Hi All,
New poster here, long time watcher of Lawrence on YouTube (Hi Lawrence ).
Just thought I would share my home / home lab setup which is built around the Netgate 6100.
I bought the 6100 after watching Lawrence’s review of the unit (even though I have had to wait a few months to get my hands on it).
The first thing I did with the 6100 was flash TNSR from Netgate and then spent a couple of hours reading through the documentation which is pretty simple to get the hang of, especially if you are familiar with Cisco IOS. Hoping Lawrence may do a video on TNSR in the future.
I am only using the 2 IX interfaces for the moment in TNSR and when WiFi 6E access points become available in Europe I will use the 2.5G ports for up-linking my AP’s.
I intend to have up to 30 vlans in my home and as my switch does not support L3 Routing all the inter vlan traffic will come through the 6100.
Performance throughput across the vlans I have currently configured maxes out the IX interface on the 6100:
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 3.24 GBytes 2.79 Gbits/sec 17478 sender
[ 5] 0.00-10.00 sec 3.24 GBytes 2.78 Gbits/sec receiver
[ 7] 0.00-10.00 sec 3.03 GBytes 2.60 Gbits/sec 21669 sender
[ 7] 0.00-10.00 sec 3.03 GBytes 2.60 Gbits/sec receiver
[ 9] 0.00-10.00 sec 2.08 GBytes 1.79 Gbits/sec 6413 sender
[ 9] 0.00-10.00 sec 2.08 GBytes 1.79 Gbits/sec receiver
[ 11] 0.00-10.00 sec 2.30 GBytes 1.97 Gbits/sec 10717 sender
[ 11] 0.00-10.00 sec 2.30 GBytes 1.97 Gbits/sec receiver
[SUM] 0.00-10.00 sec 10.7 GBytes 9.15 Gbits/sec 56277 sender
[SUM] 0.00-10.00 sec 10.6 GBytes 9.14 Gbits/sec receiver
NAT performance from WAN to LAN is also maxing out my ISP link (10G EPON):
ID Time Download (Mbit/s) Upload (Mbit/s) Ping (ms) More
8 07/06/2022, 18:00:15 7882.925848 673.551696 3.056
7 07/06/2022, 17:00:14 7858.540024 673.52684 2.962
6 07/06/2022, 16:00:16 7913.176592 673.26364 2.96
5 07/06/2022, 15:00:16 7891.638472 672.843064 3.084
4 07/06/2022, 14:00:15 7898.169928 673.497704 3.077
3 07/06/2022, 13:00:18 7877.826912 673.412928 3.215
2 07/06/2022, 12:04:24 7908.052784 673.044424 3.079
1 07/06/2022, 12:00:20 1724.266824 673.385112 3.054
In TNSR I have successfully setup DHCP Client & Server, NAT, ACL’s, NTP, DNS, Port Forwarding.
- Still need to try out the VPN functionality.
Anyway, this is just some feedback in case some of you are interesting in testing it out .
Here is my configuration in case anybody is interesting in deploying TNSR for home/lab use:
TNSR01 tnsr# show configuration running cli
configuration history enable
nacm disable
nacm read-default deny
nacm write-default deny
nacm exec-default deny
nacm group admin
member root
member tnsr
exit
nacm rule-list admin-rules
group admin
rule permit-all
module *
access-operations *
action permit
exit
exit
nacm enable
system description TNSR LAB ROUTER
system contact xxx@xxx.xxx
system name TNSR01
system location PARIS,FRANCE
host interface enp2s0f0
enable
mtu 1500
ip address 10.10.200.46/24
exit
dataplane ethernet default-mtu 1500
dataplane dpdk uio-driver igb_uio
dataplane buffers buffers-per-numa 32768
dataplane statseg heap-size 96M
acl INTERNET-OUT
rule 10
description REFLECT ALL OUTBOUND
action reflect
ip-version ipv4
exit
exit
acl PORTFORWARD
rule 10
description SRV1 TCP 10881 10.10.200.254
action permit
ip-version ipv4
destination port 10881 10881
protocol tcp
exit
rule 11
description SRV2 UDP 10881 10.10.200.254
action permit
ip-version ipv4
destination port 10881 10881
protocol udp
exit
exit
acl WAN-IN
rule 10
description ALLOW DHCP RESPONSES
action permit
ip-version ipv4
source port 67 67
destination port 68 68
protocol udp
exit
rule 20
description ALLOW ICMP
action permit
ip-version ipv4
protocol icmp
exit
rule 30
description ALLOW DNS RESPONSES
action permit
ip-version ipv4
source address 8.8.8.8/32
source port 53 53
protocol udp
exit
rule 31
description ALLOW DNS RESPONSES
action permit
ip-version ipv4
source address 8.8.8.8/32
source port 53 53
protocol tcp
exit
rule 32
description ALLOW DNS RESPONSES
action permit
ip-version ipv4
source address 8.8.4.4/32
source port 53 53
protocol udp
exit
rule 33
description ALLOW DNS RESPONSES
action permit
ip-version ipv4
source address 8.8.4.4/32
source port 53 53
protocol tcp
exit
exit
nat global-options nat44 max-translations-per-thread 128000
nat global-options nat44 endpoint-dependent true
nat global-options nat44 forwarding true
nat global-options nat44 enabled true
interface subif TenGigabitEthernet3/0/1 100
exact-match
outer-dot1q 100
exit
interface TenGigabitEthernet3/0/0
description WAN
enable
ip nat outside
dhcp client ipv4 hostname TNSR
access-list input acl INTERNET-OUT sequence 10
access-list input acl PORTFORWARD sequence 20
access-list input acl WAN-IN sequence 10
exit
interface TenGigabitEthernet3/0/1
description LAN
enable
ip nat inside
ip address 10.10.200.1/24
exit
interface TenGigabitEthernet3/0/1.100
description VLAN 100
enable
ip nat inside
ip address 10.10.100.1/24
exit
nat pool address 82.66.xx.xx - 82.66.xx.xx
nat static mapping tcp local 10.10.200.254 10881 external 0.0.0.0 TenGigabitEthernet3/0/0 10881 route-table ipv4-VRF:0
nat static mapping udp local 10.10.200.254 10881 external 0.0.0.0 TenGigabitEthernet3/0/0 10881 route-table ipv4-VRF:0
nat ipfix logging domain 1
nat ipfix logging src-port 4739
nat nat64 map parameters
security-check enable
exit
interface TenGigabitEthernet3/0/0
exit
interface TenGigabitEthernet3/0/1
exit
interface TenGigabitEthernet3/0/1.100
exit
route dynamic manager
exit
route dynamic ospf6
exit
route dynamic bgp
disable
exit
route dynamic ospf
exit
route dynamic rip
exit
dhcp4 enable
dhcp4 server
description LAN-DHCP-SERVER
lease persist true
lease lfc-interval 3600
interface listen TenGigabitEthernet3/0/1
interface listen TenGigabitEthernet3/0/1.100
interface socket raw
subnet 10.10.100.0/24
interface TenGigabitEthernet3/0/1.100
option domain-name-servers
data 8.8.8.8
exit
option routers
data 10.10.100.1
exit
pool 10.10.100.5-10.10.100.25
exit
exit
subnet 10.10.200.0/24
interface TenGigabitEthernet3/0/1
option domain-name-servers
data 8.8.8.8
exit
option routers
data 10.10.200.1
exit
pool 10.10.200.5-10.10.200.25
exit
exit
exit
ntp namespace dataplane
ntp enable
ntp server
logconfig sequence 1 set sync all
logconfig sequence 2 add clock all
restrict 10.10.200.0/24
kod
limited
nomodify
noquery
notrap
exit
restrict 127.0.0.1
exit
restrict default
kod
limited
nomodify
noquery
nopeer
notrap
exit
restrict source
kod
limited
nomodify
notrap
exit
server time.google.com
maxpoll 9
operational-mode pool
exit
tinker panic 0
tos orphan 12
exit
unbound enable
unbound server
interface 10.10.200.1
interface 127.0.0.1
access-control 10.10.200.0/24 allow
outgoing-interface 82.66.xx.xx
enable ip4
enable tcp
enable udp
enable harden glue
enable hide identity
port outgoing range 4096
forward-zone .
nameserver address 8.8.4.4
nameserver address 8.8.8.8
exit
exit
snmp host disable