IBM Cloud Docs
About the VRA

About the VRA

The IBM Cloud® Virtual Router Appliance (VRA) provides the Vyatta 5600 operating system for x86 bare metal servers. It is offered as a High Availability (HA) or stand-alone configuration.

With the IBM Cloud® Virtual Router Appliance you can route private and public network traffic selectively, through a full-featured enterprise router that has firewall, traffic oriented, policy-based routing, VPN, and other features. The VRA offers performance with ease of configuration. It has the maintenance advantages of running on a normal hardware server. The VRA hardware appliance is sized to handle the routing load for multiple VLANs, and it can be ordered with redundant network links and redundant RAID arrays. You manage all VRA features.

Alternatives: The FortiGate Security Appliance (FSA) 10 Gbps is a single-tenant (dedicated), high-throughput (10 Gbps) hardware firewall with next-generation features, such as AntiVirus (AV), Intrusion Prevention (IBM Prerequisite Scanner), and web filtering. It might be an alternative to VRA for achieving similar goals. For more information, see the FSA documentation.

Firewall

To protect your environment from external threats, the IBM Cloud® Virtual Router Appliance can be used as a firewall. You can add firewall rules to allow or deny inbound or outbound network traffic to the ports on which your application runs, and you can filter the traffic within your own networks. The IBM Cloud® Virtual Router Appliance also can be configured to perform stateful IPv4 and IPv6 filtering to protect your critical data.

Virtual Private Network (VPN) gateway

Connect your onsite data center or office to the IBM Cloud with VPN tunneling by provisioning your IBM Cloud® Virtual Router Appliance as a network gateway device. You can use an IPsec site-to-site VPN tunnel for secure communication to your IBM Cloud network. Other VPN options are; Remote access IPsec VPN (client-to-site), OpenVPN, GRE, L2TP, and DMVPN.

Have a look at the Brocade VPN configurations guides in the Supplemental VRA documentation section.

Network Address Translation (NAT)

With the IBM Cloud® Virtual Router Appliance, you can provision application and database servers without public network interfaces while still allowing your servers to access the internet by using Source NAT. You can also hide your servers behind the gateway device with Destination NAT for enhanced security.

Enterprise-grade routing

For multi-tiered applications on different isolated networks, the IBM Cloud® Virtual Router Appliance gives you flexible ways to build connectivity between these networks. You can set up dynamic routing by using BGP to announce your own public IP space on the IBM Cloud routers. BGP also offers more flexibility for custom private network configurations when using various tunnels and Direct Link solutions.

Have a look at the Brocade BGP configurations guides in the Supplemental VRA documentation section.