How is encryption implemented in a VPN router?

T

Tapchek2021-02-14 18:10:02

VPN

Tapchek, 2021-02-14 18:10:02

We all often talk about the fact that VPN-oriented routers that support protocols that perform encryption (the same IPsec, etc.) perform encryption. And so I had a question, how and where does this process take place in the device, are there special boards for routers or some kind of microcircuit, or is this process distributed throughout the entire router board? And at least somewhere, at least hardware-software encryption is carried out (hardware is probably already too much and, as I think, cannot be built into the router itself, but is an independent device) Who knows the guys, I will be very grateful for the answer. You will rely on a specific model - in general, there will be candy :)

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Valentine, 2021-02-14
@Tapchek

“Hardware” support for IPSec is different for everyone. But you have to understand how this technology fundamentally works. Namely, it basically consists of a service (daemon) that waits for a connection and initiates connections with the specified settings (security associations in terms of IPSec), and directly processes that encrypt traffic (the most resource-intensive). So usually, when they talk about hardware support for IPSec, we are talking about the fact that encryption is supported in some chip. Implementations may be different, the ASA used to have seemingly separate ASICs (I could be mistaken), on the Mikrotik given in another comment, this is done in the central processor from Annapurna Labs (apparently, unlike the Atheros processor from another compared RB2011 router, the Anapurna processor supports the set AES commands). Here is an exampleIntel hardware support.