OS Router Challenges Proprietary Networking 238
Jane Walker writes "Dave Roberts talks about Vyatta's open source router and how open source technology may soon alter the landscape of enterprise networking." From the article: "Initially, we believe that the x86 PC running Vyatta -- given the range of hardware that's available in the PC world -- can basically replace the midrange of the router market; to use Cisco terminology and model numbers, simply because it's convenient shorthand, basically from the 2800 series to the 7200 series. There's a whole host of equivalent products from Nortel and Alcatel -- but essentially in that range. I wouldn't describe it as Cisco model numbers so much as T1 branch office to gigabit LAN product categories."
Sigh.... (Score:5, Insightful)
I can plug damn near anything into a Cisco router....
Re:Sigh.... (Score:5, Interesting)
I'd say that odds are good you'd get about the same number of media interfaces and what you didn't
have would very probably have a media adapter or bridge that's standalone to take care of the gaps.
Re:Sigh.... (Score:4, Funny)
Open source routers and pr0n sounds like a dangerous combination for you then.
Re:Sigh.... (Score:4, Interesting)
Re:Sigh.... (Score:5, Interesting)
Trolling for a +1 funny mod, are we?
I don't remember who said it, but this is my favorite quote about Cisco software: "Cisco makes easy things difficult, but difficult things possible."
Re:Sigh.... (Score:2)
WideBand beats the crap out of Cisco (Score:5, Interesting)
Wideband [wband.com] makes Layer-3 switches that beat comparable Cisco routers hands down. With their nMU (pronounced "NetMU") it makes easy things easy and difficult things easy too. With their 28-port switches, you can get full-duplex, non-blocking Gigabit transfers on all ports simultaneously. And did I mention that they can even do Gigabit over CAT-3 and barbed wire? Also, if you use the nMU control your switches, none of them even need IP addresses. Good luck trying to hax0r a switch with no IP address. Throw in the fact that all their stuff is made in the USA (no off-shore customer support) and costs much less than comparable Cisco gear that doesn't perform nearly as well, and you have yourself a superior product. If you are expanding or replacing your network infrastructure, consider WideBand over Cisco. You'll be glad you did.
***Disclaimer***
I do not now, nor have I ever worked for WideBand, but we use their gear where I work. BTW, there were some guys who ran a Cisco shop in the training class I was in that WideBand offered. Last I heard, they were replacing all their switches with WideBand gear. IMNSHO, WideBand is the best kept secret in networking
Re:Sigh.... (Score:3, Funny)
Re:Sigh.... (Score:3, Informative)
I have configured many Cisco routers, switches, and VPN concentrators. None had anything close to an intuitive interface, and even standard operations differ from model to model. There's as much backward-compatibility cruft and illogical organization in IOS as in Windows. Cisco documentation is often just plain wrong or so poorly written as to have ambiguous meaning.
In fact I've never worked on another brand of router besides Cisco, but the CLIs and GUIs of other complex networking devices like Checkpoints
Re:Sigh.... (Score:3, Interesting)
Maybe the only other CLI that is easier to use is Junipers JunOS, but I haven't spent alot of time with it.
Oh, and the docs have gotten much, much better
Re:Sigh.... (Score:2, Informative)
I think you're missing the point. The backplane of the Cat6500 is pretty much what the PCI bus does for a PC. A 32bit/33mhz PCI bus gives you just abo
Re:Sigh.... (Score:3, Insightful)
I don't think I was entirely missing the point, but maybe I could have
Re:Sigh.... (Score:5, Funny)
And if you disable autonegotiate and set speed and duplex at fixed values, you might even get link.
Re:Sigh.... (Score:2, Funny)
What do foodstamps have to do with networking?
Good luck with that! (Score:5, Informative)
Yes, Vyatta talks a good game, but 24/7 worldwide support isn't something you build with a few million bucks in VC funding.
Re:Good luck with that! (Score:2)
Because, obviously, it is just that important to cover one's own ass.
Re:Good luck with that! (Score:5, Insightful)
Re:Good luck with that! (Score:2)
True... (Score:5, Interesting)
Re:True... (Score:2)
My favourite was the DHCP server.. they 'forgot' (their words) to test it on Windows clients, which use an 'obsolete' version of DHCP standard (again their words) so the dynamic DNS updates don't work at all (well they kinda
Re:True... (Score:2, Interesting)
THEY didn't currupt your data-
You can't blame Cisco for a missing conf
Re:True... (Score:2, Informative)
Re:True... (Score:2)
Re:True... (Score:2, Informative)
Re: Good luck with that! (Score:2)
Re:Good luck with that! (Score:2)
Why not? I am serious, why not? Most of ciscos support consists of putting you on hold for extended periods anyway. It's phone support and it can be done from anywhere in the world for a pretty cheap price. If somebody needs to come out they call the local chamber of commerce and get the contact of a local consulting company to come out and swap the hardware.
That's how everybody does
Re:Good luck with that! (Score:3, Interesting)
Re:Good luck with that! (Score:3, Insightful)
Now, question: How hard would it be to solicit new VC funding if you've suddenly got a big name customer? Crank that couple million to a couple hundered million.
I realize there's training timeline issues along with it, but an appropriately motivated company should be able to handle it.
I think it's just an issue of knowing when to change leadership (e.g., the guy that motivates a couple hundered programmers isn't necessarily the same guy capable of motivating a couple th
Re:Good luck with that! (Score:2)
Re:Good luck with that! (Score:3, Funny)
Re:Good luck with that! (Score:2)
Really? I think I'd sleep better knowing that (for the same price) I got MULTIPLE PC/software routers, setup in a zero-downtime failover cluster, with replacement parts trivially easy to get anywhere at anytime, and have full access to the source code if ever necessary.
Re:Good luck with that! (Score:3, Interesting)
Yes, but there is a large market of folks that either A) have dealt with Cisco's so-called support and aren't impressed or B) would rather simply have a preconfigured spare box for less price than a single Cisco.
If there is one thing that Linux has proved it is that you can't underestimate inexpensive and "good enough." You may not be interested in what Vyatta is selling right now, but I would bet that enough people are interested that the next gen Vyatta is even more competitive. In the long run, the l
Re:So buy support from someone else... (Score:2)
Re:So buy support from someone else... (Score:2)
In most caes, the CEO of a large company does
Siad the OS advocate... (Score:5, Funny)
Advocate 2: "Well, I work at Cisco by day, but work on PostgreSQL by night"
[awkward pause]
Advocate 1: "Pistols or swords?"
Re:Siad the OS advocate... (Score:2)
(I don't really, it's a joke).
Re:Siad the OS advocate... (Score:3, Funny)
Advocate 1: "Pistols or swords?"
Both please. Right in my head.
MS advocate to OS advocate (Score:2)
OS Advocate: Any by the night???
MS advocate: Oh nothing.. I just Update, patch, reinstall and reboot.
OS Advocate: What is reboot?
No. You're not making a 1U into a $40K router (Score:5, Interesting)
1) it takes an RTOS to make things work well. You can grind all the driver code you want, but an RTOS foundation is required with lots of cache
2) only PCI-X bus gets close, and most 1Us don't have it. That gives you a real ceiling in terms of port-port throughput; don't kid yourself
3) the algorithms needed to maintain cross-bar speed are gruesome. You don't find this kind of code in anything but sledge-hammered C and assembler, and code that only a mother (and an embedded systems engineer) could love. There is very little forgiveness here.
Yes, a 1U can make a decent router. But don't kid yourself into believing that you can beat F5, Cisco, Alcatel, etc.
You can certainly embarrass them, but on the high end, it doesn't work.
Re:No. You're not making a 1U into a $40K router (Score:5, Interesting)
Re:No. You're not making a 1U into a $40K router (Score:2)
We agree on the 'not ready for prime time' part.
Re:No. You're not making a 1U into a $40K router (Score:2)
Re:No. You're not making a 1U into a $40K router (Score:2)
Now let's write drivers for the cards that we'll plop inside of them, and do all the other good stuff to make 'em work.
Soon.
Re:No. You're not making a 1U into a $40K router (Score:2)
Re:No. You're not making a 1U into a $40K router (Score:2)
But it'll make a pretty good $1k router.
Re:No. You're not making a 1U into a $40K router (Score:2)
Consider that even a $1K router is silly..... (Score:2)
Don't think you'll find one for $45 (Score:2)
A router with GigE on the LAN switch and a reasonably fast uplink, and configurable software (not a brainde
Consider what a router does, even with IPV6 (Score:2)
It would be nice to have need for internal routers for many of the tasks that people think they need routers for. Yes, a fatuous ARP table is a beautiful thing if the router can deal with other things. There's a tremendous amount of power in pushing the routing/bridging strength to the edge, and keeping the height low on the hierarchical models; it's more manageable.
But the little stupid brouters (GBE switches at this rate) are really nice. Add in some nice filtration tables to k
Re:No. You're not making a 1U into a $40K router (Score:3, Informative)
Two words: cut through.
With a software router (aka your typical Linux-nerd router), the entire packet has to be read before the routing decision can be made. Then it has to be sent out again.
With Cisco, what you are paying for isn't the routing, it's the low latency of hardware that can see the destination IP address in a packet header, then effortlessly shunt the bits off to another interface in real time. You're also paying for the hardware being designed with 24/7 operation in mind, with little extra
Re:No. You're not making a 1U into a $40K router (Score:2)
Re:No. You're not making a 1U into a $40K router (Score:3, Insightful)
1) it takes an RTOS to make things work well. You can grind all the driver code you want, but an RTOS foundation is required with lots of cache
IOS is not a real-time operating system, which nicely disproves your claim. 8-)
2) only PCI-X bus gets close, and most 1Us don't have it. That gives you a real ceiling in terms of port-port throughput; don't kid yourself
In some of the Cisco low-to-mid-range route
The Dawn of Open Source Networking? wtf? (Score:2, Interesting)
Unfortunately these folks obviously were living under a ROCK for the past 8-10 years and never noticed
things like oh.. IPTABLES, and there has been WAN support in Linux for a long time. Great companies like
Sangoma offer T1 cards etc etc. This is just a bunch of folks trying to cash in on support contracts on
the backs of great open source projects and developers. We shouldn't even be giving them the press!
Re:The Dawn of Open Source Networking? wtf? (Score:2)
things like oh.. IPTABLES, and there has been WAN support in Linux for a long time.
Actually, they did notice IPTABLES. That was sort of the whole point of starting the project.
Re:The Dawn of Open Source Networking? wtf? (Score:2)
But they still didn't notice what actually mattered: Packet Filter.
It's a fluff piece, what did you expect? (Score:2)
Techtarget's article is the equivalent of Father and Son at the baseball field. Dad throws 'em nice and slow, and Junior hits 'em every time.
To call this "press" is an insult to news media everywhere, even by their standards. This is nothing more than a fluff piece by Techtarget (and Techtarget isn't "media"; they're basically a "whitepaper rehasher") asking him exactly what he wants to be asked.
Ah hem, OpenBSD.?.? (Score:4, Informative)
Brilliant!
Speed? (Score:2)
Re:Speed? (Score:2)
Making a system designed to be a general purpose tool (ie a 1u computer) into a single purpose device is bound to not be as good as a device designed to do that job.
If I want a firewall or router I want it to be capable of doing it's job to the best of it's ability, not limited by the processor if another type could have been faster. Also not limited by the OS if a small bit of highly dedicated code could do a better job than s
Re:Speed? (Score:2)
Re:Speed? (Score:2)
Open source and routing (Score:5, Insightful)
Not just BSD. (Score:3, Informative)
Hardware Components (Score:4, Insightful)
There aren't many PCI (full or half height) cards that can do ATM with OC3, etc....
Then there is the size factor. Data centre space is sparse and expensive, cisco (and such) equipment is built for this space. x86 PCs also run hotter (and louder) than specifically designed hardware from vendors such as cisco, juniper and 3com. oh and they draw more power.
i just can't see how this will take off in the top end of the market.
sure, for a small branch office that connects to frame, isdn, dsl or pstn and runs a vpn it may be fine, but not in a data centre or racked environment.
Re:Hardware Components (Score:2)
I suppose that depends on what one considers "midrange", I suppose.
Re:Hardware Components (Score:2)
Re:Hardware Components (Score:4, Interesting)
Combining the above will give you a 3U box (smaller than a 7200) which will route (not switch) 4-5Gbit/s reliable. A 7600 is a lot bigger and a serious sh*tload more expensive. You could buy several identical boxes for redundancy and still keep some change left.
Support is the only serious objection one could have in a FastEthernet-, GigE- or 10GE-world. Luckily I don't need support. I have been supporting stuff like above for ten years so I can manage. I can even support your Cisco and Juniper-platforms as well. I can handle my monthly exabyte by myself, thank you very much.
Re:Hardware Components (Score:2)
1600s and 2600s are just dirt cheap now, even with WICs. You can't build a comparable x86 (runs on flash, 1u, low power consumption) for the price. And saving 200 bucks by building a crappy x86 really doesn't make any sense when you're paying $500+/mo for your actual T.
I think everyone agrees that you won't get the performance of an asic-based router, so the only thing they have going for them is pric
This reminds me this... (Score:3, Interesting)
7200? How about replacing big iron? (Score:5, Informative)
My former employer is using three relatively simple Tyan dual Xeons with a couple of Syskonnekt cards to shove 4-5 gigabits per second of traffic over the internet (yes, full routing, and over 240 peers on AMS-IX and NL-IX). Most of that is usenet (http://www.top1000.org/top1000.current.txt look for 'tweaknews') but well over a gigabit is DSL end user traffic and some hosting. Those boxes cost in the order of 7000 euro's a piece, and are about as stable as a cisco running an current IOS (not as stable as you'd like). 7 grand buys me a single linecard for a 7200 on the secondhand market, and no 7200 will do as much traffic.
Cisco and Juniper: start getting scared *now*
Re:7200? How about replacing big iron? (Score:2, Insightful)
Re:7200? How about replacing big iron? (Score:2)
Re:7200? How about replacing big iron? (Score:4, Insightful)
Of course, lack of support and other issues will keep this away from the enterprise for the foreseeable future-- but this could make sense for a lot of startups with specialized needs or wishing to push a lot of traffic on the cheap.
Re:7200? How about replacing big iron? (Score:2)
Oohh, Vyatta (Score:3, Funny)
Reading from a distance, I thought that said VISTA, not Vyatta :)
I was starting to think that Vista had lost so many features that the only thing it was good for was for setting up a really, really expensive router.
Other OSS solutions (Score:2)
But good luck getting support at 1:30 am when the thing goes wierdo on you and you need to reboot the thing, 500 miles away..
re (Score:2)
Re:re (Score:2)
Can we slap ourselves? (Score:2, Funny)
Why can't we think of ways to profit from this as these companies do??
Damn, should have gone back and gotten that MBA...
It won't scale (Score:2)
I have implemented routers, and the biggest bottleneck is typically memory latency. Once the routing tables grow beyond what will fit in the cache, the latency kills you. Dedicated hardware routers are designed wit
More FUD from someone pet project (Score:4, Informative)
1) performance wise a 6x PCI-X motherboard is rare and commodity computers are not built for the buses to independantly talk to each other without invoking cpu.
2) feature wise you Have to have a RTOS or bad things happen when you try to implement QOS. speaking of features they have libraries full of books that talk about the *thousands* of features technologies that real routers implement (its hard to do that most companies spend tens/hundreds of millions to do this). implementing a few protocols/nat/firewall does not a router make.
3) If you actually have been involved with these things you would know:
-ds3/oc3/oc12's are not cheap... phone company bills of $100k a *month* is very common.
-a couple network engineers $100k/year each
-dedicated power/colo space/ups/generators $50+k/year
-SLA's and peering arraingment... $$$
-uptime to your customers measured in seconds of uptime (revenue $200+k/MONTH).
really, try explaining that to the CEO after the site has lost $10k/HOUR because something wonky is going on with the cpu or the memory oorrr it could be the kernel, I dunno I just rebooted the thing "cuz that usually fixes MY problems"... bye bye SLA.
--jboss
*sigh* a solution in search of a problem. (Score:3, Informative)
OSS is great, but not for everything... (Score:2)
Na, lets forget about the piddly stuff. I work at a systems admin: do you really want to build a product without the aforementioned benifits (hey, your production systems is now doing beta testing!) and take the heat for to save a few dollars?
Sure, I'm sure it works pretty good. It might
Re:OSS is great, but not for everything... (Score:2)
Maybe I'm an idiot, but IPCop is much much easier to deal with. To me, its a lot more secure to have something very simple and obvious, than complex and confusing.
Last year my small company was faced with a need to upgrade firewalls to accomodate more VPN tunnels to link home offices.
Re:OSS is great, but not for everything... (Score:3, Informative)
But these still don't deal with the issues of hardware/platform stability (yes, its a *lot* easier to design, troubleshoot and design driver modules if you control the platform first), QA (testing commercial *before* sending a product out the door), organized 'knowledge bases' (assuming your applianc
Re:OSS is great, but not for everything... (Score:2)
niche (Score:2, Interesting)
This isn't news. (Score:3, Insightful)
The common responses on here seem to revolve around the inability of PC hardware to handle high bandwidth. To an extent this is necessarily true. A general purpose PC is going to rely on its CPU to handle each packet traversing the box. Processors are fast and cheap and becoming faster and cheaper as time passes. Most commercial router vendors realized quite a while ago that any architecture whose perforance is based on a single, centrl CPU inherently represents an eventual bottleneck and thus a serious challenge to scalability. As such, most commercial routers have moved to a model where forwarding is pushed as far as possible from a control plane that is as discrete as possible.
In other words, if we push the actual heavy lifting of forwarding out to distributed components (e.g. the interfaces themselves) then we're no longer left in a situation where our BGP process is vying for cycles and memory access with packets in transit. When properly implemented this means that I can be moving huge amounts of traffic through my router without interrupting network control traffic, management of the box, etc, etc.. It also means that by distributing packet switching they can hit massive performance levels with a comparitively modest CPU.
At the high end with Cisco and Juniper you're paying for the development of some exotic ASIC's and some even more exotic interface hardware. You're also paying for the capability to support high density - PC platforms aren't going to support tens of 10G or hundreds of 1G interfaces any time soon. The capacity for redundant CPU's, stateful failover, etc is also worth remembering.
At every level of Cisco and Juniper hardware you're paying for the ongoing development and maintenance of a highly complex codebase full of features that just aren't practical (or, in some situations, possible) for the OSS community to implement well. Implicit in this is a huge system test and regression faculty.
I've used and deployed open source routers up to OC3 bandwidth. They worked and, for the most part, worked well when faced with relatively simple networking tasks - multihoming enterprises to the Internet, basic WAN routing, etc. My observation has been that these platfoms start to fall apart when faced with requirements for complex routing policies, fancy QoS, MPLS, etc.
There's a definite place in the world for PC-based open source routing platforms - particularly at the edge of larger networks or in the midst of small and medium sized ones but I don't think Cisco and Juniper need to worry about being rendered completely obsolete any more than Oracle needs to worry about being driven completely out of business by MySQL or PG.
ISP-grade (Score:2)
Don't kid yourself into thinking FreeSCO or IPcop, or monowall, etc can hold up with the big boys.. Sure, home, small and ( perhaps ) medium businesses could get away with it, but not the high end needs a of a large company. Between speed, and size and heat and support of the pc that can get the job done *reliably* its best to stick with the ciscos of the world in that case.
Be careful who you say is pushing the hype..
Re:Yawn. Slow news day? (Score:2)
Re:Yawn. Slow news day? (Score:5, Informative)
The first Juniper routers were "Olives", which were PC's running modified BSD. JUNOS is BSD based.
UUNET, IMHO the greatest ISP ever, first tested them in 1998 or 1999. CISCO had annoyed UUNET with poor service, so UUNET helped bring Juniper into the market. Yes, I am former UUNET and proud of it.
I found an interesting link to Olives at http://juniper.cluepon.net/index.php/Olive [cluepon.net].
why does the link say not intended as simulators? (Score:2)
Loved them. But the trainer told us at the start not to ask for a tarball
Re:Yawn. Slow news day? (Score:3, Informative)
Re:Yawn. Slow news day? (Score:3, Informative)
I did it for 6 years with a hand rolled linux install and ipchains. IT was faster than the HP 6 port router it replaced in both speed and network performance and adding in some filtering gave us a product that sould have cost $6000 at the time from the New Cisco company or then popular Colorado networking.
Every single one of these guys here claiming that no way a PC can route much traffic knows absolutely nothing about networking and routers. H
Re:Netgear (Score:3, Informative)
FYI, we're talking about "real routers" here... routers that speak BGP and other dynamic routing protocols to link sprawling multi-site networks with leased lines and VPNs. Enterprise-class stuff.
By comparison, the Netgear, Linksys, D-Link, or whatver else you picked up at CompUSA are not "real routers" at all, as they only use simple NAT and static routes with 2-3 interfaces at most.
Re:Netgear (Score:2, Informative)
Re:Netgear (Score:2)
Umm... note that even Netgear calls thes "VPN Firewalls", and not routers. Yes, they are technically routers in that they route between a single LAN and the internet. But the functionality and performance differences between one of those Netgears and even a fairly inexpensive enterprise router like the Cisco 2800 [cisco.com] is similar to the difference between an ultralight aircraft [wikipedia.org] and a Boeing 737 [wikipedia.org].
Re:Netgear (Score:2)
Plus with F5 based in Seattle, they get to have nice onsite support for the big players. Cost and performance wise, F5 is doing pretty well with open source.
Re:PC's just aren't ready (Score:2)
Re:PC's just aren't ready (Score:2)
Check out:
http://www.imagestream.com/PCI_1000.html [imagestream.com]