High number of VLANs

IndianaTux

Hi,

Experimenting with TNSR and I was able to setup a few VLAN just fine.

I am working on a usecase where 800 VLANs (or more) would be required. I crafted the configuration which I pasted in the tnsr CLI and it did not generate any errors. Saves the running config to startup and rebooted...

On reboot TNSR seems to be completly broken. The "show interface" command reports an error that the "config daemon" is not running.

I tried a "configuration candidate clear" and it did not help either...

So is TNSR supposed to be able to handle that number of VLANs ? What is the limit ?

And how can I get back into a vanila state withour re-installing from the ISO ?

Thanks.

gabacho4

@indianatux check out the Configuration Database Commands section of:

https://docs.netgate.com/tnsr/en/latest/basics/config-database.html

I can’t personally be of help with the specific issue you’re having.

IndianaTux

@gabacho4 Yeah any of these command result in an error about the "config daemon" not running...

mleighton

I'm not aware of the practical limit for interfaces in TNSR itself. There have been VPP tests with thousands of IPsec subinterfaces, so I would think that a target of 800 should be fine unless you're hitting a limitation of your hypervisor or something outside of TNSR. I would review the logs in /var/messages/, and check the status of the clixon_backend.service and vpp.service using systemctl to see if you can pinpoint what is failing to start and why.

To reset the config without reinstalling, you can run the following from a host shell:

sudo tnsrctl stop
sudo rm /var/tnsr/startup_db
sudo rm /var/tnsr/tmp_db
sudo tnsrctl start

IndianaTux

@mleighton Ok this is what I have in the clixon-backend log:

I'll reset my configuration and try with smaller chunks of VLANs (maybe 50-100 at a time)

IndianaTux

Ok so I did more tests this morning adding 100 VLANs at a time, saving and rebooting inbetween each batch:

  VLANs 3001 to 3099: OK
  VLANs 3100 to 3199: OK
  VLANs 3200 to 3299: OK
  VLANs 3300 to 3399: OK
  VLANs 3400 to 3499: BROKEN

So somewhere after VLAN 3400 is starts to break.

It seems that it's only the TNSR configuration layer that breakes because I see the interfaces in VPP:

Derelict

@indianatux Please provide a sample of the interfaces you are creating/duplicating.

Thank you.

IndianaTux

@derelict Will do.

Trying to find the softspot where it starts to fail between VLAN 3400 and 3499. I want to make sure it's not a configuration error on my side.

IndianaTux

@derelict Ok so I seem to start getting issues at 480 VLANs. Here are my tests:

Find the limit test (pass 1):
  VLANs 3001 to 3425: OK
  Add VLANs 3426 to 3450: OK
  Add VLANs 3451 to 3460: OK
  Add VLANs 3461 to 3470: OK
  Add VLANs 3471 to 3480: OK
  Add VLANs 3481 to 3490: BROKEN

Find the limit test (pass 2):
  VLANs 3001 to 3480: OK (but had to reboot twice...)
  Add VLAN 3481: BROKEN

I have attached a file containing the TNSR CLI commands I used to create the VLANs.

800vlans_tnsr.txt

Derelict

@indianatux I know it doesn't fit your use case but I would run it again without the ip nat inside directives and see if it behaves better. That would help narrow down where the problem is.

Thank you.

IndianaTux

@derelict Finishing up something else and I'll give it a try after. Thanks.

IndianaTux

@derelict Same thing if I remove the ip nat inside directives. I loaded all 800 VLANs and after reboot I get the error about the config daemon not runing what I do a show interface command...

Derelict

@indianatux OK thanks for trying that.