6WINDGate 4.23 – OEM foundation for Linux networking
We have completed the networking feature set of 6WIND’s Turbo Appliance Virtual Border Routers (vRouters) to provide complete dynamic routing with VRF support and QoS. We now support PXE installation, which was a strong requirement from our bare metal customers. 6WIND’s Virtual Accelerator vRouter now supports the latest OpenStack Rocky release and eliminates the need for VMs to be restarted after an update. Finally, 6WINDGate now supports NAT64 and gets a new, high-performance CG-Firewall module.
Let’s review these features in detail, product by product.
Our routing protocol offering is now complete with OSPFv3, RIPv1, RIPv2, RIPng in addition to OSPFv2 and BGP that were available in the previous release. BGP and OSPF can also now handle multiple VRFs.
We have introduced basic QoS features with rate limiting per interface and per VRF, based on a two-rate three-color traffic conditioner. Class-based queuing will be added in the next release.
For security, we have added uRPF (Unicast Reverse Path Forwarding) that helps to prevent IP address spoofing and DoS attacks.
In addition to local SSH key and password authentication, we now support RBAC (Role-Based Access Control). The vRouter appliances support admin and viewer roles with different privileges and AAA (Authentication, Authorization, and Accounting) through TACACS+.
In terms of IP services, we have added the support of DHCP Server, Relay and DNS Proxy.
For logging, we have added TLS (Transport Layer Security) support to syslog to keep log messages confidential.
System and Environment
Control Plane Protection is now supported. It is a software mechanism that reduces the risk of dropping control plane packets under load.
PXE (Preboot Execution Environment) can now be used to automate the installation of the vRouter on a bare system that is not loaded with any OS.
Finally, we have added support for Amazon Elastic Network Adapter (ENA) for AWS deployment.
Virtual Accelerator vRouter for Hypervisor Networking
VM-friendly vswitch restart: the networking stack can now be restarted (for example after an update) without any impact on the connected Virtual Machines.
Advanced QoS features have been added, including CoS marking in egress, policing per flow, ToS and IP protocol, shaping per traffic class, rate limiting per VRF and PB-DWRR scheduling.
OVS now supports setting a skb mark for further processing with Policy-Based Routing.
System and Environment
For more security, the RPM packages (for Red Hat) and deb repository (for Ubuntu) are now signed with a 6WIND certificate.