Halophile Router (a VyOS-based, SaltStack-automated, NetBox-configured router for small provider networks)
We've learned plenty of lessons running this in production, so we've wrapped up our changes and brought them to v0.2:
prevent route-leaks with "bgp parameters default no-ipv4-unicast" (see T1148 for more information)
support default-originate for each address-family for a BGP neighbor
add -LONG- variants hphr-DFZ-LONG-IPv4, hphr-DFZ-DEFAULT-LONG-IPv4, hphr-DFZ-LONG-IPv6, hphr-DFZ-DEFAULT-LONG-IPv6 as prefix-lists for e.g. transit customers who should receive "longer than usual" prefixes from your AS
add most-specific boolean to prefix-lists auto-generated by bgpq3 so that e.g. you can accept more specifics from downstream customers to whom you provide multiple transit links
change netflow sampling to be done by iptables -m statistic rather than sending all packets to uacctd, which has a marked improvement on CPU usage
use iptables --nflog-size 64 where --nflog-range 64 is deprecated
We are running this release in production at AS41495, across multiple datacentres with transit, peering, core links, and downstream customers all speaking to our hphr-powered VyOS routers. You can find out more about our deployment:
We were originally scheduled to speak about hphr at UKNOF46 in April. This has been postponed till 26th October 2020.
This release is based off the version of vyos.conf.j2 we use in our private repository, but with a cobbled-together set of example pillar data.
We use this in production at AS41495 aka FAELIX but for now I am marking this as a pre-release as it comes with no warranty — if it breaks your network, you get to keep all the pieces.