Netgate® TNSR® is a High-Performance Router and VPN Concentrator. This article provides detailed information on how to configure FastNetMon Advanced with TNSR software.
TNSR Overview
TNSR software is a high-speed (exceeding 100 Gbps) virtual router and VPN concentrator. Businesses can deploy TNSR as a Netgate hardware appliance, Bare Metal Image, KVM and ESXi, or a Network Virtual Appliance on Amazon® Web Services and Microsoft® Azure®.
TNSR software leverages several open-source projects (VPP) and Netgate value-added software. Netgate integrates these technologies into an enterprise-grade turnkey software solution complimented by Netgate-assured testing, release packaging, and customer support.
FastNetMon and TNSR Software IPFIX Configuration Steps
Below are detailed instructions on how to integrate FastNetMon with IPFIX using TNSR High-Performance Router and VPN Concentrator.
In the following example, we are going to collect traffic flow information on the WAN interface of the TNSR edge router and send IPFIX data to the FastNetMon collector which resides somewhere on the LAN side of the network. For the detailed IPFIX configuration guide, please follow this link.
The first step is to configure the FastNetMon IP address and port number, to which TNSR will deliver IPFIX data, and how it delivers that data. FastNetMon uses port 2055 by default.
ipfix exporter fastnetmon
source 192.0.2.1
collector 203.0.113.10 port 2055
pmtu 1400
template-interval 20
checksum true
exit
The TNSR WAN interface connected to the internet is the observation point in our scenario, with both egress and ingress direction configured.
ipfix observation-point fastnetmon
interface WAN
direction both
exit
“Selection-process” allows you to control what IP traffic you want to collect: IPv4, IPv6, or both.
ipfix selection-process fastnetmon
selector all
exit
The cache behavior for IPFIX flows can also be fine-tuned. For example, collectors may prefer to receive flows more/less often, or changes in templates may need to happen more frequently. For more details about timeouts, click here.
ipfix cache fastnetmon
timeout-cache active-timeout 15
timeout-cache idle-timeout 20
exit
Then you need to adjust average_calculation_time on FastNetMon to match these values:
sudo fcli set main average_calculation_time 30 sudo fcli commit
Here are the steps for troubleshooting TNSR software:
- IPFIX traffic port 2055 is allowed between TNSR and FastNetMon.
- Verify that FastNetMon server is pingable from TNSR
- FastNetMon IP address in the TNSR routing table:
tnsr# sh route table ipv4-VRF:0 203.0.113.10/32 Route Table ipv4-VRF:0 AF: ipv4 ID: 0 ----------------------------------------- 203.0.113.0/24 via 192.0.2.1 LAN weight 1
Additional Resources:
If you are a Netgate customer and need help, you can contact the Netgate support team here.