Brad Reese, who writes for the Network World Cisco Subnet called today to ask if I had seen the Vyatta press release that they have released a new version of their open source routing software, with the claim "The Vyatta software combines router, firewall, and VPN capabilities into an integrated solution that delivers twice the performance of proprietary network solutions at half the price." That's a pretty interesting statement if you know router hardware architectures. The press release goes on to say "We have proven the performance and reliability of our open-source
networking solution in large, demanding networks, making Vyatta a
no-brainer alternative to over-priced, inflexible, proprietary
products," said Kelly Herrell, CEO of Vyatta.
Cisco has spent a good deal of money making their routers go fast. A key component of their technology is to make sure that the router's CPU seldom has to look at the packets. When the first packet of a flow enters the router, the CPU determines the outgoing interface to use and loads that data, as well as the interface media header, into a cache. Successive packets match the cache entry and are quickly forwarded by the hardware -- the CPU doesn't get involved in forwarding them. This is typical of the high-end Cisco routers, which I find curious about the claim of performance in large, demanding networks.
Vyatta has a whitepaper by the Tolly Group comparing* their open source router with the Cisco 2821 ISR (Integrated Services Router), which is a low-end router (though not the lowest). For small remote site use, it may well be acceptable to use the Vyatta router, provided you don't also need a local switch and voice capability, which the ISR can provide. Sure the Cisco is going to cost more. If your interface is a set of T1s or similar speed links, then software based forwarding will work well (higher speeds are possible, depending on the hardware you use, as demonstrated in the Tolly Group comparison). At higher speeds on bigger boxes, Cisco will win -- it's simply a game of moving packets between interfaces at the highest speed the hardware will enable. And Cisco has the hardware at the high end. You then have to look at features.
The configuration file syntax used by Vyatta looks similar to that used by Juniper, which is an interesting departure from industry norms, which typically favor a Cisco-like syntax so as to take advantage of the mass of people trained on Cisco. The people who I know who have used the Juniper syntax quickly learn to dislike the Cisco interface, so that's in Vyatta's favor.
Some of the other features that I didn't see listed in about 30 minutes of poking around the Vyatta web site and forums: QoS, MPLS, and Netflow/sFlow/IPFIX. I found a couple of instances of monitoring the Vyatta router, but nothing that indicated a good way to monitor the entire system (not just interface, CPU, and memory stats). For example, visibility into QoS queue drops are critical to monitor in a VoIP network and flow data allows network administrators to determine who is hogging a busy link. Both examples are important for monitoring how business processes are operating. After all, it is the business processes that make money (or save money) for the organization.
Vyatta is gaining some customers, as is shown on their web site. The question in my mind is whether they will be able to implement the features that customers need in order to be competitive with the likes of Cisco and the other router vendors (don't forget about 3Com, Adtran, and the other smaller router players). I'm curious just how big a network a single Vyatta can handle. Leave a comment if you know of any big ones.
* The Tolly Group comparison was done with UDP packets, which would may not take advantage of a cache that the Cisco might use to improve the performance of TCP. It would be interesting to see the same test done using a set of TCP flows.
-Terry