nanog mailing list archives
Re: Vyatta as a BRAS
From: khatfield () socllc net
Date: Tue, 13 Jul 2010 08:00:44 +0000
My comment would be: That is simply matter of opinion and opinions may be swayed depending on the market that signs your check? :) There have been a fair share of appliance bugs/sec vulnerabilities over the years as well. I agree software-based deployments have their flaws but I do not agree that it cannot be managed securely with comparable or exceeding uptime -vs- a drop in appliance. I firmly believe it has it's place in 'today's internet'. The question is where your expertise lies and what you expect to get out of it. If your background is Cisco and you have a good relationship then I wouldn't fix what isn't broken. I have very little experience with Vyatta other than doing some mild testing. I am simply speaking more to the 'software-based' market like Vyatta/BSD. -----Original Message----- From: Truman Boyes <truman () suspicious org> Date: Tue, 13 Jul 2010 16:56:16 To: Dobbins, Roland<rdobbins () arbor net> Cc: NANOG list<nanog () nanog org> Subject: Re: Vyatta as a BRAS On 13/07/2010, at 4:50 PM, Dobbins, Roland wrote:
On Jul 13, 2010, at 1:34 PM, Sharef Mustafa wrote:do you recommend it?My comment would be that a software-based BRAS - 7200, Vyatta, et. al. - is no longer viable in today's Internet, and hasn't been for years, due to security/availability concerns. Same for peering/transit edge, customer aggregation edge, et. al. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
I agree. In a bind I have seen small providers experiment with FreeBSD/Linux L2TP termination (as a LNS), I would recommend against it if you have a business that depends upon these customers' happiness. There were all sorts of issues to address when the customer ran significant traffic forwarding through the unix boxes, namely adjusting kernel parameters for NMB_CLUSTERS, heap sizes, all sorts of sysctl parameters, adding additional interface counts, etc. A low cost 7200 or ERX-310 would easily fit the bill, and you can buy them cheap these days. Cheers, Truman
Current thread:
- Vyatta as a BRAS Sharef Mustafa (Jul 12)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 12)
- Re: Vyatta as a BRAS Truman Boyes (Jul 12)
- Re: Vyatta as a BRAS khatfield (Jul 13)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 13)
- Re: Vyatta as a BRAS Curtis Maurand (Jul 13)
- Re: Vyatta as a BRAS Greg Whynott (Jul 13)
- Re: Vyatta as a BRAS Daniel Senie (Jul 13)
- Re: Vyatta as a BRAS Lamar Owen (Jul 13)
- Re: Vyatta as a BRAS Christian Chapman (Jul 13)
- Re: Vyatta as a BRAS Valdis . Kletnieks (Jul 13)
- Re: Vyatta as a BRAS Lamar Owen (Jul 13)
- Re: Vyatta as a BRAS Mikael Abrahamsson (Jul 13)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 14)
- Re: Vyatta as a BRAS Truman Boyes (Jul 12)
- Re: Vyatta as a BRAS Dobbins, Roland (Jul 12)