OS Router Challenges Proprietary Networking

Jane Walker writes "Dave Roberts talks about Vyatta's open source router and how open source technology may soon alter the landscape of enterprise networking." From the article: "Initially, we believe that the x86 PC running Vyatta -- given the range of hardware that's available in the PC world -- can basically replace the midrange of the router market; to use Cisco terminology and model numbers, simply because it's convenient shorthand, basically from the 2800 series to the 7200 series. There's a whole host of equivalent products from Nortel and Alcatel -- but essentially in that range. I wouldn't describe it as Cisco model numbers so much as T1 branch office to gigabit LAN product categories."

Sigh....

[222]

I love open source and all, but can a project like this really offer the same number of WIC modules?

I can plug damn near anything into a Cisco router....

Re:Sigh....

[Svartalf]

All depends on what they provide in the way of PCI/PCI-X cards- or whatever the future buses might be...

I'd say that odds are good you'd get about the same number of media interfaces and what you didn't
have would very probably have a media adapter or bridge that's standalone to take care of the gaps.

Re:Sigh....

[Nuclear+Elephant]

I can plug damn near anything into a Cisco router....

Open source routers and pr0n sounds like a dangerous combination for you then.

Re:Sigh....

[ChaoticChowder]

This software would have to offer much more that just WIC modules to even have me consider using it. Cisco routers may have low clockspeeds on the core chip, but its the ASICs that give them value. Also, take the 6509 for instance, slap in a SUP720B and you now have a 720 GBps back plane. No PC could ever hope to do that. Also, configuring a Cisco router is pretty much the easiest thing ever. I haven't checked out the software yet, but it better be much easier. Maybe they should network with the Open Source chipset guys and design some ASICs and all the other niceties.

Re:Sigh....

[Thundersnatch]

Also, configuring a Cisco router is pretty much the easiest thing ever.

Trolling for a +1 funny mod, are we?

I don't remember who said it, but this is my favorite quote about Cisco software: "Cisco makes easy things difficult, but difficult things possible."

Re:Sigh....

[kindbud]

I can plug damn near anything into a Cisco router....

And if you disable autonegotiate and set speed and duplex at fixed values, you might even get link.

Re:Sigh....

[RareButSeriousSideEf]

I don't know what all the fuss is about Cisco routers. For my money, Black and Decker wins every time.

Re:Sigh....

[bdp]

I think you're missing the point. The backplane of the Cat6500 is pretty much what the PCI bus does for a PC. A 32bit/33mhz PCI bus gives you just about 1 Gbps while the Cat6500 backplane provides three buses of 256, 32 and 4 Gbps (not 720 GBps as the GP suggested - the "Sup720" refers to the 720 Mpps switching capacity). Switching to PCIE gives you 2.5 Gbps per lane, but how many motherboards provide the 100 PCIE lanes needed to compete?

I don't think I was entirely missing the point, but maybe I could have gone a little further in explaining myself. My poorly explained suggestion was that you can avoid the PCI bus entirely, thereby avoiding the bottleneck. When you have multiple cards installed in a single box you could just connect them together using some kind of high speed interconnect that goes directly between cards instead of using the system bus. That way you can have your high speed backplane to handle network switching/routing.

That said, I understand that this is a bit silly and completely misses the point of using a PC as a router instead of something designed to do the job, but it would hardly be the first time such a product came out of the tech industry. If somebody thinks there's a market for it, it will be built.

ASICs offload the hard work from the CPU of the Cisco systems. Basically any kind of compute-intensive bulk work, switching (yes, it switches layer 3 too), filtering (access-lists) and so on, is handled by dedicated ASICs and require little or no CPU intervention. This enables the catalyst to handle high amounts of data with a quite small CPU. Things that do end up on the CPU is management work, route computation (BGP changes, for example) and logging. To handle 720 million packets per second, you'd need quite a lot of CPU in your PC.

Is there any reason why you couldn't accomplish this using something besides an ASIC? Offloading the work to the card is what I suggested before, and if you want to switching or routing with any kind of low latency, you have to do that. If you used that strategy, the speed of the processor in the PC wouldn't matter any more than the speed of the processor in a Cisco. Again, it may defeat the point of using a PC for routing, but that doesn't mean nobody would build it if there was a market.

I think we're in total agreement that the high end of what Cisco does is not the target market. My biggest point that I was trying to make with my post was that there was no reason you couldn't stick a high speed backplane into a PC. It's just a matter of creativty and some engineering. Whether or not it makes sense is a whole different question.

You may commence flaming the Cisco fanboy now.

Can't see why I would do that. You managed to express a different point of view without a) going apopletic, b)insisting I'm an idiot for not sharing your view, and c) not insulting me and/or my lineage. If anything, your behavior should be applauded. I can see how you would expect different treatment on /. though.

Good luck with that!

[winkydink]

Cisco and Juniper offer 24/7 worldwide support. Whether or not it sucks, this is the thing that keeps people cozily asleep at night, knowing that if they have a problem, they have an unchallengeable defense of having bought the best in class support solution (notice I avoid any discussion of h/w, because in the enterprise, h/w without support is worthless).

Yes, Vyatta talks a good game, but 24/7 worldwide support isn't something you build with a few million bucks in VC funding.

Re:Good luck with that!

[winkydink]

It is when you have shareholders. Like it or not.

Siad the OS advocate...

[Duncan3]

Advocate 1: "I work at Oracle by day, but work on Vyatta by night."

Advocate 2: "Well, I work at Cisco by day, but work on PostgreSQL by night"

[awkward pause]

Advocate 1: "Pistols or swords?"

Re:Siad the OS advocate...

[Profane+MuthaFucka]

Well I work on Microsoft Windows during the day, and SQL Server at night.

Advocate 1: "Pistols or swords?"

Both please. Right in my head.

No. You're not making a 1U into a $40K router

[postbigbang]

Here's why:

1) it takes an RTOS to make things work well. You can grind all the driver code you want, but an RTOS foundation is required with lots of cache
2) only PCI-X bus gets close, and most 1Us don't have it. That gives you a real ceiling in terms of port-port throughput; don't kid yourself
3) the algorithms needed to maintain cross-bar speed are gruesome. You don't find this kind of code in anything but sledge-hammered C and assembler, and code that only a mother (and an embedded systems engineer) could love. There is very little forgiveness here.

Yes, a 1U can make a decent router. But don't kid yourself into believing that you can beat F5, Cisco, Alcatel, etc.

You can certainly embarrass them, but on the high end, it doesn't work.

Re:No. You're not making a 1U into a $40K router

[twiddlingbits]

The RTOS doesn't use a lot of cache, It needs a fast CPU and tight code to handle the massive numbers of context switches. The code you mentioned isn't all running on a CPU either. A lot of it is on custom hardware to keep up those data rates. The PCI-X bus would work except very high end, and it IS available in current 1U servers from people like Sun and HP, but certainly not in that old 286 in the closet. You could turn an Opteron with the HyperChannel architecture into a pretty darn good router. But the Opterons cost quite a bit more than a 286 would (does any foundry still MAKE 286 chips?). It's a good project but I agree it's not ready for prime time in the corporate data center.

Ah hem, OpenBSD.?.?

You get OpenBGPD and OpenOSPFD all working in concert through the kernel. Oh and did I mention the price? $40.

Brilliant!

Open source and routing

[stox]

I guess those BSD guys have just been playing around all these years.

Hardware Components

[CelestialWizard]

While a company such as Vyatta may be able to deliver the software to actually do the routing, you still need hardware pieces to actually connect to your equipment.

There aren't many PCI (full or half height) cards that can do ATM with OC3, etc....

Then there is the size factor. Data centre space is sparse and expensive, cisco (and such) equipment is built for this space. x86 PCs also run hotter (and louder) than specifically designed hardware from vendors such as cisco, juniper and 3com. oh and they draw more power.

i just can't see how this will take off in the top end of the market.

sure, for a small branch office that connects to frame, isdn, dsl or pstn and runs a vpn it may be fine, but not in a data centre or racked environment.

Re:Hardware Components

[burne]

There aren't many PCI (full or half height) cards that can do ATM with OC3, etc....

I've been able to live in ISP-land for over ten years without ever coming close to ATM. Big exchanges like the AMS-IX (biggest public IX worldwide) have been pure ethernet since their inception. Getting ethernet in some form from a transit-provider is just a checkbox in the right place. Current commodity hardware will do linespeed GigE over PCI-X. Current high-end PC's have sufficient bandwidth available. 66MHz 64bits PCI-X might sound like 266MB/s, but keep in mind that equates to well over 2.5Gbit/s. The right hardware has 3 independant PCI busses and busmasters, so should be able to move 7.5Gbit/s of data via busmastering DMA, and thus with low CPU load. Keeping a full routing table and a bgp-daemon running doesn't require odd hardware. Juniper has been doing that on a Pentium MMX 333 with 768Mbyte since 2001, and a dual Xeon 2.4 will giggle at that 'workload'.

Combining the above will give you a 3U box (smaller than a 7200) which will route (not switch) 4-5Gbit/s reliable. A 7600 is a lot bigger and a serious sh*tload more expensive. You could buy several identical boxes for redundancy and still keep some change left.

Support is the only serious objection one could have in a FastEthernet-, GigE- or 10GE-world. Luckily I don't need support. I have been supporting stuff like above for ten years so I can manage. I can even support your Cisco and Juniper-platforms as well. I can handle my monthly exabyte by myself, thank you very much.

True...

[jd]

...they buy "world-class support", but having tried to use said support on occasion, I can say that I feel sorry for the world. Sure, it's better than a kick in the head, but not so much that it's worth the cost. I believe the record for longest repair ever was at the University of Manchester, in England, where a Cisco router corrupted the 1518th byte in every packet (thus only corrupting packets with a 1500 byte payload or 1496 bytes over 802.1q). Took them NINE MONTHS to fix. The first three of those, they denied there was even a problem.

7200? How about replacing big iron?

[burne]

My former employer is using three relatively simple Tyan dual Xeons with a couple of Syskonnekt cards to shove 4-5 gigabits per second of traffic over the internet (yes, full routing, and over 240 peers on AMS-IX and NL-IX). Most of that is usenet (http://www.top1000.org/top1000.current.txt look for 'tweaknews') but well over a gigabit is DSL end user traffic and some hosting. Those boxes cost in the order of 7000 euro's a piece, and are about as stable as a cisco running an current IOS (not as stable as you'd like). 7 grand buys me a single linecard for a 7200 on the secondhand market, and no 7200 will do as much traffic.

Cisco and Juniper: start getting scared *now*

Re:7200? How about replacing big iron?

[mlyle]

Right; the parent's point is that commodity hardware is even threatening the high end (e.g. above the Cisco 7200 mentioned in the summary).

Of course, lack of support and other issues will keep this away from the enterprise for the foreseeable future-- but this could make sense for a lot of startups with specialized needs or wishing to push a lot of traffic on the cheap.

Re:Yawn. Slow news day?

[El+Torico]

PCs running tuned linux or BSD kernels work great for anything but ISP-grade stuff.

The first Juniper routers were "Olives", which were PC's running modified BSD. JUNOS is BSD based.
UUNET, IMHO the greatest ISP ever, first tested them in 1998 or 1999. CISCO had annoyed UUNET with poor service, so UUNET helped bring Juniper into the market. Yes, I am former UUNET and proud of it.
I found an interesting link to Olives at http://juniper.cluepon.net/index.php/Olive.

More FUD from someone pet project

[jbossvi]

This keeps coming up every 6 months or so. To rehash it for you:

1) performance wise a 6x PCI-X motherboard is rare and commodity computers are not built for the buses to independantly talk to each other without invoking cpu.
2) feature wise you Have to have a RTOS or bad things happen when you try to implement QOS. speaking of features they have libraries full of books that talk about the *thousands* of features technologies that real routers implement (its hard to do that most companies spend tens/hundreds of millions to do this). implementing a few protocols/nat/firewall does not a router make.
3) If you actually have been involved with these things you would know:
    -ds3/oc3/oc12's are not cheap... phone company bills of $100k a *month* is very common.
    -a couple network engineers $100k/year each
    -dedicated power/colo space/ups/generators $50+k/year
    -SLA's and peering arraingment... $$$
    -uptime to your customers measured in seconds of uptime (revenue $200+k/MONTH). ...... AND you want to save $30k by using a #@$%#$%#$% software router running on a DELL?????

really, try explaining that to the CEO after the site has lost $10k/HOUR because something wonky is going on with the cpu or the memory oorrr it could be the kernel, I dunno I just rebooted the thing "cuz that usually fixes MY problems"... bye bye SLA.

--jboss

This isn't news.

[rnxrx]

I think we see some version of this article every few months - yet another revelation of an open source package that can turn PC's into routers. This isn't news. There have been various shapes and forms of routers on *NIX platforms for many, many years. Some of these platforms served (and still serve) as reference implementations of certain routing protocols.

The common responses on here seem to revolve around the inability of PC hardware to handle high bandwidth. To an extent this is necessarily true. A general purpose PC is going to rely on its CPU to handle each packet traversing the box. Processors are fast and cheap and becoming faster and cheaper as time passes. Most commercial router vendors realized quite a while ago that any architecture whose perforance is based on a single, centrl CPU inherently represents an eventual bottleneck and thus a serious challenge to scalability. As such, most commercial routers have moved to a model where forwarding is pushed as far as possible from a control plane that is as discrete as possible.

In other words, if we push the actual heavy lifting of forwarding out to distributed components (e.g. the interfaces themselves) then we're no longer left in a situation where our BGP process is vying for cycles and memory access with packets in transit. When properly implemented this means that I can be moving huge amounts of traffic through my router without interrupting network control traffic, management of the box, etc, etc.. It also means that by distributing packet switching they can hit massive performance levels with a comparitively modest CPU.

At the high end with Cisco and Juniper you're paying for the development of some exotic ASIC's and some even more exotic interface hardware. You're also paying for the capability to support high density - PC platforms aren't going to support tens of 10G or hundreds of 1G interfaces any time soon. The capacity for redundant CPU's, stateful failover, etc is also worth remembering.

At every level of Cisco and Juniper hardware you're paying for the ongoing development and maintenance of a highly complex codebase full of features that just aren't practical (or, in some situations, possible) for the OSS community to implement well. Implicit in this is a huge system test and regression faculty.

I've used and deployed open source routers up to OC3 bandwidth. They worked and, for the most part, worked well when faced with relatively simple networking tasks - multihoming enterprises to the Internet, basic WAN routing, etc. My observation has been that these platfoms start to fall apart when faced with requirements for complex routing policies, fancy QoS, MPLS, etc.

There's a definite place in the world for PC-based open source routing platforms - particularly at the edge of larger networks or in the midst of small and medium sized ones but I don't think Cisco and Juniper need to worry about being rendered completely obsolete any more than Oracle needs to worry about being driven completely out of business by MySQL or PG.

WideBand beats the crap out of Cisco

[Rabid+Cougar]

Wideband makes Layer-3 switches that beat comparable Cisco routers hands down. With their nMU (pronounced "NetMU") it makes easy things easy and difficult things easy too. With their 28-port switches, you can get full-duplex, non-blocking Gigabit transfers on all ports simultaneously. And did I mention that they can even do Gigabit over CAT-3 and barbed wire? Also, if you use the nMU control your switches, none of them even need IP addresses. Good luck trying to hax0r a switch with no IP address. Throw in the fact that all their stuff is made in the USA (no off-shore customer support) and costs much less than comparable Cisco gear that doesn't perform nearly as well, and you have yourself a superior product. If you are expanding or replacing your network infrastructure, consider WideBand over Cisco. You'll be glad you did.

***Disclaimer***

I do not now, nor have I ever worked for WideBand, but we use their gear where I work. BTW, there were some guys who ran a Cisco shop in the training class I was in that WideBand offered. Last I heard, they were replacing all their switches with WideBand gear. IMNSHO, WideBand is the best kept secret in networking