Software-based Border Router

Dennis Burgess dmburgess at
Sun Sep 26 15:10:53 UTC 2010

While Vyatta is a good piece of software for the Free version, the costs quickly increases as you have to purchase support and the version updates are few and far between with the Free version.  The production (paid) version though is quite nice.

Another option though would be RouterOS.  If it is a small site, doing BGP could be as little as $399 including the hardware!  However, most people that do BGP will need a bit more horsepower.  RouterOS will do your iBGP, OSPF, bandwidth controls, firewalling etc.  The software license there is $45 beans! Super cheap.  Hardware runs as low as $49 bucks to 10k depending on what you are needing.  If you would like, please feel free to contact me off-list and I will be glad to recommend the proper hardware.  

Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website:
LIVE On-Line Mikrotik Training - Author of "Learn RouterOS" 

-----Original Message-----
From: Nathanael C. Cariaga [mailto:nccariaga at] 
Sent: Sunday, September 26, 2010 5:15 AM
To: sthaug at
Cc: nanog at
Subject: Re: Software-based Border Router

Thank you for the prompt response.  Just to clarify my previous post, I was actually referring to Linux/Unix-based routers.  We've been considering this solution because presently we don't have any budget for equipment acquisition this year.

To be honest, I came across Vyatta Core while searching for viable Linux/Unix-based solution that we can adopt and I'm currently reading its reference guides.  Has anyone here used this software before?  

Thanks a lot.

----- Original Message -----
From: sthaug at
To: nccariaga at
Cc: nanog at
Sent: Sunday, September 26, 2010 5:59:21 PM
Subject: Re: Software-based Border Router

> Just want to ask if anyone here had experience deploying software-based routers to serve as perimeter / border router? How does it gauge with hardware-based routers? Any past experiences will be very much appreciated. 

Software based routers (e.g. Cisco 7200 series) have been used as border routers for many years - this is hardly anything new. The question you should ask is probably: Can such a router handle a full link's worth of DDoS using minimum sized packets? The answer, of course, depends on your link capacity, the router itself, features enabled (ACLs, QoS, ...) etc.

There are quite a few people using Quagga based boxes running Linux or FreeBSD as border routers - this is a possible solution too, giving you more bang for the buck than a traditional software based router from the big vendors. Make sure you have enough expertise for the relevant OS and routing software available.

Steinar Haug, Nethelp consulting, sthaug at

More information about the NANOG mailing list