Slashdot Mirror
Open-Source Router to Take on Cisco?
ickypick writes to tell us that CNN is running an article about the emergence of an OpenSource Router product, currently in Beta, that targets mid-size enterprise customers for about one-fifth the cost of current enterprise networking giants' hardware. From the article: "The machine runs on two Intel chips, but far more noteworthy is its software, known as XORP, or extensible open router platform. The versatile open-source application can direct data traffic for a giant corporation as easily as it can manage a home Wi-Fi network." The current release is available for download from Vyatta's web site."
how is this different from FRISCO
Seems like everything is Open Source now. (No, I am not complaining, i am backing it)
.... You name it.
We have Routers, Firewalls, IDS/IPS's, OS's, Word Processors, Spreadsheets, Presenting software. Hell. I would love to see an experiment where an entire corporate network was made, entirely of Open Source products (except for the hardware of course). From Routers to firewalls to
That would be an interesting, and totally free network.
Also very complicated
that this is coming along. Lets see if it gains traction. It appears to popup a couple times a year.
Charles Wyble System Engineer
For a router, its mostly in the hardware, if it can keep up with real-life data rates.
Software is secondary..
---- Booth was a patriot ----
This is good since I always wonder how many back doors are in Cisco routers for Law Inforcement purposes.
Cisco's biggest advantage is their support network. I have yet to ever have a client that didn't buy smartnet with any of their gear.
Granted, some of their "engineers" leave a lot to be desired, but still, PHB's like the warm fuzzy feeling.
Make money? This better be good hardware running good software, because otherwise people are just going to say "fsck it, nobody was ever fired for buying Cisco". Why? Because Cisco actually works.
Yes, OSS community, your adversary actually works this time. Beware.
So who do you call when the thing breaks?
With Cisco, I call the rep, and they have a replacement device in our datacenter within the hour, and we load up the config and get it fixed.
Doubt you'll get that kind of service here, and that's what you pay for with Cisco.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
If RMS is reading, you'd agree no?
Dont you mean FreeSCO?
and that runs on pc hardware, this appears to be on custom hardware that can actually do the job. Using pc hardware only works for a small business.. the bandwidth isnt there.
---- Booth was a patriot ----
It can turn my old AMD K5 machine into a top-end Cisco machine. Does anyone have a spare ISA network card?
Initial funding to develop XORP is provided by Intel and the National Science Foundation. Further funding has been provided by Microsoft Corporation and Vyatta. We are extremely grateful for their support.
Generally, bash is superior to python in those environments where python is not installed.
If they become any kind of threat to Cisco, all Cisco needs to do is to buy the company, and render the issue moot.
and their top IT dogs didn't want to touch routing. They outsourced the entire deal to their ISP. Now if they are scared to touch it, I think this will need something big to be taken up.
... Damn engineers always asking these stupid questions...Ya Know what I mean!
Personally I don't know much about configuring a router but this is a great way to learn. I have to say that all these great FOSS applications must be a boon to college CS courses. They actually get to play with real world stuff and make a contribution while working on a GPA. That is actally very awesome.
As soon as I am done playing with Xen Live CD I might give this a look.
Now if i can get Xen to run WINE with 100 instances of SecondLife and camp 24x7 I could make $400/day with a decent computer. Yea that beat break-even by a wide margin...but does this business plan scale?
So I can get the hardware for free, too, right?
Grep. Gimp. Kugar. Krita. Kexi. LaTex. Tcl. And now, the piece de resistance - xorp.
Why route when you can XORP!
Imagestream has been doing this for ~8 years now ... course they provide support and all the hardware but this is doable. After all a DS3 Imagestream Rebel is only a P3 Intel and 256mb upgrade. Still it is another step in proof that cisco is not the networking god PHB's think.
I'm told you are what you eat, does that mean I can be you by tomorrow with some A1?
This could be a hit, if the costs keep down, for the small-medium business and home broadband markets. But I have trouble seeing how this will take significant market share in the Enterprise except for perhaps edge or LAN devices. For one thing, you pay Cisco, Juniper, Foundry, whomever for wire-speed implementations (among other issues) that rely largely on the ASICs and the overarching hardware architecture, beyond just the OS.
6 2391 for more info.
For the home market, there are already open-source software solutions such as for the Linksys WRT54-series wireless router, which is itself based on the GPL. See http://www.wi-fiplanet.com/tutorials/print.php/35
Until someone funds an open-source chip foundry, these won't replace the core.
The largest impediment is not software, but hardware. The two benefits to a Cisco are that (A) there is someone who *will* fix your problem for a fee, and (B) You can buy an interface card for ANY network type out there.
As for (A), the same will likely become available for this if it isn't already.
(B) is a lot harder. When you get into odd network types and high-speed telco lines, it becomes a bit more difficult - it isn't as easy as just calling your Cisco salesmonkey and buying the card you need.
It should be noted, however, that adding a card to a Cisco isn't always painless. I've had to upgrade the OS - which involved upgrading both memory and flash - just to support another ETHERNET card. How many decades has Ethernet been around for, and they want an OS upgrade to support one? And only to support an additional card, the built-in ethernet worked just fine.
Right now, we're using a Linux router for ethernet routing within our data center, which it handles just fine. As soon as our Sangoma cards show up, it's also going to handle a T3 to our office as well - but only clearchannel, we can't split it between phone and data (as I'd like to do.)
A while back, I had a rather perverse thought. You can hook up a LOT of interfaces to a high-end Cisco, and most routed telecom isn't very high-bandwidth. A T3, at a measly 45 megabit, is still very small considering the throughput of today's hardware. An OC3, at 155 megabits, still isn't much. The perverse thought was that if someone would come up with T1 and T3 modules with integrated CSU/DSUs that connected via USB or firewire, you could stuff a machine chock-full of 4-port controller cards, and be able to hook up 20 or more interfaces very quickly, and easily. In theory, each USB controller card *should* be able to push the ~200 megabits without much trouble, and even a plain old 32/33 PCI bus could *almost* handle the 110 MB/s of all 20 lines at full-tilt. Realistically, however, I do know that USB has many deficiencies which entirely prevent it from fulfilling that task.
Oh, you're not stuck, you're just unable to let go of the onion rings.
As I understand it, there's already this open source routing software called "Linux". I sysadmin at a medium sized financial trading house, and managed to toss out our two Cisco routers a year or so ago. I replaced them with Gentoo Linux boxen running the standard IP stack and routed, on office ready Dell PCs (with a couple of extra ethernet and fibre cards as appropriate). And you know what? It's been even more reliable, less downtime for patches or crashing or hardware failure. I'm not likely to go back to Cisco until I see the same standard of freedom and quality in their code that I do in Linux.
This is all assuming I'm willing to go unsupported, of course.
1) By far the most important is what kind of interfaces can I get for it. Of course I can get ethernet but what about T1, DSL, SONET, etc. If all this does is route packets over ethernet, which I then need to plug in to another router to get to my WAN, that's not so useful. I'd say over 90% of the Cisco routers I see in business are for WAN connections. If you are going to have to buy those anyhow, then what's the point?
2) What kind of load can it handle? Having something that can do a gig is all well and good, but can it still do a gig with 20,000 clients generating 50,000+ connections? That's where many budget routers and firewalls fall flat. They do everything in software so they can do the traffic no problem, but it's the concurrency that kills them.
3) Does it support layer-3 switching? That's where you in effect route the first packet of a flow and switch the rest. Leads to much lower impact on the router, and lower pings. Can't do it going from one media to another, but for internal routing it's the way to go.
This is, as mentioned, not considering support. I mean it's all well and good to slap some NICs in a system, load an OS that can route traffic, and call it a router/firewall/whatever, but it's something else entirely to see that survive under a real load. We see that all the time on campus when we test new potential devices. They promise gig throughput, something I have no doubt they deliver, and less than we use, but they instantly crash when exposed to our network. Why? Well we have like 30,000-40,000 comptuers or so that generate hundreds of thousands of concurrent connections. They just aren't equipped to process that kind of load and they stop passing traffic. The Ciscos, however, that compose the entire core, edge, and distribution parts of the network, operate without problems.
Microsoft built an empire out of OSS (using OpenBSD). Linux tries to compete with their own, better, product. However, companies are still resistant due to "support issues" (how much support did you actually get from M$ last year, though?) and familiarity.
Cisco built an empire out of Netlib, etc. Vyatta will try in vain to take a slice of the pie, but companies again will "go with what they know".
This is how the vast majority of us have ended up with rubbish IT setups, and those amongst us who care about quality etc. get modded "Troll" for ranting about it.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
This seems to be alittle late to be jumping into this market. Most of the big players are starting to switch over to multilayer switching. Software routers are only needed where you need to do something like NAT or firewalling.
If your big enough to need a routing protocol like BGP, your going to need some serious hardware. Software based routers running on off the self hardware are fine for 100mbit ethernet routing, but beyond 100mbit you need some specialized hardware.
I really don't see any advanage this system has over a linux router with the usual tools(zebra/quagga, ip, ifconfig, iptables, ebtables, etc...)
God, root, what is the difference?
There is a tech fix for this problem. Just embed a packet sniffer in the next software update to prevent traffic from coming or going to the Vyatta or XORP sites. No software, no web presence, no problem. Closed source, so who's to know? Advantage: Cisco.
Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
At home and at work, a nice multi-homed Linux box with iptables, shapecfg, openvpn, ipsec, and iproute already does a nice job of firewalling, vpn-ing and routing traffic. IMHO, handles loads and traffic flow pretty nicely - and it's a lot easier to upgrade and do traffic analysis than on those closed off-the-shelf boxes.
Is there any special hardware or chips on this thing? Or is it just a low-end computer? I saw this story before and it didn't mention anything about the hardware
http://www.thebricktestament.com/the_law/when_to_
Perhaps not.
I will refrain from using my corporate name because about 95% of the people that read Slashdot will know it... but we use ALOT of open source projects. Almost no bought or propretary software (we have a small subset of Windows users), but that's it. We use OpenOffice and basically non-Microsoft programs. (We use alot of macs, and iWork and such).. but it seems to work well. Couple extra steps, and no blackberry's (we use Treos, cause our email is imap)
but for the most part our office is OpenSource. Or.. !Microsoft.
so I agree with Parent.
The game has long since moved from just forwarding packets to providing intelligence in the network. Now companies want integrated security, voince, application intelligence and application (l5-L7) optimization, QOS, high availability, etc.. none of which you'll find in an open source router. This is why the networking companies stay in business. If companies wanted cheap packet forwarders, they would have bought linksys, 3com, huawiei, hp or any other me-too commodity router. They didn't and Cisco won.
--- RFC 1149 Compliant.
Linux Router Project
Which already tanked, but was an open source floppy disk firewall-router-telnet-ssh installation that could run on a 486 with a single floppy and 2 network cards.
Somebody bought it out. How? IDK, since it was an open source public domain type project.
I'm sure there could still be some floppies of it.
"Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
the project halted as the main developer stopped working on it due to lack of funds.
i couldn't get the ftp site to share legacy files to me either. =\
"Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
The number 1 problem with Xorp is that it supports only a tiny fraction of standard Internet routing protocols. They don't have the developers to support anything more than a bare-bones software router. If you're only going to use what they have, it's no big deal. (NOTE: I am only including actual common routing protocols, here. There are over 150 routing protocols defined and implemented by somebody, but few routers support more than 3% and only the Really Major Routers even pass the 10% mark.)
The number 2 problem is that it lets the native OS deal with all of the QoS. This means that Xorp isn't guaranteed to behave the same on different platforms. It's not a lethal problem and some (including the Xorp developers) consider it a major bonus. I'm not convinced it's a good thing, though. It makes multicasting very confusing.
The final problem is that Click will normally be run as a kernel module, but Xorp is in userspace. This means you've a LOT of context switching when running in such a mode. Because you want minimum latency, the overhead of pushing packets into userspace in the first place might not be efficient enough.
I believe Xorp to be a good product. It is also the ONLY software router that is (a) Open Source and (b) being maintained (Quagga, Zebra and MRT are all dead, and GateD was withdrawn). I don't know if the Xorp group want more core developers, but I desperately hope that third-party developers offer patches and modules for it to beef up the abilities.
(Linux is an important software router. NetBSD and OpenBSD could be, if the routing software was good enough. The three of them should have the low-to-medium router market totally sewn up in no time flat, in a very short timeframe. That won't happen, though, if there's not enough independent interest and support.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
i find this feasible. It's a BSD-style license (wink wink, nudge nudge) so this means it's perfectly applicable for an "embrace and extend" operation.
The founder and chairman of the board is a venture capital guy. Me thinks their primary motivation isn't providing lower cost solutions. Rather, its to make a billion dollars.
Eddie Kohler, whose PhD thesis at MIT was the Click modular router (which from what I understand turned into the "engine" behind XORP), is one of the principal designers and developers of XORP. They published a paper at NSDI last year, which you can read here (Warning: PDF). It states very clearly what the goal of XORP is, and how well it performs. Quite interesting.
If there's martian frames in Network Neighborhood,
Who do you call?
Packetbusters!
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Last time I needed a Cisco unit replaced (a C2970G-24T-E switch that went totally dead), it took over two weeks to get the replacement onsite. Our 8x5xNBD Smartnet contract and the fact that the 2970 has a lifetime hardware warranty didn't do diddly squat to speed up getting a replacement any faster. The problem was that there simply weren't any 2970's in the immediate supply chain available to send out at the time.
Dada, is that you ;-)
Beat me to the punch on that point, but it's so true. And even if you don't think the support is worth it, PHBs may beg to differ.
Cisco's market share year to year over the last 5-6 years has bounced from a near-dominating 80% to as low as 50%...and it's swung that much in ONE year.
That must be some definition of "lock" I'm not familiar with...
Please help metamoderate.
The substantially longer answer is: "Not all boxes of this kind play nice - Qwest's DSL modem runs Linux, as does Linksys, and a whole bunch of other cheap off-the-shelf devices. Very very few of these are updatable by the user - and those that are are mostly that way because enthusiasts hacked them. These firms comply with the GPL only under duress, for the most part. Other firms do play well with the license and respect the consumer with specific needs. Where direct access to the kernel exists, support for T1, DSL, etc, will be very straightforward. If the access doesn't exist, it's possible but substantially harder."
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
a couple of routing protocols and features do not a router make. getting the buzzwords of the week included in your project is pretty easy. Many, Many of the "standards" of quite a few networking technologies are authored, invented, implemented by cisco. Look through the networking RFC's and see who authored quite a few of them. as everyone else has commented, routers/switches are specialty hardware devices. The software is a managment thing. If this was such a good idea and you could get the same performance, cisco/juniper/3com/ibm all would have done it by now, heck of a lot easier than designing your own chips and making pcb boards. xorp/cdrouter/etc are all specialty niche products for the small business that _wants_ a cisco but for some reason likes to roll their own. They all migrate one day when they get bigger and need xyz feature and find out cisco has had it in IOS 11.2T, and that in fact feature xyz _used_ to be a cisco only proprietary protocol... oh well, they usually learn. --jboss
Has any group or project vet'd it for security related bugs?
http://www.hawknest.com/
negative Ghost Rider, the pattern is full.
Except that the 'uninformed masses' are not ciscos main market.. we arent talking about twinkees here... ( and i know of one case where a bakery chain went down hard, due to one mistake.. the 'general public' understood what happened, and the place was out of business in 6 months, after nearly 100 years of being in the business )
Most of Cisco's market undersands the technology and security ramifications, and i think they would drop cisco in a heartbeat if this were to happen. Or at least i would hope they would...
---- Booth was a patriot ----
There aren't a ton of vendors out there making PCI cards with more esoteric network interfaces, but at least some claim Linux support. No idea if it's good, but anyhow.
The price of the cards would be another possible sticking point. It looks like you are talking $500 or so for a single T1 interface. Well, start putting interfaces like that in a box, and it eats up the cost advantage fairly quickly.
It sounds like a cool project, and actually something I might have a sue for at home, but this whole "Cisco replacement" thing seems like just so much fluff to me.
OpenBSD ships with its own RIP, BGP and OSPF daemons. Its BGP daemon is BY FAR better than xorp and quagga, and its BSD licensed of course. OpenBSD is already a fantastic software router, maybe you should try using it instead of ignorantly telling us what it "could be"?
When you deal with enterprise customers, you no longer compete based on money. If you truly have a need to enterprise level routers, what it means is that millions upon millions of dollars worth of business is dependant on this, and you will not try to save $50k by going with an open source solution.
These guys know absolutely nothing about the market they are dealing with. It's a joke, really. The only thing I can think of a reason why these guys even are wasting their time is that they are hoping Cisco will buy them, but I hope Cisco just let's them hang themselves out to dry.
Remember, the people who make the decision to buy network equipment don't want to get fired because they save 80% on a 50k router. Saving $40k won't get them a promotion but having millions of dollars worth of business interrupted because of that will get them fired.
This is the pitch that Cisco sales people will be making, and trust me, it's going to work. Who will risk their job just to prop up this ridiculous open source company, especially when an enterprise customer has deep pockets to deal with?
Lesson #1: Enterprise customers don't care about price, they care about reliability. As the old adage goes, no one gets fired for buying IBM/Cisco/Microsoft, etc. Mainly because when a problem occurs, there's a huge company that can be held accountable, not some fly-by-the-night startup.
ALL Cisco products have had remotely exploitable flaws in them. And all of them, always will. It's called plausible deniability to blame it on a bug. It's also called a backdoor, when you know it's there and leave it on purpose for "national security" reasons or whatever.
Why recreate the wheel, the issue that causes Cisco and related products to cost so much is the interface cards. Unless you can source your OC-3 card cheaper, it's not going to matter what software you run on it.
Really sucks you need something like that to keep a hardware project alive. Just like that high school shop class that built the hybrid car that runs on soybean oil. That will get patent sued out existance by the big automakers, out of embarrassment if nothing else.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Further funding has been provided by Microsoft Corporation
XORP is licensed under BSD, thus it is not only extensible but embraceable as well. Microsoft likes anything it can embrace and extend.
The Windows NT TCP/IP stack is substantially made up of lifted BSD-licensed code anyways (or at least started out that way). I imagine "Vista Server" could be equipped with "innovative", "advanced" routing capabilities compliments of XORP.
How is this any better than Smoothwall? Smoothwall has incredibly easy setup routine and a dynamite interface. Want top notch support? Buy the commercial version.
With a linux box and a couple of nics, I can do most of the routing and firewalling I'd ever need to do for the smallish networks I manage.
.......pocket.
I'm fairly sure you couldn't go to a major streaming media data center and drop a PC in there to do the job of a high end linux router.
So where's the breakpoint?
Could an old linux box route packets faster than a linksys wifi router? How about a Sonicwall TZ-170? Compare to an old Cisco 1720? I have both a Sonicwall TZ-170 and a linux router doing different tasks -- would it make sense to let my linksys handle the wifi side, and router all data through the linux box -- or even just put a wifi card in the linux box?
Where is the performance breakpoint? The latest kernel patches claim to handle sip transforms and that ilk as well as the Sonicwall. There are obviously apps to handle vpn, routing failover, and dual path networking for increased performance.
One of those projects that sits on the list for along time before I get to it is to try out using a single linux box with multiple nics to handle all my SOHO network routing tasks from one place -- then if I get it figured out to stick the whole config in a VMWARE virtual machine and try it that way.
Has anyone actually TESTED this? I'd be more interested in real experience than random guesses pulled out of one's
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
FreeBSD: [freebsd.org] OS X without the flashy graphics and the DRM. Try it. You might love it
It is also missing the nice interface, and commercial applications. And then there are all the really nice OS X applications which make use of the interface. And there is no DRM in OS X except that used on the ITMS music and possibly that used to make it only run on Macs. But, it is open source and free, which is nice for some applications.
Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
Cisco has more to worry about with OpenBSD. OpenBSD has CARP for failover, OpenBGD, OpenOSPF, etc. The BSD license means that anyone can make a commercial system out of it. It also has a lot of testing behind it.
But unless you "show the source" how can others be sure that you have implemented the standards with no extra features? Most computer based products have too many internal states to be fully tested as a simple "black box" with inputs and outputs.
Most of the comments I've been reading sound a lot like the big iron computer makers when they saw an Apple ][ back in the day. The point of this product is not to compete with the high end, but the middle. There are plenty of cases where a $5000 router and a big service contract just don't make sense. Sure, I drool over our Cisco switch, but for most IT departments, Cisco is more expensive than necessary. The market really does need a middle player. I hope this is it.
"Well, good luck finding a judge that doesn't run a bestiality site."
Being a veteran of the Cisco Networking Academy - I survived the courses with only a handful of brain hemmorhages - I hope that an open alternative to Cisco's software will accomplish the following, as these are the problems I observed in Cisco's products...
1. Cisco's IOS interface is about as clear as a brick wall. Granted, this is an incredible form of idiot-proofing - the interface makes sense, once you study everything there is to know about it. However, you absolutely positively can -not- log into a Cisco enterprise router and have even the foggiest idea as to what's going on unless you've studied them before. Furthermore, the IOS does as little for you as possible, which is a good thing from a security standpoint... However, it would be nice if there was a work-around - a nice, clean GUI or something, accessible only from a physical connection to the router, perhaps - so people that haven't spent nearly a decade busting their brains over the hardware can at least perform basic maintenance.
2. Dropping the cost of good routing and switching hardware would be wonderful. The routers and switches my school had cost in excess of $2,500 each, sometimes more, and they were older models at that. Furthermore - and this ties back into the previous statement - not having to hire people with four to eight years of schooling behind them just to manage a damn router would also drop the cost of managing an enterpise-grade network. (Granted, the people that are most likely to want to purchase this kind of hardware probably also have the money to do so, but at any rate, that's no small wad of cash.)
3. I personally think it'd be really nice to be able to actually go in and tweak the hardware and software with a much greater level of precision than what Cisco's IOS allows. This would also allow for you to expand your harware without actually having to buy or build another router. I can't help but wonder if there'd be any point or improvement in clustering a home-made router and switch... Or a server, or whatever. Long story short, being able to actually reach in and mess with the stuff without violating some kind of warranty would be nice.
I'm not about to say that Cisco is bad as a company. Cisco and their subsidiaries - Linksys immediately comes to mind - provide excellent service, and their products aren't half bad either. There are simply some issues that could be resolved by actually having access to the codebase of the software and being able to manipulate the hardware, in addition to new possibilities unlocked by the same. Cisco's track record aside, though, this is really a step in the right direction. The next thing I'd like to see are some people seeking to break into the business coming in with keyboards and soldering irons blazing, to see what can be done with this software - and some new hardware to go with it. Additionally, to make this program attractive to big business, it's going to have to make serious strides in terms of how much it can support, but if the project doesn't tank, that'd be great.
In fact, there was nothing there that covered multicasting, mesh, overlay, wireless or hybrid networking. There was nothing there for secure routing, either.
That gives 6 out of 150 and only a fraction of the areas routing protocols have been written for. And this is supposed to impress me? Who the hell are you kidding? These are also stand-alone daemons, not kernel-space routing code.
Oh, and I stopped using OpenBSD when I moved over to MirBSD - it has the security of OpenBSD but far more software and less of an asshole crowd. But, then, anyone whose followed my posts would know this, rather than ignorantly telling me what I'm supposedly ignorant on. (They'd also know I've been using the *BSDs since 1990 - which, I would guess, is somewhat before yourself.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
2004 Cisco backdoor
2006 Cisco backdoor
Its really funny reading through all these comments from people who have obviously never worked as network engineer for medium-large enterprise or telco.
Can one make a box out of open source products that can duplicate Cisco/Juniper technical offerings? Sure. Would I use one at a small company or startup? Sure... I have deployed OpenBSD and Linux firewalls and routers in the past for small companies I was consulting for. I'm sure the work from this company will allow for better products for small businesses (most low end router offerings stink).
These products will not affect Cisco or Juniper unless companies/organizations form to provide the following:
1. Enterprise Support/Consulting
2. Compelling Products/Architectures
3. Enterprise Level Documentation
4. Carrier Class Performance (for telcos)
5. High availability hardware and software
6. Provisioning Systems (for telcos)
7. Enterprise/Carrier Management Platforms
8. Formal Training and Certification
There are a selected number of organizations with highly motivated and talented individuals that can meet their requirements without the above offerings. But this is typically not what you see out in the real world where many network engineers/admins need the described infrustructure.
Price alone will not make a difference. The cost of Cisco/Juniper equipment is just a small part of the TCO for organizations that have hundreds and thousands of these devices.
We've have open souce routers for 20+ years. Any UNIX box with two or more network interfaes is a "router". THere have been live CD implementations of Linux based routers for years now. This is just "Yet Another".
I know a few companies try to have the same commands for their gear, is this a "feature" as well?
Is there anything better than clicking through Microsoft ads on Slashdot?
What, you don't think KDE or Gnome are as nice a GUI as OS X?
(Well, you'd be right. But they're tolerable.)
As for commercial applications, FreeBSD has at least a few. There's a list of approximately 500 FreeBSD ports which contain sufficient restrictions against redistribution that they cannot be redistributed on the ISO images that people use to burn CD's. Not all of these are "commercial applications", but things like Acrobat Reader or StarOffice or Oracle's database, Linux versions of commercial games running in FreeBSD's Linux-emulation mode, or perhaps the various virus scanners would count:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/LEGAL
(click on download)
And there is no DRM in OS X except that used on the ITMS music and possibly that used to make it only run on Macs.
Well, just how much more DRM do you really want?
To me, "no DRM" means "no DRM" and not "some DRM".
"The human race's favorite method for being in control of the facts is to ignore them." -Celia Green
To me, "no DRM" means "no DRM" and not "some DRM".
Woman: Well there's rat cake ... rat sorbet... rat pudding... or strawberry tart. ... well, I'll have a slice without so much rat in it.
Man: Strawberry tart?!
Woman: Well it's got some rat in it.
Man: How much?
Woman: Three, rather a lot really.
Man:
Karma: It's all a bunch of tree-huggin' hippy crap!
Why is the headline "vs Cisco"? Cisco could also produce products based on this technology.
Cisco does not have backdoors for Law Enforcement Purposes, they have official front doors. There are specific images available to implement "Lawful Intercept" for when a service provider is ordered to intercept traffic by a legal order. See: http://www.cisco.com/wwl/regaffairs/lawful_interce pt/
... the difference between XORP and normal Linux routing (iptables + route + ifconfig + /proc/sys/net/ipv4/ip_forward)?
Don't thank God, thank a doctor!
Woo, mod parent up! Open-source routers have been around since the late eighties transition of the BSD codebase away from its license-encumbered AT&T history.
Any posix-compliant geek can and will shove a few NICs into a box with BSD or Linux on it, and turn it into a router. "Sure", you say, "but what about the user interface?", a valid point! XORP has been working on this for http://www.xorp.org/">years, and as far back as 2004, XORP was seen to be making some trouble for Cisco.
Imagestream has been touting their Rebel routers for a few years too, and they, like Digium, have an impressive array of interface hardware to support your box's position within the network. It's a fine market position to be in, and it's certainly not news. That being said, perhaps poking it back into people's brains is a good idea, and anything that helps dilute Cisco's software monoculture in the enterprise routing market can only be a good thing.
Microsoft built an empire out of OSS
Come again? What OSS projects? What code? In which Windows releases?
This guy is way out there
And how is a name like 'Cisco' any different? The only difference is that your familiar with Cisco do it doesn't sound weird to you.
Every machine doubles as a source of spare parts. When everything is built on as same/similar hardware as reasonable, sourcing parts in timing-critical situations becomes much easier.
... but aren't Intel processors power hungry? I mean, sure this thing doesn't cost a lot when you buy it, but this thing stays on 24/7, wouldn't it consume more power than the cisco hardware that's tailored to run as cheaply as possible? There's no point paying less upfront if the long term is going to cost you more.
a) More informed about the existence of the other ways of doing things, and
b) Far less abusive. (Particularly when bragging about a secure OS that has no mandatory access controls or role-based memory segmentation.)
Let's see. What possible advantage could there be in not having 4 completely unnecessary context switches, assorted interrupts and an application scheduler call for EVERY packet that traverses the system... Hmmmmm. Tricky. Let me know when you've worked it out.
(The security implications of having something in the kernel would not be a factor in a truly role-based MAC-segmented OS. Indeed, the distinctions between userspace, kernel space, or an entirely remote machine become meaningless.)
mrouted? The best you have to offer is an ancient, abandonware router for DVMRP? For chrissakes, nobody runs that crap these days. PIMv2 has been out for some time, as dense-mode, sparse-mode, bidirectional and source-specific. Its original home was Xerox' PARC (you can still find a copy there, I think). DVMRP is based on the RIP protocol, handles pruning very badly and is generally considered a lamer's protocol.
"Secure routing" is not running a router over IPSec. (Besides which, that would be horribly inefficient. IPSec is good for sustained connections, but the negotiation is expensive and therefore not so great for transmitting occasional state changes.) A secure routing protocol is a routing protocol in which the security is built in (amazingly enough). This may include many of the techniques used in IPSec such as host authentication, packet validation and packet verification, but most will go considerably further to prevent router table poisoning.
(IPSec - or any similar authentication scheme - alone is not enough. If a single router is poisoned, the poison will be carried across the entire system, as that poisoned router will necessarily be trusted. You might as well rely on
Secure routing does not operate on a blind trust basis, but has some sort of verification mechanism to prove that the route is indeed valid.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I'm sure this hardware company can make a small profit on this project. The thing is, it's open. That means anyone can come in and make their own. It would be a simple matter to go to China, have someone product this product for even less, and sell your own version. The software becomes irrelevant as everyone has the same software.
What this comes down to then is service. Cisco makes most of their money on service contracts, just like this company would. The hardware is a minimal investment, even with Cisco. It's the support contracts where the business...and the profits...are made.
The article was written by someone who got their business degree reading the NYT best seller list for business books. "Disruptive technology" my ass. It's just a buzzword and this product doesn't fit the bill.
BSD-style license and backed by Intel and Microsoft? You might as well write them a check with a note "here's some help in your crusade against Cisco".
No thanks, I'd rather contribute to a GPL project, like a router derivation of Embedded Ubuntu.
If you're running T1/E1 in channelized mode, it used to require hardware help for HDLC encapsulation, but it's basically not much trouble on a modern CPU, and if you're running Ethernet-to-Ethernet, the Wiki showed they maxed out 100 Mbps for big packets and could fill a T3 with 128-byte packets, though you'd still want a faster machine if you're running full-blast VOIP-only traffic on a T3.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
UDP does use IP, but it's fairly common for UDP to blast away with a bunch of small packets that don't have the flow-control behaviour of TCP. Cisco uses specialized hardware partly because ASICs are cheap and partly because they've never used fast enough CPUs. Some of the AIM modules do make sense - 3DES is heavy-duty bit-twiddling which wasn't designed for modern CPUs, but as AES becomes more popular, you really won't need accelerators, and a cheap Intel CPU can still handle a couple of T1s worth of IPSEC without any help.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I know m0n0wall pretty well
How is XORP different?
(well obviously designed for very specific hardware, but is that a good thing?)
Officially: "No comments"
It also depends on exactly what's being compared. For example, OpenBSD's support for SMP and 64-bit processors isn't exactly world-class, nor is there anything comparable to OpenMOSIX at this time. Quagga, under Linux, can take advantage of all of these. It'll do so even better when it's properly threaded, and select() is sent to the great bit-bucket in the sky.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I'd just like to say... it seems that the average person views a router as something with a few ethernet ports that routes packets. I only see about a dozen 'modules' on this XORP package, that's pretty tiny compared to the 250 or so modules that we / and or Cisco may have which include layer 1 drivers for specialised interfaces (non ethernet) and many specialised layer2 protocols (non IP). most of the routers we sell are to customers wanting to (for example) connect thier obscure TPAD terminals to thier X.25 network which runs over ISDN/Frame relay, In this example IP/Ethernet never come into the picture. XORP could never 'kill' Cisco or anyone else making real routers.
If the test is "can I get a Linux box that can duplicate the functionality of a Cisco box for significantly less than the cost of a Cisco router", then I'd be more hesitant. You're correct that the hardware isn't cheap, and Cisco can buy in bulk. The average customer cannot. It would also be a non-trivial task to find/build a motherboard that can get the throughput and the uptime, let alone for a competitive price.
If the test is "I've a bunch of really weird, shifting constraints, which is better?" then I'd probably go with Linux. Cisco's routers are not easily modified, although I believe there are some modules for them. Cisco are only going to do modules that will turn a profit, though, so for really unusual requirements, you're probably out of luck. You've a better chance finding the hardware and drivers for Linux, although it's far from guaranteed - and not always cheap when it's there.
You're probably looking more at the middle case. In that case, no. Linux is not (at the present time) a good option. I believe Juniper's routers are cheaper than Cisco's, though. My reply was more focused on the first case (can you actually accomplish the task) and I believe the answer is a provisional yes. The last case would mostly apply to very specialized industries, R&D groups, etc, where the requirements are either ill-defined, constantly changing or just plain weird.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
(Although an IPv4 address is only 32-bits long, IPv6 addresses are 128-bits long. Thus, you can compare addresses in two sets of loads, as opposed to four sets.)
Of OpenMOSIX - now we're getting into the child's play stuff I'd have thought would be obvious to anyone. Let's start with the obvious. OpenMOSIX (with the DSM extension) supports the migration of threads within a process between boxes, whilst keeping the memory accessible to all threads the same. This has two consequences. First, processes that are not directly related to routing but need to run somewhere (eg: SNMP monitoring, router console - if any, encryption for all those IPSec tunnels, etc) can all be farmed out and the boxes directly in-line with the networks need not handle any of that stuff at all.
With the routing itself, it gets more important. Most load-balancing works by flip-flopping between routers. This is only valid if all packets take an equal time to process. So-called "hot-potato" routing is, however, going to be a LOT faster than a lot of other operations, so no such guarantee exists. There is a further complexity. If you have N identical routers, you're assuming that there is an equal amount of all types of traffic, interleaved in such a way that no router is going to spend time idle waiting for traffic it will never get.
Of course, you COULD hand the routing threads migrate to where the work is, instead. Or you could just use OpenMOSIX' DSM to provide a uniform router table to all load-balancing routers and not use thread migration at all. I'd tend to go with migration, as you don't want the overhead of running code you're not currently using, but it works either way.
OR you could use DSM to provide a pool of incoming packets that a large number of software routers on other boxes could all pull from as capacity became available.
The technology DOES have a value - even when not always expected. Only a troll equates expectations with reality.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I find Theo a trifle abrasive - most do - but I don't hold that against him. Most highly talented people ARE. I reserve my contempt for talentless scum-buckets who believe that abuse is all the talent you need.
Yes, I'm a little pissed off with the OpenSSH developers - I think they're way too insular and NIH. No biggie. Last time I got into that argument, I forked OpenSSH just to show it could be done.
Hell, don't think I've not done that with others, before - you think I collected all the patches that went into FOLK, massaged them all individually for each and every patch release, and got most of them to actually work together, purely for fun? No, it was to make a point. YOU might like your own private niche, and you're welcome to it, but -I- won't suffer for anything less than everything there is, was, or ever will be. My vision might be a little tougher to obtain than the OpenSSH/OpenBSD crowd's, but the view's a hell of a lot better along the way.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
...on Network World last week.
The WLSE and MARS appliances are highly unlikely items to be purchased by network or security admins, and left open with default passwords. If you're shelling out the cash for a MARS appliance, you generally care enough about security to change the password from default. I don't know, maybe that's just me though. Maybe there are plenty out there that are wide open. Scary!
Yes, *that* Bob Vila.
Sure this might replace a small router with a couple of interfaces, but it will no way replace a router with hundreds of gigabit interfaces capable of millions of packets per second.. Then there is the support issue, both hardware and software.. and the number of developers working on the project...
interesting, but I don't think Cisco is too scared.
Open-Source router? Here I was expecting to see http://openwrt.org/. ;-) Granted, not exactly an enterprise solution, but runs on $100 off-the-shelf hardware, without the power consumptions, noise, and other disadvantages of a PC-based router. I'm surprised it hasn't even been mentioned in a comment yet...
Just try OpenBSD with it's pf, carp, pfsync, bgpd, ipsecctl, ospfd and all systraced. You can get a fault tolerant, load balancing encryption accelerating rig with two Via ITX boxes (somehting like $900 in overall cost).
What about KA9Q's NOS? That was around from the early 80's as part of TCP/IP experiments in amateur radio. Original version ran on an Amiga. KA9Q is one of the reasons why hams have their own class-A network (44).
-russ
Don't piss off The Angry Economist
there is a company Megabridge which produces mux - data and voice over twisted pair(s) and E1/T1
basically you need two boxes on both sides of the link which do all the work with load balancing. Voice btw is real telco (TDM) voice not some VoIP. the system allocates timeslot for the voice on the fly.
the website is small and does not explain what the box does. contact the guys. this is a small company. i did some SW work for them 2 years ago.
Try storming a cisco box with massive amounts of small UDP packets and see how well it copes. UDP is done in full software mode, you can't use CEF etc on UDP.
You just proved what I was saying above (and what the GP was saying in his post): it's not only the software. If you force the router to process everything in software (as in your example with UDP packets), it will quickly reach its limits.
This is nothing new. With OpenBGPD, Zebra and Quagga there have been OpenSource BGPD and OSPF-Deamons available for a LONG time.
Why is trusted computing a problem for OSS?
Because implicit in OSS is the requirement that the people who own the computing equipment want to be able to trust it.
In contrast, implicit in TC is the desire of certain people to grab control of equipment which they do not own and make it do what they want, so that the owner of the equipment can no longer have trust in it.
It should be obvious that there is an inherent incompatibility here. The content providers want our computers to be a delivery platform trusted by them instead of a computing platform trusted by its owner.
In effect, they are looking for a delivery platform lease model but are expecting us to pay outright for equipment which they will control and hence which they actually own. Clearly this can't work.
I still have my doubs for an open-source router replacing High-end cisco routers at large corporations. Even if it is working good and the performance is the same a real cisco router throught raw processing power.
Large corporation have extensive support from Cisco, if something goes wrong they build the complete sitation of the company in their lab, copying the IOSses and the customers configuration on it and solves your problem.
That is something the open-source community cannot guarantee.
If thousands of employees cannot connect to the ERP systems anymore, is the cost of Cisco router only peanuts in comparison of the lost of productivity for one day.
It's mainly the support you are paying the big buck for.
I'm very pro open source project for databases, OSses,... since no vendor in that area is going to completely replicate your network at their premisis to simulate and solve your problem even with the most expensive support contracts. So you need a third party to do the problem solving anyway.
Other:
Cisco PIX Firewall
For those who want te build their onw "Cisco" Firewall (PIX) from some old PC hardware take a look at this : http://www.packetattack.com/frankenpix.html
Great invention...
just like the Linksys (Cisco) WRT54x series...
It may not be very enterprisy, but the firm/software is very much open-source (linux) and has been here for years.
This thing does not run ospf. How can you have any type of Enterprise router that does not run OSPF!!!
Leave it to a chick to spout garbage that she knows nothing about.
Girlie, leave the actual technical discussions to real techies, okay? I think the fact that you know how to use HTML has made you believe that you are technical which is not the case. If you had any real technical qualifications, you would know that every single statement you made makes us laugh.
You're cute. Now go make me breakfast.
Interesting that you mention "modules".
I find one of the major disadvantages of Cisco routers (the range that I have experience with, running 12.3 or 12.4 IOS) is the complete lack of modularization.
You get an "IOS image" which is built according to one of a few "feature sets", and that gets you a monolitic configuration without any flexibility.
A system where you could pick a couple of modules out of a 250-module collection would be very nice indeed. I hear that it is being offered on the high-end systems, but the usual 1700 and 3700 routers we use do not have that.
XORP is positioned in that range, not in the high end.
Why would they want to undermine Cisco?
I suspect that Cisco is using a similar system to what we use, where they have one huge code base and the selection of modules is done internally with different makefiles or perhaps something more advanced. I sometimes get the feeling that Cisco have some difficulty getting releases to work with paticular combinations of features, it's strange how they need to have so many different releases. The images we release always have all modules compiled into them with the exception (for example) a build destined for a smaller router which is unable to take a OC12 uplink module will not have the OC12 driver compiled into it and so on, there are some other small exceptions where we'll occasionally exclude rarely used modules when the target device doesn't have much flash memory, basically, we configure this like a compile of the linux kernel, we can juggle the selection around at customer request but would never release this into customer hands (actually that isn't 100% true ;). 'modules' generally have to be enabled with individual licenses unless they're basic ones we give away for free - that's business.
Its not like you just made statements proving how totally ignorant you are:
"What possible advantage could there be in not having 4 completely unnecessary context switches, assorted interrupts and an application scheduler call for EVERY packet that traverses the system."
Anyone with any clue at all would know routing is done in the kernel, so there are no context switches or userland scheduling involved.
"Besides which, that would be horribly inefficient. IPSec is good for sustained connections, but the negotiation is expensive and therefore not so great for transmitting occasional state changes."
Anyone with any clue at all would know that BGP uses sustained connections, and as such is a PERFECT candidate for ipsec, which is why openbsd and juniper both impliment it.
"Of OpenMOSIX - now we're getting into the child's play stuff I'd have thought would be obvious to anyone. Let's start with the obvious. OpenMOSIX (with the DSM extension) supports the migration of threads within a process between boxes, whilst keeping the memory accessible to all threads the same. This has two consequences. First, processes that are not directly related to routing but need to run somewhere (eg: SNMP monitoring, router console - if any, encryption for all those IPSec tunnels, etc) can all be farmed out and the boxes directly in-line with the networks need not handle any of that stuff at all."
Again, anyone with any clue would realize you can't migrate kernel threads, and thus openmosix makes no sense at all for routers.
"For example, OpenBSD's support for SMP and 64-bit processors isn't exactly world-class,"
I'm noticing a pattern here. Yet again, anyone with any clue would know that openbsd's amd64 support is top notch, and sparc64 and alpha are both quite good.
Please, pity me more for not being a wonderful combination of ignorant, arrogant and dishonest like you. I feel so bad that I can't live up to your great example.
So where is the hardware? The article mentions a black box:
What I want is the hardware. I don't want to have to use a big PC to run routing software. Sure, using their software might be cool and all that, though I'm sure I'll want to hack it to make it do something better, or maybe replace some or all of it to do something entirely different.
I see small devices like ethernet switches with 8 to 16 ports, DSL routers, and many other assorted devices these days that have software you can't change, but have hardware that makes a PC even more bulky than normal to get it to do anything close to the same thing. Consider configuring a PC with 16 ethernet ports.
If there was a black box with a CPU that supported an existing Linux embedded kernel (several choices there), some flash RAM to hold the kernel image and some programs to run, and a means to re-load the flash when the flash contents won't run (like holding a button while powering up enters a mode where it enters some PROM code that can reload the flash over a specific ethernet port or other means it might have such as USB, Firewire, serial port, depending on what the overall device is intended to be), and a development kit for a Linux host machine, I think such a thing would sell reasonably well to geeks all over the planet. And you'd end up with hundreds of cool projects for these various little beasts. Being a router is just one possibility.
now we need to go OSS in diesel cars
A router is not comparable to only a kernel. It is like a kernel plus networking applications.
I wonder how people would feel if their Linux or Windows system was delivered like this. A 500MB "system image" that includes the kernel, the system startup services, networking utilities, the shell, many commandline utilities, etc. And when a flaw is found somewhere, you need to get a new image and test and evaluate everything from scratch.
Even Microsoft does not work that way.
In the early days, Linux kernels were compiled with drivers, but today drivers are loadable modules that you activate only when you have the corresponding piece of hardware. Even parts of the protocol stack are handled this way. Services like routing protocols are external to the kernel and also selectable and replaceable.
What we have now is a jungle of different IOS versions and feature sets, many of which are clearly made to fix one minor problem, add one minor feature that an important customer requested, etc. We as an unimportant customer have to wait for important bugs to be fixed, and when they are fixed we can only upgrade the entire image, risking (and having) new issues in other areas that worked well before. And when the process takes long enough, the new versions overfill the flash and/or ram, and the hardware needs to be upgraded. Just to fix a bug.
How much better could this be when things were not as intertwined as they are now...
Sorry to break it to you, if you've a userland process, you've userland activity. It makes bugger all difference where you'd like things to take place, they take place where the code is. "But packets are routed by the kernel!" That's not what the argument is about, the argument is not about packet flows, it's about BGP, and BGP is processed by the BGP daemon and not the kernel.
(Even if we're talking about packet flows, you're still wrong, as Click routes packets in userspace, which is why it can route them to NS. Oh, you've never used Click or NS? Then don't complain when others know more than your Holiness.)
There's also a matter of source. I'm well-established on Slashdot and have a strong pattern of getting modded up significantly. My credentials are verifiable, reputable and significant. You're a newcomer with no credibility, no manners, no recognition, no peer-reviewed publications, probably no degree and I doubt much in the way of an IQ. All you have is a vicious tongue and an attitude that would disgrace a neanderthal.
No sane person would regard me as the source of all wisdom, but any person who - on the strength of what has been posted - had to decide between us as to who was more likely to be the reliable source, well, I suspect I'd win by a landslide.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Now, OSPF, RIP and BGP are very good protocols - even for lots of the special cases - so it's also true that the gains to be had (even in theory) by using a more specific protocol will never be that great. There will be some, but it won't be gigantic.
Cases where these protocols fall down include using Linux on a laptop to route mobile network traffic, using a mesh or hypercube topology, multicasting and situations where network connections are fixed but unreliable. Multicasting is beginning to be fashionable, but none of the others are.
In consequence, it is indeed correct to say that nobody "needs" any more than those three protocols.
In a more abstract sense, I am firmly of the opinion that a wide range of choices (so long as a narrow selection is possible and has no overhead from the width of the original options) is always better than a narrow range (even if it's what you'll likely use anyway). Part of the problem with wide ranges is that they're typically done poorly, so you end up having to install stuff you'll never use. For example, Fedora Core has all kinds of really pointless enforced dependencies that could have been avoided very easily, so I don't consider that to offer genuine freedom of choice. If done right, it gets people to think about what they want to do and how best to do it, rather than to blindly point and click.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)