[AusNOG] Is VyOS dead? What is everyone using for virtual routers/firewalls?

Ross Marston Ross at ramtech.net.au
Wed May 3 14:54:44 EST 2017


Notwithstanding some short comings in some areas, pfSense is still a great option.  
With OpenBGPd installed you can even play some tres serious BGP games if you want.  A lot of the packages are pretty good.  The good folk over at electric sheep fence also have a gold support package available that works pretty well.
As for Multicore issues, I am not sure on current status though.
Strongswan now standard component in the last year or so also.


Regards
Ross Marston  
_______________________________________________________


-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Andrew Thrift
Sent: Wednesday, 3 May 2017 1:59 PM
To: Joseph Goldman <joe at apcs.com.au>
Cc: ausnog at lists.ausnog.net; Nathanael Bettridge <nathanael at prodigy.com.au>
Subject: Re: [AusNOG] Is VyOS dead? What is everyone using for virtual routers/firewalls?

Mikrotik have already re-written major components of RouterOS v6 to
make use of the modern multi-core architectures.   e.g. PPP now scales
connections across all cores while supporting FastPath, as do EoIP/GRE.

The next "major" release of RouterOS will bring a new Kernel with associated improvements, as well as a new "ground up" routing engine.
It is well behind schedule, and Mikrotik have stopped giving out ETA's on a beta release.

In regards to 2).  Mikrotik CCR's will already forward TCP sessions at wirespeed as long as they are eligible for FastPath forwarding (similar to CEF on Cisco).
See https://www.youtube.com/watch?v=l2kMAxzHNFY for more information on FastPath.


Regards,



Andrew

On Tue, May 2, 2017 at 8:49 PM, Joseph Goldman <joe at apcs.com.au> wrote:
> Mostly a re-write of a lot of core processes to bring them much more 
> multi-threaded, to utilise those massive core count CCR's.
>
> Biggest complaints atm from my understanding:
>
> 1) BGP processing, bringing in massive amounts of routes and parsing 
> over them is single core to an extent
> 2) TCP streams seem to be limited based on a single CPU pushing 100% 
> and allowing 1gbit through (single stream limitation)
>
> Not sure if these are fixed or just workarounds put in but these were 
> big 'coming in V7' features.
>
>
> On 02/05/17 17:04, Alex Samad wrote:
>
> Hi
>
> Nice try but supposedly there is a new kernel release in V7 and some 
> features can't be fixed in V6 ...  Well atleast thats what I have been 
> told....
>
> A
>
> On 2 May 2017 at 16:00, Nathanael Bettridge <nathanael at prodigy.com.au>
> wrote:
>>
>> I get the impression v7 is used as their dev platform at this point.
>>
>> MT will tout something as coming in v7 and you’ll after a while see 
>> it incrementally rolled into the v6 releases.
>>
>>
>>
>> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of 
>> Joseph Goldman
>> Sent: Monday, 1 May 2017 5:14 PM
>> To: ausnog at lists.ausnog.net
>> Subject: Re: [AusNOG] Is VyOS dead? What is everyone using for 
>> virtual routers/firewalls?
>>
>>
>>
>> Since people seem to be able to quantify progress on vyOS - I'd say vyOS.
>> ROS v7 is still in myth status at this point.
>>
>> On 01/05/17 16:54, Alex Samad wrote:
>>
>>
>>
>> On 1 May 2017 at 13:06, Brad Peczka <brad at bradpeczka.com> wrote:
>>
>> If you're looking to pay for a product, the Brocade vRouter is well 
>> worth a look.
>>
>>
>>
>> Otherwise - vyOS is far from dead and buried, but rewrites take time 
>> and there's only so many hours in a day. As someone else has said, 
>> the IRC channel is quite active and there's definitely progress being made.
>>
>>
>>
>> Regards,
>>
>> -Brad.
>>
>>
>> Wonder what will come first ROS V7 or vyOS rewrite ?
>>
>>
>>
>> A
>>
>>
>>
>>
>> _______________________________________________
>>
>> AusNOG mailing list
>>
>> AusNOG at lists.ausnog.net
>>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________ AusNOG mailing list 
>> AusNOG at lists.ausnog.net 
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog


More information about the AusNOG mailing list