Hello
I am wondering if there is any use to purchasing open source based offerings from http://www.vyatta.com (For routers/switches) https://www.trustwave.com/modsecurity-rules-support.php (for application firewall).

I am specifically looking at a situation where my client is either going to buy used / refurbished Cisco equipment (with relicensing cost) OR the open source offerings.

I can do a feature by feature comparison of the actual product but wanted to get a general sense of how these offerings would be.
Thanks for any inputs.

Or HP, Juniper and Brocade.

I'd suggest huwawei but.... Eh.

Sent via mobile internet.

_________________
- Pete

have you ever deployed vyatta?

_________________
"I will prepare and some day my chance will come." - Abraham Lincoln
http://danielhertzberg.wordpress.com - I blog about networks!

No I have not. Yes, I can also look at Brocade and other vendors. The question is are vendors like vyatta completely out of consideration. The price point is attractive and given the client (SMB) does not have specific needs, should vyatta (or similar vendors ) be considered.

It should absolutely be considered

_________________
www.mellowd.co.uk/ccie/

I'm now a Vyatta customer, having started off with Vyatta's community edition originally.

We bought a failing company out of bankruptcy last year which had several remote sites that would require firewall/site-to-site VPN connectivity back to our Datacenter. Unfortunately as part of the bankruptcy proceedings, all the network gear (routers, switches, etc) had been sold off, so we needed to put something in fast. We purchased some basic Supermicro Intel Atom based machines with a few network cards and thew vyatta community edition on them. Presto! Up and running!

Having had _no_ issues and also having been very happy with the software, we've opted to recently purchase supported licenses from Vyatta. When compared with Cisco ASA (eg: 5505) or other vendors, Vyatta makes a very compelling case.

Oh, and if your needs are fairly simple, packet filtering, NAT, VPN (site to site or client), you can't really go wrong.

ohh coo, so you can get a freeware version of some form of vyatta? I really havent looked into it.

_________________
"I will prepare and some day my chance will come." - Abraham Lincoln
http://danielhertzberg.wordpress.com - I blog about networks!

Have the (free) community edition at home. Very stable, very pleased with it. Documentation if scarse however, and I don't know if it will stay stable under load. I suppose for remote sites with few on-site devices it will do great.

_________________
http://reggle.wordpress.com

HP Procurve switches are cheap and functionaly work well. Their stats is a bit iffy and sometimes just plain wrong so troubleshooting can be difficult but other than that theyre pretty good and have used them a lot.

_________________
"Right actions in the future are the best apologies for bad actions in the past."

I'm just waiting for Juniper MX80 to arrive into our office to replace our Cisco 6500 with Sup 720-3BXL which works as BGP router currently, but three full BGP tables + about 50 customer seesions is too much for this hardware ... but it's only a switch with routing option

_________________
"Good, Fast and Cheap, you can pick any two but you cannot have all three"

Three full BGP tables?

_________________
"Right actions in the future are the best apologies for bad actions in the past."

VRFs but no doubt he'll be calling them nodes with the MX80.

_________________
- Pete

I thought BGP was not VRF aware in Cisco switches?

_________________
"Right actions in the future are the best apologies for bad actions in the past."

Ah yeah true, I guess they'd be address families instead.

*shrug*

_________________
- Pete

I honestly don't know. I've never actually used it in that way. I tried once, for PeerIX but failed.

_________________
"Right actions in the future are the best apologies for bad actions in the past."

What I mean is that we have three upstream operators and each of then announce to us ~400k prefixes and when everything is stable it's ok. But when one of them is down or flaps then the CPU on this Cisco strikes to the air.

_________________
"Good, Fast and Cheap, you can pick any two but you cannot have all three"

Oh... that.. eh

_________________
- Pete

Yeah ... you know English is not my native language and I have some problems with expressing myself properly.
Back to the topic. In Poland small ISP often use Mikrotik platforms as BGP routers and ... it works but it has terrible CLI. Also one of Polish internet exchange points use quagga as a router and they have ~20Gbit traffic passing trought this device. So I think that opensource isn't that bad

_________________
"Good, Fast and Cheap, you can pick any two but you cannot have all three"

Oh man i hope i didn't offend, Eeeeep. I wad more curious than anything.

But yeah good call, back in the world of networks.

Sent via mobile internet.

_________________
- Pete