6wind offers a high-performance networking architecture using its 6windgate software to facilitate the shift from dedicated hardware to commodity servers and virtualization. The solution provides robust security features like IPsec for secure communications across various networking environments, supporting multiple protocols and hardware platforms. With a focus on cost-effectiveness and scalability, 6wind targets service providers, cloud providers, and enterprises seeking reliable infrastructure enhancements.

1. v1.0 | ©6WIND 2014. All rights reserved. All brand names, trademarks and copyright information cited in this presentation shall remain the property of its registered owners.
SPEED MATTERS

2. v1.0 | 2©6WIND 2014
 Enable open platform
ecosystem to replace
dedicated hardware
with commodity
servers and
virtualization.
 Close the
performance gap for
Service Providers and
Enterprises to
upgrade their network
architecture.
The Promise Of 6WIND
Network Architecture
Transformation
Dedicated Hardware
And Software
Platform
White Box
Ecosystem
Virtualization
Rigid Platform
Long Time To
Market
Open Platform
Inexpensive
Rapid
Services
Creation
$$$
Expensive
$

3. v1.0 | 3©6WIND 2014
 Best in class packet processing technology thanks to 6WIND deep
expertise in networking and more than 150 man years of
development.
 Since the first shipment of its 6WINDGate software in 2007, 6WIND
has been selected and deployed by Blue Chip companies to unlock
hidden infrastructure performance.
 6WIND is an independent software vendor and 6WINDGate is the
only heterogeneous networking stack to support major market-
leading hardware platforms.
 6WIND is privately held and headquartered in France, with offices in
Asia and the US.
6WIND Facts

4. v1.0 | 4©6WIND 2014
 Service Providers:
 Wireless offload schemes to extend coverage for subscribers expose
mobile core networks to security threats and require secure
connections
 Cloud Providers:
 Data Center Virtualization solutions require secure connections across
virtual networks
 Enterprise Providers:
 Network equipment (physical and software appliances) must help
secure connections across distributed data centers
IPsec Gateways Are a Requirement to Secure IP
Communications from Internet Attacks

5. v1.0 | 5©6WIND 2014
 Use of cost-effective hardware and software solutions
 Generic hardware platforms with high performance Ethernet NICs
 Hardware or software crypto acceleration
 Commercial or open source Linux distributions
 High performance packet processing software for
 Network security features such as IPsec and IKE to sustain high network throughput of
encrypted traffic
 A large number of protocols such as Layer 2 encapsulation, IPv6, routing, virtual routing, firewall,
NAT, QoS… to easily integrate the IPsec gateway into a complete networking infrastructure
 Flexible and extensible software architecture
 Develop physical IPsec Gateways and prepare the shift to virtualized solutions
 Open architecture to reuse in-house or third party application software
Requirements for High Performance and Cost-Effective IPsec
Gateways

6. v1.0 | 6©6WIND 2014
 Fastest performance on the
market; in both physical and
virtual environments
 Transparent, no change
necessary to OS, hypervisor
and management
 Available across all major
platforms
 Native support for all major
network protocols
6WINDGate on Standard Platforms:
Paradigm Shift In Packet Processing Software

7. v1.0 | 7©6WIND 2014
6WINDGate Removes Performance Bottlenecks
Performance
(MillionsOfPackets
PerSecond)
...
Fast Path Cores
...
Increase OS stability
by offloading
resource intensive
mundane tasks
Standard Linux
Becomes
Unstable
Performance benefits
scale with the number
of processing cores
1 2 3 8 9 10 ...

8. v1.0 | 8©6WIND 2014
Networking
Stack
Control
Plane
Fast
Path
Transparent to Operating System
?Local
info
Local
info
Fast path packet
Continuous
synchronization
Exception packet
Synchronization
modules

9. v1.0 | 9©6WIND 2014
Available for Industry-Leading Processor Platforms
ZoL™DPDKSimple ExecNetOS
Architecture-independent “Fast Path Modules”
• Generic, processor-independent source code
• Cycle-level and pipeline-level optimizations
Architecture-specific "Fast Path Networking SDK"
• Zero-overhead API for fast path modules
• Support for processor-specific features and
resources
• Leverages processor suppliers' SDKs
Data
Plane
Fast Path
FPN-SDK
FPN-SDK
FPN-SDK
FPN-SDK

10. v1.0 | 10©6WIND 2014
Linux Userland
Linux Kernel
Linux Networking Stack
FastPath
6WINDGate IPsec Architecture
Multicore Processor Platform
FPN-SDK
IPsec
IPv4/IPv6
Other FP
modules
Shared memory
IPsec SPD
IPsec SAD
IPsec
IPv4/IPv6
statistics
IPsec SPD IPsec SAD
Linux / fast path
synchronization
(statistics)
Security table
updates
Netlink
notifications
IKEv1/v2
Linux / fast path
synchronization
(configuration)
DPDK
Cavium
NITROX
Intel® Multi-
Buffer
Intel®
QuickAssist
Crypto Framework
6WIND DPDK Crypto Framework

11. v1.0 | 11©6WIND 2014
 Based on dpdk.org
 6WINDGate DPDK add-ons available for
increased system functionality,
performance and reliability
 Poll Mode Drivers for multi-vendor NICs
 Mellanox ConnectX-3® EN Series PMD
 Emulex OCE14102 PMD
 Performance acceleration for virtualized
networking
 Fast vNIC PMD
 VMXNET3 Guest VMware PMD
 VIRTIO Guest XEN-KVM PMD
 Crypto acceleration modules that leverage
 Cavium NITROX SDK 5.x Crypto
 Intel® Multi-Buffer Crypto
 Intel® QuickAssist Crypto
6WINDGate DPDK Features and Benefits
Virtualization
acceleration
Fast vNIC PMD
VMXNET3 Guest
VMware PMD
VIRTIO Guest XEN-
KVM PMD
Crypto
acceleration
Cavium NITROX SDK
5.x Crypto
Intel® Multi-Buffer
Crypto
Intel® QuickAssist
Crypto
dpdk.org
Multi-vendor NIC support
Emulex OCE14102
PMD
Mellanox ConnectX®-
3 EN Series PMD

12. v1.0 | 12©6WIND 2014
 6WINDGate IPsec performance
(AES-128 HMAC-SHA1)
 5.24 Gbps per core for 1420B
packets
 Up to 193.27 Gbps using 40 cores
 Performance scales linearly
with the number of cores
configured to run the fast path
Intel Multi-Buffer IPsec
Test Results

13. v1.0 | 13©6WIND 2014
 6WINDGate IPsec using Quick
Assist performance
 3.52 Gbps per engine for 1420B
packets
 Up to 40 Gbps (platform limit) using
16 engines
 Performance scales linearly
with the number of engines
configured to process IPsec
transformation
Intel Cave Creek IPsec
Test Results

14. v1.0 | 14©6WIND 2014
 6WINDGate IPsec performance using Cavium
Nitrox DPDK add-on
 Up to 20.23 Gbps for 1420 bytes
Cavium Nitrox IPsec
Test Results

15. v1.0 | 15©6WIND 2014
 High performance IPsec stack to sustain encrypted traffic over several tens of
thousands of IPsec tunnels with low-latency
 Optimal use of software and hardware crypto-acceleration for best price/performance
 High-capacity IKE control plane to manage several tens of thousands of IKE sessions
on a single server
 High capacity for encapsulation protocols such as VLAN, PPP, L2TP and GRE…
 High performance and scalable IPv4 and IPv6 forwarding with virtual routing support
for a large number of instances
 High performance and capacity firewall and NAT
6WINDGate for IPsec Gateways

16. v1.0 | 16©6WIND 2014
Generic Hardware
Platform
Network Architecture Evolution
Proprietary Hardware
Platform
Application
Proprietary Hardware
Platform
Application
Proprietary Hardware
Platform
Application
Application
Application
Application
Virtualization
Generic Hardware
Platforms
Application
Application
Application

17. v1.0 | 17©6WIND 2014
6WINDGate Extensions to IPsec Gateway Virtualization
NICs
DPDK
(Intel and multi-vendor NIC drivers)
Host Driver
OVS
Acceleration
Additional Features
(L3 Routing,
Firewall, NAT…)
Virtual
Switch
Fast
vNIC
PMD
Virtio
PMD
Fast
vNIC
Linux
Virtio Virtio
Fast
vNIC
vIPsec
Gateway
vRouter
Additional
VNFs Drivers for Virtual Appliance
• Fast vNIC drivers for high
performance communications
• Standard drivers for existing
VAs
• Extensible for all OSs
Accelerated Virtual Switch
• DPDK with multi-vendor NIC
support
• OVS acceleration
• Extended network services
• Host driver for high
performance communications

18. v1.0 | 18©6WIND 2014
 High performance switching aggregated bandwidth for VNFs
without any modification in the virtual switch
 Hardware independent VNF network attachments for seamless
network hardware upgrades and VNF migration
 Low-latency inter-VNF communications
 Enhanced features beyond switching (L3 forwarding, virtual routing,
firewall, IPsec and more) for extended chaining capabilities
 Support for multi-vendor VNFs based on different OSs
6WIND’s Open Networking Platform For NFVI

19. v1.0 | 19©6WIND 2014
10 x 40 Gbps
Full Duplex
Traffic
Virtual Switch Acceleration
Accelerated Open vSwitch
Open vSwitch
Traffic
Generator
 No modification is
required to OVS, OS,
Hypervisor,
Management
 L2 switching
capability on 10 cores
using 40G Ethernet
 52 Mpps with 64 byte
packets
 195 Gbps with 1280
byte packets
OpenFlow
Controller

20. v1.0 | 20©6WIND 2014
Virtual
Network
Function
Virtual
Network
Function
Virtual
Network
Function
Virtual Switch-Based NFVI
Lowest Latency and Flexible Chaining
PCI Express
Local NIC
External Switch
Physical Switching Limitations
• Hardware dependent switching
(SR-IOV, RDMA, NIC embedded switching)
• Throughput is limited by PCI Express (50 Gbps)
and faces PCI Express and DMA additional
latencies
• Available PCI slots limit the number of chained
VNFs
• At 30 Gbps a single VNF is supported per node!
Virtual Switching With 6WINDGate
• Hardware independent virtual switching (NIC
driver)
• Aggregate 500 Gbps bandwidth with low latency
• No external limit to number of chained VNFs
50
Gbps
500 Gbps
6WINDGate Accelerated OVS

21. v1.0 | 21©6WIND 2014
FastPath
IPv4/IPv6
Forwarding
MPLS/VPLS
Encapsulation
IPv4/IPv6
Multi-cast
Filtering
IPv4/IPv6
IPsec SVTI
VLAN
Link
Aggregation
NAT
GRE
TCP/UDP
Termination
Flow
Inspection
L2TP/ PPPoE
BRAS
GTP-UVXLAN
Tunneling
(IPinIP)
IPsec
IPv4/IPv6
Ethernet
Bridging
6WINDGate Module List
DistributedArch.
Fast path
extensions
Control
plane
extensions
ControlPlane
BFD SMR
L2TP,
PPPoE
BRAS
Routing
Virtual
Routing
Security
VRRP LACP
VPN
Monitoring
HighAvailability
LACP
Firewall /
NAT
Routing
ARP / NDP
DPDK
Fast vNIC PMD
VMXNET3
Guest VMware
PMD
Intel®
QuickAssist
Crypto
VIRTIO Guest
XEN-KVM PMD
Intel® Multi-
Buffer Crypto
Cavium
NITROX SDK
5.X Crypto
Mellanox
ConnectX®-3
EN Series PMD
FPN-SDK
OVS
Acceleration
Emulex
OCE14000
Series PMD
QoS
Hardware
platform
independence
Modular
virtualization
extensions
Complete
protocol portfolio
for IPsec gateway
Generic
software

22. v1.0 | 22©6WIND 2014
6WIND Enables Cost-Effective IPsec Gateways for Enterprises
and Service Providers
 6WINDGate
Powered IPsec
Gateway and
Firewall
 DPDK on Linux
 Hardware offload to
Cavium Nitrox for
IPsec
 Software based appliance on custom hardware
for additional performance
 Allows use of DPDK on multi-vendor NICs for
crypto support
 Ready for fully virtual applications
Commodity
Hardware
x86 Processor
Hypervisor
Virtual IPsec
Gateway and
Firewall
IPsec Gateway and
Firewall

23. v1.0 | 23©6WIND 2014