Slashdot Mirror
Linux Ported to Cisco Routers, BSD chosen by router manufacturers
calc writes "Linux has now been ported to the Cisco 2500/3000/4000 routers. Click here for more details." This seems like a fairly logical (albeit not so useful hack). I mean, one would assume that cisco's have some wacky hardware in them... but then again, using standard tools to config them seems allright by me. And you could use your router as a web server if you were on crack *grin*. [Update by nik]: Not the first time a free operating system is used like this. For example, routers from Juniper run a modified FreeBSD, while Effnet base many of their products on NetBSD.
Now i can run some RC5 clients on my routers!
:P )
(What an effective use of resources
I think, therefor i think. i think?
Port Linux to a door? Is that how Sirius Cybernetics did it?
Share and Enjoy.
... when you think about it a little.
If you're running a webserver cluster behind the router, and using the router itself to do the load balancing (IANASA - I am not a Sys Admin), then if all the dedicated webserving machines decide to go bye-bye on you, it would be a Nice Thing to be able to have the router throw out a "Sorry, our stuff is unavailable right now" message. Not that you should let the aforementioned state occur, but as the saying goes, 'better safe than dead.'
IOS does NAT and packet filtering pretty well. The only difference between IPNat, IPFilter and IOS is that IPFilter is stateful. Mind you, I love stateful packet filters and think it's the greatest fucking feature in the world, it's still not much of a difference. Oh, wait, IOS does have a "firewall" feature set that is stateful, so nevermind. When is Linux going to get stateful packet filtering?
Cisco does NAT pretty well, thank you. and with the right access lists can do all the things that you are describing.
sing it brother!
Well some yahoo had to go and do it.
BSD runs on the P200 that manages the box. Like the ssh session you might use to configure it. ASICs handle the packet forwarding, route table, forwards table, etc. No matter how cool BSD is, it still doesn't push an OC-192 at wire speed. Moderate that guy down like the uninformed bastard that he is.
kashani
- Why is the ninja... so deadly?
this is supremely useful to the cracker who has an 0wn3d router but didn't know what to do with it.
just think - so long as the unit performs its duties and does not invite administrator scrutiny, you now have the perfect base for sniffing and password logging.
how many more reasons do we need before all those old cleartext application protocols get scrapped?
I really appreciate the answer, alot of good info in there on OpenBSD's abilities. I just have a few comments... (NOTE: my comments are about the 2.4 series, alot of these abilities are new)
1. Linux *does* allow multiple port matching.
2. Linux *does* allow you to redirect to another machine, you are no longer restricted to localhost (under 2.2 you can as well with 3rd party utils which I hated because they sucked.)
3. Host mapping is *not* a problem under 2.4
(I know how useful the redirection can be, that DNS task of yours would be hell without it.)
4. Connection State Matching is possible in Linux.
5. Rate blocking: I *think* so. I would have to look a bit more before being able to say for sure though... the limit match helps on this, but I don't think it does what you wanted it to - but there may be something else.
To help, here is a simple list on the basic options included in the "make menuconfig" under 2.4 for NAT/filtering/MASQ decisions:
limit match, MAC, netfilter MARK, multiple port support, TOS match, connection state match, unclean match, owner match
Packet Filtering Targets: REJECT, MIRROR
Full NAT Targets: MASQUERADE, REDIRECT
Packet Mangling: TOS, MARK
In summary, I know about the limitations you were discussing - at least in regards to the 2.2 series. What I would like to know, is what does *BSD have over the 2.4 Linux Kernel (which I have running on 7 production machines WITHOUT a single hickup) with regards to router functionality?
I should also point out that though I am a fan of Linux, I would use Win2k before I would use RedHat and I believe in using the best tools for the job at hand. (Yes, even if the best tool is Win95 or FreeBSD *shudder*)
So, once again, anyone want to please explain why someone would use OpenBSD over Linux (to clarify, 2.4) as a router? (please avoid the security arguments, that's a whole different can of worms.)
-Nathan
Standard as in what is most familiar to yourself? -- As in non-cisco? By many Cisco peoples' standards, the Operating System and the configuration tools are the "standard" for cisco routers.
<request for clarification/>
the online brokerage I work for uses foundry networking equipment, and it has the option to use SSH (and only SSH) as a connectivity method. I've got to say that it now is as slick as all our unix boxen, and I'm loving it... They also make their firmware upgrades available for free, so I haven't had to pay for feature adds. (cough cough *cisco* cough) That, and the wire speed gigabit ethernet rocks too... 480Gbps backplane on those beasties.
EOM
Howdy all! I see some issues with this from a performance perspective: a. All of the hardware mentioned here uses software switching of packets vs hardware ASICS. Therefore, you are either "Fast Switching" or "Process Switching" the packets dependant upon router configuration. Naturally, Fast swithcing develops a cache for layer 2 MAC address information and routes. See Cisco's definition: Process Switcing: Operation that provides full route evaluation and per-packet load balancing across parallel WAN links. Involves the transmission of entire frames to the router CPU, where they are repackaged for delivery to or from a WAN interface, with the router making a route selection for each packet. Process switching is the most resource-intensive switching operation that the CPU can perform. Router has to evaluate each packet individually, look up next hop route, re-package dependant upon interface and next hop address for destination route and send to interface. Used with following; access-lists (requires packet evaluation vs. lists applied to an interface), load balancing - to use multiple routes versus first acquired cache route, wan links to prevent overrun of serial interfaces by wan interfaces, etc. Fast Switching: Cisco feature whereby a route cache is used to expedite packet switching through a router. Contrast with process switching. A route is looked up once, cache is formed for next-hop address and next hop address information can be switched into place witout having to evaluate every packet within the TCP session.... In higher end routers (7000 +), they went to developing RP/RSP or route switch processors to implement caching in hardware vs. software. With Cisco's newer Versatile Interface Processors (VIP), they actually run a microcode OS on the line card which permits line cards to switch directly between each other using what they call distributed CEF. Can achieve 1,000,000 packets per second via CEF.... Anyway, before I went off on my geek tangent. I'm damn sure that this Linux port does not have any fast caching algorithms...and at best would only meet process switching speeds implemented under IOS (if at best). You would then see a signifiant decrease in PPS using Linux over IOS and a hefty increase in CPU utilization (2500 is about the equiv of 386....4000 is not much better mayble 486 at best). 2500 pumps about 25k pps fast switched where 4000 is 40,000 fast switched. I would suspect these would plumet significantly. Additionally, you couldn't run linux and IOS concurrently on the same box. You have to re-boot it (no connectivity on any interface hence causing an outage) to boot between both OSs. You can't, as one user stated, obtain a tcp dump while routing under IOS. IOS has these features via off box logging, IP accounting, Logged access-lists, etc. With very small memory configurations available for true system type applications (Web servers...etc), what type of decent apps could you really run on a router that would make it feasible? Benifits of using Linux on a Cisco legacy router (2500 and 4000 are considered end-of-life). Size! A 2500 is extremely small. Alibeit, I'm not sure which intefaces and hardware the linux ios would support; Async, Ethernet, Ethernet Hubs internal to some 2500 series.... Cost What does IBM charge for the 2u height web servers? Although, one PIII class box could out crank a handful of 2500s... Oh well. In my travels I did find one product for linux that got me excited about affording an Cisco Interface and management to a linux system. It was at http://www.zebra.org. I installed it and thought it kicked some ass. Hope I could lend some insight as to the performance issues...... simple_in_seattle@hotmail.dontspamme.com
This is a plug for my employer. I work at http://www.imagestream-is.com we sell both the cards and routers. the cards work with every distro we've come across, and the routers run linux. why kiss a vendors ass for anything?
Exactly. Linux changes itself to fit on different platforms. Bill tries to change you to fit his solutions.
There's a huge difference there.
HAve your CISCO's spare cycles help this worthy cause! =grin=
-Sir Woody Hackswell, the Arch-Fool
From my understanding those cisco routers run on QNX, which is a POSIX compliant OS. As is Linux.
So the port should have been trivial.
I think that being able to run perl scripts on a router is a cool side effect of this hack though.
Or could you do it previously? Anyone?
In the older days, you were buying expensive hardware. The older models especially that are mentioned in this article are all Motorola 68k chips.
Newer models moved away from general purpose CPUs to proprietary chips designed for fast routing/switching.
. . .okay . . . Why? What do you gain?
This flamebait? Seems like a basic question as to any advantages...
this space for rent
HTTP server is a standard feature in IOS... But it's only used to administer the router and run some commands through a web browser. However, it shouldn't too be hard to extend the built-in server a bit further, to host your domain and serve your pages :-)
I've played a bit with getting ucLinux running on older Bay/Wellfleet AN routers. They are basically a system on a chip (68EN360) with some RAM and flash. It's a project for another day, though.
Anyway, real men use Foundry. ;>
Go Slackware!
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
I was reading a story about component and product outsourcing the other day. It was either in the Minneapolis Star Tribune or the NYT. Apparently this is one of the Big Dirty Secrets of the computer industry as a whole -- a few, rapidly growing businesses are taking over the job of circuit board manufacture for a number of computer companies. "HP doesn't want you to know that your server mobos come from a the same factory in Detroit that makes controller computers for GM." I guess I didn't want to know it..
Can your Cisco IOS based router/firewall redirect traffic through arbitrary software or filters on the router itself, that you can code yourself in C? Think about it, man. For a custom solution, Linux is infinitely more flexible. You can damn near do anything with a packet if you have the coding knowledge to take a whack at it. IOS is a closed environment.
THAT's what I meant, and I do know what I'm talking about
11*43+456^2
I still consider simple masquerading and true NAT different, although they are fundamentally the same thing.
I know IOS supports these things, but if it it ain't in IOS, you can't do it, it's a closed environment. In linux, my NAT could also scan packet contents of outbound SMTP traffic, and filter certain packets containing certain data through an external chunk of C code on the router itself that I wrote before processing it onwards... for a really wierd example (and yes, I've done that before).
11*43+456^2
Um... The PIX 520 is a P2 350, the case is mostly air. Same mobo and processor in the local directors too. I'll withhold my opinion of the PIX's abilities as a real(tm) firewall though :)
To misquote Churchill, never has an operating system (FreeBSD) used by so many been administered by so few. - NetCraft
actually - cant remember the name, sorry - I used a beta product that was an IOS for linux.
It ran on a pc but allowed you to setup your linux box with IOS syntax. You could setup any service that linux would run - and it was just like being in a router.... (had a whole boat load of cool things like setting up VOIP calling gateways etc.) and it is to be sold as a development tool - so anyone can create an IOS interface for what they run on linux.
anyway - its coming soon. will see if I can getthe name of it again.
> Um... The PIX 520 is a P2 350, the case is mostly air.
Ah, I was thinking of the PIX 515.
I think the 506 is also a p200 though.
. . . .okay . . . Why? What do you gain?
Listen, Sigmund, we'll discuss it in the morning.
"second first post of the day, and it's my birthday!"
12?
AdFuel
I use my server as a router also with a partial
firewall, I don't see why they shouldn't do it.
Linux doesn't "come" with emacs either. Nothing "comes" with emacs. It's in OpenBSD's ports collection surely, and if it's not, I hear there's this thing called Open Source. You should try it some time.
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
IOS can perform NAT and redirection to internal hosts. Check out the "extendable" flags in the "ip nat" commands. You may need to check your version of IOS.... 12.0.12 is the latest stable release and has those functions. 12.1.3 is the "most stable" release with firewall features that can do "stateful packet inspection."
:)
The Cisco IOS can also translate inside AND outside addresses, do port address translation (like MASQUERADING). As for a "range of addresses", like a 1-to-1 mapping 10.1.x.x to 20.1.x.x, I know the PIX is capable of doing that; I can't vouch for IOS (but it would seem like a logical extension they have). But you can create a global pool of addresses.
I work with cisco routers every day. They're the best in the industry for features and performance. But this linux-on-router thing is still cool.
--
John Kramer
John Kramer
God may be my co-pilot, but the devil is my backseat driver.
You could think its kind of futle to just port linux to everything imaginable... but you can look at it as a kind of basic research not so much praticle use. You have to do the basic research... to get high quality products out the door.
Zebra and gated both run on linux, admittedly zebra wasn't so good last I heard. but you can get OSPF/RIP/BGP implementations for linux
yippy skippy, now we can have cisco linux-distro' flame wars!
"MY cisco runs redhat!"
"oh yeah? my cisco runs slackware!"
"hah! amateurs! mine runs turbo!"
-- MrMud
I guess all the admins who want to run statistics and trend grapher applications on their routers (other than SNMP-based solutions) are smoking crack.
- Mike Hughes
The dangers of knowledge trigger emotional distress in human beings.
There has been HTTP over routers for a long time. I know for a fact that CISCO has optional (you have to turn it on) HTTP interfaces for configuring their routers. I don't see any reason why that couldn't be used to serve other static pages.
Brad Johnson
And you could use your router as a web server if you were on crack *grin*.
If we can use IP over DNS, http over routers seems reasonable.
I'm holding out for SSH over my toaster.
-Waldo
-------------------
If you put a terminal on the PIX's console port and watch what it does when it boots. The first thing you will notice is that it's a Phoenix BIOS modified to a) use a serial port instead of a VGA board, b) boot the OS from flash memory. It also identifies it's CPU at that point (in the PIX-515 it actually a Pentium 200 MMX) - that's why I'm kind of surprised that you were surprised to find it was just a really expensive Intel PC. It tells you what it is, you just have to listen :).
As an aside, I did try to put the PIX 4-port ethernet card into a normal PC. Linux identified it as 4 Intel EEpro adapters. I didn't try to see if it would actually work.
SO you take a great general purpose OS, Linux, and then stick it on expensive propietary hardware, a CISCO router, to replace the router-optimized OS already there.
Of course, a 486 running Freesco, a Linux derived firewall router, would probably have better performance and be far cheaper, but it's not as hackworthy.
Next week, a Linux router/firewall on a wristwatch, but you can't move your arm or your network will go down.
>so i guess it's standard x86?
Depends on the model, many Cisco routers use Motorola 680x0 chips, some MIPS...
I can't recall any off the top of my head that used x86 family chips.
-LjM
Cisco IOS can run on a couple unices (BSD and Solaris I believe) as well as Cisco hardware. As far as I know, Cisco folks develop on Unix and then use a cross compiler to build for their router hardware when required.
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
Although this is definetely a cool hack/experiment/learning experience....
...
yes, even 2.4 boys and girls...
It has no use....
The Linux tcp/ip stack is not up to the job of high end routing ( even for these low end routers )
If you want an os that can handle high loads of routing, why not use what the best performing router uses... ( juniper networks M series )...
WHat is that you ask? well, FreeBSD of course....
Yeah, i know, this will get marked as flamebait, but, does it look like i care?
Mistakes and wrong assumptions here. For the hardware platform, it depends which one. Most routers architectures are based on Motorola 68xxx for low-end (2500's) or any kind of MIPS-based CPU for higher grade routers.
And IOS is NOT QNX, and doesn't use QNX in any way. It didn't say so in the press release, I'm telling you so now. Whatever is Cisco doing with QNX is confidential at this point :)
Seems useless to me. Why break the security of a Cisco router by putting Linux on it?
Security? What does anyone really know about the security of Cisco routers? Are you sure that there are no back doors imbedded in the IOS? Can you prove it?
At least with Linux, you can.
Seems someone is pissed off that it was Linux and not Windows CE.
Have a look at the Junipe r White Paper about JunOS. Yes, it's FreeBSD, but the TCP/IP stack was completely gutted and replaced. If you go through the paper, there are a number of other areas where it differs from standard FreeBSD, too.
I'm a FreeBSD fan, but I'm interested in the truth, too!
Also, don't forget that Juniper do contribute stuff back to the FreeBSD code base even though they don't give the whole OS away for free. Which they couldn't do with a GPL-licensed piece of software.
-Dom
Cheap old cisco router?? what are you on drugs? A cisco 2500 doesn't go for cheap and it's older technology.. you could easily buy a new PIII system for the same price range. Also Cisco IOS 11.3 and above support NAT, etc.. so why bother? Yes it is a cool idea.. I'll probably try it out just for the hell of it, but you can trust I'll be putting Cisco IOS back on there after the novelty wore off.
"One of these days... milkshake... BOOM!!!!" - emb
Well, for those interested.. it kind of works even.. I hooked up the sacrificial virgin.. an old Cisco 2501 w/ 8MB and here are the results:
uClinux-cisco-log.txt
"One of these days... milkshake... BOOM!!!!" - emb
I know it's Cisco, but I still call them CRISCO. They make excellent network products, love the CLI over Nortel's BCC/menu system/Site Manager/MIBS, but I have issues with their RFC compatability, and how they implement thier own versions of it. And sticking a CRISCO router into a Bay network is hell, because oif all the changes I have to make on the CRISCO router. I work in carrier and Nortel is made for this environment, where CRISCO is lacking.
--- RFC 1149 Compliant.
Umm, please re-read my post. It wasn't a rumor, it came directly from a "higher-up" at D-Link.
"I can say that I am not aware of anyone designing or building hardware for cisco other than cisco."
Jeez... you're not AWARE of that happening? Well I guess that means it can't be happening then, right?
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
- zebra
- gated
- VRRP (the IETF equivalent of HSRP)
-- jochenDon't even try to weasal out and say you weren't implying that D-Link built million-dollar Cisco routers and all Cisco did was slap their name on them in order to jack the price up.
Again, don't put words in my mouth. I said D-Link "builds a lot of the hardware for Cisco." Had I wanted to imply that Cisco re-sells D-Link routers, I would have said, "D-Link builds Cisco routers, and Cisco sells them."
PMC-Sierra also builds hardware for Cisco, as well as other companies. Obviously if D-Link was able to actually manufacture an entire router themselves, they would not be selling them to Cisco, they'd be selling them direct to companies.
Talk about a feeb... sheesh.
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
GNU Zebra.
Didn't see anything about this in the comments. Imagine a cracker takes over a Cisco router, downloads Linux onto it and starts running more advanced attack tools that Cisco can't natively do. Since the cracker is potentially operating from a position of trust (depending on where the router is). You could do some interesting things. Not the lest of which would be a custom sniffer to grab passwords.
"Any sufficiently advanced technology is indistiguishable from magic." - Arthur C. Clarke
The USB provides control for the tuning - it's much nicer than adding Yet Another Interrupt-Wasting Serial Port Frob. I've got mixed feelings about whether it should do audio over the USB (which is what I'd expected also) - it's actually connecting analog audio to the sound card, rather than digitizing it itself, which would have added to the cost of the device. I have noticed a major quality difference between playing the audio directly from my sound card into the speakers and using the radio software to digitize it as a WAV file - not sure if this is because I've got an El Cheapo $5 sound card, or because the PC software doesn't use the best possible settings for the card, but there's typically lots of hiss and distortion in the saved version (bad enough it's not worth degrading it further by MP3ifying the WAV.) It might be interesting to try it with a better soundcard, so I may move it the radio to the office and see if it works better here - I'm certainly not going to spend $50 on a new sound card and $100 on more disk space just to make the $29 radio work better :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Cisco designs its own hardware and software, but it's common knowledge that it outsources quite a lot of its manufacturing, like many other high tech companies.
By contrast, when you buy a Cisco router, you're mainly buying IOS and the design of the hardware - manufacturing's less important.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The 7200VXR is a very nice box - I have tested this with 38 Mbps of traffic going through it (from one fast ethernet interface to another), including half a page of access lists and route maps to mark IP Precedence. The CPU load was only 30% or so.
More realistically, it can run custom queuing with minimal CPU loads (very nice for allocating bandwidth to high priority applications, i.e. class of service/QoS), unlike some older high-end routers.
It has some backplane improvements over the older 7200s, so it's not just a matter of CPU speed and cache.
Nice to know, but the 700 series routers don't run IOS.
The cheapest routers to run IOS are the 800 series, I believe (but watch out for exactly which features are implemented, some low end feature packs are missing surprising stuff).
True .. the PIX uses a 200 Mhz pentium, to be exact.
The 3600 series is a MIPS, IIRC.
Ciscos provide all of those "normal" features:
routing...duh
NAT: Yes, and damn well too.
firewalling: packet filtering via access lists that run rings around ipfwadm and ipchains
MASQ: the layman's term for NAT, which is covered above
And in response to the other comments in this thread...userland routing daemons that provide dynamic routing protocols can't compare to the speed of the algorithms in the IOS kernel.
It's true that Unix on Intel can out compute a dedicated router..but they've got the code.
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
Of course the port is mostly for hack value. But Cisco 2500s on EBay are rumored to cost ~US$500-1000, so it's not much more expensive than a much faster low-end PC. :-) The question is whether you can run Linux Router Project or equivalent router software on them with enough drivers for the various interface cards.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
How much do you think it costs to hook a T1 (or E1 for the Europeans) to your Linux box. Hint, check out http://www.sangoma.com. You can get cisco routers this old pretty cheap now.
The Cisco PIX firewall uses an x86. But that's the only one I can think of.
There is no apostrophe in the plural form of "Cisco". If you are going to run a major news site, please follow the basic rules of English grammar.
As I am in the process of porting linux to a Performance Technology "Instant Internet" router, I can explain why this is desirable.
1) Cisco hardware is extremely trustworthy, much more so than the generic PC. Good telecommunications equipment (routers, muxes, DSUs)will run for decades in poorly ventilated dusty closets without any hardware maintenance at all.
2) Router hardware boots fast. WAY fast. Iff it has a decent operating system. This is important in real life because even UPSes are really uninteruptable.
3) Routers (though not the 2500) typically have ridiculously fast RAM for packet buffering. If linux can get Cisco-7000 class throughput on Pentium III hardware, think what it could do on a real router!
4) All software can become obsolete, due to lack of compatability with the real world (what do you mean we need NAT? We didn't need it yesterday!) or penetration (huh? our version of IOS is vulnerable to a script that's all over the net?) or various other reasons. Router software updates are EXPENSIVE!!! Trust me, I have "SmartNet Maintenance" from Cisco not because the hardware ever fails (it doesn't) but because it gives me access to the IOS download site for a single yearly fee. Linux updates are FREE.
The last reason is the most compelling, obviously. Money talks, linux walks, er, runs.
--Charlie
You have to be joking... a R7000 running at 262MHz would kick a PII/600MHz's ass any day and twice on Sundays. Not to mention they run cool (less than 50W... you dont see heat-sinks on those babys)
However, the whole box as a whole is way expensive. But... the Cisco hardware is specifically designed to operate as a platform for their own software, which is really what you're paying the $$ for. Think of the hardware as a huge dongle for the software.
They're not the only company that operates like that, either :)
but its for certain that dlink is NOT a build shop. that was my only point.
--
--
"It is now safe to switch off your computer."
Now all we really need is a IOS-like shell for uClinux-cisco. iosh anyone?
Sanity is a sandbox. I prefer the swings.
While it may be true that PIX (which is not primarily a router, unless you consider all firewalls primarily routers) is Intel-based, the rest of the Cisco line isn't.
I have personally dismantled an old IGS, a 1601, a 2501, a 4500M, and a 7000 series (forget the number, but it was an old one). They are not modified PCs, they are purpose-built hardware routers.
Despite what others have said in this discussion, different models of Cisco routers use various specialised hardware architectures, typically with RISC processors and at least three distinct types of memory (flash, DRAM, SRAM). We routinely use generic non-EDO DRAMs in the 4500, but I wouldn't dream of using generic RAM for the fast packet cache.
--Charlie
IOS _is_ an operating system. it has everything of it, even the filesystems. Have you ever just seen a Cisco router ?
Umm, please re-read my post. It wasn't a rumor, it came directly from a "higher-up" at D-Link.
Umm, please re-read your post. It came from you, who said you got it from your dad, who said he got it from some dude wearing a suit, who said he worked at D-Link.
I, for one, don't believe 90% of the crap I read on slashdot. I don't believe that Natalie Portman poured grits down anyone's trousers, I don't believe that's a real bird on that guys dick, and I can't believe that goatse.cx's guys asshole is really that big.
Why should I believe a story I heard from you heard from your dad heard from some dude in a suit?
Slashdot is jumping the shark. I'm just driving the boat.
So, some moron wearing a suit believes that the only thing Cisco adds to its routers is the name, while the real value lies in the manufacturing? No wonder D-Link sucks.
Cisco is doubly smart for using D-Link to build equipement -- D-Link apparently takes pride in their manufacturing, but is far to stupid to ever understand where the real value lies in computer equipment. So, all D-Link's home-grown stuff is well-built hardware, with lousy designs, crappy software, and lousy support. If they ever lose that "well-built hardware", then Cisco can just dump them, and move on to the next manufacturer.
(And before anyone says, "You shouldn't need support if its built right," all i have to say is that you obviously don't understand what support is. Here's a hint -- if there's an endless tape loop that says "your call is important to us!", then you're dealing with a company that doesn't provide support.)
Slashdot is jumping the shark. I'm just driving the boat.
Ok, admittedly, I'm not all that up on MIPS hardware. However I am quite aware of how badly both sparc and alpha architecture suck when compared directly with P3s at high speeds. I know a p3/500 smokes an ultrasparc 440 when it comes to server web pages (similarly configured machines, similar amounts of memory, same drive hardware). And Network Appliance went with x86 in their new F840 and apparently doubled their performance with a P3/800 over an Alpha AXP21264@750Mhz in the F740.
> I'm holding out for SSH over my toaster.
Actually, I sure as Hell can't wait for Cisco to get with the damned program and quit using Telnet as the primary config interface. Here's a prime example of a company that would have a much better product if they were more attuned to open-source - OpenSSH [running SSH1 or 2] would make a much more secure alternative to Telnet.
In my world, telnet basically exists as a client app for checking SMTP and HTTP functionality. Nobody would dare install a box at work with TelnetD enabled, so why the hell would I want to install a router with it?
(see subject)
--
M
The cacheEngine also (web cache farm)
The fact is.. Modern Linux kernels (2.2 and ESP pre2.4) make a better router then IOS. I've seen a Linux router box (PIII 600) with 6x100TX/FDX sustaining 600mbit/sec of IP traffic with packet filtering and CBQ.
The 5xxx series falls down above 200mbit/sec in the fastest forward-only mode.
I've seen alot of truely, ahhh, stunning, ports of Linux over the last couple of years. Wristwatches, toasters, etc. all seem to attract the attention and adoration of linux porters.
Now, what I'm seeing here is I think a conflict between two fundamental hacker tenants:
What I guess I'm worried about is that I tend to see the over-emphasis on the first (especially amongst the younger of us), and the slighting of the second.
Yeah, there might be good, personal reasons for the above people to have ported Linux to Cisco. However, I'm not particularly happy that people tend to glorify these hackers and look down on the ones who might be (for instance) writing neat ASP scripts to talk to MS SQL servers from IIS.
Fundamentally, I'm worried that in our zeal to promote Linux and Free Software, we run into the "Round Peg, Square Hole" syndrome (or, the "If all you have is a hammer, everything starts to look like a nail" problem).
I guess what I'd like to see us as a community do is to place more value on doing the job right, which means using the appropriate tools (or, if there truely aren't good ones available, writing the correct thing), rather than spend time on things that in the end, are almost useless (other than perhaps educational use).
Feeling a bit crotchity today...
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
Cish, config shell for linux routers that mimics a Cisco. Hey, it's a start.
Fuck Slashdot
Ever since they forgot to ask for the old one back when they upgraded me, I've been wondering what I could do with it. Heck, too bad I don't have a bunch of them, I could make them into a Beowulf cluster!
Will in Seattle
SSH in Cisco IOS: Already done since 12.0(5)S.
INSTALL is 13164 bytes
README is 254 bytes
linux.bin is 1071900 bytes
uClinux-c2500-uClinux-2_0_38_1pre7.diff is 4351814 bytes
Wristwatches, Routers and what next?
Personally I like the idea of being able to hack anything you want into the router....let it be FREE, but I wonder at the potential havoc that could be caused by bugs in these if it ever adopted in volume (what's cisco's record like at security and bug fixing and will any GPL/OS solution be any better)? I also agree with a previous poster that Cisco are not going to be happy with this if it is viable for production systems. I can forsee the DoJ anti-trust case where Cisco are taken to task for hacking their routers and engaging in anti-competitive practices to maintain their monopoly.....oh dear, somethings never change.
Never underestimate the dark side of the Source
cisco 3640 (R4700) processor (revision 0x00) with 73728K/24576K bytes of memory.
Not to be obnoxious, but the 3640 isn't a totally low-end router (four slots) and its running an IDT-licensed version of the MIPS R4000 processor. From the datasheet at IDT it appears to be just another general purpose CPU, not one dedicated to routing functions. I'm well aware that the really high-end products (like the 75xx series) have much more specialized route interface processors that handle routing, fast switching, and so on that PC architecture would be hard to handle. But I'd still like to see how many packets IOS running as the sole process on a 1Ghz PIII with a dozen 100Mbit full duplex interfaces (on 64 bit PCI cards @ 66Mhz) could forward. The biggest advantage wouldn't be for situations where you needed specific functions or capbilities, like load balancing across interfaces or aggregating interfaces -- best to buy the right hardware. Where I see the advantage is cheap, fast CPUs and cheap RAM.
Well, at least WRT ipnat, OpenBSD has the ability to have the internet side be a range, rather than a single address, and ports will be matched up if possible. Also, ipnat allows you to redirect things to other machines, instead of merely to the localhost. Ipnat also allows host mapping, where all packets meeting a certain criterion are rewritten to a specific host. IOS dosen't NAT at all.
I'm currently employed in moving all the IPs in a class B, and OpenBSD's NAT capability has been invaluable in moving DNS servers and the like.
In terms of ipfilter, ipf can keep state. That's the biggest thing. I think linux allows you to firewall based on any part of the packet, but ipfilter allows you to implement rules than consider multiple packets: e.g. ipfilter was able to filter the recent stream.c DoS, by blocking ACKs that didn't belong to a session in progress. You could also, for example, block all ICMP above a certain rate. AFAIK IOS' ability to filter is limited to port and ip address.
Now, the Cisco PIX does have a NAT capability and probably has more thorough filtering capacity. But I don't know too much about it.
Finally, I should point out that I am very much a Linux fan. I run linux at home. But if you're looking for a powerful router, OpenBSD is where it's at. Secure and functional. But I wouldn't want to run it as a workstation, and mabye not even a server -- after all, it dosen't even come with emacs!
Oh my god, I have an old Gandalf ISDN modem sitting in my closet somewhere. I bought it for $3.00, and only because I like the LCD screen's diagnostics.
WHat's this thing worth?
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
I'm sure they develop on Unix, but I've never seen IOS available for any hardware platform other than Ciscos. Do you have a reference?
I seem to remember reading about IOS availability for S/390 mainframes for some reason.
Besides, I wouldn't want it to run as a process -- I'd want it to run as the kernel. I believe that's the way that IOS is written to run anyway.
The uClinux ports page has a picture of a CISCO 3000 running uClinux. The picture was taken with a AXIS web camera the really cool thing is that the new AXIS 2100 WEB camera runs uClinux. A great commercial use for uClinux if you ask me. As for the older CISCO 3000 .. I just think it is neat! uClinux running on the Motorola 68EN302 processor. Linux on mmu-less devices is truely here to stay. If customs will let me through the border with them, I will bring the CISCO and the AXIS camera to the ESC trade show in San Jose. I will be at the Lineo booth.
Michael Durrant
I also bought their USB radio... it sucks, plain and simple.
First of all, it should have come with AM support.
Second of all, why didn't they design it so that the audio is sent over the USB connection as well? There's plenty of bandwidth available. I mean, what exactly is the point of having a USB cable on the thing when you have to plug the other cable into "Line In" to get it to work???
Yeah, I found it hard to believe they make million dollar cisco router hardware once I bought that piece of crap...
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
Actually, Motorola has been providing Cisco with hardware fo rsome time now. Most, if not all, run on a Power-PC-ish platform.
And D-Link doesn't make processors... and Cisco also uses PMC-Sierra networking chips...
What's your point? I didn't say Cisco uses routers completely built by D-Link. I said D-Link makes hardware used in million-dollar Cisco routers...
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
CRISCO? The vegetable oil?
A deep unwavering belief is a sure sign you're missing something...
and you could use your router as a web server if you were on crack
:-) Cisco's command structure is very UNIX-like, so porting linux to it makes sense to me. I'd love to see open source router software so I can hypertweak the security on my Cisco. Yay Cisco.
Ever used a Cisco 675? set web enable. Hit it at port 80. Bang, web server. I was trying to put together a distro that emulate Cisco IOS to build a small router with web server to fit on a small hard drive or maybe even a floppy. Guess I don't have to do that anymore
"You'll die up there son, just like I did!" - Abe Simpson
There is no reasonable defense against an idiot with an agenda
:wq
My father used to install cable modems for RoadRunner in Orlando, FL. He got to install for all kinds of interesting people (a manager for the band Creed, the lead programmer on the Madden football games, etc).
... the million-dollar ones.
One time he installed a cable modem for a suit from D-Link. He asked me dad what he thought of D-Link products. My dad stated that he honestly thought of them as "generic" or low-end hardware.
The guy laughed... then he told my dad that D-Link actually builds a lot of the hardware for Cisco. Not the cheap routers either
You are paying for the Cisco name.
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
I've always wanted the ability to run tcpdump on a Cisco, and this would allow that. Furthermore, linux has much better packet mangling facilities than IOS. Sure IOS is good for passing packets around, but if you want to do any kind of NAT, port mapping, redirection, logging, or replication, you have to go with a UNIX.
What would really be cool would be to see one of the BSDs (preferably OpenBSD) ported to these Ciscos. Then I could take advantage of the full functionality of ipnat and ipfilter, which are much more powerful than anything Cisco or Linux has to offer.
Hmm, OpenBSD runs on an m68k. I wonder how much effort it would take to make this work....
Did you miss the part about Linux being free, easy to change/adapt due to the source code being freely distributable, or the part where chairman Bill charges me vital organs and rare jewels for the privelege of running the worlds longest beta of the "how to blue screen your PC" program?
To fail is human, to blue screen MS!
"Eric S Raymond is the worst" - SuSE
no sig
so i guess it's standard x86?
The 2500 has a Motorola 68030 in it.
Put this together with FreeS/WAN, and you've got a good IPSec solution without having to buy the extra IPSec module from Cisco. As long as your router isn't heavily overworked, it could certainly do the job without a dedicated encryption card...
Did you review every line of the linux source code for this router? For all you know it could contain a backdoor also. And don't hand me this "someone might catch it sometime" Like the redhat default Q password.
Only the State obtains its revenue by coercion. - Murray Rothbard
How about a beowulf Cluster of these?
;-)
But seriously, Cisco's IOS is especially made for hte hardware, and highly integrated...
the coolness factor aside, is there much in terms of usefulness for having an expensive cisco router turned into a cheap linux box?
Stop over-analyzing your analizations
Every night, I kneel down at the foot of my bed and pray, "God bless Mommy, and Daddy, and can I please run Fortune on my Cisco router." Prayers do get answered.
-B
Actually there's QNX in cisco router, so i guess it's standard x86? here's the press release on QNX web site. Maybe the visco router can be the next i-opener thinggy :)
--
"Science will win because it works." - Stephen Hawking
albeit not so useful hack
what could be more useful than the Linux Router Project on router hardware? Not everything revolves around webservers, Taco.
Arrogance is Confidence which lacks integrity. -- me
Leseee, Linux on a wristwatch, router, Iopener, the list goes on and on. Yet Bill's pictured as the borg here?
Hmm. This does seem rather silly. I mean yeah, the thing has a decent amount of balls for a router, and yeah you could run it as a Linux box, but you could just as well build a $500 Linux Box that would outperform your $1500 router as a general purpose computer. Now if you are using the Cisco still as a router just using the Linux kernel, then you are probably not going to get the same level of finely tuned performance you'd get out of a low profile, specific purpose routing kernel like the one that is usually running on a Cisco.
Now, on the other hand, if you're just a bored geek killing off idle cycles making interresting software hacks for the hell of it, hey you're doing good =:-)
---
Play Six Pack Man. I
I have Linux ported to my toaster AND my fridge.
Honestly... there are things that, although we can port linux to them, there is no reason to (other than bragging rights, I guess)...
-- "Almost everyone is an idiot. If you think I'm exaggerating, then you're one of them."
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
If Cisco routers ran Linux, then no one would have to waste their time getting Cisco certified and Cisco wouldn't be able to make a mint training them. Somehow I don't think Cisco is going to think Linux on their routers is such a good idea.
Wow, I sense a lot of anger coming from you.
And he's not saying a linux hack is a better router than a cisco. He was saying a 486 running that "crappy Linux hack" is probably faster than the cicso running linux.
Pay attention next time.
"I mean, one would assume that cisco's have some wacky hardware in them" they actually use a lot of standard stuff. 2500's, for example, use a Motorola 68030 (or one in that family) CPU, some NVRAM for permanent config stuff, some flash RAM as a sort of hard drive (permanent storage, the actual IOS image is stored there) and some DRAM for, well, DRAM stuff. (interface buffers, among other things), The higher end stuff uses RISC CPU's (MIPS for instance). Also, IOS is based on *nix, I believe, so I'd have thought this would be a fairly straight forward hack.
mas cerveza, por favor politically incorrect stu
...For a router running an operating system. Many network-statistics gathering programs require support from routers. The most notable of these is NetFlow, which is a very compute-intensive traffic aggregation tool run on Cisco routers. The router has to keep track of every packet stream pasing through it, and routinely send information to a collector. This is a pretty powerful feature; Combine NetFlow with cflowd (www.caida.org), write a short little program to parse cflowd's output, and you know instantly how much network traffic you have, where it's coming from, where it's going, when it happened, what ports it crossed, total stream size, total packets sent, hop count and propagation delay. You can even expand this: With intelligent use of NetFlow and a little hacking, you can find out what protocols are running across your network, detect some types of malicious intrusion, and even throttle-back (or shutdown entirely) the network usage of some applications. Yes, there is a way to fix the network saturation problems around the widespread use of Napster - A way that doesn't involve legislation.
All this is made possible /because/ routers have an operating system. Throw linux on them, and now you have a 'standard' platform, instead of CiscoOS or AIX, depending on the router.
Intelligent routers are a very good thing - Think about the crazy caching schemes you could run if you could simply write a little C, rather than fabbing some new hardware.There are ways to bring down Cisco Switches using simple SNMP --whether you have community strings or not. They are IOS specific bugs.
When brought to Cisco's attention, it was ignored. Then, all of a sudden, Cisco 1700/2900/5k/5500/6000 series switches don't support bridge tables anymore.
There are other issues as well that I have identified, such as ISL trunks leaking un-encapsulated packets into a trunk, and certain plain packet header patterns (for example netbios browsing) triggering the multicast ISL interface (multicast, all interfaces on the trunk process it)to trigger Spanning-Tree recaluclations, which causes the interface to go dead for: 2 * maxforward_delay + hello_time. Unless of course you have portfast/nodefast enabled (Which is Cisco's *extension* of 802.1d/q) whereby when this happens, all ports on Vlan1 (all designated bridges) flood while spanning-tree is recalculated.
This basically turns your entire broadcast domain into one HUGE repeater. lol
There's more. Point is, statements like that, which are unfounded aren't much use to anyone.
Every OS has problems, and IOS is no exception.
Anonymous on purpose.
I used to work at a company called Gandalf, who used to do routers and bridges and switches and stuff. While I was there, most of the boxes used Intel i960 processors, and they cross compiled all the C code on Solaris boxes using a GCC cross compiler.
Since I was busy at the time writing an automated test tool that ran on a network of Linux computers (SLS 1.03, installed from 5.25" floppies), I thought it was cool that I was using a free operating system to test stuff that had been cross compiled on a free compiler.
--
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
Personally I'd like to see IOS running on x86 hardware more than Linux on Cisco hardware.
Well, I worked 2 years ago with Cisco routers (760 family, i guess), and the doc said they were running with 486 processors, so we can almost say that IOS is already running on x86 hardware (well, sort of, at least).
--
Memory fault -- brain fried
All the better to have linux ported to Cisco routers...
I've had good experiences with NetFlow, although on high-traffic backbone routers it does tend to flood the network. Having the capabilities provided by NetFlow is extremely beneficial from both a security and a monitoring standpoint.
Did you review every line of the linux source code for this router?
Of course not. That isn't my point.
My point is:
One is possible to verify.
One is impossible to verify.
But what about supported routing protocols? Are there free implementations of OSPF, RIP, BGP, etc.. available or are these supported in the kernel? If not, that would rule out anything but SOHO use.
It could well have better performance, but not as a result of the Cisco equipment itself but rather the Linux port to it still being buggy and having poor support for the hardware.
OK. I've been waiting to post this for a few weeks.
0 2
We have one of the older, boxy Cisco PIX 50x firewalls. We have three ethernet ports on the box, and originally, 32 meg RAM. We had never opened the box for any reason before. Who knew what we could screw up on such an expensive piece of equipment? One day, we were messing around with the thing via telnet, and I discovered that the machine is actually an Intel P2-266 box! We immediately cracked the box open, to discover that there really was a full-size pentium II chip in the damn thing! What's even funnier is that the fan on the chip was Unplugged! The heatsink was burning hot to touch, since the machine had been running like this for approximately four months with no downtime. Needless to say, I reconnected the fan to the mobo.
Let's describe the interior. We have a standard Intel motherboard, cicso-labed RAM, no HD, a floppy plugged into the floppy controller, two NIC's, and the PIX card itself. All of the "special" pix IOS resides on this single ISA card. If this wasn't so damn expensive, I would have plugged the card into one of our older servers to see if what would happen. has anyone tried this? Also, there is the standard monitor port, etc. etc. on the mobo. I didn't try plugging in a display, because that would have involved dismounting the board from the box, and I don't think Cisco would have liked that. Anyway, the serial ports on the unit are actually routed into the COM ports on the mainboard via cables routed around the inside of the case.
Now, have any of you ever seen the price of a RAM upgrade for one of these? Cisco wanted $900 for an upgrade to 128. Taking a leap of faith, I grabbed two dimms out of a box I had lying around in the office, and stuck them in the PIX. These were, by the way, cheap kingston, run-of-the-mill dimms that cost maybe $60 each. We restarted the monster, and waited about a minute for a telnet connection. Nothing happened. We powered it down, and removed the new RAM and rebooted. We timed the startup, and added the new RAM in again. It turns out that the delay was due to the BIOS POSTing the new RAM! The machine came up with no problems at all, and identified its new total amount of RAM with no problems.
Has anyone tried anything more daring with a PIX?
Also, if anyone has a broken pix, please e-mail me! gunnar@midsouth.rr.com.nospam
--
Michael C. Hollinger
ePeople Mentor and Support Provider
Please see my certifications at http://www.brainbench.com/transcript.jsp?pid=7417
Michael C. Hollinger
Plus, It could give new life to old hardware. You could buy up some cheap EOL old Cisco's and use them as diskless network computers.
11*43+456^2
OK that is one step too far.
Porting linux to run on crisco shortening is useless!
Let's see - run a df to see how much space is left in the frying pan?
or a ps to see how long something has been cooking?
oh wait - you said CISCO...
Nevermind
11*43+456^2
This is just an interesting experiment, not more, not less. Maybe there are some hackers at CISCO, who wanted to have some fun...
A monkey is doing the real work for me.
Let's get the ISPs to run Quake Servers! That's the way to reduce latency; run it right at the router level!
--
Sometimes it's best to just let stupid people be stupid.
cisco 7206VXR (NPE300) processor with 253952K/40960K bytes of memory. R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2, 2048KB L3 Cache 6 slot VXR midplane, Version 2.0
Hmm, MIPS R7000 256MB of RAM, 2MB Cache, that'd make a pretty decent web server, too bad that it cost 5 times more than an X86 that's twice as fast.
Also, I don't know of any motherboard that will give you more than 2 PCI slots @66Mhz*64bits. However I do know a guy that contributes to the Zebra project and wrote his own implementation of 802.1Q. He uses these guys (supermicro boards, I think) with 2x1000BaseSX NICS to do bandwidth policing in his data center. He is routing all the traffic in the entire data center through a group of these boxes and limits each user to the amount of bandwidth that they actually pay for. He's explained that he can get ~800Mbps out of each NIC with a 1Ghz CPU.
I know for a fact that power supplies for the Catalyst 6509 switch are manufactured by Sony Electronics. I know this because I was installing one and saw the Sony sticker on it and thought to myself, "wow, I didn't know Sony electronics makes power supplies for Cisco Catalyst 6509 switches, cool"
I forgot to mention something. For about a year, our PIX has been runnning VERRY SLOWLY. We believe it was due to the damn fan being unplugged on the CPU and the chip getting clocked down automatically to avoid damage.
Michael C. Hollinger
Admittedly, I'm sometimes known to play QIII or Asheron's Call as "I Like Routers" :). Here's my dream: have Linux run *on top* of IOS, and then use Linux to console into IOS! Now THAT is what I call fun! Who cares how much a router costs? As long as its entertaining (and it is) its ok in my book. I'm going to have to go and find the article that was run a few weeks ago about "Text Based Quake 1...hehehe....I'm getting ahead of myself, I guess. If I could, I would give everyone here a router just to try this! (send requests to rob@cybertime.net) :)
:) )
.sig
Now that I think of it, here's my next project: OpenNeXT prompt on Cisco routers! Woohoo! (Yes, I'm wussy and want to try it on native processor
flames, etc. to rob@cybertime.net. I actually have routers, so suggestions to rob@cybertime.net, too.
Good luck to the developers, and my compliments
==========
Intelligence should not be rewarded; ignorance should be punished
==========
Intelligence should not be rewarded; ignorance should be punished
==========
Wow.. the first thing I ever saw resembling a network was a gandalf terminal switch in 1980.
It's availability was what pushed us to switch from 20ma current-loop to EIA (RS-232) for terminal muxes on the DEC 10s, 20s and RSTS machines.
I am a hippy bearded freak, but I also know that some crappy linux hack is capable of being a router, I've seen linux boxes with 120T1s I've seen systems with multiple DS3s. Quit pussy-footing around that fact that you have no clue. Linux does the job, and does it quite well.
-- CS Major Song (to the tune of 'The Lumberjack Song')
While a novel idea, what does it do? Does it store-and-forward packets faster? Does it provide notification of unsuccessful/successful intrusion? I can see how it would be neat, but it's kinda like cloning, or picking your kid's genes: just because you CAN do it doesn't mean you should. (although, take that with a grain of salt, putting linux on a router doesn't have nearly as many moral implications as cloning/etc). On the other hand, hey, yeah, good idea, let's make Cisco routers even less secure than they are now. I'd rather see FreeBSD or OpenBSD on it, with native crypto and the like.
Ok, so you are replacing a highly tuned routing platform into a very expensive linux box... did you just have a couple of Cisco boxes laying around doing nothing???
So, yeah, this is possible, and with a little bit of thinking, you could probably get it to route a couple of packets. But face it, the Linux networking stack isn't exactly designed for high speed routing. Portions of the kernel would an ideal lower level operating system, but it would have to be extensively rewritten to skew towards optimizing every single packet coming in the system, and as long as the software is the one handling routing, then you will always be struggling with it.
What would be better is is someone used linux to run a router that uses more hardware than software to route (Riverstone / Enterasys, or Foundry or something similar). Then, you could have a fairly standard Linux kernel running administration and configuration. That would be more ideal than trying to rewrite the stack to handle fast path switching and routing.
Do you have Linux and a DotPal? Click here now!
And you could use your router as a web server if you were on crack *grin*
or maybe just provide a web interface for configuration and maintinance/monitoring, etc via TUX.
I think that would be a very useful and practical application for TUX, imho of course.
Things you think are in the Constitution, but are not.
Personally I'd like to see IOS running on x86 hardware more than Linux on Cisco hardware. I'd love to get the functionality of IOS for ethernet routing on a box that didn't cost $20k. Yes, I know IOS is specially tuned to unique Cisco hardware, but for vanilla routing between ethernet interfaces (not frame-relay, not ATM, not OC-3) it'd be kind of nice to be able to run IOS on a 1 or 2U PC with 2-3 dual or quad port ethernet adapters.
I'd be interested to see what kind of performance you could get out of IOS on x86, anyway -- are we really buying cool hardware with expensive routers, or just the Cisco name?