Abstract—IPSec is a suite of protocols that adds securityto communications at the IP level. Protocols within the IPSecsuite make extensive use of cryptographic algorithms. Sincethese algorithms are computationally very intensive, somehardware acceleration is needed to support high throughput.IPSec accelerator performance may heavily depend on thedimension of the packets to be processed. In fact, whenpackets are small, the time needed to transfer data andto set up the accelerators may exceed the one to process(e.g. to encrypt) the packets by software. In this paperwe present a packet scheduling algorithm that tackles thisproblem. Packets belonging to the same Security Associationare grouped before the transfer to the accelerators. Thus, thetransfer and the initialization time have a lower influence onthe total processing time of the packets. This algorithm alsoprovides the capability of scheduling grouped packets overmultiple cryptographic accelerators. High-level simulationsof the scheduling algorithm have been performed and theresults for a one-accelerator and for a two-accelerator systemare also shown in this paper.

Index Terms—Cryptographic accelerators, packetscheduling algorithm, IPSec, small packets.

Cite: Antonio Vincenzo Taddeo, Alberto Ferrante, and Vincenzo Piuri, "Scheduling Small Packets in IPSec Multi-accelerator Based Systems," Journal of Communications, vol. 2, no. 2, pp. 53-60, 2007.