The RioRey appliance does its job. Most of the attacks we carried out were stopped completely, and in the other cases a much larger share of the legitimate traffic could pass through than without protection. The RX 1810 would have successfully warded off the attacks made on Tweakers.net in August and September 2009.
Another advantage is that RioRey offers 24-hour support on their products, so you are not left to your own devices when you are under attack. In the unlikely event a DDoS is not warded off, the experts of RioRey can think up an ad hoc solution together with you. In practice, this will most likely come down to RioRey doing most of the work, while we sit and wait until the problem is fixed
Our home-made firewall was not much of a match for most of the attacks. On top of that, iptables is tucked away pretty deeply in the kernel and zero routing for IPs and IP ranges would be more efficient - this, however, requires detailed scripting and a lot of manual work. There probably are better ways to configure the network, but we do not expect to gain much by that.
At the moment of writing, the RioRey has spent a few days in our rack and it looks like it does not inadvertently block legitimate traffic. This does not mean that in the long run or during a DDoS attack not a single legitimate request would be thrown away - but at least it is a hopeful sign that, for now, there are no false positives to report.
There is, of course, also some room for improvement. The finishing of the appliance is satisfactory, but not top-notch; especially the front board deserves some reconsideration. It would definitely be an idea to put a lock on it: after all, it needs to protect the uplink to your network.
Another point to be reconsidered is the practicability of the rView application - the traffic graphs are somewhat hard to manage, for instance. In addition, it is bothersome that the status is displayed with a delay, although this is probably inherent to the way the application works. It is worse that IP ranges can nowhere be defined; each and every address, whether approved or rejected, needs to be entered separately.
However, we are left with a general feeling of contentment. Obviously, we hope there ultimately was no real reason to install our RioRey - but if the worst comes to the worst, we will in any case be well prepared.
We would like to thank Quanza Engineering, both for the test appliance and all the answers to our torrent of questions about the RioRey.