1. Overview¶
Thank you for choosing 6WIND Turbo IPsec.
Turbo IPsec is a ready-to-use high performance software routing appliance.
Turbo IPsec provides Service Providers, Cloud and Content Providers, and Enterprises the best price/performance ratio when transitioning from hardware to software based appliances.
Turbo IPsec can be quickly installed on x86 servers in bare metal or virtual machine environments.
This document will help you get started with your new product. It provides an overview as well as detailed installation and startup instructions.
1.1. Features¶
Turbo IPsec offers:
Linear performance scalability with the number of cores deployed
Full-featured data plane networking with fast path protocols
High performance control plane
CLI management
NETCONF management
High performance input/output (I/O) leveraging DPDK with multi-vendor NIC support
Bare metal and virtual environment support, including KVM, VMware and AWS
1.1.1. Routing¶
BGP, BGP4+
OSPFv2, OSPFv3
RIP, RIPng
Cross-VRF
Static Routes
ECMP
PBR
MPLS LDP (beta)
BGP L3VPN (beta)
BGP Flowspec
1.1.2. Layer 2 and Encapsulations¶
GRE
VLAN (802.1Q, QinQ)
VXLAN
LAG (802.3ad, LACP)
Ethernet Bridge
1.1.3. IP Networking¶
IPv4 and IPv6
VRF
IPv4 and IPv6 Tunneling
NAT
1.1.4. IPsec¶
IKEv1, IKEv2
Encryption: 3DES, AES-CBC/GCM (128, 192, 256)
Hash: MD-5, SHA-1, SHA-2 (256, 384, 512), AES-XCBC (128)
RSA, Diffie-Helman Key Management
High performance (AES-NI, QAT)
Tunnel, Transport or BEET mode
1.1.5. Security¶
Access Control Lists
Unicast Reverse Path Forwarding
1.1.6. QoS¶
Rate limiting per interface, per VRF
1.1.7. IP Services¶
DHCP v4 client
DHCP v4 server
DHCP v4 relay
DNS client
DNS proxy
NTP
1.1.8. Management/Monitoring¶
SSHv2
CLI
NETCONF API
SNMP
LLDP
Role-Based Access Control with AAA (TACACS)
Syslog
sFlow
KPIs
1.1.9. System¶
Control Plane Protection
1.1.10. High Availability¶
VRRP
IKE/IPsec synchronization
1.2. System Requirements¶
Bare metal or VM (KVM, VMware, AWS)
Virtio vNIC, VMXNET3, PCI passthrough and SR-IOV
Supported processors
Intel Xeon E5-1600/2600/4600 v2 family (Ivy Bridge EP)
Intel Xeon E5-1600/2600/4600 v3 family (Haswell EP)
Intel Xeon E5-1600/2600/4600 v4 family (Broadwell EP)
Intel Xeon E7-2800/4800 v2 family (Ivy Bridge EX)
Intel Xeon E7-2800/4800 v3 family (Haswell EX)
Intel Xeon E7-4800/8800 v4 family (Broadwell)
Intel Xeon Platinum/Gold/Silver/Bronze family (Skylake)
Intel Atom C3000 family (Denverton)
Intel Xeon D family
Supported Ethernet NICs
Intel 1G 82575, 82576, 82580, I210, I211, I350, I354 (igb)
Intel 10G 82598, 82599, X520, X540 (ixgbe)
Intel 10G/40G X710, XL710, XXV710 (i40e)
Mellanox 10G/25G/40G/50G/100G Connect-X 4/5 (mlx5)
Broadcom NetExtreme E-Series (bnxt)
Memory footprint (RAM): Turbo IPsec requires at least 2GB of RAM. Default capabilities are automatically adjusted to the amount of RAM available.
Turbo IPsec requires 8G of RAM to achieve the following capabilities:
VRs
32
Routes
1000000
Neighbors
100000
PBR rules
4096
Netfilter rules
10000
Netfilter conntracks
262144
Netfilter ebtables
10000
Netfilter ipset
64 ipsets per VR, 2048 entries per ipset
VXLAN interfaces
512
IPsec tunnels
100000
See also
Fast path limits configuration to tune these capabilities.
CPU: Turbo IPsec requires at least 2 CPU cores.
Storage: Turbo IPsec requires at least 1GB of storage space; 8GB are recommended to manage several images and store configuration and log files.