A method, apparatus, and article for caching security records for access
by a hardware offloading device are disclosed. A method for updating
security record entries in a hardware table is disclosed that includes
marking every security record entry in the hardware table as a
replacement candidate based upon passage of a determined time interval,
each security record entry having a set of security parameters. Upon
receiving a packet having a security record, the hardware table is
checked for a security record entry corresponding to the security record.
A check is done to determine whether there is a replacement candidate in
the hardware table if there is no security record entry corresponding to
the security record. The security record entry containing the replacement
candidate is replaced with the security record if there is a replacement
candidate. Other embodiments are described.