What is good in modular routers these days?

Hi,

I'm looking for a Cisco 2600-like platform, except with the capability
of routing with gigabit and 10gigabit linecards (and not being EOL, of
course). Ideally it would be capable of doing full BGP tables in the
supervision engine, although that isn't necessarily a show stopper right
now. Lack of IPv6 support, however, is.

Does anyone even make standalone modular routers anymore? I don't need
or want switching capabilities as seen on say a Cisco 6500 series
platform, as my network topology would not benefit from that, and the
cost overhead would probably not justify having it anyway.

Right now we are using software routing appliances for this, but they do
not tend to fare well in high packets/second scenarios (e.g. inbound
DDoS attacks).

William

The Cisco ASR 1000 and the Juniper M7i/M10i routers are standalone modular routers capable of handling mpps in hardware.

There are no CPU based routers with proper 10GE forwarding capabilities that I am aware of, closest would be network processor based (which some might argue is a lot of CPUs in some cases, but it's not a 2600 type CPU anyway).

Single-thread CPU just isn't fast enough to handle the PPS involved (currently).

Date: Mon, 20 Jul 2009 04:45:17 +0200 (CEST)
From: Mikael Abrahamsson

There are no CPU based routers with proper 10GE forwarding
capabilities that I am aware of, closest would be network processor
based (which some might argue is a lot of CPUs in some cases, but
it's not a 2600 type CPU anyway).

Single-thread CPU just isn't fast enough to handle the PPS involved
(currently).

With a little creativity, it can _almost_ be done for IPv4.

With an efficient FIB algorithm, a single core on a Xeon 5400 will
exceed 30 million lookups per second for IPv4 -- full table and lots
of peers.

Of course, that fails to accomodate RIB maintenance and FIB updates. It
also doesn't take into account modern SMP CPUs; the RIB-handling code is
still under development.

Eddy

With a little creativity, it can _almost_ be done for IPv4.

That's most likely a big _almost_.

With an efficient FIB algorithm, a single core on a Xeon 5400 will
exceed 30 million lookups per second for IPv4 -- full table and lots
of peers.

When someone asks for "2600 class router" they probably also want WFQ/fairqueue/LLQ, L2TPv3, PPPoE and a heap of other things that impede pps quite a lot on a CPU based platform.

Of course, that fails to accomodate RIB maintenance and FIB updates. It
also doesn't take into account modern SMP CPUs; the RIB-handling code is
still under development.

If you can bring all (or most) of the IOS functionality into a modern Intel Xeon/i7 platform with all that memory access speed etc and you use all the cores efficiently, then you might be able to do a lot. I've heard a lot of claims before (Lule� Algorithm from Effnet for instance) but it never came to much because functionality/stability is everything, if I want a stupid pps forwarding device I might as well get myself an L3 switch, it'll use less power and have less parts that can break.

Date: Mon, 20 Jul 2009 07:31:13 +0200 (CEST)
From: Mikael Abrahamsson

> With a little creativity, it can _almost_ be done for IPv4.

That's most likely a big _almost_.

Maybe. And maybe I'm using worst-case synthetic test sets in addition
to real routing sets.

When someone asks for "2600 class router" they probably also want

"2600-like platform"

And I'm unaware of Cisco 2600-class routers that handle anywhere close
to 10 Gbps.

WFQ/fairqueue/LLQ, L2TPv3, PPPoE and a heap of other things that
impede pps quite a lot on a CPU based platform.

Perhaps the OP can clarify whether his omission of these was accidental,
because such features were assumed, or because he does not need them.

If you can bring all (or most) of the IOS functionality into a modern Intel
Xeon/i7 platform with all that memory access speed etc and you use all the
cores efficiently, then you might be able to do a lot. I've heard a lot of

And minimize both task switching and packets' in-queue time. I'm aware
of the requirements.

claims before (Luleå Algorithm from Effnet for instance) but it never came

I was unaware of Lulea. I've [obviously] not implemented it, and can't
comment on performance with modern loads and CPUs. However, it's
encumbered -- although I question the patent-worthiness of what I see
described. Route updates appear painful, which obviously would be
problematic. (I went down the painful-updates fox hole half a dozen
years ago. Yes, it's a dealbreaker.)

Other algorithms exist in the literature.

The truly insane might even be able to "strike gold" with a little
creativity.

to much because functionality/stability is everything, if I want a stupid

We also could argue the stability of the routers that he has used, and
of COTS boxes. I seem to recall having to load an interim IOS release
(on 2600-series boxes even!) due to instability.

pps forwarding device I might as well get myself an L3 switch, it'll use
less power and have less parts that can break.

Perhaps the OP can clarify his requirements. I understood him to want
low cost and high PPS, with IPv6 being mandatory. A list of priorities
and non-priorities might be useful.

I interpretted the post as being keen on high processing power and low
cost.

On a semi-related note: Has anyone dealt with Cavium (or similar) NICs?

Eddy

> Date: Mon, 20 Jul 2009 07:31:13 +0200 (CEST)
> From: Mikael Abrahamsson

> > With a little creativity, it can _almost_ be done for IPv4.
>
> That's most likely a big _almost_.

Maybe. And maybe I'm using worst-case synthetic test sets in addition
to real routing sets.

> When someone asks for "2600 class router" they probably also want

"2600-like platform"

And I'm unaware of Cisco 2600-class routers that handle anywhere close
to 10 Gbps.

Ideally the forwarding would be done with ASICs. The Cisco asr1000
class router seems to be what I'm looking for.

> WFQ/fairqueue/LLQ, L2TPv3, PPPoE and a heap of other things that
> impede pps quite a lot on a CPU based platform.

Perhaps the OP can clarify whether his omission of these was accidental,
because such features were assumed, or because he does not need them.

I don't need any of that stuff, just BGP, OSPF and fast packet
forwarding for IPv4. But the point is that I need only routing
functionality, I don't need switching functionality like on a Cisco
6500-class system.

William

I bet if you went and spoke to the right people in the correct
open source kernel/distribution project, -given the right clue-,
very fast forwarding and QoS could start appearing in *NIX OSes.

The problem I see is there's a lot of demand -once it is done-, but
no one org or group willing to pony up to see it happen.

The clue is out there. They're just looking for a way to pay the
rent.

Adrian

(Not looking to do this, I have enough going on atm..)

FreeBSD has done work to optimize for 10gbps and they have a nice
netperf cluster for testing
http://www.freebsd.org/projects/netperf/cluster.html#resources

From FreeBSD features | The FreeBSD Project - "10Gbps network

optimization: With optimized device drivers from all major 10gbps
network vendors, FreeBSD 7.0 has seen extensive optimization of the
network stack for high performance workloads, including auto-scaling
socket buffers, TCP Segment Offload (TSO), Large Receive Offload (LRO),
direct network stack dispatch, and load balancing of TCP/IP workloads
over multiple CPUs on supporting 10gbps cards or when multiple network
interfaces are in use simultaneously. Full vendor support is available
from Chelsio, Intel, Myricom, and Neterion."

FreeBSD provides support for 802.11q, bgpd, ospfd, pf(firewall) and
ALTQ(QOS) but since I haven't tested it I have no idea what kind of real
world performance you can get with all these features in use.

This is one group trying to pony up at least with support of many major
vendors.

mark

The main current funding source for work being committed back to FreeBSD's
10GE performance has a very big focus on server performance, not forwarding
performance. Hence the flow cache, which benefits TCP stream performance.

Adrian

I'm putting together a list of NMS systems for system (hardware, cpu util%, memory util%) and application monitoring rather than network management for our environment. We are looking for low cost / opensource solutions that have agents and/or reliable agentless monitoring for windows, linux and solaris hosts. I've put together a preliminary list, but was hoping that if someone has a solution they are happy with they would forward the info to me. Once I get the complete list, I'll re-post what I've found.

The list I have so far is:

Hyperic http://www.hyperic.com/
OpenNMS http://www.opennms.org/wiki/Main_Page
opsview http://www.opsview.org/
osimius http://www.osmius.net/en/
PandoraFMS http://pandorafms.org/
Zabbix http://www.zabbix.com/
Groundwork http://www.groundworkopensource.com/
Nagios http://www.nagios.org
Zenoss http://zenoss.com
OpManager http://www.manageengine.com
Orion http://www.solarwinds.com/products/orion/
BigBrother http://bb4.com/

Any others that should be added to the list to eval?

Argus http://argus.tcp4me.com

Andrew

Matthew Huff wrote:

Spiceworks?

http://www.spiceworks.com/

Sent while mobile

Munin

http://munin.projects.linpro.no/

Example: http://munin.ping.uio.no/ping.uio.no/dahl.ping.uio.no.html

Munin

http://munin.projects.linpro.no/

-> has a "api" to nagios

and cacti: www.cacti.net
(with add-on plugings, ie weathermap)

cricket: http://cricket.sourceforge.net/

munin, cacti and cricket are more graphing than alerting (nagios) systems

Kind regards,
   Ingo Flaschberger

WebNM + Denika + Logalot - set of
tools<http://www.plixer.com/products/index.php>

nfdump/nfsen, Stager, RANCID, RCS, CVS, or Subversion - these should all be included in any list of useful open-source tools for network operators, IMHO.

For networking stuff, see Joe Abley and Stephen Stuart's NANOG 26 Tutorial "Managing IP Networks with Free Software" -- http://www.nanog.org/meetings/nanog26/abstracts.php?pt=Nzg1Jm5hbm9nMjY=&nm=nanog26
Direct link to PDF: http://www.nanog.org/meetings/nanog26/presentations/stephen.pdf -- it's from 2002 and so a little out of date, but still a great read.

As for server / application / random other stuff (like printers and ups's and IP camera and the like), Zenoss is great -- its clean, simple, fast(ish), easy and pretty -- the last one happens to be important for some folks (esp in the enterprise world...)

W

Warren Kumari wrote:

As for server / application / random other stuff (like printers and ups's and IP camera and the like), Zenoss is great -- its clean, simple, fast(ish), easy and pretty -- the last one happens to be important for some folks (esp in the enterprise world...)

Just expect it to be run on linux; perhaps bsd. The last time I played with it, there were too many issues with getting it to run on Solaris 10 to bother. Don't get me wrong. When I installed nagios 3.1.2 yesterday, I had to make it understand that -lsocket was needed and copy snprintf.o from ./base to ./common where it was supposed to be compiled. Zenoss just wasn't an easy tweak. It's been awhile, but I suspect their install.sh was very linux centric and would have required a rewrite.

Jack

Hello,

As for server / application / random other stuff (like printers and
ups's and IP camera and the like), Zenoss is great -- its clean,
simple, fast(ish), easy and pretty -- the last one happens to be
important for some folks (esp in the enterprise world...)

We've looked at ZenOSS but couldn't get it to model the network.

From what we can tell, it couldn't handle the full routing table

on our core routers (there are six). If someone has successfully
done this, can you contact me off list?

Eric