VyOS Project October/November 2020 Update
Posted 7 Dec, 2020 by Daniil Baturin
This may be our most delayed update in history, but as they say, "better late than never".
Early in November, United States elections have been a focus of attention, especially for our American colleagues and customers, so we decided to postpone posting this update. Then came the time of season-appropriate "black Friday" and "cyber Monday" posts and the usual stream of distractions that comes when everyone is trying to get things done before the year ends. Still, there's lots of news to share, and the time to do it has come—read on!
We call VyOS a universal router, and one of the things we mean is that it’s available on a wide variety of platforms—a router you can bring to any network. We are constantly working to bring it to new platforms from hardware appliances to cloud marketplaces. Now we are happy to announce significant progress in many directions!
VyOS and Oracle
When it comes to Oracle platforms support, last few months were very productive. First, VyOS is now officially on the Oracle Cloud Marketplace.
However, there's more. VyOS is now supported on the Oracle Private Cloud Appliance, and it's also listed in the Oracle ISV catalog. And there's even more to come: we are working to bring cross-vendor support via TSANet, so that Oracle platform customers will be able to open support tickets for VyOS via the Oracle TSANet portal, and we'll work with Oracle on your behalf to resolve those issues.
Now to the details.
- Oracle Cloud Infrastructure
An official VyOS image was accepted to the Oracle Cloud Marketplace and is now available to customers from the USA.
It’s priced $0.1/hr per CPU core, and can work on instances with one OCPU and 512M RAM. Now companies can take VyOS with them if they are expanding or moving to Oracle Cloud.
- VyOS for OracleVM Server and Oracle Private Cloud Appliance
Oracle VM Server (the Xen-based one) and the Oracle Private Cloud Appliance are now officially supported platforms. There aren't many network OSes that support them, so we are happy to offer their users more choice and flexibility.
- VyOS for Oracle Linux KVM and Oracle OpenStack
Just like OracleVM Server and the PCA, these platforms are fully supported and eligible for commercial support.
EPSGlobal and VyOS-powered hardware
As you may remember, some time ago we have partnered with EPS Global. Our initial partnership terms made it simpler for existing customers of EPS Global to buy VyOS software access and support subscriptions.
Now we are working with them to ship hardware with VyOS preinstalled. It will be possible to order right from the website.
New community site
We have to admit that the current vyos.io website isn't especially good either for community members or commercial customers. Useful information is hard to find for both categories of visitors. It's time to do something about it, which is why we are splitting it into two websites.
community.vyos.io will be specially made for community members, and it will focus on information for contributors and community users. It will be a static website, easy to contribute to using the normal git workflow.
Here's what it will look like:
We are working on the missing pages and the build process now, so we'll announce its launch soon.
VyOS 1.3 development news
AZERTY Layout added
You now can set AZERTY layout in latest rolling releases.
set system option keyboard-layout fr
IPv6 VPN improvements
IPv6 adoption is definitely increasing. When I first implemented IPv6 IPsec CLI support back in the days, IPv6 over IPv6 IPsec was an exotic scenario, and IPv4 over IPv6 IPsec was seen as purely hypothetical.
Now there are people asking about it, and it’s time to make sure IPv6 VPN use cases are supported properly.
First, OpenVPN now supports IPv6 addresses for “
local-address” and “
remote-address” options, so that you can pass IPv6 traffic through your tunnels.
Second, IPv4 over IPv6 and IPv6 over IPv4 IPsec is also configurable now.
Of course, these features need thorough testing to make sure that they work well and don’t interfere with any other features. If you spot any problems with these scenarios, let us know!
As you likely already know, we are working on MPLS support in the rolling release. Thanks to implementations in the Linux kernel and FRR, this long-requested feature is doable without proprietary or experimental code these days, but CLI design and development takes time to get right.
It’s great to see interest in that feature and it’s even better to see new contributors join and start working on it. For example, a new contributor who goes by Cheeze_It went ahead and added “
run reset mpls ldp neighbor” commands.
We’d like to encourage everyone to test what is there, expand it, or at least tell us about your MPLS use cases and needs.
- There’s now “set service dns forwarding source-address” option so you can specify which address to use as a source for DNS queries now.
- It's now possible to change the video console keyboard layout with (useful for people from French-speaking countries where the usual layout if not QWERTY but AZERTY).
Automated tests need your contributions!
One bad thing about infrastructural projects is a long time until they bring tangible results. Until then you need to keep pushing your vision and work on implementing it. Our work on making the CLI fully programmable is of that kind: it took a long time, it required a lot of hard design and implementation decisions, but its outcomes are starting to change every part of the system for the better.
One thing is that automated tests finally became possible. Development images include a set of "smoke tests" that everyone can run on their system and see if they pass. For example, consider this SSH test script.
vyos@vyos-test:~$ /usr/libexec/vyos/tests/smoke/cli/test_service_ssh.py ...VRF "ssh-test" does not exist . ---------------------------------------------------------------------- Ran 4 tests in 34.160s OK
Their performance isn't stellar (because our commit performance isn't stellar in general—we are working on that too). But, we also need more tests. Many scripts we have are rather rudimentary. So, if you are looking for a starting point for contributing and don't know where to start, heading to smoketest/scripts/cli is a good way to do that.
Together we can make refactoring VyOS code and updating packages much safer, and thus development will be faster.
Rolling release snapshots
Getting build automation for a complex project takes time, but we've mostly figured it out by now, and this month we will finally release the first monthly snapshots of the rolling release. Those images will help us bridge the gap between the "potentially broken at any time" nightly builds and the fully stable but slow moving LTS release.
IS-IS support and routing protocol script rewrites
Thanks to support for IS-IS in the FRR routing protocol suit, we can support it. Latest nightly builds include a CLI for IS-IS. There has been quite a debate regarding the command naming, but most people voted for "isis", so now it's under "set protocols is-is".
Other protocols aren't neglected either. BGP now uses the new style scripts and commands. Eventually all old-style, messy code will be gone and maintenance will become much easier.
1.3 soft freeze coming in January
In the Northern hemisphere, January is the coldest month. That's a perfect time for a code freeze. VyOS 1.3 (equuleus) branch will come to a "soft freeze", which means no untested code can go there, and the focus will be on testing and stabilization.
The new 1.4 branch will be named Sagitta, after a small constellation of the northern sky. Its name means "an arrow" in Latin. Despite its name, it's not related to the more well-known Sagittarius constellation, and isn't even located nearby: if you want to find it in the night sky, your best landmark is the "Northern cross" asterism of Cygnus, or the Vega star.
Here's a simulated look from Stellarium.
When everything is setup, including Phabricator milestones, we will set Sagitta as a default branch for the git repos, and all new pull requests will go into it.
Stay tuned for further updates!