Vyatta the ultimate open source router

[ Thanks to An Anonymous Reader for this link. ]

"Why am I using vyatta
Recently one of our aging edge routers died - we always used a vanilla Linux box with IPTables and Quagga, Someone on this blog mentioned vyatta so I figured I should give it a look - we use our edge routers as both firewalls and routers combined - vyatta seemed to be able to do both in one package along with providing many other services we had previously deployed on seperate manchines. The BGP setup took about 20mins with vyatta and worked flawlessly. There are two things however that we use which vyatta was a pain with - one of which it couldnt do - IP accounting - and one it does badly for a service provider - firewalling.

"Whats so bad about its firewalling
Well vyatta can firewal, and firewall it does well but we have a shared firewall service, on our old routers it was a case of using iptables to control the flow of packets in and out, and in vyatta it is much the same - with the difference being you have to give each of your "firewalls" a name and each of your rules a numeric value. this in itself seems okay BUT you can only assign one inbound and outbound firewall per interface, this means we have to create one huge firewall with loads of numeric rules for inbound and one for outbound the problem with this les in the WebGUI as until you have clicked a rule you have no idea what it is (as per this screen shot)"

Complete Story

Related Stories:

• First release of nftables(Mar 20, 2009)
• Vyatta 5 Advances Linux Routing(Mar 10, 2009)
• Linux ideal for software appliances, says Novell(Feb 27, 2009)
• 5 Best Linux/BSD Firewall Tools(Dec 17, 2008)
• Vyatta Expanding Linux Networking Appliances(Dec 06, 2008)
• Vyatta Linux Router, Pt 2.(Aug 08, 2008)
• Vyatta Aims Higher(May 27, 2008)
• Vyatta Scaling Linux Up For Networks Big and Small(Apr 21, 2008)
• Vyatta 10 Gigabit Open Router Throws Down Gauntlet for Cisco(Apr 04, 2008)