SlideShare ist ein Scribd-Unternehmen logo

Open Source Networking with Vyatta

Matthew Turland
Matthew Turland
Technologie
1 von 12
Downloaden Sie, um offline zu lesen
Open Source Networking An introduction to using open source in the network. John Southworth February 26, 2009
Why would anyone want to use open source at the network layer? Chances are, you already do! - Vyatta is a replacement for enterprise level routing and security platforms. - It can be used easily almost anywhere. - It's a software package (linux distribution) that runs on standard x86 hardware.
How does Vyatta benefit users? Home users: Stable Secure Powerful Flexible Runs on just about anything Free and Open! Good community support Enterprise users: Stable Secure Powerful Flexible Virtualizable Subscription release available Commercial support Command line interface similar to Cisco or Juniper
So what does Vyatta do? Routing (Static, RIP, OSPF, and BGP) NAT VPN ( IPSEC, PPTP, OpenVPN, and L2TP ) Firewall IDS Webproxy Interfaces DSL, T1, T3, Ethernet (up to 10Gb), wireless modem, tunnel Its flexibility comes from the fact that Debian GNU/Linux is underneath it all: if you need another service running on the router, just install it.
Why Vyatta over standard Linux?
First, a set-up for a home user Community edition is available at http://vyatta.org/downloads Grab it, put it on an old pc, and play with it! I use a single board computer as my routing platform: ALIX 2D3 AMD Geode 500MHz 256MB RAM 3 10/100 Ethernet NICS It is configured for NAT, Firewall, OpenVPN, and OSPF. Works great, <$200 for a decent router. These are similar specs to a Cisco ASA5505 With the same software capabilities that Vyatta has, it costs over $600
Configuring an internet gateway with Vyatta: Demo Services for standard home router: DHCP Wan Interface DHCP server for LAN DNS Forwarding Firewall NAT
firewall { ethernet eth1 { system { broadcast-ping disable address 192.168.1.1/24 host-name roto-router5000 conntrack-tcp-loose enable description quot;LAN side NICquot; login { ip-src-route disable duplex auto user root { log-martians enable hw-id 00:04:5a:5b:a8:ac authentication { name wanwall { speed auto encrypted-password *************** rule 999 { } level admin action accept loopback lo { } description quot;Allow all established connectionsquot; } user vyatta { state { } authentication { established enable service { encrypted-password *************** invalid disable dhcp-server { } related enable disabled false level admin } shared-network-name my-net { } } authoritative disable } } subnet 192.168.1.0/24 { ntp-server 69.59.150.135 name wan-in { client-prefix-length 24 package { rule 999 { default-router 192.168.1.1 auto-sync 1 action accept dns-server 192.168.1.1 repository community { description quot;Allow all established connectionsquot; lease 86400 components main state { start 192.168.1.10 { distribution stable established enable stop 192.168.1.45 password quot;quot; invalid disable } url http://packages.vyatta.com/vyatta related enable } username quot;quot; } } } } } } } dns { time-zone GMT receive-redirects disable forwarding { } send-redirects disable cache-size 150 syn-cookies enable dhcp eth0 } listen-on eth1 interfaces { } ethernet eth0 { } address dhcp nat { description quot;WAN side NICquot; rule 10 { duplex auto outbound-interface eth0 firewall { protocol all local { type masquerade name wanwall } } } in { ssh { name wan-in allow-root false } port 22 } protocol-version v2 hw-id 00:50:8b:a1:d5:e5 } speed auto } }
Now for something a little more fun! OpenVPN For the home users: Easy connection between friends, share files and information with your friends and family. OSPF does the route configuring work for you. For the working guys: OpenVPN tunnels for site to site vpns, runs OSPF for dynamic updates. I have 2 nodes setup for this, and we will configure the third link. There are 4 OSPF areas, one backbone and one area behind each router.
More functions, mainly for the enterprise guys. Got a branch office that needs a lot of equipment? Virtualize everything, even the router/firewall. This is the so called “Branch-in-a-Box”. Perhaps you need a lot of routers for point-to-point links or something similar. That's virtualizable too. Virtualizing routing is a very flexible idea; having your routing platform as software instead of being locked into a hardware solution gives this flexibility.
There is so much more this platform can do. There is a learning curve for the CLI for home users, but a web-ui is on the way.

Empfohlen

Huawei switch configuration commands
Huawei switch configuration commandsHuawei switch configuration commands
Huawei switch configuration commands
Huanetwork
 
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
Tola LENG
 
IPTABLES
IPTABLESIPTABLES
IPTABLES
Tan Huynh Cong
 
Packet Tracer: Load Balancing with GLBP and FHRP
Packet Tracer: Load Balancing with GLBP and FHRPPacket Tracer: Load Balancing with GLBP and FHRP
Packet Tracer: Load Balancing with GLBP and FHRP
Rafat Khandaker
 
Huawei S5700 Basic Configuration Command
Huawei S5700 Basic Configuration CommandHuawei S5700 Basic Configuration Command
Huawei S5700 Basic Configuration Command
Huanetwork
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
Tola LENG
 
7. protocols
7. protocols7. protocols
7. protocols
Marian Marinov
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
Bootcamp SCL
 

Empfohlen

Huawei switch configuration commands
Huawei switch configuration commandsHuawei switch configuration commands
Huawei switch configuration commands
Huanetwork
 
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
Tola LENG
 
IPTABLES
IPTABLESIPTABLES
IPTABLES
Tan Huynh Cong
 
Packet Tracer: Load Balancing with GLBP and FHRP
Packet Tracer: Load Balancing with GLBP and FHRPPacket Tracer: Load Balancing with GLBP and FHRP
Packet Tracer: Load Balancing with GLBP and FHRP
Rafat Khandaker
 
Huawei S5700 Basic Configuration Command
Huawei S5700 Basic Configuration CommandHuawei S5700 Basic Configuration Command
Huawei S5700 Basic Configuration Command
Huanetwork
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
Tola LENG
 
7. protocols
7. protocols7. protocols
7. protocols
Marian Marinov
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
Bootcamp SCL
 
Huawei Router Basic Configuration Command
Huawei Router Basic Configuration CommandHuawei Router Basic Configuration Command
Huawei Router Basic Configuration Command
Huanetwork
 
7.protocols 2
7.protocols 27.protocols 2
7.protocols 2
Marian Marinov
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercices
saqrjareh
 
Huawei cisco command conversion
Huawei cisco command conversionHuawei cisco command conversion
Huawei cisco command conversion
james Omara
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
DH Da Lat
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
Tola LENG
 
Juniper Chassis Cluster Configuration with SRX-1500s
Juniper Chassis Cluster Configuration with SRX-1500sJuniper Chassis Cluster Configuration with SRX-1500s
Juniper Chassis Cluster Configuration with SRX-1500s
Ashutosh Patel
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
Alejandro Reyes
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Netgear Italia
 
Ccnp3 lab 3_4_en
Ccnp3 lab 3_4_enCcnp3 lab 3_4_en
Ccnp3 lab 3_4_en
Omar Herrera
 
Puertos tcp & udp
Puertos tcp & udpPuertos tcp & udp
Puertos tcp & udp
Claudia Ortiz Ruiz
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commands
Robin Rohit
 
Huawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverHuawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP server
IPMAX s.r.l.
 
Composants et fonctionnement d'un Switch Cisco
Composants et fonctionnement d'un Switch Cisco Composants et fonctionnement d'un Switch Cisco
Composants et fonctionnement d'un Switch Cisco
DJENNA AMIR
 
Layer 3 redundancy hsrp
Layer 3 redundancy hsrpLayer 3 redundancy hsrp
Layer 3 redundancy hsrp
Edgardo Scrimaglia
 
NAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallNAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewall
Cassiano Campes
 
Vrrp
VrrpVrrp
Vrrp
Anuj Kumar
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Netgate
 
Openvpn
OpenvpnOpenvpn
Openvpn
Pavel Müller
 
Configuraion vpn
Configuraion vpnConfiguraion vpn
Configuraion vpn
Jacqueline Coba
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
Emil CHERICHEȘ
 
OpenVPN como solución de Redes Privadas Virtuales Corporativas
OpenVPN como solución de Redes Privadas Virtuales CorporativasOpenVPN como solución de Redes Privadas Virtuales Corporativas
OpenVPN como solución de Redes Privadas Virtuales Corporativas
Rommel León
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (18)

Huawei Router Basic Configuration Command
Huawei Router Basic Configuration CommandHuawei Router Basic Configuration Command
Huawei Router Basic Configuration Command
 
7.protocols 2
7.protocols 27.protocols 2
7.protocols 2
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercices
 
Huawei cisco command conversion
Huawei cisco command conversionHuawei cisco command conversion
Huawei cisco command conversion
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
 
Juniper Chassis Cluster Configuration with SRX-1500s
Juniper Chassis Cluster Configuration with SRX-1500sJuniper Chassis Cluster Configuration with SRX-1500s
Juniper Chassis Cluster Configuration with SRX-1500s
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
 
Ccnp3 lab 3_4_en
Ccnp3 lab 3_4_enCcnp3 lab 3_4_en
Ccnp3 lab 3_4_en
 
Puertos tcp & udp
Puertos tcp & udpPuertos tcp & udp
Puertos tcp & udp
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commands
 
Huawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverHuawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP server
 
Composants et fonctionnement d'un Switch Cisco
Composants et fonctionnement d'un Switch Cisco Composants et fonctionnement d'un Switch Cisco
Composants et fonctionnement d'un Switch Cisco
 
Layer 3 redundancy hsrp
Layer 3 redundancy hsrpLayer 3 redundancy hsrp
Layer 3 redundancy hsrp
 
NAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallNAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewall
 
Vrrp
VrrpVrrp
Vrrp
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
 

Andere mochten auch

OpenVPN como solución de Redes Privadas Virtuales Corporativas
OpenVPN como solución de Redes Privadas Virtuales CorporativasOpenVPN como solución de Redes Privadas Virtuales Corporativas
OpenVPN como solución de Redes Privadas Virtuales Corporativas
Rommel León
 

Andere mochten auch (7)

Openvpn
OpenvpnOpenvpn
Openvpn
 
Configuraion vpn
Configuraion vpnConfiguraion vpn
Configuraion vpn
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
 
OpenVPN como solución de Redes Privadas Virtuales Corporativas
OpenVPN como solución de Redes Privadas Virtuales CorporativasOpenVPN como solución de Redes Privadas Virtuales Corporativas
OpenVPN como solución de Redes Privadas Virtuales Corporativas
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
 
Openvpn
OpenvpnOpenvpn
Openvpn
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
 

Ähnlich wie Open Source Networking with Vyatta

Building a moat bastion server
Building a moat bastion serverBuilding a moat bastion server
Building a moat bastion server
nseemiller
 
Air Live Rs 1200
Air Live Rs 1200Air Live Rs 1200
Air Live Rs 1200
guest52b3f5
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
carliotwaycave
 
Linux lecture9
Linux lecture9Linux lecture9
Linux lecture9
gkj021
 

Ähnlich wie Open Source Networking with Vyatta (20)

VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
 
Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)
 
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
20141102 VyOS 1.1.0 and NIFTY Cloud New Features20141102 VyOS 1.1.0 and NIFTY Cloud New Features
20141102 VyOS 1.1.0 and NIFTY Cloud New Features
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
SSL Web VPN
SSL Web VPNSSL Web VPN
SSL Web VPN
 
p10
p10p10
p10
 
p10
p10p10
p10
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
Triển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponTriển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gpon
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 server
 
Building a moat bastion server
Building a moat bastion serverBuilding a moat bastion server
Building a moat bastion server
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
 
Air Live Rs 1200
Air Live Rs 1200Air Live Rs 1200
Air Live Rs 1200
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking details
 
Linux lecture9
Linux lecture9Linux lecture9
Linux lecture9
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
NAT64 Overview
NAT64 OverviewNAT64 Overview
NAT64 Overview
 

Mehr von Matthew Turland

Open Source Content Management Systems
Open Source Content Management SystemsOpen Source Content Management Systems
Open Source Content Management Systems
Matthew Turland
 
PHP Basics for Designers
PHP Basics for DesignersPHP Basics for Designers
PHP Basics for Designers
Matthew Turland
 
Creating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew TurlandCreating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew Turland
Matthew Turland
 
The OpenSolaris Operating System and Sun xVM VirtualBox - Blake Deville
The OpenSolaris Operating System and Sun xVM VirtualBox - Blake DevilleThe OpenSolaris Operating System and Sun xVM VirtualBox - Blake Deville
The OpenSolaris Operating System and Sun xVM VirtualBox - Blake Deville
Matthew Turland
 
Utilizing the Xen Hypervisor in business practice - Bryan Fusilier
Utilizing the Xen Hypervisor in business practice - Bryan FusilierUtilizing the Xen Hypervisor in business practice - Bryan Fusilier
Utilizing the Xen Hypervisor in business practice - Bryan Fusilier
Matthew Turland
 
The Ruby Programming Language - Ryan Farnell
The Ruby Programming Language - Ryan FarnellThe Ruby Programming Language - Ryan Farnell
The Ruby Programming Language - Ryan Farnell
Matthew Turland
 

Mehr von Matthew Turland (15)

New SPL Features in PHP 5.3
New SPL Features in PHP 5.3New SPL Features in PHP 5.3
New SPL Features in PHP 5.3
 
New SPL Features in PHP 5.3 (TEK-X)
New SPL Features in PHP 5.3 (TEK-X)New SPL Features in PHP 5.3 (TEK-X)
New SPL Features in PHP 5.3 (TEK-X)
 
Sinatra
SinatraSinatra
Sinatra
 
Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHP
 
Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHP
 
When RSS Fails: Web Scraping with HTTP
When RSS Fails: Web Scraping with HTTPWhen RSS Fails: Web Scraping with HTTP
When RSS Fails: Web Scraping with HTTP
 
Open Source Content Management Systems
Open Source Content Management SystemsOpen Source Content Management Systems
Open Source Content Management Systems
 
PHP Basics for Designers
PHP Basics for DesignersPHP Basics for Designers
PHP Basics for Designers
 
Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHP
 
Creating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew TurlandCreating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew Turland
 
The OpenSolaris Operating System and Sun xVM VirtualBox - Blake Deville
The OpenSolaris Operating System and Sun xVM VirtualBox - Blake DevilleThe OpenSolaris Operating System and Sun xVM VirtualBox - Blake Deville
The OpenSolaris Operating System and Sun xVM VirtualBox - Blake Deville
 
Utilizing the Xen Hypervisor in business practice - Bryan Fusilier
Utilizing the Xen Hypervisor in business practice - Bryan FusilierUtilizing the Xen Hypervisor in business practice - Bryan Fusilier
Utilizing the Xen Hypervisor in business practice - Bryan Fusilier
 
The Ruby Programming Language - Ryan Farnell
The Ruby Programming Language - Ryan FarnellThe Ruby Programming Language - Ryan Farnell
The Ruby Programming Language - Ryan Farnell
 
PDQ Programming Languages plus an overview of Alice - Frank Ducrest
PDQ Programming Languages plus an overview of Alice - Frank DucrestPDQ Programming Languages plus an overview of Alice - Frank Ducrest
PDQ Programming Languages plus an overview of Alice - Frank Ducrest
 
Getting Involved in Open Source - Matthew Turland
Getting Involved in Open Source - Matthew TurlandGetting Involved in Open Source - Matthew Turland
Getting Involved in Open Source - Matthew Turland
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Kürzlich hochgeladen (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Open Source Networking with Vyatta

  • 1. Open Source Networking An introduction to using open source in the network. John Southworth February 26, 2009
  • 2. Why would anyone want to use open source at the network layer? Chances are, you already do! - Vyatta is a replacement for enterprise level routing and security platforms. - It can be used easily almost anywhere. - It's a software package (linux distribution) that runs on standard x86 hardware.
  • 3. How does Vyatta benefit users? Home users: Stable Secure Powerful Flexible Runs on just about anything Free and Open! Good community support Enterprise users: Stable Secure Powerful Flexible Virtualizable Subscription release available Commercial support Command line interface similar to Cisco or Juniper
  • 4. So what does Vyatta do? Routing (Static, RIP, OSPF, and BGP) NAT VPN ( IPSEC, PPTP, OpenVPN, and L2TP ) Firewall IDS Webproxy Interfaces DSL, T1, T3, Ethernet (up to 10Gb), wireless modem, tunnel Its flexibility comes from the fact that Debian GNU/Linux is underneath it all: if you need another service running on the router, just install it.
  • 5. Why Vyatta over standard Linux?
  • 6. First, a set-up for a home user Community edition is available at http://vyatta.org/downloads Grab it, put it on an old pc, and play with it! I use a single board computer as my routing platform: ALIX 2D3 AMD Geode 500MHz 256MB RAM 3 10/100 Ethernet NICS It is configured for NAT, Firewall, OpenVPN, and OSPF. Works great, <$200 for a decent router. These are similar specs to a Cisco ASA5505 With the same software capabilities that Vyatta has, it costs over $600
  • 7. Configuring an internet gateway with Vyatta: Demo Services for standard home router: DHCP Wan Interface DHCP server for LAN DNS Forwarding Firewall NAT
  • 8. firewall { ethernet eth1 { system { broadcast-ping disable address 192.168.1.1/24 host-name roto-router5000 conntrack-tcp-loose enable description quot;LAN side NICquot; login { ip-src-route disable duplex auto user root { log-martians enable hw-id 00:04:5a:5b:a8:ac authentication { name wanwall { speed auto encrypted-password *************** rule 999 { } level admin action accept loopback lo { } description quot;Allow all established connectionsquot; } user vyatta { state { } authentication { established enable service { encrypted-password *************** invalid disable dhcp-server { } related enable disabled false level admin } shared-network-name my-net { } } authoritative disable } } subnet 192.168.1.0/24 { ntp-server 69.59.150.135 name wan-in { client-prefix-length 24 package { rule 999 { default-router 192.168.1.1 auto-sync 1 action accept dns-server 192.168.1.1 repository community { description quot;Allow all established connectionsquot; lease 86400 components main state { start 192.168.1.10 { distribution stable established enable stop 192.168.1.45 password quot;quot; invalid disable } url http://packages.vyatta.com/vyatta related enable } username quot;quot; } } } } } } } dns { time-zone GMT receive-redirects disable forwarding { } send-redirects disable cache-size 150 syn-cookies enable dhcp eth0 } listen-on eth1 interfaces { } ethernet eth0 { } address dhcp nat { description quot;WAN side NICquot; rule 10 { duplex auto outbound-interface eth0 firewall { protocol all local { type masquerade name wanwall } } } in { ssh { name wan-in allow-root false } port 22 } protocol-version v2 hw-id 00:50:8b:a1:d5:e5 } speed auto } }
  • 9. Now for something a little more fun! OpenVPN For the home users: Easy connection between friends, share files and information with your friends and family. OSPF does the route configuring work for you. For the working guys: OpenVPN tunnels for site to site vpns, runs OSPF for dynamic updates. I have 2 nodes setup for this, and we will configure the third link. There are 4 OSPF areas, one backbone and one area behind each router.
  • 10.
  • 11. More functions, mainly for the enterprise guys. Got a branch office that needs a lot of equipment? Virtualize everything, even the router/firewall. This is the so called “Branch-in-a-Box”. Perhaps you need a lot of routers for point-to-point links or something similar. That's virtualizable too. Virtualizing routing is a very flexible idea; having your routing platform as software instead of being locked into a hardware solution gives this flexibility.
  • 12. There is so much more this platform can do. There is a learning curve for the CLI for home users, but a web-ui is on the way.