Vyatta Changelog

New in version 6.5

November 21st, 2012
  • Support for Microsoft Hyper-V
  • Policy-Based Routing (PBR):
  • PBR allows incoming packets to be forwarded based on policies, rather than just on the destination address. This enables the use of policies that selectively cause packets to take different paths based on defined criteria, such as source address, packet size, protocol, etc. By implementing policies that selectively cause packets to take different paths, network administrators have a powerful new tool for organizing and managing the network. Using PBR, administrators and managers are capable of:
  • Increasing quality of service by giving preferential treatment to bandwidth sensitive or high-priority traffic
  • Reducing capital and operating expenses by distributing select traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost, switched paths
  • Prioritizing critical data over non-critical data
  • Distributing traffic down multiple circuits to avoid connection overload
  • Virtual Tunnel Interface (VTI):
  • VTI is a way to represent policy-based IPsec tunnels as virtual interfaces. The advantage of representing an IPsec tunnel as an interface makes it possible to plug IPsec tunnels into the routing protocol infrastructure of a router. Therefore, it becomes possible to influence the packet path by toggling the link state of the tunnel or based on routing metrics.
  • A VTI provides a termination point for a site-to-site IPsec VPN tunnel and allows it to behave like routable interfaces. In addition to simplifying the IPsec configuration, it enables many common routing capabilitiesto be used because the endpoint is associated with an actual interface.
  • BGP Multipath:
  • IP routing protocols are designed to select a single best path to a given destination for forwarding traffic. However, many routing protocols have enhanced support for selecting multiple paths, with certain limitations. Multiple paths are useful for traffic engineering, load sharing, load balancing and to help provide quicker failover. This also reduces the probability of a link being left unused.
  • BGP Multipath in Vyatta Network OS 6.5 enables the installation of multiple BGP paths to a destination into the IP routing table. BGP Multipath does not affect the BGP best path selection process. One of the available paths is still designated as the best path as per the standard algorithm and configured/operational conditions. This best path is also advertised to the BGP neighbors. The Vyatta implementations of BGP Multipath will support EBGP and IBGP, but will not support EIGBP, exclusive confed-external path set or MPLS/VPN.
  • IPsec for IPv6:
  • Vyatta Network OS 6.5 delivers IPsec support for IPv6 using Internet key management protocol IKEv1. It will not deliver IPsec support for IPv6 using IKEv2. We anticipate that IKEv2 support will be introduced for both IPv4 and IPv6 in a subsequent release.
  • Improved VRRP Commands:
  • The VRRP (Virtual Router Redundancy Protocol) operational mode commands have been modified to improve usability and ensure the commands are consistent with the command structure used throughout Vyatta Network OS.
  • Additionally, close to 200 bugs were addressed and resolved in Release 6.5, delivering a new level of product stability and system integrity for enterprise-class deployments. See the full Release Notes and Reference Guides for details on new capabilities and bug fixes for this release.

New in version 6.4 (May 7th, 2012)

  • A graphical dashboard (Vyatta Subscription Edition only)
  • central point for managing single Vyatta system
  • paneled overview of resource usage, system info, interfaces, routing, security, services, management
  • A graphical statistics tab (Vyatta Subscription Edition only)
  • real-time statistics for interfaces, memory, CPU
  • Upgrade improvements for bare-metal and virtual installations (Vyatta Subscription Edition only)
  • single command for system upgrade - "upgrade system image"
  • command connects to software repo and fetches the right iso for your environment
  • Pre-Packaged templates for VMware vSphere5 and XenServer 6.0 (Vyatta Subscription Edition only)
  • Multi-queue support for VMXNET3 driver
  • assign multiple cores to Vyatta VM for improved throughput in VMWare vSphere 5 environment
  • Global stateful behavior for firewall
  • single toggle to enable firewall statefulness eliminating need to configure stateful FW per rule-set
  • Connection Tracking Enhancements
  • advanced conntrack subsystem management
  • per-entry connection deletion
  • logging of connection creation and deletion
  • global timeouts
  • custom timeouts for connection based on source/destination criteria
  • conntrack is no longer sub-branch of "firewall"
  • Enhanced Connection Sync Functionality
  • expect table sync enables seamless failover of FTP, SIP and H.323 connections
  • NAT Enhancements
  • more intuitive design of NAT significantly improves ease of use
  • splits NAT into “source” and “destination” subtrees
  • rule ordering is easier to define and troubleshoot
  • NAT is no longer a sub-branch of “service”
  • CLI Enhancements
  • short unambiguous commands for better user efficiency
  • op-mode example - 'sho ip ro' for 'show ip route‘
  • config-mode example - ‘se int e eth0 fire in na allow' for
  • ‘set interfaces ethernet eth0 firewall in name allow’
  • config path helpers in configuration mode help text
  • non-leaf nodes are indicated with a ‘>’ symbol
  • multi non-leaf nodes are indicated with a ‘+>’ symbol
  • multi leaf nodes are indicated with a ‘+’ symbol
  • Operations Mode Enhancements
  • improved intuitive command structure
  • new monitor commands to simplify system management and ease debugging

New in version 6.3 (August 24th, 2011)

  • Integrated Broadcom Gigabit and 10Gigabit Ethernet Controller Drivers
  • Pre-defined IPS policies -- "Connectivity", "Security", "Balanced"
  • New configuration subdirectory structure to preserve state during Image Upgrade
  • New CLI commands for simplifying file management tasks
  • Optimizations to configuration backend performance, efficiency, and robustness
  • Enhancements to IPsecVPN management, reliability, and
  • interoperability, including X.509 digital certificate authentication for site-to-site VPN; Configurable IKE lifetime for remote access connections; Configurable protocol and port for IPsec VPN tunnels; Assign fixed IP to remote access clients
  • Enhancements to OpenVPN usability and flexibility, including Reset individual clients; Reject access for individual clients; Reset a running OpenVPN process; Push domain names / DNS suffixes to connecting clients; Bridging across OpenVPN in client-server mode
  • EXPERIMENTAL -- 64-bit Vyatta Core LiveCD and Virtualization ISO images (for release 6.3, only available in VC)
  • Additionally, over 200 bugs were addressed and resolved in Release 6.3, delivering a new level of product stability and system integrity for enterprise-class deployments.

New in version 6.2 (March 15th, 2011)

  • Improved Configuration Management
  • OpenVPN Enhancements
  • IPv6 DNS Resolver
  • Rebase to Debian Squeeze
  • Significant branch maintenance was done by the Vyatta engineering team, including the following package updates:
  • iptables 1.4.9
  • ipset 4.3
  • pmacct 0.12.3
  • net-snmp 5.6
  • ntpd 4.2.6p2
  • busybox 1.18.0
  • open-vm-tools 8.4.2
  • vbash 4.1

New in version 6.1 (August 25th, 2010)

  • IPv6 Ready:
  • Vyatta Version 6.1 has received IPv6 Ready Logo Phase 2 certification, verifying the implementation of IPv6 core routing protocols. The completion of the IPv6 Ready Logo Phase 2 tests ensures a smooth migration for Vyatta 6.1 customers to the enhanced network security, reliability and performance of IPv6. Vyatta 6.1 SE is the industry’s first software-based and virtual network OS to be certified IPv6 Phase 2 Ready, making Vyatta a future-proofed routing and security solution for physical, virtual and cloud computing environments.
  • Cloud Bridging:
  • For cloud providers and enterprises moving applications or servers to the cloud, Layer 2 cloud bridging allows physically separate networks to securely communicate with each other over the internet as if they were on a single Ethernet network. This capability simplifies the migration of applications and physical servers between data centers, ensures continuity during a phased migration, and enables the moving of virtual machines between physical servers on physically separate networks.
  • Enhanced Security:
  • Vyatta also continued its focused delivery on enterprise security advancements adding stateful firewall failover and enhanced intrusion prevention services through a partnership with Sourcefire.

New in version 6.0 (March 31st, 2010)

  • Netflow / sFlow logging and analysis
  • 802.11 wireless LAN – (access point + base station)
  • Binary image installation – (version mgmt)
  • IPv6 readiness (core routing and firewall)
  • Firewall enhancements
  • IPv6 firewall
  • P2P firewall
  • time-based and zone-based firewall rules
  • QoS Enhancements
  • Vyatta Remote Access API
  • TACACS+
  • Simplified VPN Client Management

New in version 5.0.2 (March 10th, 2009)

  • New in this release: introduced the first phase of a redesigned web GUI interface for interacting with the Vyatta system. In this initial phase; added support for OpenVPN; implemented support for intrusion protection system (IPS) and traffic filtering based on inspection of traffic content; Vyatta can be now configured to act as a web proxy server for web caching and URL filtering; included support for DNS forwarding; introduced support for Dynamic DNS; included the open-vm-tools library to provide enhanced performance in VMware environments...