At 01:28 PM 5/6/01 -0400, Chuck Larrieu wrote:
>In raw terms of what is happening on a router, does a Linux based OS versus
>whatever the Cisco IOS is really matter? in terms of code size? In terms of
>router speed?
I do not believe linux does fast switching (route caching like
cisco). Cisco IOS is probably far more optimized, plus it does not run
from a harddisk, the entire system is basically in memory during run time
and never needs to seek back to magnetic disks. (this is important, I will
explain later).
>The IOS, as best I can guess, has it's roots in C. I say this based on
>things like variable names, and related behaviours. Obviously, the source
>code is compiled, and probably optimized for speed rather than size, if IOS
>bloat is any indication. On the other hand, judging from what I see on the
>web link below, there aren't a lot of features in these Linux OS's either.
>I suppose over time that will be resolved, but at what cost in terms of OS
>image size?
Well, I suppose if you make C and Unix somewhat synonymous. (well C
generated Unix and... has it's roots in there as well). The IOS command
line is similar to the unix shell bash, and the CatOS is more like tcsh or
so.
A unix box is far more featureful than any IOS, simply by virtue that you
can do SO much more on it. (both a good and a bad thing, which I will
explain a bit later).
>Well, I suppose for one thing the Linux crowd doesn't have to concern itself
>with backwards compatibility. That can be a distinct advantage. On the other
>hand, writing for a Cisco box, they have to ensure compatibility in every
>way shape and form with other Cisco boxes, not to mention interoperability
>with other vendor stuff and compatibility with the RFC's
Personally, I am a bigger fan of the *BSDs than Linux, but not to get into
Unix Holy Wars, not sure what you mean by backwards compatibility? Unix
generally follows Posix style binaries, and tries to keep a somewhat
similar distribution (layout) throughout.
>I continue to be impressed with the passion, ingenuity, and sheer
>determination of the Linux crowd. Who else would actually create an RFC1149
>compliant system? ;->
>
>Chuck
>
>http://www.mcvax.org/~koen/uClinux-cisco2500/
>
>--
So, some interesting things to point out. I am neither for Unix or Cisco,
I am for the best solution for the right job, so realize I am trying to be
objective.
1) Pound for Pound, I bet the Cisco IOS is far more optimal in packet
switching than any unix os. Problem is, they use some of the crappiest
hardware known to man. (stable yes, but ridiculously slow, you know the
costs of the routers are in the software, not hardware because of it). I
mean, seriously, $2K or so for a 80mhz Risc box (Cisco 2500) which dies
when heavy duty debugging is enabled? For the same price, the albeit
slower Linux box will run circles around it. (before you guys go flaming
me, I got good points for the cisco coming up too).
2) So why choose the Cisco? Lots of reasons. Learning curve for
Unix. (I say this to encompass both *BSD, Linux, Solaris, and friends, all
your BSD and SysV derivatives and what not). Yes, you can do a HUGE pile
of things, including impressive output modifiers which are incredibly
flexible (enter the power of perl, sed, awk, tr, etc). Able to spit out
nice little temp text files, etc. However, this also creates
problems. Almost no one can learn such a large "domain" (mathematical
sense) of commands and combinations. They want streamlined command
"domains" so they can do what they want. Which is routing. Cisco wins big
time here since there is clearly a far more finite command "domain" in IOS,
and this is ideal for a router.
Note: Domain as in, the maximum number of command combinations
possible. Unix is pretty darn close to infinite with pipes and such. At
least compared to Cisco IOS, where, YES, there are a LOT of possible
command combinations and some "ok" output modifiers, but it's not nearly as
close.
3) Magnetic disks. This is a point of failure. Shake the box too much,
easy breakage compared to flash memory. Try to get linux in a flash
memory? Yes, it is possible, but you go back to limiting your domain, and
it's pretty much toe to toe fighting Cisco IOS vs Linux command line, and
without serious modifications, Cisco IOS wins there too.
4) Software stability? Some people have been griping IOS isn't quite as
stable as it used to be. I have no real comment on this. However, one
thing is for certain, it definitely works well enough to be running a large
% of the internet. So, let's get back to the Unix box. You are doomed to
run, gated (has a bad security track record), routed (hahaha.
RIP? BAHAHA), or zebra (not sure, it seems very promising, but hey, you
want to go risking your network on it? I guess if you got contingency
plans ready.). Or you can do static routing which I am sure would be very
quick, but oh wait, where is the fun in that? :) Also, being that you DO
have at least three different well known routing daemons to contend with,
that means more learning. Another learning curve on Open Source
software. (which I have nothing against, but when crap hits the fan, if
you are not very programming saavy and unix oriented, you just shot your
company in the foot). Also, there might be less high end / high speed
telecommunication devices supported in the other unices. Finally, if you
are using x86 based hardware that is still using a 32bit 33 mhz pci bus
(any non-Xeon based board basically), you are doomed to ~500Mbps. (since
you have to read and write into memory, and the PCI backplane is about 1
Gbps). So, I would say, Cisco wins here too.
5) Security. Ok, now, no one is perfect with security. However, most
unices, have fairly bad "userlands". Basically, if you give someone a
presupposed "not privileged" account, it usually can be used to exploit the
box and get root privileges somehow. Yes you can try to secure the box (i
know about chrooting, and jailing and what not, trust me they are
breakable), but this is clearly non-trivial even for a pro. Also, IF the
unix box should be penetrated into, you can a lot more damage to the
network than just injecting Evil routes to setup for spoofing and what
not. (port scan assault, nice powerful box to run cracking on, or be
turned into an ftpd of astronomical proportions). Although, in general, I
think I would not want to give up a non-privileged account if possible on
any cisco routers. Pretty much a tie, but if someone wants to give up
"non-privileged" accounts, Cisco IOS definitely wins here.
6) Support. Open Source vs TAC man waiting vs Unix support. Hey, it is
fun to fix things on your own or through the open source team, but the TAC
man is obligated to help so you always got someone there for you to fall
back on. You do it your way, you are the lone soldier. (You could get
commercial support, but then you close the gap on the "cost effectiveness"
for the open source unix box). Unix support, although it does exist, I
doubt many are really zebrad, gated, or routed saavy.
Conclusion:
Cisco IOS is the way to go for the most part. You get support,
routing software stability, somewhat more security if you want unprivileged
accounts, and easier to learn than unix. (no "?" to give you the rest of
the commands in unix, it's the man pages, unix intuition, or --help flags
and very good reading.) If you are very good with unix, have tested one of
those three routing daemons heavily, ignore unprivileged accounts, and are
only running small serials links, you might want to go with a unix box.
-Carroll Kong
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3386&t=3386
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
