VyOS 1.2.4 release
Happy new year! I hope you all had a good rest while we preparing this release. It´s been a while from last 1.2.4 EPA but testing went pretty good. Thanks to all who reported issues and worked with us to solve them!
What’s new
While it’s technically a point release, we’ve backported a number of features from current that are either well-tested enough to be safe or don’t have the potential to disrupt any existing functionality.
Intel QAT
VyOS now supports encryption acceleration with Intel QuickAssist Technology, this also unblocked hardware-specific releases (more details below)
We’ve made a point to make all acceleration features optional and possible to disable. We stand by that decision, so QAT is disabled by default and needs to be enabled explicitly.
With “set system acceleration qat” command, you can enable QAT on machines whose CPU supports it. If it doesn’t have QAT support, the commit will fail.
You can view the QAT status with “show system acceleration qat” command (use tab completion to discover the subcommands).
Important to say that QAT works also with SR-IOV exposed devices, so you can use it in VMs too
BFD
Switching to FRR wasn’t exactly painless, however, it did bring better stability and functionality to routing protocols we already had CLI for and opened a path to adding new ones. In this release, we’ve backported BFD support from the rolling release branch.
Here are the provided commands:
set interface ethernet INTF ip ospf bfdset protocols bgp AS neighbor IP bfd
set protocols bgp AS peer-group NAME bfd
set protocols bfd peer IP multihop
set protocols bfd peer IP shutdown
set protocols bfd peer IP multihop
set protocols bfd peer IP interval receive
set protocols bfd peer IP interval transmit
set protocols bfd peer IP interval multiplier
set protocols bfd peer IP source address
set protocols bfd peer IP source interface
show protocols bfd peer
show protocols bfd peer IP
Custom scripts for SNMP
You now can expose via SNMP output of custom scripts, which can be really useful in certain cases. Refer to the documentation for details
IP6GRE
You now can specify ip6gre as encapsulation in the tunnel configuration
OVA and OVF properties
When deploying from OVA you now have the ability to configure API key and port. This is pretty useful for automation scenarios.
Platform-specific images
This took longer than we expected initially, but now we provide images for specific hardware platforms. Everyone can build them using appropriate makefile targets (e.g. make edgecore), while subscribers with support or corp access can download prebuilt images.
For some platforms it´s really initial release, during 2020 we will expand hardware-specific capabilities so you can interact with iDRAC/IPMI, support OOB access via serial, manage and monitor RAID controllers and so on.
The following images are available for 1.2.4:
- EdgeCore SAF51003I & SAF51015I-0318-EC
- DellEMC Poweredge R6x0 Servers
- DellEMC VEP1400 & VEP4600
- Protectli FW series
Admittedly, this led to some makefile target proliferation. We are working to make the build scripts more logical and flexible so that adding new platforms will not make a mess there.
Target platform will also be decoupled from the image format. That is, target platform will be specified with a ./configure option, like ./configure --platform vmware or ./configure --platform dell-vep, which will make the build script include additional packages and default configs required for those platforms. Then you will be able to build an image in any format with make iso or make vmdk.
Updated packages
A number of packages have been updated:
- Linux kernel to 4.19.84
- Linux firmware to 2019-10-07
- ddclient to 3.9.0, to support the Cloudflare DDNS API
- WireGuard to 0.0.20191012
- FRR 7.2
Resolved issues
| 258 | Can not configure wan load-balancing on vyos-1.2 |
| 818 | SNMP v3 - remove required engineid from user node |
| 1030 | Upgrade ddclient from 3.8.2 to 3.9.0 (support Cloudflare API v4) |
| 1183 | BFD Support via FRR |
| 1299 | Allow SNMPd to be extended with custom scripts |
| 1351 | accel-pppoe adding CIDR based IP pool option |
| 1391 | In route-map set community additive |
| 1394 | syslog systemd and host_name.py race condition |
| 1401 | Copying files with the FTP protocol fails if the password contains special characters |
| 1421 | OpenVPN client push-route stopped working, needs added quotes to fix |
| 1430 | Add options for custom DHCP client-id and hostname |
| 1447 | Python subprocess called without import in host_name.py |
| 1470 | improve output of "show dhcpv6 server leases" |
| 1485 | Enable 'AdvIntervalOpt' option in for radvd.conf |
| 1496 | Separate rolling release and LTS kernel builds |
| 1560 | "set load-balancing wan rule 0" causes segfault and prevents load balancing from starting |
| 1568 | strip-private command improvement for additional masking of IPv6 and MAC address |
| 1578 | completion offers "show table", but show table does not exist |
| 1593 | Support ip6gre |
| 1597 | /usr/sbin/rsyslogd after deleting "system syslog" |
| 1638 | vyos-hostsd not setting system domain name |
| 1678 | hostfile-update missing line feed |
| 1694 | NTPd: Do not listen on all interfaces by default |
| 1701 | Delete domain-name and domain-search won't work |
| 1705 | High CPU usage by bgpd when snmp is active |
| 1707 | DHCP static mapping and exclude address not working |
| 1708 | Update Rolling Release Kernel to 4.19.76 |
| 1709 | Update WireGuard to 0.0.20190913 |
| 1716 | Update Intel NIC drivers to recent versions |
| 1726 | Update Linux Firmware binaries to 2019-10-07 |
| 1728 | Update Linux Kernel to 4.19.79 |
| 1737 | SNMP tab completion missing |
| 1738 | Copy SNMP configuration from node to node raises exception |
| 1740 | Broken OSPFv2 virtual-link authentication |
| 1742 | NHRP unable to commit. |
| 1745 | dhcp-server commit fails with "DHCP range stop address x must be greater or equal to the range start address y!" when static mapping has same IP as range stop |
| 1749 | numeric validator doesn't support multiple ranges |
| 1769 | Remove complex SNMPv3 Transport Security Model (TSM) |
| 1772 | regex constraints in XML are partially broken |
| 1778 | Kilobits/Megabits difference in configuration Vyos/FRR |
| 1780 | Adding ipsec ike closeaction |
| 1786 | disable-dhcp-nameservers is missed in current host_name.py implementation |
| 1788 | Intel QAT (QuickAssist Technology ) implementation |
| 1792 | Update WireGuard to Debian release 0.0.20191012-1 |
| 1800 | Update Linux Kernel to v4.19.84 |
| 1809 | Wireless: SSID scan does not work in AP mode |
| 1811 | Upgrade from 1.1.8: Config file migration failed: module=l2tp |
| 1812 | DHCP: hostnames of clients not resolving after update v1.2.3 -> 1.2-rolling |
| 1819 | Reboot kills SNMPv3 configuration |
| 1822 | Priority inversion wireless interface dhcpv6 |
| 1825 | Improve DHCP configuration error message |
| 1836 | import-conf-mode-commands in vyos-1x/scripts fails to create an xml |
| 1839 | LLDP shows "VyOS unknown" instead of "VyOS" |
| 1841 | PPP ipv6-up.d direcotry missing |
| 1893 | igmp-proxy: Do not allow adding unknown interface |
| 1903 | Implementation udev predefined interface naming |
| 1904 | update eth1 and eth2 link files for the vep4600 |
Comments