Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
New Idea

EdgeOS as a VM

Submitted by - Sunday
Status: New Idea

Hello,

 

we currently run vyos as a vm in our infrusturcture. (in a commercial setting) while vyos is a great router os, lack of commercial support or fulltime development means it lacks a steady relase cycle.

 

before vyos, we used vyatta with much success. unfortunately brocade saw things differently, and sought to overprice vrouter and effectivly end all suport for the community edition. With the commercial edition restricively expensive we moved to vyos.

 

if Ubnt were willing to release a commercial edition of edgeos AS A VM with either a licenseing option or by purchasing a hardware router with the ability to 'migrate' the serial number to a vm etc. we would be the first to purchase it.

 

i know this has been asked before, however knowing that ubnt has hired a few of the previous dev team at vyatta, i feel this would be a nice homage to their roots of the USG, Edgerouter, and edgeswitch lines. 

 

 

EDIT: If ubnt would like to support the large enterprise and carriers  a VM is a must. alot of these types of infrustructures already have a full Hypervisor cluster in place which has much higher levels of redundancy than a single hardware appliance can provide.

many of the top network vendors have this already, from Cisco, to Fortinet, to Juniper. if UBNT wants to gain market share against those brands this would be a fairly easy way to do so with very litle R&D cost, as compared to a hardware device.

Upgrade Linux kernel to at least 4.4

Submitted by - Thursday
Status: New Idea

There are a number of requests that depend on having firmware based on a newer Linux kernel. The 3.10 series kernel is already EOL as of Nov. 5, 2017 (a couple of weeks prior to this posting) and not recommended for use by its maintainer, even if it were upgraded to the latest 3.10.108 instead of the current 3.10.14:

 

https://lkml.org/lkml/2017/11/4/178

 

As I understand it, there are challenges to upgrading the EdgeOS kernel due to dependencies on the Cavium and MediaTek SDKs, as well as UnionFS support not being in newer kernels. It should be possible to overcome each of these things with some effort and investment, and it's a requirement for keeping the EdgeOS platform relevant.

 

This request originally came about because of an effort to include the Cake shaper, which would bring a real improvement for control of latency under load as compared to the currently shipped fq_codel. Cake has been compiled for EdgeOS, but is very difficult to keep backported to the 3.10 series:

 

https://community.ubnt.com/t5/EdgeMAX-Feature-Requests/Cake-shaper-support/idi-p/1885749

 

However, a newer kernel is also necessary to maintain a secure, stable and performant platform in general. The 4.4 kernel series has a projected long-term EOL of Feb, 2022, and thus might be a good minimum version to target.

Disabling a port on an EdgeRouter should bring the ethernet carrier down.

Submitted by - 2 weeks ago
Status: New Idea

Currently on all EdgeRouters, disabling a port, leaves the ethernet carrier up and the lights continue to blink.

In the case of EdgeRouters with switch chips, data continues to pass through the switch on disabled ports assigned to a switch.  On routed ports (not on a switch), the routing is stopped, but ethernet hardware kept up on both ethernet and SFP ports. 

 

 

The desired behavior is to drop the hardware ethernet carrier state when a port is disabled.  This allows quick ospf triggering of port down state and is common sense behavior when someone plugs a cable into a disabled port.

 

 

 

For those with alpha forum access, see also here:

 

 

https://community.ubnt.com/t5/EdgeMAX-Alpha-NDA/Should-disabling-an-interface-drop-the-ethernet-connection/m-p/2130148#M5922

IPv6 VTI Support

Submitted by - 2 weeks ago
Status: New Idea

Greetings,

 

It would be great if we could have IPv6 VTI support so that we don't have to use GRE over IPsec to get an interface. 

Add sha265 and sha512 as options for remote access VPN as well as being able to change cipher.

Submitted by - 4 weeks ago
Status: New Idea

Add sha265 and sha512 as options for remote access VPN as well as being able to change cipher. 

Update radvd to v2.17: Unicast RS->Unicast RA responses

Submitted by - 3 weeks ago
Status: New Idea

Please ship a newer RADVD version.

 

Changes from v2.16 to v2.17

https://github.com/reubenhwk/radvd/compare/v2.16...v2.17

 

Notable:

  • Implements RFC 7772, section 5.1 - Unicast RS gets a Unicast RA response, reduces multicast RA storms.

 

Disclaimer: I'm one of the upstream maintainers for RADVD.

RFC 6296 Support (IP6-IP6 Npt)

Submitted by -
Status: New Idea

The title says it all.  This is needed to be able to use ipv6 in a dual WAN scenario.

Simply to Use Block/Black List for Emerging Threats using Multiple Sources (e.g. Spamhaus)

Submitted by -
Status: New Idea

I believe there are various threads in the EdgeMax forum discussing and making available various scripts to auto-populate and compile list of networks and addresses from various reliable sources such as SpamHaus to block.

 

https://community.ubnt.com/t5/EdgeMAX/Using-spamhaus-lists/td-p/578909

https://community.ubnt.com/t5/EdgeMAX/Emerging-Threats-Blacklist/td-p/645375

 

Is it possible for UBNT to consider making this a feature available to all users who may not be skilled enough to do so manually?

Add Qualcomm Fast Path support

Submitted by -
Status: Accepted

It seems the Qualcomm Fast Path module improves the performance a lot.

 

It will be great if this can be added into EdgeOS.

 

See also:

https://forum.lede-project.org/t/qualcomm-fast-path-for-lede/4582

Add htop to standard image

Submitted by - a month ago
Status: New Idea

I'd love to see htop added to standard image on EdgeOS routers. It is very useful when debugging performance when there's a need to watch each core separately. Current top doesn't provide this details.

 

P.S.: I understand htop can be added via dpkg, but this brings brings another issue with limited storage on ER-X series and unnecessary repo config and apt-cache space use. Having htop in standard image would be the most efficient way.

RPKI

Submitted by - a month ago
Status: New Idea

Please add support for RPKI. Securing BGP will eventually be a must and would be a very welcome feature. Most RIR's are have endorsed RPKI and built out infrastructure to support it.

Send DPI statistics to UniFi controller.

Submitted by -
Status: New Idea

Please allow for DPI data to be sent to the UniFi controller. I do not need to be able to make any changes from UniFi. I would just like to populate DPI statistics.

L2TP over IPSec client implementation

Submitted by -
Status: New Idea

Dear all,

 

I would like to see the feature implemented of having an L2TP over IPSec client running on the EdgeRouter. We have serval instances where we need this for client implementation where native IPSec to IPSec is due to technical restriction on the remote end is not an option. My thoughts to the features would be:

- ideally configurable via GUI

- define specific remote networks for routing (or have them advertised by head-end)

- status shown in vpn section

 

I have also seen some others asking for such a solution in the forums, so I am hoping for some support for this implementation request.

 

Kind regards,

 

Edge2Unifi

Queue GUI configuration

Submitted by -
Status: New Idea

Greetings from Australia!

 

My feature idea is to effectively 'queue' changes made in the GUI and commit them after you've finished, as you would if making amendments via CLI. 

 

For example:

Changing settings/config such as creating new vif, changing descriptions or creating additional interface addresses. After you've made all your changes, clicking a "Sync/Commit/Save" button or something of the sort.

 

Haters will say "USE THE CLI", however sometimes it's just faster to GUI it. User experience in the GUI would also be improved as the speed would be significanty increased based on saves etc.

SSL certs from https://letsencrypt.org

Submitted by -
Status: New Idea

I really would liek to see the end of Self-signed certs and implemnetion of https://letsencrypt.org for EdgeOS.

This would be great move in right direction for out of the box SSL.

 

Add a clear ip ospf process to commits that require it.

Submitted by -
Status: New Idea

Certain changes make ospf stop working until a "clear ip ospf process" command is issued to cause a reboot of ospf and re-convergence with other routers.

 

For example a change to the ospf router-id:

 

set protocols ospf parameters router-id 10.50.14.14

 

Right now, edgeOS issues a warning after the commit (on the above router-id change) that the clear ip ospf process needs to be issued.

 

But unfortunately, by the time the message is displayed, ospf has already stopped working and the message would only be seen if you are locally connected to the router.  

 

If the ospf router-id is changed while connected to the router via OSPF, then you will loose connection to the router and never be able to issue the "clear ip ospf process" to get access back.

 

You could stack the clear ip command to the commit, but not everyone would know or remember to do that.

 

It seems that EdgeOS is already able to detect that the clear ip ospf process is required.  So instead of issuing a warning that probably won't be seen, it should just clear the process and give a message that it did so.

 

If there is some reason I'm not thinking of where you wouldn't want this to be automatic, then give a message like:

 

ospf process will be cleared in 30 seconds.  (Abort?)

 

This would allow those folks that for some reason wouldn't want it cleared yet to abort the auto clear.

 

Anyhow, I think this would save a lot of people from loosing connection to their routers and truck rolls.  Most routers running ospf will be accessed via OSPF and never see the current message. 

https and ssh enabled by default and update to support modern crypto for EdgeSwitch

Submitted by -
Status: New Idea

With the edge router this is already the case, the edge switch should be the same. With EdgeOS HTTPS is enabled with an auto generated 2048 bit SHA-256 cert and http -> https redirect, not the insecure manulaly generated 1024bit SHA-1 cert one has to specifically enable in edgeswitch. The EdgeSwtich should ship with secure defualts, not the very insecure defaults that take a fair amount of effort to try and make secure. SSH v1 should not be offered as an option, and the ability to use edsa or better ed25519 keys should be added. Disabling telnet by default would be a plus. 

Cake shaper support

Submitted by -
Status: New Idea

I would like to have support added for the Cake shaper (https://www.bufferbloat.net/projects/codel/wiki/Cake/). This shaper is working well for me with Smart Queue Management on LEDE 17.01 to eliminate bufferbloat (https://www.bufferbloat.net/projects/) better than the EdgeMax Smart Queue feature and fairly share bandwidth per LAN IP address rather than per connection on an ADSL2+ link. I have "dual-dsthost nat" set for the ingress queueing discipline and "dual-srchost nat" set for the egress queueing discipline.

 

sch_cake kernel module:

https://github.com/dtaht/sch_cake

 

Patch to add cake support to iproute2:

https://raw.githubusercontent.com/lede-project/source/master/package/network/utils/iproute2/patches/950-add-cake-to-tc.patch

 

QoS scripts:

https://github.com/tohojo/sqm-scripts/blob/master/src/layer_cake.qos

https://github.com/tohojo/sqm-scripts/blob/master/src/piece_of_cake.qos

 

I am using the layer_cake.qos script at the moment.

Update to OpenVPN 2.4.0 on Edgerouter

Submitted by -
Status: Accepted

Please update the OpenVPN version as the current server only supports TLS 1.0)

 

Thanks

Boot to alternate image using HW reset button

Submitted by -
Status: New Idea

Is it possible to change the HW reset button function such as

 

  1. Push-hold 1-5 seconds - reboot
  2. Push-hold 5-10 seconds - boot to alternate (2nd/previous) image (if exists of course) <- NEW FUNCTIONALITY
  3. Push-hold 10+ seconds - wipe/restore config.boot (same functionality as today)

I'd like to see this especially on ER models that don't have HW console port i.e. ER-X, ER-X-SFP and similar.

 

This will help with recovery of botched configs. Instead of resetting config.boot to defaults and restoring backup and/or previous image this will speed up things significantly. Especially on remote locations one can instruct local staff to hold the button for 5-6 seconds and get the router to previous state in no time.