VyOS is an open source

network operating system A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall. Historically operating systems with networking capabilities were described as network operating systems, because they ...

Linux distribution A Linux distribution, often abbreviated as distro, is an operating system that includes the Linux kernel for its kernel functionality. Although the name does not imply product distribution per se, a distro—if distributed on its own—is oft ...

based on

Debian Debian () is a free and open-source software, free and open source Linux distribution, developed by the Debian Project, which was established by Ian Murdock in August 1993. Debian is one of the oldest operating systems based on the Linux kerne ...

. VyOS provides a

free Free may refer to: Concept * Freedom, the ability to act or change without constraint or restriction * Emancipate, attaining civil and political rights or equality * Free (''gratis''), free of charge * Gratis versus libre, the difference betw ...

routing Routing is the process of selecting a path for traffic in a Network theory, network or between or across multiple networks. Broadly, routing is performed in many types of networks, including circuit-switched networks, such as the public switched ...

platform that competes directly with other commercially available solutions from well-known network providers. Because VyOS is run on standard

amd64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new operating modes: 64-bit mode an ...

systems, it can be used as a router and firewall platform for cloud deployments. VyOS can also be optimized to achieve routing at 100Gbps. Besides being open-source, VyOS also offers subscription-based support, which includes pre-built images for cloud and virtual environments and LTS images for the 1.3 and 1.4 series.

History

After

Brocade Communications Brocade Communications Systems, Inc., was an American technology company specializing in storage networking products, now a subsidiary of Broadcom Inc. The company is known for its Fibre Channel storage networking products and technology. Prio ...

stopped development of

Vyatta Vyatta is a software-based virtual router, virtual firewall and VPN product for Internet Protocol networks (IPv4 and IPv6). A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distributi ...

in 2013, a group of enthusiasts created an open-source fork called VyOS, based on the last community edition, Vyatta Core 6.6R1. They founded Sentrium S.L, a Spanish company dedicated to providing support and development for the VyOS project. On October 9, 2024, Sentrium S.L. was renamed VyOS Networks Iberia and was acquired by VyOS Networks Corporation, becoming its subsidiary.

Features

* Routing and Protocols:

BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...

(IPv4 and IPv6),

OSPF Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous sys ...

(v2 and v3),

RIP To rip is the act of tearing an object. Rip may also refer to: Places * Nioro du Rip, a town in the southern Kaolack Region of Senegal * 7711 Říp, an asteroid * Rip Bridge, New South Wales Australia * Říp, a mountain in the Czech Republic ...

and RIPng, policy-based routing, BGP-LU and enhanced route filtering.

IPv4 Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. ...

IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...

, QoS. * VPN and Tunneling: IPsec, VTI,

VXLAN Virtual eXtensible LAN (VXLAN) is a network virtualization technology that uses a VLAN-like encapsulation technique to encapsulate OSI model, OSI layer 2 Ethernet frames within layer 4 User Datagram Protocol, UDP datagrams, using 4789 as the defau ...

L2TPv3 Layer 2 Tunneling Protocol version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to Multiprotocol Label Switching (MPLS) for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. ...

L2TP In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages (usin ...

/IPsec and

PPTP The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues. PPTP uses a TCP control channel and a Generic Routing Encapsulation tunnel to encapsulate P ...

servers, tunnel interfaces ( GRE, IPIP, SIT),

OpenVPN OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...

in client, server, or site-to-site modes, WireGuard. * Firewall and NAT:

Stateful firewall In computing, a stateful firewall is a network-based firewall that individually tracks sessions of network connections traversing it. Stateful packet inspection, also referred to as dynamic packet filtering, is a security feature often used in n ...

based on

nftables nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January 2014. nftables replaces the legacy iptables component of ...

, zone-based firewall, all types of source and destination

NAT Nat or NAT may refer to: Computing * Network address translation (NAT), in computer networking Chemistry, biology, and medicine * Natural antisense transcript, an RNA transcript in a cell * N-acetyltransferase, an enzyme; also NAT1, NAT2, et ...

(one to one, one to many, many to many), NAT64/DNS64. * Network Services:

DHCP The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a clie ...

and

DHCPv6 The Dynamic Host Configuration Protocol version 6 (DHCPv6) is a network protocol for configuring Internet Protocol version 6 (IPv6) hosts with IP addresses, IP prefixes, default route, local segment MTU, and other configuration data required to ...

server and relay,

RA,

DNS The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various informatio ...

forwarding, HTTP

load balancer In computing, load balancing is the process of distributing a set of tasks over a set of resources ''Resource'' refers to all the materials available in our environment which are Technology, technologically accessible, Economics, economically ...

, web proxy,

PPPoE The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for Encapsulation (networking), encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solu ...

access concentrator, NetFlo
sFlow
sensor,

TFTP The Trivial File Transfer Protocol (TFTP) is a simple Lockstep (computing), lockstep communication protocol for transmitting or receiving files in a client-server application. A primary use of TFTP is in the early stages of nodes booting on a l ...

server. * High Availability and Load Balancing:

VRRP The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing ...

for IPv4 and IPv6, ability to execute custom health checks and transition scripts; ECMP, stateful load balancing, failover routes. * Management and Configuration: Junos-style CLI with commands like run, set, delete, show, commit, commit-confirm, compare and versioning. Rollback without reboot, PKI repository * Automation:

ansible The term ''ansible'' refers to a category of fictional technological devices capable of superluminal Faster-than-light (superluminal or supercausal) travel and communication are the conjectural propagation of matter or information faster than ...

, napalm, Netmiko, Salt Stack
cloud-init

python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (prog ...

sdk. cloud-init ready images can be built wit
vyos-build
or packer * Monitoring: integrations with

Zabbix Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services. Zabbix collects and displays basic metrics. Characteristics Zabbix is designed primarily as an IT infrastruct ...

, FastNetMon and

Prometheus In Greek mythology, Prometheus (; , , possibly meaning "forethought")Smith"Prometheus". is a Titans, Titan. He is best known for defying the Olympian gods by taking theft of fire, fire from them and giving it to humanity in the form of technol ...

Grafana Grafana is a multi-platform open source analytics and interactive visualization web application. It can produce charts, graphs, and alerts for the web when connected to supported data sources. There is also a licensed Grafana Enterprise version ...

. * Platform and Image Support: VyOS images can be created usin
vyos-build
for the following platforms: amd64, ISO, and cloud images for AWS, Azure, Edgecore, XCP-NG,

Qemu The Quick Emulator (QEMU) is a free and open-source emulator that uses dynamic binary translation to emulate a computer's processor; that is, it translates the emulated binary codes to an equivalent binary format which is executed by the mach ...

/ Proxmox, VMware.

Releases

VyOS version 1.0.0 (Hydrogen) was released on December 22, 2013. On October 9, 2014, version 1.1.0 (Helium) was released. All versions released thus far have been based on

6.0 (Squeeze), and are available as 32-bit images and 64-bit images for both physical and

virtual machines In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...

. On January 28, 2019, version 1.2.0 (Crux) was released. Version 1.2.0 is based on Debian 8 (Jessie). While version 1.0 and 1.1 were named after elements, a new naming scheme based on constellations is used from version 1.2. VyOS 1.3.0 (Equuleus) is based on Debian 10 (Buster) and was released on December 21, 2021. Equuleus brought many long-desired features, most notably an SSTP VPN server, an IPoE server, an OpenConnect VPN server, and a serial console server. It also included reworked support for WWAN interfaces, support for GENEVE and MACSec interfaces, VRF, IS-IS routing, preliminary support for MPLS and LDP, among many other features. Currently, VyOS 1.4.0 (Sagitta) in GA (General Access) stage, with the latest version being VyOS 1.4.0 GA LTS. This version was developed based on Debian 12 (Bookworm).

Release History

References

External links