Overview

Edge. Access. Metro. Core. No matter the network, security plays a vital role. Encryption and decryption must be built into every piece of the chain, from the link layer to the application itself—each with distinct protocols that are in constant evolution. Our broad range of solutions protects you against known and unknown threats. That’s because you can implement security directly within AMD programmable logic—and iterate as standards evolve and threats emerge.

AMD security solutions span line rates from 100M to 400G, crypto protocols, various packet processing and lookup requirements—even predictive malware detection built on machine learning algorithms. Your system is protected in the present—and future-proofed. 

Security Solutions

Link Security

AMD offers LinkSec/MACSec implementations from 100Mbps to 400Gbps for switches, routers, and more. Integrating security directly into the data paths yields an efficient implementation that runs at line rate.

Layer-1 Encryption for Optical Networks

UltraScale+™ FPGAs provide the capability to encrypt up to nx1G - nx100G frames of payload via bulk crypto for the protocols used in Metro and Core optical nodes and switches. Versal™ adaptive SoCs integrate AES-GCM-128/256 encryption/decryption functionality via the High-Speed Crypto (HSC) block to reduce power, simplify place/route times, and provide enough throughput for up to 400G per block.

Layer-2 Encryption for Ethernet Switches

IP is available today to scale from 1M to 400G of throughput, with additional flexibility via channelization. Versal’s HSC block provides up to 400G of integrated MACSec functionality with nx100G granularity, and up to 4k+ security associations (SAs). The Cipher Suites supported are AES-GCM-128/256 and AES-GCM-XPN-128/256 with configurable confidentiality/encryption offset.

Zoom de imagen
encryption diagram
AMD Virtex UltraScale+, AMD Virtex UltraScale
AMD Virtex™ UltraScale+™, AMD Virtex™ UltraScale™
  • Soft IP for Bulk Crypto and MACSec
  • 1G-200G AES-GCM-128/256
  • 1k+ Security Associations
  • Can be used in OTN, MACSec, IPSec, and higher-layer TLS encryption
AMD Versal Premium
AMD Versal™ Premium
  • 400G Bulk Crypto with AES-GCM 128/256
  • 4x100G, 2x200G or 1x400G
  • 128 SAs per 100G of Crypto
  • Can be used in OTN, MACSec, IPSec, and higher-layer encryption

Secure Route and VPN

AMD FPGA and adaptive SoC solutions offer high-performance inline IPSec processing where performance is needed most. AMD architectures deliver line-rate throughput with minimal latency without taxing the CPU.

Video IPSec (Layer-3) Security Components

AMD solutions implement and manage the IPSec data plane, including both IP and IPSec layer packet processing. Processing of packets for extraction of layer 2 and layer 3 fields at different throughputs is readily implemented in AMD FPGA and adaptive SoC devices. IP solutions are available to implement: 1Gb/s to 400Gb/s, with deterministic latency. Security association (SA) and security policy (SP) lookups are easily implemented, and support 100’s to 10,000’s of lookups via AMD content-addressable memory (CAM) IP and high-bandwidth memory (HBM) FPGAs.

IPSec Crypto and Other Features

The flexibility of memory and packet processing available in AMD security IP makes it the only solution that can address server, router, and access router in a single vender. A fixed solution cannot support a varying number of L3 VPNs or provide the level of search performance that can be achieved with AMD FPGAs and adaptive SoCs. The range of encryption protocols supported by AMD includes:

Crypto protocols:

  • AES-128/192/256 (ECB, CBC, CTR)
  • CHACHA-20 POLY1305

Hashing protocols:

  •  SHA-1, SHA-224/256/384/512 with HMAC
  • GHASH
  • AES-XCBC-MAC-128/192/256

Combined protocols:

  • AES-GCM/AES-GMAC (128/192/256)
  • AES-CCM (128/192/256)

Other:

  • Custom protocols for crypto/packet processing
  • Transport and tunnel mode operation
  • IPv4 and IPv6 support with all packet sizes
  • Configurable replay protection window size
Zoom de imagen
IPSec Crypto and Other Features
AMD Virtex UltraScale+
AMD Virtex™ UltraScale+™
  • 1G-100G Inline IPSec
  • URAM for SA lookup and storage
  • Up to 100G Inline processing
  • Support for All protocols and IPSec modes
  • AMD CAM IP for lookup
AMD Virtex UltraScale+ HBM
AMD Virtex™ UltraScale™ + HBM
  • 1G-200G Inline IPSec
  • HBM for packet buffer and lookups
  • 10,000+ Security Associations and policy
  • AMD HBM BCAM IP for lookup
  • 58G SerDes for network connectivity
  • Configuration for replay protection window size
  • Multi-protocol support with tunnel and transport mode
AMD Versal Premium
AMD Versal™ Premium
  • 400G IPSec
  • 112G SerDes
  • Nx400 High-speed Crypto
  • Hardened Gen5 PCIe core
  • Hardened packet processing

Application Security with AI

End-to-end offload and acceleration frees up valuable resources without sacrificing security between users and applications, and clients and servers. AMD offers solutions from established protocols to cutting-edge machine learning for malware detection.

Stateful Security for Firewalls and CPU Acceleration

10-30x performance vs. CPU with security acceleration/offload

  • Stateful TCP offload using FPGA internal and external memory
  • Session classification and storage
  • Line-rate packet classification with multiple tuple-based flows
  • Secure SSL sessions handled completely in FPGA
  • Partner IPs for stateful TCP Offload Engine (TOE), bulk encryption/decryption, and asymmetric crypto (PKI)
Zoom de imagen
wireless application security diagram

RegEx Processing for DDoS, DPI, IPS, IDS

Traffic signature matching at high throughput

  • Rule matching offload for 10x+ performance compared to software
  • RegEx engine compatible with PCRE/POSIX 
  • Millions of rules supported using on-chip HBM or external DRAM
  • AMD IP for high-speed data transfer to CPU, flow classification using CAMs/TCAMs, packet processing
  • Partner IP for RegEX processing with DPI SW (SNORT, SURICATA)
Zoom de imagen
wireless application security diagram

Stateful Processing and Malware Detection in Firewalls using Machine Learning Models

Malware system that learns through artificial intelligence and is smart enough to identify new threats—even ones you may not have anticipated

  • TLS traffic malware detection using machine learning (ML) inference models
  • TLS flow processing at 200Gbps using combination of P4 and RTL
  • AMD P4 compiler and TCAM IP for flow classification and ML parameter lookups
  • ML model for TLS flow prediction implemented using on-chip DSP cores
  • Statistics collection at 200Gbps for flow processing and predicted flows
Zoom de imagen
wireless application security diagram

Resources

Webinars

The Importance of Programmable Devices in Next-Gen Security Appliances and Firewalls

Watch Now

Video

Versal™ Premium series: First look at 112G PAM4 transceivers, 600G Ethernet cores & 400G HSC Engines

Watch the Video

Get Started

Stay Connected

Sign up for to receive the latest news or contact an AMD Sales representative.

Sign Up
Contact Sales