Routers implemented in software are already widely used for home and small office networking. The two main benefits of these routers are that they run on inexpensive commodity hardware and their functionality can be changed in a flexible way, simply by modifying the software. This allows a fast reaction time for changing network needs and adaptation to new technology. Because of these advantages, it is worthwhile to investigate software router implementations in larger networks to determine whether they are able to compete with commercially available hardware routers.
Currently 10 Gbps ethernet is used in server networks, and 40 Gbps ethernet devices have started to appear on the market. As a result, fulfilling the increased packet rate requirements becomes ever more difficult for software routers, as commonly used software routing implementations (such as pfSense), which are often based on the networking stacks of operating systems, succumb to the demands of these new standards.
Jim Thompson offers an overview of Netgate’s router, built from open source components, which can achieve packet rates above 14.6 Mpps on a single CPU core running at 3.2GHz, which allows saturating a 10 Gbps ethernet port with minimum-sized packets to a level of 98%. Jim explains how the router achieves linear scaling with CPU frequency, as well as with the number of CPU cores, allowing the software router to serve multiple 10 Gbps network ports, and how Netgate’s novel approach enables IPsec connections at rates exceeding 10 Gbps using only software and 40 Gbps using off-the-shelf accelerator cards.
Jim Thompson is CTO of Netgate. Jim has held a variety of technology leadership and executive positions throughout the networking and security industry with particular experience in networking protocols (TCP/IP, Ethernet, 802.11, etc.); primary programming languages (C, assembly for PPC, ARM, MIPS, etc.); interrupt handling, concurrent execution, task synchronization; GNU tools (gcc, binutils, gdb, make, autoconf, CVS); security and cryptography (3DES, AES, RSA, DSA, DH, IPSec, OpenVPN); Unix/Linux/*BSD server and workstation setup and administration; TCP/IP network setup, administration, troubleshooting; Sendmail, BIND, Netfilter/iptables/pf firewall configuration; and Linux/FreeBSD ports to new hardware.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org