IPsec Engine

BA454 IPsec Engine

Overview

In current networking technologies, source authentication, data integrity and confidentiality are becoming more and more important. There exist numerous software implementations for security protocol suites on nearly all OSI layers, but these implementations are not well suited for timing-critical, high throughput applications. On OSI layer 3 (network layer), IPsec is the transport security protocol of choice. The BA454 is a very scalable engine implementing the IPsec standard for high throughput applications.

Features

  • Can aggregate several 10, 40 or 100 GBE link
  • Throughput from 10 Gbps up to 100 Gbps
  • Scalability enabling trade-off between throughput, area and latency
  • Supports AES-GCM-128/256, AES-CBC/SHA-2 AND Chacha20-poly1305 HP
  • Available for ASIC and FPGA
  • Compliant with RFC 4106, 4301, 4303 and 7634
  • Datapath from 128 to 1024 bits
  • Interface to TCAM
  • SecTag add/remove
  • ICV generation/check
  • 5-tuple classification
  • Bypass mode

Applications

  • Cloud computing
  • Data center
  • Edge router
  • Edge networking for IoT data aggregation

Reference: BA454