES-CTR |
RFC 3566 |
AES-XCBC-MAC-96 |
| RFC 4106 |
AES-GCM |
RFC 4543 |
AES-GMAC-128 |
|
|
RFC 4868 |
HMAC-SHA-256-128 |
|
|
RFC 4868 |
HMAC-SHA-384-192 |
|
|
RFC 4868 |
HMAC-SHA-512-256 |
Availability
The Helion ESP Engine is available in a range of Altera and Xilinx FPGA technologies and can be
supplied as variants that support encryption only, decryption only, or both to maximise
system flexibility for the user. In common with all Helion IP cores it has been designed
with each different FPGA architecture in mind to give the most lowest resource usage and highest
performance available. The tables below show area and performance for two typical configurations
that support the algorithms specified as MUST in RFCs 7321 and 8221.
AES-CBC + HMAC-SHA-1-96 algorithms (RFC7321 "MUST")
Includes AES-CTR support ("MAY").
| TARGET |
PERFORMANCE |
LOGIC |
RAM |
| Altera Cyclone V (C6) |
916 Mbps |
5979 ALMs |
- |
| Altera Cyclone 10 GX (E5) |
1699 Mbps |
5727 ALMs |
- |
| Altera Arria V GX (C4) |
1000 Mbps |
6055 ALMs |
- |
| Altera Arria V GZ (C3) |
1559 Mbps |
5814 ALMs |
- |
| Altera Arria 10 (E1S) |
1849 Mbps |
5997 ALMs |
- |
| Altera Stratix V (C1) |
1802 Mbps |
5805 ALMs |
- |
| Xilinx Spartan-6 (-3) |
900 Mbps |
1954 Slices |
- |
| Xilinx Artix-7 (-3) |
1248 Mbps |
1788 Slices |
- |
| Xilinx Virtex-6 (-3) |
1574 Mbps |
1598 Slices |
- |
| Xilinx Virtex-7 (-3) |
2036 Mbps |
1760 Slices |
- |
| Xilinx Kintex-7 (-3) |
1974 Mbps |
1759 Slices |
- |
| Xilinx UltraSCALE (-2) |
1927 Mbps |
1062 CLBs |
- |
| Xilinx UltraSCALE+ (-2) |
2471 Mbps |
1018 CLBs |
- |
AES-CBC/GCM + HMAC-SHA-1-96 + HMAC-SHA-256-128 algorithms (RFC8221 "MUST")
Includes AES-CTR and AES-GMAC support (both "MAY").
Performance shown for AES-128-GCM-16 algorithm.
| TARGET |
PERFORMANCE |
LOGIC |
RAM |
| Altera Cyclone V (C6) |
1035 Mbps |
7321 ALMs |
- |
| Altera Cyclone 10 GX (E5) |
1788 Mbps |
7400 ALMs |
- |
| Altera Arria V GX (C4) |
1166 Mbps |
7372 ALMs |
- |
| Altera Arria V GZ (C3) |
1769 Mbps |
7296 ALMs |
- |
| Altera Arria 10 (E1S) |
1867 Mbps |
7800 ALMs |
- |
| Altera Stratix V (C1) |
2181 Mbps |
7305 ALMs |
- |
| Xilinx Spartan-6 (-3) |
1000 Mbps |
2895 Slices |
- |
| Xilinx Artix-7 (-3) |
1428 Mbps |
2692 Slices |
- |
| Xilinx Virtex-6 (-3) |
1639 Mbps |
2694 Slices |
- |
| Xilinx Virtex-7 (-3) |
2201 Mbps |
2615 Slices |
- |
| Xilinx Kintex-7 (-3) |
2148 Mbps |
2589 Slices |
- |
| Xilinx UltraSCALE (-2) |
2031 Mbps |
1527 CLBs |
- |
| Xilinx UltraSCALE+ (-2) |
2646 Mbps |
1524 CLBs |
- |
Product Briefs
For full details of the Helion IPsec cores, please download the appropriate Product Brief in PDF format below.
 IPsec ESP Cores
Whitepapers
Click here for the Helion IPsec ESP Primer (PDF format)
Contact
For more detailed information on this or any of our other products and services,
please feel free to email us at
helioncores@heliontech.com and we will be pleased to discuss how we can assist
with your individual requirements.
|
