While Vyatta is a good piece of software for the Free version, the costs quickly increases as you have to purchase support and the version updates are few and far between with the Free version. The production (paid) version though is quite nice. Another option though would be RouterOS. If it is a small site, doing BGP could be as little as $399 including the hardware! However, most people that do BGP will need a bit more horsepower. RouterOS will do your iBGP, OSPF, bandwidth controls, firewalling etc. The software license there is $45 beans! Super cheap. Hardware runs as low as $49 bucks to 10k depending on what you are needing. If you would like, please feel free to contact me off-list and I will be glad to recommend the proper hardware. ----------------------------------------------------------- Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training - Author of "Learn RouterOS" -----Original Message----- From: Nathanael C. Cariaga [mailto:nccariaga@stluke.com.ph] Sent: Sunday, September 26, 2010 5:15 AM To: sthaug@nethelp.no Cc: nanog@nanog.org Subject: Re: Software-based Border Router Thank you for the prompt response. Just to clarify my previous post, I was actually referring to Linux/Unix-based routers. We've been considering this solution because presently we don't have any budget for equipment acquisition this year. To be honest, I came across Vyatta Core while searching for viable Linux/Unix-based solution that we can adopt and I'm currently reading its reference guides. Has anyone here used this software before? Thanks a lot. ----- Original Message ----- From: sthaug@nethelp.no To: nccariaga@stluke.com.ph Cc: nanog@nanog.org Sent: Sunday, September 26, 2010 5:59:21 PM Subject: Re: Software-based Border Router
Just want to ask if anyone here had experience deploying software-based routers to serve as perimeter / border router? How does it gauge with hardware-based routers? Any past experiences will be very much appreciated.
Software based routers (e.g. Cisco 7200 series) have been used as border routers for many years - this is hardly anything new. The question you should ask is probably: Can such a router handle a full link's worth of DDoS using minimum sized packets? The answer, of course, depends on your link capacity, the router itself, features enabled (ACLs, QoS, ...) etc. There are quite a few people using Quagga based boxes running Linux or FreeBSD as border routers - this is a possible solution too, giving you more bang for the buck than a traditional software based router from the big vendors. Make sure you have enough expertise for the relevant OS and routing software available. Steinar Haug, Nethelp consulting, sthaug@nethelp.no