Open Source Router on Par With Cisco, Users Say 202
Jane Walker writes "On a mission to avoid paying top dollar for Cisco routers, two users say Vyatta's Open Flexible Router is a viable alternative to the proprietary norm. Find out about the pluses and minor hassles involved in deploying this alternative." This probably won't surprise the users of (much lower end) networking gear like the famously hackable Linksys WRT54G, which — like a number of internally similar routers — can be reconfigured with one of several open-source firmwares to do things impossible with the hardware as delivered.
Difference between hardware and software.... (Score:4, Insightful)
Re:Difference between hardware and software.... (Score:5, Informative)
Until you get up into the gigabit speeds, regular PC hardware is just as good or better. The only thing you have to watch for in the multi-hundred-megabit routing loads is that you don't have a lot of access control lists - which is also an issue you will run into with any router you might choose. Spending some time sizing the buffers and other kernel parameters is also important, because a stock Linux kernel is not set up to be a network core router.
I've got over 2,000 L2TP connections going into a single 2.4Ghz Intel box running Linux. Performance is significantly better than the Cisco 7204 that it replaced, and it's a lot cheaper and more flexible to support.
Now, in the multi-gigabit routing tasks, do yourself a favour and get a L7 switch with custom ASICs. Extreme, Foundry and others will be happy to sell you one. Cisco's stuff is crap, right up until you get their million dollar badasses which they bought from another party (go figure).
Re:Difference between hardware and software.... (Score:3, Informative)
Still have it, I never throw anything away...
cisco 7204VXR (NPE400) processor (revision A) with 114688K/16384K bytes of memory.
Processor board ID 21280102
R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3 Cache
4 slot VXR midplane, Version 2.1
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb0_mb1
Re: (Score:2)
Cheers,
Athanasios
Re: (Score:2)
Re:Difference between hardware and software.... (Score:4, Informative)
Let's see...
--
IP CEF with switching (Table Version 271518), flags=0x0
1030 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 3
1033 leaves, 27 nodes, 152040 bytes, 269271 inserts, 268238 invalidations
0 load sharing elements, 0 bytes, 0 references
universal per-destination load sharing algorithm, id 26B36E8A
2(0) CEF resets, 1425 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 1s)
2250 in-place/0 aborted modifications
refcounts: 9206 leaf, 7168 node
Adjacency Table has 888 adjacencies
2 incomplete adjacencies
--
It does speed things greatly. Load on the 2.4Ghz Linux box that replaced it is 0.07 right now, with 1800 L2TP connections.
Re: (Score:2)
That's where you put Junipers.
Re: (Score:2)
For high speeds get a hardware router and not necessarily from Cisco. In fact I don't like Cico for several reasons, which I will not go into here.
Re: (Score:2)
Huh? CRS-1 [cisco.com] was done in-house.
Re: (Score:3, Interesting)
Cisco routers don't have any Intel processors in them. Some of their network modules that run LINUX do, but their not the router. Open one up and look. In fact they never have and never were x86-based. They were Sun boxes way back when created in Stanford's labs, but that was before Bush Sr. was president. Regular PC's may or may not be able to forward packets as well as a Cisco router, I'm sure
Re: (Score:2)
Everything is home rolled. I learned how to do everything from the LARTC (Linux Advanced Routing and Traffic Control) mailing list archives.
The thing I lik
Re: (Score:2)
On a 2621 (which, admittedly, is ancient) with two T1s, the poor thing would drown itself just doing per-IP bandwidth limitation before the T1s were full. Not to mention that you're quite limitted in the total number of IPs for which you can perform i
Re:Difference between hardware and software.... (Score:4, Informative)
Yes, Cisco (and others) have routers that use ASICs to handle immediate in/out "routing" in hardware, but as soon as you start putting any kind of ACL, any kind of port/IP translation, or anything else that requires any intelligence on the router, you bring in software, and all of the processing overhead that goes with it.
So....if you are going to do anything *useful* with a router would you rather have a 50-200MHz Cisco box running a bloated IOS (do you *really* use X.25, for example???), or a server-class x86 motherboard running a 1GHz processor with a kernel optimized for routing and software optimized for the protocols you actually use?
We use http://www.imagestream.com/ [imagestream.com]ImageStream Linux-based routers where I work, and they absolutely run circles around the 2600, 3000, and as5000 -series routers that we have. Their support is absolutely phenomenal. When we have a problem with an ImageStream router, we frequently talk with their programmer, and he works with us until we have a patch installed on the box that fixes the problem. If there's a software bug in your Cisco router, it's "yeah, that will be fixed in the next IOS release"...which unless you paid out the <bodily orifice of your choice> for SmartNet you have to *buy*, even though their product was broken when you bought it.
You can use overpriced Cisco iron if you want; I'll stick with the Linux-based routers, thanks.
Re: (Score:2)
They actually admitted to a bug? Hell, they must love you! When I was with UUNET, we used to have to escalate like mad to get them to admit a problem. Of course, once we had Junipers, Cisco started being much more helpful.
Re: (Score:3, Informative)
Foundry ServerIrons handles ACLs in hardware. So do Cisco Catalysts. If you turn on logging, they switch back to software ACLs, but with logging turned off, ACLs ar ein hardware.
Re: (Score:2)
"hardware router" is actually just running software.
I think what you meant was
"Cisco's proprietary custom software is better than
the open source equivalent."
Cisco's hardware isn't more powerful than a typical
PC - just more specialised.
Link to Vyatta (Score:5, Informative)
Vyatta Open Flexible Router [vyatta.com]
That explains it (Score:2)
Avoiding "License Transfer" Fees (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
the IOS is more than the hardware... you can buy cisco routers dirt cheep if you don't want the IOS..
another case where the software is what has the cost behind it
if it is only "Standard PC Hardware" (Score:4, Insightful)
But then again for SMB - you don't need 100 MBit routing - many of your internal clients are slamming into your sub 10 Mbit internet connection anyway (that is probably further BW limited by the cable/phone company). Now for true enterprise - you really do need switching/routing at the ASIC level - real switching fabrics (not a glorified PCI bus) in the hardware etc. to handle the multiple GBit links, multiple OC12/OC48 connections to the world, etc.
This is where Cisco shines and I don't see "software only solutions" coming anywhere close
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
You aren't guaranteed uptime as a business cable company anymore than you are guaranteed uptime as a residential customer.
Absolutely true. (Score:3, Insightful)
Re: (Score:2)
Why change from DSL? Reliability... (Score:5, Informative)
Strange - why would you expect companies to step down from decent DSL speeds to T1 rates.
When you need reliability, you have to give up on DSL/cable, because no DSL or cable provider is going to give you service guarantees. If a DSL/cable line doesn't provide it's advertised 2Mb/s download throughput, that's too bad; you might be able to negotiate your bill down. And if it goes down, it's going to be you reporting it to your ISP, not the other way around...
But a T1 circuit (generally) has both through throughput and uptime guarantees written into the contract. And automated monitoring of its performance, and fast notification that something's wrong, 24 hours a day. I've had DSL circuits be out for days; the longest a T1 circuit was down was 8 hours, and there were severe financial penalties proscribed for that event.
That's not to say a T1 circuit is perfect; we use a bonded pair of them to feed one site. One went down, due to an incident with a trencher. Verizon promptly fixed it... by moving the circuit to another pair that tested good in the cable. Guess which pair got used... If you guessed the pair that the second circuit lived on, you'd be right, and it went down. This went on for a day, alternating which circuit was up and down, until one of our people met the Verizon tech at the repair site. "You do know that there are TWO T1 circuits here, don't you?" "Oooops..."
Re: (Score:2)
This is of course hogwash. Just like you bonded your T1s to get better reliability, you can do the same with DSL. You can even get DSL and Cable, or DSL from different ISPs.
In real life your reliability will be better than the "guarantee" you get from your LL supplier (which usually does not give any compensation in case of problems anyway, so you still are responsible for
Re: (Score:3, Interesting)
True, there is no way to guarantee uptime completely, because it all involves wires or radio or something else that can fail in ways that you're not going to be able to fix quickly. Our T1s aren't bonded for reliability, but for speed... a fractional fiber just wasn't available to that site, so multiple T1s is the only way to increase speed. We're hosting, not surfing, so uplink speed is our bottleneck.
But bonded DSLs have the same problem that a single DSL has - no guarantee of service. Period. And you ca
Re: (Score:2)
There is no point in being so paranoid, other than to justify burning money.
BTW, your cable provider is terrible. We easily get 99.95% uptime on consumer-grade DSL lines, and when counting 07:00 to 23:59 only it is well above 99.99%.
Over several sites, over several years. Of course they don't guarantee it, but we provide our own backups (multiple lines, dialup backup for emergencies)
Re: (Score:2)
I don't know the situation in your country, but over here a DSL modem is free with every new subscription.
Because there are many ISPs and all kinds of special offers, people tend to switch between ISP quite often (every 1-2 years) and there is a big number of unused DSL modems lying around computer rooms, closets at home, etc.
And otherwise, you could walk to the computer st
Re: (Score:2)
No seriously - I actually have been trying to find out...
Wish I had replied earlier so I could see about 10 different replys giving 12 different answers
Re: (Score:2, Interesting)
Cisco's routers are cheap, mostly Intel-based systems with PC-quality hardware and low performance for the dollar. If you are routing mostly Ethernet (which most do these days), you can build a multi-hundred-megabit Linux router very inexpensively and get more performance out of it than a 7x00 series Cisco r
Re: (Score:2)
For example, when you have multiple single-IP-address links to the Internet, and you want to offer several internal systems access via NAT, you will run intro trouble with IOS.
Linux routers, and also some low-end routers like Draytek 3300 can do this without problem.
In general, IOS has trouble with situations where there are different external connections that
Re:if it is only "Standard PC Hardware" (Score:4, Interesting)
If I had one dollar for every time I give this answer, I'd be frelling rich:
99% of businesses use sub 10Mb connection to the Internet and yet they are told the Cisco is the only way to connect them professionally. Moreover, the sub-$10k Cisco gear is a crap when it comes to performace, on par with good PCIe PC running on multiple Gbit eth interfaces.
That about sums it up.
RobertRe: (Score:2)
With a slow internet connection you can use your router box for other tasks like a squid proxy, filtering, DNS, VPN, or even hosting a small web site.
Again it really depends on what you need and what talent you have in house.
Re:if it is only "Standard PC Hardware" (Score:5, Informative)
If your internet link is DSL, you do not need a real router :)
I should point out that this topic comes up every couple of years on NANOG, ummmmmm... here's a reasonable selection from the last decade [google.com]. These people have forgotten more about routing than most of us here will ever know. And until generic PCs come with multi-gig backplanes, it ain't happening anywhere except the low end. And at the low end, you're better off either leaving it to your ISP or using a few whitebox "desktop" switches/routers. They're cheap, cheerful, work, and you don't need to know the difference between "sh ip bgp run" and "sh bgp ip run"...
Re: (Score:2)
Re: (Score:2)
The first thing that is apparent is that they are lists. A linear list is not a very convenient way to express your access policy, especially when you have more than one external interface.
I LOVE DD-WRT (Score:3, Interesting)
Re: (Score:2)
ASICs (Score:4, Insightful)
This seems to be an entirely software router that just runs on a standard x86 machine.
Isn't half the point of buying a dedicated-hardware router that you get ASICs and whatnot that do the job faster than software?
Re:ASICs Issues (Score:2)
I agree with you in principal(sp?) but I have a question:
As we upgrade some machines, I've got dual cpu (1.5ghz =/-) and 2+GB RAM being replaced by dual cores. Would server hardware be able to handle as much, if not more than the cisco asics (2800's mostly) I've got?
I get a damn good router for free. And I've got a spare parts inventory + redundancy. What am I missing?
Re: (Score:2)
The problem with PC's is
English, please! (Score:2)
TWO consultants agree? (Score:1)
If we were to judge solutions based solely on the word of two-or-more IT consultants, we would have "enterprise solutions" with MS-ACCESS backends, with a "robust" monthly backup to
Seriously, the holes in this article are big enough to park a datacenter full of Cisco hardware in.
Re: (Score:2)
* As long as we're not switching half the U.S. (Score:3, Insightful)
Reads like a well-placed article-vertisement.
The "as long as we're not switching half the US" comment are the one's I grow tired of. It's a well-wrapped insult.
I'm not saying Linux is the best tool for routing half the nation, but the comment points out some things that do prevent more linux adoption.
1. "free" is not as good as something I paid for
2. Don't fsck with the status quo.
I admin a company 100% cisco routers/firewalls and I know for a fact Linux can do what gets done.
I'm not going to tell the boss to "just" switch or evangelize too much because of the social/economic implications of doing so may impact my future. I like my employer, they like me, so when we need another router, it's a cisco. I am personally disappointed by this, but I think it explains why innovation takes -so- long to come to the data center. (at least in the U.S.)
Let's not forget that cisco can fire most of their software devs and use a linux-based router project if it ever got close to competing with some Cisco products. Does that qualify as innovation? I'd say no. It's not cheaper or better.
Re: (Score:2)
Now consider what else they could have bought for £20k. They were routing GigE connections on the local side, so they could have had several pairs of commodity boxes, each running OpenBSD and pfsync, each pair supporting transparent fail-over if one goes down. Multiplexing can be handled by a relatively simple (i.e. cheap) s
Re: (Score:2)
I don't disagree that OpenBSD, pf
Re: (Score:2)
Actually, the problem is that they have a very simple network. It's a completely flat topology across campus, and no one has a plan of exactly where the network cables all run, so it is almost impossible to do anything about it.
Advertorial (Score:2, Insightful)
PC hardware is a joke, slow backplanes, limitation on how many interfaces you can plug in. On the techspecs the number of interfaces types they use is well very very limited. Then reliability of PCs a joke compared to a Cisco box.
Where is this product used?
- Is this a bloated replacement for the US$20 taiwan PPPoE rou
No huge suprise (Score:3, Insightful)
I'm not suprised at all that these Open Source solutions are on par with Cisco for many users. My only real concern would be support. At least back then (I have not dealt with them recently), Cisco had great support and would "own" network problem resolution in a way that made it worth paying their price.
Re:No huge suprise (Score:4, Insightful)
I wish the SmartNet prices were a little more reasonable. They should cut the prices dramatically for the lower-end 8x5x4-day replacement support so that more people can afford it. This would be a solid recurring business for Cisco whereas only a small percentage of Cisco customers bother buying support nowadays.
Re: (Score:2)
Sorry, that just doesn't need much power to work. Try adding in OSPF, and some redundant links into your internal network. Get a second ISP and become multihomed, run BGP and add all 194,000+ entires from the global routing table into the mix, watch that P133 slow to a crawl.
Software routers handle every
Re: (Score:2)
Re: (Score:3, Informative)
in other news (Score:4, Insightful)
Race car can also replace a semi-truck (Score:2)
Support, Support, Support (Score:5, Interesting)
Re: (Score:2, Informative)
You also forgot to mention the fact that the likelyhood of a hardware failure on a PC to a Cisco unit is like 20:1 (for most products).
Cisco has a far fatter margins on the hardware than PC vendors and can provide a much higher quality product, can afford to underclock the machines for higher reliability etc.
Re: (Score:2)
Re: (Score:3, Insightful)
With the cost of commodity PCs these days you could probably have an entire second router on hot standby for the cost of a single year's support contract.
If it is a T-1 then just move the cable over. If it is an Ethernet connection the fall over could be entirely automatic http://linux-ha.org/ [linux-ha.org]
You will also have a trade off of in house time to test and configure vs just buying Cisco.
Of course their are times where generic hardware will not cut it. However this does offer some i
Re: (Score:2)
32/80/120Gbits? Yes you would have to have a dedicated router that costs big dollars but then it would probably be cheap compared to the cost of the connection.
However not that many companies can afford or need a 32GBit Internet connection and yes your right I can not think of any PC off the top of my head that could handle it.
However for 100 MBit connections or maybe even for 1GBit connections a PC based router could be just the ticket. Th
Re: (Score:2)
Your right a lot of Slashdot users are thinking of a small network like they have at home. I am thinking of the small network at my office which I freely admit. Our network uses
Re: (Score:2)
For our network it is a waste. 100BaseT switches with a GigaE backbone is the best solution for our office.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Until guaranteed-response support proves itself for open-source routers, most network admins with
Re: (Score:2)
You do have a point there. But as this runs on x86 hardware whats to stop you from having a stack of spare gig network cards lying around? Hell you could have a whole redundant box for the cost of the cisco gear. We have cisco here but honestly it is _MUCH_ fas
Re:Bias, bias, bias (Score:2)
Just because it's OSS doesn't mean you can't pay for on-site support, on-site hot backups, the works.
Whether it's OSS or closed source is irrelevant in that regard.
Except with OSS you are likely to have more flexibility and better value for money.
"Support" is often a boogeyman pushed by salesdroids when they don't have anything better to offer, trying to scare a customer into getting locked in to their expensive, proprietary solution while ignoring the flexibility, including support, that OSS can offe
Re: (Score:2)
For us, being able to use inexpensive commodity parts and being able to have a hot-swap that can be connected in less than 5 minutes strongly trumps a hugely expensive router and 4 hour fix commitment.
This might not work for everyone. But for the typical office with maybe 100 people working in it, with a couple of internet connections, an OpenBSD system with pfsync+carp (i.e. a spare box and automatic fail-over) will trump a single Cisco router most times and save signifi
Re: (Score:2)
I've never encountered a problem with a business critical system that could wait 4 hours that couldn't wait 24.
Huh, Samba file sharing? (Score:4, Insightful)
Since when do "corporate-level routers" offer samba file sharing? This seems like the LAST thing I would ever want to put on a router. The only thing I could possibly see Samba being useful for is downloading log/config files. But on a router that is kinda scary, SCP seems much more secure and just as useful.
Open source routing is definitely an option now though. Over 3 years ago the web hosting company I worked for swithced out their Cisco routers that couldn't handle the slighest DDoS attack for a couple AMD based Linux boxes that could easily handle wirespeed DDoS attacks with ease. Not to mention they were a fraction of the cost.
So... a Cisco router as good as a Cisco router? (Score:2)
Since when ... ? (Score:2)
You're buying the hardware (Score:4, Insightful)
Re: (Score:2)
In my Cisco experience, that is _highly_ platform, IOS and purpose dependent. On one hand, I've had several Cisco boxes at the "high" end ($XXX,XXX.XX), several at the low end ($xxxx.xx) and several in between that have stayed up for years. On the other hand, I've had other Ciscos in each of those same price points enter death spirals as often as daily.
One 7206VXR I had to reboot every three days to stave off a spewing CEF memory leak. The ESR platform is a
Meh... (Score:2)
Sure, you might save a few bucks and maybe, if you're good, come up with something better. But try explaining that to your non-technphile CEO when something (and something always does) goes wrong.
If my gear fails and I did the best that I could (firmware upgrades, software updates, hardware lifecycle, etc) its no sweat off my back. We rush to repair our systems and someone wags their finger at Sun or Cisco or w
What DSL modem to use? (Score:2)
I am trying to find some ADSL2+ modems to connect to our Cisco routers.
(in the past we have used Cisco ADSL WIC, but it has become clear that a consumer-grade Alcatel modem outperforms those, and even worse: there is NO ADSL2+ WIC...)
The modems have to support PPPoA and provide a transparent "bridge mode" where incoming traffic is delivered on the ethernet port with the Internet IP address as destination. This would be the same mode you would want
Re: (Score:2)
For the owner of 17xx and 37xx, they are not very useful. And those boxes are too recent to throw away just because we want ADSL2+.
Besides, support for PPPoA over DSL is troublesome to say the least. You get a "Dialer" interface that is treated as inferior all over IOS.
An external modem works much better as IOS sees it via ethernet and is not bothered by the PPPoA handling.
(sad, but true)
Re: (Score:2)
However, when it arrived I quickly found that it is able to do transparent bridging and that it can do PPPoA, but no combination of the two.
When PPPoA is enabled, there is a hardwired NAT function for which you cannot even define incoming portmappings
It seems that the OpenWRT folks are busy writing new firmware for it, but they have nothing available yet that they recommend end-users to install.
Maybe I wil
Re: (Score:2)
For Cisco IOS routers, this is troublesome (I know it is no problem with home routers).
You get a "dialer" interface to route your packets to, and in many ways it is inferior to a normal ethernet port.
(when we bought the routers we got ADSL WICs with them, ADSL modems that plug into the router, and to use PPPoA we got the same dialer config and a lot of trouble, solved by using external modems)
The Cisco prefers to just bounce ethernet
Re: (Score:2)
So, there is only a single system (or in this case: cisco router) connected that has the public IP address on its ethernet interface where it receives all packets from the line, and it sends all packets with a "next hop" address equal to the address of the modem. The modem then forwards them over the PPPoA connection.
This makes the whole PPPoA and authentication issu
Hardware support lacking (Score:3, Interesting)
That reminds me... (Score:2)
So, imagine a single machine with 30, 50, or 60 network interfaces coming out of it, al
Cisco switch performance review (Score:3, Interesting)
tripe..... (Score:2)
Re: (Score:1)
Re: (Score:3, Interesting)
Huh? What?
It's my hardware. If I buy a Cisco router via eBay, you're telling me I'm not allowed to put Linux on it if I can figure out how?
Re: (Score:3, Interesting)
This bit me a couple of years ago when I bought a 2611 on e-bay, and wanted to put the latest security fixes on it. Not being Cisco certified, I contacted Cisco to find out about getting or purchasing updates. I was told that my router was "gray market" and that I would need to buy another license for it.
"How much is that?", I asked.
"$1500.00."
"Holy shit!" (hangs up phone, lest they send the s
Re: (Score:2)
The only thing they have is
1. You wont get fired for buying Cisco
2. Support
3. They are top notch, maybe not always the best, but they are top notch.
But yea, making people buy the router again when they buy used is scummy. Even if you buyt a PIX-501, ithe software will cost more than the hardware new from cisco at full price.
Re: (Score:1)
Re: (Score:1)
Thanks!
Stupid lawyers (Score:2)
Why post as an anonymous coward?
Are you violating your client confidentiality with the parent post?
If I wipe their firmware (which I have a license to use) how am I violating their copyright?
Re: (Score:2)
Your understanding of technology is obviously zilch, zippo, nada, nothing. And that leaves me with the feeling that your understanding of law is also generally diminished. And I presume you've never changed any software on the PC you own?
Re: (Score:2)
Many people, thousands of them in fact have bought LinkSys and other routers and have modified them with new more functional software.
As far as I know the DMCA has been used only once to "protect" hardware from modification. It never went to court and the company pretty much went out of business.
The modification of purchased hardware is protected under the first sale doctorin. The same laws that allow you to buy a car and then sell of the parts one buy one.
The DMCA would only come into
Re: (Score:2)
-sirket
Re: (Score:3, Insightful)
-sirket