Open Source Router on Par With Cisco, Users Say

Jane Walker writes "On a mission to avoid paying top dollar for Cisco routers, two users say Vyatta's Open Flexible Router is a viable alternative to the proprietary norm. Find out about the pluses and minor hassles involved in deploying this alternative." This probably won't surprise the users of (much lower end) networking gear like the famously hackable Linksys WRT54G, which — like a number of internally similar routers — can be reconfigured with one of several open-source firmwares to do things impossible with the hardware as delivered.

Link to Vyatta

[QuantumRiff]

Perhaps a link to the actual product would be in order?
Vyatta Open Flexible Router

Avoiding "License Transfer" Fees

[evansvillelinux]

Isn't this a way to avoid paying for the licensed software on Cisco equipment when it's sold second hand? (Not trolling or anything, I think it's ridiculous for Cisco to demand payment for software that's already been paid for once.)

Re:Difference between hardware and software....

[Shaman]

Bleah. This is tripe. Most Cisco routers have cheap, slow Intel processors in them.

Until you get up into the gigabit speeds, regular PC hardware is just as good or better. The only thing you have to watch for in the multi-hundred-megabit routing loads is that you don't have a lot of access control lists - which is also an issue you will run into with any router you might choose. Spending some time sizing the buffers and other kernel parameters is also important, because a stock Linux kernel is not set up to be a network core router.

I've got over 2,000 L2TP connections going into a single 2.4Ghz Intel box running Linux. Performance is significantly better than the Cisco 7204 that it replaced, and it's a lot cheaper and more flexible to support.

Now, in the multi-gigabit routing tasks, do yourself a favour and get a L7 switch with custom ASICs. Extreme, Foundry and others will be happy to sell you one. Cisco's stuff is crap, right up until you get their million dollar badasses which they bought from another party (go figure).

in other news

[atarione]

a small truck can replace a semi truck.... if you are moving small amounts of items.

Support, Support, Support

[bstory]

Ok, I haven't looked at the performance numbers, but as a network administrator of a medium sized corporate network I could care less. Whether it be Cisco, Juniper, Nortel or 3Com the difference is in the support. When my wan interface or network interface dies at 2am I don't think anyone from the OSS community is going to have a parts depot within 4 hours to fix the problem. I also don't see 24x7 tech support phone numbers manned by volunteers anytime soon. Vendors don't make the money on the hardware, they make it on services and support. I love OSS, but Linux and OSS are not the magic pill for everything.

Re:Difference between hardware and software....

[Shaman]

Certainly have heard of CEF. And have witnessed first-hand how bad it usually works in a big Internet environment.

Let's see...

--

IP CEF with switching (Table Version 271518), flags=0x0
    1030 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 3
    1033 leaves, 27 nodes, 152040 bytes, 269271 inserts, 268238 invalidations
    0 load sharing elements, 0 bytes, 0 references
    universal per-destination load sharing algorithm, id 26B36E8A
    2(0) CEF resets, 1425 revisions of existing leaves
    Resolution Timer: Exponential (currently 1s, peak 1s)
    2250 in-place/0 aborted modifications
    refcounts: 9206 leaf, 7168 node

Adjacency Table has 888 adjacencies
    2 incomplete adjacencies

--

It does speed things greatly. Load on the 2.4Ghz Linux box that replaced it is 0.07 right now, with 1800 L2TP connections.

Re:if it is only "Standard PC Hardware"

[Cally]

Gosh, someone who knows what they're talking about ;)

If your internet link is DSL, you do not need a real router :)

I should point out that this topic comes up every couple of years on NANOG, ummmmmm... here's a reasonable selection from the last decade. These people have forgotten more about routing than most of us here will ever know. And until generic PCs come with multi-gig backplanes, it ain't happening anywhere except the low end. And at the low end, you're better off either leaving it to your ISP or using a few whitebox "desktop" switches/routers. They're cheap, cheerful, work, and you don't need to know the difference between "sh ip bgp run" and "sh bgp ip run"...

Why change from DSL? Reliability...

[WoodstockJeff]

Strange - why would you expect companies to step down from decent DSL speeds to T1 rates.

When you need reliability, you have to give up on DSL/cable, because no DSL or cable provider is going to give you service guarantees. If a DSL/cable line doesn't provide it's advertised 2Mb/s download throughput, that's too bad; you might be able to negotiate your bill down. And if it goes down, it's going to be you reporting it to your ISP, not the other way around...

But a T1 circuit (generally) has both through throughput and uptime guarantees written into the contract. And automated monitoring of its performance, and fast notification that something's wrong, 24 hours a day. I've had DSL circuits be out for days; the longest a T1 circuit was down was 8 hours, and there were severe financial penalties proscribed for that event.

That's not to say a T1 circuit is perfect; we use a bonded pair of them to feed one site. One went down, due to an incident with a trencher. Verizon promptly fixed it... by moving the circuit to another pair that tested good in the cable. Guess which pair got used... If you guessed the pair that the second circuit lived on, you'd be right, and it went down. This went on for a day, alternating which circuit was up and down, until one of our people met the Verizon tech at the repair site. "You do know that there are TWO T1 circuits here, don't you?" "Oooops..."

Re:Difference between hardware and software....

[element-o.p.]

Ummm....no. In anything more complicated than what a switch can do, you are using software to process packets.

Yes, Cisco (and others) have routers that use ASICs to handle immediate in/out "routing" in hardware, but as soon as you start putting any kind of ACL, any kind of port/IP translation, or anything else that requires any intelligence on the router, you bring in software, and all of the processing overhead that goes with it.

So....if you are going to do anything *useful* with a router would you rather have a 50-200MHz Cisco box running a bloated IOS (do you *really* use X.25, for example???), or a server-class x86 motherboard running a 1GHz processor with a kernel optimized for routing and software optimized for the protocols you actually use?

We use http://www.imagestream.com/ImageStream Linux-based routers where I work, and they absolutely run circles around the 2600, 3000, and as5000 -series routers that we have. Their support is absolutely phenomenal. When we have a problem with an ImageStream router, we frequently talk with their programmer, and he works with us until we have a patch installed on the box that fixes the problem. If there's a software bug in your Cisco router, it's "yeah, that will be fixed in the next IOS release"...which unless you paid out the <bodily orifice of your choice> for SmartNet you have to *buy*, even though their product was broken when you bought it.

You can use overpriced Cisco iron if you want; I'll stick with the Linux-based routers, thanks.