IXP2400 Network Processor Architecture for IPSEC Application

M. Han, K.-Y. Kim, and J.-S. Jang (Korea)

Keywords

Network Processor, IXP2400, IPSec The Egress IXP2400 processor receives CSIX C-Frames from the fabric and reassembles these into IPv4 datagrams. The Ethernet headers are added and the packets are transmitted over the appropriate port.

Abstract

Network processors in general, enable us to add, through software, the latest-and-greatest network services while maintaining high packet throughput and low packet latency. Simply put, the network processors offer performance and flexibility for implementing network service. IPSec is a set of protocols developed by the IETF to support secure exchange of packets at the IP layer. Figure 1 shows two IXP2400 processors in typical CSIX full duplex configuration. In this configuration, the two processors are identified as the ingress processor (receives from the Media interface and transmits to the CSIX Fabric) and the egress processor (receives from the CSIX Fabric and transmits to the Media interface). The Ingress IXP2400 processor receives Ethernet frames that carry IPv4 datagrams. The frames are assembled into IPv4 packets and Ethernet headers are removed. Based on the IPv4 header, a Longest Prefix Match (LPM) lookup is performed and the packets are segmented into CSIX C-Frames and transmitted to the CSIX fabric. This paper describes the IXP2400 network processor architecture for IPSec application. The application described in this paper is supported on the Intel IXDP2400 Advanced Development Platform.

Important Links:



Go Back