Slashdot Mirror
Linux To Power Super Router
VE3OGG writes "While Cisco might not be shaking in its multi-billion dollar booties, a couple of network experts have decided to see if they can come up with a possible alternative to Cisco. Termed 'Open Linux Router,' and joining such other ambitious projects as the Extensible Open Router Platform (XORP), the Open Linux Router project aims to compete in the realms of Cisco routers and PBX. Some of the features include SSL web interface, serial console, wireless support, VLAN support, and packet filtering."
A 14 year old kid put linux on a pentium 2 he bought for 20 dollars and is running it as an open-source router.
When you are looking at filtering, Cisco access lists really aren't cutting it. Even the Linux iptables, which you apparently consider inferior to pf, really shines compared to access lists.
Also, not all applications require killer hardware. The user may want to route over a DSL line, and typical PC performance is more than adequate for that.
In fact, a PC has so much more performance than the central processor of a typical Cisco router, that in case central processor activity is required the PC will always win hands down. Only the hardware-assisted routing on a Cisco can outperform a PC, but that often does not matter.
Try to run a couple of IPsec tunnels and/or datacompression on a Cisco. It will require extra help in the form of a plug-in encryption module. The PC will do that no sweat.
http://michaelsmith.id.au
:%s/Open Source/Free Software/g
YTARY!
I was expecting to read about a router that could compete with Cisco's hardware based on performance, not features. It looks like an interesting project for smaller shops or routing applications that aren't business critical... maybe more of a competitor to low end routers and all-in-one appliances, not enterprise routers. It doesn't look like it has any stateful failover capabilities.
It's tested, mature .. forked and works well with a number or protocols.
http://www.quagga.net/
The website of this wonderul "Super Router" is http://www.openlinuxrouter.com/
It's a bullshit news - there is NOTHING DONE YET. The project is IN PLANS and I don't know how it could be better than e.g. m0n0wall [1] or Lintrack [2]
[1] http://m0n0.ch/wall/
[2] http://www.lintrack.org/
For what it's worth, Linux already powers all the NetGear DG routers at least(Wireless, LAN) etc, and I have to say they work very well.
throw new NoSignatureException();
Is it a hub? Is it a switch? No! It's ...
Home fucking is killing prostitution.
although I do love the effort, it will be a very long time before a group like this could actually compete. Along with the hardware/software that you mentioned there also needs to be some entity that will take the blame when something goes wrong. If that's not there we'll never see a project like this be adopted by any large corporations, even if they were to beat Cisco on the hardware/software front.
Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
In fact, a PC has so much more performance than the central processor of a typical Cisco router, that in case central processor activity is required the PC will always win hands down. Only the hardware-assisted routing on a Cisco can outperform a PC, but that often does not matter. Sure, but how would this qualify as a "super router"? That's like claiming a PC is a super-computer because most people don't need anything more. Heck, you even admit that a PC will go to its knees when you dare use it for Routing.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Did you work in Sales by any chance?
No, you just made it clear that you have no idea what you're talking about. The Solaris machine was likely used to monitor the routes, not to do the actual routing.
Sure, but how would this qualify as a "super router"?
"SUPER" here stands for "Software-based Unspectacular Performance for Enterprise Routing".
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
most typical PC don't the pci bus bandwidth that is needed for most routing. You can't even run one gig-e card at full speed on it.
Pci-e can but most systems only have 2-3 pci-e x1 slots.
im talking the whole backbone was using solaris machine(s) to route the internet traffic
Why do I have visions of a whole load of Ultra 5s daisy chained together with short lengths of Coax?
When I read the summary I thought they'd be competing with Cisco's service provider grade box http://www.cisco.com/en/US/products/ps5763/index.h tml
Guess they'll need to come up with some pretty fast interfaces b/c I dunno if Frys/CompUSA carries OC-192/768 interfaces for the PC.
Sounds like another LEAF project http://leaf.sourceforge.net/
Other than access lists, IOS is horrible. I see no reason why, on good hardware, a Linux-based router can't do just as good a job. Mikrotik is a good example of Linux-based routing software in this regard, though I prefer the roll-your-own method.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Make all the features you do have work well. That's one thing I have to give Cisco gear, whatever features they choose to include on a given system, they all work. Often times their smaller stuff is much less feature complete than OSS equivalents but it all works. I use m0n0wall at home because I want a little, embedded firewall and I'd like features I don't feel like paying for on a Cisco for a home network (though I'm going to have to take a real look at the new ASAs). However I've continually had to fight with m0n0wall over getting stuff it has to work. There's been bugs, and there's a number of features that are called "advanced" and "unsupported" which is apparently code for "We can't figure out how to make it work right so we are going to blame the problem on you and refuse to help."
What makes Ciscos "super" isn't their feature list, it is that they work WELL. Performance, stability, etc, all are great. IOS may make the easy things more difficult than perhaps they need to be but it makes the difficult stuff possible.
Also if you asked me the name is really misleading. The name and description implies that it'd be competing against the high end stuff, spicily IOS XR. However reading a little further it is just something else for making a desktop PC in to a router which competes maybe against their mid-low range gear.
Free / open / alternative systems and routers may come out. Companies, especially larger ones, will still gladly purchase "authentic Cisco" products. When they buy Cisco, it may cost a lot, it may even be a rip off - but its still an established product from and established company. There is plenty of documentation and support for the product.
We've had a huge number of problems with Cisco's stuff, and unfortuantely are basically locked into Cisco for everything.
/different/, /conflicting/ versions of Java - one may require 1.4 and nothing else will work, another will require 1.5... and nothing else will work. (Fortuantely they're getting away from Java for their web-based front ends and just going with straight web pages).
Cisco IOS is badly fragmented across Cisco's different product lines. Entire command sets are different for no easily acceptable reason (i.e. commands that do the same thing are named different, or have their parameters in a different order, or a different format). Their SNMP support is absolutely pathetic (no Q-BRIDGE-MIB on anything, they use idiotic community indexing, SNMPv3 has more bugs than I care to think about (contexts (which they use for community indexing in SNMPv3) barely work, and you can't wildcard them).
Their software-only platforms are almost as bad. ACS is notorious for having absolutely no useful diagnostics. (Someone can't authenticate against your LDAP server? Good luck figuring out why...) CallManager isn't quite so bad, except its backup software locks up every week or so and keeps future backups from running until we get in and kill the task. All their Java interfaces require
Their hardware is OBSCENELY expensive. Our pricing is under NDA, but its still stupid, stupid expensive.
Their technical support is horrid - we groan every time we have to open a TAC case cause we know we're going to waste at least two hours with some idiot before we finally get bumped to someone who actually knows what all the funny little acryonyms in our cases stand for. We have been flat out lied to by TAC on numerous cases, as well.
But, they're Cisco, and the Powers That Be know the word "Cisco", and have seen it around a while, so we go with it.
We've been using MikroTik on our network for about a year and half now. Works great, all the features we need, and the cost is unbeatable. We've been able to build and deploy a truckload of equipment using MikroTik for a fraction of what one Cisco router would have cost. Yeah, we're a small shop, YMMV.
Never argue with a man carrying a water buffalo
OK, I call.
1) A PCIx socket carries the same bandwidth as a 1-lane PCIe socket.
2) Using either PCIx or PCIe (1-lane even!) you can run 1G bidirectionally through a Linux system with as little as a single 2.4G P4HT (been there, done that, got the proverbial smoking copper cable to prove it). The CPU will not be stressed.
3) You can buy up to 6 ports on one full height PCIx or PCIe card. If you buy a multi-port PCIe NIC, it will most likely be of the 4-lane variety (and if not, keep shopping).
4) The Linux kernel's ability to route and intellegently bridge are both high performance capable. Throughput loss comes from engaging netfilter and more specifically conntracking. However, perform load testing on a top-end Cisco with and without ACLs and watch what happens to its performance; the results are very interesting. In short running any kind of ACL (Cisco, iptables, etc...) is expensive.
5) If you are building a performance Linux router, you are not using low-end desktop equipment. I hold in my hands a lower-end Intel AspenHill (S3000AH) server mainboard and it has 1 PCIx socket and 2 PCIe sockets (4 and 8 lane). The Intel Alcolu (S5000PAL) server board has a flexible socket layout (depends on the reiser card you buy) of (1) PCIx and either (2) 8-lane or (4) 4-lane. Either way, that is a fair number of potential interfaces to route across. Drop in a nice Core2 Duo on the Aspen Hill or a Dual Core2 Duo (or Dual Core2 Quadros if you decide to load up 16 interfaces) on the Alcolu and you have a ton of CPU horsepower to handle the interupts and make routing decisions. While not cheap per say, the costs are still less than Cisco routing gear with equivelent horsepower.
The larger issue in using x86 equipment to act in routing duties is interrrupt processing. Using NAPI enabled cards such as those produced by Intel and Broadcom lessens the interrupt load (you get multiple packets per interrupt). PCIx/PCIe single-lane as a dual NIC pair or PCIe multi-lane for multiple paths provides enough bus bandwidth to move the packet data. PCIe makes the process even smoother due to the dedicated contollers per lane (think of it as one socket per bus instead of the old all sockets on one bus model). In addition, PCIe supports simultanious reads and writes (which lowers per packet latency in bi-directional communications). All other flavors of PCI are read or write at any one time.
What you do get when you buy Cisco, is (in theory as in practice it seems to vary) a tried and proven user interface and and solid under pinning of which you the admin require little knowledge. You buy the components Cisco tells you to put in it depending on the job you want to do.
With Linux, you are usually on your own in selecting hardware, setting up the software and using the many interfaces required to configure each component of a Linux system used in a routing function. Very few admins have the time or resources to test hardware compatibility and evaluate the performance of various equipment options. If any group can put together a recommended (read: tried and tested and performance evaluated) hardware set and for it produce a ready to run (read: quick install with a single interface for the all router setup (IPs, ACLs, routes, etc...)), then more power to them. It makes it that much more likely that Linux based routers will show up in performance demanding environments.
Food for thought.
Never meddle in the affairs of dragons,
for you are crunchy and good with catsup.
Repeat after me, it is the hardware that makes CISCO untouchable by software on a PC. The ASICs, the switch fabric on the interfaces, etc etc.
It seems every few months another group gets together and say the same thing... "Surely us uber linux doods can make a better product than CISCO."
Not to say it can't happen, it just will take a bit more capitalization than these guys have.
And since this talk of "SUPER ROUTER", why not compare to Cisco's IOX?
"Those who make peaceful revolution impossible, make violent revolution inevitable" - JFK
Yeah yeah... but who uses 1 GB anymore. Wonce you get to the LER you are dealing with 10 GB/s ports. What I want is a box that will do protocol classification and deep packet inspection at 10 GB/s.
Yeah, but does it run --
Oh.
Well then, I guess we're all set here. Someone else wanna take over, maybe throw in an "all your base" or "Beowulf cluster" reference?
Programmer: an ingenious device that converts caffeine into code.
You've obviously never heard of kHTTPd.
http://outcampaign.org/
I liked mikrotik from the time i started using it, but what really cinched it for me was this:
after a few months of using at the borders of my office lan ad getting used to its policy based everything, i called up our hoting provider to ask them to make achange to the production PIX
We had people scraping our site and wanted to redirect them to a static site. Outright blocking them would tip them off more quickly (abd obviously) to the change.
I asked our provider to set the NAT on the firewall to forward packets to host B for these particular douchebags, and host A for the rest of the world. My PIX knowledge was so rusty, and this bargain-basement routerOS box did it so readily, that it never crossed my mind that the PIX woulnd't do it.
Sure enough, "uhh... yeah this box won't NAT to different addresses based on the source IP."
me: but..but.. my $40 firewall does it!
*sigh*
the biggest thing missing form RouterOS is decent failover. can't someone port CARP linux already?
Uh, doing ACL's on most Cisco equipment will have no affect on throughput and little affect on latency so long as you know what your are doing and are willing to live within the hardware limitations. So long as you live within the rules that can be compiled to and fit within the ASIC's on a given platform you can run at linespeed with little additional latency. Sure it takes some knowledge, but if you have it you can do things that only the other Tier-1 vendors can touch, no PC based platform is ever going to touch them.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Wouldn't OpenBSD be better suited than Linux? Not looking to start a flamewar here, but what with PF and OpenBGPD et al...
Just a thought.
And remember kids: Never trust a computer you can actually lift.