Run your network with open source software

VyOS is an easy-to-install open source router and firewall solution
129 readers like this.
Multi-colored and directional network computer cables

Way back in 2005, a company called Vyatta was founded by Allan Leinwand. It offered the first commercially supported, open source router and firewall solution. Named after the ancient Sanskrit for "open," the company's goal of bringing open source networking products to the market was so successful that it was purchased by competitor Brocade. This effectively killed Vyatta, but because Vyatta's product was open source, it didn't stop it. As it turns out, Vyatta's software-defined networking capabilities have been continued and developed as VyOS.

The VyOS distribution is based on Debian Linux, with source code available from a Git repository and a rolling release ISO. For mission-critical applications, there are long-term support releases and support contracts.

Building a network

Networking has changed since 2005, and thanks to the VyOS project, so has the software that drives it. After learning that VyOS was continuing the work of Vyatta, I downloaded the ISO to try it out. The installation process was easier for me than the normal Debian install, which is a simple task. VyOS doesn't boot into a graphical interface, but to a text console. It's just you and a bunch of configuration files, just like you might expect from a serious router.

The default install of VyOS provides no default configuration. It's entirely up to you to build the network you want to run. Depending on your point of view, that's either refreshing or frustrating, but it gives you an idea of the intended audience: VyOS is built for network engineers who've mapped out their desired topography and are capable of creating it with some subnet calculations and text definitions.

The VyOS configure command

That said, VyOS isn't just a re-branded Debian release. One of its key features is its configure command, an interactive tool for defining network definitions that are applied only after you commit them. In addition to feeling familiar to users accustomed to IOS and similar toolchains, this allows you to configure your network even as the router continues its normal operations. Nothing is final until you type commit.

More on security

Once you've tested a committed network change, you can use the save command to permanently store your configuration files for backup or migration to other VyOS machines.

You enter configuration mode with the configure command. There are too many possible network configurations to go over configure or basic networking tasks here, but the syntax is generally intuitive and predictable. For instance, to enable SSH management over port 22212 of your router:

# set service ssh port '22212'

To set the network interface card (NIC) eth1 to an internal IP address and to create a description identifying it as the default gateway:

# set interfaces ethernet eth1 address '10.1.0.1/24'
# set interfaces ethernet eth1 description 'INSIDE'

To set the public IP of NIC eth0 and describe it as the world-facing interface:

# set interfaces ethernet eth0 address dhcp
# set interfaces ethernet eth0 description 'OUTSIDE'

To activate network address translation (NAT), it's the same structure:

set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '10.1.0.0/24'
set nat source rule 100 translation address masquerade

Assuming those are the only tasks you have for now, commit and save:

# commit
# save && exit
Saving configuration to '/config/config.boot'...
Done
$

Although that's probably not everything you need to do in real life, it gives you an idea of the direct simplicity that VyOS provides. You don't have to deal with "reverse engineering" confusing graphical interfaces nor scrubbing through verbose configuration files for a poorly named key. You have a unified interface for every task, whether it's setting up a firewall, implementing DHCP, DNS, quality of service, VPN gateways, IPv6, or whatever else.

Professional networking appliance

VyOS might not be a beginner-level router distribution, but it's a great tool to have on hand even if you're just starting out. There's no better way to learn the basics of networking than to have an open source router available for manipulation and testing. It's the 21st century, after all; you can set up a computer lab consisting of virtual clients networked to one another through a virtual VyOS instance entirely within GNOME Boxes for $0. You can learn advanced networking concepts and solutions armed with little more than a Linux computer and the excellent VyOS documentation.

If you're already a networking professional, then take a look at VyOS. You'll find its philosophy on configuration simple and its configure tool efficient.

What to read next
people on top of a connected globe

How to configure networking in Linux

Connecting your Linux computer to a network is pretty straightforward, except when it is not. In this article I discuss the main network configuration files for Red Hat-based…

Tags
Networking
Seth Kenlon
Seth Kenlon
Seth Kenlon is a UNIX geek, free culture advocate, independent multimedia artist, and D&D nerd. He has worked in the film and computing industry, often at the same time.
More about me

2 Comments

Avatar
Don Watkins | January 30, 2020
No readers like this yet.

Cool article. I never heard of that before.

Avatar
Leonid Vinokur | January 31, 2020
No readers like this yet.

I've been using Vyatta and VyOS for several years now. Excellent router with many network services, stable and highly configurable. Very versatile for labs. Not the best open source solution as a firewall, but frankly, if you need a good firewall, you better get a firewall and not expect the router to do that for you. Still, it has solid capabilities as a basic firewall as well.

Related Content

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.