1. Overview

Thank you for choosing 6WIND Turbo IPsec.

Turbo IPsec is a ready-to-use high performance software routing appliance.

Turbo IPsec provides Service Providers, Cloud and Content Providers, and Enterprises the best price/performance ratio when transitioning from hardware to software based appliances.

Turbo IPsec can be quickly installed on x86 servers in bare metal or virtual machine environments.

This document will help you get started with your new product. It provides an overview as well as detailed installation and startup instructions.

1.1. Features

Turbo IPsec offers:

  • Linear performance scalability with the number of cores deployed

  • Full-featured data plane networking with fast path protocols

  • High performance control plane

  • CLI management

  • NETCONF management

  • High performance input/output (I/O) leveraging DPDK with multi-vendor NIC support

  • Bare metal and virtual environment support, including KVM, VMware and AWS

1.1.1. Routing

  • BGP, BGP4+

  • OSPFv2, OSPFv3

  • RIP, RIPng

  • Cross-VRF

  • Static Routes

  • ECMP

  • PBR

  • MPLS LDP (beta)

  • BGP L3VPN (beta)

  • BGP Flowspec

1.1.2. Layer 2 and Encapsulations

  • GRE

  • VLAN (802.1Q, QinQ)

  • VXLAN

  • LAG (802.3ad, LACP)

  • Ethernet Bridge

1.1.3. IP Networking

  • IPv4 and IPv6

  • VRF

  • IPv4 and IPv6 Tunneling

  • NAT

1.1.4. IPsec

  • IKEv1, IKEv2

  • Encryption: 3DES, AES-CBC/GCM (128, 192, 256)

  • Hash: MD-5, SHA-1, SHA-2 (256, 384, 512), AES-XCBC (128)

  • RSA, Diffie-Helman Key Management

  • High performance (AES-NI, QAT)

  • Tunnel, Transport or BEET mode

1.1.5. Security

  • Access Control Lists

  • Unicast Reverse Path Forwarding

1.1.6. QoS

  • Rate limiting per interface, per VRF

1.1.7. IP Services

  • DHCP v4 client

  • DHCP v4 server

  • DHCP v4 relay

  • DNS client

  • DNS proxy

  • NTP

1.1.8. Management/Monitoring

  • SSHv2

  • CLI

  • NETCONF API

  • SNMP

  • LLDP

  • Role-Based Access Control with AAA (TACACS)

  • Syslog

  • sFlow

  • KPIs

1.1.9. System

  • Control Plane Protection

1.1.10. High Availability

  • VRRP

  • IKE/IPsec synchronization

1.2. System Requirements

  • Bare metal or VM (KVM, VMware, AWS)

  • Virtio vNIC, VMXNET3, PCI passthrough and SR-IOV

  • Supported processors

    • Intel Xeon E5-1600/2600/4600 v2 family (Ivy Bridge EP)

    • Intel Xeon E5-1600/2600/4600 v3 family (Haswell EP)

    • Intel Xeon E5-1600/2600/4600 v4 family (Broadwell EP)

    • Intel Xeon E7-2800/4800 v2 family (Ivy Bridge EX)

    • Intel Xeon E7-2800/4800 v3 family (Haswell EX)

    • Intel Xeon E7-4800/8800 v4 family (Broadwell)

    • Intel Xeon Platinum/Gold/Silver/Bronze family (Skylake)

    • Intel Atom C3000 family (Denverton)

    • Intel Xeon D family

  • Supported Ethernet NICs

    • Intel 1G 82575, 82576, 82580, I210, I211, I350, I354 (igb)

    • Intel 10G 82598, 82599, X520, X540 (ixgbe)

    • Intel 10G/40G X710, XL710, XXV710 (i40e)

    • Mellanox 10G/25G/40G/50G/100G Connect-X 4/5 (mlx5)

    • Broadcom NetExtreme E-Series (bnxt)

  • Memory footprint (RAM): Turbo IPsec requires at least 2GB of RAM. Default capabilities are automatically adjusted to the amount of RAM available.

    Turbo IPsec requires 8G of RAM to achieve the following capabilities:

    VRs

    32

    Routes

    1000000

    Neighbors

    100000

    PBR rules

    4096

    Netfilter rules

    10000

    Netfilter conntracks

    262144

    Netfilter ebtables

    10000

    Netfilter ipset

    64 ipsets per VR, 2048 entries per ipset

    VXLAN interfaces

    512

    IPsec tunnels

    100000

    See also

    Fast path limits configuration to tune these capabilities.

  • CPU: Turbo IPsec requires at least 2 CPU cores.

  • Storage: Turbo IPsec requires at least 1GB of storage space; 8GB are recommended to manage several images and store configuration and log files.