New features – general purpose
New CLI commands associated with the new features can be found in the configuration section.
The base Linux OS is updated to Debian 10.
AWS public cloud support
This feature adds the ability to run Vyatta router in AWS public cloud for Nitro instance types (KVM), modern Nitro instance types are supported and legacy Xen instance types are not.
Path monitor enhancements
Various functions are added to the core Path Monitor feature.
- Configurable packet count for twping (TWAMP) monitors
- configurable inter-packet delay for ping and twping (TWAMP) monitors
- configurable source address for ping monitors
- configurable randomised delay support for twping (TWAMP) monitors (in certain modes)
OSPF stub router advertisement
This feature adds support for RFC-6987 for OSPFv2 and OSPFv3.
This involves advertising the cost of transit links as MaxLinkMetric (65535) so that the vRouter is still reachable but will not be used to forward traffic.
VRRP state retrieval via netconf
This feature allows the retrieval of the
state of VRRP using netconf in addition to the existing mechanism of the CLI
show vrrp commands.
Enhancements to configuration of QoS burst size
This feature allows you to specify the burst size for a shaper in milliseconds.
BGP graceful restart
This feature adds support for the BGP Notification Message support for graceful restart (RFC 8538) which was not provided previously
BGP Graceful Restart (RFC 4724 Graceful Restart Mechanism for BGP) functionality currently exists in Vyatta, where bgpd process restart is also supported.
Hot fix installation
This feature adds the support for hot fix package installation.
Display uptime/last clear in show interface dataplane output
A small change to add uptime and last-clear output to
show interface dataplane.
Link Aggregation fast periodic (fast rate) support
Link aggregation, 802.1AX-2014 (formerly 802.3ad), supports a shorter timeout for LACPDU packets and this feature adds such support, this is often called fast periodic or fast rate.
IPsec remote access VPN server: EAP-TLS authentication support
This feature adds support for EAP-TLS (RFC 5126).
IPsec RA VPN server: DNS configuration attributes
This feature introduces support for the configuration payloads INTERNAL_IP4_DNS and INTERNAL_IP6_DNS.
INTERNAL_IP4_DNS and INTERNAL_IP6_DNS allow the IPsec RA VPN server to communicate to the IPsec RA VPN client which DNS server should be used inside the tunnel, in accordance with RFC 7296.
IPsec RA VPN server: per-profile client ID authentication filtering and matching
This feature lets you configure filters. IKE uses these filters to match and filter remote peers.
Increase TWAMP server maximum control sessions
This feature allows support for up to 4096 concurrent control sessions.
This feature provides eiBGP multipath functionality - RFC 968 eiBGP Multipath.
Netconf – confirmed commit
Commit confirm is a feature which is currently available on the vRouter CLI.
It helps guard against committing configurations which can cause loss of connection to the system being managed, and prevent system instability or crashes. Such scenarios are automatically recovered if the configuration is not confirmed.
Yang identity and identityref support
This feature will complete the support of identities in the Yang compiler, as specified in RFC 6020.
TLS 1.3 support
TLS 1.3 support has been added to a range of features.
- vyatta-zerotouch / Phone Home Client
- add system image ...
- clone image ...
- vyatta-openvpn / resource service-users ldap
- strongswan / ext-fetcher