Abstract
Of late an increasing amount of functionality in computer networks is provided by commodity x86 hardware wherein the CPU is the main bottleneck. Relieving the CPU from a portion of its computational stress leads to a lowered number of cycles spent on each single packet. Subsequently, servers are able to deal with millions of packets per second. We show a case study in which we used the cryptographic offloading functionality of commodity NICs to build a VPN IPsec gateway on an x86 server, where we required only one CPU core to serve 10 GbE line rate. The source code of the NIC-accelerated VPN gateway in our case study is publicly available. Our case study shows the tradeoffs between manifold software- and high performance offloading hardware-provided functionality.