Abstract:
Data centers demand high throughput (100 to 400 Gbps) and sub-millisecond latency. The performance of data center applications heavily depends on the efficiency of the underlying TCP stack. Despite several optimizations, such as kernel bypass and zero copying, TCP processing consumes up to 60% of the entire CPU cycles for short-lived connections. Modern data centers are pushing the TCP processing to programmable data plane hardware (smart NICs) to improve performance and save CPU cycles. However, the user space application processes the transport layer security (TLS) functions, negating the benefits of TCP offload. Some research proposes offloading TLS state and connection and management but ignores the processing of compute-intensive TLS crypto algorithms. We aim to offer in-network crypto primitives that TLS offload solutions can incorporate. Our goal is to design an in-network crypto framework that promises high-speed, low latency, scalability, dynamic reconfiguration, and low-power by leveraging FPGA-based network hardware. This thesis presents an FPGA-based AES offload solution aiming to satisfy the required objectives.