RTAS 2005 START ConferenceManager    

VPN Gateways over Network Processors: Implementation and Evaluation

Yi-Neng Lin, Chiuan-Hung Lin, Ying-Dar Lin, and Yuan-Chen Lai

Presented at IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS 2005), San Francisco, California, March 7 - 10, 2005


Networking applications, such as VPN and content filtering, demand extra computing power in order to meet the throughput requirement nowadays. In addition to pure ASIC solutions, network processor architecture is emerging as an alternative to scale up data-plane processing while retaining design flexibility. This article, rather than proposing new algorithms, illustrates the experience in developing IPSec-based VPN gateways over network processors, and investigates the performance issues. The external benchmarks reveal that the system can reach 45Mbps for IPSec using 3DES algorithm, which improves by 350% compared to single XScale core processor and parallels the throughput of a PIII 1GHz processor. Through the internal benchmarks, we analyze the turnaround times of the main functional blocks, and identify the core processor as the performance bottleneck for both packet forwarding and IPSec processing.

START Conference Manager (V2.47.7)
Maintainer: hjkim@redwood.snu.ac.kr