The IP Security Protocol Processing Engine is a complete IPSec protocol processor for IPV4 and IPV6. The IP is highly flexible with a programmable controller for ESP/AH encapsulation and the crypto engines are implemented in hardware. The high performance engine can process one gigabit of short IP packets per second (40 byte) at the packet level. Posedge IPSec engine provides DMA type of interface for programming pointers to the security association data, packet pointers.
The DMA performs scatter/gather data fetching and security keys along with the keys. The soft processing engine in the IPSec processor performs the header (ESP/AH) insertion, padding on the fly, and presents the appropriate packet segments to the hardware engines. The hardware engines perform the encryption and authentication in sequence or in parallel depending on in-bound or out-bound traffic.
- Processes IPV4 / IPV6 packets
- Performs ESP or AH protocol
- Encryption/Authentication are run in parallel.
- Encryption Engines
- Authentication Engines (HMAC)
- Has AHB/AXI Interface
- Designs can run up to 200 MHz in 90 nm.
- Scalable for GPON and GEPON architectures
- Highly scalable for multiple Ethernet ports or peripherals
- Fast path / slow path architecture
- Scalable architecture based on performance requirements
- Scalable packet classification with multiple coherent processors, DDR bandwidth, and local memory
- Multiple 32-bit RISC engines
- Complex functions like QOS and buffer management in Hardware
- DDR Queue Logic for optimal memory access
- Proprietary internal bus for optimal throughput and highest performance
- Separate busses for data transfer and packet communication control
- IEEE 802.3 compliant Gigabit Ethernet Mac core with support for jumbo frames, VLAN tagging, and flowcontrol
- Flexible I/O Interface with MII, RMII, and GMII interfaces
- Single DDR interface shared across different functions
- PHY Agnostic Architecture
- Hardware/software partitioning
- Independent block to perform IP Processing.
- Can be easily integrated into an existing data path
- Packet interface and Key interface is programmable
- Multiple flavors of design for different performance requirements (different pipeline stages)
- Fully Synthesizable RTL
- Testbenches and Testcases
- ASIC Synthesis Scripts
- FPGA Synthesis and P&R Scripts
Block Diagram of the IP Security Protocol Processing Engine