Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections

New features

New CLI commands associated with the new features can be found in the configuration section.

Support for the UfiSpace S9500-30XS platform (Qumran AX)

This feature provides Phase II of L2 switching support for Qumran AX.

This feature includes support for:

  • L1/L2: Integration of BCM82391 for 100G long range PHY support
  • L2: Ingress and Egress VLAN counters on Switch Virtual Interface (SVI)
  • L2: Storm control for broadcast, unicast and multicast traffic on a physical interface, with syslog notification and counter support
  • L2: disable Gratuitous ARP processing

BMC Sensor display support for UfiSpace S9500-30XS platform

This feature improves and adds functionality to the BMC sensor.

This feature:

  • extends the show hardware sensor CLI to display information from the BMC sensor data model
  • shows the BMC SEL (System Event Log) list, via a modeled CLI
  • introduces CLI to set/modify the BMC sensor thresholds

BMC watchdog support

This feature adds BMC watchdog support to the Vyatta NOS.

Many hardware platforms include watchdog hardware timers. These timers generate a system reset signal when the timer expires causing a system reset.  This feature provides interaction between the Vyatta NOS and the AST2400 BMC watchdog, such that the BMC can automatically reboot the device if the system is determined to be in a hung state.

Vyatta NOS also monitors the BMC status by issuing IPMI commands at a regular interval. It generates an entry into the syslog and systemd journal noting whether such status check commands failed or succeeded.

Vendor hardware diagnostic integration

This feature integrates vendor hardware diagnostics to allow system debugging.

When Vyatta NOS is installed on specific platforms, the platform vendor may be able to provide a set of diagnostic routines that can be used to test the hardware in the system. The end user would like to be able to run these diagnostics to qualify hardware during the initial deployment and when debugging systems in the field. This feature provides a framework to integrate the vendor diagnostics and an initial implementation using the diagnostics for the UfiSpace S9500-30XS platform.

SNMP Traps

SNMP traps support has been added to the S9500-30XS platform with this release.

Support has been added to Vyatta NOS for SNMP traps that are required. The vendor proprietary traps currently in use by the S9500-30XS platform have been replaced by standard MIBs and two new proprietary AT&T vendor MIBs.

Additionally, SNMP notifications are logged to SYSLOG. The SNMP notifications are converted to a text representation and logged at a particular facility and level to the local SYSLOG.  The standard SYSLOG configuration may then be used to write these logs to a file or to forward to another host.

TACACS+ Command authorization

This release adds TACACS+ command authorization.

This feature enables the authorization of all commands which are executed on a device by forwarding these commands to a TACACS+ server to be authorized.  If the network element is not capable of forwarding commands to the TACACS+ server then the commands are authorized locally.

TACACS+ Server hold down timer

This feature adds the ability to enable a hold down timer for each configured TACACS+ server on the system.

If the system fails to connect to, or fails to communicate with, the server then its hold down timer will be activated.  While the hold down timer for a server is active the server will not be used. Once a hold down timer expires for a server it may be used for future transactions, until such time that a failure is experienced and the hold down timer is re-activated.

OSPF HMAC-SHA Authentication

This feature adds OSPFv2 HMAC-SHA authentication support.

This feature adds support for OSPFv2 HMAC-SHA authentication conforming to RFC-5709 and OSPFv3 HMAC-SHA authentication conforming to RFC-7166.

Also added is OSPFv2/OSPFv3 support for start/end time for authentication keys.

Vyatta NOS password requirements

This feature improves password security by enforcing the use of stronger passwords in Vyatta NOS and also adds the ability to automatically disable user accounts for a period of time after a number of failed login attempts.

Disable INET ports for non-configured services

This feature disables INET ports for MPLS and BFD services in Vyatta NOS if they are not configured in the system.

QoS MIB Support

This feature introduces support for a proprietary Vyatta NOS QoS MIB that provides access to a selection of QoS counters and attributes, there is no support for MIB set (write) operations.

BFD Support in the Dataplane

This feature updates BFD support in the dataplane.

Previously, BFD packet processing was implemented in the OAMD user-space process. Packets were sent between OAMD, the kernel and the dataplane slow path.

This feature off-loads the packet processing to the dataplane itself, either in software or in hardware, through the Forwarding Abstraction Layer (FAL).

ICMP Redirect configuration support

This feature provides the ability to configure ICMP redirect.

ICMP redirect messages are used by routers to notify the hosts on the data link that a better route is available for a particular destination. For a variety of reasons, one of them being security based, some customers would like to be able to disable ICMP redirect, and this feature simply provides the ability for a customer to configure ICMP redirect, for example, disable/enable ICMP redirects.

Network prefix translation for IPv6

Network prefix translation for IPv6 (NPTv6) defines a stateless way of IPv6 address prefix translation between internal and external networks.

NPTv6 does not maintain the state for each node or each flow in the translator. Maintenance of mapping state is not required for the address mapping of inbound or outbound packets. A stateless, transport-agnostic IPv6-to-IPv6 NPTv6 function offers the advantage of address-independence associated with IPv4-to-IPv4 NAT (NAPT44) and provides a 1:1 relationship between addresses in the inside and outside prefixes, thereby preserving end-to-end reachability at the network layer. In upstream networks, IPv6 addresses used by the edge network always contain a provider-allocated prefix.

MSTP support on uCPE (V150) hardware switch

Multiple Spanning tree protocol support was added to Vyatta NOS in release 1808 for use on software systems, this feature extends that support to the uCPE (V150) hardware switch platform.

LIBVIRT Partition optimization

This feature adds the ability to allow the LIBVIRT partition to grow to consume all remaining space, this simplifies automated install procedures across the various platform size.

Previously, the Vyatta NOS  installer allowed you to specify the size of the various partitions, and for the Vyatta NOS partition 0 could be specified to automatically consume the remaining available space.  On the VNF platform, this is not ideal because the space requirements for Vyatta NOS are small and the remaining space is best used for the VNF LIBVIRT partition.

Huge pages memory reservation

This feature adds the ability to configure huge pages memory reservation.

Vyatta NOS requires that persistent huge pages are reserved at the system boot for its dataplane process and for any VNF that may be launched.  At this point, exactly how much memory is allocated for the dataplane and VNFs is determined automatically based on a set of heuristics.  Normally, these heuristics work well in most situations.

This feature adds the ability to configure huge pages reservation to meet different VNF deployment requirements as the default memory allocation heuristic may sometimes result in inefficient pre-allocation of memory between the dataplane, kernel, user space, and in the case of VNFs, guest VMs.