Paxym Software Services for Multicore CPUs OCTEON XLR Freescale Rangeley QuickAssist
Software Services News & Events

Accelerated Network IPSec Stack for VyOS / OpenWRT -- for Routing / Firewall Devices




One of the Key issues in Networking industry is Routing throughput, or performance of a Firewall gateway. Paxym's team developed our Accelerated Network Stack, when challenged with similar problems while working on Projects with VyOS, OpenWRT, Debian, etc. distributions. The Accelerator Stack bypasses Kernel completely and is implemented using Multi-core Data-Plane software.

The Stack utilizes extra CPU Cores on Intel x86 family of CPUs, to run the Data-Plane software with DPDK framework. On Cavium's OCTEON Network CPU, it utilizes the extra MIPS64 cores to run our Data-Plane software in Simple-Exec (SE, SE2) modes.

In both cases, the Control-Plane running Linux, is in full control of Network configuration, Network Administration, Statistics and Monitoring.

We've implemented an increasing number of Network features in the Accelerated Stack to serve our Customers. The stack performs Line-rate switching of IPv4 and IPv6 packets, along with singly and dually tagged VLAN headers under most conditions we tested. The stack also performs most Firewall functions including NAT, ACL, Traffic Shaping, Netfilter controlled features, etc.

The Control-Plane for our past Customers ran a mix of BGP, IS-IS, LDP, OSPF, RIP, etc. Routing daemons, along with DHCP, DNS, NTP, NAT, PPPoE, BusyBox, GRE Tunnels, L2TP, etc.

The Data-Plane is highly optimized to provide the best in class Forwarding performance


Optional add-ons:


IPSec offload

IPSec acceleration includes complete IPSec handling in Accelerator fast-path utilizing Intel Crypto Assists or OCTEON crypto private instructions)
Support for AES-128, AES-256 with AES GCM subvariation, MD5/SHA-1/SHA-2, etc.
Integration with Strong-Swan in CP User-space for IPSec tunnels establishment and tear-down
IPSec Fast-path functioning with IKE, IKEv2 populating Accelerator tables of SADB, Tunnels db, etc.


Other details





Paxym, Inc. is a Software Development and Testing Services Company. Providing Consulting Services to its Customers in the areas of Cloud Software, Web Front and Back-End Applications, Network and Security Stacks, Linux, xBSD Kernel development and Performance Tuning. Along with Solutions to a variety of computing problems using combination of SW and Hardware, by its Consultants.