From The Desk Of The CTO: Upgrade To Skylake For 2X vRouter IPsec VPN Performance

Ready to Upgrade Your vRouter to Skylake for 2X IPsec VPN Software Performance?

Many of our customers have been running their favorite software-based IPsec VPN gateways on their good friend Haswell for a while, and now are considering the option to upgrade to a Skylake. It sounds attractive, provided that it can bring some real performance improvements.

Let’s see how 6WIND’s vRouter 2.0 with IPsec VPNs performs according to packets per second (pps) on these two platforms with similar frequency by checking the single core performance of IPsec for two common algorithms, AES-CBC+HMAC and AES GCM, small and large packets:

After testing the same 6WIND vRouter software appliance, we see almost 2X for AES-CBC+HMAC and nearly 17% for AES GCM.

Under the hood, the Intel® Multi-Buffer Crypto library [1] is perfectly integrated in the 6WIND vRouter IPsec stack, so that it seamlessly leverages the Skylake architecture:

  • core design is updated with a larger re-order buffer, deep store and load buffers, cache sizes
  • AVX512 instructions set

Without any change in the vRouter software, the IPsec performance is greatly improved by just updating the server to the latest hardware. Looking forward Cascade Lake and the promising next generation Ice Lake should boost GCM again thanks to the new VAES and VMLUQ instructions.

If you are considering your upgrade path, contact us today. I’d be pleased to discuss your vRouter transition to Skylake or the next x86 platform of your choice. Software makes the transition easy while satisfying to watch your IPsec VPN performance increase.


Jean-Mickaël Guérin is 6WIND’s CTO

 

 

 

[1]  https://github.com/intel/intel-ipsec-mb