vyatta的fork开源版本vyos

来源: https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/

Vyatta came in two flavors: Community Edition and Subscription Edition. VyOS was forked from Vyatta CE 6.6R1. The commercial version of Vyatta at the time (SE) used a different (non-free) routing engine called ZebOS from IP Infusion. IP Infusion was started by the authors of GNU Zebra when they realized they could make money off the project and closed it up. Quagga (which is what VyOS is using) was a fork of GNU Zebra from before they went closed source.

The major functionality you get with ZebOS instead of Quagga is multicast routing and DMVPN support. IIRC up until 6.6 Vyatta was also using Quagga for its commercial offering. The major feature of the commercial offering vs. open source was the web GUI and support and "config-sync" for clustering.

When Brocade purchased Vyatta Inc the product became the "Vyatta vRouter 5400". Brocade also released another version of Vyatta that leverages Intel DPDK to implement a custom (non-free) forwarding engine that scales performance into the 100G range. That one is called the "vRouter 5600".
Similarly EdgeOS (Ubiquiti EdgeRouter) was forked from Vyatta CE 6.3. Changes between 6.3 and 6.6 are a major reason for configuration inconsistencies between EdgeOS and VyOS (specifically in the areas of NAT and policy routing configuration). Ubiquiti EdgeOS is built using the Linux SDK for the Cavium Octeon network CPU that they use for the EdgeRouter to take advantage of hardware acceleration. The other big thing Ubiquiti brought to the table was a really well designed web GUI (both visually and technically). VyOS has made some progress as well. Initial support for DMVPN and VXLAN were introduced in the 2nd major release (1.1) along with support for 802.1ad (Q-in-Q tagging) and IGMP proxy for basic multicast support. VyOS is a pretty active project with their IRC channel on Freenode having over 100 users and 11 releases since 1.0.0 in December of 2013 and the 3rd major release (Lithium) around the corner. Support for Intel DPDK is out of scope for VyOS but a lot of companies are building versions of Linux that support Intel DPDK which VyOS can be built upon. Specific examples being Wind River Linux (now an Intel company) 6WIND and MontaVista. Because they implement DPDK support at the kernel level VyOS is basically a drop-in to add configuration management for these. I am hoping that with the purchase of Wind River Intel will eventually open source the DPDK-powered Linux enhancements. Where I use VyOS the most is as a firewall. The flexibility to right-size a single solution across physical and virtual firewall needs is really a killer app of VyOS. The firewall policy configuration syntax is very verbose and makes policy audits easy even for security engineers unfamiliar with VyOS specifically. We were able to modify RANCID pretty easily to automate configuration backups for VyOS devices like we do for Cisco. Because the configuration file has all system config it makes swapping a failed unit less like rebuilding a Linux server and more like applying a configuration file to a traditional network device. I use VRRP and conntrack-sync for failover which works nicely. Shortcomings and things to improve:
1 Network/Address group support for IPv6 (currently IPv4 only)
2 It would be nice to see VRRP support for IPv6
3 Adjustments to firewall policy engine when applied to bridge interfaces to better support VyOS in a transparent bridge firewall configuration (currently possible but not "clean").
4 Cross-system LACP to support horizontal scaling of transparent firewall.
5 More work is needed to polish up "cluster mode" and we need config-sync to avoid having to configure multiple devices when in pairs.
6 NAT logging is a challenge at large scale (10000+ users). This is a Linux problem. It would be nice to see the netfilter project implement a CGN kind of offering that mapped a specific range of ports to each internal IP to avoid the need for translation logging.
7 It would be nice to see a DHCPv6 relay agent support injecting routes for DHCPv6-PD and more DHCPv6 support in general.
8 IPv6 transition technologies like NAT64 with DNS ALG.
9 Add VRF-Lite support (start with isolating management VRF)
10 Add Multicast routing support (PIM-SM)
11 JSON-RPC based web API and an optional web GUI that uses the API that can be run locally or on a separate system.

============ End

vyatta的fork开源版本vyos的更多相关文章

  1. vyatta的fork开源版本

    https://www.reddit.com/r/networking/comments/3dvwfy/who_here_is_using_vyos/ Vyatta came in two flavo ...

  2. PyCharm 3.0 发布,提供免费开源版本

    PyCharm 发布最新的 3.0 版本,该版本新特性详见: http://www.jetbrains.com/pycharm/whatsnew/index.html 该版本最主要的是提供了免费开源的 ...

  3. 开源版本PowerShell Core 6.2 发布

    导读 PowerShell Core 6.2 GA 已发布,PowerShell Core 是 PowerShell 的开源版本,适用于 Linux,macOS 和 Windows. 有关 Power ...

  4. PouchContainer 开源版本及内部版本一致性实践

    PouchContainer 开源版本及内部版本一致性实践 为什么要做内外版本一致 对外开源是提升影响力.共建生态的有力手段.在项目对外开源的过程中,首先是将可以开源的部分抽离出来,发布一个“开源版本 ...

  5. 开源版本Visifire的应用

    Visifire曾经开源,保持使用开源版本是不会有版权问题滴. 引用的命名控件 using Visifire.Charts; using Visifire.Commons; 一.应用示例主要代码 // ...

  6. fork开源代码后如何基于某个tag建立自己的branch

    应用场景: 在github上fork一个自己想看的开源项目,想基于某个tag来写一些测试demo,然后可以做到版本控制. 方法: //克隆 git clone xxxxx.git //查看tag gi ...

  7. fork 开源项目后如何参与项目

    好的开源项目都很想参与到开源活动中,并且会 fork 一份. 经过几个月的学习,大概明白了如果参与开源项目. 当完成 fork 后,就需要在本地 git clone 一份. 有新的功能或需要修复的就开 ...

  8. 开源版本 hadoop-2.7.5 + apache-hive-2.1.1 + spark-2.3.0-bin-hadoop2.7整合使用

    一,开源软件版本: hadoop版本 : hadoop-2.7.5 hive版本 :apache-hive-2.1.1 spark版本: spark-2.3.0-bin-hadoop2.7 各个版本到 ...

  9. 阿里云数据库产品HybridDB简介——OLAP数据库,支持行列混合存储,基于数据库Greenplum的开源版本,并且吸收PostgreSQL精髓

    为什么会有HybridDB的诞生?它经历了怎样的研发历程?它的应用场景和情况是怎样的?带着这些问题,InfoQ对阿里云的数据库专家兼Postgres中国社区/中国用户会主席萧少聪先生进行了采访,以下文 ...

随机推荐

  1. Appium知识积累

    1.使用uiautomatorviewer 可以直接在命令行输入uiautomatorviewer,打开获取屏幕截图工具,连接手机,打开所要获取包名的应用,然后获取其截图,根据截图查看package即 ...

  2. Unity编辑器扩展 Chapter7--使用ScriptableObject持久化存储数据

    Unity编辑器扩展 Chapter7--使用ScriptableObject持久化存储数据 unity unity Editor ScirptableObject  Unity编辑器扩展 Chapt ...

  3. Git----02本地仓库进行文件添加&修改&删除&查看

    一.将新文件上传到本地仓库----使用小乌龟工具 1.1.将文件添加到暂存区 进入仓库目录,创建文件,添加暂存区     1.2.将文件添加到本地仓库 选中已经添加到暂存区的文件,进行提交 二.查看本 ...

  4. telnet命令详解

    基础命令学习目录 原文链接:https://www.cnblogs.com/PatrickLiu/p/8556762.html telnet命令用于登录远程主机,对远程主机进行管理.telnet因为采 ...

  5. pairwork(黄敬博12061156和黄伟龙12061172)

    结对编程: 结对编程的优缺点: 优点: 1.相互督促,共同为了完成目标而努力: 2.节省时间,通过将疑难问题分开解决,共同讨论,实现了更高效的时间利用率: 3.能力互补,提高代码的质量,同时也提高了测 ...

  6. Daily Srum 10.26

    Daily Scrum Meeting 虽然TFS的相关使用已经在上面贴出来一段时间,但是要运用TFS还是有些困难的,特别是TFS的代码管理机制,所以我们让部分人先弄清楚,然后再教授给其他人.终于大家 ...

  7. 2017-2018-2 1723 『Java程序设计』课程 结对编程练习-四则运算-中坚阶段

    2017-2018-2 1723 『Java程序设计』课程 结对编程练习-四则运算-中坚阶段 如今的编写,进入了一段时间的中坚阶段,小伙伴的思路虽然很一致,但是总是存在着一定问题,这就造成了我们中坚阶 ...

  8. spring冲刺第四天

    昨天进行了地图的初步编写,但是存在BUG. 今天上网查找了错误的原因,改进了源代码,使程序可以执行. 遇到的问题;感觉地图界面太简单,需要作出更多的场景,这就需要不断的完善.

  9. Task 6.2冲刺会议八 /2015-5-21

    今天把主界面大体完成了,摄像头的拼接和语音以及麦克风的功能都已经基本上实现了.但是登录界面到主界面的跳转还是没有成功.过程中遇到的问题有登录协议的地方没有明确,一直出现跳转连接异常.明天准备把跳转的部 ...

  10. 假如 GFW 遇上 ML

    我稍微试了一下梯子 我稍微试了一下梯子,在有梯子的情况下进行google搜索,然后wireshark 抓包.所有问题跃然纸上 当前我认为:> 只要你和一个非国内的服务器长时高频交换数据,基本上就 ...