The Fabric IPsec Gateway feature introduces a Virtual Machine (VM) that supports aggregation of Fabric Extend Tunnels with fragmentation, reassembly, and Internet Protocol Security (IPsec) encryption functions.
The minimum configuration requirements for the Fabric IPsec Gateway VM are as follows:
4 GB Random Access Memory (RAM)
One Virtualization Technology for Directed I/O (VT-d) vport (eth0)
Minimum 10 GB SSD
Note
To use this feature on the applicable models of 5720 Series, you must install an SSD module in the switch
To configure IPsec on a switch through the Fabric IPsec Gateway VM, see Fabric IPsec Gateway Configuration using CLI.
Fabric IPsec Gateway supports the following services through the VM:
IPsec with fragmentation and reassembly - for the VXLAN traffic that needs IPsec, the network routes the packets through the Fabric IPsec Gateway VM that provides IPsec encryption and decryption for VXLAN packets. The system also supports fragmentation and reassembly for IPsec tunnels that you configure on the VM, and a minimum of 1300 bytes of Maximum Transmission Unit (MTU) value. You can configure fragmentation to occur before the packets are encrypted.
Fragmentation and reassembly - the Fabric IPsec Gateway VM performs fragmentation and reassembly for VXLAN and IPsec tunnels, for which the network routes the packets through the VM. The system supports a minimum of 750 bytes of Maximum Transmission Unit (MTU) value.