Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vyatta routers

From: John Kristoff <jtk () CYMRU COM>
Date: Mon, 29 Mar 2010 13:19:03 -0500
On Fri, 26 Mar 2010 09:49:52 -0500
Kevin Carmical <KevinC () UCA EDU> wrote:


Actually, you're the only reply I got, even off-list. So, I would
assume there aren't many people yet who have used them.


I heard back from a colleague and was given some additional details on
their experience, but its probably atypical experience so take it
with a grain of it.  I'll summarize some of the comments here:

There is a for-pay subscription version that is used as a route
collector.  It is based on Quagga, but they've done away with the
IOS-like config in favor of an XML-based approach.  The cli takes a bit
of getting used to if you're used to IOS, but they also have a
web-based GUI if you want it.

They've added some additional authentication options, better SNMP
support and VPN support.  Some additional IPv6 support is a bit behind
IPv4, but it is apparently being worked on. For example there is no
prefix list support for IPv6 routes.

First-line support is helpful, but higher tier support for more
involved issues experience has been less satisfactory. The performance
for doing route server kinds of things is very good. For example, screen
scraping lots of routes takes seconds compared to a traditional
hardware based IOS box.


We're looking at them as a (relatively) cheap way to secure a 10G
connection. Everything I've seen from "normal" security vendors is
well outside our ability to purchase, so I'm forced to look into a
roll-your-own approach. I wouldn't really prefer that if we had
options, but this is pretty much our only play at this point.


I'd suggest you look at BIRD too.  Its gotten favorable reviews from
some of the netops community recently.  Relevant references:

  <http://bird.network.cz/>
  <http://www.ripe.net/ripe/meetings/ripe-59/presentations/filip-bird.pdf>
  <http://www.merit.edu/mail.archives/nanog/msg05243.html>
  <http://www.nanog.org/meetings/nanog48/presentations/Monday/Jasinska_RouteServer_N48.pdf>
  <http://www.uknof.org.uk/uknof15/Davidson-Bakeoff.pdf>

John
Previous By Date Next
Previous By Thread Next

Current thread: