toasty at dragondata.com
Sun Apr 20 06:36:25 UTC 2003
At 01:10 AM 4/20/2003, Richard A Steenbergen wrote:
>As much as I hate to say this, stock FreeBSD makes a terrible high
>performance router. The route-cache is horribly out of date with modern
>techniques, and there just aren't that many wackjobs out there trying to
>shove a hungred megs through a unix box to fully debug it (with the
>exception of a certain notoriously cheap people who will probably respond
>to this email talking about their success with FORE ATM OC3 cards :P).
Ok, I'll bite. We're routinely shoving 500mbps through our FreeBSD system
running zebra, and we've never hit the 50% cpu mark. 3 GigE BGP peers
passing me a full table and one GigE LAN interface, a few VLANs, lengthy
IPFW rules, and tons of "count" rules so I can MRTG each IP passing through
it. In some off network synthetic testing, I easily maxed out our GigE LAN
interface before the router dropped a packet. All this on a $1800 Dell
server with a $150 Intel PCI-X card slapped in there. This system's been up
for 6 months now. Zero crashes, zero hung interfaces, zero problems.
I'm not saying a FreeBSD+Zebra system is going to do everything that your
high end router will, but I haven't run into anything that I couldn't find
some way of doing with the tools that I had. IPFW, Dummynet, tcpdump and
other tools that come "stock" have saved me quite a bit of effort over some
other much more costly solutions that couldn't do some things that we
depend on now.
I know quite a few would consider this a bit of ghetto networking, but I've
even worked out a pretty reliable hot-standby system for all our web
servers by running zebra/bgpd on each of them and having them announce
/32's for the IP's that the web server is listening on to a route
reflector. Have another box setup as a standby system announcing the same
/32 to our router with higher metric, and the failover is instant. No extra
hardware, no fancy load balancers, and the web servers don't even have to
know anything happened.
Zebra/FreeBSD aren't the best things out there, but when you have
essentially no budget, there are a lot of us out there who've figured out
how to make our networks operate pretty well.
I really don't mean this as a flame, Richard... Just that I think a lot of
people out there have discounted this without trying it or researching what
others have gotten to work. Not all of us have the luxury of working
somewhere where not being "cheap" is an option. :)
More information about the NANOG