Overview

Chelsio’s Cryptographic Offload and Acceleration solution provides hardware-accelerated TLS/SSL, DTLS and IPsec crypto processing and flexible crypto modes (inline and lookaside) on Chelsio T6/T62xx family adapters and dedicated crypto coprocessors. By offloading compute-intensive symmetric and asymmetric cryptographic operations from host CPUs, Chelsio enables line-rate encryption for high-throughput web, storage and streaming workloads while keeping latency and CPU utilization low. The solution supports integration with host drivers and APIs, third-party key-management, and deployment modes suitable for CDN, storage-at-rest, video streaming, IoT edge, and WAN security use cases.

Features and Capabilities

• Performance & Scalability: Full inline TLS/SSL and IPsec offload to sustain 10/25/40/50/100 GbE line rates with sub-microsecond packet processing and support for thousands of concurrent TLS connections.
• Modes of Operation: Inline (in-path) encryption/decryption for wire-speed TLS; lookaside/co-processor mode for accelerating IPsec, DTLS and SMB 3.x crypto operations.
• Crypto Algorithms & Acceleration: AES (various modes), SHA1/SHA2 families, asymmetric key handling for handshakes — dedicated crypto engines and co-processors reduce host CPU cycles.
• Adapter Hardware: T6/T62xx family adapters (and crypto accelerator modules) with PCIe interface, multi-port 10/25/40/50/100GbE, low power and low cooling footprint suitable for server racks.
• Software Integration: Chelsio crypto & network drivers, socket/API interfaces and user-space libraries (DPDK-compatible / kernel bypass) to integrate with existing server applications without major rewrites.
• Key Management: Interfaces for third-party key management systems (KMIP or vendor KMS) and options to store session keys securely on the adapter.
• Use Cases: TLS termination for CDN and video streaming edge servers, storage data-at-rest encryption/de-dup acceleration, secure site-to-site WAN links (IPsec), and IoT edge DTLS.
• Reliability & Offload Safety: Graceful fallback to host CPU when offload limits are reached; adapter-level handling preserves connection consistency and minimizes packet loss.
• Ecosystem & Platform Support: Drivers and resources for GNU/Linux and FreeBSD; support for major server stacks and integration notes for storage and virtualization platforms.
• Deployment Flexibility: Choices between inline inline/offload topologies (direct data path vs overlay), enabling optimized routing for encrypted versus non-encrypted streams.