VyOS Networks Blog

Building an open source network OS for the people, together.

VyOS Project March 2026 Update

Daniil Baturin
Posted 10 Mar, 2026

Hello, Community! The somewhat belated development update that covers changes in the VyOS rolling release in February is finally here. A lot of our attention in February went to VyOS Stream 2026.02, promoting VyOS at MWC Barcelona 2026, and the ongoing work on VyOS 1.5.0. However, there are quite a few updates in rolling that are worth a mention, including support for background operations in the HTTP API, multiple VPP CLI design improvements, and a whole bunch of bug fixes.

Configuration syntax changes

VyOS 1.5.0 release is now its final stages and that will freeze the VPP configuration syntax in it for as long as it's supported. So, we are taking the last chance to fix to improve the VPP CLI before it gets frozen. There are quite a few areas where we felt the design was not especially good: some coming from the original idea to release VPP as an addon rather than an integral part of the system, others coming from our lack of experience with using VPP at the time.

In particular:

  • The multitude of TCP flag commands in ACLs is now consolidated under two multi-value nodes: set vpp acl ip tag-name <txt> rule <u32> tcp-flags is-set <flag> (T8250).
  • set vpp acl macip is now set vpp acl mac (T8252).
  • The commands from nat44 and settings nat44 are now all under set vpp nat nat44 (T8254).
  • Manual tweaking of settings under set vpp settings ipsec netlink is now replaced with a new set vpp settings ipsec-acceleration command that automatically enables settings that should be optimal in most cases (T8262).
  • set vpp settings unix poll-sleep-usec is now simply set vpp settings poll-sleep-usec (T8258).
  • Options from set vpp settings cpu are now consolidated under set vpp settings resource-allocation cpu-cores <N>, core allocation is automatic (T8268).
  • Per-interface commands for RX mode are replaced with a single command for all interfaces: set vpp settings interface-rx-mode <polling|interrupt|adaptive> (T8266).
  • Multiple configuration options are now consolidated under set vpp settings resource-allocation (T8261).

New features

  • There are now segment routing commands for IPv4 in addition to IPv6 (T8238):
set protocols static route <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
set protocols static route <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
  • There is a way to make BGP peers learn the remote ASN from the open message instead of specifying it explicitly: set protocols bgp neighbor <N> remote-as auto (T7984).
  • New command to set SRv6 encapsulation source address: set protocols segment-routing srv6 encapsulation source-address <addrs> (T6977).
  • Support for MTC S16209x LCD screens (T8213).
  • Support for ttyAMA* console devices on ARM64 systems (T8120).
  • New commands for viewing IGMP proxy logs: <show|monitor> log igmp-proxy (T8295).
  • New command to allow IPv6 router advertisment prefix derivation from a base interface: service router-advert interface <lan-if> prefix ::/64 base-interface <wan-if> (T8302).

Background operations in the REST API (T7090)

Some large configurations can take considerable time to commit. We should certainly work on improving the configuration system performance to make them faster to commit in the first place. However, we also need to make sure that long-running operations are possible to perform through the API without having the client keep an open connection and wait.

Now we have a general framework for background operations in the HTTP API, implemented using built-in mechanisms of FastAPI. Configuration loading and commits are now queued to be executed in the background and there's an API endpoint to view background operations:

$ curl -k -X 'POST' \
  'https://172.168.99.3:443/retrieve/background-operations' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "key": "NOT_SECRET_KEY"
}' | jq .

{"success": true, "data": {"operations": [
  {
    "op_id": "2b1773ba-aa35-4c54-af09-e98c923e2571",
    "created_at": 1769156996,
    "started_at": 1769157004,
    "finished_at": 1769157007,
    "status": "succeeded",
    "result": "",
    "error": null
  }
]}, "error": null}

This change should make config sync and external tools much more reliable.

Bug fixes

  • Fixed an issue that could cause errors when executing run show hardware cpu on ARM64 machines (T7866).
  • Fixed a deadlock in the HTTP API that could make it unresponsive when multiple concurrent config load operations were executed (T8235).
  • Fixed a syslog configuration issue that could make it freeze when a log file exceeded 512KB (T7756).
  • Fixed an issue with dynamic DNS config migration from previous versions (T7924).
  • Deleting VPP configuration on Google Cloud instances no longer causes errors (T7811).
  • Deleting VPP configuration and then adding it back works as expected now (T8297).
  • Attempts to configure IPoE server on interfaces connected to VPP now correctly raises a configuration error, since it's not currently supported (T8182).
  • The MOTD for the update check is now correctly preserved during reboots (T7945).
  • Updates from older VyOS versions now correctly copy config files again — that was broken for some time after the bind mount fix required to prevent config corruption on power loss (T8257).
  • Yescrypt hashes no longer cause config validation errors (T8270).
  • The password length in set service monitoring telegraf loki authentication password is no longer erroneously limited to 128 characters.
  • The IGMP proxy server will now correctly restart after failures (T8295).
  • Telegraf service is no longer disabled on ARM64 systems, now that we have ARM64 versions of its packages (T8310).
The post categories: api vpp 1.5

Comments

Blog Categories

RSS Feed arrow
See All Categories