Subcategories

  • Discussions about TNSR

    16 Topics
    54 Posts
    M

    We're happy to announce the release of TNSR software version 25.02. This regularly scheduled release includes additional hardware support, updates, and bug fixes.

    Here's what's new:

    Unicast Reverse Path Forwarding: Introducing Unicast Reverse Path Forwarding (uRPF) to prevent IP spoofing attacks. Both "loose" and "strict" modes available. Enhanced BGP Protection: New BGP Roles implementation (RFC 9234) to prevent route leaks and hijacks. Powerful Threat Detection: Multi-threaded Snort 3 integration for advanced IDS/IPS. NETCONF: The NETCONF service has been made available starting with this release. Regular Updates and Maintenance: Updated VPP and DPDK versions and made over 30 bug fixes and stability enhancements.

    Learn More:

    Release Notes
    Blog
    Video

  • Discussions about TNSR

    60 Topics
    133 Posts
    JonathanLeeJ

    @johnpoz I know I thought maybe he could be my study buddy for a while but never responded so I gave up .

  • Discussions about installing or upgrading TNSR software

    50 Topics
    188 Posts
    patient0P

    @pfsin excellent, happy it worked.

  • Setting up tnsr & Snort

    7
    0 Votes
    7 Posts
    1k Views
    Galactica_ActualG

    Netgate provided an example on how to integrate Snort to create an IDS back in 2018, which needs an update as TNSR has continued to evolve. From a 2018 blog:

    TNSR-IDS is written in the Go programming language, allowing it to be easily compiled for a large number of OS and architectures. Details, source code, and setup instructions (including TNSR, SNORT and ERSPAN) can be found at the TNSR-IDS Project GitHub Repository(https://github.com/Netgate/TNSR_IDS). A README file is included in the repository that provides a lot of detail about the process, as well as a TNSR-Snort setup file that gives detailed installation instructions.

    I'd use that as a starting point, but there may well be some architectual or setting changes that need to be tweaked to get the spice flowing.

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    5 Views
    No one has replied
  • 'ip heap-size' and 'ip6 heap-size' do not work.

    2
    0 Votes
    2 Posts
    495 Views
    DerelictD

    There was an issue with heap-size that will be corrected in version 20.10.1.

  • RPKI disabled

    1
    3 Votes
    1 Posts
    460 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    2 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    10 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    3 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    6 Views
    No one has replied
  • Remote syslog support

    3
    0 Votes
    3 Posts
    412 Views
    jimpJ

    The upcoming 20.10 release has IPFIX NAT logging which will fill that need for most situations.

  • TNSR with ESXI VMXNET3 - unable to load interfaces

    4
    0 Votes
    4 Posts
    730 Views
    S

    Using "BIOS" boot mode instead of "UEFI" seemed to solve the issue.
    Thanks for the hints.
    Stefano

  • Ability for IPSEC ipip tunnel interfaces to be unnumbered

    Moved
    2
    0 Votes
    2 Posts
    568 Views
    jimpJ

    Currently the only supported IPsec method is routed IPsec as described in the docs. Policy-based tunnels are something we are looking to add, but there is no ETA.

  • Cross Post : DHCP-PD

    2
    0 Votes
    2 Posts
    347 Views
    jimpJ

    At the moment there isn't support for an IPv6 DHCP client on TNSR interfaces.

  • How to read metrics from prometheus endpoint ?

    8
    1 Votes
    8 Posts
    1k Views
    jimpJ

    I had a chance to look at the data from Prometheus on TNSR and the nodes you'll be interested in to track load appear to be:

    _sys_vector_rate _sys_vector_rate_per_worker

    That's on 20.10 which will be out soon. I didn't have a 20.08 system with Prometheus handy to see if it had the same data.

  • 0 Votes
    3 Posts
    461 Views
    S

    @Derelict Thanks for reply.

    Did you mean NPAR(NIC Partitioning)? Could you indicate the specific name of the feature which enables that one NIC presents to the OS as 4 NICs?

    Or could you recommend some NICs from TNSR recommended NICs etc?

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    8 Views
    No one has replied
  • MTU issues

    3
    0 Votes
    3 Posts
    389 Views
    J

    @Derelict
    Ok, thank you for the feedback.
    Will change the NIC's for now.

  • "ip nat outside" on interface with BGP neighbor

    2
    0 Votes
    2 Posts
    378 Views
    DerelictD

    Yes, we are tracking that. It looks like there is a problem there.

  • ARM64 hardware

    2
    0 Votes
    2 Posts
    410 Views
    audianA

    @graphine thanks for reaching out. We don't have near-term plans for TNSR on ARM.

  • no bgp default ipv4-unicast

    2
    2 Votes
    2 Posts
    740 Views
    audianA

    @NetFreak said in no bgp default ipv4-unicast:

    4399

    Thanks Joey, the original request is still on our backlog, no roadmap ETA at the moment though.

  • Test TNSR

    6
    0 Votes
    6 Posts
    1k Views
    audianA

    @sadekyo1712 - Thanks, look forward to your updates

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.