In this age of global expansion, corporations face the necessity of scaling their existing networks to a global level. Such broad enterprise network infrastructures get increasingly more vulnerable to internal breakage and external attacks, as the number of critical points multiplies with the network growth. To protect services, products and business data from such threats and to avoid loss of business, fraudulent activity and policy non-compliance, companies have to make the right choice of technologies while upgrading their network infrastructures to the required level of security, scalability and performance. Commonly, a legacy edge router is used to connect corporate branches to the data center, to the internet service provider and to each other. Such a deployment consists of a set of multiple interconnected devices, which comprise single-purpose hardware, and therefore such complex solutions are limited in scalability and flexibility.
A typical enterprise router must come with a strong set of capabilities. At the very least, it should be ready to:
- Provide stable access to the internet for the whole network
- Reliably operate with a high number of connections at a time
- Protect internal resources from unauthorised access from the outside
- Provide access for remote workers to the network
- Work in a high availability configuration for stable and reliable connection
Understanding these critical challenges, we suggest VyOS as a solution to satisfy the demands of any type of enterprise network.
- Source NAT allows to provide internet access to the entire internal network, whereas destination NAT allows to publish intranet services to the whole internet.
- Integrated VPN support and encryption allows to grant access to sensitive intranet resources for remote workers (“road warriors”).
- High-availability can be achieved using VRRP with connection tracking synchronization, which does not allow live connections to drop out, even during failover.
- Firewall provides tools to fine tune the control of traffic to and from the network.
- Load-balancing options give the ability to efficiently utilize multiple internet connections at the same time.
- BGP opens the possibility of even better traffic control for large businesses with autonomous systems.
Most importantly, VyOS, with all its functionality, can be deployed on the majority
of commonly available servers and computers, or inside virtual environments,
making deployments much easier and more affordable.
VyOS can be configured as an enterprise border router with the Border Gateway Protocol (BGP),
which is by far the most advanced dynamic routing protocol.
For this purpose, VyOS can be served both as an external and internal BGP peer,
providing high stability and availability for your network.
Most edge routers are represented as hardware devices.
However, software specifically developed for edge routing functionality
can be deployed and run on a standard server.
VyOS Router Install and Configuration
VyOS as an Enterprise Edge Router for
Quality of Service (QoS)
Processing traffic in priority order is fundamental in mitigating bottlenecks and traffic slowdowns. VyOS lets you classify traffic by custom categories and does not allow low-priority traffic to throtle other connections.
VyOS is a combined solution: edge router and edge firewall, protecting the enterprise network by securing and characterizing incoming IP traffic and helping defend against network attacks.
VPN and tunneling protocols ensure rapid and reliable connectivity between resources in different locations of the company, including remote branches, data centers and mobile workers via internet or through dedicated peering channels.
- High-performance routing: Traffic distribution, network partitioning
- Consolidation: Merging single-purpose devices into one (IP routing, switching, firewall, VPN gateway, MPLS etc.).
- Enterprise-level reliability: Flexibility and redundancy at all network and software altitudes.
- Simplicity and stability: Reduction of operational expenses and streamlined network configuration.
- Support for IPv4 and IPv6: Relieves the pain of transitioning to IPv6 and ensures long-term stability.
- Routing resilient policies: Fine control over traffic flow through specific edge devices.