Vyatta – customized linux software bundle for routers and firewalls

01:13 PM | by Ivan Kudryavtsev |

SOHO and SMB often use different solutions based on Linux operating system. There are different applications of linux can be found – routers, firewalls, VPN servers, domain controllers, web and database servers.

GNU/Linux software includes different software packages which cover almost any needs of the business for free. From the other hand, GNU/Linux is very flexible system so it allows to build custom configurations and solutions. One can found that certain task can be solved in couple of ways depending on system administrator quality and personal preferences.

This flexibility in approaches (there are many ways to do it) is not a plus in some cases. Below I will discuss the use of GNU/Linux for routers and firewalls. Telecom vendors had realized the fact that telecommunication hardware appliances must be configured in unified way which is specified by vendor. Even if the appliance is configured by several persons and the configuration changed from time to time, the man who knows how to configure the appliance line will be able to configure certain appliance with no difficulties.

Unfortunately, when certain common purpose GNU/Linux distribution is used to create sophisticated router or firewall there is no single unified way for network configuration provided by vendor (actually no “must-use-way”). There is no single console which handles all the commands and network features, but a lot of isolated services with custom configuration files.

Last years there are different Linux-based solutions created especially for network appliances occured. I want to present one of them, which is deployed in our production environment and function well. Vyatta is based on Debian distribution which means long term support and stable packages. The major features of Vyatta are

  1. created for routers and firewall (borders, BRAS, shaping/policing);
  2. single ios-like console with command autocompletion;
  3. static and dynamic routing support (BGP, OSPF, RIP, RIP2, source-based routing);
  4. network statistics export in NetFlow format;
  5. L3 VPN (IP-IP, PPtP, OpenVPN);
  6. Debian APT support
  7. Full featured support of iptables, linux ip/tc;

Vyatta is linux, but very special linux. The main advantage is single, unified approach to configure the system. This means that any system administrator who is familiar with ios-like console and Vyatta will be able to understand the configuration and change it. Extensive configuration documentation allow to find requested information fast. The configuration is applied in transactional approch where administrator must do “commit” or “rollback” operation if he wishes to apply or cancel settings.

Vyatta is free for use, lifecycle is mature and stable. We could recommend it to use in your production environments.

You must be logged in to post a comment.