[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[safnog] Freeware/Open Source Software Routers

Hi Graham

If you want the one-big-config-to-rule-them-all software routing experience, you can buy a RouterOS or Vyatta license (maybe also Cumulus?). I happen to know that you use "the 'tik", so I'm curious to know if your question stems from frustration with the closed-ness of RouterOS?

I can add that my experiences building software routers with standard Linux distros has been generally good. I'm not too worried about not having a unified configuration, because each time I've taken this approach the routers were pets (not cattle). If the scale of the network was beyond something I could manage myself, I would only consider this approach if I was confident that I could hire the engineering staff myself from a suitably talented pool.

I have used Quagga (mostly ospfd and bgpd, but occasionally rip and ripng) on Debian, Ubuntu, Gentoo and Arch. The end result is suitably stable (especially with Debian/Ubuntu and Arch). The only differences really being in the RC and network configuration scripts, which now seems to be converging toward systemd and netctl. While netctl seems to be a bit immature, I'm satisfied that it is moving the the right direction. I do have a few tips with the Linux networking stack:

* When packets mysteriously disappear, check rp_filter. Think carefully before setting it to 0 (2 might be more appropriate).
* Without the one-big-config interface, it is essential to learn the iproute2 utilities (especially ip_link and bridge).
* Be aware that TCP MD5 signature support is often turned off in the kernel - you might need to recompile to make this work with Quagga/BGP.
* The IP route cache was removed from the kernel in 3.6, which changes the way IPv4 selects from multiple next-hops, so if you're looking to do anycast with Linux routing, look carefully at this.
* While trying to puzzle out netfilter, keep this diagram handy: http://inai.de/images/nf-packet-flow.svg

Some tricky routing setups that are impossible with Quagga can be implemented with BIRD, which rocks extremely hard. You can arbitrary connect multiple protocol instances to each-other and internal RIBs through "pipes" that can have scripting-style filters defined, and finally connect all of this stuff to multiple kernel routing tables.

The bad old days where Linux users were pining for netgraph seems to have passed. AFAIK the only thing where Linux has it's arse handed to it is when compared to MPD5 on FreeBSD for L2TP.

We could delve into countless subtopics here, like Open vSwitch, user-space packet switching, various VPN and tunnel solutions, network namespaces, CARP/VRRP implementations, multicast routing, PBR, funky QoS, IPv6, etc. I guess it depends on what you want to do with the box.

Regards,
Simeon.

On 08 May 2015, at 1:53 PM, Graham Beneke <graham at inx.net.za> wrote:

> A few people have suggested to me that my flavour of *nix or *bsd mixed
> with my preference of bird or quagga makes for a good software based
> router. I've worked with various combinations like this for various
> purposes and always found the configuration a little disjointed and
> cumbersome - lacking the kind of single config file that we've become
> used to on *insert big name vendor*.
> 
> Can anyone share experiences on deploying any of the numerous software
> based routing platforms. Particularly those that support things like
> VLANs/sub-interfaces, dynamic routing (OSPF and BGP) and IPv6.