PC Routers (was Re: /24s run amuck)

This year is the 10 year aniversary of Demon using NetBSD/GateD to
talk BGP4 to Sprint, Pipex, JANET and GBNet on Sparc IPX and i486/DX2/66
boxes, 20,000 routes at the time as I recall. [10,000 new routes a year ?]

PC's as routers is a good way to save a few pounds [dollars!] only
if you don't expect ever to need more than about 100M - 200M of traffic
through the box and this number is highly variable depending on the packet
size and number of packets. When PCs are pushing alot of traffic Gaming type
applications suffer really badly. But for a small organisation who
just wants a cheap way of talking BGP4 to an upstream its a great solution.

The issues that you hit tend to be maintaining the boxes well. If you have
a Unix team already supporting Linux or BSD then this shouldn't be a large
amount of extra work - you also need a decent test rig to test new versions of
things, but that is true of any platform. You still get hit with the usual
PC issues, disk drive failures occur and wierdness around disks and
filesystems happen. If your PC router crashes reboots and decides to delete
the inodes for your serial ports that connect your box to the Internet during
fsck its a major annoyance and it usually happens 2 bottles of beer into
a Friday night. Yes there are issues with flash cards but these are much
more manageable. If you don't have a good unix team don't even think
about doing this.

o) It has no features - not a problem for a lot of purposes

I don't think thats true. What features do you need?

o) On a standard PCI but your limit is about 350Mb, you can increase that to a
couple of Gb using 64-bit fancy thingies

If you stick to ethernet but I've found that you run into other issues when
you use gige [dodgy motherboards and hardware slow ram etc]. One motherboard
manufacturer that I've found that is very good is ASUS but they haven't
done too much 64bit wise.

o) This may be fixed but I found it slow to update the kernel routing table
which isnt designed to take 120000 routes being added at once

Not my experience but I'd say that this is true with other platforms.

Icky, could perhaps cause issues if theres a major reconvergence due to an
adjacent backbone router failing etc, might be okay tho

Alot of people don't need the full routeing table. If you are smart
you should ask your providers to announce their own internal routes and
a default route. Use those routes so that traffic to Provider A goes via
Provider A and the rest really doesn't matter in most cases.

o) As its entirely process based it will hurt badly in a DoS attack

That certainly isn't true and will depend on the OS and the way you have
set it up. It is possible to compile PPP [etc] into the kernel and
run them in kernel space, I found this to be a requirement on E1
serial drivers and I would expect the same to be true of higher
bandwidth drivers.

This is a show stopper. I need the box to stay up in an attack and be responsive
to me whilst I attempt to find the source.

I'm not an expert in PC hardware, so I do struggle to work out the architecture
that I need and I'm sure its possible to build boxes that are optimised for this
purpose however I'm still not convinced that the box can keep up with the
demands of day to day packet switching - I'd like to hear otherwise tho.. has
anyone deployed a PC with Zebra that could switch a few Gbs, didnt suffer from
latency or jitter or fail under a DoS?

I doubt it, but the fact is the other major routeing vendors haven't solved
this either!