Forgot your password?
typodupeerror

Open-Source Router to Take on Cisco? 393

Posted by ScuttleMonkey
from the combatting-security-by-obscurity dept.
ickypick writes to tell us that CNN is running an article about the emergence of an OpenSource Router product, currently in Beta, that targets mid-size enterprise customers for about one-fifth the cost of current enterprise networking giants' hardware. From the article: "The machine runs on two Intel chips, but far more noteworthy is its software, known as XORP, or extensible open router platform. The versatile open-source application can direct data traffic for a giant corporation as easily as it can manage a home Wi-Fi network." The current release is available for download from Vyatta's web site."
This discussion has been archived. No new comments can be posted.

Open-Source Router to Take on Cisco?

Comments Filter:
  • I foresee a day (Score:5, Insightful)

    by kc0re (739168) on Monday March 06, 2006 @07:14PM (#14862668) Journal
    Seems like everything is Open Source now. (No, I am not complaining, i am backing it)

    We have Routers, Firewalls, IDS/IPS's, OS's, Word Processors, Spreadsheets, Presenting software. Hell. I would love to see an experiment where an entire corporate network was made, entirely of Open Source products (except for the hardware of course). From Routers to firewalls to .... You name it.

    That would be an interesting, and totally free network.
    Also very complicated
    • by Anonymous Coward on Monday March 06, 2006 @07:23PM (#14862723)
      --Seems like everything is Open Source now.--

      everything but the women...

      you have to pay oodles up front and, eventually, you find out the eula isn't what you where led to believe, the eula changes over time and, worst of all, the source is closed. and i mean *closed*.

    • Re:I foresee a day (Score:4, Interesting)

      by networkBoy (774728) on Monday March 06, 2006 @07:24PM (#14862731) Homepage Journal
      For this to happen it must be in the right order:

      1) OSS proponent founds business
      2) business grows and stayes with OSS
      3) Lower expense in IT infrastructure
      4) 1/profit!

      Really though, the hard part is winning over an existing business. Starting up with OSS would be magnatudes easier than converting.
      -nB
    • Re:I foresee a day (Score:3, Interesting)

      by rabiddeity (941737)
      Why not the hardware too? With all the talk of MS trying to lock down hardware with "trusted computing", why shouldn't the hardware be open as well?
      • Re:I foresee a day (Score:3, Informative)

        by Michalson (638911)
        Why is trusted computing a problem for OSS? The cries of software being locked out where simply FUD made up in the early days with no basis in fact (they where slippery slope arguments using the "well you can argue it's possible that such and such could be done, so we'll decide that's exactly what is going to be done)". If you need proof, why don't you look at the *nix based operating system that runs exclusively on the Intel "trusted computing" platform - Apple OS X x86.
    • Re:I foresee a day (Score:5, Insightful)

      by m50d (797211) on Monday March 06, 2006 @08:03PM (#14863016) Homepage Journal
      Why not hardware? I have the source code to the processor in the machine my webserver's running on. It's entirely useless to me since I don't have a chip fab, but I'm sure someone's done something cool with it.
      • Re:I foresee a day (Score:4, Informative)

        by hitmark (640295) on Monday March 06, 2006 @10:42PM (#14863878) Journal
        or we can wait around and see what they can pull off using FPGA based chips...

        or there is allways that printable plastic cpu experiment that someone did some years ago...

        hell, open source cpus and other logic circuits may well be a requirement for some as the stuff from the main supplyers become more and more drm-laden thanks to the power vested in the entertainment industry's bank-accounts...

        sure the performance hit will be staggering, but i dont think we will use the chips to run the latest iteration of halo, or for that matter duke nukem forever...

        speaking of that last game, i wonder if the people that named it knew how right they would be...
    • Re:I foresee a day (Score:4, Insightful)

      by flibbajobber (949499) on Monday March 06, 2006 @08:06PM (#14863041)
      The hardware can be open source - "source" being the design files etc, in the same way that some OSS has source code available, but not necessarily the binaries. The hardware would simply be free (as in speech) rather than free (as in beer).
  • by nurb432 (527695) on Monday March 06, 2006 @07:16PM (#14862679) Homepage Journal
    For a router, its mostly in the hardware, if it can keep up with real-life data rates.

    Software is secondary..
    • True. Networking is one area where Moore's Law doesn't help make software solutions more viable in time, because data rates keep going up. By the time software routing gets fast enough to handle routing of 1Gb/sec networks, everyone will be switching to 10 Gb/sec.
    • by Anonymous Coward
      You would indeed think so, and the hardware seperates a normal workstation from doing a job of a router (succesfully, anyhow).

      However, the Operating System nowadays means the difference between a £600 price tag and a £1800 price tag on the 1800 series. Often the offerings from Cisco involve the same hardware but a different (more capable) version of IOS. The software really does create a large premium for the networking giants, and it's not just Cisco that this can be seen at
    • by Ogun (101578) on Monday March 06, 2006 @07:50PM (#14862917) Homepage
      Wrong.
      Cisco IOS does nearly everything in software actually. Only on the big iron and catalyst based routers do you have dedicated hardware for packet forwarding. Try storming a cisco box with massive amounts of small UDP packets and see how well it copes. UDP is done in full software mode, you can't use CEF etc on UDP.
      Might have changed in the two years I've been away from the networking world, but I don't really think so.
      The slightly older 3600 series for example is just a normal PC in essence. RISC MIPS CPU, PCI for the network modules, flash for the OS.
      What the do is distribute load instead. Same thing there, the older 7500 series has the CyBys architecture, where each line card is basically a separate router talking to each other over a backplane and a RSP to hold master databases and keep sync.

      Yes, the Cisco 7600 has dedicated hardware for forwarding, but that is because it really is a catalyst 6500 switch under the hood.

      Granted, many of the interface cards do a lot of processing for that media, framing etc, which keeps load of the main CPU. But what it comes down to is that IOS is quite efficient at doing what it does, which is forward packets.

      If you want to learn more, I can strongly recommend the book "Inside Cisco IOS Software Architecture" from Cisco Press, ISBN: 1578701813
      • by osbjmg (663744)
        UDP? I think you mean IPX maybe? CEF applies to IP routing and UDP is IP. You also forgot to mention the GSR and CRS. The 6500 may not be what these guys are competing against though, I see them trying to compete with the 3600's and ISR's at this point. Either way cisco spends a great deal of time optimizing software algorithims since it is a core component of networking. Some cases hardware helps, but there are quite a few memory models throughout the different lines, and to say most is the same hardw
        • Yes, he means UDP (Score:3, Insightful)

          by billstewart (78916)
          UDP does use IP, but it's fairly common for UDP to blast away with a bunch of small packets that don't have the flow-control behaviour of TCP. Cisco uses specialized hardware partly because ASICs are cheap and partly because they've never used fast enough CPUs. Some of the AIM modules do make sense - 3DES is heavy-duty bit-twiddling which wasn't designed for modern CPUs, but as AES becomes more popular, you really won't need accelerators, and a cheap Intel CPU can still handle a couple of T1s worth of IPS
    • by Ruie (30480) on Monday March 06, 2006 @08:29PM (#14863154) Homepage

      For a router, its mostly in the hardware, if it can keep up with real-life data rates.

      Not anymore. We've recently got a new Cisco router for around $2000 which turned out to be a box with 3 100-Mbit ports. And for separate $2000 a (separate) firewall box with 4 100-Mbit ports.

      I am certain that a Linux box with an opteron 1xx, couple of 64 bit PCI slots and a couple of Intel 4-port cards would be just as fast and vastly more configurable at a lower price.

    • by Anonymous Coward
      I have a Cisco 3620 router, maxed out on RAM, that couldn't even keep up with my fiber internet connection. I know it is an older router, but even with a NM-2FE2W (100Mbps) network module, it could barely do over 10Mbps. The performance specs on Cisco's site says 10-20Mbps, and with IP inspection and access lists enabled, it could maybe do 13Mbps at the most. I decided to buy an IBM x300 eSeries on eBay for $250 and run m0n0wall [m0n0.ch] on it. Sure as hell beats the performance of any Cisco product for that pri
  • More Trust (Score:5, Interesting)

    by BiggRanger (787488) <BiggRangerNO@SPAMtds.net> on Monday March 06, 2006 @07:16PM (#14862680) Journal
    This is good since I always wonder how many back doors are in Cisco routers for Law Inforcement purposes.
  • Support? (Score:4, Interesting)

    by lordkuri (514498) on Monday March 06, 2006 @07:16PM (#14862684)
    Cisco's biggest advantage is their support network. I have yet to ever have a client that didn't buy smartnet with any of their gear.

    Granted, some of their "engineers" leave a lot to be desired, but still, PHB's like the warm fuzzy feeling.
    • Like another poster said, when you can buy 5 other devices for the price of 1 year's worth of Cisco support and keep them as hot spares, it's hard to justify that support.

      • Re:Support? (Score:3, Insightful)

        Having the hot spares doesn't matter if you are looking at a software problem.

        The corporate question becomes who can you call for troubleshooting support that is "guaranteed" to help you.
        (If the OSS folk don't answer your question, they don't lose money/contract)
  • But will it... (Score:4, Insightful)

    by Eli Gottlieb (917758) <eligottliebNO@SPAMgmail.com> on Monday March 06, 2006 @07:17PM (#14862685) Homepage Journal
    Make money? This better be good hardware running good software, because otherwise people are just going to say "fsck it, nobody was ever fired for buying Cisco". Why? Because Cisco actually works.

    Yes, OSS community, your adversary actually works this time. Beware.
    • Re:But will it... (Score:4, Interesting)

      by Harik (4023) <Harik@chaos.ao.net> on Monday March 06, 2006 @07:37PM (#14862829)
      Eh. Cisco works like microsoft works. I've had my share of router trap/reset cycles, module failures and route storms with cisco gear. You just keep disabling features until you get a subset that works.

      As for 'custom hardware', when you get to the point that you need to route 10gig-e at line-speed, then you buy 'custom hardware'. Below that, you drop in quad 100m cards into a linux/BSD box and run something like quagga (or now XORP). I'm willing to bet that not many people here have many routers that really need those kinds of line speeds, so we can all white-box it for a small fraction of the price. I know my linux (100meg) router gets a once-a-year reboot for kernel upgrades. My linux NAT at home gets rebooted every time the power goes out longer then the UPS can handle...

      The only other thing that you can't get with open source is cisco hot-failover. And from the people who need that level of reliability, you can't get that from cisco either. :) To be fair, it works now, but they were selling it for quite a while in a very VERY buggy state. I'd be very exited to see an open-source router project that handles paired or triad server configurations with VIP and lockstep state updates, for true multipath redundancy. Good luck on that one, though.


      • It seems your experience with Cisco has not been mine. Our stuff just works.

        • Re:But will it... (Score:2, Insightful)

          by Amouth (879122)
          i agree with you personaly it sounds like he was tring to do something funky with the setup..

          it is easy to mis configure a cisco router/switch to where it will only work part of the time.. best thing to do is just flash it and start over.. only takes 30min no mater what your config looks like..

          and if you can't read/redo your config in 30min then yes, you have a configuration problem
      • if you need any kind of reliability, you buy 2 used cisco routers on ebay. quagga just doesnt cut it (to be polite)

        yes im pissed
        yes i have multiple quagga routers
        and yes ill buy something that actually work next time and won't crash randomly with no error messages
      • Re:But will it... (Score:4, Informative)

        by chivo (20329) on Monday March 06, 2006 @08:08PM (#14863057)
        The only other thing that you can't get with open source is cisco hot-failover.

        Not true. CARP + PFSYNC with OpenBSD and now even FreeBSD work quite nicely. You can do not only hot failover, but also load balancing.

      • Most mega-corps are not going to switch to open-source Networking gear for one major reason. Support sucks, you call Cisco and (assuming you have paid for maintenance) they fix it quick. An open-source platform has an issue, many times you fix it yourself if you can or post to the Newsgroups or call the developers (if you can) or Google a fix. That can be quite time-consuming. If your network is down business isn't getting done and you don't have time to self-engineer a fix. It also costs a lot more than ma
      • Re:But will it... (Score:3, Interesting)

        by numbski (515011) *
        Perhaps not Linux, but BSD....

        pfSense, VRRP, CARP, et al. Hot failover is a reality, and I use no Cisco equipment, although I am Cisco certified. I'm intentionally making due with all free/open source. Call it an experiment in sanity, but my company (it IS mine) is going down this path very deliberately. We'll see how things pan out in a year or two. pfSense is getting ready to hit 1.0. I'm really liking it so far, my only gripe at teh moment is that configuration is nearly 100% web based, adn no conso
  • Network outage? (Score:4, Insightful)

    by MachineShedFred (621896) on Monday March 06, 2006 @07:17PM (#14862689) Journal
    So who do you call when the thing breaks?

    With Cisco, I call the rep, and they have a replacement device in our datacenter within the hour, and we load up the config and get it fixed.

    Doubt you'll get that kind of service here, and that's what you pay for with Cisco.
    • Re:Network outage? (Score:5, Insightful)

      by NerveGas (168686) on Monday March 06, 2006 @07:23PM (#14862722)
      If you can't fix it yourself, you call someone who will charge you to fix it for you. Such support is available for nearly all medium-scale open-source projects. Asterisk is a perfect example, Digium saw the opportunity to not only sell the hardware to make it work, but to make money off of software support as well.
    • If it's 1/5th of the cost of Cisco as the summary states, then you have two or three spares which you preload with your configuration. If one dies, just plug in the spare. Much faster than waiting for Cisco to show up. That's what we do with OpenBSD firewalls - it's SO MUCH cheaper than Checkpoint, instead of having one Checkpoint firewall and an expensive support contract, we have hot spares we can just plug in.
      • If it's 1/5th of the cost of Cisco as the summary states, then you have two or three spares which you preload with your configuration. If one dies, just plug in the spare.

        So on your terms, the cost benefit is mostly crap.
        • Really? Let's do the maths.

          If the router is 1/5th of the equivalent Cisco router, you'd need FOUR spares per router to equal cost parity with Cisco. Realistically, you're probably not going to have that many, so yes - you are going to spend less money AND have a faster replacement (minutes probably) than Cisco service. Even if you had two hot swap spares per router, you're still way ahead.
    • Re:Network outage? (Score:3, Insightful)

      by Vellmont (569020)

      So who do you call when the thing breaks?


      Probbably the same people who made the thing, or possibly a 3rd company with a model like RedHat where they offer support. Honestly, how is this any different than other open source products? Support is available commercially, and on a DIY basis from the community.
    • by gardyloo (512791) on Monday March 06, 2006 @07:27PM (#14862749)
      So who do you call when the thing breaks?

            The A-Team.
    • Now that statement is misleading. Cisco doesn't just ship stuff within an hour. They have 8x5xnbd and 24x7x4 part replacement. That's also IF you get an RMA issued in time. The Cisco TAC engineer does not have to issue an RMA just because you say so. They can request further troubleshooting.
    • For the cost diferential, you can have redundancy with a few live spares, a testing environment, etc.
      Like everything else in the biz though, it depends how much in house experience and responsibility you want, versus having someone else to blame.
      Commodity routers like this unfortunatly don't have the capabilities to reach the high end where the in house expertice is more common.
      Unfortunatly for these people, exactly what seperates this new router from LEAF, freesco, openwall and the like I'm not sure. This
    • Re:Network outage? (Score:5, Insightful)

      by QuantumG (50515) <qg@biodome.org> on Monday March 06, 2006 @07:37PM (#14862836) Homepage Journal
      I remember a time when one bunch of people would sell products and another bunch of people would repair them when they break. Now when I buy a washing machine, no-one can fix it except the manufacturer. If I had the choice, I'd buy a washing machine that anyone can fix, but these days I don't have that choice. It's the same with my car. Same with my DVD player. Same with my television.

      Thankfully if my computer screws up I can take it to any one of many repair shops. If it's a hardware issue I'll probably call the manufacturer and see what my warrentee covers me for, but if it's a software issue, blah, as if I'd call Microsoft. Of course, if it's a laptop and I don't have a warrentee, who can I call? The manufacturer, that's it.

      So who do I call if my Linux box is on the fritz? Believe it or not, there's lots of people you can call. Because the software is open there's a whole lot of people who understand it and can fix it. Just like when the hardware is open.
      • Re:Network outage? (Score:3, Insightful)

        by Vellmont (569020)

        I remember a time when one bunch of people would sell products and another bunch of people would repair them when they break.


        And I remember a time when it was cheaper to fix things than it was to throw it away and buy a new one. I don't know about a washing machine, but who gets the TV or DVD player fixed when you can buy a new one for the same, or lower price? The only TV that anyone even bothers to fix is the ultra-wide screen or really expensive HD-TV.

        Manufacturing has gotten much cheaper over the year
    • Someone still has to make and sell the hardware, and that company will probably be just as happy to sell you a support contract as Cisco is. And if you're building them yourself, chances are that you'll be saving enough money that you'll be able to keep a few spares on hand.
    • If there's martian frames in Network Neighborhood,

      Who do you call?

      Packetbusters!
  • Sweet! (Score:5, Funny)

    by creimer (824291) on Monday March 06, 2006 @07:19PM (#14862703) Homepage
    It can turn my old AMD K5 machine into a top-end Cisco machine. Does anyone have a spare ISA network card?
  • Initial funding to develop XORP is provided by Intel and the National Science Foundation. Further funding has been provided by Microsoft Corporation and Vyatta. We are extremely grateful for their support.

    • Further funding has been provided by Microsoft Corporation

      In related news, hell just called tech support for one of their heaters. Minor issue, however. Will be fixed in a couple of months.
    • i find this feasible. It's a BSD-style license (wink wink, nudge nudge) so this means it's perfectly applicable for an "embrace and extend" operation.
    • Makes sense to me (Score:3, Informative)

      by WebCowboy (196209)
      Further funding has been provided by Microsoft Corporation

      XORP is licensed under BSD, thus it is not only extensible but embraceable as well. Microsoft likes anything it can embrace and extend.

      The Windows NT TCP/IP stack is substantially made up of lifted BSD-licensed code anyways (or at least started out that way). I imagine "Vista Server" could be equipped with "innovative", "advanced" routing capabilities compliments of XORP.
  • Uh... (Score:3, Insightful)

    by kclittle (625128) on Monday March 06, 2006 @07:23PM (#14862728)
    ...the key to routers and switches is the purpose-built hardware (the "switching fabric"). Sure, you can route using just SW and a 4-port ethernet card, but you'll be several orders of magnitude slower than a Cisco or Juniper box crammed full of ASICs.

    • (I'm assuming, of course, that they're using the Intel IXA family of network processors -- I don't see how, then, they get a 5x cost reduction...)
    • ... until you use an ACL (or any other useful feature of said Cisco), then you're back to process-routing, in which case, it's going to be orders of magnitude slower than a multi-GHz CPU with mammoth memory bandwidth.

      steve
      • It is very common to use large Cisco switches with a routing module to handle corperate routing needs. As the GP mentioned, these switches have massive bandwidth on the backplane. No intel architecture can touch that. And more to the point, just where on the network are you going to put a box like that with suspect hardware (all intel) doing any significant routing? If your operation is a small place with small amounts of traffic, sure, this will work. If you need to do routing at Gb speeds and beyond,
  • by stinky wizzleteats (552063) on Monday March 06, 2006 @07:28PM (#14862763) Homepage Journal
    Grep. Gimp. Kugar. Krita. Kexi. LaTex. Tcl. And now, the piece de resistance - xorp.

    Why route when you can XORP!
  • by tazanator (681948) on Monday March 06, 2006 @07:29PM (#14862767)
    Imagestream has been doing this for ~8 years now ... course they provide support and all the hardware but this is doable. After all a DS3 Imagestream Rebel is only a P3 Intel and 256mb upgrade. Still it is another step in proof that cisco is not the networking god PHB's think.
  • by squidguy (846256) on Monday March 06, 2006 @07:29PM (#14862770)
    This could be a hit, if the costs keep down, for the small-medium business and home broadband markets. But I have trouble seeing how this will take significant market share in the Enterprise except for perhaps edge or LAN devices. For one thing, you pay Cisco, Juniper, Foundry, whomever for wire-speed implementations (among other issues) that rely largely on the ASICs and the overarching hardware architecture, beyond just the OS.

    For the home market, there are already open-source software solutions such as for the Linksys WRT54-series wireless router, which is itself based on the GPL. See http://www.wi-fiplanet.com/tutorials/print.php/356 2391 [wi-fiplanet.com] for more info.

    Until someone funds an open-source chip foundry, these won't replace the core.
    • The idea of Ciscos and others using custom hardware to accelerate the routing is, in great measure, over-hyped. Yes, they do have some hardware that GREATLY speeds things up, but in most cases, it only works if you're not using any of the features that make their expensive equipment truly useful. Most of the nice features will kick you from CEF to process-switching, and at that point, a modern PC has *gobs* of CPU cycles, memory bandwidth, and even I/O.

      I/O used to be pretty pathetic for PCs, but when you
  • by NerveGas (168686) on Monday March 06, 2006 @07:32PM (#14862788)
    The largest impediment is not software, but hardware. The two benefits to a Cisco are that (A) there is someone who *will* fix your problem for a fee, and (B) You can buy an interface card for ANY network type out there.

    As for (A), the same will likely become available for this if it isn't already.
    (B) is a lot harder. When you get into odd network types and high-speed telco lines, it becomes a bit more difficult - it isn't as easy as just calling your Cisco salesmonkey and buying the card you need.

    It should be noted, however, that adding a card to a Cisco isn't always painless. I've had to upgrade the OS - which involved upgrading both memory and flash - just to support another ETHERNET card. How many decades has Ethernet been around for, and they want an OS upgrade to support one? And only to support an additional card, the built-in ethernet worked just fine.

    Right now, we're using a Linux router for ethernet routing within our data center, which it handles just fine. As soon as our Sangoma cards show up, it's also going to handle a T3 to our office as well - but only clearchannel, we can't split it between phone and data (as I'd like to do.)

    A while back, I had a rather perverse thought. You can hook up a LOT of interfaces to a high-end Cisco, and most routed telecom isn't very high-bandwidth. A T3, at a measly 45 megabit, is still very small considering the throughput of today's hardware. An OC3, at 155 megabits, still isn't much. The perverse thought was that if someone would come up with T1 and T3 modules with integrated CSU/DSUs that connected via USB or firewire, you could stuff a machine chock-full of 4-port controller cards, and be able to hook up 20 or more interfaces very quickly, and easily. In theory, each USB controller card *should* be able to push the ~200 megabits without much trouble, and even a plain old 32/33 PCI bus could *almost* handle the 110 MB/s of all 20 lines at full-tilt. Realistically, however, I do know that USB has many deficiencies which entirely prevent it from fulfilling that task.
  • by Anonymous Coward
    As I understand it, there's already this open source routing software called "Linux". I sysadmin at a medium sized financial trading house, and managed to toss out our two Cisco routers a year or so ago. I replaced them with Gentoo Linux boxen running the standard IP stack and routed, on office ready Dell PCs (with a couple of extra ethernet and fibre cards as appropriate). And you know what? It's been even more reliable, less downtime for patches or crashing or hardware failure. I'm not likely to go back t
  • by Sycraft-fu (314770) on Monday March 06, 2006 @07:33PM (#14862799)
    This is all assuming I'm willing to go unsupported, of course.

    1) By far the most important is what kind of interfaces can I get for it. Of course I can get ethernet but what about T1, DSL, SONET, etc. If all this does is route packets over ethernet, which I then need to plug in to another router to get to my WAN, that's not so useful. I'd say over 90% of the Cisco routers I see in business are for WAN connections. If you are going to have to buy those anyhow, then what's the point?

    2) What kind of load can it handle? Having something that can do a gig is all well and good, but can it still do a gig with 20,000 clients generating 50,000+ connections? That's where many budget routers and firewalls fall flat. They do everything in software so they can do the traffic no problem, but it's the concurrency that kills them.

    3) Does it support layer-3 switching? That's where you in effect route the first packet of a flow and switch the rest. Leads to much lower impact on the router, and lower pings. Can't do it going from one media to another, but for internal routing it's the way to go.

    This is, as mentioned, not considering support. I mean it's all well and good to slap some NICs in a system, load an OS that can route traffic, and call it a router/firewall/whatever, but it's something else entirely to see that survive under a real load. We see that all the time on campus when we test new potential devices. They promise gig throughput, something I have no doubt they deliver, and less than we use, but they instantly crash when exposed to our network. Why? Well we have like 30,000-40,000 comptuers or so that generate hundreds of thousands of concurrent connections. They just aren't equipped to process that kind of load and they stop passing traffic. The Ciscos, however, that compose the entire core, edge, and distribution parts of the network, operate without problems.
    • by jd (1658)
      The quick answer is "yes, you can support T1, etc." The longer answer is "if the kernel supports the necessary driver, or if there's a third-party driver (such as WANPIPE) which supports your T1 device, then there should be no problem, as Xorp uses the kernel to do all low-level operations".

      The substantially longer answer is: "Not all boxes of this kind play nice - Qwest's DSL modem runs Linux, as does Linksys, and a whole bunch of other cheap off-the-shelf devices. Very very few of these are updatable by t

  • History repeats itself.

    Microsoft built an empire out of OSS (using OpenBSD). Linux tries to compete with their own, better, product. However, companies are still resistant due to "support issues" (how much support did you actually get from M$ last year, though?) and familiarity.

    Cisco built an empire out of Netlib, etc. Vyatta will try in vain to take a slice of the pie, but companies again will "go with what they know".

    This is how the vast majority of us have ended up with rubbish IT setups, and those

  • 5 years late? (Score:4, Interesting)

    by Garak (100517) <chris AT insec DOT ca> on Monday March 06, 2006 @07:34PM (#14862812) Homepage Journal
    This seems to be alittle late to be jumping into this market. Most of the big players are starting to switch over to multilayer switching. Software routers are only needed where you need to do something like NAT or firewalling.

    If your big enough to need a routing protocol like BGP, your going to need some serious hardware. Software based routers running on off the self hardware are fine for 100mbit ethernet routing, but beyond 100mbit you need some specialized hardware.

    I really don't see any advanage this system has over a linux router with the usual tools(zebra/quagga, ip, ifconfig, iptables, ebtables, etc...)
  • Is there any special hardware or chips on this thing? Or is it just a low-end computer? I saw this story before and it didn't mention anything about the hardware
  • by saridder (103936) on Monday March 06, 2006 @07:43PM (#14862883) Homepage
    The game has long since moved from just forwarding packets to providing intelligence in the network. Now companies want integrated security, voince, application intelligence and application (l5-L7) optimization, QOS, high availability, etc.. none of which you'll find in an open source router. This is why the networking companies stay in business. If companies wanted cheap packet forwarders, they would have bought linksys, 3com, huawiei, hp or any other me-too commodity router. They didn't and Cisco won.
  • XORP + Click (Score:4, Informative)

    by jd (1658) <imipak AT yahoo DOT com> on Monday March 06, 2006 @07:51PM (#14862927) Homepage Journal
    You really want to run Xorp alongside MIT's Click, as that gives you the best routing capability. The two are intended to interoperate, but there's bugger all documentation on doing this.


    The number 1 problem with Xorp is that it supports only a tiny fraction of standard Internet routing protocols. They don't have the developers to support anything more than a bare-bones software router. If you're only going to use what they have, it's no big deal. (NOTE: I am only including actual common routing protocols, here. There are over 150 routing protocols defined and implemented by somebody, but few routers support more than 3% and only the Really Major Routers even pass the 10% mark.)


    The number 2 problem is that it lets the native OS deal with all of the QoS. This means that Xorp isn't guaranteed to behave the same on different platforms. It's not a lethal problem and some (including the Xorp developers) consider it a major bonus. I'm not convinced it's a good thing, though. It makes multicasting very confusing.


    The final problem is that Click will normally be run as a kernel module, but Xorp is in userspace. This means you've a LOT of context switching when running in such a mode. Because you want minimum latency, the overhead of pushing packets into userspace in the first place might not be efficient enough.


    I believe Xorp to be a good product. It is also the ONLY software router that is (a) Open Source and (b) being maintained (Quagga, Zebra and MRT are all dead, and GateD was withdrawn). I don't know if the Xorp group want more core developers, but I desperately hope that third-party developers offer patches and modules for it to beef up the abilities.


    (Linux is an important software router. NetBSD and OpenBSD could be, if the routing software was good enough. The three of them should have the low-to-medium router market totally sewn up in no time flat, in a very short timeframe. That won't happen, though, if there's not enough independent interest and support.)

    • by Some Random Username (873177) on Monday March 06, 2006 @08:30PM (#14863159) Journal
      OpenBSD ships with its own RIP, BGP and OSPF daemons. Its BGP daemon is BY FAR better than xorp and quagga, and its BSD licensed of course. OpenBSD is already a fantastic software router, maybe you should try using it instead of ignorantly telling us what it "could be"?
      • BGP is one protocol. RIP makes two. (Three if you differentiate between RIPv1 and RIPv2.) BGP tends to mean BGP4 - I have never seen any other version implemented on any modern router. OSPF comes in two popular flavours - versions 1 and 2 - but there are flavours for wireless networks, mesh networks and multicast networks, which are generally NOT supported.

        In fact, there was nothing there that covered multicasting, mesh, overlay, wireless or hybrid networking. There was nothing there for secure routing, eit

  • by shadowmatter (734276) on Monday March 06, 2006 @07:52PM (#14862938)
    Eddie Kohler, whose PhD thesis at MIT was the Click modular router [mit.edu] (which from what I understand turned into the "engine" behind XORP), is one of the principal designers and developers of XORP. They published a paper at NSDI [usenix.org] last year, which you can read here [xorp.org] (Warning: PDF). It states very clearly what the goal of XORP is, and how well it performs. Quite interesting.
  • by SuperBanana (662181) on Monday March 06, 2006 @08:04PM (#14863021)
    A start-up tries to break Cisco's lock on the $4 billion corporate router business.

    Cisco's market share year to year over the last 5-6 years has bounced from a near-dominating 80% to as low as 50%...and it's swung that much in ONE year.

    That must be some definition of "lock" I'm not familiar with...

  • Has any group or project vet'd it for security related bugs?
  • middle ground (Score:3, Insightful)

    by grumling (94709) on Monday March 06, 2006 @09:26PM (#14863394) Homepage
    Most of the comments I've been reading sound a lot like the big iron computer makers when they saw an Apple ][ back in the day. The point of this product is not to compete with the high end, but the middle. There are plenty of cases where a $5000 router and a big service contract just don't make sense. Sure, I drool over our Cisco switch, but for most IT departments, Cisco is more expensive than necessary. The market really does need a middle player. I hope this is it.
  • by RoffleTheWaffle (916980) on Monday March 06, 2006 @09:29PM (#14863404) Journal
    Being a veteran of the Cisco Networking Academy - I survived the courses with only a handful of brain hemmorhages - I hope that an open alternative to Cisco's software will accomplish the following, as these are the problems I observed in Cisco's products...

    1. Cisco's IOS interface is about as clear as a brick wall. Granted, this is an incredible form of idiot-proofing - the interface makes sense, once you study everything there is to know about it. However, you absolutely positively can -not- log into a Cisco enterprise router and have even the foggiest idea as to what's going on unless you've studied them before. Furthermore, the IOS does as little for you as possible, which is a good thing from a security standpoint... However, it would be nice if there was a work-around - a nice, clean GUI or something, accessible only from a physical connection to the router, perhaps - so people that haven't spent nearly a decade busting their brains over the hardware can at least perform basic maintenance.

    2. Dropping the cost of good routing and switching hardware would be wonderful. The routers and switches my school had cost in excess of $2,500 each, sometimes more, and they were older models at that. Furthermore - and this ties back into the previous statement - not having to hire people with four to eight years of schooling behind them just to manage a damn router would also drop the cost of managing an enterpise-grade network. (Granted, the people that are most likely to want to purchase this kind of hardware probably also have the money to do so, but at any rate, that's no small wad of cash.)

    3. I personally think it'd be really nice to be able to actually go in and tweak the hardware and software with a much greater level of precision than what Cisco's IOS allows. This would also allow for you to expand your harware without actually having to buy or build another router. I can't help but wonder if there'd be any point or improvement in clustering a home-made router and switch... Or a server, or whatever. Long story short, being able to actually reach in and mess with the stuff without violating some kind of warranty would be nice.

    I'm not about to say that Cisco is bad as a company. Cisco and their subsidiaries - Linksys immediately comes to mind - provide excellent service, and their products aren't half bad either. There are simply some issues that could be resolved by actually having access to the codebase of the software and being able to manipulate the hardware, in addition to new possibilities unlocked by the same. Cisco's track record aside, though, this is really a step in the right direction. The next thing I'd like to see are some people seeking to break into the business coming in with keyboards and soldering irons blazing, to see what can be done with this software - and some new hardware to go with it. Additionally, to make this program attractive to big business, it's going to have to make serious strides in terms of how much it can support, but if the project doesn't tank, that'd be great.

The only thing cheaper than hardware is talk.

Working...