Slashdot Mirror
Router Wars
Chris Holland writes "On the heels of Juniper Networks' recent release of its TX Matrix Platform, Om Malik is giving an interesting overview of current and upcoming battles between protagonists of the Router Game, armed with their Terabit toys."
if that's not redundant.
c _id=63 958&site=lightreadingm /document.asp?doc_id=63 916&site=lightreadingm /document.asp?site=test ing&doc_id=63606
This is a large battle, but not one that is won or lost over a few months and not one that is won by comparing simplistic metrics that the press like to use. Software, management, and operations support have always been key in the routing market. Many faster or bigger router companies with unique technologies have gone nowhere. The list is long and depressing. In any case, Cisco has made a dangerous jump ahead by introducing a new operating system that is loosely based on QNX and enables multi-chassis systems. It also enables in-service software upgrades and host of other operations friendly features. Juniper was perceived as having an edge in software, but Cisco will have leapfrogged them if their software delivers (and that's a big if in many people's minds).
Juniper's TX is somewhat handicapped in it's first release (I believe only 2 systems can be linked) and doesn't have a paying customer. Cisco's CRS-1 is limited in interface types in it's first release and has adubious first set of customers. There are many more issues including: weight, power consumption, scalability, support for specific features, handling lawful intercept across a system that large, integration with management systems, etc., etc, etc.
In short, the market is hesitant to purchase either system due to tight CapEx budgets and other pressures. Given the relatively diminutive size of the core router market when compared to edge routing and LAN switching, this a more a battle for prestige than for anything else.
For more info and industry commentary, see:
http://www.lightreading.com/document.asp?do
http://www.lightreading.co
http://www.lightreading.co
Link to power-point presentation (Works great in OO.org): New Cisco Router presentation
I think the coolest thing to come out with these is going to be the GUI router and PIX config. You can see some screenshots of it in the presentation, its mind-boggling and worth drooling over.
These routers also have specialized processors on them for everything they do. They have crypto chips to encrypt/decrypt things, they have DSP cards to decode voice, VPN accelerator chips, chips to process ACLs etc. They also have some badass modules for them including Unity (voice-mail) module for the router itself! A module with full voice-mail capability including a 10GB hard disk to store the messages along with 4+ DSPs on the card to decode the voice traffic going to/from that card. This takes a hell of alot of load of the CPU for more generic tasks.
Anyway, the link again is http://blaze.topside.org/~topside/isr.ppt
Linksys, A Division of Cisco Systems, Inc.
Cisco had pretty much given up on the cheap CPE (Customer Premises Equipment) market, then bought Linksys a year or so ago so they could keep a foot in it.
--Stafford
I would say the war is nearly over. Cisco will break out the old saying, Resistence is futile, you will be assimilated.
--- Tolerance is the axiomatic "virtue" of those without convictions ---
Hrm. let me open up my Cisco price book. list price (nobody pays list price) on the following:
CRS-1 Series 16 port OC48 card is $790,000
CRS-1 Series 4 port OC192 (10gbps) card is 1,030,000
CRS-1 16 slot, single chass is $450,000
The fan tray on the thing is $20,000!!!!! and you need the fan controller for another $13,000!!!
I think it is safe to say it would cost more than your house & car
Now I hope and pray that I will But today I am still, just a bill
Well, I don't have a lot of experience with SSL offloading (we are an ISP and do webhosting, but we aren't a hosting provider with crazy amounts of SSL-enabled sites), but I met with Cisco a few weeks ago to purchase some new equipment (I don't think I am going to though), and they showed me their 7600 series boxes. One of the blades that you can stick in these is an SSL processor. Click
Here
to check out the link. Here is the summary:
Up to four SSL service modules can be installed in each chassis providing the fastest SSL session setup rates and bulk encrypted throughput in the industry and supporting the highest number of concurrent connections:
3000 connection setups/second per module--10,000 per Chassis fully-populated with SSL modules
300 Mbps bulk encrypted throughput per chassis module--1.2 Gbps per fully-populated with SSL modules
64,000 concurrent client connections--256,000 per chassis fully-populated with SSL modules
So it doesn't look like one blade will do you, but if you stick 4 in there, your rockin'
You create your own reality - Leave mine to me.
As a few other people have already pointed out, Cisco's IOS supports every ROUTING protocol currently in use out there, assuming you purchased the correct load (not every load supports IS-IS, for example).
Any "fast" router runs almost exclusively in hardware, not in software. Writing hardware code IS hard, because you're trying to do a LOT of often conflicting things (forward packets, filter packets, qos packets). But anytime a CPU gets involved in a packet forward, you're running SLOW. Even OLD cisco routers leap from a measurement of lots of K packets per second to lots and lots of M packets per second just by hardware routing. One of the primary values of advanced Cisco certifications is learning what causes software forwarding-- nothing turns your expensive fast router into a super slow expensive router faster than leaving DCEF for fast switching!
Last, I'm sorry, but neither Linux nor *Bsd's QOS or filtering features are "better" than Cisco's. They are, for the most part, attempts to duplicate the features that are already present in hardware on most Cisco and other routers, or firewalls as appropriate. I am NOT saying that iptables or pf aren't worth anything; I'm just pointing out that you have a very odd view of the state of the art....from 8 years ago.
You DO get a lot more flexibility with iptables or pf at a much lower cost, though. You can do things with iptables on a via 600mhz cpu at 30-40Mb/s that you need $120k worth of combined routers and firewalls to do with more "dedicated" hardware. This isn't always a bad thing for the networking vendors, and it isn't always a good thing for the little PC. You're going to scale much higher on a "real" network after a certain point. You're going to get a lot more flexibility at a lower point with a FOSS router/fw, with the caveat that the scalability is much much harder for an enterprise network.
As with everything else, there is no One True Solution. Pick what works.
mark
You're wrong. The OpenBSD developers released OpenBGPD with OpenBSD 3.6 a little while ago. It's already working well and is under active development, so expect even more exciting features and power with the next OpenBSD release in ~5 months. Combined with OpenBSD's PF packet filter and Common Address Redundancy Protocol, this makes OpenBSD the perfect software router. You have powerful packet filtering (including load balancing, QoS traffic shaping, NAT, etc.), BGP route distribution (including optional IPSEC encryption on BGP traffic), and automatic fail-over if you want to set up a pair or cluster of machines to act as a single logical router.
Merry Christmas.