[AusNOG] SPAM-LOW: Re: SPAM-MED: Re: Firewall
Kristoffer Sheather @ CloudCentral
kristoffer.sheather at cloudcentral.com.au
Wed Feb 25 12:58:22 EST 2015
Keep in mind that bugs in software are easier to diagnose / fix / make code level changes to than hardware. Good luck running a debugger on your Brocade / Cisco / Brand XYZ router/firewall/whatever's. Maybe its possible and I'm glad to be corrected.
Regards,
Kristoffer Sheather
CloudCentral
Mobile: +61 475 048 864 | Switch: +61 2 6160 7624 | Email: kris at cloudcentral.com.au
LinkedIn: | Skype: kristoffer.sheather | Twitter: http://twitter.com/kristofferjon
----------------------------------------
From: "Tim Raphael" <raphael.timothy at gmail.com>
Sent: Wednesday, February 25, 2015 12:37 PM
To: kris at cloudcentral.com.au, "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] SPAM-LOW: Re: SPAM-MED: Re: Firewall
"Fairly stable" being my key point - I've come across many a bug that can't be worked around nor explained. The developers are community backed and doing a great job by I get the impression the quality isn't quite at the same level as the commercial offerings. For a free product though, it is rather good.
The Cisco CSR1000V isn't as pricey as you might think, same with the vSRX. I can't comment on NX-OSv or vMX however. There might be other methods but none so far offer a decent level of support, regular and predictable code releases and advanced features beyond basic routing / NAT / firewall / VPN - think along the lines of EVPN, VPLS, VXLAN and other emerging and developing technologies.
- Tim
On Wed, Feb 25, 2015 at 9:23 AM, Kristoffer Sheather @ CloudCentral <kristoffer.sheather at cloudcentral.com.au> wrote:
----------------------------------------
From: "Tim Raphael" <raphael.timothy at gmail.com>
Sent: Wednesday, February 25, 2015 11:38 AM
To: kris at cloudcentral.com.au
Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
Subject: SPAM-LOW: Re: [AusNOG] SPAM-MED: Re: Firewall
Network Function Virtualisation (NFV) is becoming a bigger and bigger deal with support for x86 in Cisco, Juniper and many other vendors improving by the week.
> Certainly is.
VyOS (formerly Vyatta) I know is in use by a lot of cloud providers as it provides a fairly stable platform for basic routing / firewall / VPN termination but I wouldn't want to run "core" network roles on it.
> Why not?
VMWare and their NSX Edge Services Gateway is also looking to be an option for the cloud services space with quite advanced features aimed at cloud tenants wanting greater control over routing, firewall, load balancing and SSL VPN features.
> Very nice, but pricey. There are alternative methods to achieve the same end result.
The offerings from Cisco (CSR1000V, NS-OSv) and Juniper (vSRX and vMX) are looking very promising also (licensing costs aside) for the possibility of running production network loads within x86 hardware.
> Agreed, add the Brocade vRouter 5600 with Intel DPDK to that list, all of those options are pricey of course.
Just my 2c.
- Tim
On Wed, Feb 25, 2015 at 6:25 AM, Kristoffer Sheather @ CloudCentral <kristoffer.sheather at cloudcentral.com.au> wrote: Yes, we are running Vyatta's for all of our sites. The speed is quite good (IMHO & YMMV).
Regards,
Kristoffer Sheather
CloudCentral
Mobile: +61 475 048 864 | Switch: +61 2 6160 7624 | Email: kris at cloudcentral.com.au
LinkedIn: | Skype: kristoffer.sheather | Twitter: http://twitter.com/kristofferjon
----------------------------------------
From: "Alex Samad - Yieldbroker" <Alex.Samad at yieldbroker.com>
Sent: Wednesday, February 25, 2015 9:14 AM
To: "Skeeve Stevens" <skeeve+ausnog at theispguy.com>, "Sam Sarkis-UIP" <ssarkis at unitedip.net.au>
Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>, "ausnog at ausnog.net" <ausnog at ausnog.net>
Subject: SPAM-MED: Re: [AusNOG] Firewall
Hi
Interesting, I just went to VMUG yesterday, listen to a lot about NSX. Previously tried to stay away because of the enterprise licensing cost, but relooking at it again.
I noticed nobody mentioned it in the hypervisor env
Is anyone running soft routers (VMs/non Hardware) as an ISP/provider.
I thinking you can't beat silicon for pure switching . routing ?? and then coupled with something further up the stack, does switching/routing on the host of a hypervisor make more sense ?
A
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Skeeve Stevens
Sent: Tuesday, 24 February 2015 10:17 PM
To: Sam Sarkis-UIP
Cc: ausnog at lists.ausnog.net; ausnog at ausnog.net
Subject: Re: [AusNOG] Firewall
Sounds like an odd request... you mean it MUST be a Server based Firewall?
If that is an issue, get around it by going VMware and using vASA or vSRX?
...Skeeve
--
Skeeve Stevens - The ISP Guy
Email: skeeve at theispguy.com ; Twitter: @TheISPGuy
Blog: TheISPGuy.com ; Facebook: TheISPGuy
Linkedin: /in/skeeve ; Expert360: Profile
On Mon, Feb 23, 2015 at 9:09 PM, Sam Sarkis-UIP <ssarkis at unitedip.net.au> wrote:
Hi All,
I know this is strange but we have a specific requirement for a customer.
Does anyone know or recommend a firewall / UTM software that can be installed on an existing Windows, Redhat, SuSE, or Centos Server.
We would prefer a commercial package.
We cannot overwrite the existing os and have to work within any of the above mentions platforms only.
Kind Regards
Sam
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150225/5c81d821/attachment.html>
More information about the AusNOG
mailing list