IPsec-Protected Transport of HDTV over IP

  • Peter Bellows
  • Jaroslav Flidr
  • Ladan Gharai
  • Colin Perkins
  • Pawel Chodowiec
  • Kris Gaj

Abstract

Bandwidth-intensive applications compete directly with the operating system's network stack for CPU cycles. This is particularly true when the stack performs security protocols such as IPsec; the additional load of complex cryptographic transforms overwhelms modern CPUs when data rates exceed 100 Mbps. This paper describes a network-processing accelerator which overcomes these bottlenecks by offloading packet processing and cryptographic transforms to an intelligent interface card. The system achieves sustained 1 Gbps host-to-host bandwidth of encrypted IPsec traffic on commodity CPUs and networks. It appears to the application developer as a normal network interface, because the hardware acceleration is transparent to the user. The system is highly programmable and can support a variety of offload functions. A sample application is described, wherein production-quality HDTV is transported over IP at nearly 900 Mbps, fully secured using IPsec with AES encryption.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [Fre, 2002]
    (2002). IPsec Performance Benchmarking, http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/performance.html. FreeS/WAN.Google Scholar
  2. [HDs, 2003]
    (2003). http://www.dvs.de/. DVS Digital Video Systems.Google Scholar
  3. [fre, 2003]
    (2003). http://www.freeswan.org/. FreeS/Wan.Google Scholar
  4. [ips, 2003]
    (2003). Latest RFCs and Internet Drafts for IPsec, http://ietf.org/html.charters/ipsec-charter.html. IP Security Protocol (IPsec) Charter.Google Scholar
  5. [ipe, 2003]
    (2003). Network performance measuring tool, http://dast.nlanr.net/Projects/Iperf/. National Laboratory for Applied Network Research.Google Scholar
  6. Bellows, P., Flidr, J., Lehman, T., Schott, B., and Underwood, K. D. (2002). GRIP: A reconfigurable architecture for host-based gigabit-rate packet processing. In Proc. of the IEEE Symposium on Field-Programmable Custom Computing Machines, Napa Valley, CA.Google Scholar
  7. Calvin, J. (2001). Digital convergence. In Proceedings of the Workshop on New Visions ofr Large-Scale Networks: Research and Applications, Vienna, Virginia.Google Scholar
  8. Chodowiec, P., Gaj, K., Bellows, P., and Schott, B. (2001). Experimental testing of the gigabit IPsec-compliant implementations of Rijndael and Triple-DES using SLAAC-1V FPGA accelerator board. In Proc. of the 4th Int'l Information Security Conf., Malaga, Spain.Google Scholar
  9. Grembowski, T., Lien, R., Gaj, K., Nguyen, N., Bellows, P., Flidr, J., Lehman, T., and Schott, B. (2002). Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512. In Proc. of the 5th Int'l Information Security Conf., Sao Paulo, Brazil.Google Scholar
  10. Hutchings, B. L., Franklin, R., and Carver, D. (2002). Assisting network intrusion detection with reconfigurable hardware. In Proc. of the IEEE Symposium on Field-Programmable Custom Computing Machines, Napa Valley, CA.Google Scholar
  11. Jarvinen, K., Tommiska, M., and Skytta, J. (2003). Fully pipelined memoryless 17.8 Gbps AES-128 encryptor. In Eleventh ACM International Symposium on Field-Programmable Gate Arrays (FPGA 2003), Monterey, California.Google Scholar
  12. Lockwood, J. W., Turner, J. S., and Taylor, D. E. (1997). Field programmable port extender (FPX) for distributed routing and queueing. In Proc. of the ACM International Symposium on Field Programmable Gate Arrays, pages 30–39, Napa Valley, CA.Google Scholar
  13. McHenry, J. T., Dowd, P. W., Pellegrino, F. A., Carrozzi, T. M., and Cocks, W. B. (1997). An FPGA-based coprocessor for ATM firewalls. In Proc. of the IEEE Symposium on FPGAs for Custom Computing Machines, pages 30–39, Napa Valley, CA.Google Scholar
  14. Mummert, T., Kosak, C., Steenkiste, P., and Fisher, A. (1996). Fine grain parallel communication on general purpose LANs. In In Proceedings of 1996 International Conference on Supercomputing (ICS96), pages 341–349, Philadelphia, PA, USA.Google Scholar
  15. Perkins, C. S., Gharai, L., Lehman, T., and Mankin, A. (2002). Experiments with delivery of HDTV over IP networks. Proc. of the 12th International Packet Video Workshop.Google Scholar
  16. Reinhardt, S. K., Larus, J. R., and Wood, D. A. (1994). Tempest and typhoon: User-level shared memory. In International Conference on Computer Architecture, Chicago, Illinois, USA.Google Scholar
  17. Schott, B., Bellows, P., French, M., and Parker, R. (2003). Applications of adaptive computing systems for signal processing challenges. In Proceedings of the Asia South Pacific Design Automation Conference, Kitakyushu, Japan.Google Scholar
  18. Schulzrinne, H., Casner, S., Frederick, R., and Jacobson, V. (1996). RTP: A transport protocol for real-time applications. RFC 1889.Google Scholar
  19. Shivam, P., Wyckoff, P., and Panda, D. (2001). EMP: Zero-copy OS-bypass NIC-driven Gigabit Ethernet message passing. In Proc. of the 2001 Conference on Supercomputing.Google Scholar
  20. Society of Motion Picture and Television Engineers (1998). Bit-serial digital interface for high-definition television systems. SMPTE-292M.Google Scholar
  21. Sumimoto, S., Tezuka, H., Hori, A., Harada, H., Takahashi, T., and Ishikawa, Y. (1999). The design and evaluation of high performance communication using a Gigabit Ethernet. In International Conference on Supercomputing, Rhodes, Greece.Google Scholar
  22. Underwood, K. D., Sass, R. R., and Ligon, W. B. (2002). Analysis of a prototype intelligent network interface. Concurrency and Computing: Practice and Experience.Google Scholar

Copyright information

© Springer 2005

Authors and Affiliations

  • Peter Bellows
    • 1
  • Jaroslav Flidr
    • 1
  • Ladan Gharai
    • 1
  • Colin Perkins
    • 1
  • Pawel Chodowiec
    • 2
  • Kris Gaj
    • 2
  1. 1.USC Information Sciences InstituteArlingtonUSA
  2. 2.Dept. of Electrical and Computer EngineeringGeorge Mason UniversityFairfaxUSA

Personalised recommendations