Network Virtualization with Vyatta
I ran across this the other day and had to take a look at it. This is Vyatta network virtualization community edition, meaning free. Vyatta’s network operating system is optimized to run in virtual environments to manage traffic and enforce policies in the same way that a physical router, firewall, VPN or intrusion prevention device does in a traditional infrastructure. Where popular hypervisors include only a simple layer 2 vSwitch, Vyatta completes the network virtualization picture with vFirewall and vRouter functionality in our Vyatta software-based networking solution.
This software is a Linux based operating system. That features performance and reliability of an enterprise-class secure router with the additional benefits of flexible deployment options on x86 hardware, blade servers, and virtualization. Vyatta offers industry-standard routing and management protocols, support for most commonly used network interfaces, and configuration via command-line or a web based graphical user interface.
The program is downloaded in a LiveCD format that can be used as is to run the virtual networking software or it can be installed on to a hard drive and booted from it. I ran Vyatta on several machines to include a virtual machine, and it functions like pretty much any managed networking device I have ever configured. It supports several routing protocols to include RIPv2, BGPv4, OSPFv2, OSPFv3, and static routes. This handy piece of software also supports IPv4 and IPv6. The following list shows all of the features the subscription edition has:
IP Management
- Static
- DHCP Server, client, and relay
- DNS forwarding and Dynamic DNS
Encapsulation
- Ethernet
- PPPoE
- MLPPP
- GRE
- 802.1Q VLANS
- PPP
- Frame Relay
- HDLC
Firewall features
- Stateful Inspection Firewall
- Zone-based Firewall
- IPv6 Firewalling
- Time-based Firewall Rules
- P2P Filtering
- Rate Limiting
VPN
- SSL-based OpenVPN
- Site to Site VPN (IpSec)
- Remote VPN
This product has several more features that I am not going to list because I will be typing all night. Anyhow you can get the product highlights document at this link. Click Here This document also lists the features that are not included in the Community Edition.
Using Vyatta is pretty cool, I have a networking degree and have experience with managed networking so I found this to be pretty cool and it allowed me to brush up on configuration steps I have not done in a long time. Plus for people that don’t have a great deal of networking experience this is a good tool to learn and practice on. The interface isn’t the same as Cisco but you can get the concepts down and then you will just have to adjust some of the commands you use. Also the documentation is great, and extensive. I downloaded all of the manuals they had and it totaled at 20. Most of the manuals cover individual protocols and their configuration.
Installation is also easy and you will need to download the Quick Start Guide because it tells you the default password, installation steps, and some more basic functions that you will need to know. There is also a video you can watch that gives you a brief overview of the CLI and web interfaces. But installing the program onto a hard drive it is recommended that you have 2 gigs of space. Once you boot the LiveCD you login using the vyatta user account and type install-system. This will launch a script that will install the software and prompt you to change the passwords for the root and vyatta accounts. When Vyatta boots it looks like a Linux/Unix boot screen with scrolling text that finish with a command prompt. Once logged in the operation is just like any other managed router in the fact that you have a user and configuration interface. When you log in it starts you out at the user interface that will only allow you to look at things or check network connectivity with pings or traceroutes. Here is a screen shot of all of the primary commands that can be used in user mode.
This is just the primary commands there are quite a few additions that need to be added to the commands to make them function correctly. To find the additional syntax or even to list the top level commands you just have to type a ? at the prompt. It you get lost you can simple enter that or if you know part of the command you can type it in and hit the space bar. This will list the possibilities for the command you entered. To move into the configuration mode you simple enter configuration. The prompt will change from a $ to a #, showing you are in config mode. To jump back to the user mode or to log out simple type exit. Here is a screen shot of the top level configuration mode commands.
Once again there are tons of additional syntax that goes with each of these commands, it would take me quite a while to type them all out so just remember the ? help and you will be able to navigate through everything till you get use to all the commands. However one of the most important commands is the commit command. This commands saves anything you may have entered to the running config. It would be a shame to do a lot of typing just to have it wiped out due to not saving. But the CLI will warn you if you try to exit the configuration mode without saving.
The GUI does not come turned on when you download Vyatta, you will need to add a command to the configuration to activate the web service. To turn it on you need to enter the configuration mode and add type set service https then commit. Once this is added you should be able to access it through you web browser. It should look like the following pic.
The commands you enter through the web interface are different. You look for the protocol or service you want to work with and click through the drop downs till you get to the portion that you want to change or have something to enter. I like the CLI but the web GUI it easy to use and some people may like it. The GUI will also give you a good idea of just how much this networking OS will do. Here is a pic of the GUI and the drop downs I was talking about.
I have not implemented it into any of my virtual servers because they are production and I have to test some more things before I can really see if I can make good use of this virtualized network. The one thing I will say for people trying this out, make sure you configure Vyatta correctly before you implement it into you network. For learn or experimentation is one thing but to bring it online and having it touch the Internet could cause you all kinds of problems for some one was to find a hole in you configuration. Not that I am the master of networking but testing before implementation is a must. One other thing I would do is to download the manuals, at least the Quick Start Guide. This will give you insight into the functionality and basic configuration you must perform. It is a great product and I think it is worth looking at even if it is just for fun. Check it out at http://www.vyatta.com/products/virtualized.php. Here are some more screen shot of the Vyatta CLI interface.