Linux To Power Super Router 74
VE3OGG writes "While Cisco might not be shaking in its multi-billion dollar booties, a couple of network experts have decided to see if they can come up with a possible alternative to Cisco. Termed 'Open Linux Router,' and joining such other ambitious projects as the Extensible Open Router Platform (XORP), the Open Linux Router project aims to compete in the realms of Cisco routers and PBX. Some of the features include SSL web interface, serial console, wireless support, VLAN support, and packet filtering."
Re:College kids... (Score:4, Interesting)
1) A PCIx socket carries the same bandwidth as a 1-lane PCIe socket.
2) Using either PCIx or PCIe (1-lane even!) you can run 1G bidirectionally through a Linux system with as little as a single 2.4G P4HT (been there, done that, got the proverbial smoking copper cable to prove it). The CPU will not be stressed.
3) You can buy up to 6 ports on one full height PCIx or PCIe card. If you buy a multi-port PCIe NIC, it will most likely be of the 4-lane variety (and if not, keep shopping).
4) The Linux kernel's ability to route and intellegently bridge are both high performance capable. Throughput loss comes from engaging netfilter and more specifically conntracking. However, perform load testing on a top-end Cisco with and without ACLs and watch what happens to its performance; the results are very interesting. In short running any kind of ACL (Cisco, iptables, etc...) is expensive.
5) If you are building a performance Linux router, you are not using low-end desktop equipment. I hold in my hands a lower-end Intel AspenHill (S3000AH) server mainboard and it has 1 PCIx socket and 2 PCIe sockets (4 and 8 lane). The Intel Alcolu (S5000PAL) server board has a flexible socket layout (depends on the reiser card you buy) of (1) PCIx and either (2) 8-lane or (4) 4-lane. Either way, that is a fair number of potential interfaces to route across. Drop in a nice Core2 Duo on the Aspen Hill or a Dual Core2 Duo (or Dual Core2 Quadros if you decide to load up 16 interfaces) on the Alcolu and you have a ton of CPU horsepower to handle the interupts and make routing decisions. While not cheap per say, the costs are still less than Cisco routing gear with equivelent horsepower.
The larger issue in using x86 equipment to act in routing duties is interrrupt processing. Using NAPI enabled cards such as those produced by Intel and Broadcom lessens the interrupt load (you get multiple packets per interrupt). PCIx/PCIe single-lane as a dual NIC pair or PCIe multi-lane for multiple paths provides enough bus bandwidth to move the packet data. PCIe makes the process even smoother due to the dedicated contollers per lane (think of it as one socket per bus instead of the old all sockets on one bus model). In addition, PCIe supports simultanious reads and writes (which lowers per packet latency in bi-directional communications). All other flavors of PCI are read or write at any one time.
What you do get when you buy Cisco, is (in theory as in practice it seems to vary) a tried and proven user interface and and solid under pinning of which you the admin require little knowledge. You buy the components Cisco tells you to put in it depending on the job you want to do.
With Linux, you are usually on your own in selecting hardware, setting up the software and using the many interfaces required to configure each component of a Linux system used in a routing function. Very few admins have the time or resources to test hardware compatibility and evaluate the performance of various equipment options. If any group can put together a recommended (read: tried and tested and performance evaluated) hardware set and for it produce a ready to run (read: quick install with a single interface for the all router setup (IPs, ACLs, routes, etc...)), then more power to them. It makes it that much more likely that Linux based routers will show up in performance demanding environments.
Food for thought.
Mikrotik (Score:1, Interesting)
after a few months of using at the borders of my office lan ad getting used to its policy based everything, i called up our hoting provider to ask them to make achange to the production PIX
We had people scraping our site and wanted to redirect them to a static site. Outright blocking them would tip them off more quickly (abd obviously) to the change.
I asked our provider to set the NAT on the firewall to forward packets to host B for these particular douchebags, and host A for the rest of the world. My PIX knowledge was so rusty, and this bargain-basement routerOS box did it so readily, that it never crossed my mind that the PIX woulnd't do it.
Sure enough, "uhh... yeah this box won't NAT to different addresses based on the source IP."
me: but..but.. my $40 firewall does it!
*sigh*
the biggest thing missing form RouterOS is decent failover. can't someone port CARP linux already?