Networking

Will an open source router replace your Cisco router?

How do Vyatta's open source routers stack up to Cisco? David Davis took one for a test drive to find out. Get the details on Vyatta's offerings, and get David's first impressions of using one.

Vyatta is an open source company that hopes to take the XORP (i.e., extensible open source router platform) and make it a commercially viable, enterprise-ready product. Pronounced "vee-atta," Vyatta wants to do for routers what Red Hat did for Linux and what Asterisk is trying to do with VoIP. (For some background, see George Ou's blog post, "Open source routers shine at Vyatta secret society.")

What does Vyatta have to offer?

Before we discuss the possibility of open source routers replacing your Cisco routers, let's examine who Vyatta is what this company has to offer. Using Vyatta, you can take a standard Intel PC or server and turn it into a router and firewall. All you need to do is download the Vyatta live CD image from the company's Web site and boot from it—no real install is necessary.

In my opinion, anything you want to do with a standard Cisco router, you can do with Vyatta for the most part, and you don't have to worry about the various Cisco IOS licenses. Here's a list of some of the standard features it includes:

  • Runs on any 32-bit AMD or Intel processors
  • Supports various Ethernet speeds including Gig-E
  • T1 and T3 cards
  • Supports IPv4, IPv6, RIP, OSPF, BGP, and static routes
  • Acts as a DHCP server and relay
  • Ethernet, PPP, Frame-relay, HDLC, and 802.1q VLAN
  • Stateful firewall, NAT, site-to-site VPN, and RADIUS
  • VRRP and redundant power supplies in the server
  • Syslog and SNMP2c
  • Can use Ethereal (now Wireshark) to view packets going through the router
  • CLI, Web-based interface, Telnet, and SSHv2

The Community Edition—the standard Vyatta version—is free. However, there's no support included, and bug fixes are available only every six months.

Vyatta also offers the Professional Edition (starting at $497)and the Enterprise Edition (starting at $647) if support and priority bug fixes are necessary. You could use standard PC/server Ethernet cards (make sure they're supported), and you can buy the T1/T3 cards (or Ethernet cards) from Vyatta.

Of course, Vyatta also sells router appliances (i.e., servers with the Vyatta OS already installed). Starting at about $1,800, the appliance includes a Dell server, support, and the Vyatta router OS. This is much less than a comparable new Cisco router.

First impressions

While it's too soon for me to compare the full production functionality and features of Vyatta to a Cisco router, here's my initial experience with the Vyatta product. I downloaded the 96-MB file from Vyatta's Web site.

The site offers a video demo of using the software, but I bypassed that for now. According to the Vyatta Quick Evaluation Guide, I should be able to get the software running in about 30 minutes—let's see if it's right.

I used VMware Server to create a new Linux virtual guest OS on my Windows XP machine and set the Vyatta ISO as my boot CD. The Linux machine booted right up and ran. Figures A and B show some screenshots:

Figure A

Figure B

I logged in using the default username of vyattaand the password vyatta. Next, I typed configure and then set an IP address on the Ethernet interface using the following:

set interfaces Ethernet eth0 address 10.253.210.210 prefix 16
set service http
commit

To view the command, type exit to go back to > prompt, and then type show.

One important thing to remember about the Vyatta router is that you can't make any changes to the router until using the commit command. (Like Cisco routers, you can use the [Tab] key for automatic command completion, and you can type ? for help. You can also use Cisco command-line shortcuts such as [Ctrl]W to delete the word before or [Ctrl]A to go to the beginning of the line.) There are two modes: regular Show mode (at the > prompt) and Configure mode (at the # prompt).

To try out the Web interface, I opened a browser and put in the IP address I had configured on the Ethernet interface. I was surprised at the number of tools the Web interface featured and how user-friendly it seemed. It boasts performance graphs on the screen—and even a subnet calculator in the Tools section. Figure C shows a screenshot from the Web site.

Figure C

By using VMware, I was able to get this new router up in less than 30 minutes—as promised by the evaluation guide. In fact, half of that time came from downloading the file. In addition, I ended up reading some of the guide to learn the default login and the basics of the user interface.

In my opinion, Vyatta shows a lot of promise. While I'm not recommending throwing out Cisco routers in favor of Vyatta just yet, spending 30 minutes to familiarize yourself with what it can do is a smart idea.

Are you familiar with the Vyatta open source router? What's your take on open source? Would you use an open source router on your network? Share your thoughts in this article's discussion.

Miss a column?

Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

51 comments
bstiff929
bstiff929

I don't see this software being too different from Juniper's JunOS, which, similarly, is routing software that runs on top of some flavor of BSD. The feature list looks similar to JunOS, as well, including VRRP, Juniper's availability infrastructure. I haven't spent much time with the CLI on the Vyatta LiveCD that I downloaded and set up on VMWare, but the CLI looks very similar to JunOS's, including the formatting of the configuration. I wonder if the "stateful firewall" is as limited as that of JunOS 8.x's, and where's the QoS? I could see this being able to compete with JunOS, but it's got a long way to go before it can compete with the capabilities available in Cisco's IOS.

hydershaik
hydershaik

Can throw cisco, but marketing matters here. in today's IT world, if we say "rounting" means we are talking about cisco!! yes, but if vyaatta can show some tremondous success. then, it depends.

markh1289
markh1289

It covers no more than the demo & the demo is much more 'real-life' & useful.

jeffrey.l.maxwell
jeffrey.l.maxwell

Yes the opensource router OS looks very good and promising, but Juniper networks and their linux based OS has been available for some time. I've worked on Cisco, Juniper, BayNetworks, Nortel, and Ascend/Lucent data networking equipment and found Juniper to be very easy to install, program, and monitor network resources. Thanks for bringing this issue and product to light.

josipogo
josipogo

But, What in a case if you type for example, to enable rip protocol on router, set... and you click ENTER and commit. In my case command that enable rip on router was not type correctly, after type commit router report error, but when you show config in configure mode under the protocol, rip is there. Funny, after that type no in front of set... Nothing happend, one more funny thing. Question, how to disable previously typed command.

confused_15
confused_15

This seems to be yet another extension of the Linux Router Project. There are many different flavors out there now days. One even boots and runs from a floppy disk. If it is still around it was called 'freesco' meaning free Cisco I think. I used as a core router in our network several years ago, it came in pretty handy when money was tight. Thanks for the article David it's nice to be kept up to date on what's going on in the open source world.

djdawson
djdawson

I'd looked at Vyatta's web site in the past and thought their router seemed a little too basic at the time, but after seeing this article I figured I'd check it out in more detail. I've downloaded the Live CD and booted it up and have done some very basic testing. Here's what I've found so far. The "firewall" isn't really a firewall, but a simple packet filter (it's not stateful). It also has a disturbing limitation in that you can't specify arbitrary protocol numbers, but can only pick from the list of protocols.. So, if you want to filter a protocol not on the list you're out of luck. I also couldn't find any mention of VPN support at all, though the forum pages have a poll for what sort of VPN technologies users would like added. The Live CD doesn't seem to include Ethereal (or Wireshark), even though the web page says it does (perhaps it's in one of the non-free versions). My guess is you'd have to use the "package" feature to install it just as you would with a generic Linux system (Vyatta seems to be based on Debian). The web interface looks nice, but is rather slow and awkward to use at times. I also noticed that the "Network In" and "Network Out" stats were woefully inaccurate, claiming there had been hundreds of megabytes of in and out traffic during about 15 minutes over the one interface I had configured. The only traffic going across it was my web interface traffic. I checked the interface stats for the Cisco 3560 port it was connected to and they were more normal. In general, there is a distressing lack of debugging and show commands, which is the single biggest differentiator between Cisco boxes and other cheaper vendors, such as Adtran and Tasman (now Nortel). Support for a particular feature set is only part of what's important in an enterprise router. To be truly useful, you need to be able to see what's going on when things aren't working, and Cisco is head and shoulders above any other vendor I've seen in that regard. So, while the Vyatta software seem like a good start, in my mind it's not ready for enterprise use. It might not be bad for home use, but for that I'd be more tempted by the Astaro security gateway software, which is also free for personal use and has many more security features. Just my 2?. Dana

ccontrerd
ccontrerd

I really believe that this will be the future of a lot of technologies, making all this open in some way to avoid any kind of monopolic price abuses in the future. One issue here is that here in Latin America we use the European CIT WAN standards, this are E1s, E3, etc so, I think that a very profitable market will result if they decide to introduce this kind of interfaces since one of main LA countries driver to win projects is price. Something to think about....

jason.williams
jason.williams

However, Cisco is a tried and true option. You get what you pay for. I have the utmost confidence in Cisco. Not saying Vyatta can not do the same. I just need more feedback. I can see this being a viable option for small companies, but when you are in larger companies, need to bring out the big guns. :) Just my 2 cents.

viccuranovic
viccuranovic

This is something to definitely get into. As well as a Firewall, I like the idea that an older machine can run it and do all this. I was using Smoothwall Firewall (Open Source too) which was pretty good, but lets see what this can do. This is something that should be good if it catches on.

viccuranovic
viccuranovic

This is something to definitely into. As well as a Firewall, I like the idea that an older machine can run it and do all this. I was using Smoothwall Firewall (Open Source too). This is something that should be good if it catches on.

chris.schock
chris.schock

While open source routers are not new, this does appear to be the most promising. Thanks for the article, it was very useful. Looking forward to the next part.

georgeou
georgeou

I told them that more people are familiar with Cisco IOS.

Dumphrey
Dumphrey

has made graet progress in its releases. I first noticed it at ver .95, and then at 1.01. The current release is less then one year latter, and years ahead in features. the "basic" web config screen for example was a great addition. it may have been in ver .95, but I never found it. I have to admit, that all I did was use it at the house, I spent a week or so useing it, but then switched back to my 871. I switched back mainly because I had the vyatta running on an athlon64 3000+ gameing machine (my only spare) and its kinda loud =\ So Vyatta may not be ready for the enterprise, but many small buisnesses and home users can benefit from it already, and the also offer paid support and preconfigured hardware solutions.

georgeou
georgeou

This is just a "first impressions" article and judging by the response, many readers appreciated it. Not every article can or has to be groundbreaking, many people have never heard of Vyatta before.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

Thanks for the review. Posts like this are one of the main reasons I read the discussions. Bill

shardeth-15902278
shardeth-15902278

I am curious how this compares. I don't think Mikrotik is open, but it is BSD based. We started usigng it to save a small fortune on cisco gear, and in the process discovered it knew some tricks that Cisco didn't when it came to highly available routing. At any rate, nice to see some reasonable alternatives.

murilo.coutinho
murilo.coutinho

I agree with Chris. Open source routers are not new and I remember one with similar commands to the IOS. While it can definitly help small companies, (I've tried Coyote Linux and it works fine) there're lots of things to consider like DDOS attacks etc...

wbaltas
wbaltas

This article was a good start, but I'd like to see more in the ways of performance, and complex configurations. Configurations using QoS, Routing using different routing protocols (BGP, OSPF, and static routes for example). Also, what is performance like. You can put a 1GB card into a server, but where does that card saturate. Finally, this might be a viable alternative to Cisco or any other router vendor, for a small company or a startup, but in an organization with several hundered routers, it is difficult to change. Also, many companies run the Cisco EIGRP routing protocol. Is is possible to support EIGRP with a non-cisco router? Bill Baltas

compughter2000
compughter2000

I think this shows lots of promise and can't wait when they go IPO. I will invest. If they offer certification training I would attend.

IT cowgirl
IT cowgirl

I agree with Chris, this looks like a viable alternative. This may be perfect for home use rather than a D-Link or Linksys. If it handles VPN OK, it may be a great alternative for a person working from home.

Kevin W. Graham
Kevin W. Graham

In advance please excuse my language but what was the point in starting this discussion when you could have replied to the previous one [EDITED BY MODERATOR]. Rather than posting pointless threads could you please take your [EDITED BY MODERATOR] elsewhere.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

Junos is not open source and requires a call to a salesperson to get a quote. I wouldn't consider this in the same class as Vyatta, rather I would consider it a mature commercial product. Bill

tedc
tedc

I wouldn't think the Vyatta software would exclude the E3 support when the card supports it in hardware.

georgeou
georgeou

EIGRP is Cisco only. There's no reason you can't run OSPF on your Cisco gear.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

EIGRP is a proprietary protocol so you would have to get licensing from Cisco to use it. I am pretty sure you wouldn't be able to use it on a free version and I personally doubt that Cisco would license it in a cost effective manner because it would complete with their products. Bill

No User
No User

But you just gotta love the concept. Anyone have info on Open Source VOIP solutions? I'm all for Open source. Both camps have their strengths and weaknesses and it makes good competition. You don?t want an 800 pound gorilla being the only player. No matter what, it is always good to have viable alternatives.

karsten.breivik
karsten.breivik

Vyatta seems very interesting. What sets it apart from other open source offerings are the Show mode and Configure mode similar to the professional routers. Definitly an offering to follow and try out! Have run both Smoothwall and IPCop for a couple of years now. They are OK, but somewhat limited and does not lend themselves to the more advanced needs. I am currently using pfSense based on m0n0wall/FreeBSD, which run in circles around both. Test if you'd like four or more interfaces, clustering, VLAN's, captive portals and reals network terms not homegrown ones like "DMZ pinhole".

NIPSTech
NIPSTech

I've been testing ipcop for a few days now. http://www.ipcop.org/index.php So far it seems to do much better than the Netgear FVS318 that I currently use here at home, which has a limitation of 16 filters that can be applied and allows all traffic out of the LAN.

claessen.frank
claessen.frank

Hi all, The title of the article is very enticing, but there are no answers yet whether we can indeed replace the ciscos with the vyattas. There should be extensive labtests first and then some tough field tests before we can draw any valuable conclusions. My personal experience with open source software routers is very positive I have to say. Our school uses a smoothwall firewall and we are very satisfied with it. Only drawback so far is the lack of supporting 2 WAN ports. It can be done, but then we have to go into IPTABLES direct. Cheers Frank

m.reza.ast
m.reza.ast

hei mr. lord....jangan mentang2 begitu. setiap orang boleh mengemukakan pendapat dia. anyway he's starting a good thread thanks to your comment.

Mr.Wiz
Mr.Wiz

for language such as yours. If you can't contribute something positive, then keep your thoughts to yourself - along with your comments.

scotts
scotts

Go far away and take your language issues with you. People make mistakes... Whether he created another thread and did not need to is no reason to start with the name calling... Thank you Mr. High School :)

mark
mark

Yeah, what's up? Why so angry? Take a pill, go brush your teeth.

midnightriderz
midnightriderz

Your post is tastless and provides maeningless feedback. Take tour typing tantrum elsewhere and when you grow up, come back.

Dumphrey
Dumphrey

route summerization, I really dont see the problem. OSPF is pretty easy to use, and creating multi-area systems creates the borders you need to summarize. I will admit that adding another area does create a little more upfront work for the config, but once its done its basicly cookie-cutter on all the rest of your network. At this point, your network is open to replacement parts from any company, not just CISCO. Not a huge perk, but you never know. I guess it really just comes down to I just like OSPF =)

georgeou
georgeou

The same applies to running Cisco proprietary switch trunking because it's a little more granular than 802.1q. However, interoperability is important. Proprietary stuff like Cisco EAP-FAST on the other hand makes zero sense at all.

djdawson
djdawson

The biggest reason people run EIGRP is that you can just turn it on and it'll work pretty well without having to worry about areas, DR & BDR routers, etc. Also, EIGRP can summarize routes at any interface, whereas OSPF can only summarize at an area boundary. Admittedly most users don't summarize at all, but if you do this is a nice feature. Overall, however, there aren't many big advantages to EIGRP, so that fact that it's Cisco proprietary often makes OSPF the better choice.

Dumphrey
Dumphrey

Im not sure why you would want to run EIGRP instead of OSPF. There are probably reasons, but they elude me at the moment.

mpiazza
mpiazza

I wouldn't count on Cisco EVER allowing anyone to use EIGRP. Just redistribute EIGRP into OSPF. More complexity = job security :) Seriously, if you have a large production environment, standardization is important so you may want to consider staying with the 800 pound gorilla for now. BUT - I'm grabbing a copy of this and checking it out for sure! looks VERY cool...

karsten.breivik
karsten.breivik

ups - a bit quick there. I think it is only integrated with OpenWRT.

karsten.breivik
karsten.breivik

Note that Asterisk is also integrated in the OpenWRT and dd-wrt wireless router operating systems. For a department you'd propably use a real x86 based machine, but for a couple of users the small wireless routers or a wrap platform could perhaps be enough.

wbaltas
wbaltas

I also love the concept of open source. I've been using firefox, linux, and wireshark/ethereal for several years. I'll be evaluating zenoss in the next couple of months, and I think an open source router is great. But I want to see an evaluation of the product in complex environments. If you are looking for an open source VoIP solution, look into Asterisk at http://www.asterisk.org. This is the product that Sam Houston University is using see http://www.networkworld.com/news/2006/091206-von-sam-houston.html?t5 Bill

No User
No User

For the URL. Free too you can't beat the price.

Tig2
Tig2

http://www.asterisk.org/ While I reserve judgment about the penetration of open source, I think that the mindset that has developed in the past 20 years is keeping people from considering that there really are viable alternatives to the 800 pound gorilla. Not only are there viable alternatives, some are really more desirable as they force us to think more flexibly.

SGS_GTI_JAY
SGS_GTI_JAY

Although Vyatta is looking promising for routing i don't believe they will be able to compete with Cisco on the Switching side of things. You may be able to run a PC as a router and run it quick but in an enterprise network you heavily rely on switching technologies within the LAN atleast and the amount of Switching fabric within any enterprise class switch would far exceed what you could do on a PC. I think along with many other's some facts in numbers with side by side comparison would be extreemly valuble with really seeing how both side's match up or excell between one another. And just a little FYI for the previous firewall / gateway posts - check out Untangle .. http://untangle.com

charincol
charincol

including those listed above (not the one in the article), pfSense is IMO the best of the free ones. There is little that it can't do. It is very stable and mature at version 1.0.1 and there are numerous packages that are actively developed for it. It is a very viable enterprise solution. My favorite for a low-end PC is one called BrazilFW. It can run off of a floppy (if need be) or HD, and as little as a PI with 16 MB ram (PII with 32 MB and it's as robust as can be.) Both have excellent and easy to use Web configuration out-of-the-box.

Dumphrey
Dumphrey

IPCop box I set up, and it is much better then just about any consumer grade router out there. By using a crossover and a linksys wireless AP, I can run all wireless through the IPCop as well. (Adding a wireless PCI card would work as well, but support is not as good). I still use my cisco 871, but when IPCop incorporates open VPN and clamav by default, I will buy that dern micro atx I have been eyeing and build a permanent box to go into live service.

william22
william22

I downloaded the ISO File, installed it on an old PC, set up the green and red zone information and then left it alone. It has now been running for several months as my office firewall with no problems. I can recommend it.