Linux routers

Goldmember · January 2008

What happens when a "real" Linux router comes along?

or Linux code based switches?

Imagine the possibilities and competition for Cisco.

There would be many advantages

1) Interoperability with Unix/Linux servers(same code base)
2) Unix/Linux server engineers would be accustomed to CLI/Shell interface
allowing easier learning of router/switch commands
3) Lower pricing(possibly)
4) Open Source
5) Most Linux/Unix utilities would run natively on the router/switch

I look forward to change in the industry.

//Goldmember

dtlokee · January 2008

There are numerous "real" *nix based router systems and many of the advantages you have listed are really disadvantages if you think about it from a security point of view.

1. If they run TCP/IP per the RFCs they are already introperable, don't see what the advantage is there.
2. What about all the non Linux/UNIX engineers?
3. Lower pricing is a possibility but most likely at the expense of features or performance.
4. This is a disadvantage... who really knows who is writing and supporting this stuff, and how long they will continue to support it.
5. Again a disadvantage because this will open up more security holes on your infrastructure devices.

There was an article on Vyatta outperforming Cisco routers, you should look into it if you're serious.

sprkymrk · January 2008

Many firewall appliances from the big names already use embedded linux. Also, back in 2003, the Linux Router Project was started:

http://www.linux-vpn.de/lr101.php?s=about

Also for wireless:

http://openwrt.org/

Many other projects exist as well. Linux and open source just has a hard time competing for market share against empires like MS and Cisco. You can't market your product (even if it is better) without a lot of cash.

Goldmember · January 2008

dtlokee wrote:

There are numerous "real" *nix based router systems and many of the advantages you have listed are really disadvantages if you think about it from a security point of view.

1. If they run TCP/IP per the RFCs they are already introperable, don't see what the advantage is there.
2. What about all the non Linux/UNIX engineers?
3. Lower pricing is a possibility but most likely at the expense of features or performance.
4. This is a disadvantage... who really knows who is writing and supporting this stuff, and how long they will continue to support it.
5. Again a disadvantage because this will open up more security holes on your infrastructure devices.

There was an article on Vyatta outperforming Cisco routers, you should look into it if you're serious.

You bring up some points...

In response

2) What about all non Linux/Unix Engineers?
Would you want to count yourself among that crowd? IF you haven't worked with Linux to some extent or are not familiar with Linux/Unix on some basic level you are probably a disadvantage to your employer as an IT worker.

3) Lower pricing at the expense of features performance?
Maybe not. A freely available kernel with readily working code that is published and consisently updated will save costs.

4)Open Source...nobody will support it?
haha...Linux won't go unsupported anytime soon. The code base has been in existence and kernel has been worked for over 15+ years....Novell and IBM are some of the companies investing loads into Linux. Too funny

5) Security is always a concern, but that is offset by lack of knowledge. You can use Linux's existing code base and alter it to your choosing. This would essentially limit security holes if the developers assess the problems accurately.
I agree that the Cisco IOS source code not being readily available decreases security holes, but also agree that a solid developer can harden anything.

Essentially take from the deep resource that is the Linux OS, pilfer the proper code for your network devices and you have a code base that is consistently updated free of charge.

//Goldmember

sprkymrk · January 2008

Goldmember wrote:

You bring up some points...

In response

2) What about all non Linux/Unix Engineers?
Would you want to count yourself among that crowd? IF you haven't worked with Linux to some extent or are not familiar with Linux/Unix on some basic level you are probably a disadvantage to your employer as an IT worker.

3) Lower pricing at the expense of features performance?
Maybe not. A freely available kernel with readily working code that is published and consisently updated will save costs.

4)Open Source...nobody will support it?
haha...Linux won't go unsupported anytime soon. The code base has been in existence and kernel has been worked for over 15+ years....Novell and IBM are some of the companies investing loads into Linux. Too funny

5) Security is always a concern, but that is offset by lack of knowledge. You can use Linux's existing code base and alter it to your choosing. This would essentially limit security holes if the developers assess the problems accurately.
I agree that the Cisco IOS source code not being readily available decreases security holes, but also agree that a solid developer can harden anything.

Essentially take from the deep resource that is the Linux OS, pilfer the proper code for your network devices and you have a code base that is consistently updated free of charge.

//Goldmember

And in response to your response:

2) You missed his point entirely. Sure it would be nice if everyone knew linux. And Cisco. And MS. And physics. But we don't, so simply saying that a linux router would be an advantage for linux admins is only a benefit to linux admins. The same way a Cisco router is a benefit to cisco experts.

3) Hardware is still hardware. Cost may or may not be a big factor.

4) Traditionally and historically linux companies do not make there money "giving" away free software. They make money supporting it. Look at Novell and Red Hat. They make money (lots of it) through support contracts. If you want to trust your mission critical enterprise devices to the "free" linux support boards that have many more "home users" posting than they do professional level guys who know how to run large scale networks then you are braver than me. There have been many software projects abandoned by their developers (look on sourceforge) for various reasons - this is what he was talking about. Not about linux going away. I wouldn't laugh or make light of the possibility that the custom linux "router" software you got for free today might be abandoned next year - after you deployed it across your enterprise.

5) Once you have altered the code base, those updates will also have to be customised for your use. That makes a lot of work, and once you leave, will your replacement know how to do what you did?

dtlokee · January 2008

4. My point wasn't who will support linux but the router software itself. I have run into numerous problems with software that is developed for and given out for free and the autor(s) decide it is no longer in their interest to continue to support it. Imagine you are a company that has spent boatloads of money to deploy the *nix routers to find a year later that the company that wrote the software is not longer around or has drastically changesd it and the product is no longer what they need. Now what? Spend boatloads of money to install something else? Remmber even though the software is free the people to implement it are not. Many companies are not willing to risk their infrastructure to such a "what if". If you've gone through a risk assessment meeting in a large company you will understand these points. It's not as simple as "hey I read this website about this product we should use it in our production netwrok." It still needs to go through testing, people need to be trained on how to use and troubleshoot it, and many other steps before it is allowed into production. When a company is traded on the stock market it isn't a decision they will take lightly. I worked for a company where the stock plunged 30% after the stockholders report revealed several issues with the datacenter, 30% (it was justified because there were some major issues, like a water based sprinkler system.)

Goldmember wrote:

I look forward to change in the industry.

I am an advocate of open source software, but I sense a touch of the "anything but Cisco" tone to your post. Why would change be a good thing? There is already plenty of competition keeping the prices down and you have other choices than Cisco for your networking gear that are equally as good or better in some cases. Companies will leapfrog other companies then they wil be outdone by someone else only to be overtaken by yet another company... that is how it goes.

Other thoughts:

2. I own the my own company and I don't see anyone with limited to no linux skills as a "disadvantage" when they can run circles around anyone on the products they know well.
3. You re forgetting about all the "other" costs associated with implementations, it's not just about free software.
5. The more "stuff you put on a network device the less secure it becomes, no execptions. You increase the attack surface area of the device and open it up to more security holes and exploits. Security isn't just about the "code base" but what you put on top of it too. Again do you really know who wrote that piece of software that you are putting on your computer? Did it go through an aggressive battery of testing? or did it just compile and ship? If there are changes did it go through regression testing?

Goldmember · January 2008

dtlokee wrote:

Goldmember wrote:

I look forward to change in the industry.

I am an advocate of open source software, but I sense a touch of the "anything but Cisco" tone to your post. Why would change be a good thing?

Great post!

I actually love Cisco! I have an old Cisco longsleeve shirt I wear often. I swear by Cisco and believe in their company more then most.
I plan on getting my CCIE eventually and have worked with Cisco for over 7 years.

Anything but Cisco is not my motive. Quality products and good competition which results in fair prices and increased innovation is my motive.

I checked out the Vyatta website and read the white paper on Cisco vs. Vyatta.
Interesting stuff. Cisco is definitely putting themselves into a corner by using proprietary hardware. I still love Cisco and would work for their company if ever offered.

//Goldmember

mikej412 · January 2008

Goldmember wrote:

What happens when a "real" Linux router comes along?

My real UNIX Systems were routing IP Packets long before Cisco even existed as a company

And doesn't Juniper already use a BSD variant as their environment to program and instruct their hardware cards? But the BSD isn't doing the routing there either.

I don't have a problem with the performance you get from dedicated hardware devices and I certainly don't mind the security benefits.

marlon23 · January 2008

Goldmember:

It is just not a features and price of device what matters. Actually, these are the thinhs which matters the less. When deploying network you have to think in long term, as was mentioned, support, management,... and most importantly the value of that for your business. And Cisco is not a market leader becouse it has better devices in features, it is becouse they design them for a business, not geeks

I used to be also a GNU/Linux priest, but knowledge and experience opened my eyes

darkuser · January 2008

um ....

your desktop is a router
a 1 interface router with a ip add , default gateway
type route print.
the default gateway is really you're default route.

anyone ever heard of gated ?
add a couple of interfaces and you've got a router.

also switching is mostly done in hardware asic's
that's why you cant simulate in dynamips
you have to use actualy hardware switches.

but i get your point

Linux routers

Comments