Slashdot Mirror

← Back to Stories (view on slashdot.org)

Powerful Linux ISP Router Distribution?

Posted by timothy on from the love-doesn't-scale dept.

fibrewire writes "I'm building a Wireless ISP using commercial grade, low cost equipment. My main stumbling block is that I cannot find a decent open source ISP class routing distribution. Closest thing to even a decent tool is Ubiquiti's AIRControl — but even it doesn't play well with other network monitoring software. I've used Mikrotik's RouterOS for five years, but it just isn't built for what I need. I don't mind paying licensing fees, but $300K for a Cisco Universal Broadband Router is out of my budget. Has anyone seen any good open-source/cheap hardware/software systems that will scale to several thousand users?"

6 of 268 comments (clear)

  1. Re:Just use any Linux distro by grub · · Score: 5, Informative


    Does it have to be Linux?

    Why not try OpenBSD and its excellent BGP implementation OpenBGP! It powers some pretty hefty businesses and ISPs.

    -

    --
    Trolling is a art,
  2. Vyatta by Anonymous Coward · · Score: 3, Informative

    http://www.vyatta.com/about/press_releases.php?id=75

    try the beta v6

  3. Re:Hire someone who knows what they are doing. by nine-times · · Score: 3, Informative

    I think you have a good point, but I don't necessarily agree. First, we don't know what market the submitter plans on operating in or who his clientele are. We don't know what his experience is, how much resources he has, or exactly what level of service he intends to offer. Like the guy who criticized the submitter for refusing to buy a $300k Cisco router, I think you committed a common mistake in thinking that IT is just a series of 1-size-fits-all solutions, and that if you going to use the "right" solution to each problem, you shouldn't bother.

    The era of entrepreneurship and hacking things together isn't over, and it probably never will be. Our tools and hacks may become more advanced, but hopefully there will always be people trying out new techniques and business models, testing new start-up technology, and finding different ways of accomplishing the same goals. The answer isn't always to pay an expensive expert or to use established tech.

    As for this:

    You could get by with this in the late 90s, but when you're going to compete with cell phone companies, cable companies and standard POTS companies, you probably need to have a bit of a clue.

    That's true, but neither my phone company nor my cable company provide wireless access where I live. Cell phone companies provide wireless, but it's pretty spotty and slow, and I live in NYC. There are plenty of areas in the US where no service is available except through dialup. Obviously these large companies aren't interested in competing in all markets, so if you come up with a business model and think you can make it work, then I say go for it.

  4. Re:Mutually exclusive by Fez · · Score: 5, Informative

    You can have low-cost commercial grade services run using off-the-shelf hardware.

    pfSense includes support for CARP, which lets you build high-availablity failover clusters. You can have two (or three or four...) cheap systems and if one dies, just fix/replace it as needed. The backup system(s) automatically take over and nobody would likely even notice the changeover.

    When it's cheap, that is much easier to consider.

    If you want no moving parts, you can use an ALIX box, Soekris, or perhaps even some atom-based boards. If you want to use server-grade boxes to make yourself feel warm and fuzzy, you can do that too. Supermicro even has a server-class atom board in a 1U rack which runs pfSense very well for us.

  5. Re:Are you serious, or just killing time? by mysidia · · Score: 3, Informative

    Show me the Franken' Catalyst 2950/6500 Sup720 3BXL, Franken Cisco 12006, or Franken Juniper M7i/M320, and then I'll be impressed. Your desktop PC will not contain TCAM or other components required for a minimal level of forwarding performance needed by an ISP.

    After all these years, a desktop PC still cannot perform the task of a simple 8 port switch, at nearly the same packet rates as the switch. The packet rates that can occur on an Ethernet network easily overwhelm the desktop PC's limited interrupt capacity and memory I/O bus bottlenecks.

    For an Enterprise branch office edge a desktop router is fine. Because Enterprises only buy a limited amount of capacity from an ISP. Also, Enterprise branch offices have only clients, not servers, so they aren't really subject to a DoS (rejecting unwanted packets is half as expensive as fully forwarding normal packets).

    Of course, Enterprise server farms never use a firewall at the edge on the path into the servers, unless the periodic unavailability due to DoS attack taking out the firewall is not an issue.

    But for an ISP, if you are planning on being a serious ISP, your core business is providing a professional service. Use a well-designed solution, not something you've cobbled together from off-the-shelf parts. You get real value buying gear that performs forwarding in hardware

    In the long run, one 24 hour outage or service degradation, can cost more than engineering the network properly, and using good managed pieces.

    The fact of the matter is the FrankenPIX was based on the original PIX platform, and Enterprise firewall, that used to be just a PC with some fancy packaging and a proprietary flash card. That platform has been obsolete for many years, and is not suitable for an ISP, anyways.

    In case you didn't know, Firewalls like the original PIX can't handle that much traffic, and they are easily DoSed into oblivion by a simple flood.

    Anyways, decent gear for service providers these days offloads work to hardware. And runs on a real-time OS that can provide something closer to a service level guarantee than a commodity OS can.

    In case you didn't know... Linux is not a real-time OS, and cannot provide timing guarantees a RTOS can.

    Generic Linux running on commodity hardware cannot provide proper separation between control plane and forwarding plane.

    For certain very important functions, a commodity PC simply can't match the performance of a dedicated ASIC.

    You can talk BGP all you want, but you can't reliably forward 30,000 pps through a commodity PC, or push speeds higher than approximately 200megs, due to interrupt contention.

    There is also the matter of reliability of the hardware...

    Commodity desktop parts are not designed to run 24x7, and they fail frequently. Physical failure in routers is rarer, unless there are environmental issues, or the equipment is old.

  6. Re:no DD WRT by bartwol · · Score: 3, Informative

    In my experience, I think there's something to what you say. The DD-WRT software is quite capable, but the CPUs in consumer routers are relatively slow and get bogged down when you fire up a bunch of chatty sessions, a good load of firewall rules, and try to pound data through too. Add monitoring of the router (which DD-WRT doesn't do much to support) and it doesn't take much to make the router start lagging and gasping for air. I've experienced such limitations in an office environment.