Open source hardware

Hi,

a friend of mine mentioned he wants to migrate away from carrier grade
equipment such as Juniper and Cisco to open source hardware. Both of us
haven't been able to find anything that would fulfill the requirements that
a smallish ISP might have.

Does anybody here have any advise?

Kind regards and best wishes for the new year,
Daniël

Oplerno is built upon empowering faculty and students We want you to found
(and fund) Oplerno with
us<http://www.indiegogo.com/projects/oplerno-a-new-and-affordable-higher-education?utm_source=email&utm_medium=daniel&utm_content=signaturetext&utm_campaign=indiegogo>
[image: Support Us
Here]<http://www.indiegogo.com/projects/oplerno-a-new-and-affordable-higher-education?utm_source=email&utm_medium=daniel&utm_content=signaturecta&utm_campaign=indiegogo>

Have you looked at Mikrotik.com (Software) and Routerboard.com (Hardware)

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: Support@Snappytelecom.net

Maybe http://imagestream.com/ and their nice little toys like the
http://imagestream.com/samurai.php

That's not Open Source.

M​​

haven't been able to find anything that would fulfill the requirements that
a smallish ISP might have.

  The Cumulus guys might be able to provide some pointers ?

  http://cumulusnetworks.com/

Chris

I'm surprised nobody's mentioned vyatta.org or the new fork of VyOs. We are currently using the vyatta community edition and so far it's been good to to us. It depends on your hardware and how small of an ISP you are but it might be a great open source fit for you.

--Andrew Duey

I'm surprised nobody's mentioned vyatta.org or the new fork of VyOs. We
are currently using the vyatta community edition and so far it's been good
to to us. It depends on your hardware and how small of an ISP you are but
it might be a great open source fit for you.

The orig. author has potentially set course for a world of hurt -- if the
plan is to scrap robust packaged highly-validated gear having separate
hardware forwarding planes and ASIC-driven filtering, to stick cheap x86
servers in the SP core and internet borders.

Sure... anyone can install Vyatta on a x86 server, but assembly of all
the pieces and full validation for a resilient platform comparable to
carrier grade gear, for a mission critical network, should be a bit more
involved than that.

Next up.... how to build your own 10-Gigabit SFPs to avoid paying for
expensive brand-name SFPs, by putting together some chips, wires, fiber,
and tying it all together with a piece of duck tape....

just saying...

I use a RouterBoard with RouterOS and afaik not the hardware nor the software are open

-Jorge

Good point Jimmy, there is a world of hurt involved, although it may be
slightly less painless when you realize that the alternative is: "*the NSA
[who] has modified the firmware of computers and network hardware—including
systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper
Networks—to give its operators both eyes and ears inside the offices the
agency has targeted.*"[1]

There's already a world of hurt involved when you can't trust your
equipment because they potentially have backdoors in them.

D.

1.
http://arstechnica.com/information-technology/2013/12/inside-the-nsas-leaked-catalog-of-surveillance-magic/

Oplerno is built upon empowering faculty and students We want you to found
(and fund) Oplerno with
us<http://www.indiegogo.com/projects/oplerno-a-new-and-affordable-higher-education?utm_source=email&utm_medium=daniel&utm_content=signaturetext&utm_campaign=indiegogo>
[image: Support Us
Here]<http://www.indiegogo.com/projects/oplerno-a-new-and-affordable-higher-education?utm_source=email&utm_medium=daniel&utm_content=signaturecta&utm_campaign=indiegogo>

You actually buy brand-name SFP's? That's like buying the gold-plated HDMI
Monster Cable at Best Buy at markup ...

I just find the the companies that the vendors contract to make their OEM
SFP's and buy direct. Same SFP from the same factory except one has a
Cisco sticker.

You can even get them with the correct vendor code, been doing this for
years and there is no difference in failure rate or quality and we go
through hundreds of SFPs.

It is nice to have a solution provider if you're only looking at one unit,
but if you're deploying a large amount then building and testing your own
configuration really isn't that hard and will save you a lot of money. You
can even contract an OEM appliance vendor to take care of the actual build
for you and they'll usually provide 3-year replacement on the hardware.
(I've found "Sourcecode" to be the best price-wise for smaller projects).
As a bonus they'll slap whatever branding you want on the thing for that
professional touch.

Vyatta and now VyOS are important projects for networking. We really need
to get away from locked down non-free hardware and software for critical
infrastructure.

It's natural that most of the people in this community (myself included)
will be fans of companies like Cisco and Juniper and dismiss anything else,
but that mindset for me change when I deployed 100+ whitebox units 3 years
ago and saved nearly a million in the process.

Juniper is a FreeBSD shop, and Cisco's new OS lines are based on Linux.
Ciena is largely based on Linux as well. In poking around at these
platforms recently one of the big things I'm noticing is that there is a
lot less done in hardware than we traditionally saw, especially from Cisco.

Having your networking in silicon is great when you have a 100 MHz CPU;
Cisco even conditioned us to be terrified of anything being punted to CPU
by under-sizing and over-pricing their CPUs for years. But when you have a
modern server-grade platform, multi-Gigabit performance, even with
significant levels of packet processing and small packet sizes, is a joke.
So at least for the low end of the spectrum there is a huge savings for
equal (often better) performance.

As I mentioned before I haven't done much with 10-Gigabit, but I imagine
with Intel-based cards on a modern PCIe bus that you can at least get
entry-level performance. Sometimes the biggest push for 10G is avoiding a
2G or 4G port-channel.

With the new Intel DPDK stuff, Intel is claiming 80M PPS performance on a
standard Xeon platform:
http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/packet-processing-is-enhanced-with-software-from-intel-dpdk.html

Eventually, DPDK support will likely start being included in projects like
VyOS, perhaps in Linux in general.

As for VyOS, the project is starting to get some momentum and is run by
former Vyatta employees and even some people from UBNT. I think we'll see
some good stuff from them in the future. The 1.0 release is solid from
what I've seen (and even fixes some bugs Vyatta hasn't yet).

Vyatta and now VyOS are important projects for networking. We really need
to get away from locked down non-free hardware and software for critical
infrastructure.

It's natural that most of the people in this community (myself included)
will be fans of companies like Cisco and Juniper and dismiss anything

else,

but that mindset for me change when I deployed 100+ whitebox units 3
years
ago and saved nearly a million in the process.

If all you want to do is push regular packets around, these opensource
alternatives might be adequate to the task.

But many networks catering to business endpoints deal with private circuit
issues. Which generally leads to an MPLS/VPLS based infrastructure. Which
I havn't seen in a reliable opensource flavor. But I could be mistaken.

I'm surprised nobody's mentioned vyatta.org or the new fork of VyOs. We
are currently using the vyatta community edition and so far it's been good
to to us. It depends on your hardware and how small of an ISP you are but
it might be a great open source fit for you.

The orig. author has potentially set course for a world of hurt -- if the
plan is to scrap robust packaged highly-validated gear having separate
hardware forwarding planes and ASIC-driven filtering, to stick cheap x86
servers in the SP core and internet borders.

Sure... anyone can install Vyatta on a x86 server, but assembly of all
the pieces and full validation for a resilient platform comparable to
carrier grade gear, for a mission critical network, should be a bit more
involved than that.

Next up.... how to build your own 10-Gigabit SFPs to avoid paying for
expensive brand-name SFPs, by putting together some chips, wires, fiber,
and tying it all together with a piece of duck tape....

just saying...

  That does seem a bit harsh given there are numerous examples of companies out there successfully putting together and deploying their own switches/routers in production. It may require significant resources and not be for the faint of heart, but from what I've seen, its far from a bailing wire and bubblegum operation.

  --Tom

Juniper is a FreeBSD shop, and Cisco's new OS lines are based on Linux.
Ciena is largely based on Linux as well. In poking around at these
platforms recently one of the big things I'm noticing is that there is a
lot less done in hardware than we traditionally saw, especially from Cisco.

I'm not sure which platforms you refer to. But if we look at SP segment we're
talking about JNPR M, MX, T, PTX or Cisco ASR9k, NCS6k, CRS-1.

JNPR is indeed FreeBSD, but FreeBSD is used very sparsely, to boot box up and
to run RPD, which is essentially router-control-plane-in-a-process, it runs
all routing protocols and configures hardware.
ASR9k, CRS-1 run IOS-XR on QNX and NCS6k on Linux and there at least Cisco
capitalizes on OS scheduling, it's not single fat process on top of OS.

All of these boxes do all packet pushing in NPU (ezchip, trio, ichip...)

For IOS XE boxes, it's almost same as JNPR, except instead of single process
single threaded RPD, IOSd is actually running several threads.

by under-sizing and over-pricing their CPUs for years. But when you have a
modern server-grade platform, multi-Gigabit performance, even with
significant levels of packet processing and small packet sizes, is a joke.
So at least for the low end of the spectrum there is a huge savings for
equal (often better) performance.

Low end has always been using COTS CPU, RISC, PPC etc, so not much has changed
there. For low end, linux pc can be competitive in some applications.

With the new Intel DPDK stuff, Intel is claiming 80M PPS performance on a
standard Xeon platform:
Newsroom Home

DPDK is super interesting and it shows Intel is looking at the NPU market,
unfortunately these numbers have nothing to do with real-life application,
lookup against million+ routes, ACLs, QoS etc.
But maybe not in too distant future x86 Intel is usable as NPU, Intel seems to
be looking NPU market demands when designing new x86 chips.

Right now, if you need perfomance, you're going to have to buy something like
bcom chip and then cumulusnetworks linux on top of it, it's as close to 'open
source' as you're going to get with good performance.
And this is more or less DC stuff, SP market needs more intelligent chips than
those ASICs, and I don't think there anything 'open source' in the market
place for NPU stuff.

Why would you think other platforms would be any safer? The NSA plants those bugs with interdiction operations. They could similarly install eavesdroppers in the USB/serial links of your KVM switches and terminal servers and capture your root/admin/console passwords.

Dell, HP, Cisco, etc. were named because the leaked docs mention hardware-specific BIOS/firmware bugging such as ILO piggybacking in a Proliant. I think it's foolhardy believing they wouldn't have similar attacks for just about everything.

Highly unlickely they have similiar attacks for everything. They for sure can make em if they see fit but they dont have backdoors to everything.

// Arnd

No hands-on experience with Cumulus Networks equipment, but from what I have heard I like their approach to open hardware/software for routing equipment. It is flexible what you want to configure and run (all open source software). For the hardware switching support they license their Switch HAL module.

Cheers,

-- Benno

I love the notion of COTS control-plane software, it has potential to
fundamentally change the market dynamics.
COTS ASICs (bcom the most prominient) and COTS NPU (ezchip, xelerated/marvell)
have done lot of good to the market in terms of features/performance/price.

Right now some of the big name vendors are running really archaic and naive
control-planes, and it's hard for them internally to justify project to
rebuild it all, because customers will largely accept even the shitty
control-plane, because that is only thing you get with that hardware.

Company doing only COTS control-plane can't get away with shitty software,
it's their only product. And conversely, they can get away having many
generation of incompatible operating systems, as older customers will keep on
wanting+paying on the development of the older version while newer greenfield
customers will want to start with the latest generation.
This creates pressure on the established companies to have great
control-plane, not some 20 year old TTM house of cards.

In my opinion there is a clear difference between being targeted and having
a backdoor in your network equipment by default.

D.

To my surprise I am seeing a theme fatalistic acceptance in this thread, it
seems like some who have been kind enough to answer privately or publicly
are of the opinion that either everything is already backdoored by the US
designers and/or by the Chinese manufacturers. I doubt however that any of
these people would hand over their root passwords to the US or Chinese
government willingly.

A number have mentioned that if you are targeted there is little you can
do, and this is something that I agree with to a certain extent. This
doesn't mean you leave the barndoor open.

D.

Re: crappy control planes, I wouldn't particularly mind paying licensing
fees if there were a choice about what software to use. But there isn't
and you end up with with the worst of all worlds: no choice about which
particular control plane software (and consequently which bug+feature set)
you want to run, no incentive for vendors to deal with enhancements other
than on the basis of how much revenue they'll create in the next quarter,
and no option but to pay twice: once for the hardware and a second time if
you actually want to use it. Open source control planes may not fix all
these problems, but there is no doubt that they will put pressure on
vendors to compete on uncomfortably close turf.

Nick