1.3.6. Networking configurationΒΆ

Virtual Accelerator transparently configures the fast path when Linux is configured, using the Linux - Fast Path Synchronization module. The standard Linux tools can be used (iproute2, iptables, brctl, ovs-ofctl, ovs-vsctl, etc.).

Static IPsec configuration relies on the standard Linux ip xfrm commands. IKE configuration is based on strongSwan. IPsec or IKE requires a Virtual Accelerator IPsec Application License.

Offloads: TSO and GRO increase throughput of end-to-end communications by taking care of packet segmentation/aggregation in Virtual Accelerator, instead of doing it in the VM. These mechanisms maximize throughput by minimizing the number of packets processed and the number of transactions on the virtual NIC.

TSO/GRO can dramatically improve performance in some cases, but it may also have the opposite effect. To determine whether to enable or disable TSO/GRO, take a look at how the VM processes traffic:

  • If the VM terminates the traffic (HTTP servers, databases, etc.), enable TSO/GRO (default state).

  • If the VM performs packet by packet processing (L2/L3 forwarding, IPsec processing, firewalling, etc.), disable TSO/GRO. As the VM simply makes a processing decision on each packet, TSO/GRO adds unnecessary processing cycles and increases latency.

See also

  • the Linux documentation and man pages for iproute2, iptables, brctl, etc.

  • the fp-shmem-ports section below

  • the 6WINDGate FPN-SDK documentation for more information about offloads

  • the Virtio Host PMD documentation for detailed information about the NFV profile

  • the 6WINDGate Control Plane Security - IKEv1 and IKEv2 documentation for more information about IKE