Subcategories

  • Discussions about TNSR

    16 Topics
    54 Posts
    M

    We're happy to announce the release of TNSR software version 25.02. This regularly scheduled release includes additional hardware support, updates, and bug fixes.

    Here's what's new:

    Unicast Reverse Path Forwarding: Introducing Unicast Reverse Path Forwarding (uRPF) to prevent IP spoofing attacks. Both "loose" and "strict" modes available. Enhanced BGP Protection: New BGP Roles implementation (RFC 9234) to prevent route leaks and hijacks. Powerful Threat Detection: Multi-threaded Snort 3 integration for advanced IDS/IPS. NETCONF: The NETCONF service has been made available starting with this release. Regular Updates and Maintenance: Updated VPP and DPDK versions and made over 30 bug fixes and stability enhancements.

    Learn More:

    Release Notes
    Blog
    Video

  • Discussions about TNSR

    60 Topics
    133 Posts
    JonathanLeeJ

    @johnpoz I know I thought maybe he could be my study buddy for a while but never responded so I gave up .

  • Discussions about installing or upgrading TNSR software

    50 Topics
    188 Posts
    patient0P

    @pfsin excellent, happy it worked.

  • DHCP Relay/ip helper (Forward DHCP requests to a different server)

    4
    0 Votes
    4 Posts
    1k Views
    fractal_boyF

    ea74c66d-e6b1-43ac-adec-f892d5d69899-image.png

  • Does TNSR support PPPOE client and UPNP service ?

    16
    0 Votes
    16 Posts
    3k Views
    RobbieTTR

    @jwt said in Does TNSR support PPPOE client and UPNP service ?:

    Of note: we have recently developed a new pppoe stack for FreeBSD (and thus pfsense) which avoids using netgraph. It is netgraph which is causing the poor performance, and the single-threading. I’d expect that code to make its way to a pfsense release in the next six months.

    I also expect to be able to leverage that code (which we control the copyright to) to be able to implement a VPP based pppoe client for Netgate products.

    This is extraordinary good news and somewhat buried in this thread. Happy to run tests on one of my routers when you need feedback. šŸ‘‘

  • TNSR Lab on EVE-NG

    9
    0 Votes
    9 Posts
    4k Views
    fractal_boyF

    thanks all for your input. GNS3 and EVE-NG images are on our radar. We are working on this.

  • how to change ring buffer to 4096

    7
    1 Votes
    7 Posts
    1k Views
    C

    this was their answer:

    "If you get 3 Full Views, please check this guide: https://docs.netgate.com/tnsr/en/latest/dynamicrouting/bgp/tuning.html"

    well... yes thank you.

  • Netgate 6100 Max with TNSR and 10GBaseT SFP+ modules

    2
    1 Votes
    2 Posts
    542 Views
    C

    After reading a comment in this thread - https://www.reddit.com/r/Netgate/comments/1bzsv4m/the_sfp_10gbaset_80m_copper_rj45_transceiver_for/ - I found the problem.

    I was testing to a 1gig port on a Cisco switch. Temporarily moved it to a 10G port on a server and the interface is up and working.

  • TNSR Load Balancing Methods

    5
    1 Votes
    5 Posts
    1k Views
    fractal_boyF

    did you try something like this?

    R1 tnsr(config)# sh run route route table ipv4-VRF:0 id 0 route 0.0.0.0/0 next-hop 0 via 10.100.1.2 e1 next-hop 1 via 10.100.0.2 e2 exit exit R1 tnsr(config)# sh route Route Table ipv4-VRF:0 AF: ipv4 ID: 0 ----------------------------------------- 0.0.0.0/0 via 10.100.0.2 e2 weight 1 preference 0 via 10.100.1.2 e1 weight 1 preference 0
  • Clarification on ACL and NAT Interaction in TNSR

    2
    0 Votes
    2 Posts
    1k Views
    DerelictD

    @olivertbuffet

    For outbound ("in2out") traffic, translation is done first and then output ACLs are evaluated. For inbound ("out2in"), it's the opposite. Input ACLs are evaluated and then translation.

    This matches the documentation here:

    https://docs.netgate.com/tnsr/en/latest/acl/acl-nat.html#acl-and-nat-interaction

    Where in the documentation did you see it is the same in both directions so it can be evaluated and corrected if necessary?

  • TNSR in datacenter

    3
    0 Votes
    3 Posts
    3k Views
    fractal_boyF

    Another cool use case for TNSR is to use them as Spine switches running BGP as underlay and vxlan for overlay in your data center. I built a lab in GNS3 using Arista for leaf switches and it worked well. This solution will work fine in small data centers running 100G uplinks with about 3 pairs of leaf switches since the number of ports will be limited on TNSR.

  • First installation TNSR no interface SR-IOV

    4
    0 Votes
    4 Posts
    1k Views
    A

    I solved the problem, the NIC was down no-carrier.

    Once I had the interface up I was able to configure everything as I wanted.

    A positive note to Netgate support who gave me assistance in resolving the problem.

  • Inquiry About API Access for TNSR Models - Integration with Ansible

    1
    0 Votes
    1 Posts
    401 Views
    No one has replied
  • FastNetMon Advanced with TNSR Software

    1
    1 Votes
    1 Posts
    1k Views
    No one has replied
  • TNSR - ping in a vrf

    3
    0 Votes
    3 Posts
    808 Views
    P

    @fractal_boy

    I can confirm that specifying an interface does indeed work.

  • 0 Votes
    10 Posts
    1k Views
    kiokomanK

    @meatprofit
    there is an interesting section starting from here explaining ACL

    https://datatracker.ietf.org/doc/html/rfc8341#section-3

    As an example, if an action is defined as
    /interfaces/interface/reset-interface, the group must be authorized
    to (1) read /interfaces and /interfaces/interface and (2) execute on
    /interfaces/interface/reset-interface.

    7251b782-96b8-4416-98ff-cbc4da408612-image.png

    glad you have solved anyway

  • Monitor traffic to specific IP on TNSR

    8
    0 Votes
    8 Posts
    2k Views
    fractal_boyF

    @Qwireca FYI, TNSR 23.11 release will have a bunch of IPFIX bug fixes.

  • TNSR - clixon_cli hangs when opening

    4
    0 Votes
    4 Posts
    975 Views
    P

    @paulwollner66

    The documentation explained it rather well.

    https://docs.netgate.com/tnsr/en/latest/advanced/dataplane-cpu.html

  • TNSR Route Leak BGP learned routes between VRFs

    4
    0 Votes
    4 Posts
    1k Views
    R

    @scourtney2000 said in TNSR Route Leak BGP learned routes between VRFs:

    but I'm not sure how to engage Netgate in Azure.

    https://go.netgate.com/

    Include a screenshot of your Azure appliance window that shows your TAC subscription of Pro or Enterprise.

  • route-map reducing or increasing local-preference

    2
    0 Votes
    2 Posts
    600 Views
    P

    I have created a patch that achieves incrementing and decrementing the local-preference. It is the first time I have worked with yang, but I think I have checked all the boxes.

    Hopefully this is useful for others.

    local-preference.patch

  • Route visibility

    3
    0 Votes
    3 Posts
    790 Views
    P

    @Derelict said in Route visibility:

    show route dynamic bgp ipv4 network 1.1.1.1

    Thank you. That was exactly what I was looking for :)

  • 0 Votes
    14 Posts
    2k Views
    Z

    I want to back up a little bit and ask what your specific goal is currently. I would like to get a better handle on your intended use case, as exploring new features and use cases for TNSR is something I am quite interested in.

    As I understand it currently, your goal was to create a container on to run iperf3 from? Is your reasoning for the container because you didn't see a way of running the iperf3 binary in a way that was accessible from the dataplane networks? Or was your goal to provide isolation to the iperf3 service AND have it be accessible from the dataplane networks?

    Are you using iperf3 in these posts as just an example of a generic application to run in a container or link to the dataplane, with the intention of running other applications after you found a solution to an example application?

    I would say all of the above.
    My self built test box that has enough cores to support multiple services. So I was looking to put those cores and memory to some use, such that I don't need another system. TNSR AIO if you want. Ideally those services running should support some sort of resource contention. The linux kernel provides that via cgroups with a multitude of implementation. Docker being just one of them. Of course we should isolate/reserve/dedicate some cores for TNSR and DPDK only.
    iperf was indeed an example. This would eventually imply that our monitoring system performs and records regular tests. I work for a Swiss university so we already use that to measure different parts of our network. Nothing out of ordinary here.
    Anyway the generic application sounds more likely to what I would like to achieve. I was thinking to expose a webserver for an not so trustworthy containerized App through the TNSR dataplane. If this gets compromised it should not be possible to influence the TNSR router.

    I saw on the VPP wiki they have nginx examples
    I would try that next.
    I am not sure(I forgot to check) if that iperf port is exposed on all TNSR interfaces. I would probably need to apply some ACLs. Btw. do the TNSR ACLs protect/work against packet fragmentation attacks?
    Are the TNSR ACLs the VPP ones? The TNSR Docu is not clear about that...

    I hope it explains a bit more my use case.

  • Whats the best way to monitor TNSR?

    4
    0 Votes
    4 Posts
    1k Views
    P

    @insmod does it work for you? I tried it, however it is not exporting the data into cloud.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.