Wednesday, March 29, 2006

Great to meet everyone!

We had another Vyatta Secret Society party last night and it was a great success! It was great to match faces with names and to meet new folks that have been watching our progress from the sidelines. More than a few folks have told me that they "have the product in the lab" or "are trying out the image for their office" - awesome news! We even had a few visitors drive up to see us from my alma mater on Tasman Drive (names being withheld to protect the innocent and ambitious :-).

The party would not have been nearly as much fun if we had not had the help of Michelle "the voice" Kelso from Arrowpath Venture Partners. Thanks Michelle - you are the best!

Dave, your cruise director, has promised to post pictures of the party soon. He'll have to get on that or we'll ask him to turn in his membership to the Lauren Tewes fan club.

We'll be having another party at Networld+InterOp in Vegas on May 2nd. We're still working on the final logistics, but you won't want to miss this one! Sign up on our website for the mailing list and we'll see you there!

Monday, March 27, 2006

Being vanilla ice cream

I was driving along highway 280 here in the bay area today thinking about a number of comments I've gotten about Vyatta over the past month. For the most part, we've gotten some very encouraging words from a large group of potential users and supporters - and our collective psyche thanks you all!

At the same time, we've also gotten some harsh criticism from folks on our mission to bring open source software to the world of networking. Mostly, this criticism comes from folks that either: 1) are entrenched in the world of closed-source networking products, 2) don't believe in the open source model for any software or 3) believe that we're entering an established market that can't be entered successfully. Truthfully, some of all of these issues lurk in the back of my mind almost continually....

At the same time, I realized that we can't be liked by everyone. We can't be vanilla ice cream. Who does not like vanilla ice cream at least some of the time in some form? Personally, I like it plain, in a hot fudge sundae, a banana split and even in a cream puff as part of a profiterole. I'm not sure I've ever met someone who does not like vanilla ice cream in some fashion, although I am sure that they do exist.

Back on point and away from my dessert, we're a start up and we're breaking new ground in a market where change has not been prevalent in many years. The networking market is not expecting revolutions but small evolutions. Revolutions were back in the 1980s and early 1990s - we're no longer fighting Ethernet vs Token Ring, the great Frame/ATM slugfest is over, and IP won over Novell/IPX, Banyan Vines, Xerox XNS, Appletalk and about 20 other proprietary protocols that I have plastered on t-shirts from the early 1990s.

So, when we come out with a revolutionary business model for networking, we have to expect that some folks won't like it, understand it or bother to support it. Not everyone will appreciate the way we're building our business and we have to expect that. It's okay - we can't be vanilla ice cream. We'll have folks that love our community, get actively involved, submit bugs and deploy our products. We'll have critics that will say that we'll never amount to much and scoff when they hear our name. To be successful, we need to stay focused, to work on building our community and to make sure our software continually evolves.

Someday, we hope to enjoy a hot fudge sundae with our harshest critics. Even if they don't appreciate Vyatta software and support, I can almost bet that they'll enjoy the vanilla ice cream.

Thursday, March 23, 2006

Device phone home feature

We've been having an internal debate as to whether or not we want to put a "device phone home" feature in our software to send us anonymous usage statistics. We have good arguments on both sides of this one and we'd like to hear your thoughts.

The basic concept behind the feature is that our software would send us anonymous usage statistics on total number of packets routed, total number of bytes routed, total packets blocked by the firewall, and so forth. We would then aggregate these statistics and put some fancy graph widget on our homepage so everyone could watch the growth (or even decline) of the Vyatta community. Of course, this software feature would be OFF BY DEFAULT and would require human intervention to enable it.

The pro argument for this feature is that it will help us and the community understand how the software is being used. And, it should give future potential community users the confidence to try our software - strength in numbers.

The con argument is privacy. People don't want their network usage statistics monitored by anyone - that is why no-one enables public SNMP on their Internet ports. We'd do our best to make sure the usage statistics came to us from an innocuous source (maybe the loopback IP address or something), but the potential for privacy issues to arise is real.

Your thoughts? Would you be interested to know how the Vyatta community is using the software via anonymous usage statistics or is the privacy concern too great? Please speak up and leave a comment here or feel free to send me an email at allan (at) vyatta.

And in case you are wondering, no, we have not written this feature yet, it is not in the current code base or images we are distributing. We're just talking about this feature right now.

Wednesday, March 22, 2006

Which camp are you?

As we were developing Vyatta over the past several months, we spent a lot of time interviewing potential users of the product. An interesting trend appeared as we talked to a variety of folks - some users wanted us to ship our software that they wanted to install on their hardware and others wanted to have us ship to them a bundled hardware/software package. The way I see it, users fall into two camps: systems folks and network folks.

Systems folks, we found, like to buy a commodity set of hardware with exact specifications. Specific disk drives, memory configuration, bus properties, clock speeds, interface cards and so forth. When the system arrives at their site, the first thing that they might do is to wipe the disk clean and install a version of their operating system of their choice with their partitions, tools, applications and optimizations. These folks want the Vyatta OFR to be an application that runs in their environment on their hardware of choice. So, for the systems folks, we plan on keeping the OFR available in the manner that is is today and letting them install it on a system built with their environment in mind.

Network folks, on the contrary, don't really want to take a clean system and install the operating system and utilities to bring up the system. They seem to care about the hardware specs of the system such as processing power, bus speed, number of interfaces, memory capacity and so on, but only as this pertains to their specific network environment. What network folks appear to want is a system that they can put in a rack, connect up to the LAN and telnet/ssh to configure. So, we're exploring ways to deliver a hardware/software package to the network folks - more details on this to come in near future.

We're curious as to where the folks in our community fall - are you in the systems folks camp or the network folks camp? Maybe you have a different camp altogether? Please let us know as we're always looking for input!

Tuesday, March 21, 2006

David vs Goliath

People love to read about David vs. Goliath - we have surely seen that over the past few weeks with our public launch. And, it's great to see folks rooting for the underdog and helping us out on many fronts.

Yet, we have to keep in mind that the point of Vyatta is not to directly take on the closed-source networking vendors such as Cisco, Juniper, Nortel and others. Instead, we want to provide an alternative choice for the enterprise that is flexible, open, and community driven. We realize that we've not going to arrive on the scene and have open-source networking dominate over closed-source networking in a week, month or even a year. We're expecting a marathon, not a sprint. We're patient and have the conviction to see this through to the 26th mile....

Some have argued that the closed source networking vendors do a fine job on their products and that they serve their needs well. We absolutely agree. We would contend that Sun and Microsoft serve their corporate enterprise server customers well too - yet there is still a market for RedHat, SUSE, and others.

Thanks for all of the emails and comments - please keep them coming!

Monday, March 20, 2006

Here's our SVN tree - where's yours?

We've been getting lots of good coverage by the media and bloggers (thanks for the posts and comments!) since our launch a few weeks ago. Believe it or not, we try to keep up with the various posts and comments because we feel that input from the community is absolutely critical to our success. And, that burning on our ears makes us think that lots of you out there are talking about our company.

One comment that seems repeats every so often is that there are lots of other products in the networking world that are based on some open source operating system. For example, Juniper's JunOS is based on FreeBSD. What makes us different is that we're not just merely based on open source, but rather our entire code is open source. That means you can see and take every line of code that we have in our product - and we plan on keeping it that way. Our code base is in a Subversion tree right here. Go ahead, take it, use it, add to it as you see fit for your business :)

We believe that open source software running on commodity hardware (mainly x86-based) is the future of the networking world. We don't think that we're alone in this vision, just that we are working hard to help lead the charge.

Saturday, March 11, 2006

The open source difference: Tetris!?!

Here's the difference between an open source software company and one that is closed source (based on open source or not): the puzzle game Tetris.

Let me explain.... Last week, a user on the vyatta-hackers mailing list, Joel Krauska, downloaded our latest image and then proceeded to add a Debian package for Tetris to his Vyatta router/firewall. He did this on his own, with no help from us, and then proceeded to write up a wiki page on how he did it. We had never met Joel (although we did meet him yesterday for the first time), did not help him with his puzzle enhancement and were pleasantly surprised when he sent over the screenshot of Tetris running on his Vyatta device.

As you might expect, Tetris may not make it into our next build and this functionality is not a core piece of a router/firewall, but it clearly shows how the Vyatta product empowers users to enhance and modify their networking devices to meet their needs (even if that need is an puzzle game, an MP3 server or WAN compression :-) To me, this is a shining example of how open source software provides unique flexibility and features that vendor-driven software rarely exhibits.

Oh yes, in addition to Tetris, Joel did provide us two kernel level patches and modified our boot sequence to include our logo and banner message. Excellent enhancements that will make our next build.

Thanks for the work Joel - you're definitely helping us to lead the industry toward an open source alternative for networking. The folks at Vyatta and the world of Tetris-lovers raise our glasses to you!

Wednesday, March 08, 2006

Viva la France!

I was browsing through our web site statistics and found that the top three top-level domains (TLDs) hitting our site are: 1) .com, 2) .net and 3) .fr! All three TLDs have hit our site nearly the same amount (within ~10%). The number four TLD is .edu at approximately one-tenth (1/10) as many hits as France (.fr).

So... Viva la France! You can have your baguette, croissant, croque monsieur and ... open source networking!

Oh yes, the last country on our list is Boliva (TLD of .bo) with one lonely hit. Come back Bolivia - bienvenidos!

The power of syndication

Since our public unveiling a week or so back I've been watching our web statistics on a daily basis. What is very interesting is our top webpage URLs:

So, thinking about this - the download page makes sense since slashdot.org put that link in their article on us (that was very cool!). Next, notice that the RSS pages have more hits than our homepage. That tells me that people have surfed to our homepage and then set up RSS readers to revisit our blogs and wiki. The number of hits makes sense to me because people might hit the homepage once and then use an RSS reader to see changes to the blogs and wiki multiple times.

While the hit rates make sense, the striking thing is that it appears that people are sufficiently intrigued by our story to have subscribed to our syndication. I interpret that to mean that the premise of our products and services are intriguing and people are using syndication to follow our progress. I guess the cynic in me might interpret this to be the same intrigue that causes people to watch a spider go down a drain, but I'm generally more optimistic than that :-)

Keep your RSS readers watching this space, we'll hopefully make you want to keep your subscriptions active.

Saturday, March 04, 2006

The measure of success

We spent a good amount of time during the formation of Vyatta thinking about how to quantify the success (or lack thereof) of the company over the next 12-18 months. Top line revenue based on our service and support offerings would be a quantitative sign. Yet, we think that there may be a more subjective measure - one that requires our potential customers to experience a pause.

The pause occurs before people order a closed source product where a credible open source alternative exists. Should I use Oracle or try mySQL for the database? Siebel or SugarCRM for our CRM deployment? Deploy NMS using HP OpenView or give IT Groundworks a shot? The pauses are already occuring in IT shops across the world on these open source alternatives.

Another network device from the closed source vendor or give Vyatta a test drive?

That's the pause we need. It's not going to be a pause in the near term, but we have the patience and conviction to see if it will occur in a reasonable amount of time.

If we're right, then people will be using our products, receiving service and support from us and our community and realize that they are reaping the same benefits as they did with closed source alternatives. Then, the measure of success should be easy to quantify.

Thursday, March 02, 2006

The three most important things in a startup are....

Focus, focus, focus. Yes, that is one thing and that is the point, to borrow a phrase from the real estate market (it's about location, location, location).

Our current focus at Vyatta is on building our community.

In the grand scheme of community building, we've landed on the island, found some water and built a grass hut in the middle of the jungle. People from 60+ countries have come to check out what our community is building and that is exciting! Still, I look forward to when we will have an established community center filled with social gatherings of members imbibing mixed cocktails!

We're always looking for input on how to make our community stronger, how to build better buildings and how to get more folks involved. We want you involved and intend to keep it that way in the future. Please come register for our database, get signed up for our mailing lists,, edit the wiki or contact us directly.

I hope you've enjoyed week one - we're absolutely enjoying the community interaction and conversations.

Gulp.... whew...

Remember the Vyatta router/firewall I was configuring yesterday? Well, the site went live on the beta product yesterday afternoon and moved their mail server in-house (routed via our static NAT).

Last night, late, I realized that I needed to add one more NAT rule to the configuration, but thought I'd better not touch anything until someone was on-site this morning in case the Vyatta box rolled over and played dead. About 9am today I heard that folks were on-site so I went ahead and configured the product remotely from my house and added the NAT rule. The configuration took fine and as I was looking at the various "show" commands to see the NAT rules and statistics, my ssh connection died. Gulp.

Of course, I thought our product had died a horrible death and called someone on-site to reboot the router. They did that. I waited at home. Nothing. Gulp again.

Now you get to picture me rushing through my morning ritual at breakneck pace to get out of the house. Meanwhile, I'm watching the time thinking of when the MX records will expire and mail will start bouncing like a superball on concrete.

I get to the site about 40 minutes later and look at the console of the Vyatta router/firewall. All looks fine... the box is up, running, answering DHCP for the local LAN, and so forth. As it turns out, the T1 for the site went down - it wasn't our box at all. Still, email was bouncing, but it was not Vyatta's fault. At least not this time. Whew...

Did we mention not to run our beta 0.5 release in production yet?

Post-mortem: The T1 came back and the Vyatta box went right back into production...

Wednesday, March 01, 2006

NAT, firewalls and Robert Bays

I was doing a NAT and firewall configuration on one of our products for a beta site yesterday. The site required some static NAT rules filtered through a firewall. Having never personally done static NAT on the Vyatta router/firewall, I thought I'd give it my best shot and use Robert as my safety blanket.

About halfway through the configuration, I had the static configuration done, but it wasn't working. It then occured to me that the static NAT configuration that I was doing required a public IP address that was different that than IP address assigned to public facing Ethernet port. In other words, the public IP address on the router/firewall was x.x.x.1 and I was making a static NAT to x.x.x.2. I thought that the router/firewall would see the static NAT mapping to x.x.x.2 and automatically know to answer ARPs and then subsequently NAT the packets properly. But, just to check myself, I went over to Robert, explained the configuration to him and asked his opinion. He said, "It should work" or "That sounds right" or something to that affect. I should also mention that this was arond 1pm.

Fast-forward to about 5pm. I'm now bleary-eyed after staring at NAT and firewall rules. I tuck my tail between my legs and go over to ask Robert for his help on the configuration. He says to me with a chuckle, "I kind of was hoping you'd figure this out on your own..."

Fast-forward to about 6:30pm. Robert has been plugging away at the configuration for about 90 minutes when he says, "Wait a sec - let's add x.x.x.2 as a secondary IP address on the public facing Ethernet port." When he does that, everything starts to work just fine. At which point I bring up to him that this was the exact question I had asked him back at 1pm. And Robert replies with a laugh, "Yes, but I didn't really hear you before."

So, two lessons here: 1) You need to define the IP address for a static NAT on an interface and 2) make sure Robert can hear you when you ask him a question. :)