Slashdot Mirror
Open Source Router on Par With Cisco, Users Say
Jane Walker writes "On a mission to avoid paying top dollar for Cisco routers, two users say Vyatta's Open Flexible Router is a viable alternative to the proprietary norm. Find out about the pluses and minor hassles involved in deploying this alternative." This probably won't surprise the users of (much lower end) networking gear like the famously hackable Linksys WRT54G, which — like a number of internally similar routers — can be reconfigured with one of several open-source firmwares to do things impossible with the hardware as delivered.
Perhaps a link to the actual product would be in order?
Vyatta Open Flexible Router
What are we going to do tonight Brain?
Bleah. This is tripe. Most Cisco routers have cheap, slow Intel processors in them.
Until you get up into the gigabit speeds, regular PC hardware is just as good or better. The only thing you have to watch for in the multi-hundred-megabit routing loads is that you don't have a lot of access control lists - which is also an issue you will run into with any router you might choose. Spending some time sizing the buffers and other kernel parameters is also important, because a stock Linux kernel is not set up to be a network core router.
I've got over 2,000 L2TP connections going into a single 2.4Ghz Intel box running Linux. Performance is significantly better than the Cisco 7204 that it replaced, and it's a lot cheaper and more flexible to support.
Now, in the multi-gigabit routing tasks, do yourself a favour and get a L7 switch with custom ASICs. Extreme, Foundry and others will be happy to sell you one. Cisco's stuff is crap, right up until you get their million dollar badasses which they bought from another party (go figure).
...Steve
FYI, I had a 7204 VXR and the Linux solution easily outperforms it.
Still have it, I never throw anything away...
cisco 7204VXR (NPE400) processor (revision A) with 114688K/16384K bytes of memory.
Processor board ID 21280102
R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3 Cache
4 slot VXR midplane, Version 2.1
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb0_mb1 has a total of 600 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
...Steve
Certainly have heard of CEF. And have witnessed first-hand how bad it usually works in a big Internet environment.
Let's see...
--
IP CEF with switching (Table Version 271518), flags=0x0
1030 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 3
1033 leaves, 27 nodes, 152040 bytes, 269271 inserts, 268238 invalidations
0 load sharing elements, 0 bytes, 0 references
universal per-destination load sharing algorithm, id 26B36E8A
2(0) CEF resets, 1425 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 1s)
2250 in-place/0 aborted modifications
refcounts: 9206 leaf, 7168 node
Adjacency Table has 888 adjacencies
2 incomplete adjacencies
--
It does speed things greatly. Load on the 2.4Ghz Linux box that replaced it is 0.07 right now, with 1800 L2TP connections.
...Steve
If your internet link is DSL, you do not need a real router :)
I should point out that this topic comes up every couple of years on NANOG, ummmmmm... here's a reasonable selection from the last decade. These people have forgotten more about routing than most of us here will ever know. And until generic PCs come with multi-gig backplanes, it ain't happening anywhere except the low end. And at the low end, you're better off either leaving it to your ISP or using a few whitebox "desktop" switches/routers. They're cheap, cheerful, work, and you don't need to know the difference between "sh ip bgp run" and "sh bgp ip run"...
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
You also forgot to mention the fact that the likelyhood of a hardware failure on a PC to a Cisco unit is like 20:1 (for most products).
Cisco has a far fatter margins on the hardware than PC vendors and can provide a much higher quality product, can afford to underclock the machines for higher reliability etc.
Strange - why would you expect companies to step down from decent DSL speeds to T1 rates.
When you need reliability, you have to give up on DSL/cable, because no DSL or cable provider is going to give you service guarantees. If a DSL/cable line doesn't provide it's advertised 2Mb/s download throughput, that's too bad; you might be able to negotiate your bill down. And if it goes down, it's going to be you reporting it to your ISP, not the other way around...
But a T1 circuit (generally) has both through throughput and uptime guarantees written into the contract. And automated monitoring of its performance, and fast notification that something's wrong, 24 hours a day. I've had DSL circuits be out for days; the longest a T1 circuit was down was 8 hours, and there were severe financial penalties proscribed for that event.
That's not to say a T1 circuit is perfect; we use a bonded pair of them to feed one site. One went down, due to an incident with a trencher. Verizon promptly fixed it... by moving the circuit to another pair that tested good in the cable. Guess which pair got used... If you guessed the pair that the second circuit lived on, you'd be right, and it went down. This went on for a day, alternating which circuit was up and down, until one of our people met the Verizon tech at the repair site. "You do know that there are TWO T1 circuits here, don't you?" "Oooops..."
Ummm....no. In anything more complicated than what a switch can do, you are using software to process packets.
Yes, Cisco (and others) have routers that use ASICs to handle immediate in/out "routing" in hardware, but as soon as you start putting any kind of ACL, any kind of port/IP translation, or anything else that requires any intelligence on the router, you bring in software, and all of the processing overhead that goes with it.
So....if you are going to do anything *useful* with a router would you rather have a 50-200MHz Cisco box running a bloated IOS (do you *really* use X.25, for example???), or a server-class x86 motherboard running a 1GHz processor with a kernel optimized for routing and software optimized for the protocols you actually use?
We use http://www.imagestream.com/ImageStream Linux-based routers where I work, and they absolutely run circles around the 2600, 3000, and as5000 -series routers that we have. Their support is absolutely phenomenal. When we have a problem with an ImageStream router, we frequently talk with their programmer, and he works with us until we have a patch installed on the box that fixes the problem. If there's a software bug in your Cisco router, it's "yeah, that will be fixed in the next IOS release"...which unless you paid out the <bodily orifice of your choice> for SmartNet you have to *buy*, even though their product was broken when you bought it.
You can use overpriced Cisco iron if you want; I'll stick with the Linux-based routers, thanks.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
AS the AC already mentioned to you, and as I already mentioned, cisco routers route 98%+ of their traffic directly between the line cards, so the CPU can handle important stuff, like handling the routing and express forwarding tables. You can get much better performance out of a cisco because of this architecture because even your quad proc pc based router still has to shove everything through the CPU, and will buckle under the load once you add more than a few line cards. Try plugging your quad proc server full of fiber links and and running some real traffic through it. It won't keep up. It has nothing to do with power, and everything to do with how much shit can it do at once. Cisco equipment uses a backplane that is essentially a very advanced switch(the 73xx series _is_ a switch that has layer 3 routing capabilities), and uses the cpu to direct the layer 3 traffic in a very general way, so that the layer 2 hardware can handle it very rapidly. MRTG poll the cpu clock on a cisco router, unless a major routing change takes place, it is fairly innert. Sign in and do a show version, and it will only be a 200 mhz mips chip, or something else relatively weak, but its not doing anything, because it doesn't have to. The more traffic it handles, it doesn't matter. Try that with a pc router, everytime you add another gigE link, you'll be adding more cpu power to the system to keep up, and it will still under perform. And don't even think about throwing BGP at it.
To see what a a cisco router does when it routes _everything_ through the CPU, sign into one and do this:
configure terminal
no ip cef
and watch it slow down to a crawl. Now just remember that a cpu can essentially do one thing at a time, that's one packet at a time. But you have god knows how many line cards coming in, all going crazy all the time. You need faster than 1 at a time, because they are coming in 20 at a time, and expecting to leave at pretty much the same rate. Now, I am sure you think multiple procs with multiple cores solves this, but your internal bus won't. You're going to have individual line cards dropping packets like mad because they can't get their incoming data to the cpu fast enough. PC's are not designed to handle shitloads of tiny, serialized data coming in from multiple sources all at once.
--Nuintari
slashdot : where an opinion can be wrong.
Wrong.
Foundry ServerIrons handles ACLs in hardware. So do Cisco Catalysts. If you turn on logging, they switch back to software ACLs, but with logging turned off, ACLs ar ein hardware.