Vyatta as a BRAS

• Previous message (by thread): Vyatta as a BRAS
• Next message (by thread): Vyatta as a BRAS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Jul 14, 2010, at 10:17 PM, Joe Greco wrote:
> 
> > The truth is that you can keep throwing CPU at a problem as well.  I can =
> size a software based router such that it can remain available.
> 
> Not against mpps, or even high kpps, you can't, unfortunately.

Really?  I'm positive that I can, because I *have*, and other people
*have*.  The sweet spot for protecting a 100Mbps circuit, in particular,
moved from hardware to software about five years ago.  That simply means
it's more cost-effective for a competent admin to spend some time to set
up the box than it is to spend money on dedicated silicon that'll be
obsolete in a few years, a fact that's conveniently ignored by a lot of
the advocates of such solutions.  To drive the point home, FreeBSD based
routers that we built in 2004 are able to cope with full routing tables
and IPv6 *today*, at the same traffic levels they were designed for, and
those particular qualities don't seem to be present in many of the 
hardware-based offerings of the era.  If and when they cease to be useful
in that capacity, they can be trivially repurposed as firewalls or web
servers or other similar tasks, because unlike the pricey purpose-built
router hardware, there are advantages to general purpose hardware.

Quite frankly, this is starting to be a little annoying.  Perhaps you 
could do some research, or find some competent admins and test a few well
built setups yourself before you make any more disprovable claims.  My
claims are not ridiculous and are not a figment of my imagination; I can
point to many-years-old documented examples, such as

http://lists.freebsd.org/pipermail/freebsd-net/2004-September/004840.html

http://info.iet.unipi.it/~luigi/polling/

These are tests of forwarding capabilities, true, but the reality is that
the same sorts of things that make this possible make it relatively easy
to support large numbers of packets directed "at the control plane", since
the concept of the control plane isn't as separated in the FreeBSD software
model as it is in the hardware model.  As a result, a FreeBSD box can take
and sink quite a bit of traffic.  Doing so does not cripple it.

For giggles, I took two out-of-the-box FreeBSD 8.0 servers, twiddled 
*only* device polling to on, and started them running traffic at each 
other.  Both were sending north of 100Mbps (>>100Kpps) of traffic at
the other, both when listening and when not, no problems, no crashes, 
no issues.  That doesn't sound too great until I reveal that I was 
lazy and it's only some excess capacity on a VMware box that's 
available to these two virtual servers.

> > Software based platforms have an incredible edge in areas that hardware b=
> ased platforms don't, including capex and the ability to find replacement p=
> arts after a disaster.
> 
> I agree 100% with this, and with much of what you say.  My point is that at=
>  the *edge* - like a BRAS, which is how this thread started - one must have=
>  platforms which can be adequately protected against attack/abuse, and hard=
> ware-based platforms are the only practical way to do that.

In some cases, for some purposes, yes.  Otherwise, no.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

• Previous message (by thread): Vyatta as a BRAS
• Next message (by thread): Vyatta as a BRAS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]