COVID-19 aid for pfSense software users LEARN MORE

Netgate Blog

TNSR for the Home Lab

I’d like to share a customer story that got the networking nerds here at Netgate (and we are proud to be labeled as such) pretty excited. Our sales team received an email from someone interested in using TNSR software for a home lab. The email suggested he needed something that could handle up to 100 Gbps throughput across his internal network, and scale up to 40 Gbps to support a future upgrade from his ISP.

The home lab belongs to Torstein Steine, an SAP software engineer who leverages his lab for software development, self-hosted cloud storage, and even a hosted game server for his friends.

Torstein had been working on building his dream network for some time. With four managed switches to support up to 100 GbE network transfer speeds, he needed a high-performance router that could be maintained and upgraded with off-the-shelf components. He was tired of paying for “closed box” products that quickly became obsolete.

Prior to contacting Netgate, Torstein tried to make two other routers work in his environment.

He outgrew his first router, a Ubiquiti EdgeRouter Pro 8, as he upgraded his network stack from 1 GbE to 10 Gbe, then to 40 GbE, and eventually 100 GbE. Torstein couldn’t get more than 1 Gbps of throughput with the EdgeRouter, nor could it saturate his upgraded switch connections. He considered going up to the EdgeRouter Infinity, but decided against that option as he would never be able to get more than 10 Gbps of throughput, and it can’t be upgraded.

Next, he gave a VyOS Router a shot. At least VyOS addressed his desire to use a software-based solution that he could self-install on a server. Unfortunately, it didn’t fare much better. While it was faster than the Ubiquiti EdgeRouter, it still fell short on performance. Like any good software engineer, Torstein poked around in search of a workaround to the throughput issue. As he explained, “Something seemed off with the VyOS solution. I was only able to get 70 Gbps of total throughput across multiple network cards, and could never fully saturate a 40 Gbps connection across my VLANs due to CPU overhead.” He came up empty handed.

The search for a suitable software-based solution continued. While investigating DPDK open-source networking, Torstein stumbled upon Netgate’s TNSR software. TNSR uses both DPDK and VPP. That sounded interesting, so he shot us an email with a few questions and a list of his requirements:

  • Must be software-based for installation on a whitebox computer or virtual machine
  • Support for off-the-shelf network interface cards, ideally with his existing 10 GbE WAN (fiber) interface and 40 GbE LAN interfaces he bought for his VyOS evaluation
  • Full VLAN management so he didn’t have to log into each of his switches each time he wanted to update or add a new VLAN
  • Customizable Access Control Lists (ACLs) to firewall each of his VLANs
  • Able to saturate his current 1 Gbit connection with IPsec traffic, with no loss of throughput on the WAN, and scale up to 40 Gbps to support a future ISP upgrade

A few days later, Torstein had purchased a TNSR subscription, and installed it on a server he equipped with a quad core Intel Xeon E-2134 3.5 GHz processor, 32 GB of 2666 MHz DDR4 memory, and his existing NICs: an Intel X550 for the WAN connection, and an Intel XL710 for LAN connections.

Torstein topology

Torstein’s initial email triggered one of our sales reps to give me a call, knowing I’d be curious about a home install of TNSR. I reached out with a few questions of my own after he made the purchase. Torstein shared, “The install was pretty straightforward, it took about half a day to install, configure and run some tests. I quickly determined my search was over! I now have an extremely powerful router for my home network/lab. It has performance to spare, and I can manage all the routing between VLANs and ACLs from a single point, without any appreciable loss in performance.”

I asked him to describe his performance testing. He explained, “I really put TNSR through the paces. What I found was that I’m incapable of generating enough traffic to stress the box - without a lot of effort - and that frankly, I’ll never generate real-world traffic anywhere near its capacity. I can easily saturate a single 40 Gbps one-way connection with about 8 Mpps of data. And that is with out-of-the-box dataplane settings with no tuning of workers or rx/tx queues. The most I could get out of the same server running VyOS - and this was across multiple connections and NICs - was 3 Mpps. Not even close to TNSR.”

Finally, if you’re a networking nerd like me, you’ll love this line from Torstein. “There is something immensely satisfying with having rock solid networking performance and seeing your file transfers, backup tasks, vm migrations, etc. running at several gigabits per second.”

High-speed networking is a highly-nuanced business. A million things can throw a wrench in the best of plans. Our user base, or “tribe” as I like to call them, is steeped with savvy secure networking users who love to extract every last morsel out of pfSense software. Increasingly, we are seeing the home-labbers stepping over to TNSR. We love that! And we’ll have more exciting news to share with you in the coming months!

If you are interested in seeing what TNSR can do for you, reach out to us.