Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Show Page Sections

New features

New CLI commands associated with the new features can be found in the configuration section.

VXLAN tunnel support

This feature adds support for VXLAN and VXLAN-GPE tunnels.

The following configuration mode commands are introduced:
  • set interfaces tunnel tun0 encapsulation < vxlan | vxlan-gpe >
  • set interfaces tunnel tun0 vxlan-id <0-16777216>
  • set interfaces tunnel tun0 transport multicast-group <ipv4-address | ipv6-address>
  • set interfaces tunnel tun0 transport routing-instance <vrf-name>
  • set protocols static vxlan-mac interface <if-name> mac <mac-addr> remote-ip <ip-address> [ vni <vni> ]

Policy based IPSEC with firewalls and DNAT/SNAT

This adds the ability to run interface-based firewalls, zone-based firewalls, DNAT, and SNAT with policy-based IPSec site-to-site tunnels.

The following configuration mode commands are introduced:
  • set interfaces virtual-feature-point <vfpN>
  • security vpn ipsec site-to-site peer <peer> tunnel <num> uses <vfpN>
  • set interfaces virtual-feature-point <vfpN> firewall in <rule-set-name>
  • set interfaces virtual-feature-point <vfpN> firewall out <rule-set-name>
  • set interfaces virtual-feature-point <vfpN> firewall local <rule-set-name>
  • set service nat source rule <num> outbound-interface <vfpN>
  • set service nat destination rule <num> inbound-interface <vfpN>
  • set service nat ipv6-to-ipv4 rule <num> inbound-interface <vfpN>
  • set security zone-policy zone <zone> interface <vfpN>

TCP SYN packet MSS clamping

This feature adds the ability to modify the value of the TCP MSS option in SYN and SYN ACK packets.

In order to configure MSS clamping, the following configuration mode commands are introduced under the existing interface <iftype> <ifname> command:
  • ip tcp-mss mtu
  • ip tcp-mss mtu-minus value
  • ip tcp-mss limit value
  • ipv6 tcp-mss mtu
  • ipv6 tcp-mss mtu-minus value
  • ipv6 tcp-mss limit value

Values range from 1 to 65535.

Assign cost to summary route in OSPFv2 and OSPFv3

This feature provides a way to configure a fixed cost to be advertised with the summary route.

The following configuration mode commands are introduced:
  • set protocols ospf [ process <process-ID> ] area <area-ID> range <IPv4-prefix> metric <0..16777214>
  • set routing routing-instance <name> protocols ospf process <process-ID> area <area-ID> range <IPv4-prefix> metric <0..16777214>
  • set protocols ospfv3  [ <process-name> ] area <area-ID> range <IPv6-prefix> metric <0..16777214>
  • set routing routing-instance <name> protocols ospfv3  <process-name> area <area-ID> range <IPv6-prefix> metric <0..16777214>
  • set protocols ospfv3 process <process-name> address-family ipv4 unicast area <area-ID> range <IPv4-prefix> metric <0..16777214>
  • set routing routing-instance <name> protocols ospfv3 process <process-name> address-family ipv4 unicast area <area-ID> range <IPv4-prefix> metric <0..16777214>

Assign tag to static route

This feature provides the ability to assign tags to static routes and ability to filter and redistribute into other routing protocols based on that, it should work for both IPv4 and IPv6 static routes.

The following configuration mode commands are introduced:
  • set protocols static interface-route <v4prefix> next-hop-interface <interface> tag <1..4294967295>
  • set protocols static interface-route <v4prefix> next-hop-routing-instance <name> next-hop-interface <interface> tag <1..4294967295>
  • set protocols static interface-route6 <v6prefix> next-hop-interface <interface> tag <1..4294967295>
  • set protocols static interface-route6 <v6prefix> next-hop-routing-instance <name> next-hop-interface <interface> tag <1..4294967295>
  • set protocols static route <v4prefix> blackhole tag <1..4294967295>
  • set protocols static route <v4prefix> unreachable tag <1..4294967295>
  • set protocols static route <v4prefix> next-hop <v4address> tag <1..4294967295>
  • set protocols static route <v4prefix> next-hop-routing-instance <name> next-hop <v4address> tag <1..4294967295>
  • set protocols static route6 <v6prefix> blackhole tag <1..4294967295>
  • set protocols static route6 <v6prefix> unreachable tag <1..4294967295>
  • set protocols static route6 <v6prefix> next-hop <v6address> tag <1..4294967295>

Track interface state to a vhost interface

This feature will monitor the link status of a configured set of interfaces and set the guest interface link status when all the monitored host interfaces are down.

The following configuration mode commands are introduced:

  • set interfaces vhost <dpFvhostN> transport-link <intf>

IPSLA support

This feature allows monitors to measure various SLA parameters and to modify PBR routing based upon these measures.

  • set service path-monitor monitor <name> history results <mhsize>
  • set service path-monitor monitor <name> history policy-state-change <phsize>
  • set service path-monitor policy <name> type ping jitter
  • set service path-monitor policy <name> type ping loss
  • set service path-monitor host <name> type twping
  • set service path-monitor host <name> type twping dscp <dscp-value>
  • set service path-monitor host <name> type twping padding <pad-size>
  • set service path-monitor host <name> type twping control-port <port>
  • set service path-monitor host <name> type twping port-range start <low>
  • set service path-monitor host <name> type twping port-range end <high>
  • set service path-monitor host <name> type twping source-address <address-or-interface>
  • set service path-monitor policy <name> type twping reflect jitter...
  • set service path-monitor policy <name> type twping reflect time ...
  • set service path-monitor policy <name> type twping round-trip jitter ...
  • set service path-monitor policy <name> type twping round-trip loss ...
  • set service path-monitor policy <name> type twping round-trip time ...
  • set service path-monitor policy <name> type twping send jitter...
  • set service path-monitor policy <name> type twping send time ...
  • set service path-monitor monitor <name> type twping...
  • set service path-monitor monitor <name> type {ping | twping} routing-instance <ri-name>

Firewall/QoS: make the policer overhead configurable

This feature allows configuration of L2 overheads which are added to a packet during transmission over Ethernet.

The following configuration mode commands are introduced:
  • set policy qos name "name" shaper class "id" match "name" police frame-overhead "inherit | 0-1000"
  • set policy action name "name" police frame-overhead "inherit | 0-1000"

QoS: make qlimit for WRED configurable

This feature adds support for weighted random early detection (WRED) queues up to 8192 packets long.

The following configuration mode commands are introduced:
  • set policy qos name <policy-name> shaper traffic-class <0..3> random-detect max-threshold <1.8191>
  • set policy qos name <policy-name> shaper traffic-class <0..3> random-detect min-threshold <1..8190>

Firewall/QoS: add aggregate policer capability for a set of class matches

This feature adds resource groups of IP protocol values, resource groups of DSCP values and action group to be configured which can contain one or more features, these groups can then be used in firewall and QoS.

The following configuration mode commands are introduced:
  • policy actions group [ name ]
  • set resource group dscp-group <name> description <description> dscp <valid-dscp-value> [ a list of values]
  • set resource group protocol-group <name> description <description>  protocol <valid-protocol-value> [ a list of values]

CPU tuning support in VNF platform

This feature allows the pinning individual virtual CPUs to their own cpuset.

The following configuration mode commands are introduced:
  • set virtualization guest <N> vcpupin vcpu <M> cpuset <P>

UEFI secure boot

This feature enables cryptographically signing the boot loader, the kernel image and any kernel modules with an x509 certificate

There are no related configuration commands.