Re: Best router solution

From: jpd (read_the_sig_at_do.not.spam.it.invalid)
Date: 03/19/05 

Date: 19 Mar 2005 21:07:51 GMT

Begin <1ad1e8b9.0503161513.17bdf56c@posting.google.com>
On 2005-03-16, Ghazan Haider <ghazan.haider@gmail.com> wrote:
> Wow, this just turned into a flamewar. Fabulous.
[massive snip]

And all that triggered by claiming something (well, obsd) to be ``the
best'', even while restricted to some area. It is a bit of a pet peeve,
but I'm certainly not the only one to harbour it: ``There Is No Best''.

obsd may well suit your needs. It may have a lot of pros going for it,
and all its competitors have only cons (which is not the case here, but
I digress), but claiming a ``the best'' is too simplistic and reeks of
k1dd13n3ss and cola affiliation.

> Now continuing the flame, and deconstructing your answers:
>
>> Begin <1ad1e8b9.0503141347.204b487d@posting.google.com>
>> On 2005-03-14, Ghazan Haider <ghazan.haider@gmail.com> wrote:
>> >> > OpenBSD has the potential of being the best routing platform.
>> >>
>> >> Only if you restrict your routing needs to no more networking than obsd
>> >> understands. And in that there's a few other contenders as well.
>> >
>> > It has the potential.
>>
>> And so do many others.
>
> For the networks that OpenBSD DOES understand, it can potentially be
> the cheapest and most scalable platform. I continue saying potential
> since I've never implemented one, in theory it seems exciting. You
> keep saying its no better, no better than what?

Nice turnaround, well done. Your ``the best'' implies that it is better
than what? All the others? Then why isn't it the last man left standing?
``It has the potential'' is a meaningless promise in this context.

No, I'm saying that there's more candidates than just this one for a
``the best'' label, implicitly referring to what I lined out above: It
may very well be a good router. Or an Excellent router. Whatever. But
there is no single universal ``the best'', except in myth.

[snippety]
> I WAS talking about router hardware and not workstation. OpenBSD
> doesnt have to be installed on 'router' hardware only to act as a
> router. PC components can be used to make a router. Next you mention
> reliability.

And so I did.

> You make no mention of how and why PC crap is crap.

This is the same as lamenting that I'm not specifying why eg cisco
has a bigger market share than obsd in the router market. There's
simply too many factors to mention here.

But I can give you a few: Take a router, and put it in some remote
location a couple of hundred km away in a secure(d) location, or at a
clients premises or something. Now try to access its bios through a
modem. You can do that with a cisco[1]

> You
> just assume, its not 'router hardware' so its gotta be crap.

Well, no. It's peecee hardware, so I know it is crap. Some of it is less
crappier, but it's been crap for what? 20 years? It has become much
faster in those years, and has gained a couple of features, such as a
clock, but still is crap. Here's why: The most widely used OS on such
contraptions, introduced well after that particular feature had become
standard on the class of machines, still can't make that clock tick
faster than 18.2 ticks a second, making accurate timekeeping a joke.
This kind of thing is very common with that OS. The very fact that this
OS is what most by far hardware of that class run, makes that many a
manufacturer --trying to keep costs down and margin up-- takes that as
the baseline to reach. They hardly ever reach further. Thus keeping the
crap down with its ilk. Crap breeds Crap.

So yes, peecees are utter and complete crap. And we run the world on it.
Great, innit?

> Funny my
> 'pc crap hardware' OpenBSD firewall has an uptime in excess of 200
> days, never given me a hardware problem,

So you were lucky. Relatively. I still remember when a fellow un*x
afficionado on irc was really sad. He lamented that there'd been a power
outage long enough to outlast the UPSen, and so everything had powered
off. Including a VAX11/750 with an uptime well in excess of five years.

Even un*x boxen, including mine --reaching uptimes of a year or
more without a sweat, the power company willing-- are relatively
unstable in that light. Nevermind that ye average peecee with the usual
excuse-for-an-os has been positively powercycling like a tornado in
comparison.

> and was a heck of a lot of
> cheaper than 'hardware' firewalls, some of which really have PC
> components in them. Cisco must have been completely nuts putting a 286
> in a pix.

They didn't. Their execs saw a product they wanted to sell and bought
the company. They do that more often. Recently they'd bought linksys
for their el-cheapo low-low-low end routing thingummies. This is one of
the few (the only one?) that hasn't actually been rebranded as cisco
after acquisition. Understandably. Altough I don't know what chip is in
there, the newer pixen (cute little boxes) aren't quite peecee hardware
anymore.

>> > I am aware of the hardware limitations of the x86, and all its
>> > inefficiencies. I only mentioned price.
>>
>> And I said that it isn't as cheap as you implied and now explicitly
>> said, for you need more hardware to achieve at least the same level of
>> reliability as some more usually used routing hardware. Cisco still has
>> quite a bit of market while being bloody expensive even with all the
>> extra features that peecee stuff simply doesn't have, or is only slowly
>> starting to acquire, AND their falling ios quality. Still, with all the
>> *BSDs and l*n*x*n Out There having Lots Of Potential In The Routing
>> Arena, it doesn't seem to matter much. How come?
>
> Hmm two or three more points there to refute, one point per paragraph
> could make our discussion clearer.
>
> x86 hardware can be efficient and reliable.

Efficient only in the sense of production volume; there's 20+ years
of cruft there, and they started with a Broken As Designed chip, too.
About the only decent thing in the original PC was the Z80 SIO, that
that's been long gone.

> As for reliability, plenty
> of x86 servers exist, at nice prices too I must mention. Cisco is
> expensive because they never used commodity PC hardware, designed
> their own so their IP remains exclusive. They couldve based their OS
> on the plethora of OSes out there at the time, but they needed to
> build IP, and they did.

I think their needs were a bit different than the picture you paint here.
At the time there was no good real time os (dos doesn't even count as
an OS, at all) that fits in cut-to-the-bone hardware optimized for one
thing and one thing only: switching packets.

The IP bit might've been a nice addition, but it wasn't the primary goal.

> Thats why they can jack up prices so high now,
> cisco technicians only know IOS. IOS only runs on cisco hardware, and
> cisco hardware only executes IOS which is only available through
> smartnet, which is expensive as hell. The routing market is
> monopolized by cisco, so technicians must learn cisco to get into it,
> and once theres a technician base, companies must buy cisco to
> leverage that. Its a way to make money.

That sure is. I've heard some very nice (for the stockholders) numbers
to be their margins, but paying through the nose for their hardware has
its advantages: You can buy the exact same hardware ten years after its
initial release. Nevermind that you'll be paying the same price, or that
the hardware is hopelessly outdated. For some shops this is important.

I agree they're expensive, and the software updates are way too
expensive, with quality falling. Still, they won't go bust in a day, and
that too is a big plus. Imagine: Oops! Our core network supplier has
gone bust! Now entire countries must plan to replace their entire body
of routing hardware with something from another vendor (provided one
will be there to cater to that volume). How soon? That depends on the
amount of hardware everybody has in stock locally. Oh, and with demand
suddenly seeking alternative sources, prices will soar. Oops.

Margin on such stuff is usually not very important for the buyer, since
even double the price for the hardware is not noticable in the total
bill once you calculate in the traffic involved.

> Go grab an IBM xSeries 206, and check its reliability.

I don't know about the 206. I do know about netfinity 4[05]00R and
xSeries 34[05]. They're nice, relatively, altough the BIOS could use a
good knock over the head and a ton of features added, as well as a good
kick in the *** (it is slooooooow to boot). Otherwise, it is fairly
good, as peecee crap for its timeframe goes. The add-in maintenance
stuff understandably doesn't run on intel but on powerpc, and if you
have it, it seems to be nice, but barely interoperable. BIOS upgrade and
maintenance tools are too micros~1 biassed for my taste and needs, and
idiosyncratic at best. ``mule-type stubborn'' and quite useless is more
often seen. But given the other stuff I get to deal with, it is doable.

> Lastly, I
> should mention OpenBSD runs on more than x86 hardware. It can run on
> similar PPC and MIPS chips, and not being IOS, will be free, while
> with OpenBSD people would be free to choose their hardware and
> architectures.

... as availability allows. Which is pretty much the weak point.

> Why doesnt the world switch to OpenBSD as a routing OS? Because it
> doesnt support in a standard way the various routing protocols, until
> now..... possibly.

Yeah, well, I'd like better hardware, too. But I don't see it a coming
too soon. Maybe if the mac mini becomes a real hit. But it is a bit
short on both network connectivity and expandability for a router.

[snip]
> BGP is a big name indeed. Hard to sell a high capacity router without
> this protocol. An OpenBSD router will likely be high-capacity, if its
> run on a Pentium3 or dual-Athlon64 chips even. Before OpenOSPFD and
> OpenBGPD, all we had really was routed, which provided RIP. Its quite
> tough to make routers with RIP alone, although in my sample labs, I
> setup my Pentium1s and sparcstations as static routers, and they
> worked beautifully. All ethernet, tokenring, SLIP and ATM. What was
> missing really was the routing protocols. Now we have BGP and a
> promise of OSPF, which, will be big news to me when released. Apart
> from the hardly-used IS-IS, I'll have a nice routing platform... given

And IPX, and SNA, and appletalk, and... If you're serious about
enterprise networking and routing that is.

> they can redistribute routes between the protocols with ease. OpenBSD
> being free software, would not die a corporate's death... and after
> OpenBGPD and OpenOSPFD will have a big edge over other BSDs and Linux
> in routing protocols.

Not really. All routing protocols really do is run the routing protocol,
and insert entries in the routing table, dynamically. More specifically,
it doesn't do the actual routing and switching of packets. This means
that any such program, as soon as it is open source, can be relatively
easily ported to most anything else.

I'd personally not run OpenBGPd on[2] OpenBSD, or even NetBSD. I'd prefer
FreeBSD, and not simply because I like that better as my dayly OS, (that
too, of course), but because of netgraph.

> Being able to run on commodity hardware, will be
> scalable and cheap.

Cheap only as far as the stuff happens to not be crap, or you're willing
to settle for maintaining crap. But I've explained that already.

Scalability only as far as the architecture can keep up. I mean, there
is no way you can get decent packets/second rates on 10gigabit speeds
out of even quad athlons. It isn't just megahertzen on the cpu or
even number of cpus. There's a reason for the existence of Content
Addressable Memory, multiple backplanes with bandwidths fit to build
contemporary dinosaurs with, and routing caches down to the port level
on ``real'' routing and switching hardware. And that with cpus that
seem very low on MHzen by contemporary standards[3].

There is _some_ merit in routing hardware being non-cheap, else nobody'd
put up with it. Some of it is even technical in nature.

> Combine the two and for many general purposes,
> including Internet backbone routing, OpenBSD can quite possibly.... be
> the best router.
>
> Thats what I meant to say. I can clarify that further on request.

And I still think you're up with your head in the clouds. I think I
clarified that. :-)

[snip]
>> >> > I'm personally
>> >> > very curious about OpenOSPFD and impatient about it. OSPF is the
>> >>
>> >> If you know lots about I'm sure you could try and help with the project.
[snip!]
>
> Once again, I'm saying:
> "Hey cool, we have this project. Maybe OpenBSD can be in yadda and
> yadda markets and possibly beat the other products in feasibility.
> Cant wait for OSPF".
>
> And youre saying: "Stop whining, if you want so and so, go program,
> else shut up".

Make that s/else shut up/then you'll get what you can't wait for that much
faster/. And yes, I can get away with that argument, just as much as you,
since it was implicit in the original statement and not spelled out.
More so than you, in fact, since I wrote it. :-)

> Think of what you said in which newsgroup.

I know in which newsgroup I'm posting. It is related to a volunteer-
driven project. Such projects generally only thrive because people
contribute (time to) code, and bugreports, and whatnot, to them.

Stating you want something is cool. Making it happen is mucho cooler.

>> >> > biggest interior routing protocol for many reasons. Apart from that
>> >> > we'd be left with IS-IS, but really, who uses that anymore? And does
>> >>
>> >> IPv6 is big on IS-IS. But who still runs RIPv1? Still, you seem to be
>> >> happy it is available.
>> >
>> > Who uses RIP? How about EVERYONE with Windows 2000, and EVERYONE with
>> > Windows XP Pro?
>>
>> Hm, I've got a network full of that but no RIP in sight. I'm not letting
>> those things route anything, though. Maybe that has something to do with it.
>
> You should give it a shot. Although I'm using a cisco as the router,
> its RIP redistribution lets all clients know where the default route
> is,

Yech. Sorry, I don't like that. I'm using DHCP for that anyway. :-)

> and where other internal networks of mine are. I dont have to
> configure each win2k and winxp machines anymore. Couple that with
> dhcp, it makes maintenance of large scale windows boxen, and switching
> ISPs easy.

Done that twice on static routing. Still using static routing. Hey, it's
only a /24, not such a big deal. :-)

>> > Any MCSE knows that c'mon.
[snip]
> Come on! Any MCSE knows that!

I'm not a MCSE, and I really have no intention to become one. Or come
near one, for that matter. Minesweeper is, even without a certificate,
brain-numbing enough as it is.

[snip]
> But not too slightly-informed. If thats naiive, you can educate all
> the spectators of this group including of course myself.

Oh, I think there's a couple more people in the froup that know about
the ``there is no best'' mantra. :-)

[snip]
> A bit of an and. It was more of OpenBSD as a general router than
> kicking ciscos ass, but I did mention kicking ciscos ass in price in
> the OP, and in hardware compatibility in this post. cisco makes
> firewalls. OpenBSD can be a firewall, better than ciscos IMHO. OpenBSD

Well, yes and no. In commercial support cisco is hard to beat. Writing
firewall software from scratch, OpenBSD has done more often and better.

> cant be a router primarily because of the lack of routing protocols,
> which it now has.... the rest is a matter of debate. I have my side.

Fine. I contend that just talking routing protocols alone does not a
router make.

[1] I'm not counting PIXes here. I don't know about those, nor do I want to.
    Besides, we're talking routers, not dedicated firewalls.
[2] Notice absense of linux here.
[3] Or should I say, ``intel marketing standards''? 

-- 
  j p d (at) d s b (dot) t u d e l f t (dot) n l .