VyOS is forked from the Vyatta community, is a network operating system that provides software-based network routing, firewall, and VPN functionality. VyOS is based on Debian GNU/Linux and is fully open source free. VyOS can run on physical devices and virtual platforms, supporting integration packages for para-virtual drives and virtual platforms.
VLANs:802.1q and QinQStatic and dynamic routing:BGP for IPv4 and IPv6, OSPFv2, RIP, RIPng, policy-based routing, equal cost multi-pathFirewall:Firewall rulesets for IPv4 and IPv6 traffic you can assign to interfaces, zone-based firewall, address/network/port groups for IPv4 firewallsTunnel interfaces:PPPoE, GRE, IPIP, SIT, static L2TPv3, VXLANVPN:Site-to-site IPsec for IPv4 and IPv6, L2TP/IPsec server, PPTP server, OpenVPN for site-to-site and remote accessNAT:Source NAT, port forwards, one to one, one to many, and many to many translationsDHCP:DHCP and DHCPv6 server and relayRedundancy:VRRP, connection table synchronizationFlow accounting:NetFlow and sFlowProxy:Web proxy and URL filteringShaping:QoS policies (drop tail, fair queue, and others), traffic redirection.
One of the biggest changes is the new approach to updating /etc/resolv.conf and /etc/hosts. The difficult part is that they are updated by multiple processes: scripts from “set system host-name”, “set system name-server”, “set system static-host-mapping”, and DHCP scripts for every interface. The original solution was to attach comments to entries so that different scripts can find and update entries they own, but since they can and often do run at the same time (e.g. when you set interface address to “dhcp” and commit), it was still prone to race conditions. In 1.2.2, we’ve introduced locking to avoid it, but unfortunately it created a possibility of a deadlock.
Since 1.2.3, that configuration is managed by a single process (vyos-hostsd) that uses a message queue to avoid both races and locking, remembers where different entries came from, and provides an interface for scripts to add and remove entries. It’s been working fine for us, but we are especially interested in feedback from people using DHCP client so that we can be sure we haven’t missed anything.