Slashdot Mirror
OS Router Challenges Proprietary Networking
Jane Walker writes "Dave Roberts talks about Vyatta's open source router and how open source technology may soon alter the landscape of enterprise networking." From the article: "Initially, we believe that the x86 PC running Vyatta -- given the range of hardware that's available in the PC world -- can basically replace the midrange of the router market; to use Cisco terminology and model numbers, simply because it's convenient shorthand, basically from the 2800 series to the 7200 series. There's a whole host of equivalent products from Nortel and Alcatel -- but essentially in that range. I wouldn't describe it as Cisco model numbers so much as T1 branch office to gigabit LAN product categories."
I love open source and all, but can a project like this really offer the same number of WIC modules?
I can plug damn near anything into a Cisco router....
Cisco and Juniper offer 24/7 worldwide support. Whether or not it sucks, this is the thing that keeps people cozily asleep at night, knowing that if they have a problem, they have an unchallengeable defense of having bought the best in class support solution (notice I avoid any discussion of h/w, because in the enterprise, h/w without support is worthless).
Yes, Vyatta talks a good game, but 24/7 worldwide support isn't something you build with a few million bucks in VC funding.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Advocate 1: "I work at Oracle by day, but work on Vyatta by night."
Advocate 2: "Well, I work at Cisco by day, but work on PostgreSQL by night"
[awkward pause]
Advocate 1: "Pistols or swords?"
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
Here's why:
1) it takes an RTOS to make things work well. You can grind all the driver code you want, but an RTOS foundation is required with lots of cache
2) only PCI-X bus gets close, and most 1Us don't have it. That gives you a real ceiling in terms of port-port throughput; don't kid yourself
3) the algorithms needed to maintain cross-bar speed are gruesome. You don't find this kind of code in anything but sledge-hammered C and assembler, and code that only a mother (and an embedded systems engineer) could love. There is very little forgiveness here.
Yes, a 1U can make a decent router. But don't kid yourself into believing that you can beat F5, Cisco, Alcatel, etc.
You can certainly embarrass them, but on the high end, it doesn't work.
---- Teach Peace. It's Cheaper Than War.
If you go to Vyatta's website they claim that they are bringing in the "Dawn" of Open Source Networking.
Unfortunately these folks obviously were living under a ROCK for the past 8-10 years and never noticed
things like oh.. IPTABLES, and there has been WAN support in Linux for a long time. Great companies like
Sangoma offer T1 cards etc etc. This is just a bunch of folks trying to cash in on support contracts on
the backs of great open source projects and developers. We shouldn't even be giving them the press! They
are a bunch of HACKS!
You get OpenBGPD and OpenOSPFD all working in concert through the kernel. Oh and did I mention the price? $40.
Brilliant!
I guess those BSD guys have just been playing around all these years.
"To those who are overly cautious, everything is impossible. "
While a company such as Vyatta may be able to deliver the software to actually do the routing, you still need hardware pieces to actually connect to your equipment.
There aren't many PCI (full or half height) cards that can do ATM with OC3, etc....
Then there is the size factor. Data centre space is sparse and expensive, cisco (and such) equipment is built for this space. x86 PCs also run hotter (and louder) than specifically designed hardware from vendors such as cisco, juniper and 3com. oh and they draw more power.
i just can't see how this will take off in the top end of the market.
sure, for a small branch office that connects to frame, isdn, dsl or pstn and runs a vpn it may be fine, but not in a data centre or racked environment.
...they buy "world-class support", but having tried to use said support on occasion, I can say that I feel sorry for the world. Sure, it's better than a kick in the head, but not so much that it's worth the cost. I believe the record for longest repair ever was at the University of Manchester, in England, where a Cisco router corrupted the 1518th byte in every packet (thus only corrupting packets with a 1500 byte payload or 1496 bytes over 802.1q). Took them NINE MONTHS to fix. The first three of those, they denied there was even a problem.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
GateD used to be under a semi-open license. Then there was MRTD, Zebra and Quagga. XORP is said to be pretty good, too. MIT's Click is probably the most versatile, as you can just about script your own routing elements - very pluggable - with the added capability of routing between physical and simulated (eg: NS-2) networks.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
... interesting article on TechWorld: A reality check for open source routing.
My former employer is using three relatively simple Tyan dual Xeons with a couple of Syskonnekt cards to shove 4-5 gigabits per second of traffic over the internet (yes, full routing, and over 240 peers on AMS-IX and NL-IX). Most of that is usenet (http://www.top1000.org/top1000.current.txt look for 'tweaknews') but well over a gigabit is DSL end user traffic and some hosting. Those boxes cost in the order of 7000 euro's a piece, and are about as stable as a cisco running an current IOS (not as stable as you'd like). 7 grand buys me a single linecard for a 7200 on the secondhand market, and no 7200 will do as much traffic.
Cisco and Juniper: start getting scared *now*
Reading from a distance, I thought that said VISTA, not Vyatta :)
I was starting to think that Vista had lost so many features that the only thing it was good for was for setting up a really, really expensive router.
FYI, we're talking about "real routers" here... routers that speak BGP and other dynamic routing protocols to link sprawling multi-site networks with leased lines and VPNs. Enterprise-class stuff.
By comparison, the Netgear, Linksys, D-Link, or whatver else you picked up at CompUSA are not "real routers" at all, as they only use simple NAT and static routes with 2-3 interfaces at most.
We (by that I mean geeks in the networking world) have been doing this for years...
Why can't we think of ways to profit from this as these companies do??
Damn, should have gone back and gotten that MBA...
I believe he was referring to netgear's "REAL" routers, they offer some small business routers that are bigger badder than the ones they sell for home use. http://www.netgear.com/products/business/prod_vpnr outer_wired_security_sb.php
The first Juniper routers were "Olives", which were PC's running modified BSD. JUNOS is BSD based.
UUNET, IMHO the greatest ISP ever, first tested them in 1998 or 1999. CISCO had annoyed UUNET with poor service, so UUNET helped bring Juniper into the market. Yes, I am former UUNET and proud of it.
I found an interesting link to Olives at http://juniper.cluepon.net/index.php/Olive.
In the land of the blind, the one-eyed man is usually crucified.
This keeps coming up every 6 months or so. To rehash it for you:
...... AND you want to save $30k by using a #@$%#$%#$% software router running on a DELL?????
1) performance wise a 6x PCI-X motherboard is rare and commodity computers are not built for the buses to independantly talk to each other without invoking cpu.
2) feature wise you Have to have a RTOS or bad things happen when you try to implement QOS. speaking of features they have libraries full of books that talk about the *thousands* of features technologies that real routers implement (its hard to do that most companies spend tens/hundreds of millions to do this). implementing a few protocols/nat/firewall does not a router make.
3) If you actually have been involved with these things you would know:
-ds3/oc3/oc12's are not cheap... phone company bills of $100k a *month* is very common.
-a couple network engineers $100k/year each
-dedicated power/colo space/ups/generators $50+k/year
-SLA's and peering arraingment... $$$
-uptime to your customers measured in seconds of uptime (revenue $200+k/MONTH).
really, try explaining that to the CEO after the site has lost $10k/HOUR because something wonky is going on with the cpu or the memory oorrr it could be the kernel, I dunno I just rebooted the thing "cuz that usually fixes MY problems"... bye bye SLA.
--jboss
It'll never, EVER challenge Cisco in the big iron market. Why? Simple. No IT manager has EVER been fired for buying Sun servers, Cisco routers/switches, or IBM PCs. Big iron isn't about open source. Big iron is about triple-redundant reliability, service contracts, and brand trust.
------- "From bored to fanboy in 3.8 asian girls" ----------
It's very parallel in it's nature in that a small networking company could present this as a cost effective option. I see how a small networking consultant company could actually push this towards the small business level. But I'm doubtful it could ever be presented at the public/community level for use in schools or public wi-fi rest areas when the state lays out stipulations regarding only accepting bids from Cisco based numbers and Cisco certified installers? More or less, mandating that tax payer investment for this massive scalability be present. Often times, in these areas, that is ten-fold overkill. So there is the need, but I'm afraid that Cisco's name is so far embedded in corporate and state america, it's going to be a tall order to ever penetrate that market. Bringing this comment back to the small business. If a consultant can convince the client that this is a viable router to placing thier 20-something client station network on, then, yes, it has a niche.
The common responses on here seem to revolve around the inability of PC hardware to handle high bandwidth. To an extent this is necessarily true. A general purpose PC is going to rely on its CPU to handle each packet traversing the box. Processors are fast and cheap and becoming faster and cheaper as time passes. Most commercial router vendors realized quite a while ago that any architecture whose perforance is based on a single, centrl CPU inherently represents an eventual bottleneck and thus a serious challenge to scalability. As such, most commercial routers have moved to a model where forwarding is pushed as far as possible from a control plane that is as discrete as possible.
In other words, if we push the actual heavy lifting of forwarding out to distributed components (e.g. the interfaces themselves) then we're no longer left in a situation where our BGP process is vying for cycles and memory access with packets in transit. When properly implemented this means that I can be moving huge amounts of traffic through my router without interrupting network control traffic, management of the box, etc, etc.. It also means that by distributing packet switching they can hit massive performance levels with a comparitively modest CPU.
At the high end with Cisco and Juniper you're paying for the development of some exotic ASIC's and some even more exotic interface hardware. You're also paying for the capability to support high density - PC platforms aren't going to support tens of 10G or hundreds of 1G interfaces any time soon. The capacity for redundant CPU's, stateful failover, etc is also worth remembering.
At every level of Cisco and Juniper hardware you're paying for the ongoing development and maintenance of a highly complex codebase full of features that just aren't practical (or, in some situations, possible) for the OSS community to implement well. Implicit in this is a huge system test and regression faculty.
I've used and deployed open source routers up to OC3 bandwidth. They worked and, for the most part, worked well when faced with relatively simple networking tasks - multihoming enterprises to the Internet, basic WAN routing, etc. My observation has been that these platfoms start to fall apart when faced with requirements for complex routing policies, fancy QoS, MPLS, etc.
There's a definite place in the world for PC-based open source routing platforms - particularly at the edge of larger networks or in the midst of small and medium sized ones but I don't think Cisco and Juniper need to worry about being rendered completely obsolete any more than Oracle needs to worry about being driven completely out of business by MySQL or PG.
Wideband makes Layer-3 switches that beat comparable Cisco routers hands down. With their nMU (pronounced "NetMU") it makes easy things easy and difficult things easy too. With their 28-port switches, you can get full-duplex, non-blocking Gigabit transfers on all ports simultaneously. And did I mention that they can even do Gigabit over CAT-3 and barbed wire? Also, if you use the nMU control your switches, none of them even need IP addresses. Good luck trying to hax0r a switch with no IP address. Throw in the fact that all their stuff is made in the USA (no off-shore customer support) and costs much less than comparable Cisco gear that doesn't perform nearly as well, and you have yourself a superior product. If you are expanding or replacing your network infrastructure, consider WideBand over Cisco. You'll be glad you did.
***Disclaimer***
I do not now, nor have I ever worked for WideBand, but we use their gear where I work. BTW, there were some guys who ran a Cisco shop in the training class I was in that WideBand offered. Last I heard, they were replacing all their switches with WideBand gear. IMNSHO, WideBand is the best kept secret in networking
This isn't the sig you're looking for...
FTR, if you can manage the support and deal with irregularities as they might come up, as it sounds like your company probably can, I totally agree. I'd even go so far as to recommend ClarkConnect, personally.
:)
But these still don't deal with the issues of hardware/platform stability (yes, its a *lot* easier to design, troubleshoot and design driver modules if you control the platform first), QA (testing commercial *before* sending a product out the door), organized 'knowledge bases' (assuming your appliance has large enough penetration), commercial support because things *will* go wrong and if your running mission critical applications behind your 'appliance' you'd better be able to get fixed fast and have the CMOA part dealt with too (after all, the large the company the less forgiving they can be for mission critical application/server/network downtime).
So, ya, if you've got the wiggle room and need to allocate re$ources elsewhere and have someone onboard who's stable (hate to inherit someone elses 'customized' framework) I think its very useful.
But if your company/job/livelyhood/client-base depends on it I feel pretty strongly about using something start to finish purpose built.
As an aside I did a lot of research on firewall appliances before we purchased our own and of the sys admins I know Sonicwall was the one product that almost unanimously was not recommended. So its probably not just you, just bad luck. We've gone with Astaro, who aside from making a software distrobution also does build an appliance. Its Linux, so I know if things every really went south I could get my hands dirty and make things right, but I don't and shouldn't have to. I can dynamically update rules, add nodes, do hot/cold or hot/hot failover and I don't have to string together a bunch of software applications of varying quality and flexabilty.
And best of all, although possibly alarming, if I should ever leave the company whoever picks up my work will be able to quickly learn to manage the software. The network doesn't skip a beat.
Anyway, I'm not trying to argue against what your saying. If it suits your needs use it. You know your company better then I do. I work for a medium sized sompany and some large (fortune 500) sized clients. So we've got a little room in the budget (of course its always a fine line) and certainly a justified need. I don't know if you've ever had to sit in a meeting and explain your network topology and how you handle things like redundancy but when you start naming OSS products outside of say the top 10 you get some pretty disarming looks.
Enjoy IPCop. I'd say take a look a ClarkConnect but until they get the rules/insert method updated I won't touch it, they were using Shorewall and even a minor change (like say opening an FTP port for a new client) requires a Shorewall/IPTables restart (or a CLI insert, but I always though those were more prone to error...as in sleep deprived, up at the colo human error then a clean GUI) and that, at least in my case, is totally unacceptable. Maybe IPCop has dealt with this differently since I last used it, but on the fly changes should be the first priority of any serious firewall solution (well, after overall system security).
Anyway, I'm just throwing out my $.02. You certainly don't sound like an idiot.
Quack, quack.
I had some experience with Olives as well. However, their performance wasn't that great. Especially compared to a M10. ASICs made a huge difference.
You can easily route 5 T1's on a Thrown away 586MMX at 266Mhz.
I did it for 6 years with a hand rolled linux install and ipchains. IT was faster than the HP 6 port router it replaced in both speed and network performance and adding in some filtering gave us a product that sould have cost $6000 at the time from the New Cisco company or then popular Colorado networking.
Every single one of these guys here claiming that no way a PC can route much traffic knows absolutely nothing about networking and routers. Hell a cheap P4-2.8 with the right hardware can route ATM speeds over ethernet easily (Yes kids, you can get ethernet termination on anything from your provider).
Hell a slow 386 can do a single T1 without getting about 5% processor loads.
Do not look at laser with remaining good eye.