Update 11/20/23: This post is out of date, check the latest here: https://dogsinspace.dog/fast-home-lab-router-v2/
I have used MikroTik's RouterOS, pfSense, and OPNsense as edge devices to varying degrees of success. While these platforms all perform admirably within their designated use cases, none have captured my attention quite like TNSR, a cutting-edge, high-performance edge routing platform developed by Netgate, the same organization behind pfSense, and can be installed on any x86 machine.
In the words of Netgate themselves:
TNSR is a high-performance software router based on FD.io’s Vector Packet Processing (VPP), of which Netgate is a leading contributor. TNSR software combines VPP’s extraordinary packet processing performance with Data Plane Development Kit (DPDK) and other open-source technologies to provide a turnkey high-performance router which enables businesses and service providers to address today’s edge and cloud networking needs at extremely low cost. TNSR software starts at $999/yr per instance. - https://www.netgate.com/tnsr
Netgate recently introduced a "free" license option for home lab users; however, this license does not include support or in-place platform updates. Not a problem for me! With the trend among US ISPs on rolling out faster and faster fiber networks for the general public, I felt eventually I'd be needing a faster router, and TNSR seemed perfect for the job, and serve as a fun project.
It is important to note that TNSR is primarily designed as a routing platform and does not serve as a firewall. Although it offers capabilities to control traffic through ACLs and similar features, its primary focus remains on routing and insane VPN performance. Therefore, it is crucial to ensure that any network operating behind TNSR is adequately protected.
To read more about all of TNSR's features, visit https://www.netgate.com/tnsr
Now, onto the build~
The Router
For this project, I found a used Dell PowerEdge R330 on eBay, and bought a few network cards and a face plate for it. The face plate is custom made for BlueCat Networks, who provide enterprise networking solutions. Considering what I am doing with the R330, it's fitting. And yes, the blue LEDs are necessary.
The current hardware as of this post:
CPU: Intel Xeon E3-1270 v6 (3.8GHz, 4.2GHz Boost), 4C/8T
RAM: 32GB DDR4 3200MHz ECC (x2 16GB)
SSD: Crucial MX500 500GB SATA SSD
PSU: (x1) 500W EPP PSUs (Yes, I will get another for redundancy)
NIC 1: Intel X520-SR2 (Intel ARK)
NIC 2: Intel X710-T4L (Intel ARK)
Selecting compatible network cards that are supported by DPDK and the latest TNSR release is crucial. You can find that information here: (https://docs.netgate.com/tnsr/en/latest/platforms/)
It is worth noting that although the X710-T4L is capable of supporting 5GbE and 2.5GbE speeds, it won't be able to negotiate at those rates with the current TNSR release (v23.02). AT&T, rather than incorporating cheap future-proofing such as 10GbE ports, have equipped my BGW320 with only three 1GbE ports and a single 5GbE port. This is a problem as the X710-T4L won't negotiate at 5GbE when used in conjunction with TNSR. Unfortunately, it will only be able to operate at 1GbE and 10GbE. This requires me to use a multi-gig switch to properly connect to the 5GbE port on my AT&T gateway as a temporary middle-man.
Port Layout & Netgear To The Rescue
I will use the x520-SR2 to act as WAN and serve one of my subnets to a gigabit switch that manages my IoT network with an SFP RJ45 adapter module, not an ideal permanent solution but it's fine for now. The X710-T4L will have one subnet per port, going to the correct 10GbE NICs on my servers. I just need to tear off those old incorrect labels on the cables and re-label them.
Ideally, the primary purpose of this switch is to serve as a simple connection between the 5GbE port on the AT&T Gateway and the R330, nothing more. I will connect one of the 1GbE ports to my management network to configure it but that's it. This switch is a strange unit, but luckily it comes in handy for my unique situation. You can read more about it here.
The AT&T WAN connection is plugged into one of the 5GbE ports, while the outgoing connection to TNSR utilizes the 10GbE SFP port. TNSR was able to get the public IP from the AT&T gateway as expected. Now, it's time to run a speed test!
Speed Tests!
Since I don't trust the accuracy of the HTML5 app for Ookla's SpeedTest at speeds over 1Gbps, I opted to use SpeedTest++ by Francesco Laurita, you can find it on Github here.
I SSH'ed into one of my VMs and ran the test, and the results were impressive, with speeds only just surpassing 5Gbps in both upload and download!
Conclusion
This might be overkill for most people, but I like running DIY equipment, and TNSR has certainly exceeded my expectations. It is important to note that TNSR may not be suitable for everyone, pfSense & OPNSense may be a better fit for most users. However, as someone who appreciates cutting-edge performance, TNSR has found a permanent place in my rack. The purpose of this post is not to delve into the intricacies of my LAN configuration, firewalls, or related matters; it's to share the fun of implementing TNSR in my home lab.
In the future, I will make a post about how to configure TNSR from scratch on different hardware, so you can do similar projects. I will also post TNSR tutorials.
Check out TNSR and related documentation at the following links, happy labbing!
https://www.netgate.com/tnsr
https://docs.netgate.com/tnsr/en/latest/index.html
