Vyatta Open Source Router

Terry Slattery
Principal Architect

Brad Reese, who writes for the Network World Cisco Subnet called today to ask if I had seen the Vyatta press release that they have released a new version of their open source routing software, with the claim “The Vyatta software combines router, firewall, and VPN capabilities into an integrated solution that delivers twice the performance of proprietary network solutions at half the price.”  That’s a pretty interesting statement if you know router hardware architectures.  The press release goes on to say “We have proven the performance and reliability of our open-source networking solution in large, demanding networks, making Vyatta a no-brainer alternative to over-priced, inflexible, proprietary products,” said Kelly Herrell, CEO of Vyatta.

Cisco has spent a good deal of money making their routers go fast.  A key component of their technology is to make sure that the router’s CPU seldom has to look at the packets.  When the first packet of a flow enters the router, the CPU determines the outgoing interface to use and loads that data, as well as the interface media header, into a cache.  Successive packets match the cache entry and are quickly forwarded by the hardware — the CPU doesn’t get involved in forwarding them.  This is typical of the high-end Cisco routers, which I find curious about the claim of performance in large, demanding networks.

Vyatta has a whitepaper by the Tolly Group comparing* their open source router with the Cisco 2821 ISR (Integrated Services Router), which is a low-end router (though not the lowest).  For small remote site use, it may well be acceptable to use the Vyatta router, provided you don’t also need a local switch and voice capability, which the ISR can provide.  Sure the Cisco is going to cost more.  If your interface is a set of T1s or similar speed links, then software based forwarding will work well (higher speeds are possible, depending on the hardware you use, as demonstrated in the Tolly Group comparison).  At higher speeds on bigger boxes, Cisco will win — it’s simply a game of moving packets between interfaces at the highest speed the hardware will enable.  And Cisco has the hardware at the high end.  You then have to look at features.

The configuration file syntax used by Vyatta looks similar to that used by Juniper, which is an interesting departure from industry norms, which typically favor a Cisco-like syntax so as to take advantage of the mass of people trained on Cisco.   The people who I know who have used the Juniper syntax quickly learn to dislike the Cisco interface, so that’s in Vyatta’s favor.

Some of the other features that I didn’t see listed in about 30 minutes of poking around the Vyatta web site and forums:  QoS, MPLS, and Netflow/sFlow/IPFIX.  I found a couple of instances of monitoring the Vyatta router, but nothing that indicated a good way to monitor the entire system (not just interface, CPU, and memory stats).  For example, visibility into QoS queue drops are critical to monitor in a VoIP network and flow data allows network administrators to determine who is hogging a busy link.  Both examples are important for monitoring how business processes are operating.  After all, it is the business processes that make money (or save money) for the organization.

Vyatta is gaining some customers, as is shown on their web site.  The question in my mind is whether they will be able to implement the features that customers need in order to be competitive with the likes of Cisco and the other router vendors (don’t forget about 3Com, Adtran, and the other smaller router players).  I’m curious just how big a network a single Vyatta can handle.  Leave a comment if you know of any big ones.


* The Tolly Group comparison was done with UDP packets, which would may not take advantage of a cache that the Cisco might use to improve the performance of TCP.  It would be interesting to see the same test done using a set of TCP flows.


Re-posted with Permission 

NetCraftsmen would like to acknowledge Infoblox for their permission to re-post this article which originally appeared in the Applied Infrastructure blog under http://www.infoblox.com/en/communities/blogs.html


Leave a Reply


Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.


Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.


John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.