Improve IPSec Performance Using Intel® AES New Instructions: Paper
The Advanced Encryption Standard (AES) is a cipher defined in the Federal Information Processing Standards Publication 197. Intel® microarchitecture, formerly codenamed Westmere, introduced an Intel® AES New Instructions (Intel® AES-NI) instruction set extension that contains six new instructions specifi...cally developed for facilitating optimized AES implementations. Another addition to the microarchitecture is a carry-less-multiple instruction called PCLMULQDQ*, used for optimizing Galois Counter Mode* (GCM*) implementations. This paper investigates the potential performance gains that are possible by creating an Intel AES-NI-GCM implementation within the Linux* kernel cryptographic framework using the new instructions.
An Intel AES-GCM implementation based on the Intel AES-NI and PCLMULQDQ instructions delivered a 400% throughput performance gain when compared to a non-Intel AES-NI enabled software solution on the same platform.
The data presented in this paper demonstrates that an Intel AES-NI enabled IP Security (IPSec) stack on Linux, running on Intel® processors based on the new Intel® microarchitecture can deliver incredible IPSec performance improvements over previous generations of silicon.
The performance measurements show that for a single IPSec connection on Linux, an Intel AES-GCM implementation based on the Intel AES-NI and PCLMULQDQ instructions delivered a 400 percent throughput performance gain when compared to a non-Intel AES-NI enabled software solution on the same platform. In addition, the cycles required to perform the actual cipher operation were reduced by approximately 900 percent.
Read the full Improve IPSec Performance Using Intel® AES New Instructions White Paper.