The IPsec Engine implements RFC4301 and other relevant RFCs, providing confidentiality, connectionless data integrity, data-origin authentication and replay protection on OSI layer 3.
The scalable architecture provides low-latency, line rate acceleration of packet encapsulation, encryption and replay protection. Its modular design not only gives the ability to choose between different cryptographic algorithms, but also provides fine-grained control on classification features, packet formats, and more. Integration with a wide range of performance or area-optimized cryptographic IP cores allows unrivalled trade-off possibilities between throughput, area and latency.
At its very core, the IPsec Engine is completely technology-agnostic and can be integrated in a wide range of FPGA and ASIC technologies. On FPGA, the engine can use vendor-specific optimizations to reach very high throughput goals.
- ASIC and FPGA
- Can aggregate several 10, 40 or 100 GbE link
- Throughput from 1 Gbps up to 100 Gbps
- Compliant with RFC 4106, 4301, 4303, 7634
- Supports AES-GCM-128/256, AES-CBC/SHA-2 AND Chacha20-poly1305 HP
- 32 to 1024 bits datapath
- ESP encapsulation/decapsulation
- UDP encapsulation
- Byte lifetime counters
- Generic interface to TCAM
- Supports IPv4 and IPv6
- 5-tuple classification
- Bypass mode
- Data interface: AMBA 4 AXI-Stream
- Control interface: AMBA 4 APB
- Cloud computing
- Data center
- Edge router
- Edge networking for IoT data aggregation