6WIND is pleased to announce our latest release, including:
- Virtual Border Router, Virtual Security Gateway and Virtual CG-NAT 2.2 – software network appliance vRouters
- Virtual Accelerator 2.0 – hypervisor networking vRouter
- 6WINDGate 4.25 and 5.0 – OEM foundation for Linux networking
We have introduced a brand new Virtual CG-NAT vRouter for CG-NAT use cases. CG-NAT has been used and deployed by our 6WINDGate customers for more than 2 years now and we decided to package it in a ready-to-use product. We have also introduced advanced networking features, including path monitoring, BFD, MOBIKE, IPsec SVTI and more. The CLI has also been improved to support simultaneous configuration.
Virtual Accelerator has gained full Linux transparency and supports the latest OpenStack releases.
Last but not least, we introduced 6WINDGate 5, a new major release that includes container support and full Linux transparency.
Let’s review these features in detail, product by product.
Virtual Border Router, Virtual Security Gateway & Virtual CG-NAT vRouter Appliances
New product: Virtual CG-NAT vRouter
Following a 2 months beta program during the Summer, we are pleased to announce the general availability of Virtual CG-NAT.
Virtual CG-NAT is a software-based CG-NAT vRouter product, ready to run in bare metal and virtual machine configurations on commercial-off-the-shelf (COTS) servers.
- Scalable CG-NAT software performance:
- 30 Million simultaneous connections per 25G of RAM
- 200,000 connections per second per core
- 10 Gbps per processor core
- CLI and NETCONF/YANG-based management engine for integration with orchestrators and existing management frameworks
- Monitoring through YANG-based KPIs that can be exported to a Time-Series Database and analytics dashboard
- Advanced logging through syslog can be integrated with logging platforms
Make sure you check our blog and webinar about Virtual CG-NAT. The deployment guide and product documentation are also available online.
The Following New Features Apply to All 6WIND Software Appliance vRouters
Path monitoring provides forwarding path failure detection and deactivation of the associated static route. The static route is reactivated when the path comes back up.
BFD (Bidirectional Forwarding Detection) is now supported and used with BGP and OSPF to monitor peers and detect failures faster.
In addition to rate limiting per interface and per VRF, QoS now supports advanced shaping and scheduling features based on traffic classes. Priority Queuing and PB-DWRR are supported.
For security use cases, MOBIKE (RFC 4555) allows the initiator of an IKE session to roam to a different interface/address and IPsec SVTI provides route-based VPNs through Secure Virtual Tunnel Interfaces. We have also added the ability to list SAs per remote-ip / remote-id.
New ACL features have been added as well, including the ability to enter port ranges in filtering rules and to define sets based on source IP address and protocol and destination IP address.
The logging framework now supports log levels for routing and IKE and remote log filtering to finely define which logs should be sent to a syslog server, according to the facilities and severities.
The CLI can now filter output that matches a specific word or regular expression (similar to the Linux grep command).
Finally, it is possible for multiple users to simultaneously edit the running configuration, including a mechanism to warn about and review changes that were done by others during an edit session.
It is also possible to customize the vRouter welcome message that is displayed at login.
Virtual Accelerator: vRouter for Hypervisor Networking
OVS now supports IPv6 VXLAN tunnels: 6in6, 4in6.
QoS rate limiting per flow supports ToS matching.
System and Environment
Virtual Accelerator 2.0 is based on 6WINDGate 5 and gains full Linux transparency by eliminating Linux kernel modules. This ensures easy and quick installation (no more DKMS), and compatibility with Linux vendor support policies.
Virtual Accelerator has been validated with OpenStack Stein and Red Hat OSP 14 (Rocky-based).
6WINDGate: Foundation For Network Builders
As the foundation for 6WIND vRouters, our 6WINDGate product inherits all the features listed above, plus some interesting new features.
6WINDGate 5 is a new major release, including container support: 6WINDGate 5 is being validated to run as a container in Red Hat Enterprise Linux, CentOS and Ubuntu operating systems for easy application deployment into multiple unprivileged container instances.
Linux Transparency has also been reworked: 6WINDGate 5 is 100% user space, based on standard Linux technologies such as DPDK, eBPF, Netlink and more, to synchronize Linux kernel information into its high performance data plane. This makes 6WINDGate 5 easy and quick to install, portable, and compatible with Linux vendor support policies.
For the rest, 6WINDGate 5 shares the same features as 6WINDGate 4. 6WINDGate modules are progressively migrated to the new architecture. Both releases are expected to be isofunctional in Q3 2020.
The new TLS/DTLS module supports TLS 1.2/1.3 and DTLS 1.2 to implement SSL applications on top of the 6WINDGate TCP stack.
Arm NXP LS1046 fast crypto is now supported.
The Azure virtualization environment is supported thanks to the NetVSC PMD.
Third-party and hardware support
As usual, we have updated the open source software included in our technology to the latest versions:
- strongSwan 5.8.0
- FRR 7
- OpenStack OSP 14 (Rocky)
- OpenStack Stein
Don’t hesitate to check our online documentation and to contact us. We will be happy to provide you with an evaluation version.
Yann Rapaport is Vice President Of Product Management for 6WIND.