Slashdot Mirror
Open-Source Router to Take on Cisco?
ickypick writes to tell us that CNN is running an article about the emergence of an OpenSource Router product, currently in Beta, that targets mid-size enterprise customers for about one-fifth the cost of current enterprise networking giants' hardware. From the article: "The machine runs on two Intel chips, but far more noteworthy is its software, known as XORP, or extensible open router platform. The versatile open-source application can direct data traffic for a giant corporation as easily as it can manage a home Wi-Fi network." The current release is available for download from Vyatta's web site."
And this is a problem why? Some of us dont agree with the concept of the GPL in the first place.
If they choose not to use GPL, bsdish doenst make them bad, it makes them more free, with fewer restrictions.
---- Booth was a patriot ----
Imagestream has been doing this for ~8 years now ... course they provide support and all the hardware but this is doable. After all a DS3 Imagestream Rebel is only a P3 Intel and 256mb upgrade. Still it is another step in proof that cisco is not the networking god PHB's think.
I'm told you are what you eat, does that mean I can be you by tomorrow with some A1?
The largest impediment is not software, but hardware. The two benefits to a Cisco are that (A) there is someone who *will* fix your problem for a fee, and (B) You can buy an interface card for ANY network type out there.
As for (A), the same will likely become available for this if it isn't already.
(B) is a lot harder. When you get into odd network types and high-speed telco lines, it becomes a bit more difficult - it isn't as easy as just calling your Cisco salesmonkey and buying the card you need.
It should be noted, however, that adding a card to a Cisco isn't always painless. I've had to upgrade the OS - which involved upgrading both memory and flash - just to support another ETHERNET card. How many decades has Ethernet been around for, and they want an OS upgrade to support one? And only to support an additional card, the built-in ethernet worked just fine.
Right now, we're using a Linux router for ethernet routing within our data center, which it handles just fine. As soon as our Sangoma cards show up, it's also going to handle a T3 to our office as well - but only clearchannel, we can't split it between phone and data (as I'd like to do.)
A while back, I had a rather perverse thought. You can hook up a LOT of interfaces to a high-end Cisco, and most routed telecom isn't very high-bandwidth. A T3, at a measly 45 megabit, is still very small considering the throughput of today's hardware. An OC3, at 155 megabits, still isn't much. The perverse thought was that if someone would come up with T1 and T3 modules with integrated CSU/DSUs that connected via USB or firewire, you could stuff a machine chock-full of 4-port controller cards, and be able to hook up 20 or more interfaces very quickly, and easily. In theory, each USB controller card *should* be able to push the ~200 megabits without much trouble, and even a plain old 32/33 PCI bus could *almost* handle the 110 MB/s of all 20 lines at full-tilt. Realistically, however, I do know that USB has many deficiencies which entirely prevent it from fulfilling that task.
Oh, you're not stuck, you're just unable to let go of the onion rings.
The number 1 problem with Xorp is that it supports only a tiny fraction of standard Internet routing protocols. They don't have the developers to support anything more than a bare-bones software router. If you're only going to use what they have, it's no big deal. (NOTE: I am only including actual common routing protocols, here. There are over 150 routing protocols defined and implemented by somebody, but few routers support more than 3% and only the Really Major Routers even pass the 10% mark.)
The number 2 problem is that it lets the native OS deal with all of the QoS. This means that Xorp isn't guaranteed to behave the same on different platforms. It's not a lethal problem and some (including the Xorp developers) consider it a major bonus. I'm not convinced it's a good thing, though. It makes multicasting very confusing.
The final problem is that Click will normally be run as a kernel module, but Xorp is in userspace. This means you've a LOT of context switching when running in such a mode. Because you want minimum latency, the overhead of pushing packets into userspace in the first place might not be efficient enough.
I believe Xorp to be a good product. It is also the ONLY software router that is (a) Open Source and (b) being maintained (Quagga, Zebra and MRT are all dead, and GateD was withdrawn). I don't know if the Xorp group want more core developers, but I desperately hope that third-party developers offer patches and modules for it to beef up the abilities.
(Linux is an important software router. NetBSD and OpenBSD could be, if the routing software was good enough. The three of them should have the low-to-medium router market totally sewn up in no time flat, in a very short timeframe. That won't happen, though, if there's not enough independent interest and support.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
i find this feasible. It's a BSD-style license (wink wink, nudge nudge) so this means it's perfectly applicable for an "embrace and extend" operation.
Just because this is /., doesn't mean that you can pull the "OMG Microsoft" card. In this case, it is being overuled by the "w00t! OSS!" card.
Eddie Kohler, whose PhD thesis at MIT was the Click modular router (which from what I understand turned into the "engine" behind XORP), is one of the principal designers and developers of XORP. They published a paper at NSDI last year, which you can read here (Warning: PDF). It states very clearly what the goal of XORP is, and how well it performs. Quite interesting.
Well, this is a router that runs on custom hardware; not a city in Texas. (Yes, or a nickname for a certain city in the Bay Area...)
But yes, FREESCO is "A small free firewall router intended as a replacement for more costly commercial products." And, if you are wondering... "The name stands for FREE ciSCO". They have a website, and a very helpful group of friendly support forum [not located in NJ, I might add].
Disclaimer: I'm not affiliated with FREESCO, but my router does run their software on a very old PC. Does the job very nicely, too.
If all you have is a grenade, pretty soon every problem looks like a foxhole -- MightyYar
Cisco's market share year to year over the last 5-6 years has bounced from a near-dominating 80% to as low as 50%...and it's swung that much in ONE year.
That must be some definition of "lock" I'm not familiar with...
Please help metamoderate.
Not true. CARP + PFSYNC with OpenBSD and now even FreeBSD work quite nicely. You can do not only hot failover, but also load balancing.
Sometimes I feel like a nut... Ok so it's most of the time
Well the Outlook support is proprietary plugins. Mine relies on an open source plugin
OpenConnector
Its slated for a beta release in May. I am planning to release 1.0 of my project in may as well.
Charles Wyble System Engineer
UDP? I think you mean IPX maybe? CEF applies to IP routing and UDP is IP. You also forgot to mention the GSR and CRS. The 6500 may not be what these guys are competing against though, I see them trying to compete with the 3600's and ISR's at this point. Either way cisco spends a great deal of time optimizing software algorithims since it is a core component of networking. Some cases hardware helps, but there are quite a few memory models throughout the different lines, and to say most is the same hardware is just not true. AIM encryption module, FWSM, 6k, 4k, 3550, 3750/3560, VPNSM, etc are all examples of hardware accelleration. Heck, even the 2950 does QoS in hardware.
OpenBSD ships with its own RIP, BGP and OSPF daemons. Its BGP daemon is BY FAR better than xorp and quagga, and its BSD licensed of course. OpenBSD is already a fantastic software router, maybe you should try using it instead of ignorantly telling us what it "could be"?
Further funding has been provided by Microsoft Corporation
XORP is licensed under BSD, thus it is not only extensible but embraceable as well. Microsoft likes anything it can embrace and extend.
The Windows NT TCP/IP stack is substantially made up of lifted BSD-licensed code anyways (or at least started out that way). I imagine "Vista Server" could be equipped with "innovative", "advanced" routing capabilities compliments of XORP.
What's your problem here? Guys like me have been putting together Linux routers for years now. We run two using IPTables. The great thing about it is that this is the perfect application for those older machines without a lot of heavy-duty processing power or memory. Obviously if you want to big-time packet priorizing and the like, you'll need faster hardware, but I still figure with a bit of know-how (and it isn't that bad either) you can put together a router that will come fairly close to Cisco performance and capability for a helluva lot less. It seems nowadays the big justification for going Cisco is because the IT guy's got a certificate in IOS. Cisco prices are outrageous and it's not like all that money buys you any better a support network. The guys on the IPTables/Netfilter list will probably get you the answer to any problem a lot faster and cheaper than going with Cisco.
The world's burning. Moped Jesus spotted on I50. Details at 11.
How is this any better than Smoothwall? Smoothwall has incredibly easy setup routine and a dynamite interface. Want top notch support? Buy the commercial version.
Switches and routing are different things, you can't really compare the two. And again, in their router module, if you implement any sort of ACL, are you still avoiding process-switching?
This used to be the case waaaayyyy long time ago (ok we're talking years not decades) but starting in Cisco's Cat5500 series they've started pushing the FIB (Forwarding Information Base) into hardware as much as possible... Update an ACL and the assocated FIB gets updated. It started off with the first packet of a flow gets processed switch (i.e. routed) and then the rest of the flow after that gets switched after that, now with Cat6500s with a current supervisor card and fabric enabled host cards it's not even that. ACLs (now VACLs) modify the FIBs directly and everything is directly switched, TTLs decremented as they pass through, counters incremented etc (aren't ASICs nice)... allowing the processor lazely handle the hum-drum work of responding to SNMP requests that dump information tables that would chock a small horse.
-- Ed Bugg --You have freedom of choice, but not of consequences.--
Why is trusted computing a problem for OSS? The cries of software being locked out where simply FUD made up in the early days with no basis in fact (they where slippery slope arguments using the "well you can argue it's possible that such and such could be done, so we'll decide that's exactly what is going to be done)". If you need proof, why don't you look at the *nix based operating system that runs exclusively on the Intel "trusted computing" platform - Apple OS X x86.
Its really funny reading through all these comments from people who have obviously never worked as network engineer for medium-large enterprise or telco.
Can one make a box out of open source products that can duplicate Cisco/Juniper technical offerings? Sure. Would I use one at a small company or startup? Sure... I have deployed OpenBSD and Linux firewalls and routers in the past for small companies I was consulting for. I'm sure the work from this company will allow for better products for small businesses (most low end router offerings stink).
These products will not affect Cisco or Juniper unless companies/organizations form to provide the following:
1. Enterprise Support/Consulting
2. Compelling Products/Architectures
3. Enterprise Level Documentation
4. Carrier Class Performance (for telcos)
5. High availability hardware and software
6. Provisioning Systems (for telcos)
7. Enterprise/Carrier Management Platforms
8. Formal Training and Certification
There are a selected number of organizations with highly motivated and talented individuals that can meet their requirements without the above offerings. But this is typically not what you see out in the real world where many network engineers/admins need the described infrustructure.
Price alone will not make a difference. The cost of Cisco/Juniper equipment is just a small part of the TCO for organizations that have hundreds and thousands of these devices.
Mod up. Carp is one of those great features like pf that the OpenBSD folks keep cranking out. Easy to set up hot-failover firewalls. And check out OpenBGPD while your talking about replacing cisco routers.
or we can wait around and see what they can pull off using FPGA based chips...
or there is allways that printable plastic cpu experiment that someone did some years ago...
hell, open source cpus and other logic circuits may well be a requirement for some as the stuff from the main supplyers become more and more drm-laden thanks to the power vested in the entertainment industry's bank-accounts...
sure the performance hit will be staggering, but i dont think we will use the chips to run the latest iteration of halo, or for that matter duke nukem forever...
speaking of that last game, i wonder if the people that named it knew how right they would be...
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Hi Bill nice to see your still posting.