Linux Today: Linux News On Internet Time.

Vyatta the ultimate open source router

Apr 24, 2009, 21:32 (0 Talkback[s])

[ Thanks to An Anonymous Reader for this link. ]

"Why am I using vyatta
Recently one of our aging edge routers died - we always used a vanilla Linux box with IPTables and Quagga, Someone on this blog mentioned vyatta so I figured I should give it a look - we use our edge routers as both firewalls and routers combined - vyatta seemed to be able to do both in one package along with providing many other services we had previously deployed on seperate manchines. The BGP setup took about 20mins with vyatta and worked flawlessly. There are two things however that we use which vyatta was a pain with - one of which it couldnt do - IP accounting - and one it does badly for a service provider - firewalling.

"Whats so bad about its firewalling
Well vyatta can firewal, and firewall it does well but we have a shared firewall service, on our old routers it was a case of using iptables to control the flow of packets in and out, and in vyatta it is much the same - with the difference being you have to give each of your "firewalls" a name and each of your rules a numeric value. this in itself seems okay BUT you can only assign one inbound and outbound firewall per interface, this means we have to create one huge firewall with loads of numeric rules for inbound and one for outbound the problem with this les in the WebGUI as until you have clicked a rule you have no idea what it is (as per this screen shot)"

Complete Story

Related Stories: