Implementation of an FPGA based accelerator for virtual private networks

Virtual Private Networks (VPN) are becoming increasingly popular network architectures for corporate networks. As VPNs are built on the Internet infrastructure, the data exchange among different local area networks will be passed through the Internet and thus can be easily eavesdropped, masqueraded, etc. Therefore, certain security measures must be used to deal with these privacy issues. The Internet Protocol Security (IPSec) by the Internet Engineering Task Force (IETF) addresses the abovementioned security issues and the Free Secure Wide Area Network (FreeS/WAN) is an open source software implementation of IPSec for Linux which uses triple-DES as the default encryption mode. As shown in this paper, the performance of FreeS/WAN with IPSec is 50% of that without encryption. In order to improve its performance, a field programmable gate array (FPGA) based triple-DES accelerator was built on a reconfigurable computing development platform called Pilchard and achieved a throughput of more than 120 Mb/sec for triple-DES in cipher-block chaining mode, a speedup of 3 over a software implementation, Measurements show that an FPGA-accelerated FreeS/WAN offers a 30% speedup for the TCP protocol over the original software library.