Slashdot Mirror
Cisco To Develop Third-Party APIs For IOS
MT628496 tips a Computerworld article on Cisco's announcement that it plans to build IOS on a UNIX kernel, in modules, and allow third-party developers to access certain parts of it. IOS has traditionally been a closely guarded piece of software without any way for anyone to add functionality. No timetable was given for when APIs will be available. A Forrester analyst said, "...the network is one of the least programmable pieces of the infrastructure. The automation and orchestration market is far more oriented towards servers, storage and desktop environments. The ability to dynamically change the network is a missing component." The article mentions that Juniper Networks had announced on Monday its own developer platform for Juniper routers, and it's available now.
IOS is universally accepted. The model of its tiered, context-determined command structure has been emulated by many. This is including Microsoft, with it's cascaded netsh and other command utilities.
That said, this kind of command navigation sucks. You are trapped in a maze of twisty, little prompts, all alike.
The structure of these commands were determined in antiquity, when embedded networking devices were resource starved for storage and memory. That's pretty clearly not the case today.
Screw IOS, its resistance to simple scripting, and its defiance to be committed easily to memory.
"Flyin' in just a sweet place,
Never been known to fail..."
are they opening their backdoors too?
Wouldn't this make the networking equipment more prone to attacks?
I wonder if they'll license something like QNX, or port one of the BSD kernels over. I can't imagine they'd use anything with the GPL, this being proprietary-out-the-ass Cisco after all.
Here's to the crazy ones
There are specific reasons a business might need a "real" router though. Cisco's equipment is very modular... it's very easy to throw a VPN encryption module in a router and do tunnels at the router level instead of worrying about RRAS or and OpenSWAN server.
Linksys routers have their uses, especially if you flash them over to Linux with DD-WRT, but they only go so far when you have a branch office of 200 people you need to have securely on the main corporate network. A Linksys wouldn't have the horsepower for something like that.
Here's to the crazy ones
Ever seen a commodity router under a FULL 100Mbit/s load, let alone gigabit? They drop packets, mangle packets, route wrong packets... That is, until they hit a buffer overrun, overheat or just reboot repeatedly for no clear reason. They're not meant for serious use. They're designed to be actually capable of handling whatever Joe Average can do with his home network and nothing more. Because they're commodity hardware. Cheap crap, that is. Period.
People buy those expensive, rackable switches and routers because they want something *reliable* for *serious* use that absolutely requires reliability.
This is Slashdot. Common sense is futile. You will be modded down.
When Company A announces they've done something already- and Company B announces they will, that's more like the "Company-B-caught-with-pants-down-and-family-jewels-showing department."
Cisco's response is laughably cliche...
Please help metamoderate.
Because I've already seen some cheap routers hang when they had hundreds of connections open.
Because sometimes you need more than just 10 forwarding rules.
Or because you need to handle VLANs.
It's true they aren't cheap but when you need some advanced features well just go buy the real thing.
int main() { while(1) fork(); }
Isn't Cisco selling IOS-XR based on QNX to accomplish the same thing? Did it not work out, or is it too expensive, or does BSD just sound like a better plan for a modular router OS?
JunOS, which sits on a FreeBSD kernel, has had the modular ability since forever now. Certain versions of JunOS allow individual core system processes to be restarted without taking down the router or requiring a reboot. Glad to see Cisco is getting with the program.
Soory, but I must feed this troll.
Most people do not buy 800 series routers, but if they do, it is typically because of managability and security. When it comes to being able to manage a remote network device and use a central authentication system, Cisco beats the pants off of ANY comsumer grade device.
Once you get to 1800 devices and above (even 1600 and 1700, but they are EOL) you have features that far exceed any consumer device.
Real routing capabilities (RIP, OSPF, EIGRP, ISIS, BRP, etc).
Modular interface cards. You have Modem, ISDN, xDSL, Cable, 56k, DS1, ATM, DS3, SONET, etc.)
QoS. Should be self explanitory
Various security functionality. VPN, tunnles, RADIUS, TACACS+, etc. (I am not a security guy)
Voice Terminate voice, act as a phone system (2800 and 3800) run VXML, etc
These are just the routers. Switches are just as much above the consumer grade as the routers are. QoS, port density, VLANs, true Layer 3, etc.
Both have their place and in some cases, a consumer grade equipment has its place in the corp environment. I have used them many times. T
To say Cisco is a rip-off is pure ignorance. (Do not use the list price to justify yourself either. NO ONE pays list for Cisco gear. As a general rule 35% - 50% is the rule.) Sure Cisco is not the cheapest or the best, but they provide a complete end-to-end solution and everyone knows Cisco. Heck, even Nortel switches and Extreme (I think) made their interfaces to emulate IOS.
Enron Broadband was working on this with Cisco starting in 1998. In fact, they bought two companies to try and make this happen. They told everyone that automatic provisioning was the wave of future.
Think of a Tibco like messaging layer allowing automatic provisioning of more or less bandwidth between carriers throughout the day as companies need it (for real time communications or nightly data warehouse creations.... Whatever).
10 years later it actually gets implemented.
I don't know - I wish unix had the command parameter prompting system that the shell in IOS has. It's actually really useful. Not sure what the parameters are for any command? Press the question mark key.
Actually, the prompts change with context. Configuration mode has a different prompt, and within that mode the prompts change with context indicating what you're configuring
That said, I really wish IOS would positionally preserve all comments in the config file, not just in access lists. That would be really useful, as in being able to more fully document the configuration.
"We are all geniuses when we dream"
- E.M. Cioran
The three laws of network hardware:
1) Quality network hardware is expensive. Often frighteningly so.
2) If reliability is even remotely important to you, the expense is easily worth it.
3) Failure to comprehend #2 will almost inevitably cost you your job.
-- If you try to fail and succeed, which have you done? - Uli's moose
People buy those expensive, rackable switches and routers because they want something *reliable* for *serious* use that absolutely requires reliability.
It's a matter of the right tool for the right job. If all you're doing is routing a T1, you're certainly not going to be processing 100Mbps. In fact, you'll be routing less than Joe Average might route on his cable connection.
It's hard to say about the reliability, however as long as it's within it's capability, any device with no moving parts can be extremely reliable.
OTOH, If you're routing a datacenter through a Linksys you're both certifiable and about to become unemployed.
Have fun connecting your Linksys, D-Link, or Netgear router to a T1 connection, or any other WAN technology that doesn't use Ethernet.
...even we're not sure. Different parts of the company have experimented with all of the above options.
Check out vyatta.com, I've been using it for vpn,nat,dhcp and other such things at work for a small 300 people network. It's a Linux(debian) box under the hood. Works great and the I dare someone find a major speed penalty at that level (a 2800 cisco router will do most of it's shit in software anyway so on this front a vyatta box has more processing power).
Does linksys or d-link support ssh? (I'd really like to know). Does linksys support T1, frame relay, and DS3? What about E1 and E3 support?
If you reflash a Linksys with DD-WRT, it DOES support BGP and ssh. It's going to be fast ethernet only, and no support for automatic failover.
You know, I am not entirely sure. I was trying to corral the kids at the time. Strike the word true.
Cisco IOS has already been running in house (for development purposes) on Unix for years. They call it IOU (IOS on Unix). It is a closely guarded secret. Supposedly it is fully featured and can emulate as many routers with as many interfaces as you want, all on one Solaris system. Supposedly Cisco employees get in trouble (fired??) for even mentioning its existence and certainly if they ever gave access to somebody, and only a very small number of Cisco employees even have access to it. It wouldn't be very difficult for them to take this development version that is apparently rock solid since it's been around for a number of years and roll it into a production product. Obviously this is all hearsay since I've never even seen it, but from what I'm reading, it sounds like they've been holding this trump card for a long time just waiting to unleash it if a competitor seemed like they were gaining too much ground.
Right, but the OP sounded as if he wanted to use consumer devices for everything - which certainly isn't the brightest idea. Anyway, cheap routers and switches can as well fail under their normal working conditions, been there, seen that, always keeping a spare just in case. I'm currently in charge of an improvised dorm network (about 80 computers, 30Mbit/s connection to the outside world, almost saturated all the time), with a 30-port industrial-grade Cisco switch just by the router and dozens of crappy consumer switches acting as repeaters scattered troughout the rooms, as the building is too large to lay cables directly. Long story short, there is a failure about every two weeks somewhere. Usually a switch just dies, I throw it away and put a new one in there, but sometimes those little bastards look just fine, blink their lights happily - and wreak havoc in the network, sending half a packet here, half a packet there and even more random crap somewhere else, clogging other switches that are just too dumb to ignore a broken packet, so they reboot every couple of seconds. Not much fun, trust me.
This is Slashdot. Common sense is futile. You will be modded down.
Sounds like you could benefit from wiring closets in different sections of the dorm. Surely it would beat having little Linksys switches scattered around as repeaters.
My Sysadmin Blog
Of course I could, but that's a significant cost for the shool administration to cover, and the administration is, obviously, glacially slow when it comes to accounting and finances. Eventually it will be done, but not anytime soon...
This is Slashdot. Common sense is futile. You will be modded down.
Extreme Networks has had a fully modular, Linux-based OS for years, called XOS. Individual processes can be cycled without taking down the box, the OS supports scripting (TCL-based), and they provide an API for extending the functionality of the OS though add-on modules.
Juniper does similar things (though I'm not sure to what extent) with JunOS, and Force10 has a *nix (BSD?) -based modular OS in the works as well. It may even be available now.
Good for Cisco. It's about time they stop playing the "We're Cisco, we don't HAVE to be competitive!" card.
RouterOS By Mikrotik.
Personally, I used Linux based routers at work. They are dirt cheap, they perform extremely well, they never crash(except when the cleaning lady unplugs them... But that's another story), and they are infinitely more flexible than a Cisco router.
"This is a nice sense of direction statement - it says that Cisco understands that SOA and Web 2.0 are fundamentally changing how applications are built"
"According to our router's logfile, your port on the switch has been modded down below the switch's current threshold."
router#show int eth0/0
adds by google:
Get a Juniper router today!
Best deals on Cisco routers: www.cisco4less.com
Sid : 5
Traffic Priority : 0
Maximum Sustained Rate : 64000
Maximum Burst : 0
Minimum Reserved Rate : 0
Minimum Packet Size : 0
Maximum Concatenated Burst : 1522
Scheduling Type : Best Effort
Nominal Grant Interval : 0
Tolerated Grant Jitter : 0
Nominal Polling Interval : 0
Tolerated Polling Jitter : 0
Unsolicited Grant Size : 0
Grants per Interval : 0
Request/Transmission Policy : 0x0
IP ToS Overwrite [AND-mask, OR-mask] : 0x0, 0x0
Current Throughput : 0 bits/sec, 0 packets/sec
"Well, good luck finding a judge that doesn't run a bestiality site."
My cheapo Linksys router has VLAN support.
Agreed, the OP was way on the other extreme.
In your case, it sounds like there must be some sort of problem there with power or perhaps grounding. I agree that consumer grade switches fail more frequently, but unless you have more switches than computers, one every two weeks is excessive even for cheap switches.
Does anyone have one of these in their dorm?
Cisco has been running QNX in their high end routers for several years now. They call it "IOS XR", but it's QNX. Classic IOS, unlike QNX, isn't a protected-mode OS. In classic IOS, everything runs in one address space. They need to get beyond that. So maybe this is just opening up classic IOS as an end of life measure.
Actually, I have tried home routers with the 3rd party firmware. They only get to 20 mbps, and then are unreliable and with NAT they crash if you have over a few hundred connections open with the max at like 4096.
Now linux or bsd based or DD-WRTx86 are nice for power users at home.
but yes, for businesses, anyone using anything other than Cisco professional equipment is just plain dumb if they have more than a handful of users.
Amen.
/dev/null or emacs running Eliza. If you want a network that will Just Plain Work, you buy Cisco.
If you want a network that may or may not work but is cheap, buy any old thing and maybe route your customer complaint line to
My former life was hell until I insisted on the above.
If you reflash a Linksys with DD-WRT, it DOES support BGP and ssh. It's going to be fast ethernet only, and no support for automatic failover.
And does it support 128MB of RAM? Because you need 128MB RAM for a full Internet BGP feed.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
I can't believe the first post actually thinks that cisco routers are worthless, what the hell does he think is on the other end of his internet circuit? A linksys router? Cisco routers are very very stable, i work for an ISP and we use cisco throughout. We have plenty of 100MB megastream ethernet circuits going into cisco routers and they never seem to fail. What about MPLS, you really think it is possible to implement MPLS over £50-100 routers? GET REAL!!!
Hate to say it, but security thru proprietary technology is nice in this case, IMHO. The less the technology controlling our network is exposed, the better, in some cases. Sadly, vice-versa is true. It's a trade-off, but it is still better than everyone being able to look at it and go "Oh, THAT'S how we shut down and infiltrate major networks!"
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
A lot of supposedly higher end kit falls over well below it's rated capacity too...
Try synflooding across 100mb interfaces on a 7200vxr, a lot of cisco kit is based on the same pci-bus design as a pc but with a slower cpu. The NIC will generate an interrupt on the bus for each packet, lots of small packets will saturate the pci bus and take the device down wether it's a cisco 7200 or a pc with 2 nics.
You can improve the situation by using 64bit pci, pcie, pci-x etc but the problem remains it's just got a higher threshold.
The layer 3 switches on the other hand, use a very different architecture and can easily handle this level of traffic.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The grandparent post mentioned moving parts, many decent switches have fans while cheap small ones don't... Tho this is for quite the opposite reason, fans will keep the device cooler and increase its life. If the fans fail, your just in the same boat as a cheaper switch.
Those cheaper switches often have no protection against connecting two of their ports together with a crossover cable either, that can cause utter chaos.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
So do my linux and macos based laptops..
As a test tho, login to a fast box hosted somewhere, and run a syn flooding tool against your home box over the cheap consumer level router. Flood yourself with small packets, and see how many of them actually make it past the router to hit your box.
I managed to receive about 300k of small packets, on an 8mb dsl connection. When hit with small packets, 300k is all the router could manage. The box flooding me was generating more than 8mb of packets, and needless to say my connection was completely crippled by the flood. But it does mean that i could have killed the router by sending 400k of packets, far less than the connection itself should be able to handle.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
That's it in a nutshell, and it's a real shame. Cisco is the new "nobody got fired buying IBM". People are just so scared to try anything else on their networks, and it really holds back competition. Got a budget to build a network? Buy a Cisco, and no one will blame you. If it goes wrong, well hey, you did the industry standard thing- that's just how networks work, right?
More seriously, IOS is a high-performance but extremely poor interface toolkit on top of a lot of proprietary hardware. It doesn't matter much which kernel runs on it, unless they've been tuned out of all recognizability to deal with the high load, low latency issues of routing. And the kernels are pretty near the limits of their ability to tune performance to the hardware: the next level up is the compiler, and the next level up is the actual interface. And the extreaordinarily poor behavior of the user interface simply swamps kernel optimization for most 3rd party work.
My company has found that the most cost-effective way of building a high performance router is to buy Symantec 5440's on ebay. These boxes are basically a xeon, 1GB of ram, with 6 gigabit interfaces. Throw mikrotik routeros on it and it can route 3 gigabit without pushing the hardware much. I would have thrown some more at it but i didn't have enough machines with gigabit interfaces lying around at the time.
That's not an OS issue. It's a command interface issue. Much of it is built into bash.
The user interface people writing IOS need to read Eric Raymond's document on user interface, at http://www.catb.org/~esr/writings/cups-horror.html. It applies to closed source interfaces as well.
At the moment, IOX only runs on CRS-1 or [propoerly upgraded] GSRs, which pretty much excludes anything in their "enterpise" product portfolio.
Fact is, Cisco has been trying to be all things to all people and dominate every sector of the market that involves gear or software beyond the PC for such a long time that they have lost focus in their core business of making routers, where they are accustomed to market domination. Competitors have caught up to the point where anything short of carrier-grade Cisco hardware is either (a) a joke (b) overpriced, or more often (c) both. The carrier stuff at least has [most of] the performance where it counts, but if you're not a first-rate negotiator with a lot of boxes to buy it still prices itsself out of competitivity.
Basically, they just don't seem to get that IOS and their processor-forwarding-based platforms need a major overhaul in order to be capable of providing scalable carrier-grade service on their entry-level platforms.
Extreme's CLI resembles IOS like my brother's '74 VW bug resembles a Porsche 993.
Network processors are moving towards remedying this. The Gemini SL3518 costs 20 bucks for q1000. This is not just a different ballpark from embedded solutions based on typical processor-based forwarding, it's a whole new league.
And don't forget these two rules.
4) The difference between the cheap and the expensive hardware is sometimes just the deliberate crippling of the cheap hardware by the vendor, easily repaired.
5) Properly deployed cheap hardware in good redundant configurations avoids the single points of failure you'd otherwise spend all the money on dealing with number 1)
I've just walked through some software and network reliability analyses, and had to laugh, softly, at how many times someone had spent their whole budget on a very expensive piece of hardware with no UPS, no dual-port network setups, no failover plans, no security policy, no configuration backups, etc. I strongly urged them to take the money from their next planned infrastructure upgrade, fire their network planners who were spending all their time doing "management plans" and Gant charts for labor distribution and attending "visionary" meetings, and find 2 interns with laptops to run around and actually get the configurations off of everything to build a new network map that actually meant something before they wasted any more time.
Then I suggested they take their expensive, proprietary, untested, and as it turned out completely useless backup system, sell it on Ebay, and use the money to buy 3 external USB hard drives and pay the unemployment costs of firing the engineer who had just offered their last year's upgrade budget to the cargo cult god of backup systems instead of spending time getting them a network map.
He'd benefit more from blocking Bittorrent, I hate to admit.
I have never seen anything worse than CISCO. This is acopy of my e-mail to CISCO quality service. They never got back.
Dear Sirs, after getting some first hand experience with cisco inc. we decided not to deploy any cisco product.
The problems are:
1. Cisco products are convoluted from technical point of view. This would not be a show stopper if compensated by a good technical support, but,
2. Cisco technical support engineers are incompetent, see the TAC XXXXXXXX case, it takes for them days just to identify the problem. In addition to that they behave, what I consider rude to put it mildly: they go home (they work various time shifts) in the middle of the troubleshooting without informing a customer that they are gone. Don't they understand that people will wait for them hours after they leave. They must send a customer at least an e-mail: "I am going home, will be back tomorrow at 3:20pm EST, do not wait for me today" They have very poor communication skills - if a hard problem found they would waste hours of customer (and their own) time just hitting a brick wall instead of contacting their colleague for a help.
3. Cisco does not give a penny about customer security. For example engineers consistently use unsecured telnet left and right to access customers routers. First they type "show run" to see all settings. In my case this is not a big deal- there are were no certificates and VPN keys in the router yet, but for a customer with say 100 VPN connections set - don't you realize that after such "cisco suport" one need to call 100 people, ask them to bring their laptops and change keys and certificates in 100 laptops. This is a lot of work and most people don't do this and just live with security compromised by cisco's access.
4. Despite advertisement cisco 1811 does not support load balancing well, this is what I understand after talking to your engineers. This is a feature we must to have. This is a standard functionality provided by many other routers: for example Netgear FVS124G, Zyxel ZyWALL 70, xincom XC-DPG603 just to name a few.
As a result of all these technical, support and personal (I spent many hours waiting for somebody who just left home without a notice) we decided not to use any cisco product now and in the future. We replaced cisco 1811 by zyxel ZyWALL 70, configured it in 20 minutes and have no problem since. We also have an intention to replace all other cisco product we currently deploy in a near future.
http://zsh.sourceforge.net/FAQ/zshfaq04.html#l44
Garry Williams
I would be surprised if they went and developed something else entirely because QNX itself is POSIX compliant and has been in development for quite a while now, i can't think of any reason to drop it and develop something BSD based for the rest of the routers. It would make little sense outside of the realm of "ZOMG BSD is teh kewl".
For a while IOS XR was only on the CRS-1, and the edge devices have been regular IOS, with all its disadvantages like the single memory space, total lack of memory protection, lack of preemption, so it's definitely time to replace it. The QNX based version has been in development for a while now I'm guessing Cisco feels they can move it to the rest of the platform.
Again, if Cisco spent all this time developing IOS XR only to drop it for something BSD based i would be very surprised.
The command interface isn't the problem with IOS, the rest of the platform is. You don't really have to remember every little command and every option in IOS because the entire system provides help for every step of every command.
Linux as a routing platform is in some ways much worse than IOS unless you use some sort of usable interface on top of it. My home firewall is an Astaro box (linux) which I'm quite happy with but i would never dream of editing firewall rules (or anything else) by hand on it, like with the CLI interfaces available, its even worse than IOS for that sort of thing. The sole exception would be XORP, but then thats really just an IOS interface clone anyway.
No need to strike it you're quite right.
A layer 3 switch is one that can do IP routing at wire speed, usually by doing the routing in hardware.
Normally switches are layer 2 only and don't understand IP, they just pass stuff based on MAC address. You then need a separate router to do the layer 3 work.
Consumer grade stuff like the wrt54g does support layer 3, otherwise you wouldn't be able to connect to anything. But it uses software routing, not hardware, which is nowhere near as fast.
Not sure I like the sound of this. It's going to confuse the support for applications quite a lot.
Right now if there's an application problem it is fairly easy to tell where it comes from. You can quite quickly rule out a network problem by checking the basic network traffic works and look at other similar traffic for issues.
However if you move a load of your application logic onto the networking hardware and something starts running slow, unless your app has a lot of benchmarking built in for troubleshooting purposes then you're going to have a hard time working out where the issue is. In my experience there are huge numbers of apps around that have no benchmarking whatsoever, the only information you get is "system X is running slow".
You don't necessarily need the full internet BGP feed to run a dual homed setup, it depends how you use them.
If the routers are at your site and connect directly to the ISP then you only need a default route on each. You may only have BGP to advertise your own network out to the internet and keep it reachable if the link fails over to the backup ISP.
But then if you are paying thousands each month for a dual homed BGP capable connection you aren't going to worry about saving a few thousand and use a consumer router, you're going to spend the cash to buy kit that has loads of redundancy built in.
Install Shorewall controlling the firewall. Shorewall is far easier to use than raw IP Tables or Cisco ACL's. The whole delete the list and start over part is a real turn off and the syntax is completely stupid. For routing protocols install Quagga. At any rate, if you don't like rolling a Linux router yourself you can always try Vyatta.
The first post says no such thing. It simply says that IOS has a very antiquated command system, which it does. If IOS were to break backwards compatibility they would have the opportunity to create a much easier to use and much more flexible ways of doing things. It would be really good in the long run, but is not likely to happen because the short term consequences would probably be so painful.
Yeah, but there is something for doing the cabling right the first time and not having to worry about it again.
My Sysadmin Blog
So break it up over a couple of years. Get the money to do one section of the building at a time, then it wouldn't be as hard to convince the school to go along with it. I have to do that to get the money to rewire both of my plants - corporate won't surrender their entire capital budget to let me repull all the Cat5 in the plant, so I have to pick and choose which areas need the work the most.
This year's goal is to remove all the Thinnet from one plant and move most of an IDF up into the computer room.
My Sysadmin Blog
Those cheaper switches often have no protection against connecting two of their ports together with a crossover cable either, that can cause utter chaos.
That happened on a production network I support (but didn't design...currently redesigning to avoid this problem). A maintenance supervisor accidentally unplugged the switch and then plugged the two ends of the same cable into the switch. Chaos ensued for the day as our entire network came to a standstill.
My Sysadmin Blog
Yes you can.
MPLS ain't magic.
Consumer grade stuff like the wrt54g does support layer 3, otherwise you wouldn't be able to connect to anything. But it uses software routing, not hardware, which is nowhere near as fast.
As someone pointed out, the consumer grade stuff routes at about 20 Mbits/s although in my experience it is more like 30 Mbits/s. If your needs are below that, then performance is not an issue although reliability for consumer grade network equipment is awful.
You can very easily script IOS, just use the copy command to copy a file onto the running confog. This is basic IOS that you should have learned in school.
So... This is event driven how exactly?
I have never had a problem with state table size even with thousands of connections (although I know other that have) but physical reliability has been an issue. I have obsolete full blown PCs running FreeBSD in the form of m0n0wall, pfsense, or just bare that have higher uptime then the routers and switches I have used made by D-Link or Linksys which have a propensity to spontaneously turn into bricks. Netgear (especially the Bay Networks stuff) and SMC seem to hold up better but I do not have many of those.
These days I lean toward using BSD on embedded x86 hardware by default.
Usually a switch just dies, I throw it away and put a new one in there, but sometimes those little bastards look just fine, blink their lights happily - and wreak havoc in the network, sending half a packet here, half a packet there and even more random crap somewhere else, clogging other switches that are just too dumb to ignore a broken packet, so they reboot every couple of seconds.
I have had exactly the same problem. Given my EE background, my suspicion is that these devices suffer from power supply loop stability issues or a lack of decoupling so one of these days I will be taking a bunch that have failed to run loop stability and impedance measurements on the on-board regulators.
What is "right"? Expending a few thousand per closet on well-equipped wiring points, in dormitory space where living space is cramped and valuable, or lowering the load on the switches so that they run reliably enough for casual use and using the same money, if it was ever available, to actually wire the rest of the dorm rooms? Or spending the money on pizza and beer to supply a few geeks to actually work out what the real issues are and fix those?
Spending money on "server-grade hardware" is not an automatic solution to a problem that has not been actually identified.
Or air flow. When the switch is buried under someone's pile of dirty laundry or gets pizza and beer spilled on it, it's going to fail pretty regularly.
WizardX is spot on. I'm a Cisco/Solaris administrator and even the old cisco switches are better than a D-Link/Linksys/SMC or whatever. I have a few nice bit's of equipment at home (plenty of awesome ones at work: Cat4506's, some 6509s, 2960's, just got a new 4948, lots of 2600/2800/3745/3845's, and my favorite the 7206VXR) and I have load tested them. Take the very common combo of a Cisco 3640 router (2x NM-2FE-2W) and a 2924XL switch which together can consistently route at 100Mb/s when using CEF. Now, if you want to do anything crazy like policy routing you drop to about 16Mbit/s of throughput on this box. Obviously it can get more complicated than that, but thats pretty solid performance for some gear that's been EOL'd for many years now... Now I also have some random consumer grade stuff too; the linksys router has a tendency to lockup after several weeks; the SMC combo router/AP drops packets on the switched interfaces all of the time. I can never hit 11MB/s through those devices, but through the Cisco gear I can saturate the links every time.
Don't get me wrong, the Cisco gear has it's issues (Some IOS versions can be unstable *cough* T train) and the 6509 flagship platform has it's idiosyncrasies (6348-GE over subscription - retarded design decision, 1Gb/s ASIC to switch fabric shared across 12 GE ports).
Just recently a friend who owns a small but growing fast recruiting firm (http://www.ehcmi.com/) had trouble with his comcast business service, so he came to me for help. The SMC router they gave him sucked. 20 PC's behind it and it would lose track of DHCP leases (it had some other minor issues, but that was the show stopper). I recommended he replace it with a Cisco 1811 and they couldn't be happier now. Really, the performance increase was noticeable. Sites loaded with less delay and everyone in the office was pleased. Sure the cisco gear came at a premium compared to the SMC, but just making the office happy and not having machines that randomly couldn't talk to the router made up for that several times over. This is a company that needs it's Internet connection just to operate, so it was a very worthy investment for them.
I recommend Cisco's low end devices to people when they ask me. IOS is probably the most important part of the equation. Providing hooks into IOS could be neat, it will be interesting to see what people pull off with this capability.
...thanks to Dynamips.
I was going to say that it's only of use for training purposes, and can't be used in the real world. But then I noticed a lot of people in this thread advocating the use of consumer routers, and they probably would put emulated IOS on an old PIII and expect it to route 1Mpps. So knock yourselves out, retards.
You don't have to delete the list and start over. Mysteriously, if you add and delete lines from a named ACL called "1" it somehow modifies the numbered ACL 1. Whodathunkit?
Most of the commends I've read so far slamming IOS appear to be from unexperienced people.
Ever hear of TCL? That's a script language and available right on the router. You want to script command line changes? That's not a very smart thing to do from a change control and configuration control perspective. Experienced engineers don't write up some script to dynamically change router configurations and just let the thing fly on production equipment, even if during a maintenance window. They document what the existing configuration is and what they are going to change. Then they have it peer-reviewed, then the implement during a maintenance window. If you want to use a scripting language to generate the configuration you will implement during your maintenance window, run that on whatever platform and using whatever scripting language you want. I use Perl personally.
Which brings us back to Cisco routers not being as flexible as a Linux based router.
What's nice about IOS is unified config; managed from one place (the CLI). Sweeping changes to multiple services can be made in seconds, not minutes, and the changes can be temporary (reversible by reboot), until proper operation is verified.
But also made permanent easily, with no chance of typos in the process of making them permanent. When you're all done and ready to make things permanent, one write mem does that for you, with IOS.
With Linux you may change a kernel option using sysctl, ifconfig, iproute, etc, to initially try the change. But when you go to want to make this successful change permanent now, you have to manually fire up a text editor and edit a bunch of different files.
Your average Linux distro has about 30 different config files for each different little thing, and you need to manually start a text editor and type the whole path to each little file you want to edit to turn config changes permanent -- usually in a different format than the 'ip addr' commands you used to effect the change, when you are editing /etc/sysconfig/network-scripts/* files..
Either that or you wind up pasting commands to /etc/rc.d/rc.local to configure your network
devices, which is just ugly (and prone to breakage).
Then you save the file and have to manually reload (or restart) processes, and hope you didn't make a typo while making the change permanent (for instance, if you were changing the host's ip address).
It's fine for servers -- networking configuration for servers generally does not change. But for routers, you need a CLI that provides convenient access to a centrally managed configuration. Rather than hundreds of ad-hoc configuration files; each service or device using its own.
I have been scripting against Cisco devices for years with perl and Net::Telnet. It isn't so hard.
that the shell in IOS has.
"We are all geniuses when we dream"
- E.M. Cioran
When two routers are set up in failover, by definition one of them is primary. If only default routes are used, all traffic goes through one ISP, not both. If you're paying for the extra bandwidth, why not use it?
"We are all geniuses when we dream"
- E.M. Cioran
I do find the tab completion handy. The shell in IOS tab completes/lists all the parameters for a given command as well. I haven't found a way to get bash and zsh to do that.
"We are all geniuses when we dream"
- E.M. Cioran
The measurement that really matters then is latency, obviously it can process a ton of data relatively quickly but how fast can it process a small amount of data?
I have always found the latency on even consumer level equipment to be insignificant. It is higher than a layer 2 store and forward switch (it would have to be since traffic between the WAN and any of the multiple LAN ports traverses the internal switch) but still relatively low. That is only the case of course when not saturated.
There could be exceptions. It would not surprise me at all to find that some consumer equipment does not maintain state tables to speed up rule searches causing excessive latency. As I posted earlier, I try to stay with embedded x86 boxes running BSD or similar when I can because among other reasons how they operate is well known. I am not sure about the newer ones that have recently become available but the older ones also have a total throughput in the 20 to 30 Mbit/s range. I would hazard a guess that the newer ones are twice as fast.
Yep that's a fair point, although with something like GLBP you could load balance with a single default route.
I'd assume the reason for using failover is the backup link costs less due to it not having much traffic running over it.
It must be reasonably common, I found this article today on how to make this failover work with BGP using AS-prepending and it claims 6.5% of BGP routes were prepended (e.g. weighted so they'd favour a different path) in 2001.