Slashdot Mirror
Open-Source Router to Take on Cisco?
ickypick writes to tell us that CNN is running an article about the emergence of an OpenSource Router product, currently in Beta, that targets mid-size enterprise customers for about one-fifth the cost of current enterprise networking giants' hardware. From the article: "The machine runs on two Intel chips, but far more noteworthy is its software, known as XORP, or extensible open router platform. The versatile open-source application can direct data traffic for a giant corporation as easily as it can manage a home Wi-Fi network." The current release is available for download from Vyatta's web site."
Seems like everything is Open Source now. (No, I am not complaining, i am backing it)
.... You name it.
We have Routers, Firewalls, IDS/IPS's, OS's, Word Processors, Spreadsheets, Presenting software. Hell. I would love to see an experiment where an entire corporate network was made, entirely of Open Source products (except for the hardware of course). From Routers to firewalls to
That would be an interesting, and totally free network.
Also very complicated
For a router, its mostly in the hardware, if it can keep up with real-life data rates.
Software is secondary..
---- Booth was a patriot ----
Make money? This better be good hardware running good software, because otherwise people are just going to say "fsck it, nobody was ever fired for buying Cisco". Why? Because Cisco actually works.
Yes, OSS community, your adversary actually works this time. Beware.
So who do you call when the thing breaks?
With Cisco, I call the rep, and they have a replacement device in our datacenter within the hour, and we load up the config and get it fixed.
Doubt you'll get that kind of service here, and that's what you pay for with Cisco.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Generally, bash is superior to python in those environments where python is not installed.
Having the hot spares doesn't matter if you are looking at a software problem.
The corporate question becomes who can you call for troubleshooting support that is "guaranteed" to help you.
(If the OSS folk don't answer your question, they don't lose money/contract)
This is all assuming I'm willing to go unsupported, of course.
1) By far the most important is what kind of interfaces can I get for it. Of course I can get ethernet but what about T1, DSL, SONET, etc. If all this does is route packets over ethernet, which I then need to plug in to another router to get to my WAN, that's not so useful. I'd say over 90% of the Cisco routers I see in business are for WAN connections. If you are going to have to buy those anyhow, then what's the point?
2) What kind of load can it handle? Having something that can do a gig is all well and good, but can it still do a gig with 20,000 clients generating 50,000+ connections? That's where many budget routers and firewalls fall flat. They do everything in software so they can do the traffic no problem, but it's the concurrency that kills them.
3) Does it support layer-3 switching? That's where you in effect route the first packet of a flow and switch the rest. Leads to much lower impact on the router, and lower pings. Can't do it going from one media to another, but for internal routing it's the way to go.
This is, as mentioned, not considering support. I mean it's all well and good to slap some NICs in a system, load an OS that can route traffic, and call it a router/firewall/whatever, but it's something else entirely to see that survive under a real load. We see that all the time on campus when we test new potential devices. They promise gig throughput, something I have no doubt they deliver, and less than we use, but they instantly crash when exposed to our network. Why? Well we have like 30,000-40,000 comptuers or so that generate hundreds of thousands of concurrent connections. They just aren't equipped to process that kind of load and they stop passing traffic. The Ciscos, however, that compose the entire core, edge, and distribution parts of the network, operate without problems.
Microsoft built an empire out of OSS (using OpenBSD). Linux tries to compete with their own, better, product. However, companies are still resistant due to "support issues" (how much support did you actually get from M$ last year, though?) and familiarity.
Cisco built an empire out of Netlib, etc. Vyatta will try in vain to take a slice of the pie, but companies again will "go with what they know".
This is how the vast majority of us have ended up with rubbish IT setups, and those amongst us who care about quality etc. get modded "Troll" for ranting about it.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
Never underestimate the power of Spin, especially when the general public has no interest in being informed about such complex subjects as network security (and lacks wisdom enough to decide that the only two reasonable courses of action are A. Learn about the subject or B. Shut the fuck up).
If the backdoors are for law enforcement purposes, why, then Cisco is simply being a Patriotic Corporate Citizen and Doing Their Part to help Stop Internet Crime etc etc. If this became a big controversy, all it would take is for one politician or one media outlet to talk even more about how wiretapping/remote logging ability is For Your Own Good and for the sole purpose of Stopping Al-Queda or whomever the convenient bogeyman of the day may be (because Oceania has always been at war with Eastasia). Rest assured that there will be such a device/tactic handy to drown out any kind of reasonable debate about the subject, should it ever become a serious issue.
The belief that a company which implements poor practices--such as undisclosed, intentional security hazards like backdoors--can "kiss their ass good bye" presupposes a market that consists entirely of informed, educated buyers who understand all security ramifications of their buying decisions (and such "features" that come with the package) and who always look after their own interests. Furthermore it assumes that they have enough sense to disregard any and all statements (on principle alone, as such claims have zero credibility) from any third parties who claim to know what is best for them, if only their particular set of restrictions were implemented. You will find that this last item is becoming lost upon us, especially in the USA.
I find this presupposition to be entirely unrealistic, and for that reason open-source alternatives can only possibly be a good thing, even if only because they give the established solutions such as those offered by Cisco a reason to avoid growing complacent.
It is a miracle that curiosity survives formal education. - Einstein
Except that the 'uninformed masses' are not ciscos main market.. we arent talking about twinkees here... ( and i know of one case where a bakery chain went down hard, due to one mistake.. the 'general public' understood what happened, and the place was out of business in 6 months, after nearly 100 years of being in the business )
Most of Cisco's market undersands the technology and security ramifications, and i think they would drop cisco in a heartbeat if this were to happen. Or at least i would hope they would...
---- Booth was a patriot ----
When you deal with enterprise customers, you no longer compete based on money. If you truly have a need to enterprise level routers, what it means is that millions upon millions of dollars worth of business is dependant on this, and you will not try to save $50k by going with an open source solution.
These guys know absolutely nothing about the market they are dealing with. It's a joke, really. The only thing I can think of a reason why these guys even are wasting their time is that they are hoping Cisco will buy them, but I hope Cisco just let's them hang themselves out to dry.
Remember, the people who make the decision to buy network equipment don't want to get fired because they save 80% on a 50k router. Saving $40k won't get them a promotion but having millions of dollars worth of business interrupted because of that will get them fired.
This is the pitch that Cisco sales people will be making, and trust me, it's going to work. Who will risk their job just to prop up this ridiculous open source company, especially when an enterprise customer has deep pockets to deal with?
Lesson #1: Enterprise customers don't care about price, they care about reliability. As the old adage goes, no one gets fired for buying IBM/Cisco/Microsoft, etc. Mainly because when a problem occurs, there's a huge company that can be held accountable, not some fly-by-the-night startup.
To a point, I agree with you. I like hardware; it just works. Flash back to several years ago when WinModems were first introduced... Remember what a disaster they were, especially for anyone who didn't fit the anticipated M$-using profile? They were cheaper yes, but also lower quality, more proprietary, and OS-dependent when compared to hardware modems. It was not very long until anyone buying a modem had to shop around very carefully to avoid being stuck with this type of shit. Because I do not use any Microsoft software (but they make decent mice), this was my experience before broadband became available in my area.
I don't want to see this happen to routers. With the reliability/availability that is usually demanded of a router, and the fact that routers are typically only implemented by either a knowledgable user or a hired technician, I do not anticipate this will actually be a problem.
However, I have encountered your "oh well they usually learn" arrogance before. Hell, from time to time I might display this myself. You know, the idea that anyone who disagrees with you or who wants to use a different solution for their needs than what you would use could only be suffering from a lack of education and must not have any valid point. It's just a dismissal. Dismissal is a favorite tactic of otherwise logical, composed people who do not care to truly examine a particular issue and are not honest about this unwillingness upfront.
The main question your post raises for me is that there is an unstated assumption there that Cisco is absolutely dominating this market (which I do not dispute) and is therefore THE sensible choice (this is the part I find questionable). Support contracts, features, performance, blah blah blah... To me these are not the central issue because you can get your desired balance of these by shopping around. So, just explain this one thing to me - how is a majority Cisco marketshare good for anyone other than Cisco?
FYI, I agree that software routers cannot match the raw performance of dedicated specialty hardware, but I also agree that fire is hot and liquid water is wet. I get the impression that neither Xorp nor any other software router is going to be marketed to Fortune 100 companies in an attempt to directly compete with Cisco, but rather is intended for small to medium sized networks. How many mom-n-pop setups and local businesses ever turn into multimillion dollar enterprises? For this reason I do not consider the "they all migrate one day" statement to be the showstopper that you seem to believe it is.
It is a miracle that curiosity survives formal education. - Einstein
Most of the comments I've been reading sound a lot like the big iron computer makers when they saw an Apple ][ back in the day. The point of this product is not to compete with the high end, but the middle. There are plenty of cases where a $5000 router and a big service contract just don't make sense. Sure, I drool over our Cisco switch, but for most IT departments, Cisco is more expensive than necessary. The market really does need a middle player. I hope this is it.
"Well, good luck finding a judge that doesn't run a bestiality site."
Being a veteran of the Cisco Networking Academy - I survived the courses with only a handful of brain hemmorhages - I hope that an open alternative to Cisco's software will accomplish the following, as these are the problems I observed in Cisco's products...
1. Cisco's IOS interface is about as clear as a brick wall. Granted, this is an incredible form of idiot-proofing - the interface makes sense, once you study everything there is to know about it. However, you absolutely positively can -not- log into a Cisco enterprise router and have even the foggiest idea as to what's going on unless you've studied them before. Furthermore, the IOS does as little for you as possible, which is a good thing from a security standpoint... However, it would be nice if there was a work-around - a nice, clean GUI or something, accessible only from a physical connection to the router, perhaps - so people that haven't spent nearly a decade busting their brains over the hardware can at least perform basic maintenance.
2. Dropping the cost of good routing and switching hardware would be wonderful. The routers and switches my school had cost in excess of $2,500 each, sometimes more, and they were older models at that. Furthermore - and this ties back into the previous statement - not having to hire people with four to eight years of schooling behind them just to manage a damn router would also drop the cost of managing an enterpise-grade network. (Granted, the people that are most likely to want to purchase this kind of hardware probably also have the money to do so, but at any rate, that's no small wad of cash.)
3. I personally think it'd be really nice to be able to actually go in and tweak the hardware and software with a much greater level of precision than what Cisco's IOS allows. This would also allow for you to expand your harware without actually having to buy or build another router. I can't help but wonder if there'd be any point or improvement in clustering a home-made router and switch... Or a server, or whatever. Long story short, being able to actually reach in and mess with the stuff without violating some kind of warranty would be nice.
I'm not about to say that Cisco is bad as a company. Cisco and their subsidiaries - Linksys immediately comes to mind - provide excellent service, and their products aren't half bad either. There are simply some issues that could be resolved by actually having access to the codebase of the software and being able to manipulate the hardware, in addition to new possibilities unlocked by the same. Cisco's track record aside, though, this is really a step in the right direction. The next thing I'd like to see are some people seeking to break into the business coming in with keyboards and soldering irons blazing, to see what can be done with this software - and some new hardware to go with it. Additionally, to make this program attractive to big business, it's going to have to make serious strides in terms of how much it can support, but if the project doesn't tank, that'd be great.
UDP does use IP, but it's fairly common for UDP to blast away with a bunch of small packets that don't have the flow-control behaviour of TCP. Cisco uses specialized hardware partly because ASICs are cheap and partly because they've never used fast enough CPUs. Some of the AIM modules do make sense - 3DES is heavy-duty bit-twiddling which wasn't designed for modern CPUs, but as AES becomes more popular, you really won't need accelerators, and a cheap Intel CPU can still handle a couple of T1s worth of IPSEC without any help.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Try storming a cisco box with massive amounts of small UDP packets and see how well it copes. UDP is done in full software mode, you can't use CEF etc on UDP.
You just proved what I was saying above (and what the GP was saying in his post): it's not only the software. If you force the router to process everything in software (as in your example with UDP packets), it will quickly reach its limits.
Why is trusted computing a problem for OSS?
Because implicit in OSS is the requirement that the people who own the computing equipment want to be able to trust it.
In contrast, implicit in TC is the desire of certain people to grab control of equipment which they do not own and make it do what they want, so that the owner of the equipment can no longer have trust in it.
It should be obvious that there is an inherent incompatibility here. The content providers want our computers to be a delivery platform trusted by them instead of a computing platform trusted by its owner.
In effect, they are looking for a delivery platform lease model but are expecting us to pay outright for equipment which they will control and hence which they actually own. Clearly this can't work.