Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Show Page Sections

New features - base Vyatta NOS

New CLI commands associated with the new features can be found in the configuration section.

BGP VPN multipath and PIC edge support

BGP VPN Multipath support provides iBGP multipath, eiBGP multipath and BGP PIC (Prefix Independent Convergence) Edge support for VPNv4 and 6VPE (VPNv6) topologies.

BGP L3VPN inter AS support

Inter autonomous system support allows L3VPN BGP peerings to be exchanged between autonomous systems.

The Inter Autonomous System (AS) support enables the ability to exchange L3VPN BGP peerings between different autonomous systems, where the Autonomous System Border Routers (ASBRs) provide directly connected eBGP peering between each Provider AS. The Inter AS functionality is discussed in RFC4364 Section 10, for scenario A, B and C where the ASBR function differs:
  • Scenario A involves a separate sub-interface configured between the ASBRs.
  • Scenario B has a directly connected eBGP-VPN peering between the ASBRs.
  • Scenario C, the eBGP VPN prefixes are exchanged between Route Reflectors, where the ASBRs have IPv4 labeled unicast configured.

Flow monitoring enhancements

Flow monitoring has been enhanced to support virtual network interfaces.

The existing solution has been extended to enable Flow monitoring support for a Virtual Network interface (VIF) when the interface type is bonding. It also now supports the virtual-feature-point (VFP) interface type, which is currently only used when bound to an IPsec VPN tunnel.

ICMP rate limiting

ICMP rate limiting reduces the amount of bandwidth being used by the ICMP traffic and helps to prevent DoS or similar attacks.

This feature provides the ability to rate limit ICMP errors being generated by the dataplane within the router and is primarily used to prevent the exploit of large numbers of ICMP messages causing a DoS or similar attack. It limits the amount of bandwidth being used by the ICMP traffic, thereby preserving the bandwidth for non ICMP traffic.

TWAMP dataplane offload

This feature improves two way active measurement protocol, which is used to measure delays between two IP-capable network devices.

The Two Way Active Measurement Protocol (TWAMP) facility provides a means to accurately measure the round-trip delay between two IP-capable network devices. Typically, TWAMP consists of a client and server together with two separate protocols, TWAMP-Control and TWAMP-Test. TWAMP-Control is used to start and stop individual TWAP-Test sessions. TWAMP-Test is used to exchange test packets between client and server with the derived timing (delay) information returned to the client in the reply packets (the reflection process). Each test reply packet contains two timestamps, an arrival time - when the packet was delivered to the server, and a departure time - when the packet was sent by the server.

This feature improves the TWAMP session reflection jitter and latency by delegating the processing of individual TWAMP test packets to the dataplane, thereby significantly reducing the processing variance previously seen.

Deferred boot support

This feature allows the default boot image to changed at operator discretion.

The previous behavior of add system image automatically set the newly installed image as the default boot. If a system restarted any time after that, then that new image would have been booted. This enhancement extends the behavior to allow deferment of changing the default boot to a later time at the operator's discretion, thereby allowing staging of newer images for later activation and offering some degree of protection over power failures during upgrade procedures.

Modeled command support

This feature adds modeled command support to view user login history and reboot details.

This feature adds support for modeled commands to provide history about the user login data and device reboot timestamps, which can be very useful to help track user activity, investigate possible security breaches and for general debug purposes. The feature also enables configuration options to determine how long the history should be retained on the system.

Kernel crash dump support

This feature adds kernel crash dump support which saves a crashed kernel's memory image to disk after a kernel panic.

The kernel crash dump feature enables the ability to capture a crashed kernel's memory image to disk after a kernel panic. A kernel panic may be triggered by a kernel bug, including kernel Oops, NMI interrupts, and diagnostic panics triggered by SysRq. The captured dump file may be analyzed offline by the crash utility. Without this support, in the event of a system crash or panic, an attached console is the only way to view any diagnostic messages. In certain deployments, there may be no console access, thereby making it difficult to diagnose or debug these crashes. And for those deployments with a configured console, these message may get lost with subsequent system reboots. This feature is based on the underlying Linux kdump facility. KDump loads a crash kernel into the system's reserved memory and uses kexec to boot into this crash kernel in the event of system crash. The crash kernel captures the old kernel's memory image (vmcore) and saves it to the disk.

ALG support for PPTP

This feature adds Application Layer Gateway (ALG) support for point-to-point tunneling protocol.

This feature enables the router to process Point-to-Point Tunneling Protocol (PPTP) packets, perform Network Address Translation (NAT) and open pinholes for new traffic flows between the PPPTP client and server.