Policy-Based Routing (PBR)
PBR allows incoming packets to be forwarded based on policies, rather than just on the destination address. This enables the use of policies that selectively cause packets to take different paths based on defined criteria, such as source address, packet size, protocol, etc... By implementing policies that selectively cause packets to take different paths, network administrators have a powerful new tool for organizing and managing the network. Using PBR, administrators and managers are capable of: Increasing quality of service by giving preferential treatment to bandwidth sensitive or high-priority traffic Reducing capital and operating expenses by distributing select traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost, switched paths Prioritizing critical data over non-critical data Distributing traffic down multiple circuits to avoid connection overload
Virtual Tunnel Interface (VTI)
VTI is a way to represent policy-based IPsec tunnels as virtual interfaces. Vyatta's implementation of VTI mirrors proven industry standards for secure tunnel (st.xx). The advantage of representing an IPsec tunnel as an interface makes it possible to plug IPsec tunnels into the routing protocol infrastructure of a router. Therefore, it becomes possible to influence the packet path by toggling the link state of the tunnel or based on routing metrics. A VTI provides a termination point for a site-to-site IPsec VPN tunnel and allows it to behave like routable interfaces. In addition to simplifying the IPsec configuration, it enables many common routing capabilitiesto be used because the endpoint is associated with an actual interface. VTI benefits include: Simplified configuration of IPsec for protection of remote links Simplified network management and load balancing Dynamic routing through VTI No GRE overhead No need to use access lists to create a tunnel
IP routing protocols are designed to select a single best path to a given destination for forwarding traffic. However, many routing protocols have enhanced support for selecting multiple paths, with certain limitations. Multiple paths are useful for traffic engineering, load sharing, load balancing and to help provide quicker failover. This also reduces the probability of a link being left unused. BGP Multipath in Vyatta Network OS 6.5 enables the installation of multiple BGP paths to a destination into the IP routing table. BGP Multipath does not affect the BGP best path selection process. One of the available paths is still designated as the best path as per the standard algorithm and configured/operational conditions. This best path is also advertised to the BGP neighbors. The Vyatta implementations of BGP Multipath will support EBGP and IBGP, but will not support EIGBP, exclusive confed-external path set or MPLS/VPN.
IPsec for IPv6 Vyatta Network OS 6.5 delivers IPsec support for IPv6 using Internet key management protocol IKEv1. It will not deliver IPsec support for IPv6 using IKEv2. We anticipate that IKEv2 support will be introduced for both IPv4 and IPv6 in a subsequent release. Improved VRRP Commands The VRRP (Virtual Router Redundancy Protocol) operational mode commands have been modified to improve usability and ensure the commands are consistent with the command structure used throughout Vyatta Network OS.
I dont know about you but PDR is (IMHO) the best feature here - I also know the upstream work vyatta has done with Quagga to get this done and its pretty awesome. The other 2 - VTI is cool - but can be done with GRE, but its just simplier, and BGP Mutipath (not MP-BGP that would be awesome!!) is again cool but meh :)
For those that cant wait and want docuementation grab it here:
So thank you Vyatta for 6.5 and roll on core!!