Slashdot Log In
Open Source Router on Par With Cisco, Users Say
Posted by
timothy
on Mon Sep 25, 2006 01:01 PM
from the pay-less-per-tube dept.
from the pay-less-per-tube dept.
Jane Walker writes "On a mission to avoid paying top dollar for Cisco routers, two users say Vyatta's Open Flexible Router is a viable alternative to the proprietary norm. Find out about the pluses and minor hassles involved in deploying this alternative." This probably won't surprise the users of (much lower end) networking gear like the famously hackable Linksys WRT54G, which — like a number of internally similar routers — can be reconfigured with one of several open-source firmwares to do things impossible with the hardware as delivered.
Related Stories
[+]
Linux Hackers Reclaim the WRT54G 265 comments
An anonymous reader writes "The world's most ubiquitous wireless access point is free to run Linux again, thanks to a brilliant hack by db90h, aka Jeremy Collake. No soldering is required, as Collake's 'VxWorks Killer' nixes the WRT54G's VxWorks bootloader and installs a normal Broadcom one, allowing Linux to be installed easily. One distribution small enough for the series five WRT54G's 2MB of Flash and 8MB of RAM is the free DD-WRT project's "micro" edition. It lacks some of the fancier Linux router packages, such as nocat and IPv6, but does support PPPoE, and could be more stable than the VxWorks firmware, which seems to have generated mixed reviews." Update: 06/26 22:52 GMT by T : Note that the project's name is DD-WRT, not (as it was mistakenly rendered) WR-DDT. Check out the DD-WRT project's site.
This discussion has been archived.
No new comments can be posted.
Open Source Router on Par With Cisco, Users Say
|
Log In/Create an Account
| Top
| 202 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Difference between hardware and software.... (Score:4, Insightful)
Re:Difference between hardware and software.... (Score:5, Informative)
(http://www.rumour.com/)
Until you get up into the gigabit speeds, regular PC hardware is just as good or better. The only thing you have to watch for in the multi-hundred-megabit routing loads is that you don't have a lot of access control lists - which is also an issue you will run into with any router you might choose. Spending some time sizing the buffers and other kernel parameters is also important, because a stock Linux kernel is not set up to be a network core router.
I've got over 2,000 L2TP connections going into a single 2.4Ghz Intel box running Linux. Performance is significantly better than the Cisco 7204 that it replaced, and it's a lot cheaper and more flexible to support.
Now, in the multi-gigabit routing tasks, do yourself a favour and get a L7 switch with custom ASICs. Extreme, Foundry and others will be happy to sell you one. Cisco's stuff is crap, right up until you get their million dollar badasses which they bought from another party (go figure).
Re:Difference between hardware and software.... (Score:4, Informative)
(http://www.rumour.com/)
Let's see...
--
IP CEF with switching (Table Version 271518), flags=0x0
1030 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 3
1033 leaves, 27 nodes, 152040 bytes, 269271 inserts, 268238 invalidations
0 load sharing elements, 0 bytes, 0 references
universal per-destination load sharing algorithm, id 26B36E8A
2(0) CEF resets, 1425 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 1s)
2250 in-place/0 aborted modifications
refcounts: 9206 leaf, 7168 node
Adjacency Table has 888 adjacencies
2 incomplete adjacencies
--
It does speed things greatly. Load on the 2.4Ghz Linux box that replaced it is 0.07 right now, with 1800 L2TP connections.
Re:Difference between hardware and software.... (Score:4, Informative)
(http://www.gecko-ak.org/)
Yes, Cisco (and others) have routers that use ASICs to handle immediate in/out "routing" in hardware, but as soon as you start putting any kind of ACL, any kind of port/IP translation, or anything else that requires any intelligence on the router, you bring in software, and all of the processing overhead that goes with it.
So....if you are going to do anything *useful* with a router would you rather have a 50-200MHz Cisco box running a bloated IOS (do you *really* use X.25, for example???), or a server-class x86 motherboard running a 1GHz processor with a kernel optimized for routing and software optimized for the protocols you actually use?
We use http://www.imagestream.com/ [imagestream.com]ImageStream Linux-based routers where I work, and they absolutely run circles around the 2600, 3000, and as5000 -series routers that we have. Their support is absolutely phenomenal. When we have a problem with an ImageStream router, we frequently talk with their programmer, and he works with us until we have a patch installed on the box that fixes the problem. If there's a software bug in your Cisco router, it's "yeah, that will be fixed in the next IOS release"...which unless you paid out the <bodily orifice of your choice> for SmartNet you have to *buy*, even though their product was broken when you bought it.
You can use overpriced Cisco iron if you want; I'll stick with the Linux-based routers, thanks.
Link to Vyatta (Score:5, Informative)
Vyatta Open Flexible Router [vyatta.com]
Avoiding "License Transfer" Fees (Score:4, Insightful)
(http://www.linuxinlibraries.com/)
if it is only "Standard PC Hardware" (Score:4, Insightful)
But then again for SMB - you don't need 100 MBit routing - many of your internal clients are slamming into your sub 10 Mbit internet connection anyway (that is probably further BW limited by the cable/phone company). Now for true enterprise - you really do need switching/routing at the ASIC level - real switching fabrics (not a glorified PCI bus) in the hardware etc. to handle the multiple GBit links, multiple OC12/OC48 connections to the world, etc.
This is where Cisco shines and I don't see "software only solutions" coming anywhere close
Why change from DSL? Reliability... (Score:5, Informative)
(http://abusedemailaddress.com/)
Strange - why would you expect companies to step down from decent DSL speeds to T1 rates.
When you need reliability, you have to give up on DSL/cable, because no DSL or cable provider is going to give you service guarantees. If a DSL/cable line doesn't provide it's advertised 2Mb/s download throughput, that's too bad; you might be able to negotiate your bill down. And if it goes down, it's going to be you reporting it to your ISP, not the other way around...
But a T1 circuit (generally) has both through throughput and uptime guarantees written into the contract. And automated monitoring of its performance, and fast notification that something's wrong, 24 hours a day. I've had DSL circuits be out for days; the longest a T1 circuit was down was 8 hours, and there were severe financial penalties proscribed for that event.
That's not to say a T1 circuit is perfect; we use a bonded pair of them to feed one site. One went down, due to an incident with a trencher. Verizon promptly fixed it... by moving the circuit to another pair that tested good in the cable. Guess which pair got used... If you guessed the pair that the second circuit lived on, you'd be right, and it went down. This went on for a day, alternating which circuit was up and down, until one of our people met the Verizon tech at the repair site. "You do know that there are TWO T1 circuits here, don't you?" "Oooops..."
Re:if it is only "Standard PC Hardware" (Score:4, Interesting)
(Last Journal: Tuesday December 07 2004, @09:19AM)
If I had one dollar for every time I give this answer, I'd be frelling rich:
99% of businesses use sub 10Mb connection to the Internet and yet they are told the Cisco is the only way to connect them professionally. Moreover, the sub-$10k Cisco gear is a crap when it comes to performace, on par with good PCIe PC running on multiple Gbit eth interfaces.
That about sums it up.
RobertRe:if it is only "Standard PC Hardware" (Score:5, Informative)
(http://www.vanitydomainsarelikeso20thcentury.org/)
If your internet link is DSL, you do not need a real router :)
I should point out that this topic comes up every couple of years on NANOG, ummmmmm... here's a reasonable selection from the last decade [google.com]. These people have forgotten more about routing than most of us here will ever know. And until generic PCs come with multi-gig backplanes, it ain't happening anywhere except the low end. And at the low end, you're better off either leaving it to your ISP or using a few whitebox "desktop" switches/routers. They're cheap, cheerful, work, and you don't need to know the difference between "sh ip bgp run" and "sh bgp ip run"...
I LOVE DD-WRT (Score:3, Interesting)
(http://www.celardore.net/)
ASICs (Score:4, Insightful)
This seems to be an entirely software router that just runs on a standard x86 machine.
Isn't half the point of buying a dedicated-hardware router that you get ASICs and whatnot that do the job faster than software?
English, please! (Score:2)
(http://wakaba.c3.cx/)
TWO consultants agree? (Score:1)
If we were to judge solutions based solely on the word of two-or-more IT consultants, we would have "enterprise solutions" with MS-ACCESS backends, with a "robust" monthly backup to
Seriously, the holes in this article are big enough to park a datacenter full of Cisco hardware in.
* As long as we're not switching half the U.S. (Score:3, Insightful)
(http://www.friendwich.com/ | Last Journal: Thursday November 09 2006, @12:05PM)
Reads like a well-placed article-vertisement.
The "as long as we're not switching half the US" comment are the one's I grow tired of. It's a well-wrapped insult.
I'm not saying Linux is the best tool for routing half the nation, but the comment points out some things that do prevent more linux adoption.
1. "free" is not as good as something I paid for
2. Don't fsck with the status quo.
I admin a company 100% cisco routers/firewalls and I know for a fact Linux can do what gets done.
I'm not going to tell the boss to "just" switch or evangelize too much because of the social/economic implications of doing so may impact my future. I like my employer, they like me, so when we need another router, it's a cisco. I am personally disappointed by this, but I think it explains why innovation takes -so- long to come to the data center. (at least in the U.S.)
Let's not forget that cisco can fire most of their software devs and use a linux-based router project if it ever got close to competing with some Cisco products. Does that qualify as innovation? I'd say no. It's not cheaper or better.
Advertorial (Score:2, Insightful)
PC hardware is a joke, slow backplanes, limitation on how many interfaces you can plug in. On the techspecs the number of interfaces types they use is well very very limited. Then reliability of PCs a joke compared to a Cisco box.
Where is this product used?
- Is this a bloated replacement for the US$20 taiwan PPPoE router you can buy? The taiwanese will beat it on TCO hands down on power consumption.
- Is this for the edge of the network to service downstream customers? Why part away from the thousands of installations which live, have predictable and very proven track record of something like a Cisco 7200VXR..
The article (Advertorial) is nicely skewed as making Cisco seem expensive. Go on ebay and look for Cisco routers with FE ports, you can find them for a few hundred dollars. Or try to compare this with 3550 which will provide 24 ports with Layer 3 functionality for way below the US$2000.
I am tired of Cisco killing products off when they feel like it.
They could go into the market of breathing new life into a product that is being cancelled by other vendors. Firebox II anyone?
Vyatta still need a strategy. period.
No huge suprise (Score:3, Insightful)
(http://www.mythpvr.com/)
I'm not suprised at all that these Open Source solutions are on par with Cisco for many users. My only real concern would be support. At least back then (I have not dealt with them recently), Cisco had great support and would "own" network problem resolution in a way that made it worth paying their price.
Re:No huge suprise (Score:4, Insightful)
(http://slashdot.org/ | Last Journal: Monday January 31 2005, @05:48PM)
I wish the SmartNet prices were a little more reasonable. They should cut the prices dramatically for the lower-end 8x5x4-day replacement support so that more people can afford it. This would be a solid recurring business for Cisco whereas only a small percentage of Cisco customers bother buying support nowadays.
in other news (Score:4, Insightful)
Support, Support, Support (Score:5, Interesting)
Huh, Samba file sharing? (Score:4, Insightful)
(http://www.timetrex.com/ | Last Journal: Wednesday March 21 2007, @11:47PM)
Since when do "corporate-level routers" offer samba file sharing? This seems like the LAST thing I would ever want to put on a router. The only thing I could possibly see Samba being useful for is downloading log/config files. But on a router that is kinda scary, SCP seems much more secure and just as useful.
Open source routing is definitely an option now though. Over 3 years ago the web hosting company I worked for swithced out their Cisco routers that couldn't handle the slighest DDoS attack for a couple AMD based Linux boxes that could easily handle wirespeed DDoS attacks with ease. Not to mention they were a fraction of the cost.
This is a good thing? (Score:1)
My buddy just lost one as well.
So... a Cisco router as good as a Cisco router? (Score:2)
Since when ... ? (Score:2)
You're buying the hardware (Score:4, Insightful)
Where should Vyatta go? What direction? (Score:1)
I think the way we can help Vyatta is by giving them suggestions as to where they should go in the market.
What direction should they take in your opinion?
Best WRT54G/s Firmware I've found (Score:1)
Looks Cute. (Score:1)
(http://www.dr-dyna.net/)
Lets take the discussion where it probably should have gone, to the guys contracted to set up a network for a local law firm office, with 20 employees. Maybe a veterenerian's office that probably doesn't do that much business (dollar wise). It's the folks like this that might still need what a Cisco has to offer in features, but doesn't need what Cisco offers in capacity, and definatly not what they offer in cost. Considering how (it looks to be) well documented, I don't think that the contractor mentioned will have any problems supporting it. It's our bread and butter.
What DSL modem to use? (Score:2)
I am trying to find some ADSL2+ modems to connect to our Cisco routers.
(in the past we have used Cisco ADSL WIC, but it has become clear that a consumer-grade Alcatel modem outperforms those, and even worse: there is NO ADSL2+ WIC...)
The modems have to support PPPoA and provide a transparent "bridge mode" where incoming traffic is delivered on the ethernet port with the Internet IP address as destination. This would be the same mode you would want for a PC-based router between LAN and Internet via DSL.
The problem is that it becomes difficult to find a "dumb" modem like that, especially with a reasonable build quality.
Everyone has NAT routers with 4-port switch, Wireless access point, VOIP gateway, printer port and what not, but I just need a dumb modem with no frills that increase the failure chance or that interfere with transparent operation.
For example, the more recent Alcatel/Thomson models appear to offer a transparent mode, but it has proven to be unreliable. I think the NAT engine is in the path in a 1:1 mapping mode. After some days of operation it appears to drop packets of longstanding connections while still servicing new connections.
We never had those problems with our old Alcatel 510, but that is not ADSL2+.
Any idea where to go for a reliable, transparent, ADSL2+ MODEM??
Smoothwall? (Score:1)
it on a 700 Mhz pentium 3 system. Worked wonders. Lots of features and addons/extensions from the community. They also have a commercial version with a gang load of features http://www.smoothwall.net/products/corporatefirew
Let's get a few things straight here... (Score:1)
(http://www.2112.net)
The term "open-source router" is extremely vague. A router is a physical device that forwards packets at layer 3. In the case of the Vyatta OFR (as wel as Zebra, OpenBGPd, etc), the routing software (roughly, the RIB) is Vyatta, the forwarding software (roughly, the FIB) is the Linux kernel, and the hardware is a PC. In addition to various silicon-based solutions to speed up packet forwarding, software projects such as the Click! modular router exist that replace the routing code in a commonly available kernel (Linux, BSD, etc) that increase packet forwarding performance exponentially. The fact is that the commodity packet forwarding code in off-the-shelf OSs (OSS or commercial) hasn't evolved much in a long time, because it hasn't needed to.
Procket (founded by Tony Li, bought by Cisco for the engineering team) had also developed software forwarding based products that had similar performance without using custom forwarding hardware (1+ mpps on x86). Too bad they will never see the light of day. Of course, their hardware was also capable of 12bpps (yes, billion) in 2003....
Hardware support lacking (Score:3, Interesting)
(http://www.sinister.com/ | Last Journal: Monday September 03 2001, @10:09PM)
That reminds me... (Score:2)
So, imagine a single machine with 30, 50, or 60 network interfaces coming out of it, all sprouting USB cables. What a mess.
The more that I think about it, that's not so much of a daydream as a nightmare.
steve
Cisco Salesperson Here (Score:1)
Instead they want built-in VPN concentration, firewalling, the ability to automatically dial-out their VoIP calls if the WAN goes down, flexible WAN links, content caching &c &c &c.
While a software router is a great solution for switching packets, it quickly stops scaling in a single box when you want to add the extra features offered by Cisco's 2800 and 3800 series, which this product is touted to compete with.
Here's an example: A big bank wants to install routers in one of its branch offices. Naturally, it'll need a firewall. Then it wants to push content to each bank for digital signage, such as videos to play on their flatscreen TV's. It also wants Quality of Service and redundant PSTN links for their IPT solution and local call processing, just in case the WAN link fails. The branch has only, say, 25-50 users, but the dedicated single-box hardware is more effective for them because they are able to buy the unit and incrementally upgrade it, adding these features with no performance loss and have it all supported from a single phone call... No need to handle different vendors. As around 80% of the cost is running solutions as oppossed to procuring them, this is a good deal.
This is why software routers are addressing the wrong market. How many businesses now intend to just shove packets out to the 'net?
Cisco switch performance review (Score:3, Interesting)
tripe..... (Score:2)
Re:Huh? (Score:1)
Re:do NOT modify the hardware - or it may cost you (Score:3, Interesting)
Huh? What?
It's my hardware. If I buy a Cisco router via eBay, you're telling me I'm not allowed to put Linux on it if I can figure out how?
Re:do NOT modify the hardware - or it may cost you (Score:1)
(http://www.celardore.net/)
Re:do NOT modify the hardware - or it may cost you (Score:1)
Thanks!
Stupid lawyers (Score:2)
(http://slashdot.org/)
Why post as an anonymous coward?
Are you violating your client confidentiality with the parent post?
If I wipe their firmware (which I have a license to use) how am I violating their copyright?
Re:do NOT modify the hardware - or it may cost you (Score:2)
(http://linuxhomepage.com/)
Your understanding of technology is obviously zilch, zippo, nada, nothing. And that leaves me with the feeling that your understanding of law is also generally diminished. And I presume you've never changed any software on the PC you own?
Re:do NOT modify the hardware - or it may cost you (Score:2)
(http://www.gemstate.net/friends | Last Journal: Tuesday September 11, @10:32AM)
Many people, thousands of them in fact have bought LinkSys and other routers and have modified them with new more functional software.
As far as I know the DMCA has been used only once to "protect" hardware from modification. It never went to court and the company pretty much went out of business.
The modification of purchased hardware is protected under the first sale doctorin. The same laws that allow you to buy a car and then sell of the parts one buy one.
The DMCA would only come into play if some form of encryption was broken. Just deleting the firmware on a system and replacing it with new firm ware would not be covered.
If this isn't true then why hasn't Microsoft shut down all the sites offering Linux for the XBox?
Re:Speaking as a fulltime Free Software zealot (Score:2)
-sirket