VyOS Networks Blog

Building an open source network OS for the people, together.

VyOS in 2023: multi-year subscriptions, future plans, and more

Yuriy Andamasov
Posted 5 Mar, 2023

Hello, Community!

 

This mail contains essential information about subscriptions.

 

We are already two months into 2023 and expect this year to impact the VyOS project significantly!

Not only is the project passing ten years mark, and a 1.4 LTS release is planned for this year, but more crucial things are also happening in the background.

Since we made our first commercially-supported 1.2.0 LTS release in 2019, VyOS has steadily grown in all dimensions. We aren’t only talking about our revenue, customer count, and other business performance indicators — our team is growing, our open-source user and contributor community is also growing, and thus our responsibility is growing.

When we started, we aimed to have a network operating system that we could use and improve for our needs. A few years later, VyOS was adopted by companies that we thought would never look at it, in roles we never thought it would fulfill, from critical communication infrastructure to network engineer education and training.

That brings a new set of challenges — how to keep VyOS available, open-source, and sustainably funded; how to make it better suited to environments where it’s now taking hold; and how to ensure that its development direction reflects the best interests of our Community.

So here are a few things we have in the pipeline this year.

 

VyOS Foundation

You may remember the idea to form a non-profit VyOS Foundation to ensure that the source code is safe in the long term and to include community members and strategic partners in the decision-making process.

We mentioned that idea in our blog posts a while ago but have not posted any updates. However, behind the scenes, it has already passed the idea stage and is now on the way to becoming an organization chartered in Switzerland. The paperwork is still in progress because we want to get it right. Still, we are sure that when it’s complete, VyOS Foundation will play a crucial role in the future of VyOS and help it fulfill its mission to bring advanced open-source networking to everyone who needs it.

 

Common Criteria validation

VyOS is used in high-security environments more and more, not least because it’s fully open-source and open to independent inspection. However, many organizations have formal requirements for security-critical software and require certification.

The ISO standard for security certification is Common Criteria. We are targeting the collaborative Protection Profile for Network Devices (CPP-ND) that applies to physical and virtual network devices. Once we ensure that VyOS meets its strictest requirements, it will also be our first step in obtaining the FIPS-140 validation.

Of course, it isn’t merely a rubber-stamp certification — we need to make quite a few improvements in the VyOS code and development processes to get certified.

I’d like to thank Jake and Matthew from Corsec Security, who are guiding us through this very complex topic.

 

1.4 LTS Release (Sagitta)

The current rolling release has been in development for a while; those who follow our development at https://vyos.dev know the process is active. This new LTS release will incorporate many new features, including QPPB support, EVPN, and more. We target Release for Q4 but Early Production Access images probably will come earlier than that 

 

Local UI and Controller/Orchestrator  

Both are in active development, and you can check out designs for LocalUI and Controller

(both are still works In progress, and you are welcome to leave feedback and comments directly in Figma).

Local UI will initially be in the rolling release and later become part of the LTS Release. At the same time, Controller will initially be available as Hosted SaaS offering and later as an application for OCI-compliant Kubernetes Clusters.  

Our idea is simple — easy monitoring and management of a single device and maintaining a distributed fleet of VyOS devices across all supported platforms, with centralized access to NetDevOps-friendly APIs and multi-cloud networking that help you offer NaaS with self-service capabilities for your customers and users.

 

IDS/IPS

Two massive features rework/upgrade were prerequisites for IDS/IPS: firewall migration away from the outdated iptables and old scripts for it and containerized applications support. While container support has been available for a while now, firewall rework isn’t complete yet — we are planning a CLI redesign, and many features of nftables aren’t exposed in the CLI yet. However, we are already investigating open-source IPS/IDS projects that we can integrate into VyOS.

We will start with Suricata but may eventually support other solutions as well — running them in containers is the key to making it possible to give users a choice without bloating the base image.

 

VPP/XDP Integration

 So far, most (if not all) network OSes use acceleration technologies as a proprietary “special sauce”, even if their other parts are open-source. Worse yet, most such solutions are also locked into specific CPU vendors and support a limited range of network cards. If we were to go that way, it would be contrary to our goal to support the broadest possible range of hardware.

However, these days XDP (Express Data Path) and eBPF support in Linux open up opportunities for accelerated forwarding on any hardware. There are also accelerated data-plane projects like VPP, which also look promising. Nothing is set in stone yet, and our work on acceleration is in an early stage. We plan to work out a solution that will be cross-platform and that users can enable optionally rather than have it forced on them so that VyOS can keep working fine on small single-core boxes and VMs but also offer much faster forwarding on more powerful machines.

 

Subscriptions pricing and modality changes

As I mentioned, the VyOS project is experiencing constant growth in user base, use cases, technology, and so on. As you can imagine, growth doesn't happen by itself, and long-term goals cannot be reached by developing the project randomly or chaotically. It requires planning, and we use the three horizons framework for many aspects of this planning. As we learned from surveys and customer interviews, people want prices to stay the same or at least be predictable, and they also want to avoid significant upfront investments; last but not least, everybody wants to be sure that software will not stop existing tomorrow.

  We combined all that information into the new offerings — multi-year subscriptions that lock pricing for the whole period, so you don’t need to negotiate them each year. The billing cycle is still annual, so no up-front investment is required either, and the multi-year commitment makes it possible for us to plan beyond the one-year horizon.

 

Two on-premises software access subscriptions are available for new and existing customers:

 

The Corporate subscription 

  • unlimited on-premises deployments within a single company
  • Access to images for bare-metal and virtual platforms  
  • comes with best-effort support (24x7)
  • costs 8000 EUR/USD billed annually
  • 3 and 5 years of commitment

The Global subscription 

  • unlimited on-premises deployments across multiple subsidiaries in multiple geographic regions
  • Access to images for bare-metal and virtual platforms
  • Custom images upon request  
  • comes with best-effort support (24x7)
  • costs 15 000 EUR/USD billed annually
  • 3 and 5 years of commitment

 

SLA Support subscriptions are available in 3 tiers:

 

The standard subscription 

  • next-business-day support via email
  • access to LTS Release ISO images
  • 1 deployment on a single VM or physical device
  • 1500 EUR/USD billed annually
  • 1, 3, and 5 years of commitment

Production subscription 

  • 4-hour SLA for Severity 1/2 incidents  
  • support via email, teams/slack, and phone
  • access to images for the platform of choice to deploy pair of VMs/bare metal devices in HA  
  • 3000 EUR/USD billed annually
  • 1, 3, and 5 years of commitment

 

The mission-critical subscription 

  • 1 hour SLA for Severity 1/2 incidents
  • support via email, teams/slack, and phone
  • Dedicated Technical Account Manager
  • Custom images upon request
  • access to images for the platform of choice to deploy pair of VMs/bare metal devices in HA  
  • 6000 EUR/USD billed annually
  • 1, 3, and 5 years of commitment

 

Cloud Subscriptions are available in 3 modalities.

 

Pay-as-you-go cloud subscription 

  • available on AWS, Azure, Google Cloud, and Oracle Cloud
  • next-business-day support via email/web
  • starts from $0,2 per core per hour
  •  

CloudPack One

  • unlimited deployments in the supported public or private cloud of choice 
  • Up to two cloud accounts
  • Best-effort support (SLA add-ons available) via email/web
  • complimentary on-premises corporate software subscription
  • 50000 EUR/USD billed annually
  • 1, 3, and 5 years of commitment

CloudPack Enterprise

  • unlimited deployments in all supported public and private clouds 
  • Up to ten cloud accounts
  • Next-business-day support (SLA add-ons available) via email/web/chat/phone
  • complimentary on-premises corporate software subscription
  • 150000 EUR/USD billed annually
  • 1, 3, and 5 years of commitment

 

Country-specific pricing

Our team is currently working on country-specific pricing as we understand that current pricing is not equally accessible for different countries. We aim to have this in place by the end of Q2 2023

Remember, if you are the customer and want to provide feedback about your needs or in general about the project, please book a meeting here

If you are interested in Local UI and/or Controller, we will be grateful if you can provide us with your feedback here for LocalUI and Controller 

 

Thank you for your interest and support!

The post categories:

Comments