Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 12:54:57PM -0700, Scott Granados wrote: As are f5 proeducts including bigip, 3dns and hmmm they make something else I forget:). On Thu, 23 May 2002, Brian wrote: bsd kernel eh? i believe netapp filers are based on that as well. Indeed - bigIP is BSDI aka BSD/OS based, netapp uses NetBSD code. Greetz, Peter -- huk ~ kek
Re: Routers vs. PC's for routing - was list problems?
Though I might lend a comment here. I have had alot of experience with PC based routers, starting around 96, and getting majorly into it around 98 or so. To give you an idea. No moving parts except cooling fans. Main drive is an IDE style SanDisk flash drive. System goes through a multistage boot. System start, loads initial startup code into boot ramdisk. System mounts a partition on the flash read-only System creates soon to be / ramdisk and uncompresses final fs image to it System copies stored configs from flash to /etc on second ramdisk System unmounts flash and remounts rootfs to second ramdisk System frees first ramdisk System finishes boot This was of course a totally custom Linux distrib, with a set of config tools for manipulation of the boot config (The flash stores 2 operational config archives, 2 operational fs images and one recovery config and fs image.) The system would automagicly boot the primary config, on failure boot the secondary, on failure boot the recovery image. Boot image and config set selectable at boot via serial console. This allowed us to load a make config updates to the primary config, while saving the working configs to the secondary, and to handle fs image updates properly (can always drop back to last known working copy). Worst case the recovery image can reload from backup via the network in a matter of seconds. The base platform was a K6-3 450Mhz, giving us a 64k L1 and 256K L2 cache running at 450Mhz, and a 1M L3 at 100Mhz. Given 256M SDRAM for main memory (4 way interleave) and using 64MB for the rootfs with the distro specificly designed to run in a ram only environ everything worked well (especially without IDE bus interrupts screwing with things). The only time it touched flash was during boot, and when updating or backing up config or fs images. We used (and sold) many of these boxes as a 7200 replacement. A 7206VXR is at best a 300Mhz MIPS box with a 33Mhz PCI bus. Both the PC and the Linux box top out at just under 400Mbit over the main bus, but the Linux box had *alot* of CPU left over to run filters, logging, multiview BGP and CBQ. It was nice to have a box capable of BGP, OSPF, RSVP, filtering, CBQ, IP rewrites and NAT at 300Mbit+ with SSH and serial console access, costing 10,000$USD with 2 x DS3 and 4 x 100Mbit-FDX ethernet in mid 1999, considering a 7200 cost 3 times that (with interfaces and memory), and was pretty weak as far as SSH, CBQ and NAT support went (As well as having issues with NWAY and FastEtherChannel trunking). If one is being used at the network core where filtering is not done there is some fastpath magic that can easily take the box up to about 800Mbit aggregate. Using multiport ether cards with 4 interfaces per on there own PCI sub bus it gets fun. Given the right card and driver and assuming you group your traffic it gets interesting. Only the IP headers cross the main bus, the payloads go direct card to card, if it is within the same iface group it never touches the main PCI bus. This was in late 1998. We also did some work with single and dual CPU 21264 as well as Ultra AXMP+ systems for the 64bit 66mhz PCI bus. We were very happy with the performance (1.5 - 2.0 Gbit/sec aggregate while running full filters and CBQ on a dual 21264 w/ 768 meg mem) but at the time was a bit high. These days a dual Athlon MB with 4 64bit 66Mhz PCI slots is 350$USD... So, the easy rule? A 500Mhz *quality* PC booting from flash to ram can replace a 7206VXR. Up to quad DS3/Quad 100Mbit ether is fine. Your overall bandwidth limit is about the same, but at that bandwidth you can do a hell of alot more work (think stateful filters, CBQ, IP rewrites or IPSEC), as the limit is the PCI bus your have CPU and memory bandwidth to burn. Alot of this was RD for product sales and ISP operations at a previous employer, and there are still boxes sitting around handling (for example) DS3 x 2 + 100Mbit x 4, 3 full views (each DS3 to seperate provider, 2 x 100Mbit-FDX EtherChannel link to a 7200 peer/backup, and 2 x 2 x 100Mbit-FDX EtherChannel link to a catalyst 2429XL for a server cluster and dialin hardware) Its 7200 peer dies now and again due to CPU overload from route flap/etc, never had any trouble with the LinuxRouter. Been in place since late 99 or so. At my current place I end up working with 2 port bandwidth controllers, and IPSEC VPN boxes. We have been known to produce a pretty slick 100Mbit full duplex bandwidth control box, as well as some neat VPN systems. These days if I want to do more than an OC3 or 2 we grab a Juniper, but if you want to do say IPSEC, a dual Athlon 2000 MP+ w/ 1G PC2100 ECC DDR and a Syskonnect 64bit/66Mhz GigE card is ~ 2,000$USD. It can do alot of work... Creating the initial distro, writing the CLI linking all the daemon config/etc and know what interrupt timers and packet timers to tweak takes skill. Just using one is easy. -- I route, therefore you are.
RE: Routers vs. PC's for routing - was list problems?
AFAIK standard (non-proprietary) CompactFlash, SmartCards, Memory Stick, et al, are seen as (removable) storage with typical allowed attributes. I can set a file/folder/card to 'locked' in my camera but when plugged into the computer this will show as 'read only.' Then again, router manufacturers are infamous for jiggering as much as possible to proprietary. Might still be able to 'administer' the card in another machine then install it in the proprietary device but that might void your warranty. :) Hey, they're just protecting their market share, right? Worked for Apple, oh, wait a minute... (/mnt asbestos underwear) Just my 2ยข. -Al -Original Message- From: Steven J. Sobol [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 2:39 PM To: Dan Hollis Cc: E.B. Dreger; Vinny Abello; [EMAIL PROTECTED] Subject: Re: Routers vs. PC's for routing - was list problems? On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: On Thu, 23 May 2002, E.B. Dreger wrote: EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Why would you want to do this? Duh. Sorry about the brainfart. I was about to launch into a long explanation of what I want to do when I realized I wrote write-only instead of read-only. I meant read-only. Note to self: Engage brain *before* fingers. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
RE: Routers vs. PC's for routing - was list problems?
Most flash media includes read only 'tabs' similar to the legacy floppy variety. Steven may have hit on an interesting solution here... -Al -Original Message- From: E.B. Dreger [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 2:38 PM To: [EMAIL PROTECTED] Cc: Dan Hollis; Steven J. Sobol; Vinny Abello; [EMAIL PROTECTED] Subject: Re: Routers vs. PC's for routing - was list problems? JKS Date: Thu, 23 May 2002 17:34:29 -0400 (EDT) JKS From: Jason K. Schechner JKS Why would you want to do this? JKS JKS Logging. If a h@xx0r cracks your box he can't erase JKS anything that's already been written there. Often it takes BSD enforces append-only when running proper securelevel. AFAIK, Linux lacks this attribute, and root can disable the so-called immutable attrib. JKS a physical change (jumper, dipswitch, etc) to change from JKS write-only to read-only making it pretty tough for the JKS h@xx0r to cover his steps. Why not log to an external bastion host? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
BSD enforces append-only when running proper securelevel. AFAIK, Linux lacks this attribute, and root can disable the so-called immutable attrib. bsd enforces append only or immutable when the flag is set, not depending on the securelevel. there are user and system flag sets. the user flag set can be turned off and on at any time by either the file's owner or root. the system flag set can be set at any time, but can only be removed when the securelevel is less than or equal to zero, and can only be set or cleared by root. -- |- CODE WARRIOR -| [EMAIL PROTECTED] * ah! i see you have the internet [EMAIL PROTECTED] (Andrew Brown)that goes *ping*! [EMAIL PROTECTED] * information is power -- share the wealth.
Re: Routers vs. PC's for routing - was list problems?
They did but when you mentioned this I went to look for it and haven't found it. . As I recall this was infact for the nsa but I don't remember the exact application. On Fri, 24 May 2002, Joseph T. Klein wrote: Didn't National Semiconductor have a spec sheet for write only memory back in the late 70s or early 80s? I think they developed it for the NSA. --On Thursday, 23 May 2002 14:53 -0700 Dan Hollis [EMAIL PROTECTED] wrote: On Thu, 23 May 2002, Jason K. Schechner wrote: On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: Can you set flash drives to be write-only? Why would you want to do this? Logging. If a h@xx0r cracks your box he can't erase anything that's already been written there. Often it takes a physical change (jumper, dipswitch, etc) to change from write-only to read-only making it pretty tough for the h@xx0r to cover his steps. Eh? Setting a flash drive to *write-only* would fix this how? Why would anyone want to make a flash drive *write-only*? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-] -- Joseph T. Klein +1 414 628 3380 Senior Network Engineer [EMAIL PROTECTED] Adelphia Business Solutions [EMAIL PROTECTED] ... the true value of the Internet is its connectedness ... -- John W. Stewart III
RE: Routers vs. PC's for routing - was list problems?
On Fri, 24 May 2002, Rowland, Alan D wrote: AFAIK standard (non-proprietary) CompactFlash, SmartCards, Memory Stick, et al, are seen as (removable) storage with typical allowed attributes. I can set a file/folder/card to 'locked' in my camera but when plugged into the computer this will show as 'read only.' read-only is a filesystem attribute. You can still format the card and kill the filesystem. Not good for a secure router. The only consumer flash card with physical write protect switch is the Secure Digital stuff, afaik. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Routers vs. PC's for routing - was list problems?
I would have to say for any Linux/BSD platform to be a viable routing solution, you have to eliminate all moving parts or as much as possible, ie. no hard drives because hard drives will fail. Not much you can do about the cooling fans in various parts of the machine though which routers also tend to have. Solid state storage would be the way to go as far as what the OS is installed on. You have to have something to imitate flash on the common router. Otherwise, if you can get the functionality out of a PC, I say go for it! The processing power of a modern PC is far beyond any router I can think of. I suppose it would just be a matter of how efficient your kernel, TCP/IP stack and routing daemon would be at that point. :) At 10:48 PM 5/22/2002, you wrote: On Wed, 22 May 2002, Andy Dills wrote: From the number of personal replies I got about these topics, it seems like many people are interested in sharing information about how to do routing on a budget, or how to avoid getting shot in the foot with your Cisco box. Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother with a linux box? Heh, at least use FreeBSD :) Before the dot com implosion, they weren't nearly that inexpensive. The average corporate user will also need smartnet (what's that on a 7200, a K or a few per year?) for support, warranty, and software updates. Some people just don't appreciate being nickled and dimed by cisco and forced to either buy much more router than they need, or risk ending up with another cisco boat anchor router when the platform they chose can no longer do the job in the limited memory config supported. I have a consulting customer who, against my strong recommendation, bought a non-cisco router to multihome with. It's PC based, runs Linux, and with the exception of the gated BGP issue that bit everyone running gated a few months ago, has worked just fine. It's not as easy to work with in most cases, but there are some definite advantages, and some things that Linux actually makes easier. They'd initially bought a 2621 when multihoming was just a thought, and by the time it was a reality, 64mb on a 2621 couldn't handle full routes. The CW/PSI depeering (which did affect this customer, as they were single homed to CW at the time and did regular business with networks single homed to PSI) was proof that without full routes, you're not really multihomed. -- -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re: Routers vs. PC's for routing - was list problems?
VA Date: Thu, 23 May 2002 09:26:41 -0400 VA From: Vinny Abello VA I would have to say for any Linux/BSD platform to be a viable I suppose it's been awhile since this thread has made the rounds, so I'll jump in for a moment... VA routing solution, you have to eliminate all moving parts or VA as much as possible, ie. no hard drives because hard drives EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. VA will fail. Not much you can do about the cooling fans in It's always nice if the CPU is happy with a big enough heatsink and no fans. VA various parts of the machine though which routers also tend VA to have. Solid state storage would be the way to go as far as VA what the OS is installed on. You have to have something to I think that 128 MB CompactFlash boards are $60 new now. I've not priced drives recently, but I'm sure they're similar. VA imitate flash on the common router. Otherwise, if you can get VA the functionality out of a PC, I say go for it! The VA processing power of a modern PC is far beyond any router I Yes and no. The central CPU, yes. The line cards, no. VA can think of. I suppose it would just be a matter of how VA efficient your kernel, TCP/IP stack and routing daemon would VA be at that point. :) You left out one critical thing: The bus/backplane. For DS1 service or a few DS3s, standard PCI will work fine. But once the bus is maxed out... you need something bigger (wider or faster bus) or better (cPSB ethernet midplane). Has anyone had the privilege of playing with cPSB gear? If so, I'd like to know what your experiences were... That said, I'm definitely a proponent of roll your own routers, although the great prices on used turnkey gear might just make RYO routing more expensive nowadays. (I assume that anyone clueful enough to build a router probably wouldn't need the bigger vendor service contracts.) Then again, if you need different behavior and can cut code, RYO is more flexible. -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
And that's MY real question. Who has actually done this in a production environment that can speak with some real experience on the topic? What can you replace with a linux box to route and run BGP for you in real life? A 7200? Bigger. I don't have the facilities to try these things out for real, and frankly would be worried about the uptime and finding the RIGHT PC hardware that isn't complete junk. So I guess it's really two questions: what is a PC capable of replacing as far as throughput goes, and just how reliable can a clone (or pick your manufacturer) be compared to a unit that was designed by electronic engineers to function as a 24x7 mission critical box? I've done it in a production environment and unless money was extremely tight I wouldn't consider doing it again. You will save on capital expediture but you need an army of resources to support it. When I did it, it was on NetBSD running GateD 3.x.x. And it supported in both cases two of the largest ISPs in Europe. There are more options now with Linux and Zebra etc but don't underestimate having to deal with PC issues and Unix issues. If your running LINUX you have to be subscribed to a million email lists to get an idea of issues etc and that takes up time. Anything above 200M-300Mbps then forget it, but as a cheap ethernet router its fine, and if it doesn't work you can always reuse the machines. I strongly recommend using an AWARD bios machine - everything else that I used had PCI bus timing issues. [ASUS motherboards were a good choice also]. Regards, Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Neil J. McRae wrote: I've done it in a production environment and unless money was extremely tight I wouldn't consider doing it again. You will save on capital expediture but you need an army of resources to support it. When I did it, it was on NetBSD running GateD 3.x.x. And it supported in both cases two of the largest ISPs in Europe. Good point, I also did this for cash reasons and would just buy hardware on the used market today. As far as OS, I was using stripped down FreeBSD. I started with Linux, but at the time they did not support radix trees so routing tables killed the box. If I HAD to do it again I would still say away from Linux. -Nathan
Re: Routers vs. PC's for routing - was list problems?
Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well. Tell that to Juniper. routing != forwarding routers have two jobs, both critical randy
Re: Routers vs. PC's for routing - was list problems?
ADC Date: Thu, 23 May 2002 14:30:16 -0400 ADC From: Anthony D Cennami ADC Not to say you can't route well with a linux or bsd system ADC you can but at the high-end probably not as well. ADC ADC Tell that to Juniper. Where can I buy their line cards for my PC? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
We've had some rather good success with PC based routers. Typical setup was FreeBSD 4.x, 512mb, 20gb RAID-1, 3com Gigabit Ethernet card, Fore Systems OC3 ATM card. All this, with zebra on top. It worked well for a long time, although it turned out getting deprecated because of some zebra issues (with ospfd. They (the problems) weren't confirmed by the zebra community but thats the only thing we could narrow it down to. ospfd would die periodically.) The line cards were bought off of eBay. We did VLAN trunking through the 3com GBE card to a Catalyst 3548. Did any rate limiting with DUMMYNET and ipfw pipes. Overall, the whole system worked great for a few months without human interaction, until the ospfd problems. Feel free to contact me off list if you have any questions. I dont know all of the exact hardware/software tweaking that were done; alot of them were left default, but i'll try to help. -- James Cornman [EMAIL PROTECTED] Net Access Corporation - http://www.nac.net/ On Thu, 23 May 2002, E.B. Dreger wrote: ADC Date: Thu, 23 May 2002 14:30:16 -0400 ADC From: Anthony D Cennami ADC Not to say you can't route well with a linux or bsd system ADC you can but at the high-end probably not as well. ADC ADC Tell that to Juniper. Where can I buy their line cards for my PC? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
As are f5 proeducts including bigip, 3dns and hmmm they make something else I forget:). On Thu, 23 May 2002, Brian wrote: bsd kernel eh? i believe netapp filers are based on that as well. Bri On Thu, 23 May 2002, Anthony D Cennami wrote: Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well. Tell that to Juniper. Scott Granados wrote: Remember that a pc may have some certain functions that are more powerful than a router but a pc is a much more general computer. Routers are supposed to be and usually designed to do one thing only, route, not play quake, balance your check book, browse the net, etc etc. So although for example a gsr-12000 may hhave a slower cpu than the machine on your desk it probably will route and pass more traffic than your pc ever will because of its design. Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well. On Thu, 23 May 2002, Vinny Abello wrote: I would have to say for any Linux/BSD platform to be a viable routing solution, you have to eliminate all moving parts or as much as possible, ie. no hard drives because hard drives will fail. Not much you can do about the cooling fans in various parts of the machine though which routers also tend to have. Solid state storage would be the way to go as far as what the OS is installed on. You have to have something to imitate flash on the common router. Otherwise, if you can get the functionality out of a PC, I say go for it! The processing power of a modern PC is far beyond any router I can think of. I suppose it would just be a matter of how efficient your kernel, TCP/IP stack and routing daemon would be at that point. :) At 10:48 PM 5/22/2002, you wrote: On Wed, 22 May 2002, Andy Dills wrote: From the number of personal replies I got about these topics, it seems like many people are interested in sharing information about how to do routing on a budget, or how to avoid getting shot in the foot with your Cisco box. Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother with a linux box? Heh, at least use FreeBSD :) Before the dot com implosion, they weren't nearly that inexpensive. The average corporate user will also need smartnet (what's that on a 7200, a K or a few per year?) for support, warranty, and software updates. Some people just don't appreciate being nickled and dimed by cisco and forced to either buy much more router than they need, or risk ending up with another cisco boat anchor router when the platform they chose can no longer do the job in the limited memory config supported. I have a consulting customer who, against my strong recommendation, bought a non-cisco router to multihome with. It's PC based, runs Linux, and with the exception of the gated BGP issue that bit everyone running gated a few months ago, has worked just fine. It's not as easy to work with in most cases, but there are some definite advantages, and some things that Linux actually makes easier. They'd initially bought a 2621 when multihoming was just a thought, and by the time it was a reality, 64mb on a 2621 couldn't handle full routes. The CW/PSI depeering (which did affect this customer, as they were single homed to CW at the time and did regular business with networks single homed to PSI) was proof that without full routes, you're not really multihomed. -- -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re: Routers vs. PC's for routing - was list problems?
JC Date: Thu, 23 May 2002 15:25:14 -0400 (EDT) JC From: James Cornman JC We've had some rather good success with FreeBSD based PC JC Routers. Typical setup was FreeBSD 4.x, 512mb, 20gb RAID-1, JC 3com Gigabit Ethernet card, Fore Systems OC3 ATM card. All JC this, with zebra on top. It worked well for a long time, JC although it turned out getting deprecated because of some JC zebra issues (with ospfd. They (the problems) weren't JC confirmed by the zebra community but thats the only thing we JC could narrow it down to. ospfd would die periodically.) The JC line cards were bought off of eBay. Yes, for = 155 Mbps, it works well. My intended point was that Juniper != PC. Yes, both are FreeBSD on x86, which works great. But PCs use the system bus, which is a much harsher limit than having a fast backplane or midplane that just switches data. As Randy said, a router must route _and_ forward. When PCI runs out of gas, you just can't push any more through it. Again: Anyone played with cPSB yet? It looks very promising... The sweet spot for building a PC-based router probably would be around 2x or 3x DS3 right now. 7200s have come down in price, but DS3 cards are still fairly valuable. (Not enough price difference in the DS1 game to make a PC-based router worth the effort on the low end... unless one is multihoming and needs more RAM than 26xx or 36{20|40} can hold.) I'm trying to remember what Buy It Now was on that M20 on eBay the other day... IIRC, it had 4x OC3 + 4x DS3 + 4x FE. JC We did VLAN trunking through the 3com GBE card to a Catalyst JC 3548. Did any rate limiting with DUMMYNET and ipfw pipes. JC Overall, the whole system worked great for a few months JC without human interaction, until the ospfd problems. How long ago was this? Zebra has been stagnant for nearly a year now, and my recollection was that late 2000 was when OSPF bugs were biting... -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
I agree with you on that. Hot swapability for various interfaces is something routers obviously have over PC's. Hot swap PCI is old news. True... unless going for 64 bit PCI at 66MHz... still it's obvious that routers are designed for one simple purpose and generally have larger backplanes to handle that. However, $ for $, even when buying used cisco gear at 80% off from dot-booms, a PC router will outperform any traditional router. I agree a router is probably more efficient in just routing packets, but in complex filtering or traffic manipulation/packet sniffing, a PC might have the edge. :) Yes, ipfw/dummy is very very cool. Like, inducing a few 100 msecs of latency to folks who don't pay on time :) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: I'm trying to remember what Buy It Now was on that M20 on eBay the other day... IIRC, it had 4x OC3 + 4x DS3 + 4x FE. $39,975 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2025155277 -- Dominic J. Eidson Baruk Khazad! Khazad ai-menu! - Gimli --- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
Re: Routers vs. PC's for routing - was list problems?
At 04:17 PM 5/23/2002 -0400, you wrote: I agree with you on that. Hot swapability for various interfaces is something routers obviously have over PC's. Hot swap PCI is old news. True, but not widely implemented in the standard PC market. If you want a server that has hot swap capability, you're likely paying a premium price for a lot of extra other features. It's not something you can typically just build yourself, and if you can you'll need a case that allows you easy access to swap the PCI cards. By the time you pay for an enterprise level server with this capability, I would rather have put the money towards a good router. True... unless going for 64 bit PCI at 66MHz... still it's obvious that routers are designed for one simple purpose and generally have larger backplanes to handle that. However, $ for $, even when buying used cisco gear at 80% off from dot-booms, a PC router will outperform any traditional router. At what speeds though? As you get into the higher gbic speeds, a PC doesn't have the backplane to cut it. Now if we're talking raw processing power, a PC can blow away a router in calculations per second any day. :) I agree a router is probably more efficient in just routing packets, but in complex filtering or traffic manipulation/packet sniffing, a PC might have the edge. :) Yes, ipfw/dummy is very very cool. Like, inducing a few 100 msecs of latency to folks who don't pay on time :) Hehehehe... Interesting approach. I find it more fun to just shut them off. It makes them take you more seriously. Unfortunately I would say only a small percentage of users, may 20% or so would even notice the latency issues if they were having them. They're more likely to complain about slow transfer speeds. That is even more fun and can be done on any traditional Cisco... Traffic shaping is cool but hindered by being limited to controlling outbound traffic on an interface. Rate limiting even more fun. Hmm... [exceed action drop] Why is there so much damn packet loss on my connection when I put traffic across it??? ;) Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Sorry if this is a basic question, but the only EIDE mass-storage devices I've used are more traditional drives. This would be a great solution for a Linux box I want to build as a bridge. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Steven J. Sobol wrote: On Thu, 23 May 2002, E.B. Dreger wrote: EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Why would you want to do this? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Routers vs. PC's for routing - was list problems?
SJS Date: Thu, 23 May 2002 17:23:43 -0400 (EDT) SJS From: Steven J. Sobol SJS Can you set flash drives to be write-only? Sorry if this is Depends on the drive, just like traditional HDDs. SJS a basic question, but the only EIDE mass-storage devices SJS I've used are more traditional drives. Why not partition wisely, then mount the desired partition as read-only? Or I guess one _could_ mount each partition as RO... But why? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
JKS Date: Thu, 23 May 2002 17:34:29 -0400 (EDT) JKS From: Jason K. Schechner JKS Why would you want to do this? JKS JKS Logging. If a h@xx0r cracks your box he can't erase JKS anything that's already been written there. Often it takes BSD enforces append-only when running proper securelevel. AFAIK, Linux lacks this attribute, and root can disable the so-called immutable attrib. JKS a physical change (jumper, dipswitch, etc) to change from JKS write-only to read-only making it pretty tough for the JKS h@xx0r to cover his steps. Why not log to an external bastion host? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: On Thu, 23 May 2002, E.B. Dreger wrote: EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Why would you want to do this? Duh. Sorry about the brainfart. I was about to launch into a long explanation of what I want to do when I realized I wrote write-only instead of read-only. I meant read-only. Note to self: Engage brain *before* fingers. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
At 02:28 PM 5/23/2002 -0700, Dan wrote: Why would you want to do this? Because flash has a limited number of writes. If you used it like a traditional file system, it would go kaput in no time. -- jb
Re: Routers vs. PC's for routing - was list problems?
Vinny Abello wrote: First off, you're right about moving parts generally being a bad thing. However, it is not always necessary to eliminate the hard drive. Two drives in a RAID-0 configuration may be reliable enough. Especially if the failure of a single drive sets off sufficient alarms so that it can quickly be hot-swapped for a new drive. I'm assuming you meant RAID-1. In RAID-0 if you 'swapped' any drive all your striped data is toast. ;) Oops. Yes. of course I meant RAID-1. Then there's the issue of the PCI bus. Standard PCI (32-bit 33MHz) has a theoretical maximum bandwidth of about 1Gbit/s. But you can never use all of a PCI bus's bandwidth, so actual limits will be less than this. True... unless going for 64 bit PCI at 66MHz... 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better than standard PCI, but hard to find on a PC-compatible motherboard, and expensive when you do find it. Enough bandwidth for 10 line-rate 100M Ethernet ports or six line-rate OC-3 ports (in theory, anyway). But not really enough for anything faster (OC-12 or GigE) if you want line-rate forwarding. -- David
Re: Routers vs. PC's for routing - was list problems?
Let me elaborate. I thought Steve was concerned about the limited writablity of flash. My thought was to build something like a Linux router, you'd have to load the OS into a RAMdisk (or something similar), and only write to flash when the config changed. Which means you'd need some sort of singular configuration file. But I was wrong. :) He meant read-only *back to lurk mode* -- jb At 02:49 PM 5/23/2002 -0700, Dan Hollis wrote: And making it *write-only* as the original poster asked, would fix things how?
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Jason K. Schechner wrote: On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: Can you set flash drives to be write-only? Why would you want to do this? Logging. If a h@xx0r cracks your box he can't erase anything that's already been written there. Often it takes a physical change (jumper, dipswitch, etc) to change from write-only to read-only making it pretty tough for the h@xx0r to cover his steps. Eh? Setting a flash drive to *write-only* would fix this how? Why would anyone want to make a flash drive *write-only*? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Jake Baillie wrote: the config changed. Which means you'd need some sort of singular configuration file. But I was wrong. :) He meant read-only I'm just throwing ideas out there. I could boot Linux off a floppy or a bootable CD and create a ramdisk upon bootup - Linux has always had this capability. I'm just a person who occasionally comes up with silly half-baked ideas and wonders if he can implement them. ;) And to be honest, I figured that having the OS boot off of some solid-state storage device would be useful... for something... -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: SJS a basic question, but the only EIDE mass-storage devices SJS I've used are more traditional drives. Why not partition wisely, then mount the desired partition as read-only? Or I guess one _could_ mount each partition as RO... But why? The box I want to build is passing packets between the rest of my network (and the public Internet) and one server that will hold sensitive data. It'll be a Linux box with the TCP/IP stack running in bridged mode, with two ethernet adapters installed. The box just needs to boot up and run. It doesn't need to log anything. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 05:47:40PM -0400, David Charlap wrote: 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better than standard PCI, but hard to find on a PC-compatible motherboard, and expensive when you do find it. Enough bandwidth for 10 line-rate 100M Ethernet ports or six line-rate OC-3 ports (in theory, anyway). But not really enough for anything faster (OC-12 or GigE) if you want line-rate forwarding. Why is this such a hard concept for people to grasp? If you just need to bat around a couple hundred Mbit, a PC based router could work beautifully for you. If you want to design a scalable but efficient system, you use dedicated hardware for the forwarding plane, cheap but powerful PC hardware for the control plane, and an ASIC to look at bytes in the header and come up with a destination interface. But Juniper has done this, so move on. I wish they would put a little more legitimacy on the Olive though, it could be a very useful product. Everything from very small guys who only need to move 100Mbit but who need more stability and policy power than a linsux box and zebra can provide, to the very big guys who could build a very beefy 2GHz box for computationally intensive tasks (like a route reflector). -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Re: Routers vs. PC's for routing - was list problems?
Speaking of which: I have been looking for a reasonable priced hardware ramdisk. The ones I've seen (albeit expensive) are essentially a brick with DIMMs in them, and have either a IDE or SCSI interface. Some have a battery to back them up for a few hours. Anyone got some pointers? On Thu, 23 May 2002, Jake Baillie wrote: Let me elaborate. I thought Steve was concerned about the limited writablity of flash. My thought was to build something like a Linux router, you'd have to load the OS into a RAMdisk (or something similar), and only write to flash when the config changed. Which means you'd need some sort of singular configuration file. But I was wrong. :) He meant read-only *back to lurk mode* -- jb At 02:49 PM 5/23/2002 -0700, Dan Hollis wrote: And making it *write-only* as the original poster asked, would fix things how? -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Dave Israel wrote: Then why ot boot from a CD-ROM? Sure, it moves, but only for the few minutes it takes to boot. Then it spins down and sits idle for the n days/weeks/months until the next reboot. It would probably last as long as the solid state drive, and would be cheaper. The big problem here, of course, is software upgrades. CD's were the other option I was considering. I'd rather use CD's because they are more durable than floppies. WRT software upgrades, the only thing I'd be rebuilding is the kernel - you rebuild the kernel, create an ISO filesystem, and rip it to CD... Personally, I'd just use a hard drive and initrd (under linux) and leave the hd controller out of the kernel. When it comes time to upgrade, reboot to an alternate kernel that has the hd support code. But that's more of a discussion for a Linux list than here. Yup. Topic drift... -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
Didn't National Semiconductor have a spec sheet for write only memory back in the late 70s or early 80s? I think they developed it for the NSA. --On Thursday, 23 May 2002 14:53 -0700 Dan Hollis [EMAIL PROTECTED] wrote: On Thu, 23 May 2002, Jason K. Schechner wrote: On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: Can you set flash drives to be write-only? Why would you want to do this? Logging. If a h@xx0r cracks your box he can't erase anything that's already been written there. Often it takes a physical change (jumper, dipswitch, etc) to change from write-only to read-only making it pretty tough for the h@xx0r to cover his steps. Eh? Setting a flash drive to *write-only* would fix this how? Why would anyone want to make a flash drive *write-only*? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-] -- Joseph T. Klein +1 414 628 3380 Senior Network Engineer [EMAIL PROTECTED] Adelphia Business Solutions [EMAIL PROTECTED] ... the true value of the Internet is its connectedness ... -- John W. Stewart III msg02224/pgp0.pgp Description: PGP signature
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002 18:01:03 EDT, Steven J. Sobol said: The box I want to build is passing packets between the rest of my network (and the public Internet) and one server that will hold sensitive data. It'll be a Linux box with the TCP/IP stack running in bridged mode, with two ethernet adapters installed. The box just needs to boot up and run. It doesn't need to log anything. I've heard tell that a good way to secure a Linux box that's doing this is to have it boot, set up the interfaces, set up iptables, and then do a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the way down, the kernel will happily forward the packets while being immune to exploits (since there's no processes running anymore). I haven't tried it, so I dont know if it works. Maybe there ARE cases where setting the default runlevel to 0 or 6 make sense. ;) msg02225/pgp0.pgp Description: PGP signature
Re: Routers vs. PC's for routing - was list problems?
Date: Fri, 24 May 2002 00:52:14 -0400 From: [EMAIL PROTECTED] I've heard tell that a good way to secure a Linux box that's doing this is to have it boot, set up the interfaces, set up iptables, and then do a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the way down, the kernel will happily forward the packets while being immune to exploits [ snip ] H. A most interesting thought. Even if that doesn't work, one could modify /sbin/init to suit one's needs; several variants for embedded systems already exist. -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
[ On Friday, May 24, 2002 at 04:50:27 (-), Joseph T. Klein wrote: ] Subject: Re: Routers vs. PC's for routing - was list problems? Didn't National Semiconductor have a spec sheet for write only memory back in the late 70s or early 80s? I think they developed it for the NSA. Not long ago I finished reading one of Stephen R. Donaldson's The Gap series (the second -- I don't know if I'll bother with more of them) where secure write-only core is said to be the foundation for interstellar security. Basically it's for keeping an unbreakable and unmodifiable record of all ship functions and communications. Only authorised police have keys to read it, but it supposed to be physically unalterable once written. Of course it turns out what's written to it is not quite so indelible as most people are lead to believe :-) -- Greg A. Woods +1 416 218-0098; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED]