Slashdot Mirror
Open-Source Router to Take on Cisco?
ickypick writes to tell us that CNN is running an article about the emergence of an OpenSource Router product, currently in Beta, that targets mid-size enterprise customers for about one-fifth the cost of current enterprise networking giants' hardware. From the article: "The machine runs on two Intel chips, but far more noteworthy is its software, known as XORP, or extensible open router platform. The versatile open-source application can direct data traffic for a giant corporation as easily as it can manage a home Wi-Fi network." The current release is available for download from Vyatta's web site."
Seems like everything is Open Source now. (No, I am not complaining, i am backing it)
.... You name it.
We have Routers, Firewalls, IDS/IPS's, OS's, Word Processors, Spreadsheets, Presenting software. Hell. I would love to see an experiment where an entire corporate network was made, entirely of Open Source products (except for the hardware of course). From Routers to firewalls to
That would be an interesting, and totally free network.
Also very complicated
For a router, its mostly in the hardware, if it can keep up with real-life data rates.
Software is secondary..
---- Booth was a patriot ----
This is good since I always wonder how many back doors are in Cisco routers for Law Inforcement purposes.
Cisco's biggest advantage is their support network. I have yet to ever have a client that didn't buy smartnet with any of their gear.
Granted, some of their "engineers" leave a lot to be desired, but still, PHB's like the warm fuzzy feeling.
Make money? This better be good hardware running good software, because otherwise people are just going to say "fsck it, nobody was ever fired for buying Cisco". Why? Because Cisco actually works.
Yes, OSS community, your adversary actually works this time. Beware.
So who do you call when the thing breaks?
With Cisco, I call the rep, and they have a replacement device in our datacenter within the hour, and we load up the config and get it fixed.
Doubt you'll get that kind of service here, and that's what you pay for with Cisco.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Dont you mean FreeSCO?
and that runs on pc hardware, this appears to be on custom hardware that can actually do the job. Using pc hardware only works for a small business.. the bandwidth isnt there.
---- Booth was a patriot ----
It can turn my old AMD K5 machine into a top-end Cisco machine. Does anyone have a spare ISA network card?
Initial funding to develop XORP is provided by Intel and the National Science Foundation. Further funding has been provided by Microsoft Corporation and Vyatta. We are extremely grateful for their support.
And this is a problem why? Some of us dont agree with the concept of the GPL in the first place.
If they choose not to use GPL, bsdish doenst make them bad, it makes them more free, with fewer restrictions.
---- Booth was a patriot ----
Generally, bash is superior to python in those environments where python is not installed.
Grep. Gimp. Kugar. Krita. Kexi. LaTex. Tcl. And now, the piece de resistance - xorp.
Why route when you can XORP!
Imagestream has been doing this for ~8 years now ... course they provide support and all the hardware but this is doable. After all a DS3 Imagestream Rebel is only a P3 Intel and 256mb upgrade. Still it is another step in proof that cisco is not the networking god PHB's think.
I'm told you are what you eat, does that mean I can be you by tomorrow with some A1?
This could be a hit, if the costs keep down, for the small-medium business and home broadband markets. But I have trouble seeing how this will take significant market share in the Enterprise except for perhaps edge or LAN devices. For one thing, you pay Cisco, Juniper, Foundry, whomever for wire-speed implementations (among other issues) that rely largely on the ASICs and the overarching hardware architecture, beyond just the OS.
6 2391 for more info.
For the home market, there are already open-source software solutions such as for the Linksys WRT54-series wireless router, which is itself based on the GPL. See http://www.wi-fiplanet.com/tutorials/print.php/35
Until someone funds an open-source chip foundry, these won't replace the core.
The largest impediment is not software, but hardware. The two benefits to a Cisco are that (A) there is someone who *will* fix your problem for a fee, and (B) You can buy an interface card for ANY network type out there.
As for (A), the same will likely become available for this if it isn't already.
(B) is a lot harder. When you get into odd network types and high-speed telco lines, it becomes a bit more difficult - it isn't as easy as just calling your Cisco salesmonkey and buying the card you need.
It should be noted, however, that adding a card to a Cisco isn't always painless. I've had to upgrade the OS - which involved upgrading both memory and flash - just to support another ETHERNET card. How many decades has Ethernet been around for, and they want an OS upgrade to support one? And only to support an additional card, the built-in ethernet worked just fine.
Right now, we're using a Linux router for ethernet routing within our data center, which it handles just fine. As soon as our Sangoma cards show up, it's also going to handle a T3 to our office as well - but only clearchannel, we can't split it between phone and data (as I'd like to do.)
A while back, I had a rather perverse thought. You can hook up a LOT of interfaces to a high-end Cisco, and most routed telecom isn't very high-bandwidth. A T3, at a measly 45 megabit, is still very small considering the throughput of today's hardware. An OC3, at 155 megabits, still isn't much. The perverse thought was that if someone would come up with T1 and T3 modules with integrated CSU/DSUs that connected via USB or firewire, you could stuff a machine chock-full of 4-port controller cards, and be able to hook up 20 or more interfaces very quickly, and easily. In theory, each USB controller card *should* be able to push the ~200 megabits without much trouble, and even a plain old 32/33 PCI bus could *almost* handle the 110 MB/s of all 20 lines at full-tilt. Realistically, however, I do know that USB has many deficiencies which entirely prevent it from fulfilling that task.
Oh, you're not stuck, you're just unable to let go of the onion rings.
As I understand it, there's already this open source routing software called "Linux". I sysadmin at a medium sized financial trading house, and managed to toss out our two Cisco routers a year or so ago. I replaced them with Gentoo Linux boxen running the standard IP stack and routed, on office ready Dell PCs (with a couple of extra ethernet and fibre cards as appropriate). And you know what? It's been even more reliable, less downtime for patches or crashing or hardware failure. I'm not likely to go back to Cisco until I see the same standard of freedom and quality in their code that I do in Linux.
This is all assuming I'm willing to go unsupported, of course.
1) By far the most important is what kind of interfaces can I get for it. Of course I can get ethernet but what about T1, DSL, SONET, etc. If all this does is route packets over ethernet, which I then need to plug in to another router to get to my WAN, that's not so useful. I'd say over 90% of the Cisco routers I see in business are for WAN connections. If you are going to have to buy those anyhow, then what's the point?
2) What kind of load can it handle? Having something that can do a gig is all well and good, but can it still do a gig with 20,000 clients generating 50,000+ connections? That's where many budget routers and firewalls fall flat. They do everything in software so they can do the traffic no problem, but it's the concurrency that kills them.
3) Does it support layer-3 switching? That's where you in effect route the first packet of a flow and switch the rest. Leads to much lower impact on the router, and lower pings. Can't do it going from one media to another, but for internal routing it's the way to go.
This is, as mentioned, not considering support. I mean it's all well and good to slap some NICs in a system, load an OS that can route traffic, and call it a router/firewall/whatever, but it's something else entirely to see that survive under a real load. We see that all the time on campus when we test new potential devices. They promise gig throughput, something I have no doubt they deliver, and less than we use, but they instantly crash when exposed to our network. Why? Well we have like 30,000-40,000 comptuers or so that generate hundreds of thousands of concurrent connections. They just aren't equipped to process that kind of load and they stop passing traffic. The Ciscos, however, that compose the entire core, edge, and distribution parts of the network, operate without problems.
Microsoft built an empire out of OSS (using OpenBSD). Linux tries to compete with their own, better, product. However, companies are still resistant due to "support issues" (how much support did you actually get from M$ last year, though?) and familiarity.
Cisco built an empire out of Netlib, etc. Vyatta will try in vain to take a slice of the pie, but companies again will "go with what they know".
This is how the vast majority of us have ended up with rubbish IT setups, and those amongst us who care about quality etc. get modded "Troll" for ranting about it.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
This seems to be alittle late to be jumping into this market. Most of the big players are starting to switch over to multilayer switching. Software routers are only needed where you need to do something like NAT or firewalling.
If your big enough to need a routing protocol like BGP, your going to need some serious hardware. Software based routers running on off the self hardware are fine for 100mbit ethernet routing, but beyond 100mbit you need some specialized hardware.
I really don't see any advanage this system has over a linux router with the usual tools(zebra/quagga, ip, ifconfig, iptables, ebtables, etc...)
God, root, what is the difference?
The game has long since moved from just forwarding packets to providing intelligence in the network. Now companies want integrated security, voince, application intelligence and application (l5-L7) optimization, QOS, high availability, etc.. none of which you'll find in an open source router. This is why the networking companies stay in business. If companies wanted cheap packet forwarders, they would have bought linksys, 3com, huawiei, hp or any other me-too commodity router. They didn't and Cisco won.
--- RFC 1149 Compliant.
The number 1 problem with Xorp is that it supports only a tiny fraction of standard Internet routing protocols. They don't have the developers to support anything more than a bare-bones software router. If you're only going to use what they have, it's no big deal. (NOTE: I am only including actual common routing protocols, here. There are over 150 routing protocols defined and implemented by somebody, but few routers support more than 3% and only the Really Major Routers even pass the 10% mark.)
The number 2 problem is that it lets the native OS deal with all of the QoS. This means that Xorp isn't guaranteed to behave the same on different platforms. It's not a lethal problem and some (including the Xorp developers) consider it a major bonus. I'm not convinced it's a good thing, though. It makes multicasting very confusing.
The final problem is that Click will normally be run as a kernel module, but Xorp is in userspace. This means you've a LOT of context switching when running in such a mode. Because you want minimum latency, the overhead of pushing packets into userspace in the first place might not be efficient enough.
I believe Xorp to be a good product. It is also the ONLY software router that is (a) Open Source and (b) being maintained (Quagga, Zebra and MRT are all dead, and GateD was withdrawn). I don't know if the Xorp group want more core developers, but I desperately hope that third-party developers offer patches and modules for it to beef up the abilities.
(Linux is an important software router. NetBSD and OpenBSD could be, if the routing software was good enough. The three of them should have the low-to-medium router market totally sewn up in no time flat, in a very short timeframe. That won't happen, though, if there's not enough independent interest and support.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
i find this feasible. It's a BSD-style license (wink wink, nudge nudge) so this means it's perfectly applicable for an "embrace and extend" operation.
Eddie Kohler, whose PhD thesis at MIT was the Click modular router (which from what I understand turned into the "engine" behind XORP), is one of the principal designers and developers of XORP. They published a paper at NSDI last year, which you can read here (Warning: PDF). It states very clearly what the goal of XORP is, and how well it performs. Quite interesting.
Cisco's market share year to year over the last 5-6 years has bounced from a near-dominating 80% to as low as 50%...and it's swung that much in ONE year.
That must be some definition of "lock" I'm not familiar with...
Please help metamoderate.
Except that the 'uninformed masses' are not ciscos main market.. we arent talking about twinkees here... ( and i know of one case where a bakery chain went down hard, due to one mistake.. the 'general public' understood what happened, and the place was out of business in 6 months, after nearly 100 years of being in the business )
Most of Cisco's market undersands the technology and security ramifications, and i think they would drop cisco in a heartbeat if this were to happen. Or at least i would hope they would...
---- Booth was a patriot ----
There are companies releasing high-end networking products that are nothing more than a PC motherboard and their software. A while back, one of the load-balancer companies (I think it was f5, but I don't recall for sure) contracted with Tyan to build their motherboards, with 4 (or more ) gigE controllers, each on it's own PCI-X bus, and Tyan also sold the board to the public.
The main reason that Cisco doesn't use commodity PC parts in their low- to mid- end routers is that if people knew they were getting nothing more than a $4,000 PC for their $15,000, they'd be pretty pissed. Also, there would be that many more people trying to "crack" IOS to make it run on white-boxes, and that opens up a whole new line of revenue drain for Cisco. (Not that people don't obtain unlicensed copies for their Cisco hardware, though...)
Oh, you're not stuck, you're just unable to let go of the onion rings.
OpenBSD ships with its own RIP, BGP and OSPF daemons. Its BGP daemon is BY FAR better than xorp and quagga, and its BSD licensed of course. OpenBSD is already a fantastic software router, maybe you should try using it instead of ignorantly telling us what it "could be"?
Further funding has been provided by Microsoft Corporation
XORP is licensed under BSD, thus it is not only extensible but embraceable as well. Microsoft likes anything it can embrace and extend.
The Windows NT TCP/IP stack is substantially made up of lifted BSD-licensed code anyways (or at least started out that way). I imagine "Vista Server" could be equipped with "innovative", "advanced" routing capabilities compliments of XORP.
How is this any better than Smoothwall? Smoothwall has incredibly easy setup routine and a dynamite interface. Want top notch support? Buy the commercial version.
To a point, I agree with you. I like hardware; it just works. Flash back to several years ago when WinModems were first introduced... Remember what a disaster they were, especially for anyone who didn't fit the anticipated M$-using profile? They were cheaper yes, but also lower quality, more proprietary, and OS-dependent when compared to hardware modems. It was not very long until anyone buying a modem had to shop around very carefully to avoid being stuck with this type of shit. Because I do not use any Microsoft software (but they make decent mice), this was my experience before broadband became available in my area.
I don't want to see this happen to routers. With the reliability/availability that is usually demanded of a router, and the fact that routers are typically only implemented by either a knowledgable user or a hired technician, I do not anticipate this will actually be a problem.
However, I have encountered your "oh well they usually learn" arrogance before. Hell, from time to time I might display this myself. You know, the idea that anyone who disagrees with you or who wants to use a different solution for their needs than what you would use could only be suffering from a lack of education and must not have any valid point. It's just a dismissal. Dismissal is a favorite tactic of otherwise logical, composed people who do not care to truly examine a particular issue and are not honest about this unwillingness upfront.
The main question your post raises for me is that there is an unstated assumption there that Cisco is absolutely dominating this market (which I do not dispute) and is therefore THE sensible choice (this is the part I find questionable). Support contracts, features, performance, blah blah blah... To me these are not the central issue because you can get your desired balance of these by shopping around. So, just explain this one thing to me - how is a majority Cisco marketshare good for anyone other than Cisco?
FYI, I agree that software routers cannot match the raw performance of dedicated specialty hardware, but I also agree that fire is hot and liquid water is wet. I get the impression that neither Xorp nor any other software router is going to be marketed to Fortune 100 companies in an attempt to directly compete with Cisco, but rather is intended for small to medium sized networks. How many mom-n-pop setups and local businesses ever turn into multimillion dollar enterprises? For this reason I do not consider the "they all migrate one day" statement to be the showstopper that you seem to believe it is.
It is a miracle that curiosity survives formal education. - Einstein
Most of the comments I've been reading sound a lot like the big iron computer makers when they saw an Apple ][ back in the day. The point of this product is not to compete with the high end, but the middle. There are plenty of cases where a $5000 router and a big service contract just don't make sense. Sure, I drool over our Cisco switch, but for most IT departments, Cisco is more expensive than necessary. The market really does need a middle player. I hope this is it.
"Well, good luck finding a judge that doesn't run a bestiality site."
Being a veteran of the Cisco Networking Academy - I survived the courses with only a handful of brain hemmorhages - I hope that an open alternative to Cisco's software will accomplish the following, as these are the problems I observed in Cisco's products...
1. Cisco's IOS interface is about as clear as a brick wall. Granted, this is an incredible form of idiot-proofing - the interface makes sense, once you study everything there is to know about it. However, you absolutely positively can -not- log into a Cisco enterprise router and have even the foggiest idea as to what's going on unless you've studied them before. Furthermore, the IOS does as little for you as possible, which is a good thing from a security standpoint... However, it would be nice if there was a work-around - a nice, clean GUI or something, accessible only from a physical connection to the router, perhaps - so people that haven't spent nearly a decade busting their brains over the hardware can at least perform basic maintenance.
2. Dropping the cost of good routing and switching hardware would be wonderful. The routers and switches my school had cost in excess of $2,500 each, sometimes more, and they were older models at that. Furthermore - and this ties back into the previous statement - not having to hire people with four to eight years of schooling behind them just to manage a damn router would also drop the cost of managing an enterpise-grade network. (Granted, the people that are most likely to want to purchase this kind of hardware probably also have the money to do so, but at any rate, that's no small wad of cash.)
3. I personally think it'd be really nice to be able to actually go in and tweak the hardware and software with a much greater level of precision than what Cisco's IOS allows. This would also allow for you to expand your harware without actually having to buy or build another router. I can't help but wonder if there'd be any point or improvement in clustering a home-made router and switch... Or a server, or whatever. Long story short, being able to actually reach in and mess with the stuff without violating some kind of warranty would be nice.
I'm not about to say that Cisco is bad as a company. Cisco and their subsidiaries - Linksys immediately comes to mind - provide excellent service, and their products aren't half bad either. There are simply some issues that could be resolved by actually having access to the codebase of the software and being able to manipulate the hardware, in addition to new possibilities unlocked by the same. Cisco's track record aside, though, this is really a step in the right direction. The next thing I'd like to see are some people seeking to break into the business coming in with keyboards and soldering irons blazing, to see what can be done with this software - and some new hardware to go with it. Additionally, to make this program attractive to big business, it's going to have to make serious strides in terms of how much it can support, but if the project doesn't tank, that'd be great.
In fact, there was nothing there that covered multicasting, mesh, overlay, wireless or hybrid networking. There was nothing there for secure routing, either.
That gives 6 out of 150 and only a fraction of the areas routing protocols have been written for. And this is supposed to impress me? Who the hell are you kidding? These are also stand-alone daemons, not kernel-space routing code.
Oh, and I stopped using OpenBSD when I moved over to MirBSD - it has the security of OpenBSD but far more software and less of an asshole crowd. But, then, anyone whose followed my posts would know this, rather than ignorantly telling me what I'm supposedly ignorant on. (They'd also know I've been using the *BSDs since 1990 - which, I would guess, is somewhat before yourself.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
2004 Cisco backdoor
2006 Cisco backdoor
Every machine doubles as a source of spare parts. When everything is built on as same/similar hardware as reasonable, sourcing parts in timing-critical situations becomes much easier.
UDP does use IP, but it's fairly common for UDP to blast away with a bunch of small packets that don't have the flow-control behaviour of TCP. Cisco uses specialized hardware partly because ASICs are cheap and partly because they've never used fast enough CPUs. Some of the AIM modules do make sense - 3DES is heavy-duty bit-twiddling which wasn't designed for modern CPUs, but as AES becomes more popular, you really won't need accelerators, and a cheap Intel CPU can still handle a couple of T1s worth of IPSEC without any help.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Try storming a cisco box with massive amounts of small UDP packets and see how well it copes. UDP is done in full software mode, you can't use CEF etc on UDP.
You just proved what I was saying above (and what the GP was saying in his post): it's not only the software. If you force the router to process everything in software (as in your example with UDP packets), it will quickly reach its limits.