RE: Routers vs. PC's for routing - was list problems?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Ulevitch Sent: Friday, May 24, 2002 2:36 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Routers vs. PC's for routing - was list problems? [deleted] As to being immune to exploits I fail to see how. An exploit is an exploit -- it doesn't need to give you a root shell to accomplish a goal of crashing the packet filter. I'm more than happy to be proven wrong though, when is there a time when a pseudo-halted system is "more secure"? -davidu EXACTLY! Vulnerabilities [especially in socket functions (you still *are* running a routing protocol right?)] can cause arbitrary code to execute irrespective of your current run level. Most people would agree that having to reboot the machine to change/check/edit anything is an unacceptable scenario. Further, how do you filter an attack in real-time? Deepak Jain AiNET
RE: Routers vs. PC's for routing - was list problems?
On Fri, 24 May 2002, Rowland, Alan D wrote: > AFAIK standard (non-proprietary) CompactFlash, SmartCards, Memory Stick, et > al, are seen as (removable) storage with typical allowed attributes. I can > set a file/folder/card to 'locked' in my camera but when plugged into the > computer this will show as 'read only.' "read-only" is a filesystem attribute. You can still format the card and kill the filesystem. Not good for a secure router. The only consumer flash card with physical write protect switch is the "Secure Digital" stuff, afaik. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Routers vs. PC's for routing - was list problems?
They did but when you mentioned this I went to look for it and haven't found it. . As I recall this was infact for the nsa but I don't remember the exact application. On Fri, 24 May 2002, Joseph T. Klein wrote: > Didn't National Semiconductor have a spec sheet for write only memory > back in the late 70s or early 80s? > > I think they developed it for the NSA. > > --On Thursday, 23 May 2002 14:53 -0700 Dan Hollis <[EMAIL PROTECTED]> wrote: > > > > > On Thu, 23 May 2002, Jason K. Schechner wrote: > >> On Thu, 23 May 2002, Dan Hollis wrote: > >> > On Thu, 23 May 2002, Steven J. Sobol wrote: > >> > > Can you set flash drives to be write-only? > >> > Why would you want to do this? > >> Logging. If a h@xx0r cracks your box he can't erase anything that's > >> already been written there. Often it takes a physical change (jumper, > >> dipswitch, etc) to change from write-only to read-only making it pretty > >> tough for the h@xx0r to cover his steps. > > > > Eh? Setting a flash drive to *write-only* would fix this how? Why would > > anyone want to make a flash drive *write-only*? > > > > -Dan > > -- > > [-] Omae no subete no kichi wa ore no mono da. [-] > > > > > > > > -- > Joseph T. Klein +1 414 628 3380 > Senior Network Engineer [EMAIL PROTECTED] > Adelphia Business Solutions [EMAIL PROTECTED] > > "... the true value of the Internet is its connectedness ..." > -- John W. Stewart III
Re: Routers vs. PC's for routing - was list problems?
>BSD enforces append-only when running proper securelevel. AFAIK, >Linux lacks this attribute, and root can disable the so-called >"immutable" attrib. bsd enforces append only or immutable when the flag is set, not depending on the securelevel. there are "user" and "system" flag sets. the "user" flag set can be turned off and on at any time by either the file's owner or root. the "system" flag set can be set at any time, but can only be removed when the securelevel is less than or equal to zero, and can only be set or cleared by root. -- |-< "CODE WARRIOR" >-| [EMAIL PROTECTED] * "ah! i see you have the internet [EMAIL PROTECTED] (Andrew Brown)that goes *ping*!" [EMAIL PROTECTED] * "information is power -- share the wealth."
RE: Routers vs. PC's for routing - was list problems?
Most flash media includes read only 'tabs' similar to the legacy floppy variety. Steven may have hit on an interesting solution here... -Al -Original Message- From: E.B. Dreger [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 2:38 PM To: [EMAIL PROTECTED] Cc: Dan Hollis; Steven J. Sobol; Vinny Abello; [EMAIL PROTECTED] Subject: Re: Routers vs. PC's for routing - was list problems? JKS> Date: Thu, 23 May 2002 17:34:29 -0400 (EDT) JKS> From: Jason K. Schechner JKS> > Why would you want to do this? JKS> JKS> Logging. If a h@xx0r cracks your box he can't erase JKS> anything that's already been written there. Often it takes BSD enforces append-only when running proper securelevel. AFAIK, Linux lacks this attribute, and root can disable the so-called "immutable" attrib. JKS> a physical change (jumper, dipswitch, etc) to change from JKS> write-only to read-only making it pretty tough for the JKS> h@xx0r to cover his steps. Why not log to an external bastion host? -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
RE: Routers vs. PC's for routing - was list problems?
AFAIK standard (non-proprietary) CompactFlash, SmartCards, Memory Stick, et al, are seen as (removable) storage with typical allowed attributes. I can set a file/folder/card to 'locked' in my camera but when plugged into the computer this will show as 'read only.' Then again, router manufacturers are infamous for jiggering as much as possible to proprietary. Might still be able to 'administer' the card in another machine then install it in the proprietary device but that might void your warranty. :) Hey, they're just protecting their market share, right? Worked for Apple, oh, wait a minute... (/mnt asbestos underwear) Just my 2ยข. -Al -Original Message- From: Steven J. Sobol [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 2:39 PM To: Dan Hollis Cc: E.B. Dreger; Vinny Abello; [EMAIL PROTECTED] Subject: Re: Routers vs. PC's for routing - was list problems? On Thu, 23 May 2002, Dan Hollis wrote: > On Thu, 23 May 2002, Steven J. Sobol wrote: > > On Thu, 23 May 2002, E.B. Dreger wrote: > > > EIDE-based flash drives have become very inexpensive. Some > > > embedded systems use CompactFlash boards. > > Can you set flash drives to be write-only? > > Why would you want to do this? Duh. Sorry about the brainfart. I was about to launch into a long explanation of what I want to do when I realized I wrote "write-only" instead of "read-only." I meant "read-only." Note to self: Engage brain *before* fingers. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net "In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums"
Re: Routers vs. PC's for routing - was list problems?
Unnamed Administration sources reported that Joseph T. Klein said: > > > > Didn't National Semiconductor have a spec sheet for write only memory > back in the late 70s or early 80s? > > I think they developed it for the NSA. Not exactly. As I recall, National or maybe Signetics had a run of FUBAR chips. So they gave them xxxNFG part numbers, and had a data sheet made for "Write Only Memory". The AN showed it being used as an electronic bitbucket, etc. This was in 1971 or 72. If you ordered the data sheet/sample; you likely also got a set of Groucho glasses so "you can sneak into the office even if your colleagues find out" A friend has the data sheet, and maybe still the glasses/nose. -- A host is a host from coast to [EMAIL PROTECTED] & no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
Re: Routers vs. PC's for routing - was list problems?
Though I might lend a comment here. I have had alot of experience with PC based routers, starting around 96, and getting majorly into it around 98 or so. To give you an idea. No moving parts except cooling fans. Main drive is an IDE style SanDisk flash drive. System goes through a multistage boot. System start, loads initial startup code into boot ramdisk. System mounts a partition on the flash read-only System creates soon to be / ramdisk and uncompresses final fs image to it System copies stored configs from flash to /etc on second ramdisk System unmounts flash and remounts rootfs to second ramdisk System frees first ramdisk System finishes boot This was of course a totally custom Linux distrib, with a set of config tools for manipulation of the boot config (The flash stores 2 operational config archives, 2 operational fs images and one recovery config and fs image.) The system would automagicly boot the primary config, on failure boot the secondary, on failure boot the recovery image. Boot image and config set selectable at boot via serial console. This allowed us to load a make config updates to the primary config, while saving the working configs to the secondary, and to handle fs image updates properly (can always drop back to last known working copy). Worst case the recovery image can reload from backup via the network in a matter of seconds. The base platform was a K6-3 450Mhz, giving us a 64k L1 and 256K L2 cache running at 450Mhz, and a 1M L3 at 100Mhz. Given 256M SDRAM for main memory (4 way interleave) and using 64MB for the rootfs with the distro specificly designed to run in a ram only environ everything worked well (especially without IDE bus interrupts screwing with things). The only time it touched flash was during boot, and when updating or backing up config or fs images. We used (and sold) many of these boxes as a 7200 replacement. A 7206VXR is at best a 300Mhz MIPS box with a 33Mhz PCI bus. Both the PC and the Linux box top out at just under 400Mbit over the main bus, but the Linux box had *alot* of CPU left over to run filters, logging, multiview BGP and CBQ. It was nice to have a box capable of BGP, OSPF, RSVP, filtering, CBQ, IP rewrites and NAT at 300Mbit+ with SSH and serial console access, costing < 10,000$USD with 2 x DS3 and 4 x 100Mbit-FDX ethernet in mid 1999, considering a 7200 cost 3 times that (with interfaces and memory), and was pretty weak as far as SSH, CBQ and NAT support went (As well as having issues with NWAY and FastEtherChannel trunking). If one is being used at the network core where filtering is not done there is some fastpath magic that can easily take the box up to about 800Mbit aggregate. Using multiport ether cards with 4 interfaces per on there own PCI sub bus it gets fun. Given the right card and driver and assuming you group your traffic it gets interesting. Only the IP headers cross the main bus, the payloads go direct card to card, if it is within the same iface group it never touches the main PCI bus. This was in late 1998. We also did some work with single and dual CPU 21264 as well as Ultra AXMP+ systems for the 64bit 66mhz PCI bus. We were very happy with the performance (1.5 - 2.0 Gbit/sec aggregate while running full filters and CBQ on a dual 21264 w/ 768 meg mem) but at the time was a bit high. These days a dual Athlon MB with 4 64bit 66Mhz PCI slots is < 350$USD... So, the easy rule? A 500Mhz *quality* PC booting from flash to ram can replace a 7206VXR. Up to quad DS3/Quad 100Mbit ether is fine. Your overall bandwidth limit is about the same, but at that bandwidth you can do a hell of alot more work (think stateful filters, CBQ, IP rewrites or IPSEC), as the limit is the PCI bus your have CPU and memory bandwidth to burn. Alot of this was R&D for product sales and ISP operations at a previous employer, and there are still boxes sitting around handling (for example) DS3 x 2 + 100Mbit x 4, 3 full views (each DS3 to seperate provider, 2 x 100Mbit-FDX EtherChannel link to a 7200 peer/backup, and 2 x 2 x 100Mbit-FDX EtherChannel link to a catalyst 2429XL for a server cluster and dialin hardware) Its 7200 peer dies now and again due to CPU overload from route flap/etc, never had any trouble with the LinuxRouter. Been in place since late 99 or so. At my current place I end up working with 2 port bandwidth controllers, and IPSEC VPN boxes. We have been known to produce a pretty slick 100Mbit full duplex bandwidth control box, as well as some neat VPN systems. These days if I want to do more than an OC3 or 2 we grab a Juniper, but if you want to do say IPSEC, a dual Athlon 2000 MP+ w/ 1G PC2100 ECC DDR and a Syskonnect 64bit/66Mhz GigE card is ~ 2,000$USD. It can do alot of work... Creating the initial distro, writing the CLI linking all the daemon config/etc and know what interrupt timers and packet timers to tweak takes skill. Just using one is easy. -- I route, therefore you are.
Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 12:54:57PM -0700, Scott Granados wrote: > As are f5 proeducts including bigip, 3dns and hmmm they make something > else I forget:). > > On Thu, 23 May 2002, Brian wrote: > > > bsd kernel eh? i believe netapp filers are based on that as well. Indeed - bigIP is BSDI aka BSD/OS based, netapp uses NetBSD code. Greetz, Peter -- huk ~ kek
Re: Routers vs. PC's for routing - was list problems?
## On Friday, May 24, 2002 12:52 AM -0400 ## [EMAIL PROTECTED] wrote: > I've heard tell that a good way to secure a Linux box that's doing this is > to have it boot, set up the interfaces, set up iptables, and then do > a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the > way down, the kernel will happily forward the packets while being immune > to exploits (since there's no processes running anymore). I haven't > tried it, so I dont know if it works. Maybe there ARE cases where > setting the default runlevel to 0 or 6 make sense. ;) This seems to be a rather dumb idea for at least a couple reasons. The increase in security is nothing compared to the headache you've created. a) How do you log? b) How do you update your rulesets? c) How do you figure out what went wrong when something DOES go wrong? A system with an out-of-band interface (dialup, serial, ethernet, IrDA, etc) can offer the same level of security without the trouble of a pseudo-halted system. It can log, it can update rulesets, the device can be configured to only allow management from that interface, etc... [as if you didn't know this] As to being immune to exploits I fail to see how. An exploit is an exploit -- it doesn't need to give you a root shell to accomplish a goal of crashing the packet filter. I'm more than happy to be proven wrong though, when is there a time when a pseudo-halted system is "more secure"? -davidu
Re: Routers vs. PC's for routing - was list problems?
[ On Friday, May 24, 2002 at 04:50:27 (-), Joseph T. Klein wrote: ] > Subject: Re: Routers vs. PC's for routing - was list problems? > > Didn't National Semiconductor have a spec sheet for write only memory > back in the late 70s or early 80s? > > I think they developed it for the NSA. Not long ago I finished reading one of Stephen R. Donaldson's "The Gap" series (the second -- I don't know if I'll bother with more of them) where secure write-only "core" is said to be the foundation for interstellar security. Basically it's for keeping an unbreakable and unmodifiable record of all ship functions and communications. Only authorised police have keys to read it, but it supposed to be physically unalterable once written. Of course it turns out what's written to it is not quite so indelible as most people are lead to believe :-) -- Greg A. Woods +1 416 218-0098; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Planix, Inc. <[EMAIL PROTECTED]>; VE3TCP; Secrets of the Weird <[EMAIL PROTECTED]>
Re: Routers vs. PC's for routing - was list problems?
We had a lot of BSDI routers in past (in RELCOM, Russia); it was a good solution but there was always reliability problem: - you should use professional-grade PC which is not too chip (not brand name but something having good power supply, good and reliable fans, and so on...) - you should install everything on one PC and then _clone_ it to others. A good idea is to have a custom CD disk with everything preconfigured and collected. - moving parts such as disks is third problem. You should find some very reliable disks, even if they are not too big. We had a problem - we started from 200Mb disks, and when we began to think about replacement, we could not find anything less than 800Mb. Generally, PC based router cost much less than Cisco router, but need much more skilled people to serve it. So, it can be reasonable for the countrieas when people cost is less than in USA, and unreasonable for USA. - Original Message - From: "Scott Granados" <[EMAIL PROTECTED]> To: "Vinny Abello" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, May 23, 2002 11:22 AM Subject: Re: Routers vs. PC's for routing - was list problems? > > Remember that a pc may have some certain functions that are "more > powerful" than a router but a pc is a much more general computer. > Routers are supposed to be and usually designed to do one thing only, > route, not play quake, balance your check book, browse the net, etc etc. > So although for example a gsr-12000 may hhave a slower cpu than the > machine on your desk it probably will route and pass more traffic than > your pc ever will because of its design. Not to say you can't route > well with a linux or bsd system you can but at the high-end probably not > as well. > > On Thu, 23 May 2002, Vinny Abello wrote: > > > > > I would have to say for any Linux/BSD platform to be a viable routing > > solution, you have to eliminate all moving parts or as much as possible, > > ie. no hard drives because hard drives will fail. Not much you can do about > > the cooling fans in various parts of the machine though which routers also > > tend to have. Solid state storage would be the way to go as far as what the > > OS is installed on. You have to have something to imitate flash on the > > common router. Otherwise, if you can get the functionality out of a PC, I > > say go for it! The processing power of a modern PC is far beyond any router > > I can think of. I suppose it would just be a matter of how efficient your > > kernel, TCP/IP stack and routing daemon would be at that point. :) > > > > At 10:48 PM 5/22/2002, you wrote: > > > > >On Wed, 22 May 2002, Andy Dills wrote: > > > > > > > > >From the number of personal replies I got about these topics, it seems > > > > > like many people are interested in sharing information about how to do > > > > > routing on a budget, or how to avoid getting shot in the foot with your > > > > > Cisco box. > > > > > > > > Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother > > > > with a linux box? Heh, at least use FreeBSD :) > > > > > >Before the dot com implosion, they weren't nearly that inexpensive. The > > >average corporate user will also need smartnet (what's that on a 7200, a K > > >or a few per year?) for support, warranty, and software updates. Some > > >people just don't appreciate being nickled and dimed by cisco and forced > > >to either buy much more router than they need, or risk ending up with > > >another cisco boat anchor router when the platform they chose can no > > >longer do the job in the limited memory config supported. > > > > > >I have a consulting customer who, against my strong recommendation, bought > > >a non-cisco router to multihome with. It's PC based, runs Linux, and with > > >the exception of the gated BGP issue that bit everyone running gated a few > > >months ago, has worked just fine. It's not as easy to work with in most > > >cases, but there are some definite advantages, and some things that Linux > > >actually makes easier. They'd initially bought a 2621 when multihoming > > >was just a thought, and by the time it was a reality, 64mb on a 2621 > > >couldn't handle full routes. The C&W/PSI depeering (which did affect > > >this customer, as they were single homed to C&W at the time and did > > >regular business with networks single homed to PSI) was proof that without > > >full routes, you're not really multihomed. > > > > > >-- > > >-- > > > Jon Lewis *[EMAIL PROTECTED]*| I route > > > System Administrator| therefore you are > > > Atlantic Net| > > >_ http://www.lewis.org/~jlewis/pgp for PGP public key_ > > > > > > Vinny Abello > > Network Engineer > > Server Management > > [EMAIL PROTECTED] > > (973)300-9211 x 125 > > (973)940-6125 (Direct) > > > > Tellurian Networks - The Ultimate Internet Connection > > http://www.tellurian.com (888)TELLURIAN > > > >
Write Only was Re: Routers vs. PC's for routing - was list problems?
In a silly and useless off topic thread ... I found the reference. It was Signetics, not NS. http://sunsite.informatik.rwth-aachen.de/jargon300/write-onlymemory.html write-only memory: n. The obvious antonym to `read-only memory'. Out of frustration with the long and seemingly useless chain of approvals required of component specifications, during which no actual checking seemed to occur, an engineer at Signetics once created a specification for a write-only memory and included it with a bunch of other specifications to be approved. This inclusion came to the attention of Signetics management only when regular customers started calling and asking for pricing information. Signetics published a corrected edition of the data book and requested the return of the `erroneous' ones. Later, around 1974, Signetics bought a double-page spread in "Electronics" magazine's April issue and used the spec as an April Fools' Day joke. Instead of the more conventional characteristic curves, the 25120 "fully encoded, 9046 x N, Random Access, write-only-memory" data sheet included diagrams of "bit capacity vs. Temp.", "Iff vs. Vff", "Number of pins remaining vs. number of socket insertions", and "AQL vs. selling price". The 25120 required a 6.3 VAC VFF supply, a +10V VCC, and VDD of 0V, +/- 2%. --On Friday, 24 May 2002 04:50 + "Joseph T. Klein" <[EMAIL PROTECTED]> wrote: > Didn't National Semiconductor have a spec sheet for write only memory > back in the late 70s or early 80s? > > I think they developed it for the NSA. > > --On Thursday, 23 May 2002 14:53 -0700 Dan Hollis <[EMAIL PROTECTED]> wrote: > >> >> On Thu, 23 May 2002, Jason K. Schechner wrote: >>> On Thu, 23 May 2002, Dan Hollis wrote: >>> > On Thu, 23 May 2002, Steven J. Sobol wrote: >>> > > Can you set flash drives to be write-only? >>> > Why would you want to do this? >>> Logging. If a h@xx0r cracks your box he can't erase anything that's >>> already been written there. Often it takes a physical change (jumper, >>> dipswitch, etc) to change from write-only to read-only making it pretty >>> tough for the h@xx0r to cover his steps. >> >> Eh? Setting a flash drive to *write-only* would fix this how? Why would >> anyone want to make a flash drive *write-only*? >> >> -Dan >> -- >> [-] Omae no subete no kichi wa ore no mono da. [-] >> >> > > > > -- > Joseph T. Klein +1 414 628 3380 > Senior Network Engineer [EMAIL PROTECTED] > Adelphia Business Solutions [EMAIL PROTECTED] > > "... the true value of the Internet is its connectedness ..." > -- John W. Stewart III -- Joseph T. Klein +1 414 628 3380 Senior Network Engineer [EMAIL PROTECTED] Adelphia Business Solutions [EMAIL PROTECTED] "... the true value of the Internet is its connectedness ..." -- John W. Stewart III msg02227/pgp0.pgp Description: PGP signature
Re: Routers vs. PC's for routing - was list problems?
> Date: Fri, 24 May 2002 00:52:14 -0400 > From: [EMAIL PROTECTED] > I've heard tell that a good way to secure a Linux box that's > doing this is to have it boot, set up the interfaces, set up > iptables, and then do a quick /sbin/halt - if you fail to > 'ifconfig down' the interfaces on the way down, the kernel will > happily forward the packets while being immune to exploits [ snip ] H. A most interesting thought. Even if that doesn't work, one could modify /sbin/init to suit one's needs; several variants for embedded systems already exist. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002 18:01:03 EDT, "Steven J. Sobol" said: > The box I want to build is passing packets between the rest of my network > (and the public Internet) and one server that will hold sensitive data. > It'll be a Linux box with the TCP/IP stack running in bridged mode, with > two ethernet adapters installed. The box just needs to boot up and run. It > doesn't need to log anything. I've heard tell that a good way to secure a Linux box that's doing this is to have it boot, set up the interfaces, set up iptables, and then do a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the way down, the kernel will happily forward the packets while being immune to exploits (since there's no processes running anymore). I haven't tried it, so I dont know if it works. Maybe there ARE cases where setting the default runlevel to 0 or 6 make sense. ;) msg02225/pgp0.pgp Description: PGP signature
Re: Routers vs. PC's for routing - was list problems?
Didn't National Semiconductor have a spec sheet for write only memory back in the late 70s or early 80s? I think they developed it for the NSA. --On Thursday, 23 May 2002 14:53 -0700 Dan Hollis <[EMAIL PROTECTED]> wrote: > > On Thu, 23 May 2002, Jason K. Schechner wrote: >> On Thu, 23 May 2002, Dan Hollis wrote: >> > On Thu, 23 May 2002, Steven J. Sobol wrote: >> > > Can you set flash drives to be write-only? >> > Why would you want to do this? >> Logging. If a h@xx0r cracks your box he can't erase anything that's >> already been written there. Often it takes a physical change (jumper, >> dipswitch, etc) to change from write-only to read-only making it pretty >> tough for the h@xx0r to cover his steps. > > Eh? Setting a flash drive to *write-only* would fix this how? Why would > anyone want to make a flash drive *write-only*? > > -Dan > -- > [-] Omae no subete no kichi wa ore no mono da. [-] > > -- Joseph T. Klein +1 414 628 3380 Senior Network Engineer [EMAIL PROTECTED] Adelphia Business Solutions [EMAIL PROTECTED] "... the true value of the Internet is its connectedness ..." -- John W. Stewart III msg02224/pgp0.pgp Description: PGP signature
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Dave Israel wrote: > > Then why ot boot from a CD-ROM? Sure, it moves, but only for the > few minutes it takes to boot. Then it spins down and sits idle for > the n days/weeks/months until the next reboot. It would probably > last as long as the solid state drive, and would be cheaper. > The big problem here, of course, is software upgrades. CD's were the other option I was considering. I'd rather use CD's because they are more durable than floppies. WRT software upgrades, the only thing I'd be rebuilding is the kernel - you rebuild the kernel, create an ISO filesystem, and rip it to CD... > Personally, > I'd just use a hard drive and initrd (under linux) and leave the hd > controller out of the kernel. When it comes time to upgrade, reboot > to an alternate kernel that has the hd support code. But that's more > of a discussion for a Linux list than here. Yup. Topic drift... -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net "In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums"
Re: Routers vs. PC's for routing - was list problems?
Speaking of which: I have been looking for a reasonable priced hardware ramdisk. The ones I've seen (albeit expensive) are essentially a brick with DIMMs in them, and have either a IDE or SCSI interface. Some have a battery to back them up for a few hours. Anyone got some pointers? On Thu, 23 May 2002, Jake Baillie wrote: > > > Let me elaborate. I thought Steve was concerned about the limited > writablity of flash. > > My thought was to build something like a Linux router, you'd have to load > the OS into a RAMdisk (or something similar), and only write to flash when > the config changed. Which means you'd need some sort of singular > configuration file. > > But I was wrong. :) He meant "read-only" > > *back to lurk mode* > > -- jb > > At 02:49 PM 5/23/2002 -0700, Dan Hollis wrote: > > >And making it *write-only* as the original poster asked, would fix things > >how? > > > -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Routers vs. PC's for routing - was list problems?
> > True... unless going for 64 bit PCI at 66MHz... > > 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better > than standard PCI, but hard to find on a PC-compatible motherboard, and > expensive when you do find it. Enough bandwidth for 10 line-rate 100M > Ethernet ports or six line-rate OC-3 ports (in theory, anyway). But not > really enough for anything faster (OC-12 or GigE) if you want line-rate > forwarding. Most reputable motherboards (high-end super micros, intel) support 64/66. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 06:04:09PM -0400, [EMAIL PROTECTED] said: [snip] > I'm just throwing ideas out there. I could boot Linux off a floppy or > a bootable CD and create a ramdisk upon bootup - Linux has always had this > capability. I'm just a person who occasionally comes up with silly > half-baked ideas and wonders if he can implement them. ;) > > And to be honest, I figured that having the OS boot off of some > solid-state storage device would be useful... for something... This has come up a few times on [EMAIL PROTECTED] You might want to check the archives, and maybe look at picobsd.org (among others) for more ideas in this vein. -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui msg02215/pgp0.pgp Description: PGP signature
Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 09:38:18AM +, E.B. Dreger wrote: > BSD enforces append-only when running proper securelevel. AFAIK, > Linux lacks this attribute, and root can disable the so-called > "immutable" attrib. i think that modern linuxes have both of these capabilities, but they need to be compiled into the kernel (they're actually called "capabilities", as in capability.h), so they're cumbersome to use. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: > Everything that you say one can do from a CDROM, one can do from > flash. CDROM technology gains you nothing. Depends on what flash you use. There's no way to write protect compactflash. CDROM technology gains you security in the case where m4d h4x0r roots your router and tries to stomp all over the system files. The lack of moving parts is attractive though, but since you only use the cdrom occasionally, I suspect you wont gain much in MTBF. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Routers vs. PC's for routing - was list problems?
DI> Date: Thu, 23 May 2002 18:22:50 -0400 DI> From: Dave Israel DI> Then why ot boot from a CD-ROM? Sure, it moves, but only for DI> the few minutes it takes to boot. Then it spins down and DI> sits idle for the n days/weeks/months until the next DI> reboot. It would probably last as long as the solid state DI> drive, and would be cheaper. Flash lasts longer in my experience. Besides, assuming one doesn't wish to load Bloatware 2.5 on a router, a "big enough" flash drive is rather inexpensive. Even if it were $100 extra, the lack of moving parts is a good thing. Everything that you say one can do from a CDROM, one can do from flash. CDROM technology gains you nothing. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
Then why ot boot from a CD-ROM? Sure, it moves, but only for the few minutes it takes to boot. Then it spins down and sits idle for the n days/weeks/months until the next reboot. It would probably last as long as the solid state drive, and would be cheaper. The big problem here, of course, is software upgrades. Personally, I'd just use a hard drive and initrd (under linux) and leave the hd controller out of the kernel. When it comes time to upgrade, reboot to an alternate kernel that has the hd support code. But that's more of a discussion for a Linux list than here. -Dave On 5/23/2002 at 18:01:03 -0400, Steven J. Sobol said: > > On Thu, 23 May 2002, E.B. Dreger wrote: > > > SJS> a basic question, but the only EIDE mass-storage devices > > SJS> I've used are more traditional drives. > > > > Why not partition wisely, then mount the desired partition as > > read-only? Or I guess one _could_ mount each partition as RO... > > > > But why? > > The box I want to build is passing packets between the rest of my network > (and the public Internet) and one server that will hold sensitive data. > It'll be a Linux box with the TCP/IP stack running in bridged mode, with > two ethernet adapters installed. The box just needs to boot up and run. It > doesn't need to log anything. > > -- > Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) > JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net > "In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: > alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums" > > > -- Dave Israel Senior Manager, IP Backbone Engineering
Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 05:47:40PM -0400, David Charlap wrote: > > 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better > than standard PCI, but hard to find on a PC-compatible motherboard, and > expensive when you do find it. Enough bandwidth for 10 line-rate 100M > Ethernet ports or six line-rate OC-3 ports (in theory, anyway). But not > really enough for anything faster (OC-12 or GigE) if you want line-rate > forwarding. Why is this such a hard concept for people to grasp? If you just need to bat around a couple hundred Mbit, a PC based router could work beautifully for you. If you want to design a scalable but efficient system, you use dedicated hardware for the forwarding plane, cheap but powerful PC hardware for the control plane, and an ASIC to look at bytes in the header and come up with a destination interface. But Juniper has done this, so move on. I wish they would put a little more legitimacy on the Olive though, it could be a very useful product. Everything from very small guys who only need to move 100Mbit but who need more stability and policy power than a linsux box and zebra can provide, to the very big guys who could build a very beefy 2GHz box for computationally intensive tasks (like a route reflector). -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: > SJS> a basic question, but the only EIDE mass-storage devices > SJS> I've used are more traditional drives. > > Why not partition wisely, then mount the desired partition as > read-only? Or I guess one _could_ mount each partition as RO... > > But why? The box I want to build is passing packets between the rest of my network (and the public Internet) and one server that will hold sensitive data. It'll be a Linux box with the TCP/IP stack running in bridged mode, with two ethernet adapters installed. The box just needs to boot up and run. It doesn't need to log anything. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net "In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums"
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Jake Baillie wrote: > the config changed. Which means you'd need some sort of singular > configuration file. > > But I was wrong. :) He meant "read-only" I'm just throwing ideas out there. I could boot Linux off a floppy or a bootable CD and create a ramdisk upon bootup - Linux has always had this capability. I'm just a person who occasionally comes up with silly half-baked ideas and wonders if he can implement them. ;) And to be honest, I figured that having the OS boot off of some solid-state storage device would be useful... for something... -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net "In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums"
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Jason K. Schechner wrote: > On Thu, 23 May 2002, Dan Hollis wrote: > > On Thu, 23 May 2002, Steven J. Sobol wrote: > > > Can you set flash drives to be write-only? > > Why would you want to do this? > Logging. If a h@xx0r cracks your box he can't erase anything that's > already been written there. Often it takes a physical change (jumper, > dipswitch, etc) to change from write-only to read-only making it pretty > tough for the h@xx0r to cover his steps. Eh? Setting a flash drive to *write-only* would fix this how? Why would anyone want to make a flash drive *write-only*? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Routers vs. PC's for routing - was list problems?
Let me elaborate. I thought Steve was concerned about the limited writablity of flash. My thought was to build something like a Linux router, you'd have to load the OS into a RAMdisk (or something similar), and only write to flash when the config changed. Which means you'd need some sort of singular configuration file. But I was wrong. :) He meant "read-only" *back to lurk mode* -- jb At 02:49 PM 5/23/2002 -0700, Dan Hollis wrote: >And making it *write-only* as the original poster asked, would fix things >how?
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Jake Baillie wrote: > At 02:28 PM 5/23/2002 -0700, Dan wrote: > >Why would you want to do this? > Because flash has a limited number of writes. If you used it like a > traditional file system, it would go kaput in no time. And making it *write-only* as the original poster asked, would fix things how? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Routers vs. PC's for routing - was list problems?
Vinny Abello wrote: >> >> First off, you're right about moving parts generally being a bad >> thing. However, it is not always necessary to eliminate the hard >> drive. Two drives in a RAID-0 configuration may be reliable >> enough. Especially if the failure of a single drive sets off >> sufficient alarms so that it can quickly be hot-swapped for a new >> drive. > > I'm assuming you meant RAID-1. In RAID-0 if you 'swapped' any drive > all your striped data is toast. ;) Oops. Yes. of course I meant RAID-1. >> Then there's the issue of the PCI bus. Standard PCI (32-bit 33MHz) >> has a theoretical maximum bandwidth of about 1Gbit/s. But you can >> never use all of a PCI bus's bandwidth, so actual limits will be >> less than this. > > True... unless going for 64 bit PCI at 66MHz... 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better than standard PCI, but hard to find on a PC-compatible motherboard, and expensive when you do find it. Enough bandwidth for 10 line-rate 100M Ethernet ports or six line-rate OC-3 ports (in theory, anyway). But not really enough for anything faster (OC-12 or GigE) if you want line-rate forwarding. -- David
Re: Routers vs. PC's for routing - was list problems?
At 02:28 PM 5/23/2002 -0700, Dan wrote: >Why would you want to do this? Because flash has a limited number of writes. If you used it like a traditional file system, it would go kaput in no time. -- jb
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Dan Hollis wrote: > On Thu, 23 May 2002, Steven J. Sobol wrote: > > On Thu, 23 May 2002, E.B. Dreger wrote: > > > EIDE-based flash drives have become very inexpensive. Some > > > embedded systems use CompactFlash boards. > > Can you set flash drives to be write-only? > > Why would you want to do this? Duh. Sorry about the brainfart. I was about to launch into a long explanation of what I want to do when I realized I wrote "write-only" instead of "read-only." I meant "read-only." Note to self: Engage brain *before* fingers. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net "In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums"
Re: Routers vs. PC's for routing - was list problems?
JKS> Date: Thu, 23 May 2002 17:34:29 -0400 (EDT) JKS> From: Jason K. Schechner JKS> > Why would you want to do this? JKS> JKS> Logging. If a h@xx0r cracks your box he can't erase JKS> anything that's already been written there. Often it takes BSD enforces append-only when running proper securelevel. AFAIK, Linux lacks this attribute, and root can disable the so-called "immutable" attrib. JKS> a physical change (jumper, dipswitch, etc) to change from JKS> write-only to read-only making it pretty tough for the JKS> h@xx0r to cover his steps. Why not log to an external bastion host? -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
SJS> Date: Thu, 23 May 2002 17:23:43 -0400 (EDT) SJS> From: Steven J. Sobol SJS> Can you set flash drives to be write-only? Sorry if this is Depends on the drive, just like traditional HDDs. SJS> a basic question, but the only EIDE mass-storage devices SJS> I've used are more traditional drives. Why not partition wisely, then mount the desired partition as read-only? Or I guess one _could_ mount each partition as RO... But why? -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
> > > On Thu, 23 May 2002, E.B. Dreger wrote: > > > EIDE-based flash drives have become very inexpensive. Some > > embedded systems use CompactFlash boards. > > Can you set flash drives to be write-only? Sorry if this is a basic > question, but the only EIDE mass-storage devices I've used are more > traditional drives. Write only? Sure, that's been around since at least 1972! http://www.ganssle.com/misc/wom1.jpg http://www.ganssle.com/misc/wom2.jpg :) If you mean READ only, some of Sandisk's products (not their normal consumer grade Compact Flash disks) have a read only mode. Some of which even have a mode where you can blow a fuse inside the chip with a special instruction, and make it read-only forever. Someone else made a solid state flash based IDE compatible drive, too, that had an option for "write once" per sector (yet could be all blanked using another special command). I know they wrote a module for OS9 to support it using its native filesystem (most FS's don't like being unable to write to whatever they want, whenever they want). It may have been Atmel. -- Kevin
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Steven J. Sobol wrote: > On Thu, 23 May 2002, E.B. Dreger wrote: > > EIDE-based flash drives have become very inexpensive. Some > > embedded systems use CompactFlash boards. > Can you set flash drives to be write-only? Why would you want to do this? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: > EIDE-based flash drives have become very inexpensive. Some > embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Sorry if this is a basic question, but the only EIDE mass-storage devices I've used are more traditional drives. This would be a great solution for a Linux box I want to build as a bridge. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net "In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums"
Re: Routers vs. PC's for routing - was list problems?
At 04:17 PM 5/23/2002 -0400, you wrote: > > I agree with you on that. Hot swapability for various interfaces is > > something routers obviously have over PC's. > >Hot swap PCI is old news. True, but not widely implemented in the standard PC market. If you want a server that has hot swap capability, you're likely paying a premium price for a lot of extra other features. It's not something you can typically just build yourself, and if you can you'll need a case that allows you easy access to swap the PCI cards. By the time you pay for an enterprise level server with this capability, I would rather have put the money towards a good router. > > True... unless going for 64 bit PCI at 66MHz... still it's obvious that > > routers are designed for one simple purpose and generally have larger > > backplanes to handle that. > >However, $ for $, even when buying used cisco gear at 80% off from >dot-booms, a PC router will outperform any traditional router. At what speeds though? As you get into the higher gbic speeds, a PC doesn't have the backplane to cut it. Now if we're talking raw processing power, a PC can blow away a router in calculations per second any day. :) > > I agree a router is probably more efficient in just routing packets, but in > > complex filtering or traffic manipulation/packet sniffing, a PC might have > > the edge. :) > >Yes, ipfw/dummy is very very cool. Like, inducing a few 100 msecs of >latency to folks who don't pay on time :) Hehehehe... Interesting approach. I find it more fun to just shut them off. It makes them take you more seriously. Unfortunately I would say only a small percentage of users, may 20% or so would even notice the latency issues if they were having them. They're more likely to complain about slow transfer speeds. That is even more fun and can be done on any traditional Cisco... Traffic shaping is cool but hindered by being limited to controlling outbound traffic on an interface. Rate limiting even more fun. Hmm... [exceed action drop] Why is there so much damn packet loss on my connection when I put traffic across it??? ;) Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re[2]: Routers vs. PC's for routing - was list problems?
AR> Date: Thu, 23 May 2002 16:17:16 -0400 (Eastern Daylight Time) AR> From: Alex Rubenstein AR> Yes, ipfw/dummy is very very cool. Like, inducing a few 100 AR> msecs of latency to folks who don't pay on time :) 1. Oh, come on, I know you're more creative than _that_. How about 30% packet loss on their *:53 TCP/UDP? Or running them through stateful rules with uebershort timeouts? Or simply having all their traffic trigger a scan (help! my firewall is seeing attacks to port 113!) right back at them. 2. I dub thee "Alex 'BOFH' Rubenstein". ;-) -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: > I'm trying to remember what "Buy It Now" was on that M20 on eBay > the other day... IIRC, it had 4x OC3 + 4x DS3 + 4x FE. $39,975 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=2025155277 -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli --- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
Re: Routers vs. PC's for routing - was list problems?
> I agree with you on that. Hot swapability for various interfaces is > something routers obviously have over PC's. Hot swap PCI is old news. > True... unless going for 64 bit PCI at 66MHz... still it's obvious that > routers are designed for one simple purpose and generally have larger > backplanes to handle that. However, $ for $, even when buying used cisco gear at 80% off from dot-booms, a PC router will outperform any traditional router. > I agree a router is probably more efficient in just routing packets, but in > complex filtering or traffic manipulation/packet sniffing, a PC might have > the edge. :) Yes, ipfw/dummy is very very cool. Like, inducing a few 100 msecs of latency to folks who don't pay on time :) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Routers vs. PC's for routing - was list problems?
JC> Date: Thu, 23 May 2002 15:25:14 -0400 (EDT) JC> From: James Cornman JC> We've had some rather good success with FreeBSD based PC JC> Routers. Typical setup was FreeBSD 4.x, 512mb, 20gb RAID-1, JC> 3com Gigabit Ethernet card, Fore Systems OC3 ATM card. All JC> this, with zebra on top. It worked well for a long time, JC> although it turned out getting deprecated because of some JC> zebra issues (with ospfd. They (the problems) weren't JC> confirmed by the zebra community but thats the only thing we JC> could narrow it down to. ospfd would die periodically.) The JC> line cards were bought off of eBay. Yes, for <= 155 Mbps, it works well. My intended point was that Juniper != PC. Yes, both are FreeBSD on x86, which works great. But PCs use the system bus, which is a much harsher limit than having a fast backplane or midplane that just switches data. As Randy said, a router must route _and_ forward. When PCI runs out of gas, you just can't push any more through it. Again: Anyone played with cPSB yet? It looks very promising... The "sweet spot" for building a PC-based router probably would be around 2x or 3x DS3 right now. 7200s have come down in price, but DS3 cards are still fairly valuable. (Not enough price difference in the DS1 game to make a PC-based router worth the effort on the low end... unless one is multihoming and needs more RAM than 26xx or 36{20|40} can hold.) I'm trying to remember what "Buy It Now" was on that M20 on eBay the other day... IIRC, it had 4x OC3 + 4x DS3 + 4x FE. JC> We did VLAN trunking through the 3com GBE card to a Catalyst JC> 3548. Did any rate limiting with DUMMYNET and ipfw pipes. JC> Overall, the whole system worked great for a few months JC> without human interaction, until the ospfd problems. How long ago was this? Zebra has been stagnant for nearly a year now, and my recollection was that late 2000 was when OSPF bugs were biting... -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
As are f5 proeducts including bigip, 3dns and hmmm they make something else I forget:). On Thu, 23 May 2002, Brian wrote: > bsd kernel eh? i believe netapp filers are based on that as well. > > Bri > > > > On Thu, 23 May 2002, Anthony D Cennami wrote: > > > > > "Not to say you can't route well with a linux or bsd system you can but > > at the high-end probably not as well." > > > > Tell that to Juniper. > > > > > > > > Scott Granados wrote: > > > Remember that a pc may have some certain functions that are "more > > > powerful" than a router but a pc is a much more general computer. > > > Routers are supposed to be and usually designed to do one thing only, > > > route, not play quake, balance your check book, browse the net, etc etc. > > > So although for example a gsr-12000 may hhave a slower cpu than the > > > machine on your desk it probably will route and pass more traffic than > > > your pc ever will because of its design. Not to say you can't route > > > well with a linux or bsd system you can but at the high-end probably not > > > as well. > > > > > > On Thu, 23 May 2002, Vinny Abello wrote: > > > > > > > > >>I would have to say for any Linux/BSD platform to be a viable routing > > >>solution, you have to eliminate all moving parts or as much as possible, > > >>ie. no hard drives because hard drives will fail. Not much you can do about > > >>the cooling fans in various parts of the machine though which routers also > > >>tend to have. Solid state storage would be the way to go as far as what the > > >>OS is installed on. You have to have something to imitate flash on the > > >>common router. Otherwise, if you can get the functionality out of a PC, I > > >>say go for it! The processing power of a modern PC is far beyond any router > > >>I can think of. I suppose it would just be a matter of how efficient your > > >>kernel, TCP/IP stack and routing daemon would be at that point. :) > > >> > > >>At 10:48 PM 5/22/2002, you wrote: > > >> > > >> > > >>>On Wed, 22 May 2002, Andy Dills wrote: > > >>> > > >>> > > >>From the number of personal replies I got about these topics, it seems > > >like many people are interested in sharing information about how to do > > >routing on a budget, or how to avoid getting shot in the foot with your > > >Cisco box. > > > > Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother > > with a linux box? Heh, at least use FreeBSD :) > > >>> > > >>>Before the dot com implosion, they weren't nearly that inexpensive. The > > >>>average corporate user will also need smartnet (what's that on a 7200, a K > > >>>or a few per year?) for support, warranty, and software updates. Some > > >>>people just don't appreciate being nickled and dimed by cisco and forced > > >>>to either buy much more router than they need, or risk ending up with > > >>>another cisco boat anchor router when the platform they chose can no > > >>>longer do the job in the limited memory config supported. > > >>> > > >>>I have a consulting customer who, against my strong recommendation, bought > > >>>a non-cisco router to multihome with. It's PC based, runs Linux, and with > > >>>the exception of the gated BGP issue that bit everyone running gated a few > > >>>months ago, has worked just fine. It's not as easy to work with in most > > >>>cases, but there are some definite advantages, and some things that Linux > > >>>actually makes easier. They'd initially bought a 2621 when multihoming > > >>>was just a thought, and by the time it was a reality, 64mb on a 2621 > > >>>couldn't handle full routes. The C&W/PSI depeering (which did affect > > >>>this customer, as they were single homed to C&W at the time and did > > >>>regular business with networks single homed to PSI) was proof that without > > >>>full routes, you're not really multihomed. > > >>> > > >>>-- > > >>>-- > > >>> Jon Lewis *[EMAIL PROTECTED]*| I route > > >>> System Administrator| therefore you are > > >>> Atlantic Net| > > >>>_ http://www.lewis.org/~jlewis/pgp for PGP public key_ > > >> > > >> > > >>Vinny Abello > > >>Network Engineer > > >>Server Management > > >>[EMAIL PROTECTED] > > >>(973)300-9211 x 125 > > >>(973)940-6125 (Direct) > > >> > > >>Tellurian Networks - The Ultimate Internet Connection > > >>http://www.tellurian.com (888)TELLURIAN > > >> > > > > > > > > > > > > >
Re: Routers vs. PC's for routing - was list problems?
bsd kernel eh? i believe netapp filers are based on that as well. Bri On Thu, 23 May 2002, Anthony D Cennami wrote: > > "Not to say you can't route well with a linux or bsd system you can but > at the high-end probably not as well." > > Tell that to Juniper. > > > > Scott Granados wrote: > > Remember that a pc may have some certain functions that are "more > > powerful" than a router but a pc is a much more general computer. > > Routers are supposed to be and usually designed to do one thing only, > > route, not play quake, balance your check book, browse the net, etc etc. > > So although for example a gsr-12000 may hhave a slower cpu than the > > machine on your desk it probably will route and pass more traffic than > > your pc ever will because of its design. Not to say you can't route > > well with a linux or bsd system you can but at the high-end probably not > > as well. > > > > On Thu, 23 May 2002, Vinny Abello wrote: > > > > > >>I would have to say for any Linux/BSD platform to be a viable routing > >>solution, you have to eliminate all moving parts or as much as possible, > >>ie. no hard drives because hard drives will fail. Not much you can do about > >>the cooling fans in various parts of the machine though which routers also > >>tend to have. Solid state storage would be the way to go as far as what the > >>OS is installed on. You have to have something to imitate flash on the > >>common router. Otherwise, if you can get the functionality out of a PC, I > >>say go for it! The processing power of a modern PC is far beyond any router > >>I can think of. I suppose it would just be a matter of how efficient your > >>kernel, TCP/IP stack and routing daemon would be at that point. :) > >> > >>At 10:48 PM 5/22/2002, you wrote: > >> > >> > >>>On Wed, 22 May 2002, Andy Dills wrote: > >>> > >>> > >>From the number of personal replies I got about these topics, it seems > >like many people are interested in sharing information about how to do > >routing on a budget, or how to avoid getting shot in the foot with your > >Cisco box. > > Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother > with a linux box? Heh, at least use FreeBSD :) > >>> > >>>Before the dot com implosion, they weren't nearly that inexpensive. The > >>>average corporate user will also need smartnet (what's that on a 7200, a K > >>>or a few per year?) for support, warranty, and software updates. Some > >>>people just don't appreciate being nickled and dimed by cisco and forced > >>>to either buy much more router than they need, or risk ending up with > >>>another cisco boat anchor router when the platform they chose can no > >>>longer do the job in the limited memory config supported. > >>> > >>>I have a consulting customer who, against my strong recommendation, bought > >>>a non-cisco router to multihome with. It's PC based, runs Linux, and with > >>>the exception of the gated BGP issue that bit everyone running gated a few > >>>months ago, has worked just fine. It's not as easy to work with in most > >>>cases, but there are some definite advantages, and some things that Linux > >>>actually makes easier. They'd initially bought a 2621 when multihoming > >>>was just a thought, and by the time it was a reality, 64mb on a 2621 > >>>couldn't handle full routes. The C&W/PSI depeering (which did affect > >>>this customer, as they were single homed to C&W at the time and did > >>>regular business with networks single homed to PSI) was proof that without > >>>full routes, you're not really multihomed. > >>> > >>>-- > >>>-- > >>> Jon Lewis *[EMAIL PROTECTED]*| I route > >>> System Administrator| therefore you are > >>> Atlantic Net| > >>>_ http://www.lewis.org/~jlewis/pgp for PGP public key_ > >> > >> > >>Vinny Abello > >>Network Engineer > >>Server Management > >>[EMAIL PROTECTED] > >>(973)300-9211 x 125 > >>(973)940-6125 (Direct) > >> > >>Tellurian Networks - The Ultimate Internet Connection > >>http://www.tellurian.com (888)TELLURIAN > >> > > > > > > >
Re: Routers vs. PC's for routing - was list problems?
We've had some rather good success with PC based routers. Typical setup was FreeBSD 4.x, 512mb, 20gb RAID-1, 3com Gigabit Ethernet card, Fore Systems OC3 ATM card. All this, with zebra on top. It worked well for a long time, although it turned out getting deprecated because of some zebra issues (with ospfd. They (the problems) weren't confirmed by the zebra community but thats the only thing we could narrow it down to. ospfd would die periodically.) The line cards were bought off of eBay. We did VLAN trunking through the 3com GBE card to a Catalyst 3548. Did any rate limiting with DUMMYNET and ipfw pipes. Overall, the whole system worked great for a few months without human interaction, until the ospfd problems. Feel free to contact me off list if you have any questions. I dont know all of the exact hardware/software tweaking that were done; alot of them were left default, but i'll try to help. -- James Cornman <[EMAIL PROTECTED]> Net Access Corporation - http://www.nac.net/ On Thu, 23 May 2002, E.B. Dreger wrote: > > ADC> Date: Thu, 23 May 2002 14:30:16 -0400 > ADC> From: Anthony D Cennami > > > ADC> "Not to say you can't route well with a linux or bsd system > ADC> you can but at the high-end probably not as well." > ADC> > ADC> Tell that to Juniper. > > Where can I buy their line cards for my PC? > > > -- > Eddy > > Brotsman & Dreger, Inc. - EverQuick Internet Division > Phone: +1 (316) 794-8922 Wichita/(Inter)national > Phone: +1 (785) 865-5885 Lawrence > > ~ > Date: Mon, 21 May 2001 11:23:58 + (GMT) > From: A Trap <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Please ignore this portion of my mail signature. > > These last few lines are a trap for address-harvesting spambots. > Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to > be blocked. > >
Re: Routers vs. PC's for routing - was list problems?
ADC> Date: Thu, 23 May 2002 14:30:16 -0400 ADC> From: Anthony D Cennami ADC> "Not to say you can't route well with a linux or bsd system ADC> you can but at the high-end probably not as well." ADC> ADC> Tell that to Juniper. Where can I buy their line cards for my PC? -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
> "Not to say you can't route well with a linux or bsd system you can but > at the high-end probably not as well." > > Tell that to Juniper. routing != forwarding routers have two jobs, both critical randy
Re: Routers vs. PC's for routing - was list problems?
At 02:20 PM 5/23/2002 -0400, you wrote: >Vinny Abello wrote: > > > > I would have to say for any Linux/BSD platform to be a viable > > routing solution, you have to eliminate all moving parts or as much > > as possible, ie. no hard drives because hard drives will fail. Not > > much you can do about the cooling fans in various parts of the > > machine though which routers also tend to have. Solid state > > storage would be the way to go as far as what the OS is installed > > on. You have to have something to imitate flash on the common > > router. Otherwise, if you can get the functionality out of a PC, > > I say go for it! The processing power of a modern PC is far beyond > > any router I can think of. I suppose it would just be a matter of > > how efficient your kernel, TCP/IP stack and routing daemon would > > be at that point. :) > >I've several comments here. > >First off, you're right about moving parts generally being a bad thing. >However, it is not always necessary to eliminate the hard drive. Two >drives in a RAID-0 configuration may be reliable enough. Especially if >the failure of a single drive sets off sufficient alarms so that it can >quickly be hot-swapped for a new drive. I'm assuming you meant RAID-1. In RAID-0 if you 'swapped' any drive all your striped data is toast. ;) >The real problem with using PCs is bandwidth and hardware reliability. > >PCs generally don't have many hot-swappable parts. You can get hot-swap >hard drive assemblies without too much work, and redundant power >supplies can be purchased. A motherboard that allows hot-swapping of >PCI cards (usually by having multiple busses and a mechanism to turn >them off individually) is very rare. You can get dual-CPU motherboards, >but not with the processors being hot swappable. And I don't know if >any will allow the system to transparently fail over from one CPU to >another, should the primary fail. I agree with you on that. Hot swapability for various interfaces is something routers obviously have over PC's. >Then there's the issue of the PCI bus. Standard PCI (32-bit 33MHz) has >a theoretical maximum bandwidth of about 1Gbit/s. But you can never use >all of a PCI bus's bandwidth, so actual limits will be less than this. True... unless going for 64 bit PCI at 66MHz... still it's obvious that routers are designed for one simple purpose and generally have larger backplanes to handle that. >When you're doing software routing, every packet must cross the bus >twice - once for the receive and once for the send. So your standard >PCI bus (if used for nothing but packets) has a top speed of 500Mbit/s. >Which is less than three ports of full-duplex fast Ethernet at line >rate. Multiple busses and/or 64-bit 66MHz PCI can increase this limit, >but now you're talking about much more expensive motherboards. > >You can dramatically improve throughput if you can get line cards that >have on-board forwarding chips. If cards can forward packets between >each other without getting the CPU involved, then packets can cross the >PCI bus only once. But these kinds of line cards are not cheap, if they >can be found at all. And you will need some way of downloading your >kernel routing table into the cards, which may require some serious OS >hacking. > >In other words, a PC equipped to be as reliable and capable as a decent >router will likely end up costing as much as a router. And the reason >has nothing to do with the CPU speed or the operating system. I agree a router is probably more efficient in just routing packets, but in complex filtering or traffic manipulation/packet sniffing, a PC might have the edge. :) Don't get me wrong. I would never use a PC for a router, just as I wouldn't try to run my workstation as a 7206. ;) It's all just hypothesizing. Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re: Routers vs. PC's for routing - was list problems?
"Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well." Tell that to Juniper. Scott Granados wrote: > Remember that a pc may have some certain functions that are "more > powerful" than a router but a pc is a much more general computer. > Routers are supposed to be and usually designed to do one thing only, > route, not play quake, balance your check book, browse the net, etc etc. > So although for example a gsr-12000 may hhave a slower cpu than the > machine on your desk it probably will route and pass more traffic than > your pc ever will because of its design. Not to say you can't route > well with a linux or bsd system you can but at the high-end probably not > as well. > > On Thu, 23 May 2002, Vinny Abello wrote: > > >>I would have to say for any Linux/BSD platform to be a viable routing >>solution, you have to eliminate all moving parts or as much as possible, >>ie. no hard drives because hard drives will fail. Not much you can do about >>the cooling fans in various parts of the machine though which routers also >>tend to have. Solid state storage would be the way to go as far as what the >>OS is installed on. You have to have something to imitate flash on the >>common router. Otherwise, if you can get the functionality out of a PC, I >>say go for it! The processing power of a modern PC is far beyond any router >>I can think of. I suppose it would just be a matter of how efficient your >>kernel, TCP/IP stack and routing daemon would be at that point. :) >> >>At 10:48 PM 5/22/2002, you wrote: >> >> >>>On Wed, 22 May 2002, Andy Dills wrote: >>> >>> >>From the number of personal replies I got about these topics, it seems >like many people are interested in sharing information about how to do >routing on a budget, or how to avoid getting shot in the foot with your >Cisco box. Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother with a linux box? Heh, at least use FreeBSD :) >>> >>>Before the dot com implosion, they weren't nearly that inexpensive. The >>>average corporate user will also need smartnet (what's that on a 7200, a K >>>or a few per year?) for support, warranty, and software updates. Some >>>people just don't appreciate being nickled and dimed by cisco and forced >>>to either buy much more router than they need, or risk ending up with >>>another cisco boat anchor router when the platform they chose can no >>>longer do the job in the limited memory config supported. >>> >>>I have a consulting customer who, against my strong recommendation, bought >>>a non-cisco router to multihome with. It's PC based, runs Linux, and with >>>the exception of the gated BGP issue that bit everyone running gated a few >>>months ago, has worked just fine. It's not as easy to work with in most >>>cases, but there are some definite advantages, and some things that Linux >>>actually makes easier. They'd initially bought a 2621 when multihoming >>>was just a thought, and by the time it was a reality, 64mb on a 2621 >>>couldn't handle full routes. The C&W/PSI depeering (which did affect >>>this customer, as they were single homed to C&W at the time and did >>>regular business with networks single homed to PSI) was proof that without >>>full routes, you're not really multihomed. >>> >>>-- >>>-- >>> Jon Lewis *[EMAIL PROTECTED]*| I route >>> System Administrator| therefore you are >>> Atlantic Net| >>>_ http://www.lewis.org/~jlewis/pgp for PGP public key_ >> >> >>Vinny Abello >>Network Engineer >>Server Management >>[EMAIL PROTECTED] >>(973)300-9211 x 125 >>(973)940-6125 (Direct) >> >>Tellurian Networks - The Ultimate Internet Connection >>http://www.tellurian.com (888)TELLURIAN >> > >
Re: Routers vs. PC's for routing - was list problems?
Remember that a pc may have some certain functions that are "more powerful" than a router but a pc is a much more general computer. Routers are supposed to be and usually designed to do one thing only, route, not play quake, balance your check book, browse the net, etc etc. So although for example a gsr-12000 may hhave a slower cpu than the machine on your desk it probably will route and pass more traffic than your pc ever will because of its design. Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well. On Thu, 23 May 2002, Vinny Abello wrote: > > I would have to say for any Linux/BSD platform to be a viable routing > solution, you have to eliminate all moving parts or as much as possible, > ie. no hard drives because hard drives will fail. Not much you can do about > the cooling fans in various parts of the machine though which routers also > tend to have. Solid state storage would be the way to go as far as what the > OS is installed on. You have to have something to imitate flash on the > common router. Otherwise, if you can get the functionality out of a PC, I > say go for it! The processing power of a modern PC is far beyond any router > I can think of. I suppose it would just be a matter of how efficient your > kernel, TCP/IP stack and routing daemon would be at that point. :) > > At 10:48 PM 5/22/2002, you wrote: > > >On Wed, 22 May 2002, Andy Dills wrote: > > > > > > >From the number of personal replies I got about these topics, it seems > > > > like many people are interested in sharing information about how to do > > > > routing on a budget, or how to avoid getting shot in the foot with your > > > > Cisco box. > > > > > > Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother > > > with a linux box? Heh, at least use FreeBSD :) > > > >Before the dot com implosion, they weren't nearly that inexpensive. The > >average corporate user will also need smartnet (what's that on a 7200, a K > >or a few per year?) for support, warranty, and software updates. Some > >people just don't appreciate being nickled and dimed by cisco and forced > >to either buy much more router than they need, or risk ending up with > >another cisco boat anchor router when the platform they chose can no > >longer do the job in the limited memory config supported. > > > >I have a consulting customer who, against my strong recommendation, bought > >a non-cisco router to multihome with. It's PC based, runs Linux, and with > >the exception of the gated BGP issue that bit everyone running gated a few > >months ago, has worked just fine. It's not as easy to work with in most > >cases, but there are some definite advantages, and some things that Linux > >actually makes easier. They'd initially bought a 2621 when multihoming > >was just a thought, and by the time it was a reality, 64mb on a 2621 > >couldn't handle full routes. The C&W/PSI depeering (which did affect > >this customer, as they were single homed to C&W at the time and did > >regular business with networks single homed to PSI) was proof that without > >full routes, you're not really multihomed. > > > >-- > >-- > > Jon Lewis *[EMAIL PROTECTED]*| I route > > System Administrator| therefore you are > > Atlantic Net| > >_ http://www.lewis.org/~jlewis/pgp for PGP public key_ > > > Vinny Abello > Network Engineer > Server Management > [EMAIL PROTECTED] > (973)300-9211 x 125 > (973)940-6125 (Direct) > > Tellurian Networks - The Ultimate Internet Connection > http://www.tellurian.com (888)TELLURIAN >
Re: Routers vs. PC's for routing - was list problems?
> Good point, I also did this for cash reasons and would just buy hardware > on the used market today. As far as OS, I was using stripped down FreeBSD. > I started with Linux, but at the time they did not support radix trees so > routing tables killed the box. If I HAD to do it again I would still say > away from Linux. Yes I'd stick to NetBSD - when we first deployed it Linux didn't support VLSM! [Nor did SunOS/Solaris] Regards, Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Neil J. McRae wrote: > I've done it in a production environment and unless money was > extremely tight I wouldn't consider doing it again. You will > save on capital expediture but you need an army of resources > to support it. When I did it, it was on NetBSD running GateD 3.x.x. > And it supported in both cases two of the largest ISPs in Europe. Good point, I also did this for cash reasons and would just buy hardware on the used market today. As far as OS, I was using stripped down FreeBSD. I started with Linux, but at the time they did not support radix trees so routing tables killed the box. If I HAD to do it again I would still say away from Linux. -Nathan
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Daryl G. Jurbala wrote: > And that's MY real question. Who has actually done this in a production > environment that can speak with some real experience on the topic? What > can you replace with a linux box to route and run BGP for you in real > life? A 7200? Bigger. I ran a 100% PC router network for almost 2 years. I used them from everything from edge aggregation to core routers. You can make BGP do whatever you want in real life on a PC. I used modified GateD code and after some work became very happy with it. > I don't have the facilities to try these things out for real, and > frankly would be worried about the uptime and finding the RIGHT PC > hardware that isn't complete junk. Yes, you need to build your own. > So I guess it's really two questions: what is a PC capable of replacing > as far as throughput goes, and just how reliable can a clone (or pick > your manufacturer) be compared to a unit that was designed by electronic > engineers to function as a 24x7 mission critical box? When you want to push over 30 meg you are better off looking at something other then a x86 to route packets. ><> Nathan Stratton CTO, Exario Networks, Inc. nathan at robotics.net nathan at exario.net http://www.robotics.net http://www.exario.net
Re: Routers vs. PC's for routing - was list problems?
> And that's MY real question. Who has actually done this in a production > environment that can speak with some real experience on the topic? What > can you replace with a linux box to route and run BGP for you in real > life? A 7200? Bigger. > > I don't have the facilities to try these things out for real, and > frankly would be worried about the uptime and finding the RIGHT PC > hardware that isn't complete junk. > > So I guess it's really two questions: what is a PC capable of replacing > as far as throughput goes, and just how reliable can a clone (or pick > your manufacturer) be compared to a unit that was designed by electronic > engineers to function as a 24x7 mission critical box? I've done it in a production environment and unless money was extremely tight I wouldn't consider doing it again. You will save on capital expediture but you need an army of resources to support it. When I did it, it was on NetBSD running GateD 3.x.x. And it supported in both cases two of the largest ISPs in Europe. There are more options now with Linux and Zebra etc but don't underestimate having to deal with PC issues and Unix issues. If your running LINUX you have to be subscribed to a million email lists to get an idea of issues etc and that takes up time. Anything above 200M-300Mbps then forget it, but as a cheap ethernet router its fine, and if it doesn't work you can always reuse the machines. I strongly recommend using an AWARD bios machine - everything else that I used had PCI bus timing issues. [ASUS motherboards were a good choice also]. Regards, Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Routers vs. PC's for routing - was list problems?
On Thu, 2002-05-23 at 09:26, Vinny Abello wrote: common router. Otherwise, if you can get the functionality out of a PC, I > say go for it! The processing power of a modern PC is far beyond any router > I can think of. I suppose it would just be a matter of how efficient your > kernel, TCP/IP stack and routing daemon would be at that point. :) And that's MY real question. Who has actually done this in a production environment that can speak with some real experience on the topic? What can you replace with a linux box to route and run BGP for you in real life? A 7200? Bigger. I don't have the facilities to try these things out for real, and frankly would be worried about the uptime and finding the RIGHT PC hardware that isn't complete junk. So I guess it's really two questions: what is a PC capable of replacing as far as throughput goes, and just how reliable can a clone (or pick your manufacturer) be compared to a unit that was designed by electronic engineers to function as a 24x7 mission critical box? Daryl G. Jurbala Independent Consultant (read: looking for a job) [EMAIL PROTECTED]
Re: Routers vs. PC's for routing - was list problems?
VA> Date: Thu, 23 May 2002 09:26:41 -0400 VA> From: Vinny Abello VA> I would have to say for any Linux/BSD platform to be a viable I suppose it's been awhile since this thread has made the rounds, so I'll jump in for a moment... VA> routing solution, you have to eliminate all moving parts or VA> as much as possible, ie. no hard drives because hard drives EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. VA> will fail. Not much you can do about the cooling fans in It's always nice if the CPU is happy with a "big enough" heatsink and no fans. VA> various parts of the machine though which routers also tend VA> to have. Solid state storage would be the way to go as far as VA> what the OS is installed on. You have to have something to I think that 128 MB CompactFlash boards are < $60 new now. I've not priced drives recently, but I'm sure they're similar. VA> imitate flash on the common router. Otherwise, if you can get VA> the functionality out of a PC, I say go for it! The VA> processing power of a modern PC is far beyond any router I Yes and no. The central CPU, yes. The line cards, no. VA> can think of. I suppose it would just be a matter of how VA> efficient your kernel, TCP/IP stack and routing daemon would VA> be at that point. :) You left out one critical thing: The bus/backplane. For DS1 service or a few DS3s, standard PCI will work fine. But once the bus is maxed out... you need something bigger (wider or faster bus) or better (cPSB ethernet midplane). Has anyone had the privilege of playing with cPSB gear? If so, I'd like to know what your experiences were... That said, I'm definitely a proponent of "roll your own" routers, although the great prices on used turnkey gear might just make RYO routing more expensive nowadays. (I assume that anyone clueful enough to build a router probably wouldn't need the bigger vendor service contracts.) Then again, if you need different behavior and can cut code, RYO is more flexible. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked.
Routers vs. PC's for routing - was list problems?
I would have to say for any Linux/BSD platform to be a viable routing solution, you have to eliminate all moving parts or as much as possible, ie. no hard drives because hard drives will fail. Not much you can do about the cooling fans in various parts of the machine though which routers also tend to have. Solid state storage would be the way to go as far as what the OS is installed on. You have to have something to imitate flash on the common router. Otherwise, if you can get the functionality out of a PC, I say go for it! The processing power of a modern PC is far beyond any router I can think of. I suppose it would just be a matter of how efficient your kernel, TCP/IP stack and routing daemon would be at that point. :) At 10:48 PM 5/22/2002, you wrote: >On Wed, 22 May 2002, Andy Dills wrote: > > > > >From the number of personal replies I got about these topics, it seems > > > like many people are interested in sharing information about how to do > > > routing on a budget, or how to avoid getting shot in the foot with your > > > Cisco box. > > > > Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother > > with a linux box? Heh, at least use FreeBSD :) > >Before the dot com implosion, they weren't nearly that inexpensive. The >average corporate user will also need smartnet (what's that on a 7200, a K >or a few per year?) for support, warranty, and software updates. Some >people just don't appreciate being nickled and dimed by cisco and forced >to either buy much more router than they need, or risk ending up with >another cisco boat anchor router when the platform they chose can no >longer do the job in the limited memory config supported. > >I have a consulting customer who, against my strong recommendation, bought >a non-cisco router to multihome with. It's PC based, runs Linux, and with >the exception of the gated BGP issue that bit everyone running gated a few >months ago, has worked just fine. It's not as easy to work with in most >cases, but there are some definite advantages, and some things that Linux >actually makes easier. They'd initially bought a 2621 when multihoming >was just a thought, and by the time it was a reality, 64mb on a 2621 >couldn't handle full routes. The C&W/PSI depeering (which did affect >this customer, as they were single homed to C&W at the time and did >regular business with networks single homed to PSI) was proof that without >full routes, you're not really multihomed. > >-- >-- > Jon Lewis *[EMAIL PROTECTED]*| I route > System Administrator| therefore you are > Atlantic Net| >_ http://www.lewis.org/~jlewis/pgp for PGP public key_ Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN