OS Router Challenges Proprietary Networking

Jane Walker writes "Dave Roberts talks about Vyatta's open source router and how open source technology may soon alter the landscape of enterprise networking." From the article: "Initially, we believe that the x86 PC running Vyatta -- given the range of hardware that's available in the PC world -- can basically replace the midrange of the router market; to use Cisco terminology and model numbers, simply because it's convenient shorthand, basically from the 2800 series to the 7200 series. There's a whole host of equivalent products from Nortel and Alcatel -- but essentially in that range. I wouldn't describe it as Cisco model numbers so much as T1 branch office to gigabit LAN product categories."

Sigh....

I love open source and all, but can a project like this really offer the same number of WIC modules?

I can plug damn near anything into a Cisco router....

Re:Sigh....

All depends on what they provide in the way of PCI/PCI-X cards- or whatever the future buses might be...

I'd say that odds are good you'd get about the same number of media interfaces and what you didn't
have would very probably have a media adapter or bridge that's standalone to take care of the gaps.

Re:Sigh....

I can plug damn near anything into a Cisco router....

Open source routers and pr0n sounds like a dangerous combination for you then.

Re:Sigh....

This software would have to offer much more that just WIC modules to even have me consider using it. Cisco routers may have low clockspeeds on the core chip, but its the ASICs that give them value. Also, take the 6509 for instance, slap in a SUP720B and you now have a 720 GBps back plane. No PC could ever hope to do that. Also, configuring a Cisco router is pretty much the easiest thing ever. I haven't checked out the software yet, but it better be much easier. Maybe they should network with the Open Source chipset guys and design some ASICs and all the other niceties.

Re:Sigh....

Also, configuring a Cisco router is pretty much the easiest thing ever.

Trolling for a +1 funny mod, are we?

I don't remember who said it, but this is my favorite quote about Cisco software: "Cisco makes easy things difficult, but difficult things possible."

WideBand beats the crap out of Cisco

Wideband [wband.com] makes Layer-3 switches that beat comparable Cisco routers hands down. With their nMU (pronounced "NetMU") it makes easy things easy and difficult things easy too. With their 28-port switches, you can get full-duplex, non-blocking Gigabit transfers on all ports simultaneously. And did I mention that they can even do Gigabit over CAT-3 and barbed wire? Also, if you use the nMU control your switches, none of them even need IP addresses. Good luck trying to hax0r a switch with no IP address. Throw in the fact that all their stuff is made in the USA (no off-shore customer support) and costs much less than comparable Cisco gear that doesn't perform nearly as well, and you have yourself a superior product. If you are expanding or replacing your network infrastructure, consider WideBand over Cisco. You'll be glad you did.

***Disclaimer***

I do not now, nor have I ever worked for WideBand, but we use their gear where I work. BTW, there were some guys who ran a Cisco shop in the training class I was in that WideBand offered. Last I heard, they were replacing all their switches with WideBand gear. IMNSHO, WideBand is the best kept secret in networking

Re:Sigh....

I can plug damn near anything into a Cisco router....

And if you disable autonegotiate and set speed and duplex at fixed values, you might even get link.

Good luck with that!

Cisco and Juniper offer 24/7 worldwide support. Whether or not it sucks, this is the thing that keeps people cozily asleep at night, knowing that if they have a problem, they have an unchallengeable defense of having bought the best in class support solution (notice I avoid any discussion of h/w, because in the enterprise, h/w without support is worthless).

Yes, Vyatta talks a good game, but 24/7 worldwide support isn't something you build with a few million bucks in VC funding.

Re:Good luck with that!

It is when you have shareholders. Like it or not.

True...

...they buy "world-class support", but having tried to use said support on occasion, I can say that I feel sorry for the world. Sure, it's better than a kick in the head, but not so much that it's worth the cost. I believe the record for longest repair ever was at the University of Manchester, in England, where a Cisco router corrupted the 1518th byte in every packet (thus only corrupting packets with a 1500 byte payload or 1496 bytes over 802.1q). Took them NINE MONTHS to fix. The first three of those, they denied there was even a problem.

Siad the OS advocate...

Advocate 1: "I work at Oracle by day, but work on Vyatta by night."

Advocate 2: "Well, I work at Cisco by day, but work on PostgreSQL by night"

[awkward pause]

Advocate 1: "Pistols or swords?"

No. You're not making a 1U into a $40K router

Here's why:

1) it takes an RTOS to make things work well. You can grind all the driver code you want, but an RTOS foundation is required with lots of cache
2) only PCI-X bus gets close, and most 1Us don't have it. That gives you a real ceiling in terms of port-port throughput; don't kid yourself
3) the algorithms needed to maintain cross-bar speed are gruesome. You don't find this kind of code in anything but sledge-hammered C and assembler, and code that only a mother (and an embedded systems engineer) could love. There is very little forgiveness here.

Yes, a 1U can make a decent router. But don't kid yourself into believing that you can beat F5, Cisco, Alcatel, etc.

You can certainly embarrass them, but on the high end, it doesn't work.

Re:No. You're not making a 1U into a $40K router

The RTOS doesn't use a lot of cache, It needs a fast CPU and tight code to handle the massive numbers of context switches. The code you mentioned isn't all running on a CPU either. A lot of it is on custom hardware to keep up those data rates. The PCI-X bus would work except very high end, and it IS available in current 1U servers from people like Sun and HP, but certainly not in that old 286 in the closet. You could turn an Opteron with the HyperChannel architecture into a pretty darn good router. But the Opterons cost quite a bit more than a 286 would (does any foundry still MAKE 286 chips?). It's a good project but I agree it's not ready for prime time in the corporate data center.

The Dawn of Open Source Networking? wtf?

If you go to Vyatta's website they claim that they are bringing in the "Dawn" of Open Source Networking.
Unfortunately these folks obviously were living under a ROCK for the past 8-10 years and never noticed
things like oh.. IPTABLES, and there has been WAN support in Linux for a long time. Great companies like
Sangoma offer T1 cards etc etc. This is just a bunch of folks trying to cash in on support contracts on
the backs of great open source projects and developers. We shouldn't even be giving them the press! They
are a bunch of HACKS!

Ah hem, OpenBSD.?.?

You get OpenBGPD and OpenOSPFD all working in concert through the kernel. Oh and did I mention the price? $40.

Brilliant!

Speed?

While this router probably will be a valid competitor to Cisco/Juniper in many areas, it probably won't be able to compete in the very high end market where these companies have made a name for themselves. Cisco routers, at least do a lot of processing using ASICs, which are specifically optimized to make the kinds of decisions needed for routing packets. I'm not sure whether traditional x86 can match that level of performance.

Open source and routing

I guess those BSD guys have just been playing around all these years.

Hardware Components

While a company such as Vyatta may be able to deliver the software to actually do the routing, you still need hardware pieces to actually connect to your equipment.

There aren't many PCI (full or half height) cards that can do ATM with OC3, etc....

Then there is the size factor. Data centre space is sparse and expensive, cisco (and such) equipment is built for this space. x86 PCs also run hotter (and louder) than specifically designed hardware from vendors such as cisco, juniper and 3com. oh and they draw more power.

i just can't see how this will take off in the top end of the market.

sure, for a small branch office that connects to frame, isdn, dsl or pstn and runs a vpn it may be fine, but not in a data centre or racked environment.

Re:Hardware Components

There aren't many PCI (full or half height) cards that can do ATM with OC3, etc....

I've been able to live in ISP-land for over ten years without ever coming close to ATM. Big exchanges like the AMS-IX (biggest public IX worldwide) have been pure ethernet since their inception. Getting ethernet in some form from a transit-provider is just a checkbox in the right place. Current commodity hardware will do linespeed GigE over PCI-X. Current high-end PC's have sufficient bandwidth available. 66MHz 64bits PCI-X might sound like 266MB/s, but keep in mind that equates to well over 2.5Gbit/s. The right hardware has 3 independant PCI busses and busmasters, so should be able to move 7.5Gbit/s of data via busmastering DMA, and thus with low CPU load. Keeping a full routing table and a bgp-daemon running doesn't require odd hardware. Juniper has been doing that on a Pentium MMX 333 with 768Mbyte since 2001, and a dual Xeon 2.4 will giggle at that 'workload'.

Combining the above will give you a 3U box (smaller than a 7200) which will route (not switch) 4-5Gbit/s reliable. A 7600 is a lot bigger and a serious sh*tload more expensive. You could buy several identical boxes for redundancy and still keep some change left.

Support is the only serious objection one could have in a FastEthernet-, GigE- or 10GE-world. Luckily I don't need support. I have been supporting stuff like above for ten years so I can manage. I can even support your Cisco and Juniper-platforms as well. I can handle my monthly exabyte by myself, thank you very much.

This reminds me this...

... interesting article [techworld.com] on TechWorld: A reality check for open source routing.

7200? How about replacing big iron?

My former employer is using three relatively simple Tyan dual Xeons with a couple of Syskonnekt cards to shove 4-5 gigabits per second of traffic over the internet (yes, full routing, and over 240 peers on AMS-IX and NL-IX). Most of that is usenet (http://www.top1000.org/top1000.current.txt look for 'tweaknews') but well over a gigabit is DSL end user traffic and some hosting. Those boxes cost in the order of 7000 euro's a piece, and are about as stable as a cisco running an current IOS (not as stable as you'd like). 7 grand buys me a single linecard for a 7200 on the secondhand market, and no 7200 will do as much traffic.

Cisco and Juniper: start getting scared *now*

Re:7200? How about replacing big iron?

Right; the parent's point is that commodity hardware is even threatening the high end (e.g. above the Cisco 7200 mentioned in the summary).

Of course, lack of support and other issues will keep this away from the enterprise for the foreseeable future-- but this could make sense for a lot of startups with specialized needs or wishing to push a lot of traffic on the cheap.

Oohh, Vyatta

"Initially, we believe that the x86 PC running Vyatta -- given the range"

Reading from a distance, I thought that said VISTA, not Vyatta :)

I was starting to think that Vista had lost so many features that the only thing it was good for was for setting up a really, really expensive router.

Other OSS solutions

There are several other OSS solutions that can do this.

But good luck getting support at 1:30 am when the thing goes wierdo on you and you need to reboot the thing, 500 miles away..

Netgear

Just in case anyone was wondering, there are other routers that are open source. I think all of Netgears routers firmware is open.

re

If Vyatta is the "dawn of open source networking" then who the hell are these guys [imagestream.com]?

PC's just aren't ready

I recently looked into building a PC based router after our NPE-300 board in our Cisco 7206VXR started flaking out.
While I'm sure it can be done for a T1, you sure as heck aren't going to build an effective DS3 or higher router on a PC.

The biggest problem right now is lack of PCI ATM adapters. I recently had CDW look into this for us. Apparently IBM used to make an ATM adapter, and HP currently does but is only supported for HPUX.

As much as the hacker in me would love to put together a DS3 capable, PC based router running Linux, without proper hardware and driver support, it's just not going to happen right now.

But hey, I hope I'm wrong... If someone can point me in the direction of an ATM adapter with Linux support, great ! I'll start hacking away... Until then, I'll sleep soundly at night knowing that if something blows up and it's an emergency situation, Cisco will ship out parts by start of next business day, in a worse case scenario.

Can we slap ourselves?

We (by that I mean geeks in the networking world) have been doing this for years...

Why can't we think of ways to profit from this as these companies do??

Damn, should have gone back and gotten that MBA...

It won't scale

A PC platform will not scale like a decent router will. The memory latency becomes the bottleneck once you start thrashing your CPU cache when you have a lot of routes or ACLs. For small setups, it might work, but it will not compete with dedicated hardware solutions once the complexity grows.

I have implemented routers, and the biggest bottleneck is typically memory latency. Once the routing tables grow beyond what will fit in the cache, the latency kills you. Dedicated hardware routers are designed with this in mind, often with multiple banks of low-latency memory or CAMS.

Try to handle 1M packets per second with 100K routes, MPLS VPNs, ACLs, policy based routing, QoS, policing, marking, reverse path forwarding checks, etc. and it will fall apart. Plus it has to keep statistics on everything. All of that will quickly exceed the memory bandwidth available on any PC platform.

A decent router can do all of this and run at gigabit speeds or more. Add to that all the various interfaces that are available and the much higher port densities.

-Aaron

More FUD from someone pet project

This keeps coming up every 6 months or so. To rehash it for you:

1) performance wise a 6x PCI-X motherboard is rare and commodity computers are not built for the buses to independantly talk to each other without invoking cpu.
2) feature wise you Have to have a RTOS or bad things happen when you try to implement QOS. speaking of features they have libraries full of books that talk about the *thousands* of features technologies that real routers implement (its hard to do that most companies spend tens/hundreds of millions to do this). implementing a few protocols/nat/firewall does not a router make.
3) If you actually have been involved with these things you would know:
    -ds3/oc3/oc12's are not cheap... phone company bills of $100k a *month* is very common.
    -a couple network engineers $100k/year each
    -dedicated power/colo space/ups/generators $50+k/year
    -SLA's and peering arraingment... $$$
    -uptime to your customers measured in seconds of uptime (revenue $200+k/MONTH). ...... AND you want to save $30k by using a #@$%#$%#$% software router running on a DELL?????

really, try explaining that to the CEO after the site has lost $10k/HOUR because something wonky is going on with the cpu or the memory oorrr it could be the kernel, I dunno I just rebooted the thing "cuz that usually fixes MY problems"... bye bye SLA.

--jboss

*sigh* a solution in search of a problem.

It'll never, EVER challenge Cisco in the big iron market. Why? Simple. No IT manager has EVER been fired for buying Sun servers, Cisco routers/switches, or IBM PCs. Big iron isn't about open source. Big iron is about triple-redundant reliability, service contracts, and brand trust.

OSS is great, but not for everything...

Sometimes purpose built products simply make more sense. Lets skip the obvious reasons like tested, reliable (hardware) platforms, extensive QA, depending on the user-base even more extensive discovery and bug reporting.

Na, lets forget about the piddly stuff. I work at a systems admin: do you really want to build a product without the aforementioned benifits (hey, your production systems is now doing beta testing!) and take the heat for to save a few dollars?

Sure, I'm sure it works pretty good. It might even be the perfect solution for a lot of scenarios. But when you build off a non-supported OSS projects *you* become support. *You* take the blame. If my Cisco router goes south (not that I've ever had that happen) I call technical support and no matter how little my CEO might know about hardware its now *Ciscos* problem.

That said we do use a lot of OSS software, even in production, but where I feel strongly about 'appliances' is in task-specific applications, ie: router ios's, loadbalancers, firewalls, switches (sure, as in routers).

Besides, any of you who work as system admins know that Radware hardware has more bling. :) I walk past racks everyday and you can see the people who spend the money to do things right (standardized hardware, good cable management, serious components, nicely organised) and the people who cut corners, because the people who cut corners are the ones who are there, fixing problems while that rack of X4100's with the database using the dual-channel fiber interconnects and the managed gigabit switches and the shiny firewall appliance just kind of clicks along.

If that sounds like a rant its only because we've cut some of these corners and I've had to work pretty hard to start getting things turned back around (commodity desktop building oem server vendor > specialized oem server vendor (the kind that knows what Linux is and installs and burns in your OS) > Sun/Dell/HP/[Insert favorite vendor here]) all the while convincing the company I work for that saving a few dollars to build a firewall on last gen hardware didn't make as much sense as buying a documented, supports and stable 'boxed' firewall. Not to mention the rest of the network. So ya, I'm a little bitter. :)

niche

It's very parallel in it's nature in that a small networking company could present this as a cost effective option. I see how a small networking consultant company could actually push this towards the small business level. But I'm doubtful it could ever be presented at the public/community level for use in schools or public wi-fi rest areas when the state lays out stipulations regarding only accepting bids from Cisco based numbers and Cisco certified installers? More or less, mandating that tax payer investment for this massive scalability be present. Often times, in these areas, that is ten-fold overkill. So there is the need, but I'm afraid that Cisco's name is so far embedded in corporate and state america, it's going to be a tall order to ever penetrate that market. Bringing this comment back to the small business. If a consultant can convince the client that this is a viable router to placing thier 20-something client station network on, then, yes, it has a niche.

This isn't news.

I think we see some version of this article every few months - yet another revelation of an open source package that can turn PC's into routers. This isn't news. There have been various shapes and forms of routers on *NIX platforms for many, many years. Some of these platforms served (and still serve) as reference implementations of certain routing protocols.

The common responses on here seem to revolve around the inability of PC hardware to handle high bandwidth. To an extent this is necessarily true. A general purpose PC is going to rely on its CPU to handle each packet traversing the box. Processors are fast and cheap and becoming faster and cheaper as time passes. Most commercial router vendors realized quite a while ago that any architecture whose perforance is based on a single, centrl CPU inherently represents an eventual bottleneck and thus a serious challenge to scalability. As such, most commercial routers have moved to a model where forwarding is pushed as far as possible from a control plane that is as discrete as possible.

In other words, if we push the actual heavy lifting of forwarding out to distributed components (e.g. the interfaces themselves) then we're no longer left in a situation where our BGP process is vying for cycles and memory access with packets in transit. When properly implemented this means that I can be moving huge amounts of traffic through my router without interrupting network control traffic, management of the box, etc, etc.. It also means that by distributing packet switching they can hit massive performance levels with a comparitively modest CPU.

At the high end with Cisco and Juniper you're paying for the development of some exotic ASIC's and some even more exotic interface hardware. You're also paying for the capability to support high density - PC platforms aren't going to support tens of 10G or hundreds of 1G interfaces any time soon. The capacity for redundant CPU's, stateful failover, etc is also worth remembering.

At every level of Cisco and Juniper hardware you're paying for the ongoing development and maintenance of a highly complex codebase full of features that just aren't practical (or, in some situations, possible) for the OSS community to implement well. Implicit in this is a huge system test and regression faculty.

I've used and deployed open source routers up to OC3 bandwidth. They worked and, for the most part, worked well when faced with relatively simple networking tasks - multihoming enterprises to the Internet, basic WAN routing, etc. My observation has been that these platfoms start to fall apart when faced with requirements for complex routing policies, fancy QoS, MPLS, etc.

There's a definite place in the world for PC-based open source routing platforms - particularly at the edge of larger networks or in the midst of small and medium sized ones but I don't think Cisco and Juniper need to worry about being rendered completely obsolete any more than Oracle needs to worry about being driven completely out of business by MySQL or PG.

Is OSR viable?

It's an interesting idea, and all but the troll comments are to the point and even trolls are perceptive.

Most seem to be missing an important point. What's the company's business model? Free software with tech support for $500 per year? That's not a billion dollar idea. How about the point made that they intend to offer appliances and system blueprints?

So, it's not really about reusing your old PCs, except for really small companies, start-ups or 3rd worlders. Vyatta readily admits that ultimate performance and absolute reliability does require very careful selection of components and careful engineering. Can it be done with OTS components? I think so.

The product is essentially a Linux Kernel with a routing stack designed to run on an X86 processor based platform. Almost every network appliance I've studied over the past decade has been based upon the same concept. It's a recognized commodity HW plan, one that most companies are comfortable with, even if they're not aware of it.

The question is whether they can produce appliances and reference platforms (tested HW configs) that can be replicated and whether these devices can be sold for less than what a "Name Brand" router costs on E-Bay.

Now for the important question...

Does it run FreeBSD?

Speed

I see a good number of posts advocating that ASICs do a better job, are more optimised, memory bandwidth limitations/latencies etc.... I've been there and done that in terms of building a commercial software router running on standard x86 platforms and customised x86 platforms. Products like the CISCO 3845 ISR reach upto 600K packets per second raw forwarding and dip drastically in performance when ACLs, QoS etc are enables. Even for 1500B packets, these routers cannot sustain line rates for ACLs on 2 gig-ethernet interfaces bi-directional. On a standard x86 server board running on Opteron 2GHz, a software router was able to outstrip the CISCO 3845 by 70% and retain performance with ACLs thereby making it more than twice as fast. Mind you, this was on a $1000 server hardware from a well known serverv vendor. I'd expect the OFR to do atleast 70-80% as well. Nothing can stand greater testimony than this to the fact that x86 hardware can deliver performance.

ISP-grade

Or a large businesses data center.

Don't kid yourself into thinking FreeSCO or IPcop, or monowall, etc can hold up with the big boys.. Sure, home, small and ( perhaps ) medium businesses could get away with it, but not the high end needs a of a large company. Between speed, and size and heat and support of the pc that can get the job done *reliably* its best to stick with the ciscos of the world in that case.

Be careful who you say is pushing the hype..

Re:Who needs it?

who the hell modded this up? the routers described in the article and the pissweak nat-in-a-boxes that parent speaks of are so dissimilar it's not funny. -1, clueless idiot talking about things he knows nothing about

Re:Yawn. Slow news day?

Bullshit. Even a 200 MHz MIPS chip gives pretty shitty routing performance -- just look at a WRT54G router. Mine goes up to 100% cpu usage with a single SIP call. That router of yours would choke if you had more than one or two users or you were running BitTorrent or something. A Cisco 2500 won't. That's the real difference.

Re:Yawn. Slow news day?

PCs running tuned linux or BSD kernels work great for anything but ISP-grade stuff.

The first Juniper routers were "Olives", which were PC's running modified BSD. JUNOS is BSD based.
UUNET, IMHO the greatest ISP ever, first tested them in 1998 or 1999. CISCO had annoyed UUNET with poor service, so UUNET helped bring Juniper into the market. Yes, I am former UUNET and proud of it.
I found an interesting link to Olives at http://juniper.cluepon.net/index.php/Olive [cluepon.net].

Re:Ripoff of JunOS

Hmm, perhaps it's because JunOS is based on BSD [cluepon.net]?

Re:Ripoff of JunOS

Yeah. It's almost as if they were trying to model the command line interface off of an existing and well known interface to make it easier for people to use. . .

Re:Open source? Where is it?

The GPL doesn't demand that the software be available to everyone - just everyone who has the binaries. (Yes, that's simplifying things a bit, but its close enough...) Hence, not having the source available publicly on their website is not breaking the license.

Re:Yawn. Slow news day?

You can easily route 5 T1's on a Thrown away 586MMX at 266Mhz.

I did it for 6 years with a hand rolled linux install and ipchains. IT was faster than the HP 6 port router it replaced in both speed and network performance and adding in some filtering gave us a product that sould have cost $6000 at the time from the New Cisco company or then popular Colorado networking.

Every single one of these guys here claiming that no way a PC can route much traffic knows absolutely nothing about networking and routers. Hell a cheap P4-2.8 with the right hardware can route ATM speeds over ethernet easily (Yes kids, you can get ethernet termination on anything from your provider).

Hell a slow 386 can do a single T1 without getting about 5% processor loads.