High integration makes IPSec fly

The information superhighway is more important than ever today, yet it faces increasing security threats, elevating the need for improved and ubiquitous security built into the hardware of every node in the network. This requires that base security functionality, such as data confidentiality and data integrity, be built into every network device so that every packet placed on the network has all of the security and protection that is affordable and possible.

However, security is an afterthought in many networking equipment designs. We need to rethink network security-where, when and under what conditions security features should be added.

Right now, there are three primary ways to add security functions to networking hardware equipment. The first and most common method is to use a coprocessor coupled with a network processor or a general-purpose processor. As data rates go up, this method becomes less practical because the packet must traverse shared resources such as data buses or memory four times.

The second method is to add a security processor inline with a network processor. While this approach can achieve high data rates, the inline security processor must perform many of the same functions as the network processor, such as packet reassembly; thus work must be repeated and silicon area must be duplicated.

The third method is to integrate the encryption circuitry into the same silicon as the network processor, thus adding security functionality into the network processor while maintaining wire rate and minimizing new silicon area. As new network line cards are designed, an integrated solution will prove beneficial.

When designing a network security product, one must consider both the packet-processing and the security requirements. A general-purpose processor coupled with a security coprocessor will not be fast enough to achieve 10-Gigabit/second rates with existing products. It is possible to couple an existing network processor, such as the Intel IXP1200, with a security coprocessor, but today's security ICs offer only coprocessor architectures, and these are insufficient.

In the next-generation IXP2850, we chose to integrate security and cryptographic capabilities on-chip, not only because it is the best way to achieve affordable and ubiquitous security throughout the network, but because it is a much more efficient way to provide security. In terms of performance, this integrated approach is more than sufficient to encrypt and authenticate Internet Protocol Security (IPSec) at 10-Gbit/s Ethernet rates even when 100 percent of the traffic is secured.

In our design we use a cryptographic unit that incorporates much of the functionality needed for many of the basic algorithms but in a way that is easily integrated into the basic data-flow pipeline of the network processing unit (NPU). The cryptography unit consists of several algorithms that provide data confidentiality and data integrity. Each algorithm has its own set of trade-offs and challenges in terms of silicon area, parallelism and symmetry.

The added security functionality supports the Data Encryption Standard, 3DES and the Advanced Encryption Standard (AES) algorithms along with the Secure Hash Algorithm (SHA-1) for data authentication directly in hardware. It consists of two 3DES cores, one AES core, and two SHA-1 cores. It is possible to process the data via the SHA-1 cores either before or after the ciphers have processed the data. The IXP2850 has two such cores.

It is important to add the cryptographic functionality in a way that leverages the network processor features. In the case of Intel network processors, that means taking advantage of multiple, multithreaded processing elements called microengines.

While this multithreaded model is one of the strengths of the NPU architecture that we chose to leverage, it provided some design challenges. For instance, since the security functions are somewhat orthogonal-depending on the configuration-it is desirable to fully use all security hardware in parallel.

But enabling this parallelism in hardware requires careful management of common components such as global buses, local memory and data-stalling methods. It also requires substantial dexterity in switching the IVs, keys and other state information when switching packet flows, without sacrificing performance.

It is also important to pipeline the protocol processing. For example, when processing IPSec tunnel-mode packets, it is possible to pipeline all the required processing.

Although it is important to achieve 10-Gbit/s rates on a single interface, it is also important to aggregate, for example, 10 1-Gbit/s interfaces. When multiple interfaces are connected to the network processor, the data of a particular packet might be interleaved with other packet data in the receive buffer.

Careful integration of the cryptographic engine pipeline into the NPU results in a cipher data path that delivers more than 25 million IPSec packets per second. This is sufficient performance to encrypt and authenticate IPSec at 10-Gbit/s rates when 100 percent of the traffic needs to be secured.

One big benefit of integrating the security functionality onto the NPU is a dramatic saving in power consumption for the overall solution. If current security processors were scaled to 10-Gbit/s rates, they would require between 13 and 30 watts. Meticulous attention to lowering power consumption during the design phase and the lack of I/O devices allow the IXP2850 to reduce power by a factor of 10 compared with other solutions.

See related chart