Multicore Packet Processing Forum

By Yann Rapaport, 6WIND Customer Support and Service Manager

This is the last post of this series about High Availability capabilities for packet processing software. It illustrates the architecture concepts that have been described in the first five posts of the series with a real-world example using 6WINDGate packet processing software. This post described the extensions for High Availability implemented on top on the architecture of an LSN (Large Scale NAT) described in the previous post.

An LSN is a single point of failure in the architecture. It is not acceptable to interrupt a large number of NAT sessions as this would lead to a very long service interruption. High Availability features are required. As described in the first post of this series, several strategies can be implemented according to the requirements for service interruption.

Referring to the LSN example, if we don’t have a full synchronization between NATs then the configuration of the NAT sessions has to be performed on the inactive element and the interrupted NAT sessions have to be established again. It could take a time that is longer than acceptable for some high availability requirements.

This figure shows how this architecture can be implemented for the LSN. Two complete instances of packet processing are required. There is one active Control Plane and one inactive Control Plane. Both Fast Paths can be used. The Fast Path that is associated with the active Control Plane is called the primary Fast Path. The Fast Path that belongs to the blade with the inactive Control Plane is called the secondary Fast Path.

The active Control Plane maintains a complete and coherent data base of established NAT sessions. It updates sessions for the inactive Control Plane to let it also have a complete view of the system. The inactive Control Plane adds or removes sessions only on request from the active Control Plane. This synchronization is done by a userland daemon. The remote Fast Path is updated by the Cache Manager after notification of the change by the local NAT daemon.

Both Fast Paths are active and all the exceptions are forwarded to the active Control Plane. The secondary Fast Path also informs the primary Fast Path about the status of NAT sessions that are reported to the active Control Plane.

Multicore technology is a very good candidate for LSN as it addresses its major requirements:

• Large packet processing capabilities
• Limited power consumption.
• Multicore technology is by essence scalable and an architecture based on two multicore boards is very convenient for implementing a redundant architecture.

The LSN configuration developed with 6WINDGate uses a 16-core multicore processor running at 700MHz. Two identical boards provide high availability features.

This configuration is able to manage:

• 10 Gbps wire speed traffic of 512 byte NATed packets with only 10 cores. The remaining cores are used for the Control Plane.
• 18+ millions of NAT sessions in a full redundant architecture; these sessions use 8 Gbytes of memory (6 for the Control Plane & 2 for the Fast Path) on each board.
• A session establishment rate of 25 K sessions per second.

More information about 6WINDGate architecture can be found here.

6WINDGate High Availability Architecture Overview is available here.

You can check 6WINDGate FAQ here.