4G/5G converges data and voice onto a single IP-based network. While this convergence brings simplification benefits to reach goals such as reducing complexity and cost, it also presents communications service providers with new security and performance challenges. These organizations must harden their mobile infrastructure—specifically the mobile backhaul—against threats from untrusted IP networks, meet increased performance requirements, and control costs.
Previously, specialized hardware-based Internet Protocol security (IPsec) virtual private network (VPN) equipment was necessary to meet these requirements. This equipment supported performance scalability and control plane virtualization, but did so at a high cost. At the same time, rigid hardware limitations meant CoSPs could not meet the requirements for data plane virtualization. This is not a recipe for success, since a market needs innovation to deliver the required performance and an open community for data plane virtualization at lower overall cost.
Today, software vendors such as 6WIND*, lead market innovation by developing software networking products that can be deployed on Intel® Xeon® processor-based commercial off-the-shelf (COTS) servers as an alternative to expensive, locked hardware solutions. Mobile operators can now deploy IPsec VPN software appliances on their COTS servers that can beat the performance of today’s big name security gateway system vendors at a surprisingly low cost. This value proposition just got even more significant with new Intel® Xeon® Scalable processors, which increase performance with 6WIND security solutions by 50 percent (1).
To exemplify, if a mobile operator needs a security gateway that provides 10 Gbps of IPsec throughput and 5,000 tunnels, common practice is to check big name system vendors to find specialized hardware at around 4 rack units with a total cost of ownership of over $100,000 over five years. This gets even more expensive with 25/40/100 Gbps requirements and redundant configurations.
Alternatively, if you take a software appliance such as 6WIND’s Turbo IPsec*, and deploy it on a 2 rack unit COTS server with new Intel Xeon Scalable processors, you can now have 18 Gbps of encrypted traffic per processor core, scaling with the number of cores, and with 100,000 tunnels. Adding the 6WIND software and all included server hardware, the total cost of ownership over 5 years is less than 20 percent of the cost of specialized hardware. Deployment scenarios include bare metal and virtual machine options. Virtualization delivers greater economies of scale and increased savings.
One of the reasons 6WIND software performs so highly on Intel Xeon processors is its DPDK (Data Plane Development Kit) base. We established DPDK.org alongside Intel in order to provide high packet processing speeds (2). Software-based security gateways designed with DPDK deliver the performance required to compete against big name system vendor hardware.
High performance software networking appliances on Intel Xeon processors inside COTS servers are the future of 4G/5G data and voice convergence. These solutions deliver cost savings while helping companies effectively manage ever-changing network requirements. Configuration changes are much faster and more efficient in software versus hardware solutions, saving time and increasing management flexibility.
(1) To read the solution brief on 6WIND Turbo IPsec software for Intel Xeon Scalable processors to deliver Secure Site-to-Site VPN and Mobile Infrastructure Security solutions with 50 percent performance improvement, visit http://www.6wind.com/wp-content/uploads/2017/07/6WIND-Purley-Solution-Brief.pdf