Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections

New features – general purpose

New CLI commands associated with the new features can be found in the configuration section.

BGP VPNv4, VPNv6 & 6PE with traffic forwarding over IPv4 MPLS

This feature enables a Service Provider to use an MPLS-enabled IPv4 backbone to provide IPv4 (RFC 4364) and IPv6 (RFC-4659) Virtual Private Networks for its customers.

It includes Multi-Protocol BGP procedures that allow BGP speakers to exchange Route Target reachability information (RFC 4684). Support for 6PE enables the ability to interconnect IPv6 islands over an MPLS-enabled IPv4 cloud (RFC 4798).

IPsec remote access VPN server support

This feature provides support for an IPsec Remote-Access VPN server using IKEv2 (RFC 7296).

This feature also supports the ability for multiple IPsec RA VPN clients to connect and set up secure connections. Initially, this solution will only support up to 1000 tunnels.

IPsec/IKE logging enhancement

The IPsec/IKE logging model has been extended to add a new "minimal" mode.

The IPsec/IKE logging model has been extended to add a new "minimal" mode, whereby for deployments with large numbers of peers and tunnels, only very basic logging takes place, incorporating IKE/Child SA, daemon and manager events.

CPU usage history

This feature enables the user to see a device's average CPU usage over intervals of 1 minute, 1 hour, and 72 hours.

Config-sync enhancements

In this release, the Configuration Synchronization (config-sync) feature has undergone a rewrite in order to significantly improve its performance and scale.

Previously, synchronization was done using the Vyatta REST API, but starting in this release the synchronization is done using the industry standard NETCONF protocol. Due to this change in behaviour, some configuration changes are required on the config-sync secondary device, and possibly on any firewalls or other intermediate networking devices.

The config-sync secondary device must now be configured as a NETCONF server. This can be accomplished using the set service netconf and set service ssh port 830 commands.

Any firewalls will need to be configured to allow the config-sync master to communicate with the secondary on TCP port 830, rather than the current port 443.

User warning for load command

Introduce a warning when using the Load modeled configuration command, such that the user is alerted to the impact of the command.

Syslog message filtering

This feature provides support for filtering the INFO level syslog messages, based on message content, such that the syslog collector network infrastructure can only receive those messages selected as interesting for export.

Extend copy command to support source address

This features provides the ability to specify the source address, such as a loopback address, in the copy command, when the destination is a remote file location (for example, via SCP).

This is required to enable archiving configurations off box. Supported protocols include SCP, FTP & SFTP.

TACACS support secrets group

This features provides the ability for a TACACS+ authenticated user to be placed in the secrets group, such that they can view redacted secrets in the system configuration.

Switch VIF interface state tracking

This features provides configurable support for tracking of the state of member interfaces in a VLAN for a corresponding L3 switch VIF interface.