Educause Security Discussion mailing list archives
Re: Vyatta routers
From: John Kristoff <jtk () CYMRU COM>
Date: Mon, 29 Mar 2010 13:19:03 -0500
On Fri, 26 Mar 2010 09:49:52 -0500 Kevin Carmical <KevinC () UCA EDU> wrote:
Actually, you're the only reply I got, even off-list. So, I would assume there aren't many people yet who have used them.
I heard back from a colleague and was given some additional details on their experience, but its probably atypical experience so take it with a grain of it. I'll summarize some of the comments here: There is a for-pay subscription version that is used as a route collector. It is based on Quagga, but they've done away with the IOS-like config in favor of an XML-based approach. The cli takes a bit of getting used to if you're used to IOS, but they also have a web-based GUI if you want it. They've added some additional authentication options, better SNMP support and VPN support. Some additional IPv6 support is a bit behind IPv4, but it is apparently being worked on. For example there is no prefix list support for IPv6 routes. First-line support is helpful, but higher tier support for more involved issues experience has been less satisfactory. The performance for doing route server kinds of things is very good. For example, screen scraping lots of routes takes seconds compared to a traditional hardware based IOS box.
We're looking at them as a (relatively) cheap way to secure a 10G connection. Everything I've seen from "normal" security vendors is well outside our ability to purchase, so I'm forced to look into a roll-your-own approach. I wouldn't really prefer that if we had options, but this is pretty much our only play at this point.
I'd suggest you look at BIRD too. Its gotten favorable reviews from some of the netops community recently. Relevant references: <http://bird.network.cz/> <http://www.ripe.net/ripe/meetings/ripe-59/presentations/filip-bird.pdf> <http://www.merit.edu/mail.archives/nanog/msg05243.html> <http://www.nanog.org/meetings/nanog48/presentations/Monday/Jasinska_RouteServer_N48.pdf> <http://www.uknof.org.uk/uknof15/Davidson-Bakeoff.pdf> John
Current thread:
- Vyatta routers Kevin Carmical (Mar 19)
- <Possible follow-ups>
- Re: Vyatta routers John Kristoff (Mar 25)
- Re: Vyatta routers Kevin Carmical (Mar 26)
- Re: Vyatta routers John Kristoff (Mar 29)