Netgate m1n1wall

Author Topic: PFsense Vs Vyatta  (Read 14155 times)

0 Members and 2 Guests are viewing this topic.

Offline Jonb

  • Sr. Member
  • ****
  • Posts: 410
  • Karma: +0/-0
    • View Profile
    • Peer Point Internet
PFsense Vs Vyatta
« on: January 17, 2012, 01:04:54 pm »
I was wondering if anyone has any benchmarks of the raw routing between Vyatta and PFsense. I don't find the BGP on PFsense as strong but I was wondering about raw routing.
For IP connectivity, Cloud Backup and UK co-lo hosting check us out.
http://www.peerpointinternet.co.uk

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14998
  • Karma: +4/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #1 on: January 24, 2012, 08:58:05 am »
That's very hard to do because it is completely dependent on the hardware you're running. I'm not sure if anyone has done a side-by-side comparison on the exact same hardware with a comparable configuration.

What holds true for one bit of hardware in one type of environment could be completely different in another setup.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #2 on: January 24, 2012, 02:10:39 pm »
A Google found this

http://blog.unflap.com/2010/03/25/pfsense-1-2-3-vs-vyatta-ce-5-benchmark/

Its a bit dated and older versions of both products - but it does seem to be a benchmark using the same hardware.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline phospher

  • Full Member
  • ***
  • Posts: 144
  • Karma: +0/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #3 on: January 24, 2012, 02:58:49 pm »
I prefer pfsense for my Firewalls and Vyatta for my routers.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14998
  • Karma: +4/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #4 on: January 24, 2012, 03:31:54 pm »
testing iperf _to_ the firewall, as they did, is a meaningless test. They were also using crappy NICs.

You need to test _through_ the firewall, since it's optimized for handling routing and firewalling, not terminating connections on the firewall.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #5 on: January 25, 2012, 12:42:28 pm »
I never said anything about it's validity as a test, just that I found it googling for pfsense  vs Vyatta and benchmarks - and it used the same hardware  ;)

I personally would not put much stock in the way they did the test either...
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline Jonb

  • Sr. Member
  • ****
  • Posts: 410
  • Karma: +0/-0
    • View Profile
    • Peer Point Internet
Re: PFsense Vs Vyatta
« Reply #6 on: February 06, 2012, 11:53:12 pm »
Cool thanks guys. Main thing that I have found after testing Vyatta is that the BGP is more feature rich. So I am going to use a mixture of vyatta and pfsense.
For IP connectivity, Cloud Backup and UK co-lo hosting check us out.
http://www.peerpointinternet.co.uk

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #7 on: February 07, 2012, 11:09:14 am »
Main thing that I have found after testing Vyatta is that the BGP is more feature rich.

Yes, pfSense could be substantially improved as a router by including Quagga (http://www.quagga.net/) in the base system (or even as an external package).

But on the other hand, pfsense is a more feature-rich firewall than Vyatta, as others mentioned.


Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14998
  • Karma: +4/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #8 on: February 07, 2012, 11:14:49 am »
The Quagga package may be closer to reality these days. We're having issues with customers using OpenOSPFD in various scenarios and it appears quagga works much better on FreeBSD at least so far.

I haven't heard of anything in BGP that people wanted to do that pfSense couldn't do, at least not that immediately comes to mind. What kind of BGP features did Vyatta have that made it more "feature rich" in your opinion?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline hopoffacloud

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #9 on: May 18, 2012, 11:11:06 pm »
We recently dropped vYatta.    Great Marketing - but truth is - I was not impressed.
We had the paid version - but the upgrade cost annually - especially with a Gui that sucked just made it not worth the cash.

In regards to BGP - we are using PFSense now and move a decent amount of traffic with the PFSense OpenBGP system.
Very pleased.

Once I realized the config (Thanks to Chris) can manually be edited - the system is very easy to work with.

Offline jhgorse

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #10 on: August 05, 2012, 12:15:25 am »
Since we are on the topic of raw routing comparisons, it may be useful to note what some of the good characteristic tests are for judging router performance. So far we have
  • WAN-to-LAN Throughput
  • LAN-to-WAN Throughput
which can be done with iperf or similar.

What other performance tests are good for routers?

Similarly, though not exactly on topic with the O.P.'s question about raw routing, what are good tests for a firewall?

I am developing a few performance tests for a network that we may begin managing. I intend to setup and document a VM lab to achieve the operating requirements and then performance test pfSense and Vyatta under the exact same VM hosting conditions. It would be nice if we chose a few relevant and insightful tests.

Thank you for your time.

Cheers,
Joe

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Re: PFsense Vs Vyatta
« Reply #11 on: August 05, 2012, 10:34:32 am »
I intend to setup and document a VM lab to achieve the operating requirements and then performance test pfSense and Vyatta under the exact same VM hosting conditions.

You'll most probably find that pfSense (FreeBSD-based) performs significantly worse than Vyatta (Linux-based) when running in VM. The reason has simply to do with Linux vs FreeBSD.

So, if you're looking for high-performance routing (over 300-400Mbps), you'll need to run pfSense on "bare metal" not virtualized, or look at alternatives.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: PFsense Vs Vyatta
« Reply #12 on: August 07, 2012, 01:27:33 am »
In general, that's not exactly comparing similar products. Vyatta is more comparable to Cisco IOS, and we're more comparable to a Cisco ASA. They're two diff product lines for a reason. The general consensus I've heard from a number of open source networking fans is "Vyatta if you're looking for a router, pfSense if you're looking for a firewall". There is some overlap, and some areas where either/or will suffice, just like the same could be said of IOS vs. ASA.