VyOS on OpenStack
OpenStack is an open source cloud platform that controls a large pool of processing, memory, storage and networking resources across a data center. To empower existing data center assets that comprise multiple networking devices, OpenStack has created a pluggable, scalable, automated and API-driven system for managing networks and IP addresses. A convenient graphical interface provided by the dashboard gives administrators and users the ability to access, provision and automate cloud-based resources.
Providing infrastructure as a service (IaaS), OpenStack makes it easy for users to quickly add deploy instances, enabling other cloud components to run on it. The open source nature of the software allows users to easily access the source code, make necessary changes and freely share them with the community at large.
To build and manage the private and public clouds, OpenStack gather pooled virtual resources under “projects”. Projects consist of scripts bundled into packages that describe tasks for provisioning the cloud environment. Two types of software are used by OpenStack to create those environments:
- Virtualization that creates a layer of virtual resources abstracted away from hardware;
- A base operating system (OS) that carries out commands given by OpenStack scripts.
Unlike other virtualization management platforms that adds a layer of interface for manipulation of virtual resources, OpenStack actually uses the virtual resources to run that combination of tools. These tools create a cloud environment that meets the 5 criteria of cloud computing: a network, pooled resources, a user interface, provisioning capabilities and automatic resource control/allocation.
Benefits and use cases
VyOS is an open source, Linux-based network OS that fits the role of the central point of secure traffic exchange in OpenStack private and cloud environments, or between the cloud and external resources. With powerful routing, VPN technologies and firewall functionality, VyOS is known for being the all-in-one networking solution for large enterprises and SMB that value flexibility and performance.
VyOS provides OpenStack compatible images that you can easily deploy on an available OpenStack appliance and upgrade it to the latest version upon installation. Choosing the version is up to you.
Starting from 1.2.1 release VyOS provides fundamental OpenStack support – the raw image comes with cloud-init preconfigured for OpenStack. This should greatly simplify deployment of private and public clouds backed by OpenStack.
With OpenStack taking care of computing resources, and VyOS providing the connectivity for them, you can avoid the issues associated with managing your own hardware, servers and multiple network devices.
Common use cases
VyOS offers additional tools that complement OpenStack native traffic management solutions and give you more flexibility and real self-service, even over your network configurations where it matters.
Security and Confidentiality
Provide secure access for remote users to a VPN concentrator: PPTP, L2TP, OpenVPN and WireGuard. Limit access to sensitive data or valuable resources with a powerful firewall: stateful, zone-based, with source and destination NAT support.
VyOS is essentially a centralized performance and management solution, which effectively eliminates the need to invest in and maintain multiple computing instances.
What Our Customers Say
As an ISP, one of our most important use cases is to be able to run full BGP tables without any issues. We have been using VyOS for this for years now and it has worked absolutely flawlessly. I don’t think we’ve ever had an issue with this, in fact.
We also use VyOS to host a couple of hundred server-networks and VyOS handles this with ease, even with some of our networks having crazy amounts of access-rules on them and often having consistently high throughput and burst rates.
Whenever we do experience issues or we simply have theoretical questions, it never feels like the support team is far away. We usually receive very quick and concise answers to our inquiries. It’s a very nice feeling to know that everyone that’s working on the VyOS project seem to be experts at it, it does a lot for our confidence in running VyOS as much as we do.
I reached out to the Vyos team with an issue regarding my subscription and it was promptly resolved.
I have been using vyos for the past 6 maybe 7 years, came from pfsense and never looked back.
The most important features for me:
- Ease of use
- I can configure everything from the command line and have made small modifications as time has gone by. I keep a script with the full command set applicable to my firewall.
- Setting up fq-codel is extremely intuitive and works flawlessly. I never had this kind of QoS with other solutions.
- I do miss a web interface to display stats and such, but I can live without it for the time being.
I have nothing but good things to say about the VyOS Support Engineers. I think Dmitriy has owned our last 2 ticket, and the rest of the Support Team have all helped out. Taras, Yuriy, Jose, (and I hope I didn’t miss anyone) are quick to contribute and answer any questions I have. I believe it was Taras that even updated the VyOS/VMware doc to clarify a few things that I needed help understanding.
My boss just recently purchased a VyOS Subscription, or license, because we were experiencing a couple bizarre issues during our VyOS refresh of 30+ routers. We were struggling due to a single “show-stopper” issue, month after month, and not able to proceed with the rest of the refresh project. My boss, Daya Rajaratnam, decided we needed to get Commercial Support and open proper tickets and also to show our support of the VyOS Team.
Just hours after our Support PO went thru, I opened a ticket. I gave it a relatively low priority so I would know what to expect with future tickets. Its was great to see a response from an Engineer in just a couple hours. Fast forward a few days and the root cause was identified, I had a simple workaround in place and working in production(and had learned a lot from other Support Engineers that had contributed). What a HUGE load off my back to have that issue resolved with a reliable fix. 5 Stars for service, knowledge, and going above and beyond. (Hell, can I give them 10 stars?).
4 days later I opened a second ticket about an unrelated VTI issue that had also been plaguing us for many months. The experience was equally impressive and I again had a simple and reliable workaround.
Working with this group was a real pleasure.
I use Vyos from the beginning and his predecessor Vyatta. I like platform because has own style of architecture and similar cli like cisco and juniper.
I use platform to make migration from site to site or hybrid migration with Cloud.
I’d like that platform has all ipv6 attribute and use it very much.
VyOS is the backbone of our company network since the early Vyatta 6.x days. It scales to meet your needs – from 256MB Alix-Board Low-Power Box for small branch offices to multi-processor rackmounted/virtualized network appliance – and is extremely easy to integrate with other systems like monitoring and configuration management. The excellent support from Sentrium turns it into a truely complete product that meets all our requirements.
I’m happy to recommend VyOS/Sentrium. We first began using VyOS several years ago; we maintain a VPN from cellular vendor network to our infrastructure. Since moving our infrastructure permanently to AWS, we decided to sign up for Sentrium’s professional product and service.
I recently ran into a peculiar issue with the IPSEC VPN after a version upgrade – Sentrium staff worked with me to resolve it, and were very prompt in providing information and resolution. We are running two instances, a primary and a backup, and both are working splendidly, with seamless failover.
Thank you for the prompt support. It is great to know that not only the product is a perfect fit for our needs, but also knowing that there is a professional support team we can rely on.
We use VYOS to connect distributed POPs to our data centers and provide secure Internet connectivity to the POPs.
I think you have a great product. Actually I like promoting your product to other customers and using it for demo purposes.
You are one of a kind today to support almost all network protocols.
You guys are great on support. Thank You.
We are very excited about VyOS and use it as part of our products. VyOS convinces as a complete product with REST API and Wireguard support. The support is very fast and extremely competent.
Efficient and Versatile
Advanced routing capabilities, multi-protocol VPN and a stateful firewall are only the tip of the iceberg.
- L2TP over IPsec
- WireGuard VPN interface
Advanced Firewall and NAT:
- Zone-based firewall
- All types of source and destination NAT (one to one, one to many, many to many)
- BGP (IPv4 and IPv6)
- RIP and RIPng
- OSPF (v2 and v3)
- Policy-based routing
Join 160 businesses that that are already establishing successful virtualized network infrastructure with Openstack and VyOS
Learn how we can improve your network while reducing the costs!