[AusNOG] routeros v Vyatta

Wed Jan 29 20:48:19 EST 2014

Related question; anybody used and can recommend any Vyatta/VyOS based hardware routers that can push ~100mbit of ipsec (bonus points for hardware crypto)?

I'm a big fan of Vyatta/VyOS, and deploy it successfully within VMWare, but there are scenarios where a physical/dedicated router is desired.  I've investigated Brocade's commercial appliances but it appears they're completely dropping the ball by neglecting their community edition (which is why I'm very glad VyOS exists).

Ubiquiti forked Vyatta a few versions back into "EdgeOS" and have their own "EdgeMAX" products now, which does do some hardware crypto and their routers are amazing bang for the back, but I'd still positively describe the devices as "beta".

R

----- Original Message -----
On 01/29/2014 02:05 PM, Alex Samad - Yieldbroker wrote:
> Hi
>
> Been using routerOS for nearly 6 months, like the interface and cost :)
>
> But I am now running into limitation in routing speed, I can't seem to push them past 1Gb/s running them on ESX 5.5 with the e1000 driver, I am looking into trying the e1000e driver there is some hope I might be able to get more than 1G.
>
> So I come back to the list to find out if people have been using Vyatta and how they find it.  How does it compare to routerOS.
>
> Key features I am looking at
>
> OSPF
> BGP ... including filtering etc etc
> Firewall
> Routing

Hi Alex,

My take: Vyatta is more stable and offers better customisation, RouterOS 
concentrates on cramming features in.  Which approach you prefer depends 
on your requirements.

I very much prefer Vyatta Core (actually, the VyOS community fork [1]) 
to RouterOS, mostly because I like the interface better, and the Linux 
underpinnings are exposed (including standard Linux shell scripting and 
the like).  Not only that, with VyOS there are full instructions for 
customising the distribution to exactly your requirements.

I haven't pushed the performance hard yet - the most I've done is 
saturate a 100 Mbps Telstra fibre from our head office to our data 
centre through an IPsec tunnel, but soon I'll be pushing up to 1 Gbps 
between data centres.  I expect this to go very well with modern 
hardware.  Brocade claim that they can get up to 40 Gbps in a VM using 
their proprietary Vyatta Subscription Edition, which implements hardware 
offload on recent Intel CPUs.  Have your American Express card handy.  
Ubiquiti claim that they can get 1 Mpps on their EdgeOS (forked from 
Vyatta) devices, which include hardware offload as well.

The OSPF & BGP implementation in VyOS is based on Quagga, so it's single 
instance only.  This usually isn't a problem with virtualised routers, 
but it's a limitation that RouterOS overcame in recent versions.  
However, the OSPF implementation is more stable in my opinion.  In one 
RouterOS OSPF deployment, I spent weeks trying to troubleshoot a tricky 
problem with LSA propagation and ended up spitting the dummy and just 
overriding the behaviour with a static route.

I've found BGP on VyOS does what I need it to, but I have a very simple 
BGP setup.  It has all the standard route-map and prefix-list features, 
and I've been told it has no problems keeping a full table, although I 
haven't done it.

The zone-based firewall on VyOS has kept up to speed with everything 
I've asked of it.  At one client I've developed firewall generation 
scripts that we use to maintain about 30 VMs with a very small number of 
spreadsheets.

Regards,
Paul

[1] http://vyos.net/ -  They forked Vyatta Core because Brocade seems to 
have basically stopped work on it to focus on their proprietary version.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog