6WINDGate FAQ
This document covers Frequently Asked Questions about 6WIND and the 6WINDGate software. If you do not find the answer to your question in this document, please send an email to support at 6wind.com.
A 6WINDGate license is granted for a processor, a Linux distribution and a set of modules to develop a product or a range of products. The scope of the license can be extended when needed.
Yes, the 6WINDGate product is modular. For instance, you can use your own control plane modules and / or select a limited number of modules.
Your 6WINDGate license is granted without any time limitation. 6WINDGate updates are delivered as long as you have a valid maintenance contract.
We provide maintenance services under an annual contract. Some specific support services can also be provided according to specific customers’ requirements (Designated Support Engineer, Technical Account Manager, extended maintenance services …).
Yes. The standard 6WINDGate training class is a 5 day training that can be provided at 6WIND or in your premises for a maximum of 10 people. Training is highly recommended to understand 6WINDGate concepts as early as possible in your development process. 6WIND also provides a 3-day session focused on 6WINDGate HA for engineers who are already familiar with 6WINDGate concepts.
Our standard training can also be customized upon request to help you to kick-off your project.
6WINDGate software is a mix of software under GPL license and 6WIND license. Modules covered by GPL license are mainly:
- Routing control plane module (6WIND is one of the companies maintaining the Quagga Open Source project),
- Security control plane module,
- Linux networking stack,
- A few standard Linux tools.
The 6WINDGate software license agreement includes an appendix listing the specific license that applies to each software module.
Yes, 6WIND has all the required authorizations to export cryptography to all countries that are not under embargo. We have a dedicated document that details our export license.
6WIND licenses its products to tier-1 customers all around the world. A list of our main customers is available here.
6WINDGate accelerates packet processing for a myriad of applications including mobile infrastructure, network security, high-frequency trading and deep packet inspection.
One of the key advantages of the 6WINDGate architecture is that Linux APIs are preserved. So, if your application uses standard Linux APIs, you will not have to modify your existing application to take advantage of 6WINDGate’s packet processing.
Please refer to the Network Security page on our Web site. Applications Notes are also available here.
6WIND has established a technology partnership with Qosmos, a leading provider of Network Intelligence (NI) technology. With tight integration between the companies products, network equipment providers can add Qosmos’ real-time NI capabilities and 6WIND’s advanced, multicore packet acceleration to their solutions, benefitting from proven interoperability between the two complementary technologies. This accelerates time to market for advanced mobile, cyber security and network applications.
For more details of the integrated 6WIND-Qosmos solution, see the white paper High-performance, integrated packet processing and DPI solutions for LTE, available here.
Yes. Our 6WINDGate Architecture Overview document can be downloaded here.
In a standard Linux architecture, the control plane updates the Linux networking stack for both static and dynamic configurations. When using a fast path, it also has to be synchronized with the same information to have a consistent system. 6WINDGate architecture has been designed to make this synchronization fully transparent.
In 6WINDGate fast path-based solutions, the fast path receives all incoming packets in the system. Its goal is to provide very high packet processing performance. Therefore, it does not process complex, time consuming packets that represent only a small fraction of the overall traffic. For example, packets that require a state machine to compute forwarding information (such as ARP or routing protocols) are not processed in the fast path.
When an incoming packet is too complex to be processed by the fast path, it is sent to Linux as an exception packet, to be processed by the Linux networking stack or the control plane. Then, thanks to the continuous synchronization mechanism, the computed information in Linux will be automatically configured in the fast path, so that the next packet of the same flow can be processed in the fast path.
This Exception mechanism, combined with the Continuous Synchronization of Linux and the fast path, enables 6WINDGate to process any kind of packet and ensures the consistency of the whole system.
To help you, 6WIND provides you with:
- Evaluation versions for the different implementations of 6WINDGate that are available after signing a Software Evaluation License Agreement,
- Detailed performance tests based on parameters such as number of cores, packet length … for the different 6WINDGate implementations that are available after signing a NDA.
These tools can help you to select the best software architecture and our support team can also help to choose the optimized solution.
The majority of our 6WINDGate software is generic thanks to Hardware Abstraction Layers provided for all supported hardware platforms and providing generic, high-level APIs in the control plane, Linux networking stack and fast path. However, the use of processor specific resources such as hardware queues for QoS is processor-dependent. 6WIND also implements some specific low-level optimizations to make the most out of the processor.
No, we do not support other Operating Systems than Linux. Please note that the executive implementation of the fast path runs outside the OS and can be used in other environments.
OCF (Open Cryptography Framework) is a standard control plane and Linux networking stack API used by software to interface crypto engines. 6WINDGate uses this API to ease the portability of security software on different platforms using either built-in crypto engines (multicore processors such as Cavium OCTEON/OCTEON II, NetLogic XLR/XLS/XLP) or external accelerators (x86 with PCI external accelerators).
Thanks to the OCF API, your applications (for instance SSL) can transparently benefit from crypto engines; independently of the underlying hardware.
Yes. It can be found here.
Yes. Please refer to the 6WINDGate software modules page on our Web site. A more detailed quarterly roadmap is available upon request and after signing
a NDA.
Yes, we have three different implementations for the fast path:
- Linux kernel fast path: the fast path is implemented as a Linux kernel module.
- Hybrid fast path: the fast path is implemented as a Linux userland module using executive drivers.
- Executive fast path: the fast path is implemented as a bare metal application within the executive environment.
The way cores are shared between the fast path and Linux is fully configurable and defined at boot time.
The 6WINDGate fast path SDK is the execution environment for the fast path modules. The fast path SDK is hardware-dependent and is identified by the hardware architecture (processor), the implementation of the fast path (Linux kernel, hybrid or executive) and the Linux distribution.
The fast path SDK includes:
- The generic abstraction APIs used to implement fast path modules independently from the underlying hardware with zero-overhead, using the services of the processor SDK (executive/hybrid fast path) or Linux drivers (Linux kernel fast path).
- The glue to provide the 6WINDGate networking stack as a drop-in replacement for the networking stack of the Linux distribution.
- The exception and continuous synchronization mechanisms between Linux and the fast path.
Nothing has to be done as 6WIND provides a complete and integrated solution. Fast path modules are integrated together and integrated with the Linux Networking Stack and control plane.
Yes. This implementation shows excellent performance compared to a standard Linux architecture and a scalable increase of performance according to the number of cores. However, performance is lower than the one of the hybrid and executive implementations of the fast path.
The 6WINDGate fast path comes with a fragmentation / reassembly module for both IPv4 and IPv6 that allows fragmentation / reassembly processing to be offloaded from the Linux networking stack. For more information about IDPS/DPI and firewall, refer to the Network Security and Deep Packet Inspection pages on our Web site.
You can start with 6WINDGate as it is today. Thanks to 6WINDGate’s flexible architecture, features that are not available in the fast path will be processed in the Linux networking stack using the Exception Mechanism.
As soon as the required 6WINDGate fast path module is available, your performance will be automatically improved without making any modification to the Control plane, Linux networking stack or Management plane. New fast path modules can be purchased as extensions of your existing license.
We support the Linux operating system.
6WINDGate 2.x supports Linux kernel versions from 2.6.14 to 2.6.24.
6WINDGate 3.x supports the latest versions of the Linux kernel starting with 2.6.27.
We support reference Linux distributions provided by multicore processor vendors, Open Source Linux distributions, as well as commercial Linux distributions such as Wind River Linux. Support of other distributions including your own is possible upon request.
Although the 6WINDGate Linux networking stack replaces the networking stack provided by the reference Linux distribution, it preserves standard Linux APIs (such as skbuff, netdevices, Netfilter, Netlink, socket API, etc.) so that your existing kernel modules or userland applications do not need to be modified.
There is no generic answer to this question as it depends on numerous parameters, such as Linux kernel version, BSP availability, etc.
However, 6WIND has a strong experience porting the 6WINDGate software on top of various Linux distributions (from 2.6.15 to 2.6.34 kernels) and hardware architectures (including Cavium OCTEON/OCTEON II, NetLogic XLR/XLS/XLP, Tilera TILEPro64, Intel Architecture, etc.). Please contact 6WIND’s Customer Support and Services team who will evaluate your project and your requirements.
Yes. The 6WINDGate Linux networking stack is implemented without any giant lock during the packet processing, so that the kernel can process multiple packets at the same time (up to one per core) in SMP mode.
However, a Linux-based architecture is complex and still requires locking in certain cases.
VNB (Virtual Networking Blocks) was initially developed as an in-kernel networking subsystem that follows the UNIX principle of achieving power and flexibility through combinations of simple modules.
The VNB technology has various applications at each level of the software architecture. It is well-suited for especially for:
- Protocol encapsulation,
- Feature performance optimization by separation of Linux kernel/fast path
packet processing from the control plane,
- Assembly of several protocols in order to provide global solutions,
- Driver integration;
and does not require any modification to the Linux networking stack.
Yes. 6WIND has ported the VNB framework at the fast path level to bring similar benefits for the integration of fast path modules. Doing so, the same source code for a VNB module can be used within the fast path-based 6WINDGate implementations.
The Cache Manager is a control plane software module that performs Continuous Synchronization between Linux networking stack and fast path. It listens to Linux Netlink notifications resulting from configuration of the Linux networking stack by the control plane modules (ARP and NDP entries, L3 routing tables, Security Associations, etc.) and synchronizes the fast path accordingly.
Thanks to the Cache Manager, no change is required to control plane modules when they are used with the 6WINDGate fast path. The Cache Manager is hardware independent.
We support RIP, RIPng, OSPFv2, OSPFv3 and BGP as well as SMR (Static Monitored Route) and BFD (Bidirectional Forwarding Detection).
Yes. Virtual Routing is supported for RIP, RIPng, OSPFv2, OSPFv3 and BGP. Control plane Virtual Routing has been integrated and validated with the fast path forwarding module that also supports Virtual Routing.
Both IKEv1 and IKEv2 are supported. 6WIND has improved both versions of IKE to support a large number of IKE sessions.
Yes. Routing and IKE software that is able to configure Linux kernel routing or IPsec information will transparently benefit from the 6WINDGate fast path thanks to the Continuous Synchronization mechanism.
Yes. IKEv2 VR is available.
Yes, thanks to the OCF API, your SSL application (or others) can benefit from the hardware crypto engines. The OCF layer will manage concurrent access from userland applications and from the Linux kernel or the fast path.
Yes. 6WIND delivers complete CLI and Web tools for integrated 6WINDGate features. The 6WINDGate CLI User’s Guide is available here.
Yes. 6WINDGate implements an SNMP agent. You can find the list of supported MIBs here.
Thanks to the 6WINDGate FPS (Fast Path Statistics) module, responsible for gathering fast path statistics and aggregating them with Linux networking stack statistics, SNMP queries remain consistent for the whole system even when a fast path is used, transparently for the SNMP agent.
The 6WINDGate management architecture is very flexible and can provide different solutions for smooth integration of the 6WIND XML-based management system with an existing one:
- You can call the 6WINDGate management system from yours to integrate the management of new features brought by 6WINDGate,
- You can extend the 6WINDGate management system to call yours,
- You can interface the XMS Configuration Manager with your own client and configure 6WINDGate features directly in XML; we provide all the necessary software documentation for that purpose.
The 6WIND Service and Support team can help you to choose the best solution according to your requirements.
Yes. The 6WINDGate Architecture Overview document can be downloaded from our Web site here. It has dedicated sections about distributed architectures.
In case of a single multicore architecture, synchronization between the Linux networking stack and the fast path is handled through a shared memory. In dual multi core processor architecture, Linux is running on one processor, while the fast path is running on the other one. There is no shared memory between Linux networking stack and fast path.
In such architecture, the fast path 1CP – 1FP module is required and allows synchronizing the Linux networking stack with the remote fast path through a network connection between the two processors.
As a result, the 6WINDGate architecture can be equally deployed over:
- shared cores of a single multicore processor,
- two different multicore processors (one core being allocated to Linux and the other one to the fast path),
- one multicore processor running the fast path and another, possibly non-multicore, processor running Linux.
Yes. You can manage several fast paths with a single control plane module. 6WIND provides software modules to manage from 2 to 8 fast path modules with a single control plane to meet your system requirements.
Yes. The 6WINDGate Architecture Overview document can be downloaded from our Web site here. It has dedicated sections about HA.
The 6WINDGate HA solution includes:
- Graceful Restart extensions (Linux stack & control plane)
- HA Daemon Monitoring System (control plane) that monitors 6WINDGate daemons
- HA control plane Synchronization Daemon for different protocols (ARP/NDP, routing, IPsec, firewall / NAT, etc.)
You can find the list of 6WINDGate HA modules on the 6WINDGate software modules page on our Web site.
6WINDGate HA modules are used in LTE infrastructure equipment and Large Scale NATs.
You need the Cavium SDK. Other software and toolkits from Cavium can be integrated with 6WINDGate but they not mandatory. We periodically update 6WINDGate to support the latest versions of the SDK.
Linux userland and kernel software can be debugged using standard Linux tools, as well as Simple Executive debugging tools provided by Cavium. 6WIND provides the 6WINDGate Virtual Fast Path, a tool that makes it possible to run and debug the fast path as a Linux userland application on x86.
6WINDGate takes advantage of POW, FPA, hardware helpers (checksum, etc.), timers and crypto coprocessors.
The 6WINDGate software uses the Simple Exec environment from Cavium’s SDK. The 6WINDGate software uses the Work-Queue-Entries (WQE) natively and it runs to completion in order to process each WQE arriving on the IPD. The WQEs are read from the incoming queues using cvmx_pow_work_response_async() and then once processed they are posted to the PKOs using 6WINDGate’s egress queuing.
On the egress side, the queue functions of the CVMX environment which are used are cvmx_pko_send_packet_prepare() and cvmx_pko_send_packet_finish(). For an optimized version of the data plane, 6WINDGate can be compiled and run with oct-sim which provides a simulation model of the OCTEON processor.
We have Software Design Documents describing our fast path architecture & components. They focus on the generic part and also provide board-specific details like the use Cavium OCTEON hardware resources.
Yes. We take care to align data structures and also make use of the prefetch mechanism.
Yes. All versions of 6WINDGate use the integrated OCTEON/OCTEON II crypto coprocessors, from control plane (through the transparent integration of SSL with the OCF API), Linux networking stack or fast path.
For the fast path, we rely on the queuing mechanism of the OCTEON/OCTEON II and the support of RED.
We support Intel32 generic x86 and Clovertown, Intel64 Intel Xeon 5500 series (Nehalem/Jasper Forest, 4 cores), Intel Xeon 5600 series Westmere (6 cores), Sandy Bridge (8 cores).
Yes. The 6WINDGate software uses the Run Time Environment (RTE) from the DPDK. This is based on a poll-mode-driver (PMD) model for the PCIe NIC (for instance 82576/Kawela or 82599/Niantic). The 6WINDGate software links to the librte(s), providing for example the librte_mbuf which is highly optimized for the Intel environment.
Linux userland and kernel software can be debugged using standard Linux tools. 6WIND also provides the 6WINDGate Virtual Fast Path, a tool that makes it possible to run and debug the fast path as a Linux userland application on x86.
Intel provides the VTune Performance Analyzer to analyze and improve fast path application performance.
Yes. All versions of 6WINDGate use the AES New Instructions set of Intel processors or external crypto accelerator boards, from control plane (through the transparent integration of SSL with the OCF API), Linux networking stack or fast path.
We take advantage from hyperthreading, NUMA, stashing, PCIe bulking, RAM topology (channel/rank).
You need the NetLogic XLR/XLS SDK. Other software and toolkits from NetLogic can be integrated with 6WINDGate but are not mandatory. We periodically update 6WINDGate to support the latest versions of the NetLogic SDK.
Linux userland and kernel software can be debugged using standard Linux tools, as well as the NetOS GDB debugger. 6WIND provides the 6WINDGate Virtual Fast Path, a tool that makes it possible to run and debug the fast path as a Linux userland application on x86.
We take advantage of the FMN, the PDE and the parser featured by the Network Accelerators, as well as the Security Acceleration Engines.
We have Software Design Documents describing our fast path architecture and components. They focus on the generic part and also provide board-specific details like the use of NetLogic XLR / XLS / XLP hardware resources.
Yes. All versions of 6WINDGate use the integrated NetLogic XLR crypto cores, from control plane (through the transparent integration of SSL with the OCF API), Linux networking stack or fast path.
You need the Tilera MDE software. Other software and toolkits from Tilera can be integrated with 6WINDGate but are not mandatory. We periodically update 6WINDGate to support the latest versions of the Tilera MDE.
Linux userland and kernel software can be debugged using standard Linux tools. 6WIND provides the 6WINDGate Virtual Fast Path, a tool that makes it possible to run and debug the fast path as a Linux userland application on x86.
On Tilera TILEPro64 processors, the fast path is a zero overhead Linux (ZOL) application that uses the NetIO library provided by the Multicore Development Environment (MDE). The 6WINDGate software receives packets from a queue through dedicated tiles running the IPP. It sends packets to the EPP, enabling it to support both gbe and xgbe interfaces.
Evaluation versions in binary form for all platforms supported by 6WINDGate are available after signing a Software Evaluation License Agreement.
Debugging tools provided by processor vendors for their Multicore Executive Environment can be used with the 6WINDGate fast path. 6WIND provides the 6WINDGate Virtual Fast Path, a tool that makes it possible to run and debug the fast path as a Linux userland application on x86.
Yes. 6WINDGate features a Flow Inspection / Packet Capture fast path module that provides the Berkeley Packet Filtering functionality in the fast path. It allows the monitoring of the fast path traffic from the control plane.
The 6WINDGate documentation includes:
- SADs (Software Architecture Documents) describing general functionalities and architecture of each 6WINDGate module,
- SDDs (Software Design Documents) describing detailed implementation of each 6WINDGate module,
- the 6WINDGate Developer’s guide, describing the 6WINDGate development environment.
Our Customer Support and Services team can also help at different steps of your development (architecture design, performance optimization, code review…).
The 6WINDGate Virtual Fast Path is a tool that makes it possible to run the fast path as a Linux userland application. This tool is available on x86 platforms. gcc and GNU tools can be used. For instance, the fast path can be interrupted and restarted as a regular process thanks to gdb. It greatly helps the first steps of development before the integration on the final hardware.
We provide the patches and scripts to integrate the 6WINDGate Linux networking stack on top of Wind River Linux, but we do not integrate the 6WINDGate control plane or fast path in the Wind River Linux development framework. This is left to our customers as part of the integration of their own applications.
As 6WINDGate preserves standard Linux APIs, interfacing a third party control plane module (routing, security key exchange for instance) is straightforward and does not require any modification of the source code in most cases. Moreover, the Exception and Continuous Synchronization mechanisms take care of synchronizing the fast path with the information that are configured in the Linux networking stack by your control plane module, so that your system transparently benefits from fast path performance.
For instance, third-party routing and IKE daemons have already been successfully integrated by 6WIND’s customers.
Our 6WINDGate Architecture Overview document is ideal for understanding the main concepts of our software architecture. It can be downloaded here.
6WINDGate is provided with a complete documentation of more than 2000 pages that includes:
- Reading Guide
- Module Data Sheets
- 6WINDGate Architecture Overview
- SAD (Software Architecture Documents)
- SDD (Software Design Documents)
- Developer’s guide
- User’s Guide for the CLI
