Powerful Linux ISP Router Distribution?

fibrewire writes "I'm building a Wireless ISP using commercial grade, low cost equipment. My main stumbling block is that I cannot find a decent open source ISP class routing distribution. Closest thing to even a decent tool is Ubiquiti's AIRControl — but even it doesn't play well with other network monitoring software. I've used Mikrotik's RouterOS for five years, but it just isn't built for what I need. I don't mind paying licensing fees, but $300K for a Cisco Universal Broadband Router is out of my budget. Has anyone seen any good open-source/cheap hardware/software systems that will scale to several thousand users?"

Just use any Linux distro

[ls671]

Just pick up your favorite Linux distribution and get back to me with your requirements. I think Linux can easily do what you need almost out of the box. It is only a matter of configuring it. I bet some would recommend looking at OpenBSD or FreeBSD as well.

Either way, you would definitely have a more flexible solution that any canned product will provide you with.

Re:Just use any Linux distro

[grub]

Does it have to be Linux?

Why not try OpenBSD and its excellent BGP implementation OpenBGP! It powers some pretty hefty businesses and ISPs.

-

Re:Hire someone who knows what they are doing.

[lymond01]

The fact that you are asking on slashdot shows that you are not qualified, and what you're going to get back is a bunch of others, who aren't qualified, suggesting all sorts of half assed hacks to do it which will just result in a utterly shitty service overall.

I disagree. The Open Source community has a thousand hidden gems that a person might not have heard about. Proxmox VE for one: virtualization, with a GUI, with live migration, and if 2.0 turns out, with heartbeat and failover (high availability). Most people have never heard of this where I work even though half the place is virtualized with KVM, VMWare, Hyper-V, etc. I would think the Slashdot, with its plethora of experiences, might come up with a little-known or workable solution in an already developed product that you haven't heard of yet.

Re:Mutually exclusive

[Fez]

You can have low-cost commercial grade services run using off-the-shelf hardware.

pfSense includes support for CARP, which lets you build high-availablity failover clusters. You can have two (or three or four...) cheap systems and if one dies, just fix/replace it as needed. The backup system(s) automatically take over and nobody would likely even notice the changeover.

When it's cheap, that is much easier to consider.

If you want no moving parts, you can use an ALIX box, Soekris, or perhaps even some atom-based boards. If you want to use server-grade boxes to make yourself feel warm and fuzzy, you can do that too. Supermicro even has a server-class atom board in a 1U rack which runs pfSense very well for us.

been there done that bought the tee shirt

I founded and operate a wireless ISP serving about 1000 wireless subscribers, and have my own embedded linux distro inside just about everything. It would be a fair statement to say that linux literally saved our business on more than one occasion, by giving us the tools to overcome manufacturer software bugs, by establishing 'known good' systems of various types, by enabling read-only compact flash based systems running on solar power, by bringing a high level of utility and reliability into the critical parts of the network, by allowing us to make it anything it needed to be.

As a CPE, my linux distro never lets me down and never puts customers of at risk of 'stone dead - lights on but nobody home', like linksys/netgear/etc always seem to. Never having to tell someone 'just pull the power and plug it back in' for their connectivity is a real saving grace. And when in a business situation, I can equip these customers with connectivity devices that _do not fail_ and make us look stupid, while at the same time giving them useful feature sets unavailable in higher end router manufacturer gear (cisco 2621 - excellent hardware with great stabillity, just weak on features I get with dnsmasq, openvpn, tcpdump and others.. trying to diagnose network connectivity issues without tcpdump is just dumb.). Its also never choked and zeroed out it's own flash config for no goddam rason, unlike the previously mentioned low-end consumer devices frequently do. Basically, that consumer stuff puts you at risk and is suicide.

As a network appliance, linux flings packets just fine and gives you great tools to filer, mangle and generally control how and what it does. The ebtables code is awesome, the iptables stuff is killer, openvpn rocks asses, dnsmasq kills, there's just too many useful and cool things just go right. I have a pppoe server running rp-pppoe + my patches and userspace tools, running for years now and hit with every kind of client side bug and malfunction imaginable, and just keeps trucking along. Freeradius backed up with mysql is sweet as can be, and quagga for distributing my routes internally is just a dream. I have it all on read-only compact flash, so they never write and basiclaly will run until there is a show stopper hardware problem, at which point I will more than likely be able to remove the flash and put it into another machine and away I go.

There is a lack of management interface, and there is a learning curve to this route, but the upside is very low dollar cost and an attainable level of flexibillity, reliabillity and stabillity you are unlikely to find in any commercial solution anywhere. Cisco IOS is awesome, but you won't power anything that runs it off a 12v battery and solar panel on the side of a mountain and flinging/filtering 20mbps of traffic.

Good luck.