Skip to main content
SpringerLink
Log in

Towards High-Performance IPsec on Cavium OCTEON Platform

  • Conference paper
Book cover Trusted Systems (INTRUST 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6802))

Included in the following conference series:

Abstract

Providing secure, reliable communications is a big challenge to guarantee confidentiality, integrity, and anti-replay protection, especially between endpoints in current Internet. As one of the popular secure communication protocol, IPsec usually limits the throughput and increases the latency due to its heavy encryption/decryption processing. In this paper, we propose a hardware solution to accelerate it. To achieve high performance processing, we have successfully designed and implemented IPsec on Cavium OCTEON 5860 multi-core network processor platform.

We also compare the performance under different processing mechanisms and discover that pipleline works better than run-to-completion for different sizes of packets in our experiments. In order to achieve the best performance, we select different encryption algorithms and core numbers. Experimental results on 5860 processors show that our work achieves 20 Gbps throughput with AES128 encryption, 16 cores for 512-byte packet traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kounavis, M.E., Kang, X., Grewal, K., Eszenyi, M., Gueron, S., Durham, D.: Encrypting the internet. In: SIGCOMM 2010, pp. 135–146 (2010)

    Google Scholar 

  2. Liu, Q.: Study and Implementation on IPsec VPN Gateway Based on Netfilter Mechanism. Master Thesis of Chongqing University (2009)

    Google Scholar 

  3. Cavium Networks: Cavium Networks OCTEON Plus CN58XX Hardware Reference Manual, pp. 221–235 (2008)

    Google Scholar 

  4. Cavium Networks: OCTEON Processor Packet Flow, pp. 21–52 (2008)

    Google Scholar 

  5. Cavium Networks: OCTEON Technical Presentation, p. 26 (2007)

    Google Scholar 

  6. Intoto Inc.: Virtual Private Network White Paper (2002)

    Google Scholar 

  7. RFC 2402: IP Authentication Header (AH) (1998)

    Google Scholar 

  8. RFC 2406: IP Encapsulating Security Payload (ESP) (1998)

    Google Scholar 

  9. Sang, S.L., Sang, W.L., Yong, S.J., Ki, Y.K.: Implementing High Performance VPN Router using Cavium’s CN2560 Security Processor. World Academy of Science, Engineering and Technology 9, 1307–6884 (2005)

    Google Scholar 

  10. Cavium Networks: Cavium Networks Announces Industry’s First 10Gbps IPsec and SSL PCI-Express Security Accelerators (2005)

    Google Scholar 

  11. Promentum ATCA-7220, http://www.radisys.com.cn/Products/ATCA/Processing-Modules/Promentum-ATCA-7220.html

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Tsinghua University, Beijing, China

    Jinli Meng

  2. Department of Automation, Tsinghua University, Beijing, China

    Xinming Chen, Beipeng Mu & Lingyun Ruan

  3. Research Institute of Information Technology (RIIT), Tsinghua University, Beijing, China

    Xinming Chen, Zhen Chen & Chuang Lin

Authors
  1. Jinli Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhen Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chuang Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Beipeng Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Lingyun Ruan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett-Packard Labs, Long Down Avenue, Stoke Gifford, BS34 8QZ, Bristol, UK

    Liqun Chen

  2. Google Inc. and Department of Computer Science, Columbia University, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Meng, J., Chen, X., Chen, Z., Lin, C., Mu, B., Ruan, L. (2011). Towards High-Performance IPsec on Cavium OCTEON Platform. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2010. Lecture Notes in Computer Science, vol 6802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25283-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25283-9_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25282-2

  • Online ISBN: 978-3-642-25283-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation