VyOS OpenSource Router
In this article, I wanted to raise a topic that is not standard for me about the VyOS network router. I first became acquainted with this project thanks to Neil Anderson (Neil Anderson) who made a guide how to deploy a mini-lab with NetApp simulator and VyOS at home .
VyOS is a opensource project based on Debian Linux, which was born as a fork from the Vyatta Core Edition project of Vyatta Routing software. Like any router, VyOS operates OSI at the third level and routes North-South traffic. VyOS includes the following key projects:
VyOS can be deployed on most popular platforms in the form of a virtual machine, on bare metal or in the cloud, the image takes about 300 MB.
As a virtual machine, VyOS can be deployed in an environment:
The router can be installed on bare iron, custom images (in the plans):
Like a virtual machine in the clouds:
As with Cisco and Juniper routers, which traditionally do not use a graphical interface, so VyOS is controlled from the command line. The VyOS command line is very similar to the JunOS syntax:
The functionality of VyOS is quite large and serious, despite the fact that this is an Opensource project:
One of the most commonly used schemes for using VyOS is to merge several company branches with each other, connect with cloud providers or merge several cloud providers into one network.
Can serve as an SMB router providing stable and increased availability to the global Internet thanks. VyOS supports NAT, DHCP, and VRRP to increase the availability of your default gateway.
VyOS can be used as an Enterprise Border Router (BGP), one of, if not the most advanced of the dynamic routing protocols. For these purposes, VyOS can serve as both external and internal BGP nodes (BGP-peer), providing high stability and availability in your network.
VyOS provides IPSec VPN access: IPSec / GRE, IPSec VTI, Dynamic Multipoint VPN (DMVPN), and OpenVPN. Site-to-site configuration allows you to connect multiple sites directly to the cloud through a frequent secure network over the Internet, allowing your users and servers to interact with each other. VyOS can work as a L2TPv3 router by creating a L2 network between sites.
VyOS can be used as a remote VPN server. For this you can use L2TP over IPSec as it is present in almost all modern operating systems. Another option is to use OpenVPN, which is also integrated into VyOS. Using a firewall will increase the security and granularity of access to your network.
VyOS minimum resource requirements:
Management and monitoring:
VyOS can be collected from the source code itself or downloaded as an assembled and tested image for your platform. Starting from version 1.2, downloading GA images has ceased to be free, because the project needs to be developed for some money. Rolling releases remain free as before. But for schools, colleges, universities, clinics and other similar non-profit organizations provided free access to GA releases . For contributors, free access to ready-made GA images is also provided; it is not necessary to be a programmer, even if you help with documentation, this is also a project assistance. So to get free access to images is quite simple and easy, especially if you have a Meinteiner badge, Contributor or VyOS Evangelist.
Badges
VyOS has issued digital certificates for:
VyOS is a project that is built on the basis of modern programs and utilities for network routing, which can be easily supplemented and changed due to the fact that it is completely 100% OpenSource. The rich functionality and modern routing protocols allow it to be used not only at home for advanced users, but also for large companies and huge service providers.
blog.vyos.io
wiki.vyos.net
Issue tracker
slack.vyos.io
forum.vyos.io
github.com/vyos
twitter.com/vyos_dev
LinkedIn
Facebook
YouTube
VyOS Roadmap
Rolling Releases
Software routing with VyOS UNetLab
emulator - a revolutionary leap
Vyatta: Linux-based firewall and router
Internet on the ship: satellite dish + modems + balancer + Wi-Fi
Ubiquiti EdgeRouter X
Please send error messages in the text to the LAN . Comments, additions and questions on the article on the contrary, please in the comments.
Key projects
VyOS is a opensource project based on Debian Linux, which was born as a fork from the Vyatta Core Edition project of Vyatta Routing software. Like any router, VyOS operates OSI at the third level and routes North-South traffic. VyOS includes the following key projects:
- Debian 8, kernel 4.19
- FRRouting (Quagga was used in version 1.1 and later)
- ISC-DHCP
- Keepalived
- StrongSwan
- Openvpn
- Powerdns
- Wireguard
- Openhrp
- Accel-ppp
- xL2tpd
- Squid
- mDNS repeater
- IGMP-proxy
- iPerf
- more detailed list in Release notes
Supported Platforms
VyOS can be deployed on most popular platforms in the form of a virtual machine, on bare metal or in the cloud, the image takes about 300 MB.
Virtualization platforms
As a virtual machine, VyOS can be deployed in an environment:
- KVM
- Rhev
- Virtualbox
- Nutanix ahv
- VMWare ESXi 5.1+
- Citrix XenServer in HVM mode
- Microsoft Hyper-V for Windows Server
- OpenStack (in plans)
Bare iron
The router can be installed on bare iron, custom images (in the plans):
- Dell
- SuperMicro
- Edgecore
Clouds
Like a virtual machine in the clouds:
- Amazon EC2 (Amazon Machine image on Amazon Web Services)
- Ravello
- Packet cloud
- Microsoft Azure
- Google Cloud Platform (in plans)
- Alibaba Cloud (in plans)
Command line
As with Cisco and Juniper routers, which traditionally do not use a graphical interface, so VyOS is controlled from the command line. The VyOS command line is very similar to the JunOS syntax:
vyos@vyos# run show ip route forward
default via 203.0.113.1 dev eth1 proto static metric 20 onlink
192.168.56.0/24 dev eth0 proto kernel scope link src 192.168.56.13
203.0.113.1 dev eth1 proto static metric 20
Functionality and features
The functionality of VyOS is quite large and serious, despite the fact that this is an Opensource project:
- VPN: Dynamic Multipoint VPN (DMVPN), GRE, IPSec, IPSec VTI, OpenVPN (server and client) and WireGuard
- Can act as a VPN Remote Access Server using L2TP or OpenVPN
- Tunnels: L2TP, L2TPv3, VXLAN, PPTP, GRE, IPIP, SIT, IPIP, IPIP6, IP6IP6
- L2 / L3 Interfaces: Ethernet Bridge, 802.1Q VLAN, QinQ, Port Aggregation (LACP and Static)
- API for working from console, Python, and Perl scripts
- Addressing IPv4 & IPv6 Routing:
- BGP, OSPF, OSPFv3, RIP, RIPng dynamic routing protocols
- Static Routing and Policy-Based Routing (PBR)
- QoS to prioritize traffic
- VyOS can work as a L2TPv3 router for Layer 2 connectivity between sites
- High availability: VRRP, WAN load-balancing, Conntrack-Sync, Clustering
- And of course the standard set: DHCP (Server, Client and Relay), DNS recursive server, Network Address Translation (source and destination, port-address, one-to-many, many-to-many), IGMP-Proxy, NTP server and client, LLDP server and client, mDNS repeater, PPPoE server, proxy server with cache and filtering, TFTP server
- Traffic filtering: Zone-based firewall, stateful firewall
- Policies: Shaping, Rate limiting, Priority-based queues
- Built-in archive of configuration files
Example of supported connection and usage patterns
Branch
One of the most commonly used schemes for using VyOS is to merge several company branches with each other, connect with cloud providers or merge several cloud providers into one network.
Smb edge
Can serve as an SMB router providing stable and increased availability to the global Internet thanks. VyOS supports NAT, DHCP, and VRRP to increase the availability of your default gateway.
Boarder router
VyOS can be used as an Enterprise Border Router (BGP), one of, if not the most advanced of the dynamic routing protocols. For these purposes, VyOS can serve as both external and internal BGP nodes (BGP-peer), providing high stability and availability in your network.
VPN gateway
VyOS provides IPSec VPN access: IPSec / GRE, IPSec VTI, Dynamic Multipoint VPN (DMVPN), and OpenVPN. Site-to-site configuration allows you to connect multiple sites directly to the cloud through a frequent secure network over the Internet, allowing your users and servers to interact with each other. VyOS can work as a L2TPv3 router by creating a L2 network between sites.
VPN RA Server
VyOS can be used as a remote VPN server. For this you can use L2TP over IPSec as it is present in almost all modern operating systems. Another option is to use OpenVPN, which is also integrated into VyOS. Using a firewall will increase the security and granularity of access to your network.
System requirements
VyOS minimum resource requirements:
- CPU: one or several 64-bit x86 cores (depending on the bandwidth and the functionality used). Also supported ClearFog ARM platform
- Memory: 512 MB or more (depends on the bandwidth and the functionality used and mainly on the size of the routing tables)
- Network interfaces: at least one, maximum (as much as supported by the platform on which VyOS runs)
- For maximum performance, it is recommended to use network cards with hardware offloading and supporting multiple queues.
Management and Monitoring
Management and monitoring:
- Deployment and management: Secure Shell (SSH), Cloud Init, python library for remote management
- Management and troubleshooting: Simple Network Management Protocol (SNMP), Syslog, NetFlow, sFlow
- Automation Ansible, SaltStack
- Планировщик задач, event handling, scripting
- Встроенный архив версий конфигураций
Образы
VyOS can be collected from the source code itself or downloaded as an assembled and tested image for your platform. Starting from version 1.2, downloading GA images has ceased to be free, because the project needs to be developed for some money. Rolling releases remain free as before. But for schools, colleges, universities, clinics and other similar non-profit organizations provided free access to GA releases . For contributors, free access to ready-made GA images is also provided; it is not necessary to be a programmer, even if you help with documentation, this is also a project assistance. So to get free access to images is quite simple and easy, especially if you have a Meinteiner badge, Contributor or VyOS Evangelist.
Badges
VyOS has issued digital certificates for:
- Maintainers of the project
- Of contributors
- Evangelists
- and network engineers
findings
VyOS is a project that is built on the basis of modern programs and utilities for network routing, which can be easily supplemented and changed due to the fact that it is completely 100% OpenSource. The rich functionality and modern routing protocols allow it to be used not only at home for advanced users, but also for large companies and huge service providers.
Useful resources
blog.vyos.io
wiki.vyos.net
Issue tracker
slack.vyos.io
forum.vyos.io
github.com/vyos
twitter.com/vyos_dev
YouTube
VyOS Roadmap
Rolling Releases
Other articles on Habré
Software routing with VyOS UNetLab
emulator - a revolutionary leap
Vyatta: Linux-based firewall and router
Internet on the ship: satellite dish + modems + balancer + Wi-Fi
Ubiquiti EdgeRouter X
Please send error messages in the text to the LAN . Comments, additions and questions on the article on the contrary, please in the comments.