Slashdot Mirror
Powerful Linux ISP Router Distribution?
fibrewire writes "I'm building a Wireless ISP using commercial grade, low cost equipment. My main stumbling block is that I cannot find a decent open source ISP class routing distribution. Closest thing to even a decent tool is Ubiquiti's AIRControl — but even it doesn't play well with other network monitoring software. I've used Mikrotik's RouterOS for five years, but it just isn't built for what I need. I don't mind paying licensing fees, but $300K for a Cisco Universal Broadband Router is out of my budget. Has anyone seen any good open-source/cheap hardware/software systems that will scale to several thousand users?"
Just pick up your favorite Linux distribution and get back to me with your requirements. I think Linux can easily do what you need almost out of the box. It is only a matter of configuring it. I bet some would recommend looking at OpenBSD or FreeBSD as well.
Either way, you would definitely have a more flexible solution that any canned product will provide you with.
Everything I write is lies, read between the lines.
http://www.vyatta.com/about/press_releases.php?id=75
try the beta v6
So AirControl "doesn't play well with other network monitoring software" (which one, and why?), and MikroTik "isn't built for what [you] need" (what's that?) - other than that, you don't give us any idea what you really expect. What are your requirements? Suggestions out of the blue: OpenWRT with quagga/zebra, hostapd, radius, olsrd, b.a.t.m.a.n. etc. etc, or you might want to have a look at Vyatta (no affiliation).
So Cisco makes billions of dollars a year selling some ungodly expensive, ungodly powerful head end router like devices (not even routers in the IP sense) and somehow you suspect a Linux distribution with the same features is going to unpack itself and be everything you want it to be? You need to tell us what the rest of your platform looks like if you expect any answers that go beyond 'any linux distribution can act like a router!'. What subscriber equipment is in use? How much user control do you need (access on/off vs. bandwidth filtering, etc.) Details, details, details.
Without more performance and cost requirements, it's really hard to figure out what would work for you.
Are your users all in one building? Over a large area? Are you talking about a dozen access points or hundreds?
Without some more specific information, only advice I can give is:
Soekris boxes with FreeBSD.
Good luck.
In Soviet Russia, articles before post read *you*!
I'm building a Wireless ISP using commercial grade, low cost equipment.
To me, some words in this sentence seem to be mutually exclusive.
To my humble opinion, a good ISP needs to have good reliable equipement. Sometimes, out of the box routers are better because they don't have moving parts and their firmware could be more stable than a full-blown OS (even if it is Linux).
Disclaimer: Not that I don't like Linux, I use it all the time.
Maybe Vyatta @ http://www.vyatta.org/ does what you want. I really don't have any idea what that is from the actual post, tho. You need some routing for thousands of users, and can't afford a Cisco UBR. I'm not sure exactly if you wanted to use the UBR for DOCSIS type support for some reason (a la cable modem) but the fact it'll be wireless leads me to believe it won't be. I'm assuming you don't need a lot of physical ports, just something to manage your VLANS, some routed subnets, a bit of BGP, etc. Maybe XORP is what you want, tho @ http://www.xorp.org/ so you may want to look there. IHeck, 'm not even sure if you want to take a server with a bunch of PCIe ports and slam multiport switchable fabric cards in there like the ones DSS @ http://www.dssnetworks.com/v3/gigabit_pcie_6468.asp makes, or do something else. Maybe these links will help, and hopefully there'll be a detailed followup so we can aim at the real target :)
Routing and ISP's are huge topics- what are you trying to do?
The main problem with routing isn't bandwidth- anyone can pump enough 1500 or 9000 byte frames per second to fill a gigabit pipe. The problem is when you have lots of small packets. At that point, dedicated routing hardware with a high-speed TCAM becomes really important.
What kind of line cards do you need? ADSL? Ethernet? OC12?
What kind of services do you need to run? BGP? OSPF?
What kind of bandwidth are you going to be pushing?
The fact that you are asking on slashdot shows that you are not qualified, and what you're going to get back is a bunch of others, who aren't qualified, suggesting all sorts of half assed hacks to do it which will just result in a utterly shitty service overall.
Dude, don't shit on a well-known slashdot tradition! How dare you!
Sent from your iPad.
Start off small. Pick up some used Cisco stuff off Ebay at 1% list. Maybe a 6500 with a couple of SUP2s for your core switch, a couple or four 7200s for the upstreams/customer facing bits. Make lots of money, upgrade to newer stuff as needed.
Give pfSense a try. http://www.pfsense.org/ Also a VERY active user forum at http://forum.pfsense.org/
The fact that you are asking on slashdot shows that you are not qualified, and what you're going to get back is a bunch of others, who aren't qualified, suggesting all sorts of half assed hacks to do it which will just result in a utterly shitty service overall.
I disagree. The Open Source community has a thousand hidden gems that a person might not have heard about. Proxmox VE for one: virtualization, with a GUI, with live migration, and if 2.0 turns out, with heartbeat and failover (high availability). Most people have never heard of this where I work even though half the place is virtualized with KVM, VMWare, Hyper-V, etc. I would think the Slashdot, with its plethora of experiences, might come up with a little-known or workable solution in an already developed product that you haven't heard of yet.
I have to agree, although I registered a vote for PFSense above. PFS is based on m0n0wall and both are excellent routers filling slightly different niches. I currently use PFS at home for its packages (freeswitch, squid), but I recently worked for a growing WISP and got them onto m0n0wall, now serving something in the neighbourhood of a thousand customers.
If you want pure simplicity, go m0n0wall. Otherwise, I strongly recommend looking at PFSense for the squid caching and adjust-on-the-fly connection table size.
I am literally 3000 tokens away from the chaotic crossbow --Stephen
There's a small wireless ISP located in the Big Sur area of California that seems to have been up and running for a few years now. Maybe the OP wants to build a system like Big Sur Wireless. Their web site includes a lot of details about their homebrew system.
Wait, isn't shitting on topics a well-known slashdot tradition?
Don't know something? Look it up. Still don't know? Then ask.
Nobody expects to get shit on!
(To answer your question, yes. Slashdotters shit on anything and everything. We're like a pack of wild pigeons when it comes to that.)
Sent from your iPad.
What's your interface to the net, line cards, bandwidth expectations, etc. I spent 5 years building a fairly heavy duty wISP network on a stupid low budget from my boss. You can obtain used cisco stuff for cheap. For instance, you can get your hands on a 7206vxr with a NPE-G1 for $10k or less nowadays... If you need something with high redundancy do do less intensive switching, you can pick up a 6509 with a pair of SUP2-MFSC2 cards for less than $2k. As far as support contracts go, I can't imagine that you need the latest and greatest IOS, let alone a support contract that costs more than the replacement of a piece of hardware. On a side note... why are you asking about the uBR series? Are you not running an ethernet network? Last I checked, there's no such thing as "low cost commercial grade." Depending on where you are, unlicensed stuff may not cut it, dealing with interference etc. And licensed hardware is certainly not cheap. With wireless, as well as so many other areas, you get what you pay for.
Macs, Linux, Windows... who cares, they all suck at something.
The problem is, if you ask a Cisco person to do it, you'll get a Cisco solution, even if it isn't the best solution for the task.
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
I think you have a good point, but I don't necessarily agree. First, we don't know what market the submitter plans on operating in or who his clientele are. We don't know what his experience is, how much resources he has, or exactly what level of service he intends to offer. Like the guy who criticized the submitter for refusing to buy a $300k Cisco router, I think you committed a common mistake in thinking that IT is just a series of 1-size-fits-all solutions, and that if you going to use the "right" solution to each problem, you shouldn't bother.
The era of entrepreneurship and hacking things together isn't over, and it probably never will be. Our tools and hacks may become more advanced, but hopefully there will always be people trying out new techniques and business models, testing new start-up technology, and finding different ways of accomplishing the same goals. The answer isn't always to pay an expensive expert or to use established tech.
As for this:
You could get by with this in the late 90s, but when you're going to compete with cell phone companies, cable companies and standard POTS companies, you probably need to have a bit of a clue.
That's true, but neither my phone company nor my cable company provide wireless access where I live. Cell phone companies provide wireless, but it's pretty spotty and slow, and I live in NYC. There are plenty of areas in the US where no service is available except through dialup. Obviously these large companies aren't interested in competing in all markets, so if you come up with a business model and think you can make it work, then I say go for it.
The proper question is: How do I find someone qualified to do this for me?
You mean because he's humble enough to realize he doesn't know every thing, you believe he's unqualified anything. I suggest you look hard in the mirror and read what you just wrote to yourself.
I disagree, wholeheartedly. The secret ingredient to a successful business is elbow grease. The fact that this person has asked slashdot this question is not a good indicator of success one way or the other. The important thing is whether this person will be able to take a significant number of the suggestions provided and give'em the old college try.
I did not see anyone suggest http://www.untangle.com/ . i have only played with it for a short time, but it might be worth checking out!
Have you worked at a cell phone, cable, or standard POTS company lately?
What exactly do you think you are going to get there besides a bunch of unqualified, "half assed hacks to do it which will just result in a utterly shitty service overall."
Besides, many of the folks posting in this thread are probably those same unqualified, half-assed hacks who work at such companies. Corporations don't have any corporate voodoo that makes them special any more than someone working for the government makes them any smarter or able to perform miracles (free healthcare, news cars, and money for everyone, YAY!) Put down the kool-aid and open your eyes.
http://www.dd-wrt.com/site/index
It's Linux on low cost wireless routers.
Yeah, that's just what I'd want my ISP to run as a core router.
pfSense 2.0 will solve the multi-wan traffic shaping limitation, and it's in beta right now. As for the multi-wan glitches, I'm not sure when the last time you tried it was, but the outbound load balancer was redone in 1.2.3 and 2.0 will have even more changes as well.
I run an ISP and we use a pfSense CARP cluster in front of our servers and it's worked great for us, but admittedly we are a small ISP. We also use it at more than a dozen customer sites. Everyone loves it.
My history is: started on OBSD (due to hardware support, ironically); played w/ FBSD; ended up on pfSense.
My observations:
OBSD is absurdly security conscious... for ISPs especially, this is a good thing.
OBSD tends to have a lot of focus on new network features (pf, carp)
most OBSD features get ported to FBSD... but take time (look into carpdev)
pfSense (built on FBSD) has some overhead vs FBSD raw (obviously), but has *nice* management UI, package support, etc ;)
customizations are easy for pfSense (I added some features to dhcpd a while back)... easier than generating the diff and submitting it
pfSense is more focused on network features (they're working on fixing carpdev for FBSD)
I like pfSense a lot... I use it for routing between ~6 VLANs, IPSec tunnels with another pfSense, PPTP server, *tight* firewall rules (given 6 VLANs).
pfSense 2 will be adding a lot of nice features for businesses (multiple admin accounts, different permission levels, etc)
What about Vyatta? It's a good router based on linux and you can install it on any old box you want or buy their hardware for it. Even has a cisco like interface if you want.
RuralLink Ltd (yes, I work for them) does what you want, linux-based wireless network management. Get in touch with us at http://www.rurallink.co.nz/contact-us
There's not a lot of info about that side of things on the website, but if you contact us we'll be happy to chat - and don't worry, we're all techs, there's no sales droids here.
Cheers,
Scott.
I founded and operate a wireless ISP serving about 1000 wireless subscribers, and have my own embedded linux distro inside just about everything. It would be a fair statement to say that linux literally saved our business on more than one occasion, by giving us the tools to overcome manufacturer software bugs, by establishing 'known good' systems of various types, by enabling read-only compact flash based systems running on solar power, by bringing a high level of utility and reliability into the critical parts of the network, by allowing us to make it anything it needed to be.
As a CPE, my linux distro never lets me down and never puts customers of at risk of 'stone dead - lights on but nobody home', like linksys/netgear/etc always seem to. Never having to tell someone 'just pull the power and plug it back in' for their connectivity is a real saving grace. And when in a business situation, I can equip these customers with connectivity devices that _do not fail_ and make us look stupid, while at the same time giving them useful feature sets unavailable in higher end router manufacturer gear (cisco 2621 - excellent hardware with great stabillity, just weak on features I get with dnsmasq, openvpn, tcpdump and others.. trying to diagnose network connectivity issues without tcpdump is just dumb.). Its also never choked and zeroed out it's own flash config for no goddam rason, unlike the previously mentioned low-end consumer devices frequently do. Basically, that consumer stuff puts you at risk and is suicide.
As a network appliance, linux flings packets just fine and gives you great tools to filer, mangle and generally control how and what it does. The ebtables code is awesome, the iptables stuff is killer, openvpn rocks asses, dnsmasq kills, there's just too many useful and cool things just go right. I have a pppoe server running rp-pppoe + my patches and userspace tools, running for years now and hit with every kind of client side bug and malfunction imaginable, and just keeps trucking along. Freeradius backed up with mysql is sweet as can be, and quagga for distributing my routes internally is just a dream. I have it all on read-only compact flash, so they never write and basiclaly will run until there is a show stopper hardware problem, at which point I will more than likely be able to remove the flash and put it into another machine and away I go.
There is a lack of management interface, and there is a learning curve to this route, but the upside is very low dollar cost and an attainable level of flexibillity, reliabillity and stabillity you are unlikely to find in any commercial solution anywhere. Cisco IOS is awesome, but you won't power anything that runs it off a 12v battery and solar panel on the side of a mountain and flinging/filtering 20mbps of traffic.
Good luck.
I guess i'm looking for a scalable ISP-in-a-box solution. And if it doesn't exist, then let's build one. But Proxmox VE looks like it will fit well with managing computer resources between the handful of Dell 2950s slated for Zimbra, FreeIPA (Active Directory for Linux), Nagios, Cacti, and AIRControl. Still looking for a good FreeRADIUS server i can tie into FreeIPA - but i need lots of other stuff than just a router-in-a-box. A balance between smartest / practicality / economical directly translates into cost savings of the end user. Someday i will be able to provide free internet, but for now i am targeting $20-$40 a month for data, voice, video, and multicast TV. Some features of a good OSS router needing attention are:
* PowerPC vs X86 vs GPU - does routing perform better on PowerPC (Mikrotik / Vyatta / Cisco)? would an Nvidia Tesla solution work well?
* Easy to manage large scale routing implementations - speed of deployment, discovery of devices, failover, centrally monitored?
* Weatherproof - power outages, network hiccups, etc. nothing more irritating than going on-site to an AP to reboot in the middle of a storm
For more details about a specific area please ask.
If you are just starting up, I'd suggest a couple of Cisco 3550 layer 3 switches with the IP Services image. They don't have all the features of the big routers, but they can handle a huge amount of traffic. I doubt you could build a linux router that would handle as much traffic for the same price as a 3550.
Rude, but true.
"There are 11 kinds of people: those who know binary, those who don't, and those who could not care less!"
Alright - I read your question, then a couple responses - but it isn't clear here that you're asking the question correctly. Humor me for a moment, then decide whether you asked the right question.
You have access to the web, with a hardware router behind the modem. That hardware router services both wireless and wired LANs, right?
You want to set up a router behind that router? You still won't be able to monitor traffic going through that hardware router. You need to put your *nix router between the modem and the hardware router, so that you become the gateway for all traffic going to and from the internet.
Of course, that is still not satisfactory if you wish to monitor traffic within the LAN. For that, you want to eliminate the hardware router entirely. Install the hardware to make your *nix router serve the WIFI and the wired LAN, and eliminate that hardware router entirely.
You can only monitor and control traffic that is being gated through your router, so you want it ALL to be routed through your box!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Community Edition is free comes as a binary or full git tree, lags a revision behind. You can't buy support or prof services for it, but I'm assuming you aren't in the market for those if you can't/won't spend $800
I'm building a WISP, too. Do you think I should get a T-1 or a DS-3 for Internet? I haven't been able to decide between BSD and Linux for my router operating system. I think I'm going to go with Linux because I think the penguin mascot is cuter than that Satan mascot, but it's easier to get BSD to run on a 486 these days.
Tired of being "punished" by the Slashdot $rtbl since 2002. I'm now over at http://soylentnews.org/ .
In my experience, I think there's something to what you say. The DD-WRT software is quite capable, but the CPUs in consumer routers are relatively slow and get bogged down when you fire up a bunch of chatty sessions, a good load of firewall rules, and try to pound data through too. Add monitoring of the router (which DD-WRT doesn't do much to support) and it doesn't take much to make the router start lagging and gasping for air. I've experienced such limitations in an office environment.
Seriously, learn to love FreeBSD.
I am assuming that you will be doing a tree style network with a central location providing you bandwidth on a fiber link or T1/T3 etc.
Get a PAIR(at least, add more as necessary) of nice, quad core Dell Poweredge or HP DL series servers. FreeBSD+CARP them giving you as seamless load balancing/fail over as you can realistically get.
at each hub consider either buying commercial wireless routers or build your own. If you build just keep everything fanless as that is where your equipment will fail you.
Use OSPF on branches while being aware of scaling issues and where OSPF isnt ideal, kick in the BGP and you can link your OSPF clusters together giving an extra level on branch redundancy because traffic can hop to another branch if necessary.
OLSR in mesh cells, OSPF on the cells backhaul router linking these cells and providing multiple route options for redundancy, and BGP between groups of cells and between you and other ISPs etc etc.
You dont need to take the Mesh down to the client, only to the neighborhood AP level. The idea of mesh per client creates too many hopps and clients have too much latency. Ideally, you are no more that a 2-4 hops from the backbone, any more and you are going to be adding too much latency from the hops. When a backhaul link goes down and the OSPF saves your butt by routing traffic through a neighboring cell, you are already going to add latency and you dont need that complicated by 6 hops in the neighborhood and 5 more to the backbone (11 hops over wireless is just too many for broadband).
They cut off your network access because of a report of infringement? Are you in the US? Do you think you could mail me at danny@eff.org with more info? We're always interested in the details of these incidents.
Sure, the 2800 and 3800 ISR series can take full tables easily. You can get a 3845 starting at $10k. NM-1T3/E3 module is about $6k. Both the 2800 and 3800 take DDR-266 ECC SDRAM (except the 2801); don't feel the need to pay Cisco's prices for commodity RAM if you really don't want to. The 3845 is recommended to handle up to 2 DS3's. According to people I've asked, you can push a 3845 to 100-150 Mb/s. You can go as low as a 2811 ($2k) and still take full tables, but only at fractional DS3 speeds. I would guesstimate a 2811 is good to 10-20 Mb/s, Cisco recommends it for 4xT1.
Also, consider that some ISP's will include equipment bundles with circuit orders if you haven't already explored that angle.
this is my sig
The dd-wrt shop does have more powerful CPUs/throughput-hardware than is afforded by common WRT-class home routers. HOW much more powerful, or more throughput I do not know. Maybe someone else can comment, given the hardware available.
The prices are reasonable; it seems for about $75 you can buy a outdoor-unit that will blanket an area better than a home router.
http://www.dd-wrt.com/shop/catalog/