Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    High number of VLANs

    Scheduled Pinned Locked Moved TNSR
    13 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gabacho4 Rebel Alliance @IndianaTux
      last edited by

      @indianatux check out the Configuration Database Commands section of:

      https://docs.netgate.com/tnsr/en/latest/basics/config-database.html

      I can’t personally be of help with the specific issue you’re having.

      I 1 Reply Last reply Reply Quote 0
      • I
        IndianaTux @gabacho4
        last edited by

        @gabacho4 Yeah any of these command result in an error about the "config daemon" not running...

        a046e79d-e83e-4b72-af4d-43c2dac40a44-image.png

        1 Reply Last reply Reply Quote 0
        • M
          mleighton Administrator
          last edited by mleighton

          I'm not aware of the practical limit for interfaces in TNSR itself. There have been VPP tests with thousands of IPsec subinterfaces, so I would think that a target of 800 should be fine unless you're hitting a limitation of your hypervisor or something outside of TNSR. I would review the logs in /var/messages/, and check the status of the clixon_backend.service and vpp.service using systemctl to see if you can pinpoint what is failing to start and why.

          To reset the config without reinstalling, you can run the following from a host shell:

          sudo tnsrctl stop
          sudo rm /var/tnsr/startup_db
          sudo rm /var/tnsr/tmp_db
          sudo tnsrctl start
          
          I 1 Reply Last reply Reply Quote 0
          • I
            IndianaTux @mleighton
            last edited by

            @mleighton Ok this is what I have in the clixon-backend log:

            21ee9745-2eb9-47a8-b90a-9e0c67288f6d-image.png

            I'll reset my configuration and try with smaller chunks of VLANs (maybe 50-100 at a time)

            1 Reply Last reply Reply Quote 0
            • I
              IndianaTux
              last edited by

              Ok so I did more tests this morning adding 100 VLANs at a time, saving and rebooting inbetween each batch:

                VLANs 3001 to 3099: OK
                VLANs 3100 to 3199: OK
                VLANs 3200 to 3299: OK
                VLANs 3300 to 3399: OK
                VLANs 3400 to 3499: BROKEN
              

              So somewhere after VLAN 3400 is starts to break.

              It seems that it's only the TNSR configuration layer that breakes because I see the interfaces in VPP:

              e33fc2dc-1a86-4683-88a8-4e38b075125d-image.png

              DerelictD 1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate @IndianaTux
                last edited by

                @indianatux Please provide a sample of the interfaces you are creating/duplicating.

                Thank you.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                I 2 Replies Last reply Reply Quote 0
                • I
                  IndianaTux @Derelict
                  last edited by

                  @derelict Will do.

                  Trying to find the softspot where it starts to fail between VLAN 3400 and 3499. I want to make sure it's not a configuration error on my side.

                  1 Reply Last reply Reply Quote 0
                  • I
                    IndianaTux @Derelict
                    last edited by

                    @derelict Ok so I seem to start getting issues at 480 VLANs. Here are my tests:

                    Find the limit test (pass 1):
                      VLANs 3001 to 3425: OK
                      Add VLANs 3426 to 3450: OK
                      Add VLANs 3451 to 3460: OK
                      Add VLANs 3461 to 3470: OK
                      Add VLANs 3471 to 3480: OK
                      Add VLANs 3481 to 3490: BROKEN
                    
                    Find the limit test (pass 2):
                      VLANs 3001 to 3480: OK (but had to reboot twice...)
                      Add VLAN 3481: BROKEN
                    

                    I have attached a file containing the TNSR CLI commands I used to create the VLANs.

                    800vlans_tnsr.txt

                    DerelictD 1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate @IndianaTux
                      last edited by

                      @indianatux I know it doesn't fit your use case but I would run it again without the ip nat inside directives and see if it behaves better. That would help narrow down where the problem is.

                      Thank you.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      I 2 Replies Last reply Reply Quote 0
                      • I
                        IndianaTux @Derelict
                        last edited by

                        @derelict Finishing up something else and I'll give it a try after. Thanks.

                        1 Reply Last reply Reply Quote 0
                        • I
                          IndianaTux @Derelict
                          last edited by

                          @derelict Same thing if I remove the ip nat inside directives. I loaded all 800 VLANs and after reboot I get the error about the config daemon not runing what I do a show interface command...

                          6ab66669-24d7-4c77-8074-75515a047b5d-image.png

                          DerelictD 1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate @IndianaTux
                            last edited by

                            @indianatux OK thanks for trying that.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.