In the light of people dicussing the hardware requirements for running
full mesh bgp with tcmd5 and minimal filtering I just have to point out
what we're doing here currently...
14 OpenBSD developers who hack networking stuff from all over the world
have flown in to enjoy 4 days of coding.
OF course we are also working on our bgpd. As we're a little low on
electrical power here we use a lot of small embedded machines - and I
have full mesh bgp sessions on quite some of those, using tcp md5sig
sessions of course.
check this out: http://somewhere.whereever/pic.jpg
that little green box bob and myself are holding in our hands has a
full feed. It is a 266 MHz Geode with 128MB RAM working off a CF card.
Getting the session established and the full table transferred takes
less than 8 seconds...
* Henning Brauer <hb-nanog@bsws.de> [2004-04-25 18:04]:
check this out: http://somewhere.whereever/pic.jpg
eek. that should have been
http://misc.bsws.de/img_1001.jpg
* Brad Knowles <brad.knowles@skynet.be> [2004-04-25 18:16]:
> * Henning Brauer <hb-nanog@bsws.de> [2004-04-25 18:04]:
>> check this out: http://somewhere.whereever/pic.jpg
> eek. that should have been
> http://misc.bsws.de/img_1001.jpg
Okay, so you've got the picture now. However, I'm sure that some
people are going to be interested in more details on the hardware --
you might want to tell them it's a Soekris net4501, or whatever.
it's a 4801.
Also, are you using the crypto accelerator for calculating the MD5
hashes?
no, we have no cards here currently.
yes, one can use freebsd as a router. and i think it's
kick-ass that md5 tcp is being worked to freebsd's normal
level of support. thank you!
but we need to not lose sight that the flavors of isps is a
bi-modal distribution; it's the labor/capex trade-off.
in my daytime-job network, hi-touch is just not a scalable
option, it's five nines and hands off. and i have to say that
different commercial router vendors vary in quality and
reliability. i rofl over the discussion here of using antique
cisco 750Xes.
in my personal research rack, it's a high-touch hodge-podge,
commercial routers, freebsd routers, and small routing toys
<http://wildlab.com/>. and this weekend i spent six++ hours
cleaning up a mess due to the colo provider being too cheap to
get both a/b power from the carrier hotel, so the one circuit
made a mess.
even in the developing economies, where labor is even cheaper
than here in george's economic disaster, folk trying to build
and maintain real commercial isps use real commercial routers.
and yes, they cost too <bleeping> much, are too large, take
too much power, and blow more heat than a vendor engineer
blows smoke.
randy
* Randy Bush <randy@psg.com> [2004-04-25 19:16]:
yes, one can use freebsd as a router. and i think it's
kick-ass that md5 tcp is being worked to freebsd's normal
level of support. thank you!
You're welcome, but our code goes to the OpenBSD reporsitory before the
others can pick it up.
even in the developing economies, where labor is even cheaper
than here in george's economic disaster, folk trying to build
and maintain real commercial isps use real commercial routers.
and yes, they cost too <bleeping> much, are too large, take
too much power, and blow more heat than a vendor engineer
blows smoke.
My main issue with those big commercial routers, especially those from
this San Jose based company, is the quality of their software.
You're welcome, but our code goes to the OpenBSD reporsitory before the
others can pick it up.
whoops! apologies to openbsd!
My main issue with those big commercial routers, especially those from
this San Jose based company, is the quality of their software.
quality? what quality?
randy
