https://backend-engineering-strategy-tools.github.io/site/tags/vm/Recent content in Vm on Backend Engineering Strategy ToolsHugo -- gohugo.ioen-usThu, 14 May 2026 00:00:00 +0000https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/vyos/Thu, 14 May 2026 00:00:00 +0000https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/vyos/<p>VyOS is an open-source network operating system built on Debian Linux. It runs on bare metal or as a VM, and is configured via a CLI with a commit/rollback model similar to Juniper JunOS. Configuration changes are staged and only take effect when you explicitly <code>commit</code> — there is no live-editing a running config and hoping nothing breaks.</p> <p>It ships FRRouting (FRR) as the routing engine, giving it native support for BGP, OSPF, IS-IS, and other protocols. This is its main distinction from <a class="link" href="https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/opnsense/" >OPNsense</a> for homelab use: OPNsense is a firewall appliance that can do some routing; VyOS is a routing OS that can also do firewall.</p> <hr> <h2 id="configuration-model">Configuration model </h2><pre tabindex="0"><code>vyos@router# set interfaces ethernet eth0 address &#39;192.168.1.254/24&#39; vyos@router# set protocols bgp system-as &#39;65001&#39; vyos@router# commit vyos@router# save </code></pre><p><code>configure</code> enters configuration mode. <code>set</code> stages a change. <code>commit</code> applies it. <code>save</code> persists it to disk. <code>rollback</code> reverts to the last committed state if something goes wrong. The separation between staging and applying is genuinely useful when changing routing configuration remotely.</p> <hr> <h2 id="key-features">Key features </h2><table> <thead> <tr> <th>Feature</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td>BGP</td> <td>Via FRRouting; full eBGP/iBGP support</td> </tr> <tr> <td>OSPF / IS-IS</td> <td>Also via FRR</td> </tr> <tr> <td>Static routing</td> <td>Standard</td> </tr> <tr> <td>VLAN</td> <td>802.1Q trunking</td> </tr> <tr> <td>NAT</td> <td>Source and destination NAT</td> </tr> <tr> <td>Firewall</td> <td>Zone-based, stateful</td> </tr> <tr> <td>WireGuard</td> <td>Built-in</td> </tr> <tr> <td>OpenVPN</td> <td>Built-in</td> </tr> <tr> <td>DHCP server</td> <td>Built-in</td> </tr> <tr> <td>VXLAN</td> <td>Supported</td> </tr> </tbody> </table> <hr> <h2 id="vyos-vs-opnsense">VyOS vs OPNsense </h2><p>VyOS is the right choice when you want a dedicated BGP peer or a router VM with a clean CLI config model. OPNsense is the right choice when you want a full gateway appliance with a web UI.</p> <hr> <h2 id="automation">Automation </h2><p>VyOS is designed to be automated — the commit/rollback model maps cleanly onto infrastructure-as-code workflows.</p> <p><strong>REST API</strong> — built-in HTTP API for retrieving and applying configuration programmatically. Useful for scripting config changes without SSH.</p> <p><strong>Ansible</strong> — official <code>vyos.vyos</code> collection on Ansible Galaxy. Modules for interfaces, BGP, firewall rules, and more. Changes go through the normal commit/rollback cycle.</p> <p><strong>Terraform</strong> — community provider available. Less mature than the Ansible collection but usable for provisioning router config alongside other infrastructure.</p> <hr> <h2 id="related">Related </h2><ul> <li><a class="link" href="https://docs.vyos.io/" target="_blank" rel="noopener" >VyOS documentation</a></li> <li><a class="link" href="https://docs.vyos.io/en/latest/automation/vyos-api.html" target="_blank" rel="noopener" >VyOS REST API</a></li> <li><a class="link" href="https://docs.ansible.com/ansible/latest/collections/vyos/vyos/index.html" target="_blank" rel="noopener" >VyOS Ansible collection</a></li> <li><a class="link" href="https://vyos.net/get/" target="_blank" rel="noopener" >VyOS rolling release downloads</a></li> <li><a class="link" href="https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/bgp/" >BGP</a> — protocol background</li> <li><a class="link" href="https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/opnsense/" >OPNsense</a> — the complementary edge gateway</li> <li><a class="link" href="https://backend-engineering-strategy-tools.github.io/site/homelab/vyos-bgp/" >VyOS + BGP in the homelab</a> — the actual setup</li> </ul>