The adoption of cloud computing is growing rapidly, and this is driving demand for higher-performance servers and more bandwidth to those servers. I/O-intensive applications are particularly demanding in terms of compute and bandwidth resources. The number of high-performance AWS instance types proves this to be true as they meet customer demands for compute specific, networking specific, HPC (AI) specific, and other instance types. The newest infrastructure can support up to 200 Gbps of bandwidth to a single bare metal instance.
Netgate® is excited to announce support for Intel's server processor - 4th Gen Intel® Xeon® Scalable processors. pfSense® Plus firewall/router/VPN software and TNSR® vRouter/VPN software are both now available on AWS EC2 M7i and R7iz instance types based on the 4th Gen Intel Xeon Scalable processors.
The benefit of each product varies depending on the use case.
pfSense Plus firewall/router/VPN software utilizes kernel-based processing. As such, the application is limited to approximately 10Gbps of I/O workload, such as routing, VPN, etc per instance. Our customers find that running multiple instances behind a load balancer using the appropriate configuration can achieve amazing performance from the firewall, router and VPN aggregator functions at a very attractive price point. Enabling IIMB support (The Intel® Multi-Buffer Crypto for IPsec Library, often shortened to IPsec-MB or IIMB) on M7i or R7iz, in a lower tier instance such as “.large” or “.xlarge” boosts VPN performance by adding to the cryptographic functions provided by the kernel for AES-CBC, AES-GCM, and ChaCha20-Poly1305 with accelerated functions that utilize the optimal CPU SIMD instruction set (Single Instruction, Multiple Data), such as SSE, Intel® Advanced Vector Extensions (Intel® AVX), Intel® Advanced Vector Extensions 2 (Intel® AVX2), and Intel® Advanced Vector Extensions 512 (Intel® AVX-512). This provides faster speeds and lower CPU utilization for not only IPsec but for any VPN solution utilizing the accelerated algorithms in the kernel. pfSense+ software provides several options for VPN solutions: IPSec, OpenVPN with DCO, and Wireguard. These instances support from 12.5Gbps up to 50Gbps of network bandwidth at a very competitive price point, while offering our mutual customers amazing VPN aggregation, firewall and routing capability. This cloud security solution can be had at the lowest prices compared to any competitive options.
10Gbps of VPN termination may be sufficient for a variety of users. However, for businesses with high-bandwidth requirements, such as those that host large-scale websites or applications, 10Gbps may not be enough. In these cases, businesses need an ultra-high-speed router and VPN termination solution that can support above and beyond 50 Gbps per instance. Netgate offers IPSec and Wireguard VPN solutions as a part of TNSR software, which adds to the need for greater routing speeds. TNSR vRouter software uses VPP, or Vector Packet Processing to enable performance of 50Gbps to 200Gbps per instance depending upon the instance type. TNSR also supports both IIMB (in the VM and bare metal instances, both R7iz and M7i) as well as Intel® Quick Assist Technology (Intel® QAT)(in M7i bare metal instance), which will offload the cryptographic processing from the processor and enable support for a large number of simultaneous VPN connections per instance (depending on the instance type). TNSR can support hundreds of tunnels based on various factors such as the instance characteristics.
Below is an example of utilizing both TNSR to aggregate VPNs and pfSense+ to create a network boundary firewall within an AWS VPC.
![Netgate's Advanced VPN and Firewall Solutions, Intel,](https://d1qg7561fu8ubi.cloudfront.net/blog/netgate-advanced-vpn-firewall-solutions.png)
As more companies move more applications to the cloud, and cloud-native applications gain acceptance within established enterprises, the need for cloud-based VPN termination, high performance routing and firewalls will continue to grow. Netgate, along with Intel and AWS, offers a cohesive solution to support such growth, keeping those applications secure without any penalty for performance.
Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.