"Why am I using vyatta
Recently one of our aging edge routers died - we always used a
vanilla Linux box with IPTables and Quagga, Someone on this blog
mentioned vyatta so I figured I should give it a look - we use our
edge routers as both firewalls and routers combined - vyatta seemed
to be able to do both in one package along with providing many
other services we had previously deployed on seperate manchines.
The BGP setup took about 20mins with vyatta and worked flawlessly.
There are two things however that we use which vyatta was a pain
with - one of which it couldnt do - IP accounting - and one it does
badly for a service provider - firewalling.
"Whats so bad about its firewalling
Well vyatta can firewal, and firewall it does well but we have a
shared firewall service, on our old routers it was a case of using
iptables to control the flow of packets in and out, and in vyatta
it is much the same - with the difference being you have to give
each of your "firewalls" a name and each of your rules a numeric
value. this in itself seems okay BUT you can only assign one
inbound and outbound firewall per interface, this means we have to
create one huge firewall with loads of numeric rules for inbound
and one for outbound the problem with this les in the WebGUI as
until you have clicked a rule you have no idea what it is (as per
this screen shot)"