Tip
This is the documentation for the 22.10 version. Looking for the documentation of the latest version? Have a look here.
Configure Interfaces¶
With the configuration data in hand, it is now possible to configure TNSR interfaces for basic IP level connectivity.
From within the TNSR CLI (Entering the TNSR CLI), enter configuration mode and setup the interfaces using this example as a guide:
tnsr# configure terminal
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# description WAN
tnsr(config-interface)# ip address 203.0.113.2/24
tnsr(config-interface)# ipv6 address 2001:db8:0:2::2/64
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# description LAN
tnsr(config-interface)# ip address 10.2.0.1/24
tnsr(config-interface)# ipv6 address 2001:db8:1::1/64
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# exit
tnsr#
In this sample session, both interfaces were configured with an appropriate description for reference purposes, an IP address/subnet mask, and then placed into an enabled state.
If other hosts are present and active on the connected interfaces, it will now be possible to ping to/from TNSR to these networks.
Tip
After making changes, don’t forget to save them to ensure they persist for
the next startup by issuing the configuration copy running startup
command from with in config
mode. See Saving the Configuration for more
information.
Interface Command¶
The interface
command can configure existing interfaces and create new
interfaces.
Configure an existing interface:
tnsr(config)# interface <name>
tnsr(config-interface)#
This command enters config-interface
mode
Note
The maximum interface name length is 63 characters.
Create a new interface:
tnsr(config)# interface <type> <options>
The mode entered by this command depends upon the type of interface it creates. For more information on interface types and how to configure them, see Types of Interfaces.
Print a list of available interfaces and types:
tnsr(config)# interface ?
Interface Configuration Options¶
The following commands are available when configuring an interface
(config-interface
mode):
- access-list (input|output) acl <acl-name> sequence <seq>:
Access Control Lists which apply to packets on this interface in the given direction (Standard ACLs).
- access-list macip <macip-name>:
MACIP Access Control Lists which apply to packets on this interface (MACIP ACLs).
- bond <id>:
Set this interface as a part of the given bonding group (Bonding Interfaces).
- bridge domain <id>:
Set this interface as a member of the given bridge domain (Bridge Interfaces).
- description:
Set the interface description.
- detailed-stats (enable|disable):
Enable or disable the collection of detailed packet statistics which individually track received and transmitted unicast, multicast, and broadcast packets. Disabled by default. Disabling these counters for an interface will not clear the values, it only stops new data collection.
- dhcp client [ipv4]:
Configures this interface to obtain its IPv4 address using Dynamic Host Configuration Protocol.
Warning
If this interface contains an input ACL, it must allow DHCP responses. These responses cannot be passed via reflect on an outbound ACL. The inbound ACL must pass IPv4 UDP from any source address on port
67
to any destination address on port68
.Tip
The DHCP client runs in the
dataplane
namespace and can be controlled as asystemd
service. See Troubleshooting DHCP Client for details.- dhcp client ipv4 hostname <host-name>:
Sets the hostname sent with DHCP client requests.
- disable:
Disable interface administratively.
- enable:
Enable interface administratively.
- ip address <ip-address>:
Sets the IPv4 address for this interface. May be repeated to add multiple addresses to an interface.
Note
TNSR 19.08 and later support multiple IP addresses in the same prefix. Older versions only allowed a single address per prefix.
- ip nat (inside|outside|none):
Configures this interface to be an inside or outside NAT interface (Network Address Translation). To stop an interface from participating in NAT, use either
no ip nat
orip nat none
.- ip reassembly enable:
Enables IP Reassembly for IPv4.
- ip reassembly type (full|virtual):
Sets the type of IP Reassembly to perform on this interface for IPv4 fragments.
- ipv6 address <ip6-address>:
Sets the IPv6 address for this interface. May be repeated to add multiple addresses to an interface.
Note
TNSR 19.08 and later support multiple IP addresses in the same prefix. Older versions only allowed a single address per prefix.
- ipv6 reassembly enable:
Enables IP Reassembly for IPv6.
- ipv6 reassembly type (full|virtual):
Sets the type of IP Reassembly to perform on this interface for IPv6 fragments.
- lldp:
LLDP options for this interface (Link Layer Discovery Protocol).
- mac-address:
Configures an alternative MAC address for this interface.
Warning
Changing the MAC address on an active interface will result in unpredictable behavior. Packets already in transit addressed to the old MAC will be dropped, and it may take some time for other hosts and equipment on directly connected networks to update their ARP tables with the new MAC address.
The best practice is to set an interface administratively down (
disable
) before changing the MAC address, and then enable it again afterward.- map:
MAP-E/T options for this interface (MAP (Mapping of Address and Port)).
- mtu <size>:
Sets the interface Layer 2 (L2) Maximum Transmission Unit (MTU) size, in bytes. This would reflect the capability of the link or underlying medium and applies to all traffic on the interface.
When configuring interfaces which are encapsulated, such as IPsec
ipip
interfaces, this MTU must account for the overhead incurred by the protocols involved. See IPsec Interface MTU for IPsec-specific information.Warning
Any interface that will contain an IPv6 address must have an MTU of
1280
or higher. This includes both the default MTU and MTU values set on interfaces directly.- (ip|ipv6) mtu <size>:
Sets a Layer 3 (L3) MTU specifically for IPv4 or IPv6 packets, which may have different upstream link limitations.
- (ip|ipv6) tcp mss <mss-value> (Tx|Rx|TxRx):
Sets the TCP Maximum Segment Size (MSS) value in TCP packets on this interface in the given direction to the specified value. This value informs hosts of the maximum data length (in Bytes) which can be sent or received in a single TCP segment.
This setting can help avoid fragmentation by using an MSS value which is less than the link MTU, after factoring in TCP and IP headers and any other overhead. On typical Ethernet interfaces the maximum MSS for IPv4 is
40
bytes less than the MTU, and for IPv6 the value is60
bytes less than the MTU.Tip
The value should be set as close as possible to the link MTU. Setting this value too low will lead to lower performance due to increased overhead from sending a larger volume of packets.
Some interface types, such as IPsec, involve additional encapsulation will require lower MSS values due to the additional overhead. The exact amount of overhead varies depending on the type of encapsulation, protocols, and settings involved.
Note
For IPsec, the minimum extra overhead is
54
bytes with AES-GCM or58
bytes with AES-CBC+HMAC-SHA1. Overhead may be higher depending the presence of NAT-T, padding, and other factors. It is not uncommon to see MSS values of around1300
for IPv4 IPsec to ensure packets do not get fragmented under any circumstances as numerous devices have difficulty processing fragmented IPsec packets.- rx-mode (interrupt|polling):
Configures the receive mode of the interface as either interrupt mode or polling mode (default). This controls how TNSR will acquire data from interfaces, either by by waiting for interfaces to signal that there is new data to process (interrupt mode), or constantly polling them for new data (polling mode).
See also
See Polling Mode vs. Interrupt Mode for more information on the differences between interrupt and polling modes.
Configuring the receive mode on a hardware interface will configure the mode in the dataplane and also in the operating system to match.
Virtual interfaces, such as those for VPN tunnels, can still have their mode configured but it does not affect the dataplane, only the operating system interface components. This is because TNSR processes the packet data when it arrives on the hardware interface, so there is no need to separately handle packets arriving on virtual interfaces.
This option cannot be set on VLAN subinterfaces as they rely on the behavior of the underlying hardware interface.
- rx-queue <queue_num> cpu <core-id>:
Pin a specific receive queue for this interface to a specific CPU core. Both the queue number and core ID must be valid and within range for the configured number of queues and cores as set with either
corelist-workers
orcoremask-workers
.See also
For more information on configuring interface queue sizes, see DPDK Configuration. To configure CPU core usage see CPU Workers and Affinity.
Warning
This option requires that core affinity be enabled by defining the
dataplane cpu main-core <n>
. Most cases also require a list of cores configured for dataplane use by the either thecorelist-workers
orcoremask-workers
methods. RX queue core pinning is incompatible with theworkers
andskip-list
methods of defining CPU cores available for use by the dataplane.The only exception to this is when no additional workers are configured, an
rx-queue
may use the core defined bydataplane cpu main-core <n>
.- vlan tag-rewrite disable:
Disable tag rewriting for this interface
- vlan tag-rewrite pop-1:
Remove one level of VLAN tags from packets on this interface.
- vlan tag-rewrite pop-2:
Remove two level of VLAN tags from packets on this interface.
- vlan tag-rewrite push-1 (dot1ad|dot1q) <tag 1>:
Add a new layer of VLAN tagging to frames on this interface using the provided VLAN tag.
- vlan tag-rewrite push-2 (dot1ad|dot1q) <tag 1> <tag 2>:
Add two new layers of VLAN tagging to frames on this interface using the provided VLAN tags.
- vlan tag-rewrite translate-1-1 (dot1ad|dot1q) <tag 1>:
Replace one layer of VLAN tags with the a different VLAN ID.
- vlan tag-rewrite translate-1-2 (dot1ad|dot1q) <tag 1> <tag 2>:
Replace one layer of VLAN tags with two layers of tagging using the provided VLAN IDs.
- vlan tag-rewrite translate-2-1 (dot1ad|dot1q) <tag 1>:
Replace two layers of VLAN tags with one layer of tagging using the provided VLAN ID.
- vlan tag-rewrite translate-2-2 (dot1ad|dot1q) <tag 1> <tag 2>:
Replace two layers of VLAN tags with two different layers of tagging using the provided VLAN IDs.
- vrf <vrf-name>:
Specifies a Virtual Routing and Forwarding instance used by route lookups for traffic entering this interface. See Virtual Routing and Forwarding for details.
Remove Interface Configuration¶
To remove an interface and all of its configuration settings, use no interface
<if-name>
.
For example, to remove the ipip2
interface:
tnsr(config)# no interface ipip2
Warning
Static routes utilizing the interface must be removed before an interface can be deleted.
DHCP Client Example¶
The previous example was for a static IP address deployment.
To configure a TNSR interface to obtain its IP address via DHCP as a client, follow this example instead:
tnsr# configure terminal
tnsr(config)# interface GigabitEthernet3/0/0
tnsr(config-interface)# dhcp client ipv4
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# exit