[c-nsp] Fwd: using *nix instead of Cisco routers

Ted Mittelstaedt tedm at toybox.placo.com
Mon Mar 21 22:34:11 EST 2005


We do a full BGP table on FreeBSD.  We also run 7206's and
at the customer sites we run 1600's, 1700's and 2600's depending
on the situation.

I have also (in the past) run Frame Relay on FreeBSD routers.
So I don't know exactly why Jason is saying PC routers can't do FR
because they can.  See Netgraph under FreeBSD.  Complex ATM
can also be handled with mating an ATM switch to a BSD-based router,
if you really want to do it.

And this isn't limited to BSD UNIX, Imagestream makes Linux-based
routers that are rack mounted and all of that, and do both Frame
and ATM.

There is no question that a PC cpu is much more powerful than an
equivalently costing Cisco.  100 ACL's on 20MB of inbound Internet
bandwidth will cause most Cisco things under a 12000 roll over and die,
a modern PC will not even notice it.

Where the PC routing stuff falls down is in the interface arena.

Try finding a DS3 card for a PC that does ATM and allows you to
build 4K VC's with individual speed settings, that does not
cost more than a used Cisco 7206VXR with PA-A3-T3 card off Ebay
and you will see what I mean.

Even T1 interfaces on a PC are difficult to get cheap.  I can
buy a used 8 port PA card for a 7200 series far cheaper than
putting 8 high speed serial interfaces on a PC.

Sure, in a co-lo situation a backbone can hand you a 100baseT
or gig Ethernet.  Not a lot of co-lo's out there have multiple
backbones in them that can both do this, at least not in our
area.  (sure, I can get it if I want to buy from my regional
competitors, forget that though.)

In any case Juniper doesen't use FreeBSD for the routing engine.
They use FreeBSD for the management engine, the routing is done
in hardware in some proprietary and expensive silicon.  And their
only kicking Cisco in the head in the extremely high end backbone
routers that are very expensive.  For the leaf-node stuff and
midsized router gear they are not.  And Cisco makes far more money
on that stuff than Juniper.

And one other thing on the leaf-node stuff.  These days if for
pricing reasons your looking at a PC router for the end of a T1
that is plugged into an ISP, you can't touch the price of a used
1601R with external DSU with any PC gear.  And your comparable to
a used 1720 with a T1 WIC.  Both of these can be remotely updated
in the case of a security breach.  A PC running UNIX cannot be.
(at least not easily)  There's been many security holes developed,
published, and closed in FreeBSD over the last couple years.  Far fewer
in Cisco IOS.  If your an ISP responsible for a network of customer
routers (like we are) you definitely don't want them to be PC's.

PC's running UNIX do present a very compelling case for many
routing niches.  They also make fantastic firewalls, far superior to
something like a Cisco PIX.  (did I mention I'm also responsible for
about 50 pixes deployed across the US?)  They have many areas of
superiority over Cisco gear.

But, Cisco gear also has many areas of superiority over PC routers.
And Cisco has worked hard to make their stuff superior to PC routers
in those key areas that are important to managers of large networks
of routers.  That is why Cisco is going to be selling far more routers
than Open Source advocates can deploy, for many more years.

I do not really consider one or the other to be overall superior.  In
fact I strongly recommend that anyone calling themselves a router manager
become familiar with both platforms, because if you put them together
you can use Cisco gear where it's features are best, and FreeBSD gear
where it's features are best, and end up with an extremely tasty
result.

Ted Mittelstaedt
Author, the FreeBSD Corporate Networker's Guide
http://www.freebsd-corp-net-guide.com/


cisco-nsp-bounces at puck.nether.net wrote:
> Hi,
> I've taken this thread from OpenBSD list, probably more people here
> has experienced this,
>
>
> ---------- Forwarded message ----------
> From: Kim Onnel <karim.adel at gmail.com>
> Date: Tue, 22 Mar 2005 03:36:43 +0200
> Subject: Re: using OpenBSD instead of Cisco routers
> To: Jason Ackley <jason at ackley.net>
> Cc: Tony Sarendal <tony at polarcap.org>, misc at openbsd.org
>
>
> I havent played with OpenBGP, Zebra or quagga much,
>
> but i wonder, could there be features less supported on OpenBSD
> routers than Cisco ones ??
>
> have anyone used bsd for an internet router(full routing table),
> i would be majorly interested in knowing others experience for this,
> how did it take it?
>
> I know ISPs use unix-based routers to do some security applications
> thats for sure (blackholing, sink holing routers)
> (www.cisco.com/global/DK/docs/presentations/SecuringTheDataplane.pdf)
>
> I would most definitely be interested in starting a Lab using OpenBSD
> routers, where i can test BGP,OSPF, MPLS without buying expensive
> cisco gear,
>
> and if you wanna compare, checkout Juniper routers, they have FreeBSD
> under the hood, and they're kicking Cisco in the head
> (http://www.farrokhi.net/blog/archives/000074.html)
>
>
> On Mon, 21 Mar 2005 19:24:36 -0400 (AST), Jason Ackley
> <jason at ackley.net> wrote:
>> On Mon, 21 Mar 2005, Tony Sarendal wrote:
>>
>>> I know this isn't a cisco list, but no cisco router below the GSR
>>> with engine2 line cards or better can do any form of real pps
>>> throughput reliably,
>>
>>  One of my favorite reads:
>>
>> "Implementing Access Lists on Cisco 12000 Series Internet Routers"
>> http://www.cisco.com/warp/public/63/acl_12000.html
>>
>>  Quite a bit of limitations based on your ingress/egress cards and
>>  engine types, even down to how many entries you can have and how
>> many comparison  operators you can use.
>>
>>  They are good boxes, but you have to spend tons of $$ to really do
>>  'everything'.. What, you actually wanted line rate performance, you
>>  needed to buy the 'Enhanced' adapter..
>>
>>  The other aspects (as already mentioned by others) is support. You
>>  will continue to pay on a yearly basis to keep the updates to IOS
>> flowing.
>>
>>  Regarding the fiber comment by Jason C., there is a lack of the
>>  large pipe WAN interfaces such as Packet Over SONET, but most
>>  providers these days can hand off as GigE at the customer location
>> when you buy  that much bandwidth anyways.
>>
>>  Some other things to keep in mind using OpenBSD as a router in  a
>> service provider core:
>>
>>  1. Lack of channelized interfaces to serve as agg/edge routers
>>
>>     This directly impacts how many boxes you need to buy, and how
>>     much floor space you need to support a given number of
>> connections/customers.
>>
>>     There are some interesting boxes out there that can take
>>     channelized interfaces and speak 802.1q, but I have not played
>> with them.
>>
>>  2. Lack of ASICs for a 'fast path' (cisco-speak).
>>    o The LSR2 was set with i386:
>>      http://proj.sunet.se/LSR2/
>>
>>  3. MPLS/ATM/Frame-Relay protocols
>>    o No MPLS - may not be important to you
>>    o basic ATM - may not be important to you
>>    o No FR - this goes back to #1 tho, take that $$ you saved on your
>>      Crisco and get one of those boxes to speak 802.1q to your
>> OpenBSD      box.
>>
>>  Don't get me wrong, I love OpenBSD routers. If you are in a telco
>>  setup, make sure you get good -48VDC rackmount systems and you will
>> run forever.
>>
>>  Interfaces I use with OpenBSD routers:
>>
>>  FastEthernet/GigabitEthernet (with 802.1q trunking)  PCI DS3     -
>>  (lmc) PCI T1      - (lmc)
>>  PCI OC3 ATM -  I think I am the only use of the en driver :)
>>
>> cheers,
>> --
>> jason
>>
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list