Routing 3 /24's and a /26 using 3 3c905's. eth0 goes to the cisco->world.
eth1, eth1:0 and eth1:1 go to an ethernet switch that is serving machines
from the three /24's. eth2 goes to a hub for one of our co-location clients.
Attached is an mrtg graph from someone decided to throw about 8MB of
garbage our way for a few hours. This little linux router just sat there
and idled through it.
[root@core0-eth0]:~ # /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
Gateway-NET * 255.255.255.252 U 0 0 5 eth0
EZone-CoLo-2xx- * 255.255.255.192 U 0 0 97 eth2
2xx.xx.2xx.0 * 255.255.255.0 U 0 0 6189 eth1
xx6.28.xx.0 * 255.255.255.0 U 0 0 17 eth1:0
xx9.201.1x8.0 * 255.255.255.0 U 0 0 27 eth1:1
loopback * 255.0.0.0 U 0 0 0 lo
default core1-eth0-Ente 0.0.0.0 UG 1 0 286496 eth0
[root@core0-eth0]:~ # /sbin/ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
Routing 3 /24's and a /26 using 3 3c905's. eth0 goes to the cisco->world.
eth1, eth1:0 and eth1:1 go to an ethernet switch that is serving machines
from the three /24's. eth2 goes to a hub for one of our co-location clients.
I tried that several years ago and it blew up, I had to switch to FreeBSD.
At one point I had only PC routers in my network doing full BPG4. I even
had one at MAE-East that was peering with 12 providers at the time
including UUNet and MCI. I started to upgrade to DS3 and connect to
the rest of the NAPs, so I had to ditch them and go with the GRF. At that
time it had a Compaq desktop sitting next to it connected to the switch
with ethernet all I had to do was copy my gated configs.
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
255.255.255.255 0.0.0.0 255.255.255.255 UH 1500 0 0 eth2
xxx.xxx.xxx.64 0.0.0.0 255.255.255.240 U 1500 0 0 eth1
xxx.xxx.xxx.160 0.0.0.0 255.255.255.224 U 1500 0 0 eth2
xxx.xxx.xxx.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo
0.0.0.0 xxx.xxx.xxx.254 0.0.0.0 UG 1500 0 0 eth0
The 255/32 route is so that the isc-dhcp server on the box will work with
win95 clients. eth2 goes to a remote customer site via DSL. So they just
plonk win95 machines on their hub and dont have to do any configuration.
This machine is a 486DX/33 with 16mb ram. Even under heavy load between
multiple ether interfaces with lots of firewall rules (eg ping -f -s 1500
from one side of the router to the other) it rarely breaks 15% cpu.
Basically linux makes a _great_ multi-ethernet router.
We are also using Linux as routers/firewalls. Our twist is that the
boxes have no harddrives! Instead we have hacked the software a little
and now run 100% from CD-ROM. Bascially / is on a ramdisk. Our typical
box has a 60MByte RAM disk out of 128MByte total RAM. Very fast.
We can change config using ssh, save stuff using scp or make a new
CD-ROM from time to time. Either way, zero maintenance. No backups
necessary either. Works with any PC that will boot from a CD. One of
our beta testers says that a P2 266 will packetfilter 50MBit/sec easily.
Linux doesn't just kill Microsoft's NT and Solaris. It also eats
Cisco for lunch.
Email me if you think there would be interest in such a
"Linux Router/Firewall KIT". We are about to package a CD based
distribution plus a couple of the right Ethernet cards (this is key!)
and are looking for more beta testers.
Difference is that they are constrained by having to to fit everything
into 2MBytes.
Ours don't have that limitation. The box that I'm using right now loads
a 20MByte compressed RAMdisk from the CD. I also have /usr on the CD.
When running this looks like this:
sh# df
Filesystem 1024-blocks Used Available Capacity Mounted on
/dev/ram0 58087 37066 21021 64% /
/dev/hdc 536232 536232 0 100% /cdrom
Better? Performance is relative based on implementation. How many
platforms does FreeBSD support? NetBSD and OpenBSD both support tons of
platforms other than X86, as does Linux (the linux port to SGI appears to
be the strongest SGI port so far).
<disclaimer>
This is not directed to you specifically, but to the free UNIX-like
operating system supporters around the world.
</disclaimer>
It never ceases to amaze me how all the people who use free UNIX-like
operating systems must beat their chests and badmouth other operating
systems. I run several different flavors of UNIX and UNIX-like operating
systems at home and work. I've got IRIX 6.3, Solaris 2.6, Linux, OpenBSD,
and FreeBSD. So far the most flaws I've found in the free operating
systems are the characters of the people who write/contribute/support
them, not necessarily the operating systems themselves.
So you want to run *BSD? More power to you! Same with Linux! But
could we please all put our johnsons away, zip up, and get on with
something more costructive than arguing whether BSD is better than Linux?
There are drivers and documentation to be written and new features to be
added. Making petty jabs as to which OS is "better" just wastes time.
Linux has definitely come a long way in it's short life, and does a hell
of a lot compared to an operating system with roots in PDP systems whose
code has been around as long as it has. They both have their place, they
both work well in a lot of the same instances, and the both don't put a
dime in Microsoft's pockets [I dislike Microsoft mostly because of their
business practices and very few of their products are actually good. We
can define "good" somewhere else]. For the record, I personally like both
*BSD and Linux.
Discussions about OS superiority don't belong on NANOG, so let's take this
someplace else, please.
Linux has definitely come a long way in it's short life, and does a hell
of a lot compared to an operating system with roots in PDP systems whose
code has been around as long as it has.
I'll say!
[rirving@dryad rirving]$ uname -a
Linux dryad 2.0.27 #3 Fri Apr 18 11:03:29 EST 1997 i586
[rirving@dryad rirving]$ uptime
9:27am up 393 days, 21:33, 1 user, load average: 0.65, 0.66, 0.65
[rirving@dryad rirving]$
oh, please They both have their strengths and limitations, yadda
yadda, we should really at least pretend to be civilized here
obcontent: for folks wishing to play with insane packet forwarding rates
on pc gear check out Alexy's (linux's mad russian routing guru)
fastrouting hacks. 150k pps vanilla forwarding on pentium class machines
with tulip cards. in the 2.1 tree, along with many other nice routing
improvements.
Over here at Razorfish we've been using Linux boxen as Routers, Firewalls
and Crypto over IP Encapsulation Routers for about six months now. Its
fairly robust and pretty damn inexpensive ($550.00 and some elbow grease)
for what it delivers. We've managed to get everything we need into one
1.6mb floppy on Pentium 90 with 64megs RAM (3 in image) with two to four
ethernet cards in place. I'm fairly happy with its preformance and it does
beat in quality as well as price some of the solutions various networking
groups have made for the same requirements.
...Now all i need is a way to plug the thing into my PBX for intra-office
toll-free calls
Christopher
> >> >>> >> r a z o r f i s h , new york
christopher k. neitzert
[ director of information services ]
And for the record, if you read the first sentence of the post, I said
that this wasn't directed to just you, but to all the people who find it
necessary to talk smack about free UNIX-like operating systems.
Joseph Shaw - jshaw@insync.net
NetAdmin/Security - Insync Internet Services
Free UNIX advocate - "I hack, therefore I am."
