Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    High number of VLANs

    Scheduled Pinned Locked Moved TNSR
    13 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IndianaTux @gabacho4
      last edited by

      @gabacho4 Yeah any of these command result in an error about the "config daemon" not running...

      a046e79d-e83e-4b72-af4d-43c2dac40a44-image.png

      1 Reply Last reply Reply Quote 0
      • M
        mleighton Administrator
        last edited by mleighton

        I'm not aware of the practical limit for interfaces in TNSR itself. There have been VPP tests with thousands of IPsec subinterfaces, so I would think that a target of 800 should be fine unless you're hitting a limitation of your hypervisor or something outside of TNSR. I would review the logs in /var/messages/, and check the status of the clixon_backend.service and vpp.service using systemctl to see if you can pinpoint what is failing to start and why.

        To reset the config without reinstalling, you can run the following from a host shell:

        sudo tnsrctl stop
        sudo rm /var/tnsr/startup_db
        sudo rm /var/tnsr/tmp_db
        sudo tnsrctl start
        
        I 1 Reply Last reply Reply Quote 0
        • I
          IndianaTux @mleighton
          last edited by

          @mleighton Ok this is what I have in the clixon-backend log:

          21ee9745-2eb9-47a8-b90a-9e0c67288f6d-image.png

          I'll reset my configuration and try with smaller chunks of VLANs (maybe 50-100 at a time)

          1 Reply Last reply Reply Quote 0
          • I
            IndianaTux
            last edited by

            Ok so I did more tests this morning adding 100 VLANs at a time, saving and rebooting inbetween each batch:

              VLANs 3001 to 3099: OK
              VLANs 3100 to 3199: OK
              VLANs 3200 to 3299: OK
              VLANs 3300 to 3399: OK
              VLANs 3400 to 3499: BROKEN
            

            So somewhere after VLAN 3400 is starts to break.

            It seems that it's only the TNSR configuration layer that breakes because I see the interfaces in VPP:

            e33fc2dc-1a86-4683-88a8-4e38b075125d-image.png

            DerelictD 1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate @IndianaTux
              last edited by

              @indianatux Please provide a sample of the interfaces you are creating/duplicating.

              Thank you.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              I 2 Replies Last reply Reply Quote 0
              • I
                IndianaTux @Derelict
                last edited by

                @derelict Will do.

                Trying to find the softspot where it starts to fail between VLAN 3400 and 3499. I want to make sure it's not a configuration error on my side.

                1 Reply Last reply Reply Quote 0
                • I
                  IndianaTux @Derelict
                  last edited by

                  @derelict Ok so I seem to start getting issues at 480 VLANs. Here are my tests:

                  Find the limit test (pass 1):
                    VLANs 3001 to 3425: OK
                    Add VLANs 3426 to 3450: OK
                    Add VLANs 3451 to 3460: OK
                    Add VLANs 3461 to 3470: OK
                    Add VLANs 3471 to 3480: OK
                    Add VLANs 3481 to 3490: BROKEN
                  
                  Find the limit test (pass 2):
                    VLANs 3001 to 3480: OK (but had to reboot twice...)
                    Add VLAN 3481: BROKEN
                  

                  I have attached a file containing the TNSR CLI commands I used to create the VLANs.

                  800vlans_tnsr.txt

                  DerelictD 1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate @IndianaTux
                    last edited by

                    @indianatux I know it doesn't fit your use case but I would run it again without the ip nat inside directives and see if it behaves better. That would help narrow down where the problem is.

                    Thank you.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    I 2 Replies Last reply Reply Quote 0
                    • I
                      IndianaTux @Derelict
                      last edited by

                      @derelict Finishing up something else and I'll give it a try after. Thanks.

                      1 Reply Last reply Reply Quote 0
                      • I
                        IndianaTux @Derelict
                        last edited by

                        @derelict Same thing if I remove the ip nat inside directives. I loaded all 800 VLANs and after reboot I get the error about the config daemon not runing what I do a show interface command...

                        6ab66669-24d7-4c77-8074-75515a047b5d-image.png

                        DerelictD 1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate @IndianaTux
                          last edited by

                          @indianatux OK thanks for trying that.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.