Due to recent buzz about open source routing company Vyatta‘s amazing ability to procure funding, we began wondering why they’re getting so much attention. We have been monitoring their progress for the last year via their Secret Society letter (a.k.a. mailing list), and their software routing solutions certainly seem wonderful, so let’s take a deeper look.
Vyatta OFR, Open Flexible Router, is a software-based routing solution for small or medium sized networks. OFR comes in the form of a CD-ROM image, and can be run without actually installing the OS. It’s a live-CD, so you just boot and go. Of course, it’s very trivial to install the Linux-based OS to persistent storage with the "install-system" command.
Vyatta’s router is a Linux distro based off of XORP. OFR is capable of providing DHCP services for all your clients, NAT’ing them, and of course taking care of all your routing needs. Well almost; more on that in a second.
Setting up a Vyatta router is nearly as easy as configuring a home model Linksys. The OFR is much more capable, however, so there’s a bit of complexity that needs to exist. Anyone familiar with router configuration (not IOS, Vyatta’s commands are "set" based) can feel right at home in the "xorpsh" shell.
Vyatta’s OFR is a completely software-based solution. This means that you’ll be installing it on a commodity x86 machine. Two things to consider here are the dramatically increased MTBF and the idea of "forwarding in software."
Installing a router onto commodity hardware with (gasp) spinning hard disks will dramatically increase the likelihood of failures. It is possible to install OFR onto solid-state media, such as a Compact Flash device. OFR does support VRRP, so you can set up redundant routers to combat the MTBF issues. Oftentimes people tend to throw older, used PC hardware at their router tasks. Routers should actually be composed of the best gear you can get your hands on, but if some amount of downtime is tolerable, and you use VRRP, it’s probably acceptable to use the dust-collecting surplus gear.
There’s no getting around the software aspect of it though; Vyatta’s software product isn’t for high-speed links. Hardware routers cost money for a reason—ASICs are expensive. The OFR should be able to provide routing for up to a few hundred megabits without any problems. Do note that all software-based solutions will suffer from added latency, as much as 5ms or more, depending on numerous factors.
To its credit, OFR is capable of running the main three dynamic routing protocols: RIP, OSPF, and BGP. The great part about a software-based BGP router is that the memory is expandable. Since 128MB isn’t enough RAM to hold a full Internet routing table any more, you can simply slap in another DIMM and be good to go. Real hardware routers aren’t so flexible (Open Flexible Router, get it?). There are some entities who get an entire BGP feed yet don’t run more than a OC-3 connection, so a software solution could work quite well for them.
Software-based routers have other advantages too. If you venture to roll your own solution, you can fashion any type of firewall rules you want. You can even add traffic shaping capabilities when the need arises. It isn’t wise to overload a router with other duties, but being able to install various pieces of software can be quite handy. VPN connectivity is at your fingertips as well—just install the right software.
Right! What about VPNs, you ask? OFR does not support remote access VPN connectivity, but it does have support for IPSEC configured as a site-to-site tunnel. Unfortunately, this isn’t available in the free version. Of course it’s a high-demand feature. Vyatta is a company, and they want to make money. Very few companies survive by being nice to the OSS community. It’s sad but true. [Please see the correction below – Ed.]
To configure a VPN server for remote access the best bet is to go with pfSense, m0n0wall, or Shorewall. These are all truly open-source. Of course rolling your own setup with Linux or FreeBSD works too, but the nice GUI tools included with these products makes it much more enjoyable and quicker to configure.
The really great thing about using either the free or non-free version from a well-established company is that you know it’s going to work. Furthermore, the documentation will actually make sense. Vyatta comes through, as expected, in both the functionality and documentation areas. Everything the documentation says correlates directly to what the software actually does. This is rarely the case with OSS packages. Vyatta’s documentation even adequately explains the concepts, so if you need that, it’s there.
Convenience is great, but the other reason for using software-based routers is for features. They are fully capable firewalls, routers, VPN devices, and more. Most sites only wish they had OC-3 connectivity, and anything more probably means you’re an ISP or hosting provider. It’s worth noting that software routing is quite limited, but probably not applicable. The market is huge, and we fully expect to see more software routing products in the future.
Annoyances about withholding features aside, Vyatta’s OFR is really interesting and functional. Vyatta also offers appliances and support contracts, for those who want a pre-configured solution.