VyOS Project 2019 January Update
Posted 13 Feb, 2020 by Yuriy Andamasov
VyOS 1.2.5-epa1 release
VyOS 1.2.5-epa1 preview release is now available. Everyone can build it from the crux branch, and subscribers can download it from the support portal.
This is mostly a bugfix release, but it also offers some feature backports, such as rate limiting options for the PPPoE server.
Here’s the full changelog so far:
1341 | Adding rate-limiter for pppoe server users |
1376 | Incorrect DHCP lease counting |
1392 | Large firewall rulesets cause the system to lose configuration and crash at startup |
1452 | accel-pppoe - add vendor option to shaper |
1780 | Adding ipsec ike closeaction |
1827 | Increase default gc_thresh |
1858 | l2tp: Delete depricated outside-nexthop and add gateway-address |
1864 | Lower IPSec DPD timeout lower limit from 10s -> 2s |
1879 | Extend Dynamic DNS XML definition value help strings and validators |
1881 | Execute permissions are removed from custom SNMP scripts at commit time |
1900 | Enable SNMP for VRRP. |
1902 | Add redistribute non main table in bgp |
1909 | Incorrect behaviour of static routes with overlapping networks |
1913 | "system ipv6 blacklist" command has no effect |
1914 | IPv6 multipath hash policy does not apply |
1934 | Change default hostname when deploy from OVA without params. |
1964 | SNMP Script-extensions allows names with spaces, but commit fails |
Our routers are already running 1.2.5, and if no bugs are discovered, we’ll make a final 1.2.5 build.
VyOS 1.2.5 going to maintenance mode
Our initial idea for LTS releases was that they will be completely feature-frozen. That turned out pretty wrong in practice because it wasn’t what people wanted, and because many features developed in the current branch do not interfere with any existing features and are safe to include in a stable release.
For a full year, we’ve been including feature backports in 1.2 releases, which enabled subscribers and community members who build from source to get those features faster and help us weed out bugs and edge cases missed during initial testing in the rolling release.
However, as 1.3 development progresses, backporting features gets much harder. We are making big changes in the 1.3 branch to eliminate legacy code and make room for new features such as VRF, and many of those are too big to backport or require config syntax changes and migration scripts, which is clearly unacceptable for an LTS release.
After the 1.2.5 release, the 1.2/crux branch will only receive bug fixes, so that we can focus on getting 1.3 ready for a release. When 1.3 is ready, it will go through a similar cycle, a year or so of feature backports and then a period of maintenance mode until the next release is ready.
Reproducible builds
A number of people rightfully complain about VyOS LTS release builds not being fully reproducible. Right now, you cannot build say 1.2.3 release because the build scripts will pull packages from today’s Debian repos and our most recent Crux repos. If you build now, you’ll end up with 1.2.5-epa1.
That’s a good point, so we are going to experiment with Debian repository snapshots from https://snapshot.debian.org/ and try making snapshots of our own repos to make old builds reproducible.
That's all for today. Stay tuned for new updates!