WHITE PAPER 6WIND* and Intel®: Delivering High-Performance Software-Based IP and IPsec Routing Introduction Communications service providers, cloud service providers, and enterprises are in the midst of a significant network architecture transformation as they increase the amount of IP routing and security they use, while at the same time reducing their costs. To do that, they are increasingly adopting software-based routing. While the economic advantage of this approach is substantial – Intel® architecture servers replace dedicated hardware and can drive down the cost per gigabit by up to 80% 1 – many first-generation software routers didn’t offer the performance needed for today’s network applications. In fact, the performance from Linux*- based routers wasn’t enough to fill a 10 Gbps network connection.2 That’s why 6WIND* developed the Speed Series* for Intel platforms – a 200 Gbps IP router, the industry’s first 100 Gbps IPsec software solution, and a software platform for wire speed virtual infrastructure acceleration. The Speed Series is based on 6WINDGate*, a high-performance packet processing software solution. 6WIND also leverages the power of Intel® Xeon® servers and collaborated with Intel on technologies such as the Data Plane Development Kit (DPDK) that are instrumental to achieving these performance levels. More IP Networks Drives Need for More Routing and Security From advanced wireless networks to the Internet of Things, the demand for IP routing and network security is growing at a very fast pace. For example, in the market for service provider routers, 2014 was a record year for the industry with aggregate revenues hitting $10 billion according the research by Dell’Oro Group. 3 The firm also predicts that this growth will continue at least through 2015 when it projects that industry sales of routers will hit $11.5 billion.4 This prevalence of IP data traffic also foretells a greater need for routing of IPsec encrypted data packets in order to protect these data flows from security threats. Many new IP applications, such as LTE base stations, cable networks, cloud 1 6Wind internal study, available on request under NDA 2 6WIND Turbo Router + 6WIND Virtual Accelerator vs. Linux Routing + Open vSwitch. https://www.youtube.com/watch?v=icvVqvvrVeA The test platform for these results was a server using a 2.8GHz Quad Intel Xeon E7-4890 v2 with 128 Gigabytes of RAM and equipped with 10 dual-port 10GbE Intel network controllers. 3 Demand for Service Provider Routers Grows to Almost $10 B in 2014, According to Dell’Oro Group See more at: http://www.delloro.com/news/demand-service-provider-routers-grows-almost-10-b-2014-according-delloro-group#sthash.M8v9gwMm.dpuf 4 Service Provider Router Market to Exceed $11.5 Billion in 2019, According to Dell’Oro Group Forecast See more at: http://www.delloro.com/news/service-provider-router-market-exceed-11-5-billion-2019-according-delloro-group-forecast#sthash.DailEIGk.dpuf 2 6WIND* Intel® Network Builders White ˜aper Table of Contents computing, and others, have not had a 24-core Intel® x86 server to deliver a the need for security, thus they are not throughput of 7 Gbps.2 This is used to the cost and extra hardware acceptable performance for 1 Gbps Introduction .......................1 needed to provide high-performance network applications, but cannot scale More IP Networks Drives Need IPsec encryption. to support the 10 Gbps and 40 Gbps for More Routing and Security ......1 networks that are growing in popularity. Several types of organizations can The Foundation: 6WINDGate* ......2 benefit from high-performance 6WIND has been able to take on this 6WIND Speed Series* ..............3 software routing: challenge, however, by working to develop both the routing functionality Communications Service Providers: 6WIND Turbo Router* ..............3 and the server processing acceleration For service providers, more services 6WIND Turbo IPsec* ...............3 capability needed to match the means more revenues. Service performance required by 6WIND Virtual Accelerator* ........4 providers can tap into high- communications service providers, performance software routers for faster Real World Performance Results ...4 cloud providers, and enterprises on time to market for new services as well Intel architecture servers. Collaborating for Performance .....5 as a faster provisioning time, increasing IPsec Use Case: their service agility dramatically. The Foundation: 6WINDGate* Security in an LTE Network .........5 Cloud Providers: With high- 6WIND specializes in high- Summary ..........................6 performance IP routers, these providers performance, software-based can leverage their data center expertise networking products based on its core to offer increased services and 6WINDGate packet processing products, including enabling high software. performance software defined 6WINDGate software is a networking (SDN), network functions comprehensive set of optimized layer virtualization (NFV), and 2 through 4 networking protocols for virtualization implementations to Intel-based general-purpose compute automate and simplify operations and platforms that is deployed in carrier and quickly enable new services. cloud networks worldwide. The Enterprise: Private companies can also software can run on bare metal servers benefit from software routing with high in addition to running in a virtualized packet throughput performance to environment, having been tested as enable the cost-effective deployment of fully compatible with standard new physical or virtual networks in their hypervisors. building or throughout their campuses. The 6WINDGate fast path is a packet- Clearly, performance has been a processing engine running on dedicated stumbling block for the adoption of cores. 6WIND’s fast path architecture first-generation virtual routers. Early leverages DPDK open source software Linux* software routers offered great on Intel x86 platforms for performance, support of routing protocols, but didn’t and runs in user space – isolated from have the packet per second throughput the Linux operating system and to make even their reduced price network stack – which maximizes data attractive to customers. This plane performance. The fast path performance was also blocking the supports major networking protocols movement of IPsec routers into the (IP forwarding, VLAN, IPsec, filtering software world because the added and NAT, TCP/UDP Termination, Open processing needed for packet vSwitch acceleration, and more). encryption and decryption made 6WINDGate is a stand-alone solution performance even slower. that has been integrated into In a recent test conducted by 6WIND, routers and networking products by a Linux-based software router needed many major OEMs. For example, one 6WIND* Intel® Network Builders White ˜aper 3 OEM leverages the software as the data 6WIND Turbo Router* 6WIND Turbo IPsec* plane component of a virtual firewall The 6WIND Turbo Router is a software- 6WIND Turbo IPsec is a high- and intrusion prevention system. based IP router that delivers up to 200 performance software-based IPsec 6WIND Speed Series* Gbps performance when running on an gateway that delivers on two critical Intel Xeon-based server.5 Turbo Router performance elements with 6WIND has leveraged the 6WINDGate delivers layer 3 routing with stateful throughput of more than 100 Gbps software as the foundation for its firewall capabilities and is also suitable and up to 200,000 IPsec tunnels on Speed Series, which includes 6WIND for service providers, cloud and content a 2.8 GHz Quad Intel Xeon processor Turbo Router* and 6WIND Turbo IPsec* providers, and enterprises. E7-4800 v2 series system even without software appliances, which provide the external crypto technology. In addition following features: One advantage of the Turbo Router (and to IPsec encryption and decryption, Turbo IPsec) design is that performance • Linear performance scalability with 6WIND Turbo IPsec delivers layer 3 can scale with the number of cores that the number of cores deployed routing and stateful firewall services. are available for the application. In an • Full-featured data plane networking internal test, 6WIND found that when Thanks to this performance and the use with fast path protocols Turbo Router was run on a 40-core, of Intel-based hardware, 6WIND Turbo 2.8GHz Quad Intel Xeon E7-4890 v2 IPsec provides communications service • Operates on both bare metal servers server with 20 10G Ethernet ports, providers with much better price/ and in virtualized environments performance scales from 50 Mpps at performance ratios than dedicated • Highly scalable control plane five cores to 150 Mpps at 15 cores all hardware IPsec gateways, making the the way to 200Mpps at 20 cores. The transition to software-based • CLI, XML, or Linux-based average performance is 9.6 Mpps per networking much more cost effective. management (iproute2, iptables) core, which is independent of packet In its own tests against leading • High performance input/output (I/O) size. The test capped out at 200 Gbps, competitive hardware-based solutions, leveraging DPDK with multi-vendor leaving 45% of the performance of the 6WIND Turbo IPsec can save 80% of the network interface card (NIC) support system still available for other cost per gigabit of IPsec throughput.6 applications.5 • Virtio vNIC support to eliminate standard virtual switch bottlenecks when combined with 6WIND Virtual Accelerator* Also in the Speed Series is the 6WIND Virtual Accelerator, which provides packet-processing