The IPSEC core is a high performance pipelined implementation of the Encapsulating Security Protocol mode of IPSEC (RFC4303) with AES-GCM encryption (RFC4106): those components of the standard which need to operate at line rates are implemented in hardware. Elements such as key exchange which occur relatively infrequently are better implemented in software. The core is built on a pipelined implementation of the AES-GCM encryption algorithm which itself builds on our G3 AES core. This release of the IPSEC core supports operation at 1Gbit/sec and a future release will operate at 10Gbit/sec.
The IPSec core includes a VHDL testbench which generates a sequence of test packets and compares the responses of the IP core to the output generated by a behavioral model of IPSec. It is supplied as VHDL source code and can be configured using a number of VHDL generic parameters to select only those features which are required in order to conserve area. The IPSec core provides both transmit and receive channels. The core is an easy to use fully synchronous design with a single clock and separate flow control on the transmit and receive channels. The core has been designed for efficiency in modern FPGAs and makes full use of FPGA specific features such as dual port memory blocks.