Berik Ashimov
Senior IT Engineer
Series

VyOS Guide

44 parts · read in order

  1. 1 VyOS Isn't Scary: Building Your First Production-Ready Router A practical guide to setting up VyOS from scratch. Covers WAN/LAN configuration, NAT, DHCP, DNS forwarding, and basic firewall rules with validation at every step. 8 min read
  2. 2 IPv6 at Home: RA, DHCPv6, and Why Your Firewall Keeps Breaking It Practical IPv6 configuration on VyOS for home networks. Covers Router Advertisements, DHCPv6, stateless vs stateful addressing, firewall rules, and debugging ND/RA issues. 10 min read
  3. 3 Policy-Based Routing on VyOS: Practical Patterns for Split Routing How to route specific traffic through different gateways on VyOS. Covers routing by source, destination, domain, and application with real-world examples like split-tunnel VPN. 7 min read
  4. 4 WireGuard on VyOS: Production Configuration for Site-to-Site and Road Warriors Complete WireGuard setup on VyOS covering site-to-site tunnels, mobile clients, kill switches, split vs full tunnel, and the two things that make WireGuard stable: MTU and routing policy. 9 min read
  5. 5 IPsec on VyOS: Site-to-Site Tunnels That Survive Reality Configuring reliable IPsec site-to-site VPNs on VyOS. Covers IKEv2 setup, NAT traversal, dead peer detection, rekeying, and systematic debugging when things go wrong. 9 min read
  6. 6 Multi-WAN on VyOS: Failover That Actually Works Configuring reliable multi-WAN failover on VyOS with proper health checking. Covers dual ISP setup, weighted load balancing, SLA monitoring, and why failover without tracking is false confidence. 9 min read
  7. 7 QoS on VyOS: Making Latency Feel Better Practical traffic shaping and QoS configuration on VyOS. Covers queue disciplines, traffic prioritization, fighting bufferbloat, and understanding where the actual bottleneck is. 10 min read
  8. 8 Observability on VyOS: Logs, Metrics, and Backups That Matter Setting up proper logging, monitoring, and backup strategies for VyOS. What to log, where to send it, how to back up configurations, and why a router without logs is like production without monitoring. 8 min read
  9. 9 OSPF on VyOS: When Details Break Everything Practical OSPF configuration on VyOS. Covers areas, passive interfaces, authentication, MTU issues, and the small details that cause OSPF adjacencies to fail silently. 10 min read
  10. 10 BGP on VyOS: Filters Are Not Optional BGP fundamentals on VyOS using FRR. Covers eBGP/iBGP setup, prefix-lists, route-maps, communities, max-prefix protection, and why BGP without filtering is an incident waiting to happen. 13 min read
  11. 11 RPKI/IRR Filtering Strategy: Practical, Not Academic Real-world BGP route validation using RPKI and IRR on VyOS. Covers validator setup, policy storage, prefix validation workflow, and why filtering is a process, not a single configuration. 8 min read
  12. 12 VRF & Segmentation: When VLANs Aren't Enough Using VRF on VyOS for network isolation that goes beyond VLANs. Covers VRF creation, inter-VRF routing, route leaking, firewalling between VRFs, and maintaining a clear mental model of your segmentation. 9 min read
  13. 13 High Availability: VRRP + State Sync (What You Can and Can't Do) Honest guide to VyOS high availability using VRRP and conntrack sync. Covers failover configuration, state synchronization, what actually fails over and what doesn't, testing procedures, and why HA is a set of failure scenarios, not a checkbox. 8 min read
  14. 14 Automation & GitOps for VyOS: Templates, Backups, Safe Deploy Practical VyOS automation with Git, templates, and safe deployment practices. Covers config backup strategies, Jinja2 templates, Ansible integration, rollback procedures, and why automation reduces errors only if you have rules of the game. 8 min read
  15. 15 Commit-Confirm: Your Safety Net Against Self-Lockout Master VyOS commit-confirm to prevent remote lockouts. Covers automatic rollback, confirmation workflow, timeout tuning, and why every remote change should use confirm. 6 min read
  16. 16 Configuration Sessions: Parallel Work Without Conflicts Master VyOS configuration sessions for team environments. Covers session isolation, concurrent editing, merge strategies, and why sessions prevent "who changed what" mysteries. 6 min read
  17. 17 Configuration Standards: Naming, Comments, Structure That Scales Build maintainable VyOS configurations with consistent naming, strategic comments, firewall groups, and policy structure. Learn standards that make configs readable years later. 8 min read
  18. 18 Upgrade Playbook: Safe Upgrades, Rollback, and Migration Testing Master VyOS upgrades without downtime or disasters. Covers image management, rollback procedures, pre-upgrade testing, migration paths, and why upgrades need a playbook, not improvisation. 7 min read
  19. 19 User Management: Local Users, SSH Keys, and Access Control Configure VyOS user management properly. Covers local user creation, SSH key authentication, privilege levels, password policies, and why root password should be disabled. 7 min read
  20. 20 RADIUS and TACACS+: Centralized Authentication for Network Devices Configure VyOS with RADIUS and TACACS+ for centralized AAA. Covers server setup, failover configuration, command authorization, accounting, and why central auth is non-negotiable at scale. 8 min read
  21. 21 MTR, Tracepath, and PMTUD: Diagnosing Path Problems Master network path diagnostics on VyOS. Covers MTR interpretation, traceroute variants, PMTUD troubleshooting, detecting packet loss patterns, and why ping alone is never enough. 8 min read
  22. 22 TCP MSS Clamping: When and Why to Adjust Segment Size Master TCP MSS clamping on VyOS for tunnels and PPPoE. Covers MSS vs MTU, clamping configuration, troubleshooting fragmentation, and why MSS clamping fixes problems MTU changes cannot. 8 min read
  23. 23 Conntrack Deep Dive: Connection Tables, Limits, and Debugging Master VyOS connection tracking internals. Covers conntrack tables, tuning limits, timeout configuration, debugging full tables, and why conntrack is the invisible stateful firewall engine. 8 min read
  24. 24 Packet Capture on VyOS: tcpdump Techniques for Real Debugging Master packet capture on VyOS for troubleshooting. Covers tcpdump filters, capture strategies, decoding protocols, saving and analyzing captures, and why packets never lie. 8 min read
  25. 25 ARP and Neighbor Discovery: Troubleshooting Layer 2 Problems Debug ARP and IPv6 ND issues on VyOS. Covers ARP table analysis, stale entries, duplicate IP detection, proxy ARP, neighbor discovery, and why Layer 2 problems look like Layer 3 failures. 8 min read
  26. 26 Policy Routing Debug: Why Traffic Takes the Wrong Path Debug policy-based routing on VyOS. Covers rule evaluation order, mark verification, table inspection, common misconfigurations, and why PBR debugging needs systematic verification. 9 min read
  27. 27 BFD: Fast Failover Detection for Routing Protocols Implement BFD on VyOS for sub-second failure detection. Covers BFD timers, integration with BGP and OSPF, multihop BFD, and why routing protocol keepalives are too slow. 8 min read
  28. 28 Graceful Restart: Maintaining Forwarding During Protocol Restarts Configure OSPF and BGP graceful restart on VyOS. Covers GR mechanics, helper mode, restart timers, and why graceful restart prevents traffic loss during maintenance. 7 min read
  29. 29 BGP Communities: Signaling Intent Across Networks Master BGP communities on VyOS. Covers standard, extended, and large communities, common use cases, community-based filtering, and why communities are the language networks speak. 7 min read
  30. 30 Route Leaking Between VRFs: Controlled Connectivity Configure route leaking between VRFs on VyOS. Covers import/export policies, selective leaking, shared services, and why route leaking provides controlled cross-VRF connectivity. 8 min read
  31. 31 ECMP and Multipath: Load Balancing at the Routing Layer Configure ECMP on VyOS for route-level load balancing. Covers equal-cost paths, multipath BGP, hash algorithms, troubleshooting uneven distribution, and why ECMP is simple but requires understanding. 7 min read
  32. 32 BGP Dampening: Suppressing Route Flapping Configure BGP route dampening on VyOS. Covers dampening parameters, penalty calculation, route suppression, reuse thresholds, and why dampening prevents unstable routes from destabilizing your network. 7 min read
  33. 33 MPLS Introduction: Labels, LDP, and Packet Forwarding Understand MPLS fundamentals on VyOS. Covers label switching, LDP configuration, penultimate hop popping, MPLS forwarding, and why MPLS is still relevant for service provider networks. 7 min read
  34. 34 BGP-LU: Labeled Unicast for Scalable MPLS Networks Configure BGP Labeled Unicast on VyOS. Covers label distribution via BGP, inter-AS MPLS, seamless MPLS concepts, and why BGP-LU replaces LDP in modern designs. 6 min read
  35. 35 L3VPN: MPLS VPN for Multi-Site Connectivity Configure MPLS L3VPN on VyOS. Covers VPNv4 address family, route distinguishers, route targets, PE-CE routing, and why L3VPN provides scalable multi-tenant connectivity. 7 min read
  36. 36 VPLS: Layer 2 VPN Over MPLS Understand VPLS concepts and configuration. Covers virtual switch model, BGP signaling, pseudowires, MAC learning, and why VPLS provides multipoint L2 connectivity. 5 min read
  37. 37 EVPN: Modern Control Plane for L2 and L3 Services Understand EVPN architecture and concepts. Covers EVPN route types, MAC/IP learning via BGP, multi-homing, VXLAN integration, and why EVPN is the future of overlay networking. 6 min read
  38. 38 GRE, IPIP, and SIT Tunnels: Simple Point-to-Point Encapsulation Configure GRE, IPIP, and SIT tunnels on VyOS. Covers tunnel types, MTU considerations, keepalives, GRE keys, and why simple tunnels solve simple problems. 7 min read
  39. 39 VXLAN: Scalable L2 Over L3 Overlay Configure VXLAN on VyOS for datacenter overlays. Covers VXLAN concepts, static and multicast modes, head-end replication, MTU, and why VXLAN enables scalable Layer 2 networks. 7 min read
  40. 40 Dynamic Routing Over Tunnels: BGP and OSPF Through Encrypted Links Run routing protocols over VPN tunnels on VyOS. Covers OSPF over GRE/IPsec, BGP over WireGuard, tunnel interface selection, and why routing over tunnels requires careful planning. 7 min read
  41. 41 DDoS Mitigation at the Edge: Rate Limiting and Traffic Scrubbing Implement basic DDoS protection on VyOS edge routers. Covers rate limiting, connection limits, SYN flood protection, and why edge mitigation buys time for upstream solutions. 8 min read
  42. 42 RTBH: Remote Triggered Blackhole Routing Implement RTBH on VyOS for DDoS mitigation. Covers blackhole routing, BGP communities, triggering procedures, and why RTBH sacrifices the target to save the network. 7 min read
  43. 43 FlowSpec: Programmable Filters via BGP Understand BGP FlowSpec for traffic filtering. Covers FlowSpec rules, BGP distribution, rate limiting, and why FlowSpec enables network-wide filtering from a single point. 6 min read
  44. 44 NAT Logging: Session Tracking for CGNAT and Compliance Implement NAT session logging on VyOS. Covers connection tracking logs, log analysis, compliance requirements, and why NAT logs are essential for troubleshooting and legal requirements. 7 min read
← All series