What else do people expect on routers, firewalls and switches with closed source. Once again, the power of open-source is shown to be superior (a challenge and not always easy yes). I recently did a big network upgrade and I got so tired of hearing "Cisco/Juniper/$BIGNAME never got anyone fired."
I spent a long time looking at all the options, the main issue with the open source ones is a lack of performance usually due to lack of asics/fpgas for encryption offloading.
When it came down to it, I went with Ubiquiti and their fork of VyOS called EdgeOS. Runners up router OS's were VyOS, PFSense, IPfire, routing engines being Quagga, XORP, and Bird Internet routing daemon.
The point is that open-source isn't an instant solution for these kinds of issues (code obfuscation, code review complexity, weakenesses in many-eyes theory) but it's still better than proprietary because at least you can fix it yourself if you please or at least someone else can.
I am a huge proponent of open-sourcing as much as possible, even given it's higher resource investment (hiring *nix-beards) because it gives a company freedom to be more agile than standard proprietary systems and their licensing-by-a-thousand-cuts and lock-in style.
Sometimes it doesn't make sense, and even as a FOSS proponent and a heavy GPLv3 supporter, I have to recognize sometimes that's not the best option either. I tend to still use Cisco on industrial controls, but it's mostly because of the service & support options, not because of Cisco's security. I just assume that just about every manufacturer based in the US has been NSL'ed and has backdoors in software & hardware... in the meantime, the solution for people like us is to push people like Juniper away from their old business model and force them into competing with FOSS. We can fix the software, but the hardware will be much more difficult. I have heard some interesting ideas on hardware checksumming lately though.
Just my two cents at least.
edit: Forgot to mention I am very fascinated by the networking features in DragonflyBSD, especially ipfw3, so if you haven't looked at it it's worth a peek. Also HAMMER2 is going to be awesome and is already on par with BTRFS and ZFS.
A caution re: EdgeOS. The control plane is largely open source but the data plane uses closed-source kernel modules and closed/proprietary APIs to drive the Cavium Octeon network processor. They seem to be adopting more closed control plane in newer versions because there aren't any mature FOSS stacks for service provider oriented protocols (e.g. MPLS+VPLS+RSVP-TE+LDP+...). On the closed side there are a handful of vendors that provide control plane stacks for all that.
Yeah, I am aware of that, and frankly their track record for GPL compliance is shitty too, but it was a comprimise of sorts. It seems really sad to me that it's 2015 and we still don't have an allprotocol router/firewall thats enterprise ready and open source... maybe that's just my naively idealistic side speaking though.
I spent a long time looking at all the options, the main issue with the open source ones is a lack of performance usually due to lack of asics/fpgas for encryption offloading.
When it came down to it, I went with Ubiquiti and their fork of VyOS called EdgeOS. Runners up router OS's were VyOS, PFSense, IPfire, routing engines being Quagga, XORP, and Bird Internet routing daemon.
The point is that open-source isn't an instant solution for these kinds of issues (code obfuscation, code review complexity, weakenesses in many-eyes theory) but it's still better than proprietary because at least you can fix it yourself if you please or at least someone else can.
I am a huge proponent of open-sourcing as much as possible, even given it's higher resource investment (hiring *nix-beards) because it gives a company freedom to be more agile than standard proprietary systems and their licensing-by-a-thousand-cuts and lock-in style.
Sometimes it doesn't make sense, and even as a FOSS proponent and a heavy GPLv3 supporter, I have to recognize sometimes that's not the best option either. I tend to still use Cisco on industrial controls, but it's mostly because of the service & support options, not because of Cisco's security. I just assume that just about every manufacturer based in the US has been NSL'ed and has backdoors in software & hardware... in the meantime, the solution for people like us is to push people like Juniper away from their old business model and force them into competing with FOSS. We can fix the software, but the hardware will be much more difficult. I have heard some interesting ideas on hardware checksumming lately though.
Just my two cents at least.
edit: Forgot to mention I am very fascinated by the networking features in DragonflyBSD, especially ipfw3, so if you haven't looked at it it's worth a peek. Also HAMMER2 is going to be awesome and is already on par with BTRFS and ZFS.