Just an fyi, Netgate has free TNSR v22 homelab edition ISO available on website, it's a turnkey vpp + dpdk appliance.
Interesting! Humm, it says "BMI, KVM, or VMWare (not HyperV, Proxmox etc.)".Just an fyi, Netgate has free TNSR v22 homelab edition ISO available on website, it's a turnkey vpp + dpdk appliance.
Proxmox uses KVM for virtualization, meaning the KVM image covers Proxmox as well.Interesting! Humm, it says "BMI, KVM, or VMWare (not HyperV, Proxmox etc.)".
Why not Proxmox?
Exactly. But they have stated Not Proxmox on their site?Proxmox uses KVM for virtualization, meaning the KVM image covers Proxmox as well.
Oh, it completely slipped by me that it was a quote, supporting KVM, but outright stating "No Proxmox" makes no sense to me. It's not like KVM in Proxmox is some weird aberration, it's just KVM on Debian with management middleware and frontend added on top.Exactly. But they have stated Not Proxmox on their site?
@blunden
TNSR Documentation - ACL
TNSR supports both stateful and stateless firewall.
with that in mind, given that FD.IO/VPP is the underlying routing technology for TNSR, I assume they use this plugin for firewalling, which has the lowest relative performance out of the different firewall plugins.
That being said, I never had any noticeable performance degradation from using ACLs with TNSR, but I had relatively few ACL rules it needed to chew through.
Somwhere they explicitly said that TNSR was a router, not firewall. It was written in a way that implied that it might not even offer that functionality.@blunden
Parsing through the performance tests here, adding ACLs does seem to affect performance a bit.
baseline shows just north of 18 mpps for 1 core 2 threads.
10k stateful inbound/outbound acl shows just north of 10 mpps for 1 core 2 threads.
Unless you have insane pps requirements and very few cores to throw at TNSR, I would assume you would have no problems.
If you're open to a different option, I use a CCR2004-16G-2S+PC for this and it can route/NAT 10Gb wire speed just fine. I do not use it as a IPS/IDS though.Basically, I'm looking for a relatively cheap ($500-600 range), power efficient and fanless router that can handle a 10G WAN connection that I might be getting at home.
That might be an option. Would be nice to see some routing benchmarks, but it's probably too off-topic for this thread.If you're open to a different option, I use a CCR2004-16G-2S+PC for this and it can route/NAT 10Gb wire speed just fine. I do not use it as a IPS/IDS though.
They now have a free license for lab/home use though, so pricing shouldn't affect anyone that isn't using it in production
Mikrotik has that on their product page.That might be an option. Would be nice to see some routing benchmarks, but it's probably too off-topic for this thread.
Fair enough. If I can get closer to line rate for roughly the same price, that's a more interesting proposition. It's good to know about different options though.Performance is nowhere near what you'd get with TNSR(or FD.io), but I don't see why it wouldn't be usable as a home firewall/router.