Forget that proprietary network hardware.
Ask a thousand computing professionals what company name is synonymous with networking, and I'd wager that the vast majority would reply "Cisco." That Cisco has that kind of mind share must be very gratifying to its marketing department. While I can't argue that Cisco makes some very fine networking equipment--it obviously does--I'm not as enthused about the licensing under which the equipment is delivered. I can re-sell the hardware, but the embedded software is licensed, thus making the resale value of the equipment relatively worthless. To me, the cachet of the Cisco name is not worth the price, particularly if you keep in mind that the protocols used to deliver packets from one network to another are standard stuff. Because of the cost, building a Cisco-equipped lab with which you can study networking is outside the budget of most IT professionals.
Fortunately, there's a new "packet slinger" in town: a company started by former Cisco employees, a company that goes by the name "Vyatta." Cisco best beware.
A Linux-Based Router
I've always said that a Linux box is quite capable of being a powerful router/firewall, and my viewpoint has been borne out by the large selection of routers available at your local office supply store. Many of them either run Linux or can have a Linux image loaded to replace their stock firmware. While I'm not suggesting that one of those home routers will be suitable replacements for the Cisco routers in your office (though strangely enough, I often find them at my clients' offices in that role), it wouldn't be out of the question if the home routers had higher throughput and supported advanced routing protocols.
As it happens, advanced routing capabilities are already built into Linux. Just load up a Linux instance on some higher-powered hardware and load the appropriate software modules, and you have an enterprise-level router and firewall. Add a network-centric interface, one familiar to networking professionals, and you have Vyatta. With Vyatta, you can literally put together a top-quality router/firewall using Linux without ever really having to get your hands dirty installing or configuring Linux. I like Vyatta because it puts all of the configuration details into one file, using one interface that any network administrator will find comfortable and familiar, thus making it much easier to upgrade or clone the device.
I had the opportunity to see a presentation by a couple of Vyatta employees last year at the Ohio Linuxfest, where I first learned about this product. From the presentation, I learned that Vyatta targets nearly all of Cisco's market, omitting the very smallest devices (Linksys routers) and the very largest devices used by ISPs and large corporations. Everything in between is fair game. Even if you don't decide to forklift upgrade your equipment, Vyatta can play nicely in a current network controlled by proprietary hardware. So you can slowly replace existing equipment as the need arises.
Vyatta's business model is similar to many of the other large, successful open-source projects, such as Red Hat and MySQL. You have a choice of the fully supported subscription edition, replete with any number of support options, or the community edition, which is free for the download. Besides the limited support options of the community edition (which basically consists of forums, a mailing list, and an IRC channel), the other major difference is that the community edition lags behind the subscription edition in terms of patches. On the other hand, the community edition does boast a substantial user base, (as evidenced by the traffic I see on the various lists), so community support is readily available. For experimentation and learning, the community edition is matchless, since the cost per unit is zero--and this is a price within every IT professional's budget.
For the purpose of this discussion, we'll assume that you'd like to work with the community edition of Vyatta, and with this version, you have your choice of installations. There is what I call the easy installation (a live CD) and the "we've already done it for you version" (a VMWare virtual machine), both of which are available at Vyatta's download page. Click on either link under "Current Community Releases" (they are identical links), and you'll then get to make your choice of installations.
If you are going to load Vyatta on real metal or wish to manually create your own virtual machine, select the link for "VC4 - ISO CD Image." To get a ready-made virtual machine, select the link for "VC4 - VMware Virtual Appliance." Both of these downloads are under 150MB, so it shouldn't take you long to retrieve either or both. While you are on the download page, be sure to grab a copy of the "Quick Evaluation Guide," which will greatly reduce the time it takes you to get your router configured.
At this point, you'll need to burn the ISO image to a CD (if installing to a real machine) or map the ISO file to your CD drive for a VMWare or Xen virtual machine installation. Let's do an installation to a VMWare virtual machine.
Fire up the new virtual machine wizard and select a "typical" installation. Select "Linux" as the guest operating system and "Other Linux 2.6.x kernel" for the version. On the next screen, give your new VM a creative new name, like "Vyatta." On the Networking screen, you'll want to choose an entry appropriate to your installation. For testing, I tend to configure VMWare to have multiple host-only (virtual) network ports so that I may run everything on my laptop and therefore use "host-only" networking. If you want Vyatta to have access to your actual interfaces, then choose "bridged networking." For disk space, you may take the default of 8GB, and I wouldn't waste time preallocating it, since the actual installation will be well under 1GB total. Before starting your newly created VM, edit the settings and point your CD-ROM to the ISO you downloaded earlier. Also, add as many virtual Ethernet interfaces as you need for your testing.
Power on your VM, and you'll be rewarded with the Vyatta logo. After a few seconds, the machine will start to boot the image, and you'll prompted to log on. Use "root" for the user and "vyatta" for the password, and you'll be brought to the "vyatta:~#" prompt. Installing Vyatta to your VM (or real machine, if you've booted the CD on a PC) is as simple as issuing the command "install-system" and answering a half-dozen prompts. In less than a minute, your installation will be complete, and you'll simply restart your machine by typing "reboot" at the command prompt.
Users who want to get right to it and have downloaded the preloaded VM from Vyatta need only unzip the file to their system and then open it in VMWare. When you start the virtual machine, you'll be prompted to note whether you moved or copied the virtual machine. Simply click "I copied it" when asked what you did with this instance. If you don't have a floppy drive, you'll get another prompt asking what to do about that. I chose to have it start disconnected. Once the virtual machine has booted, log in as noted before, with root/vyatta as the user/password combination.
Now that your installation is completed, you are ready to start playing. To begin configuring your device, you simply enter the command "configure." You'll note that the prompt changes. The first command you'll want to issue is "show," which will give you a look at the abbreviated configuration file present in all installations. If all is well, you'll see your Ethernet interfaces and some basic system information.
From this point, you're ready to dive into the "Quick Evaluation Guide" and get this router/firewall moving packets. For maximum productivity and to make your experience a pleasurable one, be sure to download the "Quick Start Guide" and the "Command Reference Guide," both of which are for the VC4 version you have installed. While not updated to VC4 as yet, the "Configuration Guide for VC3" is a wealth of information showing case studies to make your Vyatta router do whatever it is you want to do with it. Be sure to download it!
Linux Routing Simplified
I've used Linux at many locations for routers and firewalls, but I have to admit that the Vyatta package has certainly made things so much simpler. I have an enterprise subscription with Vyatta and will say that they have the best tech support that I've ever experienced since IBM. As an example, when I first started using Vyatta, I would do some configuring, apply the changes, and then check my work using familiar Linux command-line tools. I just couldn't seem to reconcile what I was seeing in Linux with what I was configuring, so I thought, "What the heck? Why not ask them?" I submitted a question to their tech support group via their Web site, and within 10 minutes I got a call from them. I'm not kidding; it was actually seven minutes! The recommendation they gave me boiled down to this: "Stop thinking like a Linux geek and start thinking like a networking geek," which seems trite in print, but it really did make things easier for me to see from the Vyatta standpoint. The conversation itself lasted about 20 minutes, and at no time did I feel as though their support guy was in any hurry to get off the call with me. I've had a couple more opportunities to test-drive their tech support, and at no time have I been disappointed.
Since moving to Vyatta, I've replaced our Cisco PIX, added three RF-based networks (serving substations in the electric utility industry), and have installed it at other various client sites. I'm hooked! If you're ready to start saving some cash on that proprietary network hardware, I can't encourage you enough to give Vyatta a try. If you want to create a small lab to learn more about networking, I can't encourage you enough to give Vyatta a try. For whatever reason brings you to Vyatta, I think that once you start working with it, you, too, will be hooked.