TNSR is unlike traditional firewalls and routers (including pfSense). The way TNSR works it is in a tight CPU loop looking for items to process. It's completely normal and expected for it to be using 100% of its configured CPU cores. Monitoring by CPU usage isn't going to be helpful as it has zero bearing on how busy the system is.

You can get better stats from Prometheus and look at some of the rate values there, such as vector rate per worker, input rate, and vector rate.

Pretty sure this is all well covered by previous threads as well, so search around on those terms and you should find more info.

@marsalans

https://forum.netgate.com/topic/152607/tnsr-cpu-utilization-on-sg-5100

Hi @Derelict and @johnpoz and thank you,

I created a VM in proxmox and use it to install tnsr. Installed proxmox in the VM didn't read all the tnsr requirements. After all the installation I did not did much just went around support and leave it to work on the weekend and that was when i found that when I started my server couldn't access the proxmox WebGUI.
I can access to proxmox ip via ssh but I think that tnsr "took control", the reason is when i login to the server it comes root as user but not the machine name so i get foot@tnsr not root@alexserver.
So when do qm status i get:

root@TNSR:~# qm status
ipcc_send_rec[1] failed: Connection refused
ipcc_send_rec[2] failed: Connection refused
ipcc_send_rec[3] failed: Connection refused
Unable to load access control list: Connection refused
root@TNSR:~#

or pvecm updatecerts

root@TNSR:~# pvecm updatecerts
ipcc_send_rec[1] failed: Connection refused
ipcc_send_rec[2] failed: Connection refused
ipcc_send_rec[3] failed: Connection refused
Unable to load access control list: Connection refused
root@TNSR:~#

This is a server I have to learn and test ideas and so on, so as a tnsr user i am completely new and with some experience in proxmox.
I don't know what i did and I have a post in proxmox to see how i can have the WebGUI back if it helps in some way.
Is there something I can do to fix it?

Cheers,
Alex

note: i run packet sniffer, capture packets of BGP session

i see then keepalive messages and at one point tnsr with IP 10.62.40.245 sends TCP FIN and closes connection without any obvious reason

@sheebz said in TNSR on Proxmox:

@jimp ahh it needs 3 virtual nics? my server has a dual 10g nic, but i do have a node with 2 more 1gig nics. will that work? or does it have to be 3+ nics on the main machine?

It's possible to run with two (e.g. internal and external) in the dataplane only but TNSR works best when you have a management interface. The host management itself doesn't use the dataplane network, it's separate. That doesn't need to be real, it could be internal to Proxmox on a bridge to somewhere else you have a management client. There are ways to nudge things to use the dataplane from within the host for tasks like OS updates, so it's not a complete non-starter, it's just not an ideal setup.

@derelict yes i see ipfix dont giving all data sending only nat data

we cant use fastnetmon right now

if possible please add sflow exported on next version

@derelict

Well there is this page suggesting it could be supported.
https://doc.dpdk.org/guides/nics/axgbe.html
Dunno if the Epyc Embedded 3000 are the same as Ryzen Embedded regarding the NIC. Cannot find much about that.

As I own a system with a v1500b inside maybe I will just try and install TNSR and see what happens.

@indianatux OK thanks for trying that.

@jimp Thanks, I have since found that out.

Heads up for anyone else trying to get this working on CentOS, the information you are looking for to get this working is to specify the NetworkNamespace="dataplane" in your rsyslog.conf configuration. This would have been a useful tip as it goes off the typical, basic, default config in rsyslog and specific for the TNSR config.

example config for my rsyslog.conf that work for me in CentOS 8:-
action(type="omfwd"
queue.filename="tnsr_syslog"
queue.maxdiskspace="1g"
queue.saveonshutdown="on"
queue.type="LinkedList"
action.resumeRetryCount="-1"
Target="example.com" Port="514" Protocol="udp" NetworkNamespace="dataplane")

@dans I might be about to have a similar setup as yours. How did it end?
Thanks from a fellow "Dan"

@jimp Thank you sir

@viragomann My question about TNSR Home+Lab setup.