Netgate® Newsletter April 2018 Edition
Greetings from all of us at Netgate! We have some great news to share this month.
Here are the highlights:
- XG-7100 1U update
- So What is TNSR
- TNSR Performance
- 10% discount on the XG-1541 pfSense Security Gateway
- 15% off MinnowBoard Turbots
- SG-3100 winner
- DNS over TLS with pfSense
- Netgate YouTube Channel
- Tip of the month
- Extra tip of the month
- pfSense Gold Hangout this month
XG-7100 1U Update
We're excited to announce that the XG-7100 pfSense Security Gateways have begun shipping. We appreciate everyone who pre-ordered and we're working diligently to get those orders fulfilled. We should begin shipping current orders by the end of the week or early next week.
The XG-7100 comes with an 8-port Marvell 88E6190 switch and two 10 Gbps SFP+ ports. The 8 port switch has a combined speed of 5 Gbps through two 2.5 Gbps channels to the processor SoC. There is extensive documentation about how this works on our website for the XG-7100 pfSense Quick Start Guide.
So what is TNSR?
TNSR™ is the new Netgate high-speed routing software based on FD.io’s Vector Packet Processing (VPP). TNSR shifts packet processing from serialized, kernel-space processing to parallel, user-space processing. It is this change that enables up to two orders of magnitude greater packet processing on inexpensive, commercial-off-the-shelf (COTS) hardware - eliminating the requirement of proprietary ASIC/FPGA-based hardware solutions in order to support high-performance secure networking applications.
Here is a quick overview on how VPP works. VPP reads the largest available vector (or group) of packets from the network I/O layer, and then processes those packets through a packet processing graph. Rather than processing each individual packet serially through the complete graph, VPP processes an entire group of packets through a graph node before moving on to the next graph node. Effectively, the first packet in the vector warms up the instruction cache, and remaining packets can be processed extremely fast. If you’d like to learn more about VPP as a core technology, check out this primer.
As mentioned previously, the initial release will be as an Amazon Machine Image (AMI), available on the AWS Marketplace. But, it is also planned for availability through other cloud service providers, as a bare metal software instance for appliances, a virtual machine instance, and a cloud native container.
TNSR performance
Now that you know a little bit about what TNSR is, let’s put this to a real world packet processing example. Recently we tested TNSR as a high-speed IPSec tunnel that interconnected two Virtual Private Cloud Instances (VPCs), and with a RESTful API used for orchestration management.
Each IPsec host was run on a C5.xlarge Amazon Machine Instance (AMI) running CentOS 7.4. C5.xlarge instances are equipped with 4 CPUs (though TNSR was only using 1 of the 4 CPUs) and 8 GB of RAM, and utilized the new ENA network adapters. Note these instances are capped by Amazon at 5 Gbps throughput per stream. Using iperf3 on a 5 Gbps link, TNSR was able to push 4.63 Gbps with AES-CBC-128 HMAC-SHA1 encryption applied, and 4.65 Gbps with AES-GCM-128 ICV16 encryption applied. At the time, Amazon itself could only achieve about 1.25 Gbps, or 27% of TNSR’s performance.
This is but a glimpse of TNSR’s power. We’ll be sharing significantly more information about this exciting new secure networking platform on our website in just a few weeks. If you'd like to keep up with activity leading up to product launch, click the button below to be added to the TNSR Updates mailing list.
10% discount on XG-1541
We recently announced a 10% discount on the XG-1541 pfSense Security Gateway. This discount is open to anyone and is good until the end of May 2018. Just enter the coupon code NETGATE1541 at checkout to receive this discount.
Note: The 10% discount only applies to the base system or High Availability base system. It does not apply to any additional add-ons or peripherals including additional memory, storage, or expansion cards.
15% off MinnowBoard Turbots
You may have seen that MinnowBoard Turbots* are now 15% off.
The discount also applies on Lures, enclosures, and power adapters. Don't delay. This offer is first come-first served until our inventory has been depleted.
Note: Our dual-core MBT-2210 is no longer available but the quad-core pictured above is still in stock.
Just enter the coupon code MAKERS at checkout to receive your 15% discount.
*Dual-Ethernet MinnowBoard Turbots are not included in this promotion.
And the winner is...
Thanks to everyone who participated in the survey we sent out last month! The feedback will be very useful!
If you took the survey, you know there was a chance to win an SG-3100 pfSense Security Gateway from Netgate. And the winner of the SG-3100 is Mike C. from California! Mike has been notified and we will be shipping his SG-3100 out to him shortly.
Congratulations to Mike. The survey is now closed, but expect similar opportunities in the near future to win your own Netgate equipment.
DNS over TLS with pfSense
If you missed our first blog on Tips and Tricks, you should check it out. Learn how to configure DNS over TLS with pfSense, using Cloudflare or Quad9 DNS servers.
We're planning more of these how-to Tips and Tricks blogs so keep watching.
Netgate YouTube channel
As we announced in the March Newsletter, Gold Monthly Hangout Videos older than 12 months are now available for free on our Netgate YouTube channel.
We most recently added the High Availability on 2.4 Monthly Hangout from March 2017. Next week we'll be adding the April 2017 Monthly Hangout called Let's Encrypt. Keep an eye out for it.
We also have preview videos of the current pfSense Monthly Hangouts and the Netgate Monthly Updates.
While you're there, be sure to like and subscribe!
Tip of the month
This month's Why To Series paper is about best practices when shutting down a pfSense appliance called Graceful Shutdowns. Click the button to download the PDF.
Extra Tip of the month
A couple of days after the pfSense release of version 2.4.3, we noticed that the bogons list increased dramatically in size. This can cause errors on loading rules, or you might notice that when making changes to firewall rules, they don't work.
Here's a quick fix that Netgate Global Support wants to share:
From the pfSense Dashboard, navigate to System -> Advanced and go to the Firewall & NAT submenu. Scroll about 1/4 of the way down to the Firewall Maximum Table Entries item. The default is 200,000. Change the size to 400,000 and save.
All future pfSense releases will increase the default table size to 400,000, but we wanted to get the word out.
April Gold Monthly Hangout
The live April 2018 Gold Monthly Hangout will occur on April 27, 2018
Date: Friday, April 27, 2018
Time: 1:00 pm CST / 2:00 pm EST
Hosted by: Jim Pingle
Where: Check your gold portal account for details on the morning of the hangout.
You'll receive a reminder 2-3 days before the Hangout occurs. And if you can't make the hangout, the video will be posted shortly after.
The topic of this month's Hangout is Local DNS on pfSense 2.4. It will cover the DNS Resolver and DNS Forwarder. It will also cover other DNS features on pfSense, DNS over TLS, as well as other security and privacy features.
View a complete list of free videos by going to the Videos page of Netgate.com.
Or become a pfSense Gold subscriber to get in on the latest Monthly Hangout and the most recent archived videos.
Netgate training schedule
Official pfSense training by Netgate has been announced and is up on the website. If you need training to maintain your partner status, please click the button below to get enrolled. Seats fill up quickly so don't delay.
Netgate Global Support
Netgate Global Support subscriptions are designed to meet the needs of any organization and start at just $29 a month. That's less than $1 a day for solid peace of mind knowing there's someone available to help you 24x7, including holidays.
Choose from three different plans to meet your exact needs.
No one knows how to support pfSense software more than we do. Take a look to see if support is the right choice for your organization.
This message is sent on behalf of Netgate. To ensure delivery to your inbox, please add doug@netgate.com to your address book or safe sender list. To contact us, please use the methods listed on the contact us page.
© Copyright 2002 - 2018 Rubicon Communications, LLC
Netgate is a registered trademark of Rubicon Communications, LLC
TNSR is a trademark of Rubicon Communications, LLC
pfSense is a registered trademark of Electric Sheep Fencing, LLC
Other trademarks are the property of their respective owners.