top of page
Search

An Alternative to EVE-NG vIOS images

  • Writer: Matt Sherif
    Matt Sherif
  • 1 day ago
  • 3 min read

As someone who labs things up frequently, I sometimes like to simulate "internet" connections using routers as opposed to using FortiGate VMs. As it's a little faster to set up, as I just need simple routing, and I just need some quick connectivity to get things going from virtual site to virtual site.


If we made routers, it might look like this. Actually this is WAY too many ports
If we made routers, it might look like this. Actually this is WAY too many ports

Many of us at some point got vIOS images - I got mine by subscribing to VIRL - and importing into EVE-NG. My biggest gripe about these is how they're hamstrug to 10Mbps, so it makes updating images an absolute pain in the backside. Forget updating linux desktop VMs, that takes forever.


One alternative for FortiGate VMs I commonly set up is a dedicated management port on each VM, assigning that port to a VRF, and using a Cloud connection in eve for management. Worked well enough, but it's kind of a pain, and still doesn't solve for other devices that may need to pull updates.


One thing I settled on more recently was using VyOS as an alternative to the vIOS images. I've been using VyOS for a long time where I needed a router VM, and it's worked very well for me. I just kept forgetting that it was an option for EVE-NG.


VyOS got its start after Brocade acquired Vyatta and stopped open-source development on Vyatta Core in 2013, effectively close sourcing it. A group of enthusiasts created an open-source fork, basing it on Vyatta Core 6.6R1, which was the last community edition of Vyatta Core.


VyOS features


VyOS is feature rich router, supported features include:

  • Routing Protocols: BGP (IPv4 and v6), OSPF v2 and 3, RIP and RIPng (eesh, I know, sometimes necessary, I avoid at all costs). PBR, BGP-LU.

  • VPN and Tunneling: IPSEC (Policy and VTI), LT2Pv3, L2TP over IPSEC, PPTP, GRE/IPIP/SIT, OpenVPN in client/server/site-to-site and WireGuard

  • Firewall and NAT: VyOS features a stateful firewall based on nftables, supports zone-based firewalling, and all types of Source/Destination NAT, as well as NAT64/DNS64.

  • Network Services: VyOS can provide DHCP/DHCPv6 server and relay, IPv6 RA, DNS forwarding, HTTP load balancing, web proxy, PPPoE concentrator, NetFlow/sFlow and TFTP server

  • HA Capabilities: VRRP is used for both IPv4 and v6, ECMP for route load balancing, failover routing, and finally stateful (L4) load balancing

  • Support: VyOS offers enterprise level support for customers who need that level of support, VyOS stream serves as a technology preview and is available at no cost, my experience with VyOS stream has been very good overall


VyOS supports running as VM on amd64 (x86-64) architectures as either a VM (KVM, ESXi, etc.) or on bare metal (ISO), as well as Public Cloud images (Azure, AWS, GCP, Oracle,etc.).


VyOS management:


VyOS rocks a "JunOS style" CLI, supporting features like commit and commit-confirm (super handy in high risk change scenarios).


An example to configuring an IP address on an interface would look something like this:


vyos@vyos:~$ config
vyos@vyos# set interfaces ethernet eth0 address x.x.x.x/y

# Commit the configuration - this applies the changes to the 
# 'running config', the changes won't take effect without commit
vyos@vyos# commit

# Saving the configuration - this is like 'copy run start'
vyos@vyos# save
vyos@vyos# exit
vyos@vyos:~$

In the above example we configure an IP address to interface eth0, we then commit the configuration to apply it to the running configuration, and save it so that it will survive a reboot.


Showing the configuration:


Like JunOS, if you do 'show configuration' you will get an output that looks like this:

<..output truncated..>
interfaces {
    ethernet eth0 {
        address 10.220.47.230/24
        hw-id 50:00:00:08:00:02
    }
    ethernet eth15 {
        address 10.0.0.1/30
        hw-id 50:00:00:08:00:00
    }
    loopback lo {
    }
}
<..output truncated..>

The challenge with this configuration is you might want to have it in a format that allows you to copy/paste back into the terminal at a later time, or to use as a template. JunOS solved this problem by introducig "display set" - so the command would be


show configuration | display set


VyOS solves for this a little differently, the command to display the configuration in a 'command line view' is:


show configuration commands


and the above configuration would look like this:

<..output truncated..>
set interfaces ethernet eth13 address '10.220.47.230/24'
set interfaces ethernet eth13 hw-id '50:00:00:08:00:02'
set interfaces ethernet eth15 address '10.0.0.1/30'
set interfaces ethernet eth15 hw-id '50:00:00:08:00:00'
set interfaces loopback lo
<..output truncated..>

Which enables me to re-use this configuration in other projects.


Conclusion:


VyOS is a powerful open-source router, and relatively easy to use - as long as you understand what you're trying to accomplish. Their documentation is very rich in examples, and most of all it's not capped at 10Mbps, so you can use it for more realistic scenarios in EVE-NG.



 
 
 

Recent Posts

See All
VyOS CLI edit mode

In a previous post we talked about VyOS as an alternative to vIOS images in EVE-NG. But it got me thinking, maybe you want to use VyOS at work or in your homelab as a router for your environment - as

 
 
 

Comments

bottom of page