Vyatta as a BRAS

• Previous message (by thread): Vyatta as a BRAS
• Next message (by thread): Vyatta as a BRAS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >> My comment would be that a software-based BRAS - 7200, Vyatta, et. 
> >> al. - is no longer viable in today's Internet, and hasn't been for 
> >> years, due to security/availability concerns.  Same for peering/
> >> transit edge, customer aggregation edge, et. al.
> >
> >   A low cost 7200 or ERX-310 would easily fit the bill, and you can 
> >   buy them cheap these days.

...didn't he just finish saying "not 7200"?

> Cisco may be a lot of things, but low cost is not one of them.

Agree...

> I've been running Vyatta on a small 1U Supermicro Server (cost $600.00) 
> for over one year.  It handles all of our VPN traffic and is the main 
> router for our fiber connection.  Except for dropping a tunnel every now 
> and then its been flawless.  I've set up a cron job to monitor the VPN 
> and restart any tunnel that might drop.  No tunnel is ever down for more 
> than a minute.

This isn't a new issue.  Quite frankly, software routers have some very
great strengths, and also some large weaknesses.

Advocates of hardware based solutions frequently gloss over their own
weaknesses.

Let's talk plainly here.

I'm not going to touch on things like Cisco's software-powered systems,
and for purposes of this discussion, let's take "hardware" to mean
"hardware-accelerated" solutions that implement forwarding in silicon.
That makes a fairly clear delineation between something like a Cisco
7600 and a Vyatta router.  So.

Hardware router: Insanely great forwarding rates.
Software router: Varies substantially based on platform architecture and
	software competence.  Generally speaking, a competent config can
	run 1Gbps ports without issue, but >=10Gbps gets dicey.

Cisco: Everyone learns Cisco's CLI.
Anything else: Everyone disses it because it's not Cisco.  Even when it's
	very close to Cisco.

Hardware router: Usually a fixed lookup table size - have to have a gameplan
	to maintain routing table once you exceed it.
Software router: Virtually unlimited lookup table size.

Hardware router: Expensive custom hardware, good luck and hope you have
	a service contract in a crisis.
Software router: Varying cost hardware; for certain uses, an off-the-
	shelf server may do.  The potential to be able to repurpose a
	gizmo in a crisis is a bonus.

Hardware router: Features are generally costly upgrades.
Software router: Might not have all the features you want, but typically
	most common features are readily available and reliable, usually
	at no cost.

Hardware router: Closed source software.  Good luck if your vendor isn't
	patching your pet bug or security issue.
Software router: May be open source software.  Inspect/audit for bugs,
	patch yourself.  Might have to hire an expert though.

Hardware router: Low competence basic filtering at line rates.
Software router: High competence complex filtering, often at less than
	line rates.

Hardware router: May have moving parts.  May not.
Software router: May have moving parts.  May not.

It's interesting.  One can get equally militant and say that hardware
based routers are irrelevant in many applications.  I think it depends
on the application, and it's usually the specifics of the application
and the scale and features needed that's going to be more of a deciding
factor.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

• Previous message (by thread): Vyatta as a BRAS
• Next message (by thread): Vyatta as a BRAS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]