Your Next Network Operating System Is Linux

jrepin writes "Everywhere you look, change is afoot in computer networking. As data centers grow in size and complexity, traditional tools are proving too slow or too cumbersome to handle that expansion. Dinesh Dutt is Chief Scientist at Cumulus Networks. Cumulus has been working to change the way we think about networks altogether by dispensing with the usual software/hardware lockstep, and instead using Linux as the operating system on network hardware. In this week's New Tech Forum, Dinesh details the reasons and the means by which we may see Linux take over yet another aspect of computing: the network itself."

2013 Year of the Linux Network

If you can't make your goal just change the goal posts.

Re:2013 Year of the Linux Network

[robthebloke]

But all I want to know is, will sudo rm -rf / delete the internet?

Re:2013 Year of the Linux Network

[camperdave]

But all I want to know is, will sudo rm -rf / delete the internet?

No but sudo rm -rf \ will!

\ is the escape sequence. / is the root directory. The GP had it right. rm -rf / will delete the internet.

Re:2013 Year of the Linux Network

[swilly]

sudo rm -rf / won't delete anything.

POSIX rules state that you cannot remove any parent of the current directory. The GNU rm command doesn't fully check this, but it does make sure that you don't remove / or .. (but if you give the path to any other parent directory, it will let you remove that). Try it for yourself and see (in a VM of course).

Re:2013 Year of the Linux Network

[VortexCortex]

sudo cat /dev/urandom > /dev/sda

Re:2013 Year of the Linux Network

[alex67500]

This one won't get modded up or down if people try it beforehand ;-)

Re:2013 Year of the Linux Network

[BrokenHalo]

Cue the ancient NO CARRIER meme.

Ancient? Come here and say that, you whappersnipper! My X.25 modem is only 25 years old and as good as the day it was made. Now get off my lawn...

Doesn't matter

[Drewdad]

Network and SAN will go (are already going) virtual the same way hardware has.

Re:Doesn't matter

Hey, why don't we move all of those cables and monitors and keyboards and mice into "the cloud" too. I saw some marketing presentation which says everything can go into the cloud. I'm not sure why anyone buys computers or even pays for electricity any more... just put it all in the cloud!

Re:Doesn't matter

[msauve]

There hasn't been "an OS of some sort pushing those bits around" for quite a while. OS's handle the control plane. The forwarding plane has been microcoded hardware for a decade or more, depending on how you define/count it.

Re:Doesn't matter

[funwithBSD]

Electricity has always been in the cloud.

And this is news why?

Did "Dinesh" just crawl out from under a rock?

Re:And this is news why?

[kijiki]

The big difference is that there is a hardware forwarding chip involved. A PC with 10G NICs is hard pressed to forward at 80 Gbit/sec, and draws a couple hundred watts. The 1U switches Dinesh is talking about can do 1.28 Tbit/sec with all features enabled, and draw around 100 watts.

- nolan
CTO/Cofounder, Cumulus Networks

Re:And this is news why?

[fuzzyfuzzyfungus]

That's the aspect that I was curious about (and about which TFA gave me no useful insights whatsoever):

Unless things have changed radically since the last time I ripped the top off a switch (purely for diagnostic purposes, boss, really), you've got your weedy little application processor that runs some unpleasant, approximately UNIXlike, proprietary embedded OS, whose sole purpose in life is to handle interactions on any config interfaces (local serial, SSH, SNMP, maybe a web page or vendor-proprietary 'unified management' product client) and to chew on the configuration file and spit the result to the actual switching hardware, which is more or less an entirely opaque black box; but switches packets like a bat out of hell with a jetpack. As far as the application processor is concerned, it can't really 'see' the NICs it is switching. It has a network interface itself(sometimes physically available as an actual port, sometimes just a logical interface that you can see if you are connected to the switch); but its OS doesn't "own" or even have particularly direct access to, the switched ports. It just sends down configuration commands, and sometimes receives diagnostic or other replies back.

I certainly wouldn't object to having the application processor running Linux, since it would make a variety of switch-wrangling tasks that are conceptually similar to server management tasks also practically similar, which would simplify my life; but is 'Linux on the network' going to interact with the actual switching hardware in the same way that the prior management OS did, or is this proposal to more closely integrate things (so that, for instance, a 48 port switch 'looks' like a linux box with 48 NICs, possibly another couple for management, and all the usual software you would use if you were doing switching in software on whitebox with a few NICs crammed in would be used; but the switching ASICs would work silently in the background to make those operations actually fast enough to be useful?

It seems (in my admittedly only-slightly-above-a-layman's opinion) that switching to a less impoverished and weird OS for the application processor would be nice; but not particularly world-changing. If, however, the switching hardware interacted more closely with the OS, and you could treat the switch as though it were an ordinary machine with a lot of NICs, only with some operations being hardware accelerated, that would be pretty neat.

Already happening - slowly

Linux is already widely used on networking gear, especially fully pre-emptive variants like RT-Linux and Monta-Vista.

It will still take considerable time to displace some of the real performance/uptime critical stuff that's done using VxWorks and QNX and a number of other proprietary systems. Many companies are sort of vendor locked and have non-portable software too and so can't change easily. There are also engineers out there who strongly believe that what the currently use is superior for things like uptime (QNX), and simplistic hard real time response (VxWorks). I'm not saying that's the case either way - I'm simply saying there are numerous industry players who won't adopt Linux for some time because they think it's too big and not good enough.

Re:Already happening - slowly

[LoRdTAW]

Xenomai is already a threat to VxWorks as it supports the VxWorks API as well as its Native API, POSIX, uITRON and a few other RTOS API's. The current version is a dual kernel system with the Xenomai kernel running at priority but the next version will integrate with PREEMPT_RT which will expose its supported API's to PREEMPT_RT so you can run either kind of system.

Re:Already happening - slowly

[AlphaWolf_HK]

Except windows has been actually removing some network functionality as time goes by. For example, Windows Server 2008 R2 removed support for OSPF, ISIS was removed sometime before that, and I'm fairly certain that 2012 only supports RIP.

Re:Already happening - slowly

High end networking gear (read datacenter switches) don't care about hard real time (or even soft real time). That's because it would be insane to switch packets in software. Yes, Linux or a BSD variant is already used in a lot of network operating systems - most of the modern network operating systems are in fact built on top of Linux (Arista EOS, Cisco NX-OS, Cisco IOS-XE for e.g.) or BSD (Juniper JunOS). The key difference is the degree to which the underlying operating system gets exposed to end users. There is also a great deal of variance in how the OS gets implemented on top of Linux - a big binary Blob (Cisco IOS-XE) or true multi-process OSs which take advantage of the underlying Linux kernel (Arista EOS and to some extent Cisco NX-OS). Either way, typically what you get is a "walled garden" CLI or Web GUI interface, so that you don't get exposed to the underlying Linux OS (for e.g. Cisco NX-OS) but there are operating systems already out there which are NOT "walled gardens" (for e.g. Arista EOS).

What Dinesh talks is an Network Operating System that's truly open i.e. without the above "walled garden", not necessarily open as in Open Source. The networking protocols that run on the device may or may not be open source (Cumulus OS is currently not Open Source AFAICT, though they may have plans to do that in future for all I know). What's "open" here is that, you really build on top of Linux (i.e use the Linux networking stack), do your network operating configuration (configuring a protocol, adding a static route etc) not via a vendor CLI interface but instead a sysadmin friendly Linux command line or conf files. It's not clear from the article whether Cumulus uses conf files or provides additional command line tools for configuration. But the point is you can run your usual ps, top, strace Linux tools or look at routes via "ip route" command etc.

It's not like Cumulus is the first company to have thought of this. Arista EOS already does this; it's basically Fedora Linux with a familiar (from a Network Engineer perspective) vendor CLI interface but you can drop down to bash at any time. Internally EOS takes advantage of the underlying Linux infra as far as possible (network namespaces for VRF for example).

Disclosure: I currently work for Arista Networks but have worked on Cisco Network Operating systems in an earlier life.

Re:Already happening - slowly

[kijiki]

It is open source, except for a userspace device driver for the forwarding ASIC. Without the driver, everything works the same, you just don't get hardware accelerated forwarding, only the normal kernel softward forwarding.

You can get the patches against Debian Wheezy here:
http://oss.cumulusnetworks.com/

The biggest difference vs EOS is that if you want to add a route to the routing table in EOS, you have to use sysdb-specific commands/APIs. With Cumulus Linux, you use "ip route add" or any other program that knows how to add routes to the Linux kernel using netlink or legacy methods. Same with ACLs, EOS has proprietary commands/APIs, Cumulus Linux uses iptables.

Also, A random Linux program will install and work fine on Cumulus Linux, whereas it usually takes a (small, but real) amount of work to make that happen on EOS. I've even installed and run Firefox from the Debian repo onto a switch, and it worked fine.

- nolan
CTO/Cofounder, Cumulus Networks

Not news

[ihtoit]

The Chinese have been using Busybox for years. I still have two routers that use Busybox - the Swiss Army Knife of embedded Linux.

linky.

Juniper uses FreeBSD

[DiSKiLLeR]

Juniper uses FreeBSD as its OS? NetApp uses FreeBSD (or at least a heavily customized version of it.)

Not everyone has gone with Linux but I suppose the majority have. Still, as long as its Unix embedded and not something crazy like Windows...

Re:Juniper uses FreeBSD

[jhealy1024]

On Juniper, you can even get shell access by default (log in as root). The "command line" interface is just a program that runs on the shell.

Not only that, but Juniper's configuration is not as "modal" as the article makes everything out to be. JUNOS has built-in scripting to make modifications to the config, along with templating/macros to take the drudgery out of repeated configs. The config is hierarchical (XML on the backend), which makes it well-structured and predictable. Overall, it's a pleasure to work with (once you get used to it), and much better than some more popular/expensive networking gear I could name. Oh, and they number their interfaces starting with zero, like you should. ;-)

Sure, it's not as open as a bash shell that you can muck with to your heart's content, but at the same time, having a standardized toolset means that it can be reasonably supported. Can you imagine calling up level 1 support and asking them to help you with a system that you had fully customized with local scripts, cron jobs, and the like?

Cisco isn't going anywhere, yet

[grahamsaa]

As much as I would like to see Linux / BSD being used to power network devices (and I admit that it's already happening), it's going to be a long time before most enterprises ditch their Cisco gear for equipment that runs an open source OS. Many large enterprises have already made significant investments in hardware and personnel. Even if a vendor were to come along with an excellent product at a great price point it would probably be at least 5-10 years before most enterprises move away from their Cisco switches, routers and other appliances. Don't get me wrong -- I'd like to see Cisco's dominance challenged, and to see a Linux / BSD based CLI used to configure network equipment instead of IOS -- but it seems unlikely in the near future.

Re:Cisco isn't going anywhere, yet

Cisco is already there...

The heart of most of the "new" os's that Cisco is using is a modified linux kernel... I.E. NX-OS, IOS-XE, IOS-XR, CGR... Almost all the security platforms, ASA, ISE... etc...

Re:Cisco isn't going anywhere, yet

[Introspective]

Cisco is already ahead of you there.
Cisco's NX-OS is based on Linux, but with a IOS-like CLI on top of that.

Re:Cisco isn't going anywhere, yet

[CAIMLAS]

As much as I dislike them, Juniper switches (which run FreeBSD, iirc) seem to be pretty damn common these days.

Enterprises won't move from Cisco for quite some time due to the institutional knowledge requirement: they've got a lot of equipment which requires people to maintain.

In a recession or depression like we're in, things like network infrastructure changing is uncommon. The big companies don't change things because change is risky and expensive (unless change is their business, such as in IT). Upheaval, mergers, etc. - those changes can cause potential IT infrastructure changes, yes, but it's not likely right now.

Apollo Computer - Domain Operating System

[tedgyz]

Sadly, Apollo Computer had this concept 20+ years ago. The Apollo Domain Operating System was built from the ground up as a network operating system. Everything from the kernel up was designed with networking in mind. It was a brilliant yet ultimately dead operating system. The biggest downfall was being expensive and proprietary. Sun Microsystems won through a cheaper alternative and doomed us forever with NFS.

Re:Apollo Computer - Domain Operating System

[rwyoder]

Sadly, Apollo Computer had this concept 20+ years ago. The Apollo Domain Operating System was built from the ground up as a network operating system. Everything from the kernel up was designed with networking in mind. It was a brilliant yet ultimately dead operating system. The biggest downfall was being expensive and proprietary. Sun Microsystems won through a cheaper alternative and doomed us forever with NFS.

I had the misery of working with Apollos at one employer.
There were two major issues in my opinion:

1. Security: There wasn't any. If you logged into just *one* host, you could change ANYTHING on ANY OTHER HOST.
        Imagine NFS-exporting "/" read/write to the world.

2. There was an environment variable that could be set to mimic either SYSV Unix, of BSD Unix.
        The reality was it didn't emulate either, making attempts to compile/run open-source sw an exercise in futility.

Re:Apollo Computer - Domain Operating System

[LDAPMAN]

There was another OS 20+ years ago that was designed from the ground up as a network OS...Netware!

Network fabric != shell scripts

[mlts]

As it stands now, a Linux iptables list is sequential. Packets go through the input/output/forward queues.

If one wants a true network OS, this needs to be changed to a config-based system similar to what Cisco/Alcatel-Lucent/Juniper use. With this, each adapter gets a configuration attached for starters, then things go from there (VLANs, ACLs, etc.)

If Linux could make the jump from sequential parsing to configs, it might just be something that can do the job, but then it moves to the hardware, and a lot of routers have specific ASICs dedicated to packet crunching as opposed to general CPUs.

Re:Network fabric != shell scripts

[Skapare]

Config-based does not mean sequential or non-sequential. It only means whatever is configured can be changed. What is needed to improve iptables and the like is optimizations like smart address lookup tables. This is actually doable in ways that have been around longer than patent periods but it is not iptables compatible.

Re:Network fabric != shell scripts

[CRC'99]

each adapter gets a configuration attached for starters, then things go from there (VLANs, ACLs, etc.)

iptables -N eth0-in
iptables -N eth0-out
iptables -A FORWARD -i eth0 -j eth0-in
iptables -A FORWARD -o eth0 -j eth0-out

Then create all the rules you need in the specified chain.

The way to get the most performance out of iptables is to make each chain as small as possible. This can quite easily be split up into logical lists for what you actually do - ie:

iptables -N 10.1.1.1
iptables -N 10.1.1.2
iptables -N 10.1.1.3
iptables -A FORWARD -i eth0 -d 10.1.1.1 -j 10.1.1.1
iptables -A FORWARD -i eth0 -d 10.1.1.2 -j 10.1.1.2
iptables -A FORWARD -i eth0 -d 10.1.1.3 -j 10.1.1.3

This way, you can easily branch out and skip a fuckton of rules that will never apply to the packet that is being processed. Usually, you can bring each chain to less than 6 rules. Less rules == less overhead == more performance.

Stating the obvious

[EmperorOfCanada]

I think many slashdot'rs will read this as "Your next network will use electricity." I am pretty sure most people around here have networks that are close to 100% Linux. Maybe the occasional switch or whatnot is running something proprietary.

Re:Bah

BLAH, BLAH, BLAH...it's succeeding in becoming its fanbois worst enemy's mirror image: Ubiquitous, inescapable, and actually dragging us all down because of that. Including hysterical over-the-top marketing from both.

We need more, better choices, not yet another rehash of this same thing. This isn't innovation. This is stagnation. Useful, nicely low cost, but stagnation for all that.

I don't think that is true. Like the joke about the duck (all quiet up top, but paddling like heck underneath), Linux is continually evolving. Sometimes big steps and big improvements and sometimes small steps. Sometimes even steps that back up and take another direction. That's a feature, BTW. The Linux ecosystem has shown over and over that nothing is sacred. If there is a better way to do things then somebody somewhere is going to try it with Linux.

Patent-inhibited memory management complications?

[codeusirae]

"Linux has patent-inhibited memory management complications .. Is Linux better than the alternatives? Never, as long as its memory footprint is inhibited by patents"

What specific patents are you referring to here, please provide links to the citations ..

Busybox != linux or an OS

[dutchwhizzman]

Busybox is just a binary that's used for userland applications. It will run on at least *bsd next to linux kernels.

Linux, not likely...

[David_Hart]

Customized UNIX kernels are being used today (mostly BSD) by a variety of vendors. These are heavily modified to support hardware (ASICS, etc.) based switching and routing. On top of that the OS needs to handle packet caching (for QoS), access lists and security features, encryption (VPN tunneling), etc. Most of which are handled in highly customized proprietary bits of hardware that can reliably handle a tonne of traffic flows. In my opinion, network hardware vendors will never hamstring their competitive edge by agreeing to standardized APIs and hardware calls.

Re:No, no it isn't.

[smash]

You know the image running on the Cisco 4500's Sup 7 supervisor is a variant of Linux, right?

Re:Sorry, but no: BSD will dominate this domain.

[smash]

Samba has been ditched by apple for example over GPLv3. They went out of their way to write their own SMB daemon due to the license change.

Re:Sorry, but no: BSD will dominate this domain.

[SuricouRaven]

Same thing with gcc. Apple still use it, but are making preperations to dump it from xcode in favor of Clang, for the same reasons.

Re:Actually the majority have not

[laptop006]

IOS-XR is migrating to Linux in the next major release, NX-OS (the OS for their Nexus DC kit) is built on Linux, and IOS-XE which powers most of the smaller side of new Cisco kit is also Linux.

As for Juniper they also have many products running on Linux.

Re:Sorry, but no: BSD will dominate this domain.

[smash]

Also other reasons, including the gcc team being reluctant to add/fix objective-c features to gcc.

Re:No not really

Extreme networks uses linux. They are about to become the 4th largest switch manufacturer after the purchase of Enterasys who are of roughly equal size.

XOS isn't very linuxy, but it is Linux, source available from them by emailing software-at-extremenetworks.com.

In the last year or so we've basically stopped selling anything apart from extreme. Specific requests for other vendors has pretty much stopped, so Extreme has become our default offering and is generally always accepted.