vyos--Enterprise Soft Route recommendation

Today we recommend a good open source routing operating system---Vyos, is also my personal favorite of a soft router. Vyos is based on the Debian Gnu/linux, which provides similar operations to other Junos-like iOS, Juniper, and is particularly comfortable to configure, especially with commands such as compare, rollback, etc. Easy to compare configuration and error rollback, won my heart.

As a result of the use of Mikrotik RouterOS, in the process of using gradually found some of its performance and stability of the shortcomings, so gradually turned to vyos, listening to a veteran Linux old driver said that he had a simple flow pressure test for Vyos, A vyos virtual machine hit 800M of traffic without any pressure. Of course RouterOS provides client-side management tools such as Winbox, which is very easy to get started, and fully sufficient if there are no special needs.

First, Introduction

Vyos, formerly known as Vyatta, was the Community Fork version of the Vyatta system, and Vyatta provided the open source version of the virtual route in 2002 and was later acquired by Brocade. Vyatta is the enterprise-class product of Bo Tong, the well-known open source router project under Linux, in its official test performance even more than the Cisco 7200 series routers, can support RIP, OSPF, BGP and other routing protocols as well as VPN, NAT, HA and other features. All features of enterprise routing are supported, and virtual machines are supported.

Vyos the first version of the project was released in 2013 and is still active. Relative to other projects-like opencontrail under Juniper Management, it has a complete use and installation documentation, and also provides API documentation for developers to refer to (this is one of the reasons I like this operating system). It can be used to implement software firewalls, routers, VPNs and other functions.

Second, the characteristics

1. Platform Support

• 32-bit x86

• 64-bit x86

• KVM (Virtio drivers included)

• Xen HVM (including XenServer and EC2)

• VMWare (Open-vm-tools included)

• Hyper-V (drivers included)

• VirtualBox (guest additions not included),

  (The terminal that supports serial port is enabled by default)

2. Routing

• BGP (IPV4 and IPV6)

• OSPFv2

• OSPFv3 (incomplete)

• Rip

• RIPng

• policy-based Routing

3. Network interface

• Ethernet

• 802.1q VLAN, QinQ

• NIC Bonding

• Bridges, STP (no RSTP or other extensions)

• Port Mirroring and redirection

• Dummy interfaces (analogous to multiple loopbacks)

• Pseudo-ethernet (aka MAC VLAN)

• 802.11 Wireless (client and access point)

• Some Wireless modems (not very good support)

• PPPoE

Note: No support for serial WAN, ISDN, dial-up, DSL cards. Use a external device for that.

4. Firewalls and NAT

• Stateful Firewall

• Network/address/port groups (IPV4 only)

• zone-based Firewall

• Source and Destination NAT

5. VPN

• Site-to-site IPsec (with pre-shared key or authentication)

• VTI (Virtual tunnel Interfaces)

• OpenVPN (client, server, Site-to-site)

• GRE, Ipip, IPIP6, IP6IP6 tunnels

• VXLAN

• unmanaged L2TPv3

• L2tp/ipsec and PPTP remote access VPN

• DMVPN (experimental)

6. Network Service

• DHCP Server and Relay

• Caching DNS Server

• Web Proxy with some URL filtering support (no HTTPS filtering)

• Telnet and SSH for remote management

• IGMP Proxy

• QoS Support

7. High Availability

• VRRP (IPV4 only)

• Conntrack Sync

• WAN Failover and load balancing

8, IPV6 support

• IPV6 routing (static and dynamic)

• Router advertisment

• DHCPV6 Client and Server/relay

• IPV6 Firewall

9. System Maintenance and monitoring

• Task Scheduler

• Snmp

• Configuration Versioning and remote archiving

• Event Handling

• Remote syslog

See links for additional features:http://vyos.net/wiki/Feature_list

Third, installation

The official recommended configuration is 2G of disk space, 512M of memory. Its hardware requirements are small, the 2G disk is fully sufficient, if not assured can increase its memory configuration. Better, it provides a mirroring-based installation, which makes it possible to have multiple versions of the software on the same machine, making it easy to upgrade the version.

:http://packages.vyos.net/iso/release/ Select the version you need, the current version number is 1.1.7, and it also provides an OVA format that can be deployed directly to a platform such as VMware. Here is the ISO image installation method, the wiki also has a detailed installation manual:http://vyos.net/wiki/User_Guide

After hanging the disk, enter the system boot, you will see the following interface, the default username/password is: Vyos/vyos

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/83/0D/wKioL1dp86bDkrWPAADRY-DVpTc631.png-wh_500x0-wm_3 -wmp_4-s_2065091419.png "title=" Login.png "alt=" Wkiol1dp86bdkrwpaadry-dvptc631.png-wh_50 "/>

There are two types of installation: Install image and install system, we recommend using the Install image method:

Run the Install image installation:

[Email protected]:~$ Install image

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/83/0E/wKioL1dp9RTQb_pbAACwoOAl1eo773.png-wh_500x0-wm_3 -wmp_4-s_1280291816.png "title=" Install.png "alt=" Wkiol1dp9rtqb_pbaacwooal1eo773.png-wh_50 "/>

The installation process is very simple, basic all the way back with the default configuration, the middle need to configure the Vyos user's password, the installation is successful after the use of Vyos this user system configuration:

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/83/0F/wKiom1dp9avBGYGYAACVzax_taI839.png-wh_500x0-wm_3 -wmp_4-s_126366873.png "style=" Float:none; "title=" Passwd.png "alt=" wkiom1dp9avbgygyaacvzax_tai839.png-wh_50 "/ >

Tip Setting up Grub:ok, that is, the installation is successful, after uninstalling the Cdrom,reboot reboot, you can configure the system:

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/83/0F/wKiom1dp9avDROwgAACj6Mrpdwg400.png-wh_500x0-wm_3 -wmp_4-s_4143565143.png "style=" Float:none; "title=" Enjoy.png "alt=" wkiom1dp9avdrowgaacj6mrpdwg400.png-wh_50 "/ >

Four, simple configuration

The Vyos CLI is available in two modes: operational mode and configuration mode. After entering the configure, it goes into configuration, which, like routers and other Linux distributions, supports [tab] complement and ? View help information. After configuration, use the compare command to view the modified configuration,commit commit configuration, save to the/config/config.boot configuration file.

Show command:

#查看全部配置 [email protected]# show configuration #匹配某个配置字段 similar to include on Cisco switches or Grep[email protected]:~$ show on Linux Configuration Commands | Match eth1 Set interfaces Ethernet eth1 address ' 172.16.0.1/24 ' Set interfaces Ethernet eth1 description ' to Private Net ' SE T interfaces Ethernet eth1 Hw-id ' 00:xx:xx:b9:xx:xx

Simple NAT Configuration Example:

set interfaces ethernet eth0 address  ' xx.xx.xx.34/xx '    #配置出网ip地址set   interfaces ethernet eth0 description  ' To internet ' set protocols static  route 0.0.0.0/0 next-hop  ' xx.xx.xx.33 '   #配置全局静态路由, 33 for Gateway Set service ssh  listen-address  ' xx.xx.xx.34 '   #设置ssh监听的本地地址set  service ssh port  ' 2222 '   #  Change Vyos's SSH port number set nat source rule 100 description  ' nat  Outside '    #配置NAT  source rules, intranet map out network set nat source rule 100  outbound-interface  ' eth0 '  set nat source rule 100 source address  ' 192.168.0.0/24 ' set nat source rule 100 translation address  ' xx.xx.xx.34 ' set nat destination rule 101 description  ' to agent port 5045 '   #配置NAT  dest rules, mapped to intranet Set nat destination rule 101 destination address  ' xx.xx.xx.34 '  set nat  destination rule 101 destination port  ' 5045 ' set nat destination rule  101 inbound-interface  ' eth0 ' Set nat destination rule 101 protocol   ' TCP ' set nat destination rule 101 translation address  ' 192.168.0.2 ' set nat destination rule 101 translation port  ' 5045 '

After the configuration is completed, the storage configuration;

[Email protected]# compare #查看更改的配置 [email protected]# commit #提交配置 [email protected] #save #保存到文件, restart does not expire [email Protec ted]# exit #退出 [email protected]# rollback 1 #如果发现错误, rollback rollback to a specified time configuration

Reference Links:

Http://vyos.net/wiki/Main_Page

This article is from "Jason's blog" blog, please be sure to keep this source http://xujunxian.blog.51cto.com/8614409/1791647

vyos--Enterprise Soft Route recommendation