1. Overview

Thank you for choosing 6WIND Virtual Service Router.

6WIND Virtual Service Router (VSR) is a high-performance and scalable virtualized software router optimized for Service Providers and Enterprises. It is deployed bare-metal, virtualized, or containerized on COTS servers in private and public clouds.

6WIND VSR product family includes:

  • Virtual Security Gateway

  • Virtual Carrier Grade NAT Router

  • Virtual Border Router

  • Virtual Provider Edge Router

  • Virtual Broadband Network Gateway

  • Virtual Firewall

  • Virtual Cell Site Router

  • Virtual CPE Router

  • Virtual UPF

Each product requires a specific license to enable the needed features.

6WIND VSR products support deployment on x86 and Arm servers in bare metal, virtual machine or container environments.

This document will help you get started with your new product. It provides an overview as well as detailed installation and startup instructions.

1.1. Features

Virtual Service Router offers:

  • Linear performance scalability with the number of cores deployed

  • Full-featured data plane networking with fast path protocols

  • High performance control plane

  • CLI management

  • NETCONF management

  • High performance input/output (I/O) leveraging DPDK with multi-vendor NIC support

  • Bare metal and virtual environment support, including KVM, VMware and AWS

  • Container support with Docker, Kubernetes, Red Hat Openshift, VMware Telco Cloud Platform

1.1.1. Routing

  • BGP, BGP4+

  • OSPFv2, OSPFv3

  • RIP, RIPng

  • IS-IS

  • SR-TE

  • PCEP

  • SRv6

  • PIM SM and SSM

  • cross-VRF

  • Static Routes

  • Path monitoring

  • ECMP

  • PBR

  • BFD

  • MPLS LDP

  • BGP L3VPN

  • VXLAN EVPN

  • Point to Multipoint GRE interfaces

  • NHRP

  • DMVPN with IPsec

1.1.2. Layer 2 and Encapsulations

  • GRE

  • VLAN (802.1Q, QinQ)

  • VXLAN

  • LAG (802.3ad, LACP)

  • Ethernet Bridge

  • PPPoE client

1.1.3. IP Networking

  • IPv4 and IPv6

  • IPv6 Autoconfiguration

  • VRF

  • IPv4 and IPv6 Tunneling

  • NAT

1.1.4. IPsec 1

  • IKEv1, IKEv2 Pre-shared Keys or X509 Certificates

  • MOBIKE

  • Encryption: 3DES, AES-CBC/GCM (128, 192, 256)

  • Hash: MD-5, SHA-1, SHA-2 (256, 384, 512), AES-XCBC (128)

  • Key Management: RSA, DH MODP groups 1 (768 bits), 2 (1024 bits), 5 (1536 bits), 14 (2048 bits), 31 (curve25519) and 32 (curve448), DH PFS, ECDSA, RSA-PSS, EdDSA

  • High performance (AES-NI, QAT)

  • Tunnel, Transport or BEET mode

  • Static SVTI, Dynamic SVTI

  • tenant provisioning through Radius(PSK)

1.1.5. CG-NAT 1

  • NAT44

  • NAT64 in conjunction with DNS64

  • Port Assignment

    • Random or parity

    • Port Block Allocation (PBA)

    • Per user/per CPE session limiter

  • IP Pool Management

    • Paired pooling

    • IP pool resize

  • Logging

    • Port batching

    • Syslog

  • ALG support

    • ICMP, FTP, TFTP, RTSP, PPTP, SIP, H323

  • Hairpinning

  • Endpoint-Independent Mapping and Filtering

  • Address and Port Dependent Mapping and Filtering

  • Deterministic NAT

  • NAT-PT port overloading

1.1.6. Security

  • Access Control Lists

  • Unicast Reverse Path Forwarding

  • Control Plane Protection

  • BGP Flowspec

  • Certificates management

  • Fast Path Firewall 1

    • Match criteria: 5-tuples, DSCP, address/network group, app name

    • Action: TCP MSS, DSCP update

    • Verdict: accept, drop, track, reject

  • DDoS 1

    • Traffic types: ICMP, DNS, QUIC, UDP, TCP

    • Rate limiter: global, per source IP, per destination IP

    • Trusted addresses list

1.1.7. QoS

  • Rate limiting per interface, per VRF

  • Class-based QoS

    • Classification: ToS / IP / DSCP / CoS

    • Shaping and Policing

    • Scheduling: PQ, PB-DWRR, HTB

    • Fair Queuing: SFQ

1.1.8. IP Services

  • DHCP v4 client

  • DHCP v4 server

  • DHCP v4 relay

  • DNS client

  • DNS proxy

  • NTP

  • PPPoE server 1

  • IPoE 1

1.1.9. UPF 1

  • Support Relay and Gateway session creation modes

  • Packet Detection Rules (PDR)

  • Forwarding Action Rules (FAR)

  • Downlink Data Buffering support (BUCP)

  • QoS Enforcement Rules Support (QER)

    • Rate limiter for AMBR and MBR of GBR flows

  • Usage Reporting Rules support (URR)

  • Support Error indication

  • PFCP

1.1.10. Management/Monitoring

  • SSHv2

  • CLI

  • NETCONF / YANG API

  • SNMP

  • KPIs / Telemetry (YANG-based)

  • Data streaming: InfluxDB, Elastic Search, Kafka, Amazon CloudWatch, Graphite

  • Role-Based Access Control with AAA (TACACS, Radius)

  • Syslog

  • 802.1ab LLDP

  • sFlow

  • Netflow / IPFIX

  • BMP

  • Netconf alarms based on Yang push

1.1.11. Operations

  • Installation: PXE, USB, ISO, QCOW2, OVA

  • Update / Rollback Support

  • Provisioning: cloud-init, Ansible

  • Licensing: online licensing system with flexible feature and capacity enablement

1.1.12. High Availability

  • VRRP

  • IKE/IPsec synchronization 1

1.2. System Requirements

  • Bare metal or VM (KVM, VMware, AWS, Azure)

    • Virtio vNIC, VMXNET3, ENA, PCI passthrough and SR-IOV

  • A container engine (Docker, Podman, Kubernetes, …)

    • Virtio vNIC, PCI passthrough and SR-IOV

  • Supported processors

    • Intel Xeon E5-1600/2600/4600 v2 family (Ivy Bridge EP)

    • Intel Xeon E5-1600/2600/4600 v3 family (Haswell EP)

    • Intel Xeon E5-1600/2600/4600 v4 family (Broadwell EP)

    • Intel Xeon E7-2800/4800 v2 family (Ivy Bridge EX)

    • Intel Xeon E7-2800/4800 v3 family (Haswell EX)

    • Intel Xeon E7-4800/8800 v4 family (Broadwell)

    • Intel Xeon Scalable Processors (Skylake, Cascade Lake, Ice Lake, Sapphire Rapids)

    • Intel Atom C3000 family (Denverton)

    • Intel Xeon D family

    • Ampere Altra Server Snow

    • AWS Graviton2

  • Supported Ethernet NICs

    • Intel 1G 82573, 82576, 82580, I210, I211, I350, I354 (igb)

    • Intel 10G 82599*, X520*, X540, X550* (ixgbe)

    • Intel 10G/40G X710*, XL710*, X722, XXV710* (i40e)

    • Intel 25G*/100G* E810 (ice)

    • Mellanox 10G*/25G*/40G*/50G/100G* Connect-X 4/5/6 (mlx5)

    • Broadcom NetExtreme E-Series 100G* (bnxt)

Note: marked references (*) on NICs are fully integrated in 6WIND’s CI with a wide functional and performance test coverage.

  • Memory footprint

    • For baremetal and VNF: Virtual Service Router requires at least 2GB of RAM. Default capabilities are automatically adjusted to the amount of RAM available.

    • For CNF: to run Virtual Service Router, we recommend at least 6GB of hugepages, 2GB of standard memory, and 512MB of POSIX shared memory. The minimum requirements are 1GB of hugepages, 1GB of standard memory, and 64MB of POSIX shared memory.

    Virtual Service Router requires 8G of RAM to achieve the following capabilities:

    VRs

    32

    Routes

    1000000

    Next-hops

    200000

    Neighbors

    10300

    PBR rules

    4096

    Netfilter rules

    10000

    Netfilter conntracks

    262144

    Netfilter ebtables

    10000

    Netfilter ipset

    64 ipsets per VR, 2048 entries per ipset

    VXLAN interfaces

    512

    IPsec tunnels 1

    100000

    CG-NAT Max conntracks 1

    4M

    CG-NAT Max NAT entries 1

    4M

    CG-NAT Max cpe (users) 1

    20K

    CG-NAT Max blocks 1

    80K

    Note

    Some of these numbers (CG-NAT) are empirical. They may have to be tuned according to your use case.

    See also

    Fast path limits configuration to tune these capabilities.

  • CPU: Virtual Service Router requires at least 2 CPU cores.

  • Storage: Virtual Service Router in container requires at least 1GB of storage space; 8GB are recommended to manage several images and store configuration and log files.

1

requires a specific Application License