Hardware offloading for Routing

Introduction

On certain WeOS products routing is offloaded to hardware, which means that network packets do not reach IP software stack, and as the result gives enhanced performance.

Each hardware running WeOS has different capabilities for Offloading ranging between Non-existent to high capabilities.

Viper-TBN

As an example, consider a train setup with consist ports X1-X4 on vlan1, and backbone ports X5-X8 on vlan2. In such case IP forwarding of unicast, multicast and 1-1 NAT between interfaces vlan1 and vlan2 would be offloaded.

Further Details

  • IPv4: Only forwarding of IPv4 traffic can be offloaded, while e.g. ARP packets are handled by the CPU.

  • Only VLAN network interfaces and physical ports:

  • Only traffic coming in on physical Ethernet ports can be offloaded. Traffic coming in on virtual ports or interfaces such as L2 SSL VPN interfaces or GRE tunnels can not be offloaded.

  • Only traffic going out through a network interface vlan1, vlan2, etc. and then through a physical Ethernet port associated with that VLAN can be offloaded. The exception to this is traffic routed to a blackhole interface; such traffic is dropped in hardware too.

  • For IP multicast traffic, the incoming Ethernet port must be associated with a VLAN interface. For unicast traffic the incoming port could either be associated with a VLAN or be an isolated port interface (see VLAN configuration for further details on isolated port interfaces).

  • IP TTL: Only IP packets with TTL of 2 or higher will be offloaded.

  • Non-fragmented packets: Only non-fragmented IP packets will be offloaded.

Redfox and Lynx-5000

As of this release these product has limited Offloading Capabilities and therefore, is only recommended to be enabled in production systems after rigorous system testing.

Limitations

  • Routed IPv6 traffic is handled by the CPU
  • IP multicast traffic will be routed by the CPU
  • Firewall forwarding chain will not impact any routed Unicast traffic
  • NAT will not be performed on any routed traffic
  • Only VLAN interfaces can be used, usage of Port-interfaces will not perform any traffic forwarding
  • Policy-Based Routing will not function
  • SSL-tunnel will function to some extent via the CPU but is strongly discouraged from being used in this release

To Enable/Disable Offloading

The default setting for offloading is disabled. Hardware offloading is enabled using the following command:

[no] offload

Enable or Disable CPU offloading

no
Disable offloading
example:/#> configure ip
example:/config/ip/#> offload
example:/config/ip/#> leave