VyOS 1.2.3 releases: open source network operating system

VyOS

VyOS is forked from the Vyatta community, is a network operating system that provides software-based network routing, firewall, and VPN functionality. VyOS is based on Debian GNU/Linux and is fully open source free. VyOS can run on physical devices and virtual platforms, supporting integration packages for para-virtual drives and virtual platforms.

VyOS

Feature

VLANs:
802.1q and QinQ
Static and dynamic routing:
BGP for IPv4 and IPv6, OSPFv2, RIP, RIPng, policy-based routing, equal cost multi-path
Firewall:
Firewall rulesets for IPv4 and IPv6 traffic you can assign to interfaces, zone-based firewall, address/network/port groups for IPv4 firewalls
Tunnel interfaces:
PPPoE, GRE, IPIP, SIT, static L2TPv3, VXLAN
VPN:
Site-to-site IPsec for IPv4 and IPv6, L2TP/IPsec server, PPTP server, OpenVPN for site-to-site and remote access
NAT:
Source NAT, port forwards, one to one, one to many, and many to many translations
DHCP:
DHCP and DHCPv6 server and relay
Redundancy:
VRRP, connection table synchronization
Flow accounting:
NetFlow and sFlow
Proxy:
Web proxy and URL filtering
Shaping:
QoS policies (drop tail, fair queue, and others), traffic redirection.

Changelog v1.2.3

One of the biggest changes is the new approach to updating /etc/resolv.conf and /etc/hosts. The difficult part is that they are updated by multiple processes: scripts from “set system host-name”, “set system name-server”, “set system static-host-mapping”, and DHCP scripts for every interface.¬† The original solution was to attach comments to entries so that different scripts can find and update entries they own, but since they can and often do run at the same time (e.g. when you set interface address to “dhcp” and commit), it was still prone to race conditions. In 1.2.2, we’ve introduced locking to avoid it, but unfortunately it created a possibility of a deadlock.

Since 1.2.3, that configuration is managed by a single process (vyos-hostsd) that uses a message queue to avoid both races and locking, remembers where different entries came from, and provides an interface for scripts to add and remove entries. It’s been working fine for us, but we are especially interested in feedback from people using DHCP client so that we can be sure we haven’t missed anything.

Download