Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    High number of VLANs

    TNSR
    4
    13
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mleighton Administrator
      last edited by mleighton

      I'm not aware of the practical limit for interfaces in TNSR itself. There have been VPP tests with thousands of IPsec subinterfaces, so I would think that a target of 800 should be fine unless you're hitting a limitation of your hypervisor or something outside of TNSR. I would review the logs in /var/messages/, and check the status of the clixon_backend.service and vpp.service using systemctl to see if you can pinpoint what is failing to start and why.

      To reset the config without reinstalling, you can run the following from a host shell:

      sudo tnsrctl stop
sudo rm /var/tnsr/startup_db
sudo rm /var/tnsr/tmp_db
sudo tnsrctl start
      I 1 Reply Last reply Reply Quote 0
      • I
        IndianaTux @mleighton
        last edited by

        @mleighton Ok this is what I have in the clixon-backend log:

        21ee9745-2eb9-47a8-b90a-9e0c67288f6d-image.png

        I'll reset my configuration and try with smaller chunks of VLANs (maybe 50-100 at a time)

        1 Reply Last reply Reply Quote 0
        • I
          IndianaTux
          last edited by

          Ok so I did more tests this morning adding 100 VLANs at a time, saving and rebooting inbetween each batch:

            VLANs 3001 to 3099: OK
  VLANs 3100 to 3199: OK
  VLANs 3200 to 3299: OK
  VLANs 3300 to 3399: OK
  VLANs 3400 to 3499: BROKEN

          So somewhere after VLAN 3400 is starts to break.

          It seems that it's only the TNSR configuration layer that breakes because I see the interfaces in VPP:

          e33fc2dc-1a86-4683-88a8-4e38b075125d-image.png

          DerelictD 1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate @IndianaTux
            last edited by

            @indianatux Please provide a sample of the interfaces you are creating/duplicating.

            Thank you.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            I 2 Replies Last reply Reply Quote 0
            • I
              IndianaTux @Derelict
              last edited by

              @derelict Will do.

              Trying to find the softspot where it starts to fail between VLAN 3400 and 3499. I want to make sure it's not a configuration error on my side.

              1 Reply Last reply Reply Quote 0
              • I
                IndianaTux @Derelict
                last edited by

                @derelict Ok so I seem to start getting issues at 480 VLANs. Here are my tests:

                Find the limit test (pass 1):
  VLANs 3001 to 3425: OK
  Add VLANs 3426 to 3450: OK
  Add VLANs 3451 to 3460: OK
  Add VLANs 3461 to 3470: OK
  Add VLANs 3471 to 3480: OK
  Add VLANs 3481 to 3490: BROKEN

Find the limit test (pass 2):
  VLANs 3001 to 3480: OK (but had to reboot twice...)
  Add VLAN 3481: BROKEN

                I have attached a file containing the TNSR CLI commands I used to create the VLANs.

                800vlans_tnsr.txt

                DerelictD 1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate @IndianaTux
                  last edited by

                  @indianatux I know it doesn't fit your use case but I would run it again without the ip nat inside directives and see if it behaves better. That would help narrow down where the problem is.

                  Thank you.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  I 2 Replies Last reply Reply Quote 0
                  • I
                    IndianaTux @Derelict
                    last edited by

                    @derelict Finishing up something else and I'll give it a try after. Thanks.

                    1 Reply Last reply Reply Quote 0
                    • I
                      IndianaTux @Derelict
                      last edited by

                      @derelict Same thing if I remove the ip nat inside directives. I loaded all 800 VLANs and after reboot I get the error about the config daemon not runing what I do a show interface command...

                      6ab66669-24d7-4c77-8074-75515a047b5d-image.png

                      DerelictD 1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate @IndianaTux
                        last edited by

                        @indianatux OK thanks for trying that.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.