Has anyone ever used Zebra or Quagga as a router in a high-traffic environment?
I'm interested in knowing how its performance stacks up against a "real" router.
The idea of being able to use a device on which usable amounts of memory are affordable (enough memory to hold the full BGP table on a Cisco is quite expensive) and on which the components are off-the-shelf replaceable is appealing.
I suspect the sustained bandwidth will be good but the individual packet latency will be somewhat lacking. That's based on an educated guess. Any real-world experience would be interesting to hear about.
Linux/FreeBSD/etc., since Quagga is just shoving routes into the kernel's
routing table. There are some decent write-ups detailing performance
of various cards, etc.
If you're not shy of spending money, Vyatta may be a more polished
off-the-shelf option worth looking at that is still oodles cheaper than
something similar from brand C.
If your definition of high-traffic is more than a few Mpps, then
you're probably looking for something with ASICs and a TCAM.
I am suspecting that with a 1 Gbps card, the Linux kernel can do throughput in the hundreds of megabits with no problem, but if you start analyzing the latency of each individual hop, someone's going to point to it and tell us our network is broken.
And unfortunately, in the managed hosting business, when a customer says that something is wrong with your network, you are guilty until proven innocent.
Throwing newer hardware may improve the numbers, but he was able to achieve 8Gbps forwarding performance at 1518B frames, which is significantly better than what you'd see, for example, on a Cisco 7206VXR w/NPE-G2. The ultimate bottleneck is PPS, which was dismal compared to the same platform (700,000pps vs. 2,000,000).
If you turn on any features, such as stateful connection tracking which you're probably using in your firewall example, and possibly even dot1q tagging as you mentioned earlier, the numbers may take a dive.
I think we're going to set one up on a non-critical link and see how it runs.
Doesn't that one machine serve as a rather large single point of
failure if it's responsible for so many networks?
Absolutely. That's why you run BGP to multiple transit carriers and peers using multiple routers. If you build it correctly you can suffer a transit carrier failure, a link failure, or a hardware failure without taking down your network.
There are first-hop redundancy methods that you can use as well. VRRP is possible in Linux.
If any of those 80 customers is subject to even a small DDOS however, both primary and secondary devices will go tits up in the blink of an eye. That's true with any CPU-based router though.
Oh, you meant the shared firewall. Yes, it is a single point of failure. We actually have two of them, with the configuration replicated to the standby unit in case the primary one suffers a hardware failure.
Yes, if it were to experience a problem, that problem would have an effect on all of the subscribers. However, the service is priced substantially lower than a dedicated firewall. "It's in the cloud."
I just spent two hours updating the firmware in my router. It was 7 years out of date. Why two hours? The updater on the router's server will only work with Internet Explorer. Not Chrome, not Firefox, not Safari. No mention of it in any manual or on Cisco's web site. I don't think they even realize it. They wrote a special program for people having problems...Windows or Apple only of course.
Now on to my question...is there any good reason not to change the firmware to some open source firmware? if any is available....
Never mind. There is no replacement firmware.
substantially lower than a dedicated firewall. "It's in the cloud."
or more specifically the machine cloud.xand.com :-)
I really wish I could install a custom firmware on my router (which is really just being used as an ethernet/wifi/moca bridge behind my *real* firewall) but there aren't any drivers for the moca interface.
You once explained to me (and I set it up and it worked) how I could hook up a wireless router as a range extender by plugging (I think, if I remember right) a wire from a port on router 1 to a non-wan port on router 2 and use a different channel and voila it worked.
Now I have the opposite problem.
I can't run a wire. But can I use another wireless router to pick up the signal from wireless router 1 and then plug a pc into wireless router 2?
they call it bridge these days.
yes, its possible.
Otherwise, what you're describing *can* be done, but not with an off-the-shelf router. Is the device you want to attach an ordinary computer? If so, you're better off just buying a PCI wifi card. Or you could buy a pair of HomePlug bridges and send the network signal over your power lines.
Otherwise, what you're describing *can* be done, but not with an
off-the-shelf router. Is the device you want to attach an ordinary
computer? If so, you're better off just buying a PCI wifi card. Or
you could buy a pair of HomePlug bridges and send the network signal
over your power lines.
Well that's the problem the machine (an ordinary PC) has a pci wifi card in it and it loses signal all the time.
So I bought my parents a shiny new super range n router and then ran into the political problem of the havoc it would cause to take out the old one and put the new one in and reconfigure it. So I'm trying to think of ways to make it go without having to touch the existing router.
My dad said he tried a range extender/reamplifier (I forget what they're called) half way between floors 1 and 3 where the router and the PC are with no effect.
Didn't know about homeplug bridges though. I'll check that out, thanks. Do they actually work?
hm, maybe an USB plug one would allso do the job? you can put a longer wire inbetween the thumd thing and the PC to find a place with better reception
I use a pair of HomePlugs, they work well, get around 80mbit/s sustained throughput without issues. Latency is around 3ms.
If you are looking for one, make sure they use the 'AV' standard (200mbit/s physical layer), not the earlier models.