Slashdot Mirror
Open-Source Router to Take on Cisco?
ickypick writes to tell us that CNN is running an article about the emergence of an OpenSource Router product, currently in Beta, that targets mid-size enterprise customers for about one-fifth the cost of current enterprise networking giants' hardware. From the article: "The machine runs on two Intel chips, but far more noteworthy is its software, known as XORP, or extensible open router platform. The versatile open-source application can direct data traffic for a giant corporation as easily as it can manage a home Wi-Fi network." The current release is available for download from Vyatta's web site."
This is good since I always wonder how many back doors are in Cisco routers for Law Inforcement purposes.
Cisco's biggest advantage is their support network. I have yet to ever have a client that didn't buy smartnet with any of their gear.
Granted, some of their "engineers" leave a lot to be desired, but still, PHB's like the warm fuzzy feeling.
Dont you mean FreeSCO?
and that runs on pc hardware, this appears to be on custom hardware that can actually do the job. Using pc hardware only works for a small business.. the bandwidth isnt there.
---- Booth was a patriot ----
For this to happen it must be in the right order:
1) OSS proponent founds business
2) business grows and stayes with OSS
3) Lower expense in IT infrastructure
4) 1/profit!
Really though, the hard part is winning over an existing business. Starting up with OSS would be magnatudes easier than converting.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
This could be a hit, if the costs keep down, for the small-medium business and home broadband markets. But I have trouble seeing how this will take significant market share in the Enterprise except for perhaps edge or LAN devices. For one thing, you pay Cisco, Juniper, Foundry, whomever for wire-speed implementations (among other issues) that rely largely on the ASICs and the overarching hardware architecture, beyond just the OS.
6 2391 for more info.
For the home market, there are already open-source software solutions such as for the Linksys WRT54-series wireless router, which is itself based on the GPL. See http://www.wi-fiplanet.com/tutorials/print.php/35
Until someone funds an open-source chip foundry, these won't replace the core.
This seems to be alittle late to be jumping into this market. Most of the big players are starting to switch over to multilayer switching. Software routers are only needed where you need to do something like NAT or firewalling.
If your big enough to need a routing protocol like BGP, your going to need some serious hardware. Software based routers running on off the self hardware are fine for 100mbit ethernet routing, but beyond 100mbit you need some specialized hardware.
I really don't see any advanage this system has over a linux router with the usual tools(zebra/quagga, ip, ifconfig, iptables, ebtables, etc...)
God, root, what is the difference?
As for 'custom hardware', when you get to the point that you need to route 10gig-e at line-speed, then you buy 'custom hardware'. Below that, you drop in quad 100m cards into a linux/BSD box and run something like quagga (or now XORP). I'm willing to bet that not many people here have many routers that really need those kinds of line speeds, so we can all white-box it for a small fraction of the price. I know my linux (100meg) router gets a once-a-year reboot for kernel upgrades. My linux NAT at home gets rebooted every time the power goes out longer then the UPS can handle...
The only other thing that you can't get with open source is cisco hot-failover. And from the people who need that level of reliability, you can't get that from cisco either. :) To be fair, it works now, but they were selling it for quite a while in a very VERY buggy state. I'd be very exited to see an open-source router project that handles paired or triad server configurations with VIP and lockstep state updates, for true multipath redundancy. Good luck on that one, though.
You would indeed think so, and the hardware seperates a normal workstation from doing a job of a router (succesfully, anyhow).
However, the Operating System nowadays means the difference between a £600 price tag and a £1800 price tag on the 1800 series. Often the offerings from Cisco involve the same hardware but a different (more capable) version of IOS. The software really does create a large premium for the networking giants, and it's not just Cisco that this can be seen at
The game has long since moved from just forwarding packets to providing intelligence in the network. Now companies want integrated security, voince, application intelligence and application (l5-L7) optimization, QOS, high availability, etc.. none of which you'll find in an open source router. This is why the networking companies stay in business. If companies wanted cheap packet forwarders, they would have bought linksys, 3com, huawiei, hp or any other me-too commodity router. They didn't and Cisco won.
--- RFC 1149 Compliant.
Wrong.
Cisco IOS does nearly everything in software actually. Only on the big iron and catalyst based routers do you have dedicated hardware for packet forwarding. Try storming a cisco box with massive amounts of small UDP packets and see how well it copes. UDP is done in full software mode, you can't use CEF etc on UDP.
Might have changed in the two years I've been away from the networking world, but I don't really think so.
The slightly older 3600 series for example is just a normal PC in essence. RISC MIPS CPU, PCI for the network modules, flash for the OS.
What the do is distribute load instead. Same thing there, the older 7500 series has the CyBys architecture, where each line card is basically a separate router talking to each other over a backplane and a RSP to hold master databases and keep sync.
Yes, the Cisco 7600 has dedicated hardware for forwarding, but that is because it really is a catalyst 6500 switch under the hood.
Granted, many of the interface cards do a lot of processing for that media, framing etc, which keeps load of the main CPU. But what it comes down to is that IOS is quite efficient at doing what it does, which is forward packets.
If you want to learn more, I can strongly recommend the book "Inside Cisco IOS Software Architecture" from Cisco Press, ISBN: 1578701813
I found a fast warez site: http://warez.it.kth.se
Why not the hardware too? With all the talk of MS trying to lock down hardware with "trusted computing", why shouldn't the hardware be open as well?
What about my chosen name, which means "webmaster called rachel", suggests I might post nude pics? BUAG pics, maybe. If you know what that means, I might post one just for you. Otherwise, quit trolling me cos of a minor glitch in my post. just because I forgot that it might be Berkeley UNIX that was wholeheartedly pirated into Windows and not FreeBSD, doesn't make the post any less important, because they still stole other peoples freely available work and branded it just like Cisco did (see numerous headlines about their use of Netlib). I shouldn't feed trolls, but today I am one so there!
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
There are companies releasing high-end networking products that are nothing more than a PC motherboard and their software. A while back, one of the load-balancer companies (I think it was f5, but I don't recall for sure) contracted with Tyan to build their motherboards, with 4 (or more ) gigE controllers, each on it's own PCI-X bus, and Tyan also sold the board to the public.
The main reason that Cisco doesn't use commodity PC parts in their low- to mid- end routers is that if people knew they were getting nothing more than a $4,000 PC for their $15,000, they'd be pretty pissed. Also, there would be that many more people trying to "crack" IOS to make it run on white-boxes, and that opens up a whole new line of revenue drain for Cisco. (Not that people don't obtain unlicensed copies for their Cisco hardware, though...)
Oh, you're not stuck, you're just unable to let go of the onion rings.
For a router, its mostly in the hardware, if it can keep up with real-life data rates.
Not anymore. We've recently got a new Cisco router for around $2000 which turned out to be a box with 3 100-Mbit ports. And for separate $2000 a (separate) firewall box with 4 100-Mbit ports.I am certain that a Linux box with an opteron 1xx, couple of 64 bit PCI slots and a couple of Intel 4-port cards would be just as fast and vastly more configurable at a lower price.
In fact, there was nothing there that covered multicasting, mesh, overlay, wireless or hybrid networking. There was nothing there for secure routing, either.
That gives 6 out of 150 and only a fraction of the areas routing protocols have been written for. And this is supposed to impress me? Who the hell are you kidding? These are also stand-alone daemons, not kernel-space routing code.
Oh, and I stopped using OpenBSD when I moved over to MirBSD - it has the security of OpenBSD but far more software and less of an asshole crowd. But, then, anyone whose followed my posts would know this, rather than ignorantly telling me what I'm supposedly ignorant on. (They'd also know I've been using the *BSDs since 1990 - which, I would guess, is somewhat before yourself.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
2004 Cisco backdoor
2006 Cisco backdoor
I have a Cisco 3620 router, maxed out on RAM, that couldn't even keep up with my fiber internet connection. I know it is an older router, but even with a NM-2FE2W (100Mbps) network module, it could barely do over 10Mbps. The performance specs on Cisco's site says 10-20Mbps, and with IP inspection and access lists enabled, it could maybe do 13Mbps at the most. I decided to buy an IBM x300 eSeries on eBay for $250 and run m0n0wall on it. Sure as hell beats the performance of any Cisco product for that price, and also can support much higher speeds for when my fiber service gets even quicker :) It might not have all of the features of Cisco (which I majorly miss), but I like to be able to use the speed of my connection I am paying for.
another nice thing about running a *nix box as a router is that the logical layers are all done using a generic CPU. in cisco boxes, its done on specialized hardware. and this is holding back the rollout of IP6, because you have to either update the whole cisco box (costy plenty) or get a performance hit as the cisco boxes dont often have much of a cpu (thanks to those specialized IP4 chips doing all the hard work)...
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Every machine doubles as a source of spare parts. When everything is built on as same/similar hardware as reasonable, sourcing parts in timing-critical situations becomes much easier.
Put in more RAM. Use RAM drive, boot from a CD. If a CD drive fails, borrow one from another machine and you are back up. If the CD itself fails, make a new one from its image saved on the server. If any other part fails, do the same you would do in case of a failed CD drive.
Everything has a limited lifetime. So count with it and design from mutually replaceable parts you have plenty of around.
Besides, the person whose computer you just cannibalized can be the same person who will have to be sent out to buy parts anyway, therefore their downtime caused by taking their machine apart does not have to be counted.
I'd just like to say... it seems that the average person views a router as something with a few ethernet ports that routes packets. I only see about a dozen 'modules' on this XORP package, that's pretty tiny compared to the 250 or so modules that we / and or Cisco may have which include layer 1 drivers for specialised interfaces (non ethernet) and many specialised layer2 protocols (non IP). most of the routers we sell are to customers wanting to (for example) connect thier obscure TPAD terminals to thier X.25 network which runs over ISDN/Frame relay, In this example IP/Ethernet never come into the picture. XORP could never 'kill' Cisco or anyone else making real routers.
Perhaps not Linux, but BSD....
pfSense, VRRP, CARP, et al. Hot failover is a reality, and I use no Cisco equipment, although I am Cisco certified. I'm intentionally making due with all free/open source. Call it an experiment in sanity, but my company (it IS mine) is going down this path very deliberately. We'll see how things pan out in a year or two. pfSense is getting ready to hit 1.0. I'm really liking it so far, my only gripe at teh moment is that configuration is nearly 100% web based, adn no console.
Karma: Chameleon (mostly due to the fact that you come and go).
"Most of the white-box server manufacturers just buy cheap Chinese-designed crap for power supplies, fans, motherboards, and so on, with no real quality control, testing, or engineering involved."
As far back as any of my Ciscos and servers go (almost a decade), I've had *one* power supply failure out of 20-something servers that have been in use, and that was in a box that yes, was a cheap box - with ten of them in a load-balanced pool, we don't need the expensive stuff. But of any of the servers of any consequence - and the Cisco - I have yet to have a power supply fail.
As for fans, luckily, the Ciscos haven't died, either. But if they did, on some, it would take just *one* fan to fail, and the unit would be toast. As a comparison, many of my servers have 6-14 fans, in redundant push-pull pairs. To make it better, if a fan dies, the rest of the fans SPEED UP to compensate.
And you also have to look at the turnaround time for a replacement. If I don't have a spare for each sitting on a shelf, I can drive three blocks and have a temporary replacement for the PC in twenty minutes - but of course, with the cost savings over a Cisco, you could have an entirely spare machine in place anyway, and still be far ahead in terms of money.
"Yeah, well a Linksys router is vastly cheaper than a Cisco, too. The problem is, it's not very dependable."
Yeah. Those PC-based servers aren't very dependable. The 3+ year uptimes on a dozen machines that I had to kill just to move them to a different facility was just an illusion. And all of the Cisco bugs that have bitten people in the butt were an illusion, too.
You're like the guys who tell me that I need to use a t3 connection to transport data from one side of their data room to the other because ethernet "isn't reliable". I ask them point-blank when the last time they had an ethernet failure was, and so far, they haven't been able to give me a single answer. Yes, occasionally, ethernet cards *do* fail. But so do t3 cards.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
To build one of these routers takes about 4 days, 3 to order and receive the hardware, and 45 minutes to install the OS and copy in my configuration files.
I don't think that there is any such thing as a "Router OS." There are operating systems that make good routers. We've been using OpenBSD for 4 years with no router downtime, no routing failures other than configuration mistakes, and easy management. I wrote several tools to help manage and report on the routers using the net-snmp port and SSH with key authentication.
At home I used Linux for several years before switching to OpenBSD. Again, no problems with either system. I do think OpenBSD makes a better router. To be honest, I never quite got the Cisco dominance, the syntax is easy, but so is OpenBSD. OpenBSD is also much more secure than Linux or Cisco IOS. Also, if an executive needs remote access, I provide him or her with a preconfigured Soekris appliance and one sheet of instructions to plug it into the home network. I can monitor the device from the office, and it makes a closed channel for the business traffic but does not interfere with other computers in the house using the internet connection. At my company, any network staff member can work equally well on any of our routing equipment, because it's all the same. No vendor can yet sell us that.
So, I don't get the comment that Linux, OpenBSD, et al could be "important" routers if the software was better. I don't have any abstract software development philosophy or vague statements to justify my claim that OpenBSD is the best router available. I have 4 years of experience with it, 10 with Cisco, and 10 with Linux. And a salary partly based on the $350,000 I've saved my employer over the past 4 years by ditching Cisco, Checkpoint, and Nortel. My latest challenge is to start working on my CIO to send the OpenBSD project money each year to help them with their work, since they've done so much for us for free. In 2006 I will start sending them 1000 USD a year in recognition of my accomplishments thanks in part to their work. My experience with routers is in the real world, not a research project or /. forums, and it backs up my claim that Linux makes a good router, and OpenBSD is the superior router for my personal and business needs.
Uh, dude, Cisco makes more than 15-year-old low-end shit. Yeah, their really-cheap, really-low-end stuff is a bit more expensive than the competition. But try making a PC route 30 or 40 1-gigabit fiber interfaces like some of the midrange ciscos, and you'll quickly see why Cisco is still in business. The standard PC architecture is not capable of servicing even a single gigabit interface unless you use PCI-X, and even then the CPU is a major bottleneck. Doing more than a couple is impossible.
"But try making a PC route 30 or 40 1-gigabit fiber interfaces like some of the midrange ciscos,"
You're confusing switching with routing. Show me a Cisco that can actually perform all routing functions (including firewalling, NAT, payload inspection, etc.) on 30 or 40 gigabit lines. Sure, you can perform some rudimentary routing functions on their Ethernet switches. Can you hook a few t3s into them? Maybe hook up a couple of OC12s? Can they channelize lines into voice and data? We're talking about different things here.
"The standard PC architecture is not capable of servicing even a single gigabit interface unless you use PCI-X, and even then the CPU is a major bottleneck."
To quote a certain idiot I've heard from, "Uh, dude, PCs come in more than 10-year old low-end shit."
The days when the CPU was a bottleneck for gigabit are long gone. Sure, you could turn off interrupt coallescing which would drive the interrupts up, but we're still not talking about 400 MHz CPUs any more. And guess what... interrupts can be a limitation on a Cisco in pathological cases, too. On a PC, when interrupts or CPU cycles are a problem, you spend a couple grand more and get a few more CPUs - including more interrupt controllers. On a Cisco, you add another zero to the price of your router.
These discussions, when they take place, go round and round on NANOG. People who don't use PCs as routers come up with every reason in the world why they won't work, and then the people who actually DO use them drop some performance numbers that are absolutely astounding.
The real reason why Cisco is still in business is that if you have a problem, they *will* solve it. That problem can be that you need a particular interface, a faster router, a software problem, or just some handholding. If you give them money in sufficient quantities, they *will* take care of it. That's not true of PCs. If you want to point out shortcomings in PC-based routers, that's where you should start.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.