Netgate® is pleased to announce the release of TNSR® software version 25.02. This regularly scheduled release includes additional hardware support, updates, and bug fixes. The Release Notes are available for review.
Netgate TNSR is a high-speed (exceeding 100 Gbps) virtual router and VPN aggregator. TNSR is the answer for businesses, governments, and xSPs looking for scalable routing without the six-figure price tag. Businesses can deploy TNSR as a Netgate hardware appliance, Bare Metal Image, or as a virtual appliance on KVM, Amazon Web Services and Microsoft Azure.
TNSR combines the FD.io Vector Packet Processor (VPP), a fast, scalable layer 2-4 network stack, with NETCONF and RESTCONF APIs, as well as a CLI and GUI for configuration and monitoring. The result is a product that delivers high performance in mission-critical site-to-site, edge-to-cloud, data center, and VPN scenarios. This product is complemented by Netgate’s 24x365 Technical Assistance Center, and we stand ready to support your critical business requirements every day.
In this release, we have implemented the following improvements and features:
A router is typically only concerned with forwarding traffic as quickly as possible to the next-hop of a destination IP address. This can create a security issue, because it is possible for the source IP address of that traffic to be spoofed by an attacker. Unicast Reverse Path Forwarding (uRPF) is a method employed to prevent this spoofing by checking the routing table to verify that the source IP of the traffic flow is reachable via the interface where it was received, or if that source IP is reachable via any interface on the router. If a matching routing entry can not be found for the source IP of the traffic flow, it will be dropped. TNSR now supports both “loose” and “strict” uRPF modes. Please consult the documentation for more information on these modes.
BGP Roles is an extension of the BGP protocol, which seeks to prevent and/or mitigate unintentional route leaks between BGP peers. BGP Roles are defined in RFC 9234, and include roles such as Provider, Customer, Peer, Route Server, and Route Server Client. Defining roles ensures proper filtering of routes, thereby preventing BGP hijacks and leaks. Even greater route security is achieved when this is used in conjunction with BGP Resource Public Key Infrastructure (RPKI), which is already available in TNSR.
Snort version 3 and the Snort Data Acquisition (DAQ) plugin for VPP are included in this release of TNSR. Customers may now utilize the industry favorite Intrusion Detection and Prevention package within TNSR. This extends the capabilities of TNSR to include more security focused applications. This version of Snort makes use of Intel Hyperscan technology on Intel platforms, and Vectorscan technology on AMD and ARM64 platforms to increase performance. We encourage customers to try it out for themselves. We look forward to seeing your feedback on this new feature. See our documentation for more information.
The NETCONF service has been made available starting with this release of TNSR. Defined in RFC 6241, NETCONF is a remote management protocol that supports the configuration and management of network devices from a centralized management system. It provides network operators a secure mechanism for installing, manipulating and deleting the configuration data on network devices. This allows TNSR to be more easily managed in environments that already take advantage of this capability.
In addition to VPP being updated to version Stable/2410, and the DPDK update to version 24.07, there are over 30 bug fixes and stability enhancements in this version.
For detailed upgrade instructions, please consult the detailed Upgrade Guide on our TNSR documentation page.
We recommend saving a backup of the TNSR configuration before any significant change or upgrade. You will find Backup and Recovery instructions on our TNSR documentation page.
This TNSR 25.02 software release is ready for use in production environments. Should any issues arise, please post to our forum or contact the Netgate Technical Assistance Center (TAC) for professional assistance.
We’re happy to discuss your needs in detail so we can provide you with the best solution for your business. Netgate makes a TNSR lab evaluation version available for you to try. Please contact one of our authorized partners or our Netgate sales team for assistance.