[AusNOG] SPAM-LOW: Re: SPAM-MED: Re: Firewall

Tim Raphael raphael.timothy at gmail.com
Wed Feb 25 12:34:47 EST 2015


"Fairly stable" being my key point - I've come across many a bug that can't
be worked around nor explained. The developers are community backed and
doing a great job by I get the impression the quality isn't quite at the
same level as the commercial offerings. For a free product though, it is
rather good.

The Cisco CSR1000V isn't as pricey as you might think, same with the vSRX.
I can't comment on NX-OSv or vMX however. There might be other methods but
none so far offer a decent level of support, regular and predictable code
releases and advanced features beyond basic routing / NAT / firewall / VPN
- think along the lines of EVPN, VPLS, VXLAN and other emerging and
developing technologies.

- Tim


On Wed, Feb 25, 2015 at 9:23 AM, Kristoffer Sheather @ CloudCentral <
kristoffer.sheather at cloudcentral.com.au> wrote:

>
>
> ------------------------------
> *From*: "Tim Raphael" <raphael.timothy at gmail.com>
> *Sent*: Wednesday, February 25, 2015 11:38 AM
> *To*: kris at cloudcentral.com.au
> *Cc*: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
> *Subject*: SPAM-LOW: Re: [AusNOG] SPAM-MED: Re: Firewall
>
> Network Function Virtualisation (NFV) is becoming a bigger and bigger deal
> with support for x86 in Cisco, Juniper and many other vendors improving by
> the week.
>
> > Certainly is.
>
> VyOS (formerly Vyatta) I know is in use by a lot of cloud providers as it
> provides a fairly stable platform for basic routing / firewall / VPN
> termination but I wouldn't want to run "core" network roles on it.
>
> > Why not?
>
> VMWare and their NSX Edge Services Gateway is also looking to be an option
> for the cloud services space with quite advanced features aimed at cloud
> tenants wanting greater control over routing, firewall, load balancing and
> SSL VPN features.
>
> > Very nice, but pricey.  There are alternative methods to achieve the
> same end result.
>
> The offerings from Cisco (CSR1000V, NS-OSv) and Juniper (vSRX and vMX) are
> looking very promising also (licensing costs aside) for the possibility of
> running production network loads within x86 hardware.
>
> > Agreed, add the Brocade vRouter 5600 with Intel DPDK to that list, all
> of those options are pricey of course.
>
> Just my 2c.
>
> - Tim
>
>
>
>
>
> On Wed, Feb 25, 2015 at 6:25 AM, Kristoffer Sheather @ CloudCentral <
> kristoffer.sheather at cloudcentral.com.au> wrote:
>>
>> Yes, we are running Vyatta's for all of our sites.  The speed is quite
>> good (IMHO & YMMV).
>>
>>  Regards,
>>
>> Kristoffer Sheather
>> CloudCentral
>>
>> Mobile: +61 475 048 864 | Switch: +61 2 6160 7624 | Email:
>> kris at cloudcentral.com.au
>> LinkedIn: [image: View Kristoffer Sheather's profile on LinkedIn]
>> <http://au.linkedin.com/in/kristoffersheather> | Skype:
>> kristoffer.sheather | Twitter: http://twitter.com/kristofferjon
>>
>>  ------------------------------
>> *From*: "Alex Samad - Yieldbroker" <Alex.Samad at yieldbroker.com>
>> *Sent*: Wednesday, February 25, 2015 9:14 AM
>> *To*: "Skeeve Stevens" <skeeve+ausnog at theispguy.com>, "Sam Sarkis-UIP" <
>> ssarkis at unitedip.net.au>
>> *Cc*: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>, "
>> ausnog at ausnog.net" <ausnog at ausnog.net>
>> *Subject*: SPAM-MED: Re: [AusNOG] Firewall
>>
>>
>> Hi
>>
>>
>>
>> Interesting, I just went to VMUG yesterday, listen to a lot about NSX…
>> Previously tried to stay away because of the enterprise licensing cost, but
>> relooking at it again.
>>
>>
>>
>> I noticed nobody mentioned it in the hypervisor env
>>
>> Is anyone running soft routers (VMs/non Hardware) as an ISP/provider.
>>
>>
>>
>> I thinking you can’t beat silicon for pure switching … routing ?? and
>> then coupled with something further up the stack, does switching/routing on
>> the host of a hypervisor make more sense ?
>>
>>
>>
>> A
>>
>>
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Skeeve
>> Stevens
>> *Sent:* Tuesday, 24 February 2015 10:17 PM
>> *To:* Sam Sarkis-UIP
>> *Cc:* ausnog at lists.ausnog.net; ausnog at ausnog.net
>> *Subject:* Re: [AusNOG] Firewall
>>
>>
>>
>> Sounds like an odd request... you mean it MUST be a Server based Firewall?
>>
>>
>>
>> If that is an issue, get around it by going VMware and using vASA or vSRX?
>>
>>
>>
>>
>> ...Skeeve
>>
>>
>> --
>>
>> Skeeve Stevens - The ISP Guy
>>
>> Email: skeeve at theispguy.com ; Twitter: @TheISPGuy
>> <https://twitter.com/TheISPGuy>
>>
>> Blog: TheISPGuy.com <http://theispguy.com/> ; Facebook: TheISPGuy
>> <https://www.facebook.com/theispguy>
>>
>> Linkedin: /in/skeeve <http://www.linkedin.com/in/skeeve> ; Expert360:
>> Profile <https://expert360.com/profile/d54a9>
>>
>>
>>
>> On Mon, Feb 23, 2015 at 9:09 PM, Sam Sarkis-UIP <ssarkis at unitedip.net.au>
>> wrote:
>>
>>
>>
>> Hi All,
>>
>>
>>
>> I know this is strange but we have a specific requirement for a customer.
>>
>>
>>
>> Does anyone know or recommend a firewall / UTM software that can be
>> installed on an existing Windows, Redhat, SuSE, or Centos Server.
>>
>>
>>
>> We would prefer a commercial package.
>>
>>
>>
>> We cannot overwrite the existing os and have to work within any of the
>> above mentions platforms only.
>>
>>
>>
>> Kind Regards
>>
>>
>>
>> Sam
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150225/df02afd0/attachment.html>


More information about the AusNOG mailing list