VyOS OpenSource Router

    In this article, I wanted to raise a topic that is not standard for me about the VyOS network router. I first became acquainted with this project thanks to Neil Anderson (Neil Anderson) who made a guide how to deploy a mini-lab with NetApp simulator and VyOS at home .


    Key projects


    VyOS is a opensource project based on Debian Linux, which was born as a fork from the Vyatta Core Edition project of Vyatta Routing software. Like any router, VyOS operates OSI at the third level and routes North-South traffic. VyOS includes the following key projects:

    • Debian 8, kernel 4.19
    • FRRouting (Quagga was used in version 1.1 and later)
    • ISC-DHCP
    • Keepalived
    • StrongSwan
    • Openvpn
    • Powerdns
    • Wireguard
    • Openhrp
    • Accel-ppp
    • xL2tpd
    • Squid
    • mDNS repeater
    • IGMP-proxy
    • iPerf
    • more detailed list in Release notes


    Supported Platforms


    VyOS can be deployed on most popular platforms in the form of a virtual machine, on bare metal or in the cloud, the image takes about 300 MB.

    Virtualization platforms


    As a virtual machine, VyOS can be deployed in an environment:

    • KVM
    • Rhev
    • Virtualbox
    • Nutanix ahv
    • VMWare ESXi 5.1+
    • Citrix XenServer in HVM mode
    • Microsoft Hyper-V for Windows Server
    • OpenStack (in plans)


    Bare iron


    The router can be installed on bare iron, custom images (in the plans):

    • Dell
    • SuperMicro
    • Edgecore

    Clouds


    Like a virtual machine in the clouds:

    • Amazon EC2 (Amazon Machine image on Amazon Web Services)
    • Ravello
    • Packet cloud
    • Microsoft Azure
    • Google Cloud Platform (in plans)
    • Alibaba Cloud (in plans)

    Command line


    As with Cisco and Juniper routers, which traditionally do not use a graphical interface, so VyOS is controlled from the command line. The VyOS command line is very similar to the JunOS syntax:

    vyos@vyos# run show ip route forward
    default via 203.0.113.1 dev eth1 proto static metric 20 onlink
    192.168.56.0/24 dev eth0 proto kernel scope link src 192.168.56.13
    203.0.113.1 dev eth1 proto static metric 20
    

    Functionality and features


    The functionality of VyOS is quite large and serious, despite the fact that this is an Opensource project:

    • VPN: Dynamic Multipoint VPN (DMVPN), GRE, IPSec, IPSec VTI, OpenVPN (server and client) and WireGuard
    • Can act as a VPN Remote Access Server using L2TP or OpenVPN
    • Tunnels: L2TP, L2TPv3, VXLAN, PPTP, GRE, IPIP, SIT, IPIP, IPIP6, IP6IP6
    • L2 / L3 Interfaces: Ethernet Bridge, 802.1Q VLAN, QinQ, Port Aggregation (LACP and Static)
    • API for working from console, Python, and Perl scripts
    • Addressing IPv4 & IPv6 Routing:
    • BGP, OSPF, OSPFv3, RIP, RIPng dynamic routing protocols
    • Static Routing and Policy-Based Routing (PBR)
    • QoS to prioritize traffic
    • VyOS can work as a L2TPv3 router for Layer 2 connectivity between sites
    • High availability: VRRP, WAN load-balancing, Conntrack-Sync, Clustering
    • And of course the standard set: DHCP (Server, Client and Relay), DNS recursive server, Network Address Translation (source and destination, port-address, one-to-many, many-to-many), IGMP-Proxy, NTP server and client, LLDP server and client, mDNS repeater, PPPoE server, proxy server with cache and filtering, TFTP server
    • Traffic filtering: Zone-based firewall, stateful firewall
    • Policies: Shaping, Rate limiting, Priority-based queues
    • Built-in archive of configuration files

    Example of supported connection and usage patterns


    Branch


    One of the most commonly used schemes for using VyOS is to merge several company branches with each other, connect with cloud providers or merge several cloud providers into one network.



    Smb edge


    Can serve as an SMB router providing stable and increased availability to the global Internet thanks. VyOS supports NAT, DHCP, and VRRP to increase the availability of your default gateway.



    Boarder router


    VyOS can be used as an Enterprise Border Router (BGP), one of, if not the most advanced of the dynamic routing protocols. For these purposes, VyOS can serve as both external and internal BGP nodes (BGP-peer), providing high stability and availability in your network.



    VPN gateway


    VyOS provides IPSec VPN access: IPSec / GRE, IPSec VTI, Dynamic Multipoint VPN (DMVPN), and OpenVPN. Site-to-site configuration allows you to connect multiple sites directly to the cloud through a frequent secure network over the Internet, allowing your users and servers to interact with each other. VyOS can work as a L2TPv3 router by creating a L2 network between sites.



    VPN RA Server


    VyOS can be used as a remote VPN server. For this you can use L2TP over IPSec as it is present in almost all modern operating systems. Another option is to use OpenVPN, which is also integrated into VyOS. Using a firewall will increase the security and granularity of access to your network.



    System requirements


    VyOS minimum resource requirements:

    • CPU: one or several 64-bit x86 cores (depending on the bandwidth and the functionality used). Also supported ClearFog ARM platform
    • Memory: 512 MB or more (depends on the bandwidth and the functionality used and mainly on the size of the routing tables)
    • Network interfaces: at least one, maximum (as much as supported by the platform on which VyOS runs)
    • For maximum performance, it is recommended to use network cards with hardware offloading and supporting multiple queues.

    Management and Monitoring


    Management and monitoring:

    • Deployment and management: Secure Shell (SSH), Cloud Init, python library for remote management
    • Management and troubleshooting: Simple Network Management Protocol (SNMP), Syslog, NetFlow, sFlow
    • Automation Ansible, SaltStack
    • Планировщик задач, event handling, scripting
    • Встроенный архив версий конфигураций

    Образы


    VyOS can be collected from the source code itself or downloaded as an assembled and tested image for your platform. Starting from version 1.2, downloading GA images has ceased to be free, because the project needs to be developed for some money. Rolling releases remain free as before. But for schools, colleges, universities, clinics and other similar non-profit organizations provided free access to GA releases . For contributors, free access to ready-made GA images is also provided; it is not necessary to be a programmer, even if you help with documentation, this is also a project assistance. So to get free access to images is quite simple and easy, especially if you have a Meinteiner badge, Contributor or VyOS Evangelist.

    Badges
    VyOS has issued digital certificates for:
    • Maintainers of the project
    • Of contributors
    • Evangelists
    • and network engineers


    findings


    VyOS is a project that is built on the basis of modern programs and utilities for network routing, which can be easily supplemented and changed due to the fact that it is completely 100% OpenSource. The rich functionality and modern routing protocols allow it to be used not only at home for advanced users, but also for large companies and huge service providers.

    Useful resources


    blog.vyos.io
    wiki.vyos.net
    Issue tracker
    slack.vyos.io
    forum.vyos.io
    github.com/vyos
    twitter.com/vyos_dev
    LinkedIn
    Facebook
    YouTube
    VyOS Roadmap
    Rolling Releases

    Other articles on Habré


    Software routing with VyOS UNetLab
    emulator - a revolutionary leap
    Vyatta: Linux-based firewall and router
    Internet on the ship: satellite dish + modems + balancer + Wi-Fi
    Ubiquiti EdgeRouter X

    Please send error messages in the text to the LAN . Comments, additions and questions on the article on the contrary, please in the comments.

    Also popular now: