VyOS cloud support platform strategy

Recently we have merged the old VyOS product on Amazon (which was free as in price) with the new one listed by Sentrium (reminder: the company setup by VyOS maintainers to provide commercial services for VyOS) that is available at ~$60/year as a means to support the project. It’s probably a good time to talk about our cloud platform support strategy.

It’s quite obvious that cloud platforms are popular, and that VyOS is often used as an alternative to their own VPN and routing facilities or proprietary products, because of both functionality and price. So far we’ve been providing our official EC2 AMI for free. This approach is not exactly sustainable since we ourselves do not benefit from it in any way, but the support level required of an AMI listed on the marketplace creates work that has to be done, and so far (past the initial contribution of the person who wrote the first AMI build scripts) it has been done solely by the maintainers.

And, let’s face it, VyOS needs funding sources. There are many activities that get virtually no community participation, including documentation writing, code refactoring, developing automated tests and so on. We are grateful to everyone who contributes, but that’s not enough to keep VyOS as a service provider and enterprise quality router. Migration to Jessie was the point when making an enterprise quality router OS by few people in spare time stopped scaling, and now, at least until we refactor the whole system to be easy to maintain and extend, either it's going to take a very long time to get done or we need a way to free the time of the maintainers and hire some community members (or someone else) to get it done at reasonable pace.

Some companies mentioned a possibility of corporate sponsorships but those offers failed to materialize, donations likewise have been enough only to pay for domains and some hosting. Switching to a RedHat-like model with paid access to LTS releases is something that we are considering, but not until a stable 1.2.0 release is made. As for now, an alternative revenue stream is needed to break the cycle, and making the official cloud images paid looks like the most viable option. This wasn't an easy decision, but it had to be made.

We've been keeping both the old (free as in price) 1.1.0 listing and new paid listing updated to 1.1.8 active for a while and so far the new one has been positively received and is already bringing us a small profit. We hope most of the old AMI users will choose to support the project as well, but if not, you have time until February 2018 to migrate your setup to self-built or community AMIs.

Most importantly

VyOS will remain free as in freedom forever — the goal of the project was and is to make a free and open source router that people can study and modify. It will always be possible to build a cloud image yourself and use it for free. While we hope most cloud users who run unmodified images will choose to support the project, trying to prevent people from building their own image would be against the free software ideals. We are also not going to hide the build scripts we use for building the official images, so self-built images will be identical to the official ones — without the convenience of deploying them in one click from the marketplace.

The AMI build scripts for 1.1.x can be found at https://github.com/vyos/build-ami

The build process is fairly straightforward and boils down to "./build-ami $isoURL". Right now it only takes signed releases and ourselves we test new images by upgrading already deployed instances to them, but we may add an option to allow building AMIs from unsigned images in the future.

Free access for contributors

The point of the whole deal is not just to make money for the maintainers, it's to make VyOS a better system and people who support VyOS by contributing to it are equally valuable as people who support it financially by using the paid images.
Everyone who had merged pull requests before this time or made substantial contribution to the documentation, automatically qualifies. New contributors who contribute to high priority areas (particularly, fix bugs in 1.2.0 and/or document the yet undocumented features) will also get free access. Active evangelists may also quality.

Pricing

Currently on the AWS, the base price is set to the minimum possible value of $0.01/hour (or ~$60/year). We expect to follow the same pattern on other cloud platforms, as we'd rather have more people support the project than make it affordable only for bigger companies.

We've compiled a comparison of prices and features of different virtual routers available on the AWS marketplace now to show where VyOS stands in the price/features ratio landscape. It includes products that are exactly routers (rather than SD-WAN or application security solutions) to make them directly comparable, and since the typical role of VyOS in the cloud is a VPN gateway, the focus is on VPN and routing features. Features are considered supported if they can be configured through the default configuration interface, whether out of the box or after installing a plugin in an officially supported way (i.e. without installing packages and editing daemon configs by hand). If we've got anything wrong about the features of other products, please correct us.

Price comparison

Product Price
Amazon gateway From $400/year per instance if I got that right
Cisco CSR 1000v From $2300/year per instance
Juniper vMX From $400/year per instance
pfSense From $75/year per instance
Mikrotik RouterOS From $45 per instance, perpetual
VyOS From $64/year per instance
CloudRouter Free

Feature comparison

Product IPsec site-to-site VTI DMVPN OpenVPN client-server OpenVPN site-to-site VXLAN L2TPv3 L2TP/IPsec Dynamic routing
Amazon gateway Yes Yes No No No No No No Yes (BGP)
Cisco CSR 1000v Yes Yes Yes No No No Yes Yes Yes
Juniper vMX Yes Yes Yes No No Yes Yes Yes Yes
pfSense Yes No No Yes Partially No No Yes No
VyOS Yes Yes Yes Yes Yes Yes Yes Yes Yes
Mikrotik RouterOS Yes No No Partially
No No No Yes
Yes

Future cloud platform support

We are planning to expand out presence to other major platforms, including Microsoft Azure, Google Cloud Platform, and Alibaba Cloud. Whereever cloud images can be built without human interaction, we are going to make image build scripts free and open source just like for EC2 and keeps the pricing similarly low to our AWS offer.

Also, we forgot to hide a t-shirts discount in the release post, so we are going to fix it here: https://teespring.com/stores/vyos?pr=GOAWS

8 responses
This a great idea, and frankly I think it's overdue. VyOS is a great product and having those AMIs maintained and pre-built is well worth the fee. However, a couple of notes: * You say "Amazon gateway From $12000/year, plus $30/month per tunnel" -- There isn't any $12,000 / year fee. We do AWS VPN for MANY customers, and there is definitely not a $12,000 fee. * For your fee -- $0.01 * 24 * 365 = $87.60 --- not $60, but still a reasonable expense.
Hi Mike, Perhaps I misinterpreted their pricing page. I removed the reference to $12k from the post for the time being, please tell us what the actual price is. From https://aws.amazon.com/vpc/pricing/ I inferred by the same logic that 0.05*24*365 = 13140 As of $87 vs $60 (or 64?), the starting price is given for the yearly subscriptions which are cheaper. CSR 1000v and vMX are considerably more expensive if billed hourly rather than yearly.
Ah, yeah, the effect of sleep deprivation are taking their toll. I see the extra multiplier in my formula now. ;) Is ~$400 per tunnel the correct price?
Hi Daniil - thanks for the fast response. Yes -- $438/year is correct for the AWS VPN Connection ($0.05*24*365). Again - great product, I'm very glad to see you taking this step! The fact that you are a legit viable alternative for CSR/vMX speaks for itself. All the best, Mike
4 visitors upvoted this post.