COVID-19 aid for pfSense software users LEARN MORE

Netgate Blog

TNSR Release 19.12 - The Procession Continues!

Today, Netgate® announces the availability of TNSR® Release 19.12. This marks our eighth release since the inception of TNSR back in May 2018. R19.12 delivers a host of features critical to deployment flexibility, routed infrastructure robustness, and IPSec performance.

If you’re new to TNSR, it is an open-source based packet-processing platform that delivers superior secure networking solution performance, manageability, and services flexibility at a fraction of the cost of legacy brands. Targeted at large enterprises and service providers, TNSR is ideal for high-speed / high-scale routing and site-to-site IPSec solutions. You can learn more here.

Let’s go through a quick rundown of its key features:

Kernel-based Virtual Machine (KVM)

Prior to 19.12, TNSR would install in KVM environments - and was even deployed that way in our own test harness - but had not been fully tested and verified for commercial deployment. It’s now a standard deployment option, and one many of our customers and trial prospects have been anxiously awaiting.

Multi-core IPSec

One of the original use cases for TNSR was site-to-site IPSec. That stands to reason as processing high-bandwidth encrypted traffic is brutally unkind to traditional packet-at-a-time, kernel-based solutions. In previous releases, TNSR could push as much as 8.33 Gbps of AES-GCM-128 encrypted traffic (with QAT assist) through a single 2.1GHz Broadwell Xeon CPU core - nearly a 10 Gbps line rate performance. You can find details in this brief. However, due to limitations in FD.io’s VPP source code, we could only run IPSec on one core per software instance without a lot of network architecture gymnastics. Netgate engineers got busy and knocked that barrier down - and by the way, contributed their work back up stream to the FD.io project. Multi-core IPsec is now a reality.

Bidirectional Forwarding Detection (BFD) with dynamic routing

With 19.12, BFD is integrated with dynamic routing protocol daemons - enabling network administrators to identify BFD faults and make rapid routing adjustments for OSPF and BGP networks.

Virtual Router Redundancy Protocol (VRRP) interface tracking

VRRP was introduced in release 19.08 - enabling routers to coordinate control of a shared IP address between multiple nodes acting as a single “virtual” router cluster, thus ensuring the transparent reflow of packets to the highest election-based backup router in the event of a failure. Release 19.12 expands the reliability of VRRP by allowing the management of VRRP instance priorities based on the state of TNSR interfaces. Now, even if an interface upstream of a VRRP instance goes down, traffic can continue to flow through an available VRRP peer.

OSPFv3 (OSPF6)

Not a lot needs to be explained here. The Open Shortest Path First (OSPF) routing protocol is well understood and has been in use within IPv4 networks for ages. Release 19.12 implements OSPFv3, which is used for IPv6 networks.

RIPv2 – provides support for legacy routing use cases

While the Routing Information Protocol, version 2 (RIPv2) is unlikely to be anyone’s choice for a new network - given its sluggish route convergence, scalability issues, and security shortcomings - it is just as unlikely to rest in peace (the other meaning of RIP) any time soon. Customers and prospects have asked for it, and so now it’s here.

These are the key TNSR additions via release 19.12. It’s a powerful product, and getting stronger and more capable with each release. Get detailed information from our 19.12 release notes, or our TNSR documentation at large.

Finally, you are probably aware that we use a ‘year.month’ release naming convention for TNSR. So why is a 19.12 release (2019.December) coming out in January of 2020? Well, we’ve decided to shift our release cadence from once a quarter to three times a year. This helps us pack a bit more into each release, and reduces field churn - as many customers want to stay current, but also prefer to go through update cycles a little less frequently. We were down the path with 19.12 when we decided to shift, so we left the release name alone.

Ready to see how TNSR can transform your routing, firewall, or VPN needs? Contact us here and let’s talk!