A 2Gb/s network processor with a 24mW IPsec offload for residential gateways

Abstract

The Internet has become an important tool to deliver services such as Voice over Internet Protocol (IP) and high-definition video. To enable the widespread use of these services, it is essential to ensure quality-of-service (QoS) and security protection in communication. In using consumer-oriented gateway equipment (GW) consisting of low-cost network processors (NPs), however, it is difficult to ensure QoS because the CPU load becomes 100% when packets are received at a traffic load of 1Gb/s. A packet engine (PE) achieving a throughput of 2Gb/s (i.e., bidirectional 1Gb/s communication) and offloading the network processing from CPUs solves the problem as shown in Fig. 15.4.1. The PE achieves a 2Gb/s throughput for all cases as shown in Fig. 15.4.2 as follows: (1) inline-type IPsec circuits whose transmitting/receiving blocks independently process enc/decryption, authentication, and encapsulation [1] achieve a total processing speed of 2Gb/s; (2) an IP-forwarding performance of 2Gb/s is achieved by adopting a high-speed, compact look-up circuit [1] that searches by providing an action rule from one memory read-out circuit to multiple comparators in an IP switch (IP-SW); and (3) a local-area-network switch (LAN-SW) achieves 5Gb/s forwarding by 5 parallel look-up engines and a high-speed internal packet buffer.