Crypto Offload

T6 is a highly integrated, hyper-virtualized 10/25/40/50/100GbE controller with full offload support of a complete Unified Wire solution comprising of TCP, UDP, iWARP, iSCSI, FCoE, SDN, TLS/SSL, DTLS, IPsec and SMB 3.X Crypto. T6 supports TLS/SSL with inline or co-processor mode cryptographic functions leveraging TCP/IP offload engine to encrypt/decrypt data at 10/25/40/50/100GbE rate. It also supports traditional co-processor mode to accelerate IPsec and SMB Direct AES. It enables encrypted authenticated media streaming (a single connection or multiple connections, each with different session keys) and provides data-at-rest encryption and fingerprint services for storage. It relies on host software or other means for IKE (key negotiation), RSA, Diffie-Hellman, Elliptic Curver Cryptography (ECC), etc.

Supported Speeds and Use cases

T6 supports all the most popular AES/SHA cipher suites in TLS/SSL in-line mode with 100Gbps bandwidth and less than 2ms end-to-end latency. The typical T6 adapter supports 32K simultaneous TLS sessions. The in-line mode achieves TCP/IP processing and TLS/SSL AES/SHA processing in cut-through fashion to achieve optimal bandwidth and latency. A co-processor mode of operation is supported for TLS/SSL, SMB 3.X, IPsec, data at rest encryption/decryption, authentication, and data de-dupe fingerprint generation.

Figure 1 – T6 Crypto Use cases

The performance of the AES and SHA protocol suites is summarized in the following table:

Cipher BW Latency
AES-CBC Encryption=30Gbps/Decryption=100Gbps < 10ms
SHA1 40Gbps < 10ms
SHA224/256/384/512 25-40Gbps < 10ms
AES-GCM/CTR/XTS 100Gbps < 1ms

 

The supported options with the AES and SHA protocols are summarized in the following tables:

Cipher only modes (encryption/decryption only):

Cipher Key Sizes supported Protocol Requirement
AES-CBC 128, 192, 256 TLS, IPSEC
AES-CTR 128, 192, 256 IPSEC
AES-XTS 128, 192, 256 Generic Protocol

 

Combined cipher modes (authentication and encryption/decryption):

Cipher Key Sizes supported Protocol Requirement
AES-GCM 128, 192, 256 TLS, IPSEC, SMB 3.1
AES-CCM 128, 192, 256 SMB 3.X (co-processor only)

 

Authentication and generic hash modes:

Hash Function Key Sizes supported ICV Size Protocol Requirement
SHA1
SHA224/256/384/512
Equal to the output of hashing algorithm, it is expected longer keys will be hashed to L bits, refer to RFC2104 Variable TLS, IPSEC, Generic
SHA1-HMAC
SHA2-224-HMAC
SHA2-256-HMAC
SHA2-384-HMAC
SHA2-512-HMAC
Equal to the output of hashing algorithm, it is expected longer keys will be hashed to L bits, refer to RFC2104 Variable TLS, IPSEC

 

Order Now / How to order