6WINDGate FAQ

Where are 6WIND’s offices located?

6WIND Headquarters are situated 30 min from Paris, France. 6WIND has also offices in California, China (Beijing) and South Korea.

The location of our offices can be found here.

What is your business model?

6WIND is an embedded software company. The company supplies its 6WINDGate packet processing software under license to OEMs. The license includes an upfront development fee and per-unit royalties.

A company profile is available here.

What countries do you sell in?

6WIND sells worldwide either directly or through local resellers.

Do you have resellers?

6WIND has resellers in different countries including the US, Taiwan and China. 6WIND resellers are listed here.

What is your ecosystem?

6WIND is proud to partner with industry-leading companies worldwide who provide products that are complementary to our own software. These partners include suppliers of processors, operating systems, board-level products and systems. We encourage our customers to explore the products available from our ecosystem partners while coordinating a complete system solution based around 6WINDGate.

A list of our partners can be found here.

Do you have regional support?

We provide worldwide technical support.

Do you provide services?

Yes. 6WIND provides services around its 6WINDGate technology. The 6WIND professional services are described here.

Do you sell source or binaries?

We sell source code.

What is the scope of a 6WINDGate license?

A 6WINDGate license is granted for a processor, a Linux distribution and a set of modules to develop a product or a range of products. The scope of the license can be extended when needed.

I don’t need all the features available in 6WINDGate. Can I license only a subset of features?

Yes, the 6WINDGate product is modular. For instance, you can use your own control plane modules and / or select a limited number of modules.

How do I extend an existing license?

Your 6WINDGate license is granted without any time limitation. 6WINDGate updates are delivered as long as you have a valid maintenance contract.

What’s your support/maintenance model?

We provide maintenance services under an annual contract. Some specific support services can also be provided according to specific customers’ requirements (Designated Support Engineer, Technical Account Manager, extended maintenance services …).

Do you provide training?

Yes. The standard 6WINDGate training class is a 5 day training that can be provided at 6WIND or in your premises for a maximum of 10 people. Training is highly recommended to understand 6WINDGate concepts as early as possible in your development process. 6WIND also provides a 3-day session focused on 6WINDGate HA for engineers who are already familiar with 6WINDGate concepts.

Our standard training can also be customized upon request to help you to kick-off your project.

Does 6WINDGate include any GPL software?

6WINDGate software is a mix of software under GPL license and 6WIND license. Modules covered by GPL license are mainly:

• Routing control plane module (6WIND is one of the companies maintaining the Quagga Open Source project),
• Security control plane module,
• Linux networking stack,
• A few standard Linux tools.

The 6WINDGate software license agreement includes an appendix listing the specific license that applies to each software module.

6WINDGate implements cryptography. Is 6WIND authorized to export such a technology?

Yes, 6WIND has all the required authorizations to export cryptography to all countries that are not under embargo. We have a dedicated document that details our export license.

Who are your main customers?

6WIND licenses its products to tier-1 customers all around the world. A list of our main customers is available here.

What are the main applications of 6WINDGate?

6WINDGate accelerates packet processing for a myriad of applications including mobile infrastructure, network security, high-frequency trading and deep packet inspection.

What is the impact of your architecture on my existing Linux applications? Do I need to rewrite them?

One of the key advantages of the 6WINDGate architecture is that Linux APIs are preserved. So, if your application uses standard Linux APIs, you will not have to modify your existing application to take advantage of 6WINDGate’s packet processing.

How can 6WINDGate help me in building my LTE infrastructure equipment?

Please refer to the Mobile Infrastructure page on our Web site. Applications Notes are also available here.

Has your 6WINDGate software already been integrated with telecom signalling protocols?

Yes. Our customers have integrated 6WINDGate with Aricent, RadiSys (Trillium), Marben and Metaswitch signalling protocols.

How can 6WINDGate help me in building my security appliance?

Please refer to the Network Security page on our Web site. Applications Notes are also available here.

How can 6WINDGate help me in building my DPI application?

6WIND has established a technology partnership with Qosmos, a leading provider of Network Intelligence (NI) technology. With tight integration between the companies products, network equipment providers can add Qosmos’ real-time NI capabilities and 6WIND’s advanced, multicore packet acceleration to their solutions, benefitting from proven interoperability between the two complementary technologies. This accelerates time to market for advanced mobile, cyber security and network applications.

For more details of the integrated 6WIND-Qosmos solution, see the white paper High-performance, integrated packet processing and DPI solutions for LTE, available here.

Do you have a high-level presentation about your software architecture?

Yes. Our 6WINDGate Architecture Overview document can be downloaded here.

What does “Synchronization of control plane, Linux networking stack and fast path” exactly mean?

In a standard Linux architecture, the control plane updates the Linux networking stack for both static and dynamic configurations. When using a fast path, it also has to be synchronized with the same information to have a consistent system. 6WINDGate architecture has been designed to make this synchronization fully transparent.

What is the “Exception Mechanism”?

In 6WINDGate fast path-based solutions, the fast path receives all incoming packets in the system. Its goal is to provide very high packet processing performance. Therefore, it does not process complex, time consuming packets that represent only a small fraction of the overall traffic. For example, packets that require a state machine to compute forwarding information (such as ARP or routing protocols) are not processed in the fast path.

When an incoming packet is too complex to be processed by the fast path, it is sent to Linux as an exception packet, to be processed by the Linux networking stack or the control plane. Then, thanks to the continuous synchronization mechanism, the computed information in Linux will be automatically configured in the fast path, so that the next packet of the same flow can be processed in the fast path.

This Exception mechanism, combined with the Continuous Synchronization of Linux and the fast path, enables 6WINDGate to process any kind of packet and ensures the consistency of the whole system.

How can I choose between different 6WINDGate implementations?

To help you, 6WIND provides you with:

• Evaluation versions for the different implementations of 6WINDGate that are available after signing a Software Evaluation License Agreement,
• Detailed performance tests based on parameters such as number of cores, packet length … for the different 6WINDGate implementations that are available after signing a NDA.

These tools can help you to select the best software architecture and our support team can also help to choose the optimized solution.

Which part of your 6WINDGate software is generic and which part is processor-dependent?

The majority of our 6WINDGate software is generic thanks to Hardware Abstraction Layers provided for all supported hardware platforms and providing generic, high-level APIs in the control plane, Linux networking stack and fast path. However, the use of processor specific resources such as hardware queues for QoS is processor-dependent. 6WIND also implements some specific low-level optimizations to make the most out of the processor.

Do you support other Operating Systems than Linux?

No, we do not support other Operating Systems than Linux. Please note that the executive implementation of the fast path runs outside the OS and can be used in other environments.

What is OCF?

OCF (Open Cryptography Framework) is a standard control plane and Linux networking stack API used by software to interface crypto engines. 6WINDGate uses this API to ease the portability of security software on different platforms using either built-in crypto engines (multicore processors such as Cavium OCTEON/OCTEON II, Broadcom XLR/XLS/XLP) or external accelerators (x86 with PCI external accelerators).

Thanks to the OCF API, your applications (for instance SSL) can transparently benefit from crypto engines; independently of the underlying hardware.

Where can I find detailed information about features supported by each 6WINDGate module?

Detailed Data Sheets for each 6WINDGate module are available upon request. The complete list of supported modules is available on the 6WINDGate software modules page on our Web site.

Do you have a list of the RFCs that 6WINDGate comply with?

Yes. It can be found here.

Do you have a detailed roadmap?

Yes. Please refer to the 6WINDGate software modules page on our Web site. A more detailed quarterly roadmap is available upon request and after signing
a NDA.

Do you have different implementations for the fast path?

Yes, we have three different implementations for the fast path:

• Linux kernel fast path: the fast path is implemented as a Linux kernel module.
• Hybrid fast path: the fast path is implemented as a Linux userland module using executive drivers.
• Executive fast path: the fast path is implemented as a bare metal application within the executive environment.

Could you compare the performance of the different fast path implementations you provide?

The executive fast path solution provides a guaranteed, highest level of performance as cores are specifically dedicated to the fast path.

The hybrid fast path provides a higher level of performance than the Linux kernel fast path (actually close to the one of the executive fast path), as executive drivers are more efficient than standard Linux drivers.

For both hybrid and Linux kernel implementations, as the fast path shares cores with the applications, there may be an impact on the performance of packet processing. This impact can be minimized by fine tuning the Linux kernel.

How can I define how many cores are running the fast path and how many cores are running Linux when I use an executive fast path implementation?

The way cores are shared between the fast path and Linux is fully configurable and defined at boot time.

What is the 6WINDGate fast path SDK?

The 6WINDGate fast path SDK is the execution environment for the fast path modules. The fast path SDK is hardware-dependent and is identified by the hardware architecture (processor), the implementation of the fast path (Linux kernel, hybrid or executive) and the Linux distribution.

The fast path SDK includes:

• The generic abstraction APIs used to implement fast path modules independently from the underlying hardware with zero-overhead, using the services of the processor SDK (executive/hybrid fast path) or Linux drivers (Linux kernel fast path).
• The glue to provide the 6WINDGate networking stack as a drop-in replacement for the networking stack of the Linux distribution.
• The exception and continuous synchronization mechanisms between Linux and the fast path.

What has to be done to integrate your fast path modules together?

Nothing has to be done as 6WIND provides a complete and integrated solution. Fast path modules are integrated together and integrated with the Linux Networking Stack and control plane.

Have you tried to run your fast path in kernel mode?

Yes. This implementation shows excellent performance compared to a standard Linux architecture and a scalable increase of performance according to the number of cores. However, performance is lower than the one of the hybrid and executive implementations of the fast path.

My IDPS, DPI or firewall needs reassembled packets; can the fast path fragment or reassemble my IP packets (whatever UDP, TCP, etc.)?

The 6WINDGate fast path comes with a fragmentation / reassembly module for both IPv4 and IPv6 that allows fragmentation / reassembly processing to be offloaded from the Linux networking stack. For more information about IDPS/DPI and firewall, refer to the Network Security and Deep Packet Inspection pages on our Web site.

Some 6WINDGate features are not available in the fast path yet. How will I upgrade my system in the future?

You can start with 6WINDGate as it is today. Thanks to 6WINDGate’s flexible architecture, features that are not available in the fast path will be processed in the Linux networking stack using the Exception Mechanism.

As soon as the required 6WINDGate fast path module is available, your performance will be automatically improved without making any modification to the Control plane, Linux networking stack or Management plane. New fast path modules can be purchased as extensions of your existing license.

Which operating systems do you support?

We support the Linux operating system.

Which versions of the Linux kernel do you support?

6WINDGate 2.x supports Linux kernel versions from 2.6.14 to 2.6.24.

6WINDGate 3.x supports the latest versions of the Linux kernel starting with 2.6.27.

Which Linux distributions do you support?

We support reference Linux distributions provided by multicore processor vendors, Open Source Linux distributions, as well as commercial Linux distributions such as Wind River Linux. Support of other distributions including your own is possible upon request.

Is the 6WINDGate Linux networking stack compatible with socket applications?

Although the 6WINDGate Linux networking stack replaces the networking stack provided by the reference Linux distribution, it preserves standard Linux APIs (such as skbuff, netdevices, Netfilter, Netlink, socket API, etc.) so that your existing kernel modules or userland applications do not need to be modified.

How long does it take to port 6WINDGate to a new Linux kernel?

There is no generic answer to this question as it depends on numerous parameters, such as Linux kernel version, BSP availability, etc.

However, 6WIND has a strong experience porting the 6WINDGate software on top of various Linux distributions (from 2.6.15 to 2.6.34 kernels) and hardware architectures (including Cavium OCTEON/OCTEON II, Broadcom XLR/XLS/XLP, Tilera TILEPro64, Intel Architecture, LSI Axxia architecture, etc.). Please contact 6WIND’s Customer Support and Services team who will evaluate your project and your requirements.

Have you improved your 6WINDGate Linux Stack compared to a standard Linux Stack for multi-processing environment?

Yes. The 6WINDGate Linux networking stack is implemented without any giant lock during the packet processing, so that the kernel can process multiple packets at the same time (up to one per core) in SMP mode.

However, a Linux-based architecture is complex and still requires locking in certain cases.

What is VNB?

VNB (Virtual Networking Blocks) was initially developed as an in-kernel networking subsystem that follows the UNIX principle of achieving power and flexibility through combinations of simple modules.

The VNB technology has various applications at each level of the software architecture. It is well-suited for especially for:

• Protocol encapsulation,
• Feature performance optimization by separation of Linux kernel/fast path
  packet processing from the control plane,
• Assembly of several protocols in order to provide global solutions,
• Driver integration;

and does not require any modification to the Linux networking stack.

Is VNB available in the fast path?

Yes. 6WIND has ported the VNB framework at the fast path level to bring similar benefits for the integration of fast path modules. Doing so, the same source code for a VNB module can be used within the fast path-based 6WINDGate implementations.

What is the Cache Manager?

The Cache Manager is a control plane software module that performs Continuous Synchronization between Linux networking stack and fast path. It listens to Linux Netlink notifications resulting from configuration of the Linux networking stack by the control plane modules (ARP and NDP entries, L3 routing tables, Security Associations, etc.) and synchronizes the fast path accordingly.

Thanks to the Cache Manager, no change is required to control plane modules when they are used with the 6WINDGate fast path. The Cache Manager is hardware independent.

Which routing protocols do you support?

We support RIP, RIPng, OSPFv2, OSPFv3 and BGP as well as SMR (Static Monitored Route) and BFD (Bidirectional Forwarding Detection).

Do you support Virtual Routing?

Yes. Virtual Routing is supported for RIP, RIPng, OSPFv2, OSPFv3 and BGP. Control plane Virtual Routing has been integrated and validated with the fast path forwarding module that also supports Virtual Routing.

Which versions of IKE do you support?

Both IKEv1 and IKEv2 are supported. 6WIND has improved both versions of IKE to support a large number of IKE sessions.

Can the 6WINDGate fast path modules be used with non 6WINDGate routing daemons (OSPF, BGP, etc.) and non 6WINDGate IKE?

Yes. Routing and IKE software that is able to configure Linux kernel routing or IPsec information will transparently benefit from the 6WINDGate fast path thanks to the Continuous Synchronization mechanism.

Do you support IKE VR?

Yes. IKEv2 VR is available.

On a same core, can the crypto engines be shared between different applications in Linux and kernel or fast path modules (IPsec)?

Yes, thanks to the OCF API, your SSL application (or others) can benefit from the hardware crypto engines. The OCF layer will manage concurrent access from userland applications and from the Linux kernel or the fast path.

Do you provide CLI and Web Management?

Yes. 6WIND delivers complete CLI and Web tools for integrated 6WINDGate features. The 6WINDGate CLI User’s Guide is available here.

Can I monitor 6WINDGate features with SNMP?

Yes. 6WINDGate implements an SNMP agent. You can find the list of supported MIBs here.

Thanks to the 6WINDGate FPS (Fast Path Statistics) module, responsible for gathering fast path statistics and aggregating them with Linux networking stack statistics, SNMP queries remain consistent for the whole system even when a fast path is used, transparently for the SNMP agent.

How can I integrate my existing management system with the 6WINDGate XML-based management system?

The 6WINDGate management architecture is very flexible and can provide different solutions for smooth integration of the 6WIND XML-based management system with an existing one:

• You can call the 6WINDGate management system from yours to integrate the management of new features brought by 6WINDGate,
• You can extend the 6WINDGate management system to call yours,
• You can interface the XMS Configuration Manager with your own client and configure 6WINDGate features directly in XML; we provide all the necessary software documentation for that purpose.

The 6WIND Service and Support team can help you to choose the best solution according to your requirements.

Does 6WINDGate work as well on dual multi-core processor architecture?

Yes. The 6WINDGate Architecture Overview document can be downloaded from our Web site here. It has dedicated sections about distributed architectures.

In case of a single multicore architecture, synchronization between the Linux networking stack and the fast path is handled through a shared memory. In dual multi core processor architecture, Linux is running on one processor, while the fast path is running on the other one. There is no shared memory between Linux networking stack and fast path.

In such architecture, the fast path 1CP – 1FP module is required and allows synchronizing the Linux networking stack with the remote fast path through a network connection between the two processors.

As a result, the 6WINDGate architecture can be equally deployed over:

• shared cores of a single multicore processor,
• two different multicore processors (one core being allocated to Linux and the other one to the fast path),
• one multicore processor running the fast path and another, possibly non-multicore, processor running Linux.

Can I manage more than one fast path with a single control plane?

Yes. You can manage several fast paths with a single control plane module. 6WIND provides software modules to manage from 2 to 8 fast path modules with a single control plane to meet your system requirements.

Do you have a high-level presentation about your HA software architecture?

Yes. The 6WINDGate Architecture Overview document can be downloaded from our Web site here. It has dedicated sections about HA.

What are the main components of your HA solution?

The 6WINDGate HA solution includes:

• Graceful Restart extensions (Linux stack & control plane)
• HA Daemon Monitoring System (control plane) that monitors 6WINDGate daemons
• HA control plane Synchronization Daemon for different protocols (ARP/NDP, routing, IPsec, firewall / NAT, etc.)

You can find the list of 6WINDGate HA modules on the 6WINDGate software modules page on our Web site.

Can you give some customer examples showing how your 6WINDGate HA modules can be used?

6WINDGate HA modules are used in LTE infrastructure equipment and Large Scale NATs.

What is the level of performance that can be achieved with 6WINDGate compared to standard Linux?

6WINDGate using fast path-based implementations typically increases packet processing performance between 5 to 10 times compared to standard Linux. The exact value depends on different parameters. For a more precise answer, detailed performance test results on reference platforms can be provided.

How does your fast path IP forwarding scale?

IP forwarding performance is not affected by the number of routes as IP lookup is implemented using a configurable M-trie algorithm, so that any packet is processed within a fixed number of memory accesses. There is no additional memory allocation when processing a flow.

Detailed performance test results showing that the number of forwarded packets linearly increases proportionally to the number of cores are available.

What is the memory consumption per route?

Each route consumes 64 Bytes. So, the total amount of memory used by tables holding 50,000 routes is 24 MBytes.

How is IPsec forwarding performance affected by the number of Security Associations (SA) and by the number of selectors (SPD entries)?

SA lookup in the fast path is based on a 16-bit hash table so that the number of SA does not significantly impact performance.

With regards to the number of selectors, a threshold enables switching from linear search to a trie-based look-up algorithm, depending on the number of entries in the SPD. This enables adjusting the balance between lookup performance and memory usage.

Detailed performance test results showing that the number of processed IPsec packets per second is directly proportional to number of cores are available.

Is there a maximum number of IPsec SA or SP?

The theoretical limit for the size of the SAD and SPD is the amount of RAM available in the system. However, we have successfully validated up to 40K SAs and SPs.

What is the memory consumption per SA and SP?

A SA takes 640 bytes and an SP takes 128 bytes.

How many NAT sessions do you support?

With our standard fast path access NAT, 6WINDGate is able to manage up to 100K sessions.

For Large Scale NATs, a NAT using the fast path LSN / CGN NAT module and the Carrier Grade Linux networking stack is able to manage up to 18 Million NAT sessions.

How many IKE sessions do you support in the control plane?

We are able to manage 30K IKE sessions in the control plane.

Why are 6WINDGate performance numbers lower than processor benchmarks?

The purpose of processor benchmarks is to demonstrate the raw performance of the processor. Benchmarking software is generally limited to a single feature with hard-coded parameters. 6WIND provides a complete solution with several features, all protocol options and integration with the Control Plane. 6WINDGate software is much more complex than benchmarking software and performance cannot be directly compared. A detailed Application Note about this topic is available here.

I don’t need all the fast path features provided by 6WINDGate. Can I disable them to increase performance?

Yes. 6WIND provide compilation options to disable features you don’t need.

Which tools do you use to optimize the performances of 6WINDGate on a processor?

The majority of our 6WINDGate software is generic. However, the use of processor specific resources such as Ethernet drivers, hardware queues for QoS, crypto-engines is processor-dependent. To implement some specific low-level optimizations to make the best use of the processor, 6WIND uses cycle-level simulators (when available) to optimize the number of cycles. Performance counters of the processor and profiling tools can also be used to measure processing time.

Do you have detailed performance test results?

Yes. Detailed performance test results for reference hardware platforms are available upon request and after signing a NDA.

What is the size of your 6WINDGate code?

The 6WINDGate Linux networking stack comprises around 436K Physical Source Lines of Code (SLOC) and the 6WINDGate fast path is around 120K SLOC.

However, the 6WINDGate solution is highly modular and the code that will be effectively used depends on your specific requirements.

Which Cavium boards do you support?

Please refer to the 6WINDGate platform support page on our Web site.

Which software from Cavium do I need to run 6WINDGate?

You need the Cavium SDK. Other software and toolkits from Cavium can be integrated with 6WINDGate but they not mandatory. We periodically update 6WINDGate to support the latest versions of the SDK.

How can I debug 6WINDGate software running on Cavium OCTEON/OCTEON II?

Linux userland and kernel software can be debugged using standard Linux tools, as well as Simple Executive debugging tools provided by Cavium. 6WIND provides the 6WINDGate Virtual Fast Path, a tool that makes it possible to run and debug the fast path as a Linux userland application on x86.

Which technologies from Cavium does 6WINDGate leverage?

6WINDGate takes advantage of POW, FPA, hardware helpers (checksum, etc.), timers and crypto coprocessors.

The 6WINDGate software uses the Simple Exec environment from Cavium’s SDK. The 6WINDGate software uses the Work-Queue-Entries (WQE) natively and it runs to completion in order to process each WQE arriving on the IPD. The WQEs are read from the incoming queues using cvmx_pow_work_response_async() and then once processed they are posted to the PKOs using 6WINDGate’s egress queuing.

On the egress side, the queue functions of the CVMX environment which are used are cvmx_pko_send_packet_prepare() and cvmx_pko_send_packet_finish(). For an optimized version of the data plane, 6WINDGate can be compiled and run with oct-sim which provides a simulation model of the OCTEON processor.

We have Software Design Documents describing our fast path architecture & components. They focus on the generic part and also provide board-specific details like the use Cavium OCTEON hardware resources.

Are data structures designed for the 128 byte cache line of Cavium OCTEON/OCTEON II?

Yes. We take care to align data structures and also make use of the prefetch mechanism.

Do 6WINDGate security features use the integrated OCTEON/OCTEON II crypto coprocessors?

Yes. All versions of 6WINDGate use the integrated OCTEON/OCTEON II crypto coprocessors, from control plane (through the transparent integration of SSL with the OCF API), Linux networking stack or fast path.

How are the QoS features of the Cavium OCTEON/OCTEON II chip used for implementing DiffServ?

For the fast path, we rely on the queuing mechanism of the OCTEON/OCTEON II and the support of RED.

Do you support the Cavium OCTEON II processor?

Yes. Refer to the 6WINDGate platform support page on our Web site.