Vyatta: a router/vpn/firewall in a VM

Brocade has a beta exam up for BCVRE – Certified vRouter Engineer – which is on the Vyatta software from the company with the same name that Brocade bought last year.

There is the free open source core. Download from here: http://vyatta.org/downloads (no you don’t have to register).  The evaluation/subscriber version has the API and web gui available, I’ll probably check those out closer to the exam date.

I grabbed VC6.6 – Virtualization ISO. Use it in a VM and assign 5GB disk (install only requires 1G, or you could just run it on the iso, but then it doesn’t keep state between reboots) and 1GB RAM. Two NICs: One NAT and one private. But to get more acquainted with it you’ll likely have to do a bit more configuration on the hypervisor side. Such as turn off dhcpd in your virtual networks.

To install it to disk: hit “install system” at the CLI after it’s booted.

More documentation: http://docs.vyatta.com/current/wwhelp/wwhimpl/js/html/wwhelp.htm – there are descriptions how to get for example ssh management working ( set service ssh ).

The server is basically Debian with a more recent kernel (6.6 has 3.3) and a shell to make it more switch-like. It actually uses the bash completion to make it look like this. Check out /etc/bash_completion.d/vyatta-*

To remove a setting use “delete” (comparable to no in other CLIs). There is a web interface, but this is only for subscribers. Core version allows SNMP though if you want to use that :)

What to do with vyatta? A bunch of tutorials are here: http://www.vyatta.org/documentation/tips-tricks

  • NAT
  • VPN (for example connect private cloud <-> Amazon VPN)
  • Firewall
  • Routing (OSPF, BGP, etc)

But no SDN stuff (separate data and the control plane). It looks like it’s not possible to modify the flow table of a switch via Vyatta. This looks like a software router/VPN/firewall with some extras added to it.

4 thoughts on “Vyatta: a router/vpn/firewall in a VM

  1. Pingback: BCvRE – Brocade Certified virtual Router Engineer • Blog Archive • Home

  2. Paolo


    About a year ago I asked you some advice about Brocade certifications, and eventually I’ve got BCFA, BCFP and BCFD. So, first of all, thank you for your help!

    I’ve also noticed our IT interests match, in fact I’ve also taken the Coursera “SDN course”, and I’ve done the BCVRE exam ;)

    I agree with you, it was a little disappointing not to find any real SDN stuffs there, and for that reason I’ve given up the idea of taking the next exam (BCVRP).

    Anyway, since then I’ve been digging a little more into the SDN philosophy, and I think I begin to understand now that the fact of being just a “software router/VPN/firewall” – as you’ve said in your post – is its “raison d’être”. In fact this NFV (vRouter) approach is only part of the Brocade’s initiative, which should be later combined with SDN.

    Take a look at this post: http://blog.cimicorp.com/?p=988

    1. guldmyr Post author

      Hi Paolo!

      That’s real nice! I thorougly enjoyed Brocade’s FC certifications, real in depth and especially the BCFD was a lot of fun.
      I’m not studying anything at the moment, do perhaps have a suggestion for me? =)

      Brocade’s 5400 vRouter looks very much like it’s closed source. The old Vyatta community forums are a sad story and the git repository is outdated and no core releases for a long time. Makes it a lot less interesting for me but perhaps useful in some scenarios.
      A 5400 augmented with some SDN controllers or the possibility to plug it into a network orchestration / management software would definitely be useful, but as far as I can see it looks pretty much the same as the old Vyatta vRouter.

      // Johan


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.