Netgate Blog

Netgate® Releases TNSR® High Performance Router Version 21.03

TNSR software release 21.03 is here, and not a day too soon! Our intent was to release in February, which would have made it 21.02. Unfortunately, Texas came to a screeching halt about two weeks ago when (what we unaffectionately refer to as) ‘Snowpocalypse’ hit. Many of our engineers and release management staff - all of whom have been working from home since March 2020 - were left without power and/or water for days. It wasn’t pleasant. Nonetheless, the team powered through and only missed February by a few days.

The focus of Release 21.03 is system stability and manageability. We now have over 1,750 TNSR accounts since commercially resetting the product back in September 2020. With a flood of new customers hammering the product in both labs and production environments, configuration, monitoring and deployment fine-tuning needs are surfacing. This inevitably leads to bugs and feature changes that we may have missed. While we’d rather focus totally on “what’s next”, customer deployment stability and management have to come first.

We do have IPsec performance expansion, underlying operating system changes, and more roadmapped for 2021. But, today we’re proud to have the following improvements ready to go for our growing list of operating customers:

ACLs

  • Output ACLs now work with directly connected IP addresses

CLI

  • Added an option to show configuration contents as a set of CLI commands
  • Removed redundant ‘shell’ command to allow ‘show’ commands to be abbreviated as ‘sh’
  • The CLI now stores as many lines in command history as have been recently configured

DHCP Server

  • The CLI now correctly offers the option to delete mac-address from DHCP host reservations
  • Using the same MAC address on more than one DHCP host reservation in the same subnet is now prevented

DNS

  • Users can now configure a local static zone with an empty name (“.”) using the CLI

Dataplane

  • Users can now allow-list/configure individual VMbus/NetVSC devices
  • The default MTU is now set to 1500 bytes. Users who need a different MTU can change the default or set the MTU directly on interfaces.
  • Dataplane startup configuration now enables a DPDK telemetry thread
  • Default buffers-per-numa startup setting for dataplane have been increased
  • VPP has been updated to Release 21.01

General

  • A much richer set of commands and outputs are now available within the diagnostics tool
  • Added a configuration candidate load/save command for saved configuration *_db files
  • Ping and traceroute commands now respect TTL values
  • Traceroute command now respects timeout values

Host Netfilter

  • Sequence numbers displayed in state data for host ACLs now match the configuration database

IPsec

  • Asynchronous cryptography infrastructure in VPP is now enabled

Interfaces

  • Multiple QinQ subinterfaces with the same outer VLAN tag can now be created
  • Jumbo frames now pass on VMXNET3 adapters
  • Conflicting IP addresses are now properly removed from interfaces after VRF deletion

NAT

  • NAT interfaces no longer drop packets that do not match existing NAT sessions or static NAT mappings
  • VPP service maintains operation when receiving a packet if NAT simple mode is configured with static-mapping-only option
  • Pinging to outside NAT interface no longer produces a NAT session when forwarding is disabled

RESTCONF

  • A remote host can now be pinged using hostname via REST

Routing

  • The router plug-in transplant has gone extremely well. However, as with all changes of this magnitude - and this was a big one - there are always special cases that will be missed. A few things associated with a working DHCP server implementation were broken. The fixes added in 21.03 now allow output features such as NAT and ACL to be applied to packets directly from a host.
  • Large bursts of BGP routes no longer overload the netlink socket buffer, which prevents routes from failing to be installed in the FIB
  • RIP information can now be verified when RIP is configured for a VRF
  • Custom VRFs pass traffic as expected

SNMP / IPFIX / Prometheus

  • RESTCONF returns the correct response code when removing IPFIX destinationIPAddress
  • A Prometheus port is now allowed in default Host ACLs

httpd

  • When TNSR services are restarted without saving HTTP configuration to startup config, HTTP server now correctly restarts nginx

Much of the above extends existing capabilities to address special cases we may have missed. Other changes are pure fixes. Finally, some additions were not broken or necessarily missing, they just represent overall product usage improvement. Twenty to thirty years of router code doesn’t magically appear in two to three years, especially on top of a relatively new and rapidly evolving open-source technology foundation. But we are committed to the hard work, and with each new TNSR release and customer deployment, we move the yardsticks forward.

For more information on Release 21.03, see our release notes here.

If you haven’t yet experienced the power of TNSR as a high-performance edge or cloud software router - tailor-made for replacing traditional brand solutions for a fraction of the cost - head over to this page to purchase a TAC-supported software subscription or a no charge Home + Lab instance. Join the growing community of users who are climbing aboard the TNSR router scale and price-performance train!