1. Overview

Thank you for choosing 6WIND Speed Series Turbo IPsec.

Turbo IPsec is a ready-to-use high performance software routing appliance.

Turbo IPsec provides Service Providers, Cloud and Content Providers, and Enterprises the best price/performance ratio when transitioning from hardware to software based appliances.

Turbo IPsec can be quickly installed on x86 servers in bare metal or virtual machine environments.

This document will help you get started with your new product. It provides an overview as well as detailed installation and startup instructions.

1.1. Features

Turbo IPsec offers:

  • Linear performance scalability with the number of cores deployed
  • Full-featured data plane networking with fast path protocols
  • High performance control plane
  • CLI management
  • High performance input/output (I/O) leveraging DPDK with multi-vendor NIC support
  • Virtio vNIC support to eliminate standard virtual switch bottlenecks when combined with 6WIND Virtual Accelerator

1.1.1. Routing

  • BGP, BGP4+
  • OSPF v2, OSPF v3
  • RIP, RIPng
  • Static Routes
  • ECMP

1.1.2. Layer 2 and Encapsulations

  • GRE
  • VLAN (802.1Q, QinQ)
  • VXLAN
  • LAG (802.3ad, LACP)
  • Ethernet Bridge

1.1.3. IP Networking

  • IPv4 and IPv6
  • VRF
  • NAT

1.1.4. IPsec

  • IKEv1, IKEv2
  • 3DES, CBC, AES encryption
  • MD5, SHA-1, SHA-2 (256-bit) Authentication
  • RSA, Diffie-Helman Key Management
  • High performance (AES-NI, QAT)
  • Tunnel or Transport mode
  • SVTI
  • VPN Monitoring

1.1.5. Security

  • Access Control Lists
  • Unicast Reverse Path Forwarding
  • Control Plane Protection: avoid dropping CP packets under high load

1.1.6. QoS

  • Rate limiting per interface

1.1.7. IP Services

  • DHCP v4 client/relay/server
  • DNS client/proxy
  • NTP

1.1.8. Management/Monitoring

  • SSHv2, Telnet
  • CLI
  • Remote XML API
  • SNMP
  • Role-Based Access Control with AAA
  • Syslog
  • sFlow
  • KPIs

1.1.9. High Availability

  • VRRP

1.2. System Requirements

  • Bare metal or VM (KVM, VMware)

  • Virtio vNIC, VMXNET3, PCI passthrough and SR-IOV

  • Supported processors

    • Intel Xeon E5-1600/2600/4600 v2 family (Ivy Bridge EP)
    • Intel Xeon E5-1600/2600/4600 v3 family (Haswell EP)
    • Intel Xeon E5-1600/2600/4600 v4 family (Broadwell EP)
    • Intel Xeon E7-2800/4800 v2 family (Ivy Bridge EX)
    • Intel Xeon E7-2800/4800 v3 family (Haswell EX)
    • Intel Xeon E7-4800/8800 v4 family (Broadwell)
    • Intel Xeon Platinum/Gold/Silver/Bronze family (Skylake)
    • Intel Atom C2000 family for Communications (Rangeley)
    • Intel Xeon D-1500 family (Broadwell DE)
  • Supported Ethernet NICs

    • Intel 1G 82575, 82576, 82580, I210, I211, I350, I354 (igb)
    • Intel 10G 82598, 82599, X520, X540 (ixgbe)
    • Intel 10G/40G X710, XL710, XXV710 (i40e)
    • Mellanox 10G/40G Connect-X 3 (mlx4)
    • Mellanox 10G/25G/40G/50G/100G Connect-X 4/5 (mlx5)
    • Broadcom NetExtreme E-Series (bnxt)
  • Memory footprint (RAM)

    Turbo IPsec Embedded Edition (EE) needs 8G of RAM to achieve the following capabilities:

    • VRs: 256
    • Routes: 1000000
    • Neighbors: 100000
    • PBR rules: 4096
    • Netfilter rules: 10000
    • Netfilter conntracks: 262144
    • Netfilter ebtables: 10000
    • Netfilter ipset: 64 per VR, 2048 entries per ipset
    • VXLAN interfaces: 512
    • IPsec tunnels: 100000