GigaRouter (Was Re: Cisco as Big Brother))

Paul A Vixie writes:

naturally you need to edit the hell out of /etc/rc to make it build a big
ramdisk, populate it from the Flash's binary tarball, and chroot to it
before starting gated. the chroot'd /etc/gated.conf should be a symlink to
a small config file system on a second ATA Flash. "/", even though a RAM
disk, is mounted read-only. system upgrades are done by powering off the
unit, replacing "drive 0" with an updated 20MB Flash card, and powering it
back up.

caveats: 20MB isn't very large for a BSD system, even with shlibs -- you

It's not at all clear that you need to chroot at all. And it's true that
20MB isn't much, but how much (outside of /) do you really need? Give
yourself a few MB of buffer cache and the speed of flash won't matter much
anyway. You can be damn sure you're not going to be swapping, and that's
as it should be, given what this device is doing. (If it's not a router
it's probably a nameserver, and neither wants to swap.)

Now, since it's a real unix, it would be nice if you could use all your
favorite utilities while doing administration. But that's not hard- temporary
NFS mounts aren't all that nasty, and if you don't want to jam up your
backbone with NFS, copy stuff via ftp into a tempfs.

have to be highly selective about what you take; also, for /var/log it is
probably a good idea to include a rotating magnetic media, unless you're
going to use syslog's "remote log server" mode, which since it's UDP is not
reliable enough for some forms of auditing that i've needed to design for.

Hm. Interesting. I wonder how hard it would be to make syslog use TCP? Not
very, I think. The only remaining fly in the ointment would be short-term
situations where you can't move bytes of the net fast enough. Switching
log devices to an MFS/tempfs file temporarily might solve that too.