Vyatta isn't the biggest dog in networking gear — but it's a wee terrier with a distinct mean streak. The firm got its teeth planted firmly into Cisco's hindquarters from the get-go, and isn't about to release any time soon. The company claims its open source router/firewall/VPN code put into x86 systems beats out Cisco on price …
Most folks in networking will tell you that latency is a very key attribute of something like this. The whitepaper required a login, which I declined, but what does it say about their latency compared to the Cisco gear?
Learn the power of route aggregation...
TBH it doesn't impress: my experience is that unless you're doing something darned stupid your routing-table should never include 4.5million routes!
And only 3 ports in the second test? C'mon! What's that?A primary path, a fallback, and a link to a firewall. Hardly the sort of thing most people would be speccing a 720x router for...
Let's see them stuff their IBM PC with a fistful of GigabitE cards and run them *all* full-speed... and stick some access-lists and policy-based routing on it too - *that* would be a proper comparison to a 720x
I doubt they match the feature set.
Routing on ethernet has always been something that a open system could handle pretty well. Purpose-built routers however, particularly Cisco, have a massive feature set and a variety of WAN interfaces you can install. You have to figure in the costs of somehow bridging your DS3 or whatever you have to ethernet before you can use this commodity hardware to route the packets. Pure ethernet routers just aren't that useful.
Another Tolly Group masterpiece
I *really* like the look of Vyatta in the right environment, and hope to experience it in the pretty near future, but as soon as I hear mention of the Tolly Group I feel no point in going on. what a surprise, highly dubious comparisons and illogical arguments.
If you want to be taken seriously in line with Cisco, you need to be water tight and squeaky clean, and I've never seen anything from Tolly Group that comes even vaguely close to it. Shame.
That does not appear to be addressed in the white paper. I'll see if Vyatta has anything to say about it.
You should be able to download the white paper here: http://www.vyatta.com/documentation/whitepaperdl.php?q=VSCISCO
Yes, yes, that's all well and good until you want to plug in anything other than Ethernet or you want to push >500,000 packets per second over those interfaces. Routers powered by Vyatta won't stand up to a Denial of Service attack on the edge your incoming interfaces are 1Gbps or 10Gbps.
If you take a peek at their support and SLA documents too, they suck. Whilst you might get a dodgy engineer or two whilst asking TAC questions, you can ask for your case to be reassigned and are not required to give reasoning. They're fast, efficient and know a hell of a lot about their product.
Throw in features any modern service provider needs like access controls, or try to do stuff on Vyatta like you'd do with NBAR and you'll be disappointed. Budget limitating you to $10,000 or under? Get yourself a Juniper J-series. Similar port density and they're a decent enough product.
If the guys over at the Tolly Group wanted to compare Vyatta to a 'real' router they should have picked up a 6509 or 7609 -- except they didn't... Why? Answering that is a piece of cake - it'd wipe the floor.
Except that ....
Not that I'm on the side of Tolly by any means, but 6509s and 7609s are technically layer 3 switches (not "real" routers) and are optimized for core infrastructure networking (like large-scale corporate networking), as opposed to the 7200 series, which are routers designed for edge ops. Also, a gray market 6509 is about $65,000 USD, which is much more expensive than two Vyatta boxes and two 7206's put together, even with the flagging US exchange rate.
While 6509s can do BGP, I don't know many networking people that would want to do that when you can get a *router* to do your routing.
Paris, because most IT folks are just posers and clueless fanboys.
1. I assume there is a typo here "a 3x advantage over the NPE-G1 (at about 1.4bn)."
By my rough calculations that would make the NPE-G1 have a roughly 333x advantage over the Vyatta. :o)
2. When I was doing installs of MetroVPNs from BT they were handing out 7204VXRs with 2 FE ports and they were running 8Mb Point-to-point VPN links. I never did ask how much of the install cost was for the routers...
Paris - I doubt she knows the difference between orders of magnitude either.
Some quick responses
I'm an employee at Vyatta... I'll give a shot at responding to some of the questions:
We have measured packet latency times, RFC2544 compliant testing, using a Smartbits on multiple different hardware platforms. Latency is on the order of tens of microseconds, depending on the hardware tested, which is comparable to a Cisco device. Performance is comparable right now up to the 7200 throughput range. In the near future performance is only going to increase as x86 processors scale up the number of cores, PCIe and MSI allow for packet flow affinity to those individual cores, and memory bottlenecks, such as the front side bus, are eliminated. (Come on Nehalem!!!)
For the Tolly test, we were limited to three ports only because that is what is physically on the NPE-G2. When you add a fourth port into the mix with a PA you start to run traffic over the 7200 backplane and throughput on it falls through the floor. At that point it's not really an apples to apples test any more. And for the record, we have users who are looking at million+ route tables because they are finding it increasingly difficult to aggregate IPv6 routes.
We do support serial cards from DSL to DS3 with plans to deliver OC3 in the future. So we're not limited to ethernet. And the number of features may surprise you, take a look! No we don't have NBAR right now, but we will have a L7 filtering solution soon. And we love community feedback and suggestions. It helps us schedule deliverables. So if there is a specific feature you are looking for that we don't have jump on the forums and let us know.
As for the 6509s/7609s AC mentioned, they are 100k+ boxes... Vyatta Community is free. Vyatta support contracts are $647. That's a significant difference. Anyway, Vyatta was not designed to be a core router a la 7600/GSR. But it does work very well in in many applications. It may not satisfy everyone's topology requirements, but we think we have put together a pretty good network appliance that meets the needs of many. All in all, it gives people options. Jump on the community forums and take a look at how people are using it.
One other quick comment... a plug maybe. Our customers love our support guys. Our VP of Support is, errr... dedicated when it comes to getting customer sat responses. And 9 out of 10 customers said our support team was better than the competition. ;)
For wan interfaces on a x86 pci box i have found Sangoma do a reasonable range.
If you are in the market for a 720x and price is a consideration (prob not) juniper and some of the carrier grade manufacturers would be my first stop.
I'd be pitching an x86 based router in the sub 10K price market - but all investment/development of linux core features are a good thing.
Tux cause he's on topic.
Imagestream has been doing this for years now... and they already have the oc3 and up support. It seems like a following the leader issue but at least they are doing some advertising.
I hate to say it...
But I really doubt this thing will match Cisco on features. I believe it was already said, but this is probably good performance FOR A SPECIFIC SET OF TASKS. However, I doubt it will do things like:
MSDP, secure multicast, netflow, VoIP feature sets, firewall/IPS feature sets, FIPS 140-2 certs on VPN, ssh, etc.
There are literally dozens more things that you can just turn on in the Cisco routers that these competitors just don't even have a clue of what they are much less implement.
Don't get me wrong - I'm all for competition and open source, but if you think you are going to fully replace a well utilized 7206 you're really kidding yourself. By well utilized I mean using many different features - not a BPG/layer switching function.
@AC re: "I hate to say it"
Comments like "However, I doubt it will do things like ..." only show you to be a fanboy. IF you had done your homework, then you would be able to say they DO or DO NOT have these features. (Had you even read the article properly you would be aware that some of the acronyms you list are very obviously supported!) Instead you simply told the world that you don't know what you are talking about. What then gives you the right to be rude and insulting? "these competitors just don't even have a clue of what they are much less implement" when you don't have a clue wether or not they are already supported?
On a positive note, next time I am interviewing a Cisco Certified, I will ask them for their opinions on the competition, and if I get commnets like yours, I will know not to employ.
[Some people deserve flames!]
@Paul Smith - Re: @AC re: "I hate to say it"
Well done, Paul, couldn't have put it better... objective, well-written, and a suitable put-down to an ill-considered post...
... by which it also helps to maintain the overall quality of what is still an excellent site.
features ahoy that no one uses
Ok's so Vyatta aren't matchins every feature on Cisco's. But come on, how many people actually use these features anyway? And even then, in most networks you will find a few over speced cisco's doing very basic routing, these atleast could be Vyatta if not the edge routers aswell.
I have used it in a small two office company network with 2 internet connections at each site and 2 interconnects between the sites and found it perfect for that customers needs. Saved them about £15,000 compared to the qoute of another contractor who qouted on cisco kit, of which I pocketed some and donated some to vyatta. When we later installed VoIP and more VPN stuff later, all the features I needed were there, just added a four port gigabit card to each box and the networking side of the upgrade was done and tested in two hours.
Another great reason for using Vyatta is that you can install a two box redundant system and STILL be WAY cheaper than a single cisco system. No more downtime or maintenance window to make changes to it....
Oh and another one, I dont have to wait for a box to arrive before I can do an install. I always keep generic x86 servers in stock, so now I can do same day router installs too, in the past I have waited 4 days to get a Cisco.
Open Source Syndrome...
SO, it looks like Vyatta is kickin butts 'n takin names, all the flame warmongers wanna protect their lil CCNA and CCNP, you guys ever look at the CCIE? Nothin says "i can do it" like experience does - granted Vyatta is a relatively new company - but come on guys, its built on linux - yes, the same linux Cisco is building their shiny new UBER-ROUTERS on. Eventually Cisco will get on the bandwagon, but they need our help - they need the open source community to make them panic and make them feel like they are being left behind. So lets help "Wal-Mart" the entire IT industry by saying things like "Hey Vyatta, you ever see the features in Untangle or IPCop? You guys can work together to make a seriously advanced routing project that blows Cisco outta the water - or you can just grab the source code and implement yourselves" See, in open source land, the best product wins - not the most expensive... so we ALL win. It's the greatest accountability system ever created. <- wow you can totally tell im ADHD
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs