Tip

This is the documentation for the 22.10 version. Looking for the documentation of the latest version? Have a look here.

Configure Interfaces

With the configuration data in hand, it is now possible to configure TNSR interfaces for basic IP level connectivity.

From within the TNSR CLI (Entering the TNSR CLI), enter configuration mode and setup the interfaces using this example as a guide:

tnsr# configure terminal
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# description WAN
tnsr(config-interface)# ip address 203.0.113.2/24
tnsr(config-interface)# ipv6 address 2001:db8:0:2::2/64
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# description LAN
tnsr(config-interface)# ip address 10.2.0.1/24
tnsr(config-interface)# ipv6 address 2001:db8:1::1/64
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# exit
tnsr#

In this sample session, both interfaces were configured with an appropriate description for reference purposes, an IP address/subnet mask, and then placed into an enabled state.

If other hosts are present and active on the connected interfaces, it will now be possible to ping to/from TNSR to these networks.

Tip

After making changes, don’t forget to save them to ensure they persist for the next startup by issuing the configuration copy running startup command from with in config mode. See Saving the Configuration for more information.

Interface Command

The interface command can configure existing interfaces and create new interfaces.

Configure an existing interface:

tnsr(config)# interface <name>
tnsr(config-interface)#

This command enters config-interface mode

Note

The maximum interface name length is 63 characters.

Create a new interface:

tnsr(config)# interface <type> <options>

The mode entered by this command depends upon the type of interface it creates. For more information on interface types and how to configure them, see Types of Interfaces.

Print a list of available interfaces and types:

tnsr(config)# interface ?

Interface Configuration Options

The following commands are available when configuring an interface (config-interface mode):

access-list (input|output) acl <acl-name> sequence <seq>:

Access Control Lists which apply to packets on this interface in the given direction (Standard ACLs).

access-list macip <macip-name>:

MACIP Access Control Lists which apply to packets on this interface (MACIP ACLs).

bond <id>:

Set this interface as a part of the given bonding group (Bonding Interfaces).

bridge domain <id>:

Set this interface as a member of the given bridge domain (Bridge Interfaces).

description:

Set the interface description.

detailed-stats (enable|disable):

Enable or disable the collection of detailed packet statistics which individually track received and transmitted unicast, multicast, and broadcast packets. Disabled by default. Disabling these counters for an interface will not clear the values, it only stops new data collection.

dhcp client [ipv4]:

Configures this interface to obtain its IPv4 address using Dynamic Host Configuration Protocol.

Warning

If this interface contains an input ACL, it must allow DHCP responses. These responses cannot be passed via reflect on an outbound ACL. The inbound ACL must pass IPv4 UDP from any source address on port 67 to any destination address on port 68.

Tip

The DHCP client runs in the dataplane namespace and can be controlled as a systemd service. See Troubleshooting DHCP Client for details.

dhcp client ipv4 hostname <host-name>:

Sets the hostname sent with DHCP client requests.

disable:

Disable interface administratively.

enable:

Enable interface administratively.

ip address <ip-address>:

Sets the IPv4 address for this interface. May be repeated to add multiple addresses to an interface.

Note

TNSR 19.08 and later support multiple IP addresses in the same prefix. Older versions only allowed a single address per prefix.

ip nat (inside|outside|none):

Configures this interface to be an inside or outside NAT interface (Network Address Translation). To stop an interface from participating in NAT, use either no ip nat or ip nat none.

ip reassembly enable:

Enables IP Reassembly for IPv4.

ip reassembly type (full|virtual):

Sets the type of IP Reassembly to perform on this interface for IPv4 fragments.

ipv6 address <ip6-address>:

Sets the IPv6 address for this interface. May be repeated to add multiple addresses to an interface.

Note

TNSR 19.08 and later support multiple IP addresses in the same prefix. Older versions only allowed a single address per prefix.

ipv6 reassembly enable:

Enables IP Reassembly for IPv6.

ipv6 reassembly type (full|virtual):

Sets the type of IP Reassembly to perform on this interface for IPv6 fragments.

lldp:

LLDP options for this interface (Link Layer Discovery Protocol).

mac-address:

Configures an alternative MAC address for this interface.

Warning

Changing the MAC address on an active interface will result in unpredictable behavior. Packets already in transit addressed to the old MAC will be dropped, and it may take some time for other hosts and equipment on directly connected networks to update their ARP tables with the new MAC address.

The best practice is to set an interface administratively down (disable) before changing the MAC address, and then enable it again afterward.

map:

MAP-E/T options for this interface (MAP (Mapping of Address and Port)).

mtu <size>:

Sets the interface Layer 2 (L2) Maximum Transmission Unit (MTU) size, in bytes. This would reflect the capability of the link or underlying medium and applies to all traffic on the interface.

When configuring interfaces which are encapsulated, such as IPsec ipip interfaces, this MTU must account for the overhead incurred by the protocols involved. See IPsec Interface MTU for IPsec-specific information.

Warning

Any interface that will contain an IPv6 address must have an MTU of 1280 or higher. This includes both the default MTU and MTU values set on interfaces directly.

(ip|ipv6) mtu <size>:

Sets a Layer 3 (L3) MTU specifically for IPv4 or IPv6 packets, which may have different upstream link limitations.

(ip|ipv6) tcp mss <mss-value> (Tx|Rx|TxRx):

Sets the TCP Maximum Segment Size (MSS) value in TCP packets on this interface in the given direction to the specified value. This value informs hosts of the maximum data length (in Bytes) which can be sent or received in a single TCP segment.

This setting can help avoid fragmentation by using an MSS value which is less than the link MTU, after factoring in TCP and IP headers and any other overhead. On typical Ethernet interfaces the maximum MSS for IPv4 is 40 bytes less than the MTU, and for IPv6 the value is 60 bytes less than the MTU.

Tip

The value should be set as close as possible to the link MTU. Setting this value too low will lead to lower performance due to increased overhead from sending a larger volume of packets.

Some interface types, such as IPsec, involve additional encapsulation will require lower MSS values due to the additional overhead. The exact amount of overhead varies depending on the type of encapsulation, protocols, and settings involved.

Note

For IPsec, the minimum extra overhead is 54 bytes with AES-GCM or 58 bytes with AES-CBC+HMAC-SHA1. Overhead may be higher depending the presence of NAT-T, padding, and other factors. It is not uncommon to see MSS values of around 1300 for IPv4 IPsec to ensure packets do not get fragmented under any circumstances as numerous devices have difficulty processing fragmented IPsec packets.

rx-mode (interrupt|polling):

Configures the receive mode of the interface as either interrupt mode or polling mode (default). This controls how TNSR will acquire data from interfaces, either by by waiting for interfaces to signal that there is new data to process (interrupt mode), or constantly polling them for new data (polling mode).

See also

See Polling Mode vs. Interrupt Mode for more information on the differences between interrupt and polling modes.

Configuring the receive mode on a hardware interface will configure the mode in the dataplane and also in the operating system to match.

Virtual interfaces, such as those for VPN tunnels, can still have their mode configured but it does not affect the dataplane, only the operating system interface components. This is because TNSR processes the packet data when it arrives on the hardware interface, so there is no need to separately handle packets arriving on virtual interfaces.

This option cannot be set on VLAN subinterfaces as they rely on the behavior of the underlying hardware interface.

rx-queue <queue_num> cpu <core-id>:

Pin a specific receive queue for this interface to a specific CPU core. Both the queue number and core ID must be valid and within range for the configured number of queues and cores as set with either corelist-workers or coremask-workers.

See also

For more information on configuring interface queue sizes, see DPDK Configuration. To configure CPU core usage see CPU Workers and Affinity.

Warning

This option requires that core affinity be enabled by defining the dataplane cpu main-core <n>. Most cases also require a list of cores configured for dataplane use by the either the corelist-workers or coremask-workers methods. RX queue core pinning is incompatible with the workers and skip-list methods of defining CPU cores available for use by the dataplane.

The only exception to this is when no additional workers are configured, an rx-queue may use the core defined by dataplane cpu main-core <n>.

vlan tag-rewrite disable:

Disable tag rewriting for this interface

vlan tag-rewrite pop-1:

Remove one level of VLAN tags from packets on this interface.

vlan tag-rewrite pop-2:

Remove two level of VLAN tags from packets on this interface.

vlan tag-rewrite push-1 (dot1ad|dot1q) <tag 1>:

Add a new layer of VLAN tagging to frames on this interface using the provided VLAN tag.

vlan tag-rewrite push-2 (dot1ad|dot1q) <tag 1> <tag 2>:

Add two new layers of VLAN tagging to frames on this interface using the provided VLAN tags.

vlan tag-rewrite translate-1-1 (dot1ad|dot1q) <tag 1>:

Replace one layer of VLAN tags with the a different VLAN ID.

vlan tag-rewrite translate-1-2 (dot1ad|dot1q) <tag 1> <tag 2>:

Replace one layer of VLAN tags with two layers of tagging using the provided VLAN IDs.

vlan tag-rewrite translate-2-1 (dot1ad|dot1q) <tag 1>:

Replace two layers of VLAN tags with one layer of tagging using the provided VLAN ID.

vlan tag-rewrite translate-2-2 (dot1ad|dot1q) <tag 1> <tag 2>:

Replace two layers of VLAN tags with two different layers of tagging using the provided VLAN IDs.

vrf <vrf-name>:

Specifies a Virtual Routing and Forwarding instance used by route lookups for traffic entering this interface. See Virtual Routing and Forwarding for details.

Remove Interface Configuration

To remove an interface and all of its configuration settings, use no interface <if-name>.

For example, to remove the ipip2 interface:

tnsr(config)# no interface ipip2

Warning

Static routes utilizing the interface must be removed before an interface can be deleted.

DHCP Client Example

The previous example was for a static IP address deployment.

To configure a TNSR interface to obtain its IP address via DHCP as a client, follow this example instead:

tnsr# configure terminal
tnsr(config)# interface GigabitEthernet3/0/0
tnsr(config-interface)# dhcp client ipv4
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# exit