Updating vyatta - lubang nikmat
And being a bit of a network guy anyway, I actually prefer the straightforward CLI interface to the web interface of pf Sense — though in fairness, I do find the pf Sense web UI more appealing than many of its proprietary competitors.
While PF consumes about 1k of non-swappable kernel RAM for every state in the table, Netfilter requires less than a third of that at a meager ~300 bytes.The WLB function in Vy OS lacks the capability of monitoring the dynamic gateway for health checks as a variable.Thus the monitor target for the mandatory gateway health check must be updated manually if it changes when the lease is renewed.Thankfully, there was a light at the end of the tunnel.Vy OS is the new community fork of Vyatta, the open source routing and security platform based on Linux.You see, much like Fredo Corleone in The Godfather Part II, Vyatta broke my heart, and is now dead to me.
As it turned out, the community builds of Vyatta hadn’t been updated since the company’s acquisition by Brocade.Well, that’s essentially what happened, but with a slight detour.In fact, I did migrate to a new Atom D525-based Supermicro X7SPA-HF 4-port I350, and successfully ditched pf Sense in favor of Vyatta 6.6R1. But after a couple of days, before I was even finished writing my new policies, I wound up abandoning Vyatta.With six gigabit ethernet interfaces, I am able to achieve a total aggregate throughput of 12Gb/s — even with a thorough, zone-based firewall policy in place between each interface.Latency is exceptional too, as traversal of the firewall adds only ~0.08ms on average, even on a low-power Atom CPU that’s now several generations old.But currently, upgrading from Vyatta to Vy OS is dead simple.