On 02/26/2010 03:02 AM, Pasi Kärkkäinen wrote: > On Thu, Feb 25, 2010 at 03:27:53PM +0000, Michal wrote: >> On 25/02/2010 14:00, Chris Adams wrote: >>> Once upon a time, Marcel Rieux<m.z.rieux@xxxxxxxxx> said: >>>> I was under the impression that, at most small ISPs, Linux had >>>> replaced Unix and played a central role in making things work. But >>>> today, I spoke to an ISP employee who told me that Linux was only used >>>> for Web servers and that, for routing and firewalling, nobody escaped >>>> companies Cisco and Juniper which provide "solutions" where part of >>>> the software has been integrated into hardware for efficiency >>>> purposes. >>> >>> Servers don't really make good routers. When you are talking about >>> traditional low- to mid-speed telco circuits (T1, T3), there have never >>> been good, well-supported, cost-effective solutions for connecting those >>> directly to Linux systems for routing that could compete with a basic >>> Juniper or Cisco (or Adtran or ...) on price and ease of use. >>> >>> When you start talking about SONET links (OC-3 and up), Linux AFAIK >>> doesn't handle things like protected paths and the like, and then you >>> also quickly pass the performance capability of commodity hardware. >>> Newer WAN circuits are using Ethernet, but you need OAM (which Linux >>> doesn't support) to properly manage them as a replacement for >>> traditional telco circuits. >>> >>> "Real" routers (aka Juniper and Cisco) use hardware-based forwarding >>> that can run at line rate for 1G, 10G, and 100G interfaces. >>> >>> Dynamic routing has always been pretty weak in Linux as well. I have a >>> few systems running Quagga for various purposes, but it is not nearly as >>> powerful and flexible as a "traditional" router. >>> >>> Now, Juniper routers all run FreeBSD, but that's only on the routing >>> engine (where the management and routing daemons run), not the >>> forwarding engine (where the actual packet forwarding takes place). >>> Juniper wrote all their own routing, PPP management, etc. daemons from >>> scratch. It is kind of funny when you spend $100K+ on a router that has >>> a Celeron 850 CPU and a whopping 20G hard drive. :-) >>> >>> I have lots of Linux servers, a few other old Unix servers, and a couple >>> of Linux firewalls, but all my routers are Juniper. I've been working >>> for small ISPs for 14 years, and I've never really seen a time where I >>> would try to push Linux into serious routing. It costs too much on the >>> low end and can't handle the performance on the high end. >>> >> >> People have had great success with OpenBSD on firewalls and routers with >> lots of traffic and 10GB NIC's etc So long as the firewall doesn't have to handle too many rules and the routing decisions are minimal. At those traffic levels, the system would be swamped with interrupts anyway. I think there's some serious measurement issues here. > Yeah.. Linux also does OK on this front. Recently there has been reports > about pushing 70 - 80 Gbit/sec through a single desktop-class Linux box. > Yes, you read it correctly. Well, THAT I don't buy. I've not seen a 100Gbps or 1Tbps PCI-slot NIC. I suppose you could put in an adequate number of 10Gbps NICs in a box...assuming you have enough slots, and I don't think the internal bus on any desktop is capable of moving that kind of data that fast. Not to mention the interrupt storm that'd ensue. The reason there are things like Foundry and Cisco and Juniper is because much of the heavy lifting is done by bitslice engines and dedicated hardware, with a supervisor doling out the jobs and watching over the operation. It's rather irrelevant what the supervisor is...Linux, BSD, OS/2, Plan9, Winblows, whatever. The real grunt work is done by the dedicated chips. This is one reason Cisco has been able to push IoS out to product lines they've acquired so fast. It's easy to port. When you ask a CISC to do the work that a RISC or bitslice does, you're going to get performance issues. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer ricks@xxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - I don't suffer from insanity...I enjoy every minute of it! - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines