There’s Always a New Threat Out There
With AMD adaptable security, you’ll be ready for it
Network Security
Edge. Access. Metro. Core. No matter the network, security plays a vital role. Encryption and decryption must be built into every piece of the chain, from the link layer to the application itself—each with distinct protocols that are in constant evolution. Our broad range of solutions protects you against known and unknown threats. That’s because you can implement security directly within AMD programmable logic—and iterate as standards evolve and threats emerge.
AMD security solutions span line rates from 100M to 400G, crypto protocols, various packet processing and lookup requirements—even predictive malware detection built on machine learning algorithms. Your system is protected in the present—and future-proofed.
Solutions
Application Security with AI
Learn More >
SSL/TLS Offload, L4-L7 Security, Regular Expression (Reg-Ex), DPI/IPS/IDS, ML for Flow Blacklisting
Link Security
AMD offers LinkSec/MACSec implementations from 100Mbps to 400Gbps for switches, routers, and more. Integrating security directly into the data paths yields an efficient implementation that runs at line rate.
Layer-1 Encryption for Optical Networks
UltraScale+™ FPGAs provide the capability to encrypt up to nx1G - nx100G frames of payload via bulk crypto for the protocols used in Metro and Core optical nodes and switches. Versal™ adaptive SoCs integrate AES-GCM-128/256 encryption/decryption functionality via the High-Speed Crypto (HSC) block to reduce power, simplify place/route times, and provide enough throughput for up to 400G per block.
Layer-2 Encryption for Ethernet Switches
IP is available today to scale from 1M to 400G of throughput, with addional flexibility via channelization. Versal’s HSC block provides up to 400G of integrated MACSec functionality with nx100G granularity, and up to 4k+ security associations (SAs). The Cipher Suites supported are AES-GCM-128/256 and AES-GCM-XPN-128/256 with configurable confidentiality/encryption offset.
Available Now
Soft IP for Bulk Crypto and MACSec
1G-200G AES-GCM-128/256
1k+ Security Associations
Can be used in OTN, MACSec, IPSec, and higher-layer TLS encryption
Coming Soon
400G Bulk Crypto with AES-GCM 128/256
4x100G, 2x200G or 1x400G
128 SAs per 100G of Crypto
Can be used in OTN, MACSec, IPSec, and higher-layer encryption
Secure Route and VPN
AMD FPGA and adaptive SoC solutions offer high-performance inline IPSec processing where performance is needed most. AMD architectures deliver line-rate throughput with minimal latency without taxing the CPU.
IPSec (Layer-3) Security Components
AMD solutions implement and manage the IPSec data plane, including both IP and IPSec layer packet processing. Processing of packets for extraction of layer 2 and layer 3 fields at different throughputs is readily implemented in AMD FPGA and adaptive SoC devices. IP solutions are available to implement: 1Gb/s to 400Gb/s, with deterministic latency. Security association (SA) and security policy (SP) lookups are easily implemented, and support 100’s to 10,000’s of lookups via AMD content-addressable memory (CAM) IP and high-bandwidth memory (HBM) FPGAs.
IPSec Crypto and Other Features
The flexibility of memory and packet processing available in AMD security IP makes it the only solution that can address server, router and access router in a single vender. A fixed solution cannot support a varying number of L3 VPNs or provide the level of search performance that can be achieved with AMD FPGAs and adaptive SoCs. The range of encryption protocols supported by AMD includes:
Crypto protocols
- AES-128/192/256 (ECB, CBC, CTR)
- CHACHA-20 POLY1305
Hashing protocols
- SHA-1, SHA-224/256/384/512 with HMAC
- GHASH
- AES-XCBC-MAC-128/192/256
Combined protocols
- AES-GCM/AES-GMAC (128/192/256)
- AES-CCM (128/192/256)
Other
- Custom protocols for crypto/packet processing
- Transport and tunnel mode operation
- IPv4 and IPv6 support with all packet sizes
- Configurable replay protection window size
Available Now
1G-100G Inline IPSec
URAM for SA lookup and storage
Up to 100G Inline processing
Support for All protocols and IPSec modes
AMD CAM IP for lookup
Available Now
1G-200G Inline IPSec
HBM for packet buffer and lookups
10,000+ Security Associations and policy
AMD HBM BCAM IP for lookup
58G SerDes for network connectivity
Configuration for replay protection window size
Multi-protocol support with tunnel and transport mode
Coming Soon
400G IPSec
112G SerDes
Nx400 High-speed Crypto
Hardened Gen5 PCIe core
Hardened packet processing
Application Security with AI
End-to-end offload and acceleration frees up valuable resources without sacrificing security between users and applications, and clients and servers. AMD offers solutions from established protocols to cutting-edge machine learning for malware detection.
Stateful Security for Firewalls and CPU Acceleration
10-30x performance vs. CPU with security acceleration/offload.
- Stateful TCP offload using FPGA internal and external memory
- Session classification and storage
- Line-rate packet classification with multiple tuple-based flows
- Secure SSL sessions handled completely in FPGA
- Partner IPs for stateful TCP Offload Engine (TOE), bulk encryption/decryption, and asymmetric crypto (PKI)
RegEx Processing for DDoS, DPI, IPS, IDS
20-30x when AMD used for parallel analysis of regular expressions.
- Traffic signature matching at high throughput
- Rule matching offload for 10x+ performance compared to software
- RegEx engine compatible with PCRE/POSIX
- Millions of rules supported using on-chip HBM or external DRAM
- AMD IP for high-speed data transfer to CPU, flow classification using CAMs/TCAMs, packet processing
- Partner IP for RegEX processing with DPI SW (SNORT, SURICATA)
Stateful Processing and Malware Detection in Firewalls using Machine Learning Models
A malware system that learns through artificial intelligence and is smart enough to identify new threats--even ones you may not have anticipated.
- TLS traffic malware detection using machine learning (ML) inference models
- TLS flow processing at 200Gbps using combination of P4 and RTL
- AMD P4 compiler and TCAM IP for flow classification and ML parameter lookups
- ML model for TLS flow prediction implemented using on-chip DSP cores
- Statistics collection at 200Gbps for flow processing and predicted flows
Featured Videos
Webinar: The Importance of Programmable Devices in Next-Gen Security Appliances and Firewalls Watch Now >
Featured Documents
Get Started
Find evaluation boards, leverage libraries to develop your own applications, and learn how to become a AMD wired & wireless IP partner.
Use a Pre-built Evaluation Board
Design with a leading-edge using one of our evaluation boards
Explore now >
Develop Your Own Applications
Learn about developing your own applications using Vitis AI
Learn more >
Partner Program
Expand your reach and solve more customer problems by partnering with us
Join now >
Stay Informed
Sign up for Wired & Wireless Updates
Inquiries
Contact Sales for More Information