Please wait a minute...
Front. Inform. Technol. Electron. Eng.  2013, Vol. 14 Issue (8): 642-651    DOI: 10.1631/jzus.C1200370
    
A 10 Gbps in-line network security processor based on configurable hetero-multi-cores
Yun Niu, Li-ji Wu, Yang Liu, Xiang-min Zhang, Hong-yi Chen
National Laboratory for Information Science and Technology, Tsinghua University, Beijing 100084, China; Institute of Microelectronics, Tsinghua University, Beijing 100084, China  
A 10 Gbps in-line network security processor based on configurable hetero-multi-cores
Yun Niu, Li-ji Wu, Yang Liu, Xiang-min Zhang, Hong-yi Chen
National Laboratory for Information Science and Technology, Tsinghua University, Beijing 100084, China; Institute of Microelectronics, Tsinghua University, Beijing 100084, China
 全文: PDF 
摘要: This paper deals with an in-line network security processor (NSP) design that implements the Internet Protocol Security (IPSec) protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the IPSec processing including the crypto-operation, the database query, and IPSec header processing are integrated in the design. The in-line NSP is implemented using 65 nm CMOS technology and the layout area is 2.5 mm×3 mm with 360 million gates. A configurable crossbar data transfer skeleton implementing an iSLIP scheduling algorithm is proposed, which enables simultaneous data transfer between the heterogeneous multiple cores. There are, in addition, a high speed input/output data buffering mechanism and design of high performance hardware structures for modules, wherein the transfer efficiency and the resource utilization are maximized and the IPSec protocol processing achieves 10 Gbps line speed. A high speed and low power hardware look-up method is proposed, which effectively reduces the area and power dissipation. The post simulation results demonstrate that the design gives a peak throughput for the Authentication Header (AH) transport mode of 10.06 Gbps with the average test packet length of 512 bytes under the clock rate of 250 MHz, and power dissipation less than 1 W is obtained. An FPGA prototype is constructed to verify the function of the design. A test bench is being set up for performance and function verification.
关键词: 10 Gbps EthernetNetwork security processor (NSP)Internet Protocol Security (IPSec)Crossbar    
Abstract: This paper deals with an in-line network security processor (NSP) design that implements the Internet Protocol Security (IPSec) protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the IPSec processing including the crypto-operation, the database query, and IPSec header processing are integrated in the design. The in-line NSP is implemented using 65 nm CMOS technology and the layout area is 2.5 mm×3 mm with 360 million gates. A configurable crossbar data transfer skeleton implementing an iSLIP scheduling algorithm is proposed, which enables simultaneous data transfer between the heterogeneous multiple cores. There are, in addition, a high speed input/output data buffering mechanism and design of high performance hardware structures for modules, wherein the transfer efficiency and the resource utilization are maximized and the IPSec protocol processing achieves 10 Gbps line speed. A high speed and low power hardware look-up method is proposed, which effectively reduces the area and power dissipation. The post simulation results demonstrate that the design gives a peak throughput for the Authentication Header (AH) transport mode of 10.06 Gbps with the average test packet length of 512 bytes under the clock rate of 250 MHz, and power dissipation less than 1 W is obtained. An FPGA prototype is constructed to verify the function of the design. A test bench is being set up for performance and function verification.
Key words: 10 Gbps Ethernet    Network security processor (NSP)    Internet Protocol Security (IPSec)    Crossbar
收稿日期: 2012-12-22 出版日期: 2013-08-02
CLC:  TN918  
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章  
Yun Niu
Li-ji Wu
Yang Liu
Xiang-min Zhang
Hong-yi Chen

引用本文:

Yun Niu, Li-ji Wu, Yang Liu, Xiang-min Zhang, Hong-yi Chen. A 10 Gbps in-line network security processor based on configurable hetero-multi-cores. Front. Inform. Technol. Electron. Eng., 2013, 14(8): 642-651.

链接本文:

http://www.zjujournals.com/xueshu/fitee/CN/10.1631/jzus.C1200370        http://www.zjujournals.com/xueshu/fitee/CN/Y2013/V14/I8/642

[1] Hong-jiang Lei, Imran Shafique Ansari, Chao Gao, Yong-cai Guo, Gao-feng Pan, Khalid A. Qaraqe. 基于generalized-K信道的SIMO的物理层安全性能分析[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(10): 1074-1084.
[2] Song-bin Li, Huai-zhou Tao, Yong-feng Huang. Detection of quantization index modulation steganography in G.723.1 bit stream based on quantization index sequence analysis[J]. Front. Inform. Technol. Electron. Eng., 2012, 13(8): 624-634.