PFsense Vs Vyatta
-
That's very hard to do because it is completely dependent on the hardware you're running. I'm not sure if anyone has done a side-by-side comparison on the exact same hardware with a comparable configuration.
What holds true for one bit of hardware in one type of environment could be completely different in another setup.
-
A Google found this
http://blog.unflap.com/2010/03/25/pfsense-1-2-3-vs-vyatta-ce-5-benchmark/
Its a bit dated and older versions of both products - but it does seem to be a benchmark using the same hardware.
-
I prefer pfsense for my Firewalls and Vyatta for my routers.
-
testing iperf to the firewall, as they did, is a meaningless test. They were also using crappy NICs.
You need to test through the firewall, since it's optimized for handling routing and firewalling, not terminating connections on the firewall.
-
I never said anything about it's validity as a test, just that I found it googling for pfsense vs Vyatta and benchmarks - and it used the same hardware ;)
I personally would not put much stock in the way they did the test either…
-
Cool thanks guys. Main thing that I have found after testing Vyatta is that the BGP is more feature rich. So I am going to use a mixture of vyatta and pfsense.
-
Main thing that I have found after testing Vyatta is that the BGP is more feature rich.
Yes, pfSense could be substantially improved as a router by including Quagga (http://www.quagga.net/) in the base system (or even as an external package).
But on the other hand, pfsense is a more feature-rich firewall than Vyatta, as others mentioned.
-
The Quagga package may be closer to reality these days. We're having issues with customers using OpenOSPFD in various scenarios and it appears quagga works much better on FreeBSD at least so far.
I haven't heard of anything in BGP that people wanted to do that pfSense couldn't do, at least not that immediately comes to mind. What kind of BGP features did Vyatta have that made it more "feature rich" in your opinion?
-
We recently dropped vYatta. Great Marketing - but truth is - I was not impressed.
We had the paid version - but the upgrade cost annually - especially with a Gui that sucked just made it not worth the cash.In regards to BGP - we are using PFSense now and move a decent amount of traffic with the PFSense OpenBGP system.
Very pleased.Once I realized the config (Thanks to Chris) can manually be edited - the system is very easy to work with.
-
Since we are on the topic of raw routing comparisons, it may be useful to note what some of the good characteristic tests are for judging router performance. So far we have
-
WAN-to-LAN Throughput
-
LAN-to-WAN Throughput
which can be done with iperf or similar.
What other performance tests are good for routers?
Similarly, though not exactly on topic with the O.P.'s question about raw routing, what are good tests for a firewall?
I am developing a few performance tests for a network that we may begin managing. I intend to setup and document a VM lab to achieve the operating requirements and then performance test pfSense and Vyatta under the exact same VM hosting conditions. It would be nice if we chose a few relevant and insightful tests.
Thank you for your time.
Cheers,
Joe -
-
I intend to setup and document a VM lab to achieve the operating requirements and then performance test pfSense and Vyatta under the exact same VM hosting conditions.
You'll most probably find that pfSense (FreeBSD-based) performs significantly worse than Vyatta (Linux-based) when running in VM. The reason has simply to do with Linux vs FreeBSD.
So, if you're looking for high-performance routing (over 300-400Mbps), you'll need to run pfSense on "bare metal" not virtualized, or look at alternatives.
-
In general, that's not exactly comparing similar products. Vyatta is more comparable to Cisco IOS, and we're more comparable to a Cisco ASA. They're two diff product lines for a reason. The general consensus I've heard from a number of open source networking fans is "Vyatta if you're looking for a router, pfSense if you're looking for a firewall". There is some overlap, and some areas where either/or will suffice, just like the same could be said of IOS vs. ASA.
