@jimp Thank you sir

@viragomann My question about TNSR Home+Lab setup.

Thanks jimp. Maybe just a newbie issue. Anyway, I've got an initial build up now. Throughput is about twice as fast as testing I've done with FreeBSD packet filters but still tops out at about 3-4Gbps. I'm hoping I can improve this with tuning.

Looking forward to the next release. Debian distro's are my preferred Linux flavour 👍

@gelcom - thanks for taking the time to post a request here on the forum. We'll add your vote for a TNSR GUI to our list.

Have you had a chance to try working with TNSR (even though it doesn't have a GUI)?

Audian

@derelict
is worked thanx

@derelict Thought i would give this another shot on the latest code v21.01-588~tnsr_v21.07_1~g31b3e823e, but to no avail, but i did find somting interesting using the show hardware-interface command in vppctl it is seeing the non working interface VirtualFunctionEthernet6/0/0 MTU at 9206 and the admin up flag is not present and this error [rte_eth_dev_start[port:1, errno:-22]: Unknown error -22]. any Ideas how to look/debug further into this or do yo know what this error is?

I have also included working interface VirtualFunctionEthernet5/0/0 for comparison

vpp# sh hardware-interfaces
Name Idx Link Hardware
VirtualFunctionEthernet5/0/0 1 up VirtualFunctionEthernet5/0/0
Link speed: 10 Gbps
RX Queues:
queue thread mode
0 main (0) polling
Ethernet address 02:09:c0:99:4a:be
Intel 82599 VF
carrier up full duplex mtu 1500
flags: admin-up pmd maybe-multiseg subif tx-offload intel-phdr-cksum rx-ip4-cksum
rx: queues 1 (max 2), desc 1024 (min 32 max 4096 align 8)
tx: queues 1 (max 2), desc 1024 (min 32 max 4096 align 8)
pci: device 8086:10ed subsystem 8086:000c address 0000:05:00.00 numa 0
max rx packet len: 9728
promiscuous: unicast off all-multicast on
vlan offload: strip off filter off qinq off
rx offload avail: vlan-strip ipv4-cksum udp-cksum tcp-cksum vlan-filter
jumbo-frame scatter keep-crc rss-hash
rx offload active: ipv4-cksum jumbo-frame scatter
tx offload avail: vlan-insert ipv4-cksum udp-cksum tcp-cksum sctp-cksum
tcp-tso multi-segs
tx offload active: udp-cksum tcp-cksum multi-segs
rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex ipv6-tcp
ipv6-udp ipv6-ex ipv6
rss active: ipv4-tcp ipv6-tcp-ex ipv6-tcp ipv6-udp ipv6-ex
tx burst function: ixgbe_xmit_pkts
rx burst function: ixgbe_recv_scattered_pkts_vec

tx frames ok 86 tx bytes ok 7258 rx frames ok 1325 rx bytes ok 191694 extended stats: rx_good_packets 1325 tx_good_packets 86 rx_good_bytes 191694 tx_good_bytes 7258 rx_multicast_packets 1550

VirtualFunctionEthernet6/0/0 2 up VirtualFunctionEthernet6/0/0
Link speed: 10 Gbps
RX Queues:
queue thread mode
0 main (0) polling
Ethernet address 02:09:c0:c1:84:fc
Intel 82599 VF
carrier up full duplex mtu 9206
flags: pmd maybe-multiseg subif tx-offload intel-phdr-cksum rx-ip4-cksum
rx: queues 1 (max 2), desc 1024 (min 32 max 4096 align 8)
tx: queues 1 (max 2), desc 1024 (min 32 max 4096 align 8)
pci: device 8086:10ed subsystem 8086:000c address 0000:06:00.00 numa 0
max rx packet len: 9728
promiscuous: unicast off all-multicast off
vlan offload: strip off filter on qinq off
rx offload avail: vlan-strip ipv4-cksum udp-cksum tcp-cksum vlan-filter
jumbo-frame scatter keep-crc rss-hash
rx offload active: ipv4-cksum jumbo-frame scatter
tx offload avail: vlan-insert ipv4-cksum udp-cksum tcp-cksum sctp-cksum
tcp-tso multi-segs
tx offload active: udp-cksum tcp-cksum multi-segs
rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex ipv6-tcp
ipv6-udp ipv6-ex ipv6
rss active: ipv4-tcp ipv6-tcp-ex ipv6-tcp ipv6-udp ipv6-ex
tx burst function: ixgbe_xmit_pkts
rx burst function: ixgbe_recv_pkts

rx frames ok 4294966922 rx bytes ok 68719442425 Errors: rte_eth_dev_start[port:1, errno:-22: Unknown error -22

Thanks.

@gabacho4 Thanks!

@jbelthoff said in CLI syntax error: "int WAN": Unknown command:

Active Interface ens19

Okay nevermind, I see I have to remove the "Active" interfaces...

@johanl There is an open feature request in the internal tracking system for this functionality but it does not exist in tnsr yet. We'll try to get a better timeline for you soon.

@insanesplash I get yeah, my reply is pure guess work on my part as well ;) Since I have no insight to who or how many etc. are actually using TNSR in large scale environments or even small ones.. It could be 1000's it could be 1..

I was more just commenting/guessing to why you don't see many posts about it here on the forums. I have not done any personal testing/playing with it as of yet myself - because well I don't have the lab to do it justice for one ;)

Seems the video link on the twitter post no longer works.

@tsteine said in TNSR for my homelab.:

Hi.
Since @gabacho4 wrote up such an excellent post about his experience (TNSR adventures on my home network) I figured I would borrow his format for my own feedback, why reinvent the wheel if someone else did it better?

Preface
I want to share my experiences with installing TNSR in my homelab. I am a software engineer with a homelab rack that I use for development environments, self hosted cloud storage, hosting the odd dedicated game server for friends, etc.
I'm the type of person who loves experimenting with new tech, learning new things, and have a deep appreciation for really well engineered and high performance products and technology.
So, in the interest of future-proofing my home routing setup for high performance internet down the line, as well as being able to route between local vlans with high throughput, trying out TNSR was a natural choice for me.

Background
My internet connection is 1000/1000 which is directly connected to my ISP's switch over single mode fiber.
The previous setup before TNSR was a Ubiquiti EdgeRouter-8 Pro and it worked great for providing performant internet access, however, given that I have 100GbE and 40GbE switches in my local network, it naturally comes up short as soon as I want to set up vlans and route between them without needing to maintain routing and ACLs on all of my switches.
This lead me to experiment with different software-based router OSes, such as VyOS, but I quickly found myself unable to completely saturate single TCP 40Gbit connections across vlans because of CPU overhead.
Enter TNSR, here is a software-router OS promising up to 100Gbit routing on off-the-shelf commodity hardware, are my problems now solved?

Requirements

Manage firewalling and routing across Vlans and WAN from a single point/CLI. High performance, bursts up to 40Gbit when necessary.

Implementation

Installing TNSR on a self built bare-metal server was straight forward and simple, the only issue I ran into was that since I had integrated networking as well as 3 separate NICs, it wasn't clear which device in the list was the integrated NIC during setup of the management interface. Set up my devices for use with the DPDK dataplane, and configured vlans and IP ranges. Set up Kea DHCP for all vlans, with static IP reservations. Set up Unbound DNS with forwarding to my AD DNS server for my Domain. Configure Static NAT for mapping of external ports to internal IPs and ports for servers in the DMZ vlan. Set up ACL for Local <-> WAN, this took some trial and error, and re-reading of the documentation to properly understand the interaction between the ACL and NAT, as well as stateful outbound connections. Set up Guest Vlan ACL.

Results

TNSR provides internet connectivity to all my local devices/homelab rack. TNSR firewalls traffic to the Internet and between Vlan. NAT configuration provides connectivity for WAN to reach local servers and services. TNSR routes traffic for single TCP connections across vlans, completely saturating 40Gbit rate.

Considerations
Since TNSR does not support 6rd IPv6(at least yet), and I don't want to set up a separate box for IPv6 connectivity, I am currently foregoing IPv6 connectivity.

Conclusion
I now have an extremely powerful router for my home network/lab which has performance to spare, which allows me to manage all routing between Vlans, as well as firewalling from a single point, without any appreciable loss in performance.
Given that I have a smattering of Arista, Mellanox, and Ubiquiti Edgeswitches, managing routing and ACLs on 3 different command-line interfaces is rather cumbersome, so a single point of management greatly simplifies maintenance for me.
When putting the box through it's paces during testing, I was effectively forced to conclude that I was not capable of generating enough traffic to actually stress the box without a lot of effort, and will never naturally generate traffic anywhere near what the box is capable of handling.
The lowest MTU I tried was 512, and I was still able to saturate 40gbit with 8~Mpps on a single one-way connection, with relatively low and very comfortable system load. That is with out of the box dataplane settings, without tuning workers and rx/tx queues. To give a point of reference, the most I had been able to get out of the box previously across multiple connections and NICs, in aggregate, was 3 Mpps.

Thanks for the post, it was very helpful.

@williwinkie You can route between VRFs in some cases. Can you explain what you are looking to accomplish in more detail? I have not spent significant time with sonicwalls.

@gabacho4 Yes, there is an open feature request for the same. No timeline that I can see.

@ulrik said in Failover or load-balancing of two dhcp WAN links ?:

o you know if it is possible to set the priority of the default route assigned by the dhcp client?

Not at this time, no. I have submitted a feature request for this capability.

@derelict Too late :-) i decided to reinstall and create the host interface during install.

@mr-rosh To get this package, i have to get license and there is no license in the HOME+LAB version. If i could, i'll do :)

They may include avahi in defaults packages.

The package you listed is for pfsense not TNSR.

Thank you for your post anyways.

Hello!

I had the same issue when tried to increase cpu workers count, but I found solution. If you would like to have more cpu workers, you have to increase heap-size param.

https://docs.netgate.com/tnsr/en/latest/advanced/dataplane-monitoring.html#dataplane-statseg

I set heap-size 500M and 7 cpu workers.

@prx Hello!

NetFlow on TNSR works only with NAT.

Also I can not find any SNMP templates for zabbix.

I found only one way to get traffic statistics.
I enabled port mirroring on switch and mirrored traffic was send to the VM running fastnetmon.

Did you have some success in TNSR monitoring?

Sorry.
I found an issue from my side.
I have to go to configure->route dynamic bgp->server vrf default->address-family ipv4 unicast-> neighbor X.X.X.X
and here it is.
But I tried another path configure->route dynamic bgp->server vrf default->neighbor X.X.X.X

Cisco like config so unfriendly....

@derelict Thanks.
I was having problems with the MCLAG - TNSR connection.
The Aruba switch set both ports to "lacp blocked" after an hour or so.
I've now set both lacp modes to fast - before it was set to slow on the switch and TNSR was set to fast.
The connection is running stable now.