As network speeds move to 100GbE, processing of security workloads becomes a serious architectural consideration. IPsec remains essential for protecting data in motion, whether remote access, data center interconnect, or virtualized workloads. Yet in many deployments, IPsec encryption and decryption are still handled directly by the server CPU.
At lower bandwidths this approach works. At 100GbE and beyond, it becomes a bottleneck.
When CPUs handle both application workloads and high throughput IPsec processing, performance tradeoffs appear quickly. Increased latency and reduced application responsiveness are common effects. Scaling often requires deploying additional servers, which drives infrastructure costs higher. As a result, valuable compute capacity is consumed by security processing rather than business applications.
This is the problem Xelera Net is designed to solve.
Xelera Net is a SmartNIC software solution built to accelerate IPsec on 100GbE networks. It offloads IPsec processing from the server CPU to SmartNIC hardware and delivers up to 2x100Gbps IPsec bandwidth.
The solution is positioned as a turnkey SmartNIC deployment. It is designed to eliminate server-side IPsec bottlenecks while maintaining high performance and low latency.
In addition to its inline SmartNIC acceleration, Xelera Net also includes a software-based IPsec accelerator. This component can scale IPsec workloads across CPU cores and does not require additional accelerator hardware. This provides flexibility for different deployment requirements.
At its core, Xelera Net focuses on complete data plane offload. By moving encryption and decryption away from the CPU, the hosting server becomes available for application workloads instead of security processing.
How SmartNIC Offload Changes the Architecture
Traditional IPsec processing relies heavily on CPU resources. As encrypted traffic approaches 100Gbps, CPU utilization increases significantly. The result is reduced application performance and limited scalability.
Xelera Net shifts IPsec processing to SmartNIC hardware. The full IPsec data plane is offloaded, enabling simultaneous 2x100Gbps full duplex throughput with low latency. Security functions operate at line rate without competing for CPU cycles.
This architectural separation has two major effects.
First, it eliminates the CPU bottleneck associated with high bandwidth encryption. Second, it physically isolates network and security processing from application workloads. This separation enhances both performance and security posture.
Core Technical Capabilities
Besides supporting standard IPsec features, Xelera Net provides extension capabilities such as custom policy selectors to offer a future-proof solution. It integrates with StrongSwan for key exchange and continues to leverage the Linux kernel for networking functions.
Monitoring is supported through Prometheus compatible endpoints. Detailed metrics covering network traffic, hardware monitoring, and IPsec operation can be exported without additional agents or changes to existing dashboards.
The solution is built to operate at 2x100Gbps network throughput while maintaining low latency and complete data plane offload. The objective is straightforward. Secure high-speed networks without sacrificing server performance.
In Part II, we will explore real world use cases, industry applications, integration simplicity, and the operational benefits of Xelera Net.
%201.svg){kind=icon}