Introduction to NETSHe

NETSHe is a set of software for embedded systems, such as network devices (routers, network gateways, CPEs, firewalls, access points, switches), network storages and industrial systems.

NETSHe is available as firmware for different SBCs and (or) as prebuilt software package set for some Debian-based distributives.
Software are built around the following features:

• own configuration subsystem
• own initialization subsystem (start-up scripts and event processing).
• management Web Interface
• command line interface.

Main idea of NETSHe

The main idea of NETSHe is to provide a user with a considerable number of functions managed through web and (or) well-known command line interfaces.
Effective web-interface management reduces requirements to the user`s qualifications, which subsequently results in reducing the total cost of ownership.
At the same time, NETSHe provides well-known patterns of command line interface to save time and cost for migration between products with Cisco-like CLI and NETSHe.
NETSHe is general-purpose software functioning on numerous hardware platforms. For all these platforms NETSHe provides a general-purpose feature set and a general management interface, that also reduces total cost of ownership.
Introduction of the functional which is not available in the analogs is another substantial contribution of NETSHe.

Primary features of NETSHe

NETSHe has the following features:

• Network interface management (including dynamic, tunnel and wireless);
• VLAN's, QinQ and aliases. VLAN tagging, untagging and tag switching;
• Dual stack (IPv4 and IPv6);
• Advanced routing (static, multipath, policy-based, IS IS, RIP, RIP NG, EIGRP, OSPF, OSPFv3, BGP, NHRP, PIM and LDP for some platforms);
• VRF;
• Zone based firewall;
• Bridges with brouter and filtering capability;
• Interface bonding;
• Quality of Service, bandwidth management, traffic shaping, rate control and traffic prioritization;
• L7 based (application patterns based) IP-traffic filtering and marking;
• Extended management of wireless interfaces; Access Point, Ad-Hoc, Client and Repeater mode with (or without) variable WEP encryption modes, WPA-PSK, WPA2-PSK, WPA3-PSK, WPA-EAP, WPA2-EAP, 802.11X authorization and key management;
• Access concentrator for variable VPN's (PPTP, L2TP and OpenVPN);
• IPSEC support (for L2TP VPN solution too);
• PPPoE access concentrator;
• Ethernet over PPP connections passthrough (BCP implementation) for PPP, PPPoE, L2TP, PPTP connections;
• Hot-spot controller with external UAM-authorization; walled garden and bandwidth management;
• Authorization and accounting through external radius-server;
• Built-in IP-address assignment or assignment through external radius-server;
• DHCP server with flexible rules; dynamic IP-address assignment; static IP-address assignment; configurable black-list mode for DHCP requests from specified MAC's;
• DHCP relay with option 82 support;
• Network time synchronization server and client. Server integration with DHCP server. PTP support.
• Built-in HTTP proxy with ability to use upstream proxy;
• Full software management; support of external software repositories; software installation and deletion;
• User management; two levels of user access via Web-interface: full and read-only. RADIUS/TACACS based authrization with miltiple privilege levels for CLI access;
• External storage management; SWAP control;
• System monitoring; chart graphing in a near real-time mode;
• System monitoring through SNMP v2 or v3 protocol;
• Configurable system backup; backup images can be moved to external devices and/or network shares;
• Files and folders restoration;
• Backup and restoration of configurations;
• Firmware flashing;
• Traffic capture and analysis;
• System halt and reboot;
• Some helpful utilities.

NETSHe use cases and typical applications

NETSHe is applicable as router, AP, CPE, firewall, switch firmware for SOHO and SMB markets.
Usually, it has more features than default firmware.

NETSHe layout in brief

NETSHe uses modified build system, kernel and a lot of packages from OpenWRT snapshots (http://www.openwrt.org) with the addition/replacement of some original software packages (NETSHe web-interface, in particular; configuration subsystem and so on) and some modified software packages. It is not true that NETSHe can be installed instead of OpenWRT and OpenWRT can be installed instead of NETSHe using sysupgrade process meantime, some hardware platforms that have support for both OS can be upgradable.

It should be noted that NETSHe is not compatible with OpenWRT:

• NETSHe uses own single file configuration system (or two files for extended routing platform).
• Some software packages differ from each other.
• Some files/packages are (un)available.
• NETSHe has own WebUI.
• NETSHe has Cisco-like CLI.
• Basic system requirements are different.