We skipped January update as we were busy, but time flies fast so here it is.

February update, first in 2020 and with bunch updates!

VyOS 1.2.5 early production access

VyOS 1.2.5-epa1 preview release is now available. Everyone can build it from the crux branch, and subscribers can download it from the support portal.

This is mostly a bugfix release, but it also offers some feature backports, such as rate-limiting options for the PPPoE server.

Here’s the full changelog so far

Our routers are already running 1.2.5-epa, and if no bugs are discovered, we’ll make a final 1.2.5 builds that probably will include some few more fixes.

VyOS 1.2.x going to maintenance mode

Our initial idea for LTS releases was that they will be completely feature-frozen. That turned out pretty wrong in practice because it wasn’t what people wanted, and because many features developed in the current branch do not interfere with any existing features and are safe to include in a stable release.

For a full year, we’ve been including feature backports in 1.2 releases, which enabled subscribers and community members who build from source to get those features faster and help us weed out bugs and edge cases missed during initial testing in the rolling release.

However, as 1.3 development progresses, backporting features gets much harder. We are making big changes in the 1.3 branch to eliminate legacy code and make room for new features such as VRF, and many of those are too big to backport or require config syntax changes and migration scripts, which is clearly unacceptable for an LTS release.

After the 1.2.5 release, the 1.2/crux branch will only receive bug fixes, so that we can focus on getting 1.3 ready for a release. When 1.3 is ready, it will go through a similar cycle, a year or so of feature backports and then a period of maintenance mode until the next release is ready.

Reproducible builds

Right now, you cannot build say 1.2.3 release because the build scripts will pull packages from today’s Debian repositories and our most recent Crux repositories. If you build now, you’ll end up with 1.2.5-epa1.

We are going to experiment with Debian repository snapshots from https://snapshot.debian.org/ and try making snapshots of our own repositories to make old builds reproducible. Thanks to Ken Crandall for suggestion!

What’s going on in 1.3?

Quite a lot, really!

An option not to check VRRP state when running transition scripts. That was a common gotcha and a source of confusion—now you can choose whether to run them every time keepalived brings a group up, or to employ “same state” tracking.

On the subject of VRRP, it now supports dynamic interfaces like OpenVPN and sets their group to the fault state when an interface disappears.

Multiple improvements in the PPPoE server, including IPv6 negotiation support.

Our new contributor Thomas Mangin from ExaBGP is working on a VRF prototype!

He also made a small but nice improvement to vyos-1x: “make deb” now saves you time remembering dpkg-buildpackage options and makes a .deb in the parent directory for you.

cli-shell-api now exits with unique errors codes for different conditions such as invalid path, empty config etc. Soon this will also be reflected in the exception hierarchy used by the vyos.config Python module.

Lots of small clean-ups, CLI help fixes and similar.

All in all, the VyOS 1.3 branch is getting closer to a soft feature freeze and stabilization phase.

One more thing we are going to look into is replacing OpenNHRPd with FRR’s nhrpd. NHRP (Next Hop Resolution Protocol) is a critical part of DMVPN since it’s what makes it dynamic and multipoint. It serves a role similar to ARP and NDP, but for network layer setups, without it you’d have to add all GRE endpoints for spokes by hand. The bad thing about OpenNHRP is that it’s essentially unmaintained, while FRR’s implementation has been getting quite a bit of attention lately.

Stay tuned for more updates!