vyatta的fork开源版本vyos
vyatta的fork开源版本vyos
来源: https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/
Vyatta came in two flavors: Community Edition and Subscription Edition. VyOS was forked from Vyatta CE 6.6R1. The commercial version of Vyatta at the time (SE) used a different (non-free) routing engine called ZebOS from IP Infusion. IP Infusion was started by the authors of GNU Zebra when they realized they could make money off the project and closed it up. Quagga (which is what VyOS is using) was a fork of GNU Zebra from before they went closed source. The major functionality you get with ZebOS instead of Quagga is multicast routing and DMVPN support. IIRC up until 6.6 Vyatta was also using Quagga for its commercial offering. The major feature of the commercial offering vs. open source was the web GUI and support and "config-sync" for clustering. When Brocade purchased Vyatta Inc the product became the "Vyatta vRouter 5400". Brocade also released another version of Vyatta that leverages Intel DPDK to implement a custom (non-free) forwarding engine that scales performance into the 100G range. That one is called the "vRouter 5600".
Similarly EdgeOS (Ubiquiti EdgeRouter) was forked from Vyatta CE 6.3. Changes between 6.3 and 6.6 are a major reason for configuration inconsistencies between EdgeOS and VyOS (specifically in the areas of NAT and policy routing configuration). Ubiquiti EdgeOS is built using the Linux SDK for the Cavium Octeon network CPU that they use for the EdgeRouter to take advantage of hardware acceleration. The other big thing Ubiquiti brought to the table was a really well designed web GUI (both visually and technically). VyOS has made some progress as well. Initial support for DMVPN and VXLAN were introduced in the 2nd major release (1.1) along with support for 802.1ad (Q-in-Q tagging) and IGMP proxy for basic multicast support. VyOS is a pretty active project with their IRC channel on Freenode having over 100 users and 11 releases since 1.0.0 in December of 2013 and the 3rd major release (Lithium) around the corner. Support for Intel DPDK is out of scope for VyOS but a lot of companies are building versions of Linux that support Intel DPDK which VyOS can be built upon. Specific examples being Wind River Linux (now an Intel company) 6WIND and MontaVista. Because they implement DPDK support at the kernel level VyOS is basically a drop-in to add configuration management for these. I am hoping that with the purchase of Wind River Intel will eventually open source the DPDK-powered Linux enhancements. Where I use VyOS the most is as a firewall. The flexibility to right-size a single solution across physical and virtual firewall needs is really a killer app of VyOS. The firewall policy configuration syntax is very verbose and makes policy audits easy even for security engineers unfamiliar with VyOS specifically. We were able to modify RANCID pretty easily to automate configuration backups for VyOS devices like we do for Cisco. Because the configuration file has all system config it makes swapping a failed unit less like rebuilding a Linux server and more like applying a configuration file to a traditional network device. I use VRRP and conntrack-sync for failover which works nicely. Shortcomings and things to improve:
1 Network/Address group support for IPv6 (currently IPv4 only)
2 It would be nice to see VRRP support for IPv6
3 Adjustments to firewall policy engine when applied to bridge interfaces to better support VyOS in a transparent bridge firewall configuration (currently possible but not "clean").
4 Cross-system LACP to support horizontal scaling of transparent firewall.
5 More work is needed to polish up "cluster mode" and we need config-sync to avoid having to configure multiple devices when in pairs.
6 NAT logging is a challenge at large scale (10000+ users). This is a Linux problem. It would be nice to see the netfilter project implement a CGN kind of offering that mapped a specific range of ports to each internal IP to avoid the need for translation logging.
7 It would be nice to see a DHCPv6 relay agent support injecting routes for DHCPv6-PD and more DHCPv6 support in general.
8 IPv6 transition technologies like NAT64 with DNS ALG.
9 Add VRF-Lite support (start with isolating management VRF)
10 Add Multicast routing support (PIM-SM)
11 JSON-RPC based web API and an optional web GUI that uses the API that can be run locally or on a separate system.
============ End
vyatta的fork开源版本vyos的更多相关文章
- vyatta的fork开源版本
https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ Vyatta came in two flavo ...
- PyCharm 3.0 发布,提供免费开源版本
PyCharm 发布最新的 3.0 版本,该版本新特性详见: http://www.jetbrains.com/pycharm/whatsnew/index.html 该版本最主要的是提供了免费开源的 ...
- 开源版本PowerShell Core 6.2 发布
导读 PowerShell Core 6.2 GA 已发布,PowerShell Core 是 PowerShell 的开源版本,适用于 Linux,macOS 和 Windows. 有关 Power ...
- PouchContainer 开源版本及内部版本一致性实践
PouchContainer 开源版本及内部版本一致性实践 为什么要做内外版本一致 对外开源是提升影响力.共建生态的有力手段.在项目对外开源的过程中,首先是将可以开源的部分抽离出来,发布一个“开源版本 ...
- 开源版本Visifire的应用
Visifire曾经开源,保持使用开源版本是不会有版权问题滴. 引用的命名控件 using Visifire.Charts; using Visifire.Commons; 一.应用示例主要代码 // ...
- fork开源代码后如何基于某个tag建立自己的branch
应用场景: 在github上fork一个自己想看的开源项目,想基于某个tag来写一些测试demo,然后可以做到版本控制. 方法: //克隆 git clone xxxxx.git //查看tag gi ...
- fork 开源项目后如何参与项目
好的开源项目都很想参与到开源活动中,并且会 fork 一份. 经过几个月的学习,大概明白了如果参与开源项目. 当完成 fork 后,就需要在本地 git clone 一份. 有新的功能或需要修复的就开 ...
- 开源版本 hadoop-2.7.5 + apache-hive-2.1.1 + spark-2.3.0-bin-hadoop2.7整合使用
一,开源软件版本: hadoop版本 : hadoop-2.7.5 hive版本 :apache-hive-2.1.1 spark版本: spark-2.3.0-bin-hadoop2.7 各个版本到 ...
- 阿里云数据库产品HybridDB简介——OLAP数据库,支持行列混合存储,基于数据库Greenplum的开源版本,并且吸收PostgreSQL精髓
为什么会有HybridDB的诞生?它经历了怎样的研发历程?它的应用场景和情况是怎样的?带着这些问题,InfoQ对阿里云的数据库专家兼Postgres中国社区/中国用户会主席萧少聪先生进行了采访,以下文 ...
随机推荐
- css布局笔记(三)圣杯布局,双飞翼布局
圣杯布局和双飞翼布局都是三列布局,两边定宽,中间自适应布局,中间栏要在放在文档流前面以优先渲染. 圣杯布局如下 <!-- 圣杯布局 --> <!DOCTYPE html> &l ...
- Unity学习笔记(3):一些常用API和应用场景
Mathf.Lerp(float a,float b,float t)插值函数,当a < b时往a中插入t,以此来实现颜色,声音等渐变效果. GameObject.FindWithTag(str ...
- 【Unity Shader】渲染管线
流程概述 应用程序阶段 应用程序阶段,使用高级编程语言(C.C++.JAVA 等)进行开发,主要和CPU.内存打交道,诸如碰撞检测.场景图建立.空间八叉树更新.视锥裁剪等经典算法都在此阶段执行.在该阶 ...
- sqli-labs学习笔记 DAY4
DAY 4 sqli-labs lesson 23 与lesson 1一样,只不过屏蔽了#和–注释符. 报错型注入: 爆库:id=99' UNION SELECT 1,extractvalue(1,c ...
- 基于Python的信用评分卡模型分析(二)
上一篇文章基于Python的信用评分卡模型分析(一)已经介绍了信用评分卡模型的数据预处理.探索性数据分析.变量分箱和变量选择等.接下来我们将继续讨论信用评分卡的模型实现和分析,信用评分的方法和自动评分 ...
- Mac下基于testrpc和truffle的以太坊智能合约开发环境搭建
原文地址:石匠的blog truffle是一个基于Javascript开发的一套智能合约开发框架,使用Solidity语言编写合约.truffle有一套自动的项目构建机制,集成了开发,测试和部署的各个 ...
- 什么是mvc模式
MVC是一个架构,或者说是一个设计模式,它就是强制性使应用程序的输入,处理和输出分开.将一个应用程序分为三个部分:Model,View,Controller. 原理图: 分析: Model 模型(完成 ...
- Nginx笔记(一):安装
Nginx在安装前需要先安装其所依赖的类库,所以需先行安装好之后再进行Nginx安装. Nginx依赖以下模块: l gzip模块需要 zlib 库 l rewrite模块需要 pcre 库 l ...
- 测试效率 timeit cProfile
timeit使用 def f1(lIn): l1 = sorted(lIn) # O(nlogn) C语言的 l2 = [i for i in l1 if i<0.5] # O(n) retur ...
- vue ,v-for循环对象,不是深度克隆? 数据改变了但是页面元素没有更新。问题解决
<div id="app"> <ul > <li v-for="(val,key,idx) in list" > {{key ...