6WIND Boosts IPsec with Intel® Xeon® Scalable Processors

Tests of 6WIND Turbo IPsec* show up to a 50% performance improvement when run on a server powered by the Intel® Xeon® Platinum 8170 processor.1

Site-to-site IPsec VPN* provides high-speed, private, and confidential communications without the need for expensive WAN connections. In addition, customers leverage low cost servers that can provide the same high-speed communications instead of expensive, proprietary hardware solutions.

Introduction
IP security (IPsec) is a critical element for every IP network to help protect against cyberattacks and provide data confidentiality, privacy, and security. Mobile network operators (MNO) and data centers are adopting bare metal and virtualized IPsec solutions on Intel® servers to realize scalability and efficiency while lowering costs.

Server performance is a critical issue in effective bare metal and virtualized IPsec solutions, and the availability of the Intel® Xeon® Scalable processors offer new options for next-generation networks. To test the new processors, Intel® Network Builders ecosystem member 6WIND set up two use cases for its 6WIND Turbo IPsec* virtualized software.

The Challenge
To evaluate the performance of Intel® Xeon® Scalable processors, 6WIND selected its two most popular customer use cases to test the 6WIND Turbo IPsec VNF.

Security-Enabled Site-to-Site Virtual Private Networks (VPNs): IPsec virtual private networks (VPNs) are critical to wide area network infrastructure to create security-enabled, high-speed communications tunnels between trusted endpoints. Examples include linking data centers and remote sites in a corporate network. Since IP WANs should be considered inherently insecure, IPsec VPNs maintain data confidentiality and integrity through encryption techniques, and they must provide scalable throughput to avoid bottlenecks that can force data centers to choose performance over security. For example, poor performance can translate to a loss of customers in multi-tenant data centers.

Security Gateways (SeGWs) for Mobile Backhaul: The business case for MNOs to accelerate the transition to 5G is clear: the simplification and efficiencies gained by converging voice and data over a single IP-based network satisfy the unquenchable thirst for higher mobile bandwidth and ongoing rollout of new mobile apps. In this network, IPsec is utilized on the IP-based backhaul network that carries user, control, and management data from the base station (eNodeBs) to the Evolved Packet Core (EPC). The VPN tunnels are terminated at the SeGW.


The Solution
6WIND Turbo IPsec provides accelerated VPNs based on IPsec and Internet key exchange (IKE) for a wide range of complex networks, including those of data centers and MNOs. Key features include:

  • Scalable, high-performance, full-featured data plane networking. The data plane features an extensive set of L2 to L4 networking protocols, including IP forwarding, IPsec, and more
  • CLI, XML, or Linux*-based management options
  • Same software for either bare metal or virtual machine deployments

At 6WIND, we are pleased with the increase in performance of Intel's new platform that translates directly to an increase in performance of our security software. This pairing allows standard servers to rival specialized hardware systems so that customers never have to sacrifice performance for cost. Together, 6WIND and Intel provide a cost-effective alternative to expensive, specialized hardware for high performance site-to-site VPN solutions used to secure data center to data center data communications

Eric Carmès, CEO, and Founder of 6WIND

Product and Performance Information

1

Benchmark results were obtained prior to implementation of recent software patches and firmware updates intended to address exploits referred to as "Spectre" and "Meltdown". Implementation of these updates may make these results inapplicable to your device or system.

Software and workloads used in performance tests may have been optimized for performance only on Intel® microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit https://www.intel.com/benchmarks.

Testing conducted by 6WIND using its 6WIND Turbo IPsec* 1.4.2 running on Ubuntu* Linux 16.04 kernel 4.4.0-77-generic. Configurations: Baseline: 1S Intel® Xeon® processor E5-2680 v4, 2.1GHz, 14 cores, turbo and HT on, Dell PowerEdge* Server R530 BIOS 1.6.2, 64GB total memory, 4 slots / 16GB / 1600 MT/s / DDR4 LRDIMM; 2 x Intel® Ethernet Converged Network Adapter X520, 1 x 500GB. New: Intel® Xeon® Platinum 8170 processor 2.1 GHz, 26 cores, turbo and HT on, BIOS PLYDCRB1.86B.0131.R09.1704, 4GB total memory, 1 slot / 4GB / 2133 MT/s / DDR4 RDIMM, 2x Intel® Ethernet Connection X722 , 1 x 500GB.

Optimization Notice: Intel’s compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice Revision #20110804

Intel does not control or audit third-party benchmark data or the web sites referenced in this document. You should visit the referenced web site and confirm whether referenced data are accurate.

Cost reduction scenarios described are intended as examples of how a given Intel-based product, in the specified circumstances and configurations, may affect future costs and provide cost savings.  Circumstances will vary. Intel does not guarantee any costs or cost reduction.

Intel® technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at Intel.com