Happy new year! I hope you all had a good rest while we preparing this release. It´s been a while from last 1.2.4 EPA but testing went pretty good. Thanks to all who reported issues and worked with us to solve them!

What’s new

While it’s technically a point release, we’ve backported a number of features from current that are either well-tested enough to be safe or don’t have the potential to disrupt any existing functionality.

Intel QAT

VyOS now supports encryption acceleration with Intel QuickAssist Technology, this also unblocked hardware-specific releases (more details below)

We’ve made a point to make all acceleration features optional and possible to disable. We stand by that decision, so QAT is disabled by default and needs to be enabled explicitly.

With “set system acceleration qat” command, you can enable QAT on machines whose CPU supports it. If it doesn’t have QAT support, the commit will fail.

You can view the QAT status with “show system acceleration qat” command (use tab completion to discover the subcommands).

Important to say that QAT works also with SR-IOV exposed devices, so you can use it in VMs too

BFD

Switching to FRR wasn’t exactly painless, however, it did bring better stability and functionality to routing protocols we already had CLI for and opened a path to adding new ones. In this release, we’ve backported BFD support from the rolling release branch.

Here are the provided commands:

Custom scripts for SNMP

set interface ethernet INTF ip ospf bfdset protocols bgp AS neighbor IP bfdset protocols bgp AS peer-group NAME bfdset protocols bfd peer IP multihopset protocols bfd peer IP shutdownset protocols bfd peer IP multihopset protocols bfd peer IP interval receiveset protocols bfd peer IP interval transmitset protocols bfd peer IP interval multiplierset protocols bfd peer IP source addressset protocols bfd peer IP source interfaceshow protocols bfd peershow protocols bfd peer IP

You now can expose via SNMP output of custom scripts, which can be really useful in certain cases. Refer to the documentation for details

IP6GRE

You now can specify ip6gre as encapsulation in the tunnel configuration

OVA and OVF properties

When deploying from OVA you now have the ability to configure API key and port. This is pretty useful for automation scenarios.

Platform-specific images

This took longer than we expected initially, but now we provide images for specific hardware platforms. Everyone can build them using appropriate makefile targets (e.g. make edgecore ), while subscribers with support or corp access can download prebuilt images.

For some platforms it´s really initial release, during 2020 we will expand hardware-specific capabilities so you can interact with iDRAC/IPMI, support OOB access via serial, manage and monitor RAID controllers and so on.

The following images are available for 1.2.4:

EdgeCore SAF51003I & SAF51015I-0318-EC

DellEMC Poweredge R6x0 Servers

DellEMC VEP1400 & VEP4600

Protectli FW series

Admittedly, this led to some makefile target proliferation. We are working to make the build scripts more logical and flexible so that adding new platforms will not make a mess there.

Target platform will also be decoupled from the image format. That is, target platform will be specified with a ./configure option , like ./configure --platform vmware or ./configure --platform dell-vep , which will make the build script include additional packages and default configs required for those platforms. Then you will be able to build an image in any format with make iso or make vmdk .

Updated packages

A number of packages have been updated:

Linux kernel to 4.19.84

Linux firmware to 2019-10-07

ddclient to 3.9.0, to support the Cloudflare DDNS API

WireGuard to 0.0.20191012

FRR 7.2

Resolved issues