Vyatta: Growing up quickly


For those of you who don't know, Vyatta is an open source network appliance that functions as a router, firewall, and VPN device, all running on a customized version of Debian Linux. I have been following the progress of Vyatta for over a year now, and things are looking very promising. The latest release is called VC4 (Vyatta Community edition) and it includes a bunch of useful new features:
  • New command shell allows you to modify Linux settings and network settings from one common interface
  • Redesign of routing protocol offers greatly improved stability and performance
  • Role-based user access
  • Equal-cost multi-path routing
  • Remote access VPN
  • Support for IP tunneling protocols
  • PPPoE support, commonly used with DSL connections
  • WAN load balancing of outbound traffic across two or more WAN-facing interfaces
  • Quality of Service policies provide congestion management and traffic conditioning
As you can see, a lot of exciting changes have been made in the short six months since the previous release. The routing improvements are related to the change from XORP to Quagga. The added QoS capabilities will make Vyatta a good fit for VoIP deployments. The only negative to this release is that Vyatta had to temporarily remove the GUI web-interface until they can integrate it, which is scheduled for July, 2008. Overall, Vyatta is becoming a a compelling option for replacing some of your over-priced network equipment.

Where does Vyatta fit in my network?

Vyatta can be deployed in several places on a network. The most obvious function for Vyatta is to replace your WAN routers and branch routers. Vyatta has made it easy to compare their products versus similar Cisco routers by funding third-party studies. You can read the results versus a low-end Cisco router and a high-end Cisco router. I am hoping that their next report will be a comparison with a security device like the Cisco ASA, which has similar functionality to Vyatta (router + firewall + VPN).

Another way to deploy Vyatta is within a virtualized infrastructure like VMware or Virtual Iron (which uses the open source Xen hypervisor). These technologies are often found in data centers, and are becoming more and more popular due to the advantages of virtualization. Vyatta can take advantage of the virtualized infrastructure because it runs on the same hardware as the data center servers. This means that you can install dozens of Vyatta network appliances in your server farm using standardized hardware, as opposed to buying proprietary network gear that is severely overpriced.

Keep in mind that Vyatta will not soon replace switches with high-density ports and high-speed backplanes. In these cases, hardware ASICS are required to achieve high performance at an efficient price.



What is the Vyatta business model?

The Vyatta open source project is sponsored by a commercial entity named Vyatta. All of the source code used to create Vyatta is freely available under the BSD or GPL license. Vyatta releases a community edition once every 6-months that is completely free to use. This community edition works great for testing environments, small deployments, and budget-starved projects. However, most serious businesses using Vyatta will require access to security updates and bug fixes that come out in between the community edition releases. These businesses will want to purchase a Vyatta subscription which provides software updates, along with two levels of technical support. Vyatta also sells a few hardware appliances that include Vyatta pre-installed and certified.

The future of Vyatta

Based on the tremendous improvements Vyatta has made over the past year, it is likely that they will continue to add new features, higher scalability, and more stability to their product. Planned improvements are listed in a public road map, and users can even vote for their favorite features. Customers with paid subscriptions get more votes than non-customers.

The road-map shows that Vyatta is going to focus on security and simplicity for the next release. The security improvements include adding intrusion detection and prevention (Snort), anti-virus (ClamAV), and SSL VPN connections (OpenVPN). The simplicity improvements will include an updated web-interface, and perhaps a cross-platform, clientless, remote-access VPN using SSL.

Disclaimer: My company sells Vyatta products and services.

Comments

  1. skytech6/07/2008 11:27 PM

    hi,

    i just lunched my blog and my first post was a little ;) to vyatta please visit my blog at skytechnetworks.blogspot.com

    nassim,

    ReplyDelete

Post a Comment

Popular posts from this blog

Using the Cisco console in Linux

Image
Introduction People who work with Cisco network equipment need to be able to connect to the console port on their devices. In Windows, you can simply fire up HyperTerminal to get basic access to your devices. If you are using Linux, then you need to know how this can be done with an application called Minicom . Hardware First, you are going to need a Cisco console cable , a Cisco device, and a computer. If your computer has a serial port , then you can use the standard console cable that comes with every Cisco device. If you do not have a serial port (like most new laptops), then you need to purchase a USB to Serial adapter that supports Linux. This device will allow you to use the standard Cisco cable, which has a serial port on one end. Install Minicom You can easily install Minicom by using "System > Administration > Synaptic Package Manager". Search for "minicom" and choose to install the package. Click "Apply" and Minicom should be insta
Read more

Linux NIC teaming recommendations

Image
Introduction In my job as a network engineer, I am constantly looking for ways to increase the availability of the network. This is especially true in the data center, where services are expected to always be available. One of the ways to increase the network availability of a server is by using multiple network interfaces. This technique has many different names, but I am just going to call it NIC teaming. Purpose of NIC Teaming NIC teaming increases network availability by removing single-points-of-failure (SPOF). These SPOFs are components that will cause a service outage if they become unavailable. If we consider a single network connection from your server to your switch, we can identify quite a few SPOFs: Server NIC failure Network cable failure (such as being cut or unplugged) Network switch failure (such as a planned firmware upgrade or unplanned outage) Methods of NIC Teaming The reason I am writing this blog is to help people understand the different options for NIC team
Read more

What it takes to make Ubuntu ready for use

I recently installed Ubuntu 6.10 on a new PC at work. In this post I will document all the steps I had to perform to get it ready for everyday use. Each step is assigned a level of difficulty, which I define below: Very Easy Step can be completed without using the command prompt Intuitive to complete Easy Step can be completed without using the command prompt May require searching to find the right place to make the change Medium Requires a single command to be entered at the command prompt Requires searching internet resources to find the solution Hard Requires multiple commands to be entered at the command prompt Requires searching internet resources to find the solution Very Hard Requires multiple commands to be entered at the command prompt Requires searching internet resources to find the solution Requires the user to manually edit a configuration file These criteria are quite strict, because I believe that using an operating system should be intuitive, and not require any spec
Read more