Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections

New features

New CLI commands associated with the new features can be found in the configuration section.

Extra Small (XS) uCPE hardware switch integration

The Vyatta NOS has been extended to work on the new range of Flexware uCPE hardware being developed and provided by Silicom Ltd.

Support for the Extra Small (XS) uCPE is supported in this release, with support for the larger uCPE range coming in a later release when the hardware platforms are made available.

PlatformSummary Hardware Spec (CPU)MemorySwitch PortsSwitch device
Extra Small uCPE hardware platform CPU: Denverton 4 Core 8GB2x 2.5GE (int)/ 8x 1GE (ext-sw) / 2x10GE(ext) Marvell 88E6190X

This uCPE will provide support for existing vRouter/VNF platform functionality as well as hardware based L2 switching/forwarding. Specific features include:

Layer 2 Switching

  • Port configuration to support access mode /trunk mode
  • MAC Learning on ports
  • Support for primary /default /native VLANs
  • Add / Delete per VLAN, per interface MAC FDB entries
  • Ability to untag packets on egress (default is to maintain the tag, even for the Primary VLAN)
  • Ability to set Port speed and MTU

Port Isolation support

  • Disable/ Enable hardware switching
  • Punt all traffic to CPU for a port when hardware switching disabled (Punt path to CPU)

STP support

  • Punt Path to CPU when port state is blocked
  • Port state setting of the ports

Zero touch provisioning client support for Ciena phone home server

This release adds zero touch provisioning client support to the Ciena phone home server.

The Zero Touch Provisioning Client (ZTP) and Phone Home Client (PHC) were both extended to be compatible with the existing Ciena phone home server, and to work over a standard broadband or ISP link. The ZTP client was also extended to support cloud based bootstrap discovery. Support for remotely upgrading vRouter images was also added, either as part of the ZTP process or thereafter.

IPsec Remote access VPN client support for AT&T vVIG

This feature adds support for an IPsec remote access VPN client.

In order to interoperate with the AT&T vVIG platform, which forms part of the Flexware service, support for an IPsec remote access VPN client was added. This provides a generic IPsec remote access VPN client and supports:
  • IKEv2
  • IPsec ESP
  • Authentication: PSK + EAP-GTC
  • Tunnel failover per profile

The resulting IPsec tunnel can be terminated in a VRF. IPsec VRF support is limited to the tunnel (overlay), whereas the transport (underlay) needs to reside in the default VRF. Additionally IPsec support for all IP address family combinations have been added: IPv4-IPv4, IPv6-IPv6, IPv4overIPv6 and IPv6overIPv4.

All root CA certificates used for the EAP authentication in this scenario on the vRouter/uCPE platform must be provided by the end user. Intermediate CA certificates should be provided by the remote access server or the end user, and will be subject to validation by the IPsec remote access client, using either OCSP or certificate revocation lists. If the certificate revocation check cannot be performed, due to connectivity issues, the client authentication will continue (soft-failure). Only if the IPsec RA server certificate has actually been revoked, will the IPsec RA client authentication fail.

QoS: Eight Weighted Round Robin (WRR) queues per traffic-class

This feature adds the ability to have 8 WRR queues per traffic class, an increase from four in previous releases.

This enables the vRouter to emulate the Cisco model of guaranteed minimum rate bandwidth, whereby each class of service can be allocated its own WRR queue within a traffic-class and use different weightings on each WRR queue to divide the traffic-class's bandwidth between the different WRR queues. This provides the ability for the AT&T Flexware service to continue offering either four or six different levels of class of service (COS) to their customers.

QOS: Allow setting of IEEE 802.1Q PCP value

This feature gives the ability for an inner header to be marked the same as the outer header.

This provides the ability in a scenario where QoS marking is enabled on a VLAN, for an inner header to be marked the same as the outer header, such that when the outer header is stripped at the adjacent networking device, classification can still be performed on the packet, for example the Priority Code Point (PCP) value will still persist on the inner header.

QoS: Clear all counters

This feature provides the ability to clear all QoS counters, usually used as part of troubleshooting network issues.

QOS: Layer 2 negative overhead accounting

This feature enables the shaper and policer to rate limit traffic to a rate which does not include the Ethernet header, which is required in scenarios involving a TDM device on the Ciena Flexware service.

Packets sent from the vRouter/uCPE to a TDM device have their Ethernet header removed and are then sent on without one and with no shaping or policing being done by the TDM device. The vRouter/uCPE needs to shape the traffic to the TDM rates.

QOS: Added policer token bucket tuning

This feature allows the policer time interval (Tc) period for the token bucket algorithm to be configurable.

QOS: Increased WRED max-threshold capability

This feature enables the platform to accommodate higher bandwidths by increasing the WRED max-threshold from 1024 to 8191.

Software RAID support

This feature adds software RAID support.

This feature enables the ability to support multiple disks being configured in a Software RAID, providing support to stripe, mirror or parity the libvirt partition.
Note: RAID support requires a clean install of the system as the RAID and system partitions need to be newly created.

VRRP Path monitor tracking

This feature extends the existing VRRP tracking capabilities.

The user now has the ability to modify VRRP priorities or state based on the state of a path monitor monitor/policy pairs. The feature will behave in a similar manner to the existing VRRP interface tracking feature. The compliance state of the monitor/policy pair will determine if there is a change to the VRRP group.

Static route path monitor tracking

This feature adds the ability to associate static routes with one or more path monitor monitor/policy pairs.

The compliance state of each monitor with its paired policy determines whether the associated route is active in the FIB. This enables route manipulation of traffic without requiring the use of PBR policies.

OSPF Throttling enhancements

These include the ability to enable LSA throttling, LSA arrival throttling and SPF throttling.

MPLS Operations, Administration, and Maintenance (OAM) support

This feature adds support for MPLS OAM tools, including ping and traceroute functionality used to verify an MPLS LSP.

MPLS ping provides end-to-end connectivity verification and MPLS traceroute provides hop-by-hop fault isolation. MPLS OAM also provides fault detection in the dataplane, control plane validation, MTU fault detection and ECMP path verification. Both LDP and RSVP-TE LSPs can be verified by providing a suitable label stack.

System service enhancements

This feature adds a range of new system service support.

  • The ability to specify the interface used to obtain a source IP address for packets sent to the TACACS+ server
  • The ability to specify the interface used to obtain a source IP address for packets sent from the SSH client
    Note: The SSH source interface command should be run in Op Mode or, if run within the Config Mode, it needs to use the run <command> option, for example run ssh user@host.
  • The ability to specify the interface used to obtain a source IP address for NTP packets
  • Extension of ciphers used by the SSH server to include: 3des-cbc, blowfish-cbc, cast128-cbc, aes128-cbc, aes192-cbc, aes256-cbc
  • Limiting the total number of concurrent login sessions on the system

MMC Flash support

This feature adds support for MultiMediaCard (MMC) flash drives into the system.


This feature provides the ability for NETCONF to be VRF aware.

Point-to-Point Protocol over Ethernet (PPPoE) support

This feature provides the ability for the forwarding dataplane to initiate PPP connections over an Ethernet network, thereby creating a tunnel endpoint on a particular dataplane instance.

Show tech-support enhancements

Changes have been made to the show tech support diagnostic tool.

  • show configuration commands output has been added
  • journalctl -a output has been added
  • The lsof -b +M -n -l output has been removed and instead added to generate tech-support archive