[TriLUG] OT: Bridge/Advanced routing

Shane O'Donnell shaneodonnell at gmail.com
Tue Jul 5 12:33:41 EDT 2005


Jason's five points are solid, but I didn't want to miss an
opportunity to comment...

The first two are dead-on, especially assuming you aren't buying into
the big chassis system from Cisco.

The "better management" I'd argue is more of an "equally powerful
management", as things like MRTG are still just accessing the same
SNMP counters as a Cisco (or HP or Vendor X) tool would do.  The
differences are:

 - you _could_ co-locate the tool on the router itself, but arguably
that's a VERY bad idea (from a security perspective, if nothing else
-- network management and security often have conflicting goals, and
this is one of the prime examples)
 - Decidedly less costly (Cisco does offer similar functionality in
several pricy tools, although they aren't necessarily all available
for low-end routers)
 - Vendor support, training, etc (the de facto arguments for commercial vs. OSS)
 - Access to source, etc (the de facto arguments for OSS vs.
commercial solutions)

And yes, a modern x86 is more powerful than a 26xx series router, from
a processor perspective, but it can't touch the higher-end stuff,
especially as you get into the multi-service routers and high-end
stuff where new function introduces new dedicated processors.

To Jason's final comment -- he's dead on.  Cisco hardware is
good/popular/expensive because it does what it does very well and very
reliably.  If your reliability needs and personal skill set meet at a
point where a Linux/xBSD box makes sense over a 26xx box -- go for it.

So, please don't interpret this as dissention with Jason's note--just
a clarification/commentary.

DISCLOSURE:  I'm a Cisco employee and I'm hoping that by posting this,
the stock price will go through the roof.  I'm also not holding my
breath.

Shane O.

On 7/5/05, Jason Tower <jason at cerient.net> wrote:

<snip>
> 
> this is sage advice, although there are valid reasons for using a *nix
> box as a router or firewall in some situations:
> 
> - lower cost
> - easier add multiple interfaces
> - better reporting and monitoring (mrtg, iptraf, ethereal, tcpdump)
> - more powerful than a traditional router
> - arguably easier to work with *nix than IOS
> 
> the biggest problem is reliability - cisco hardware is inherently more
> reliable than most x86 stuff, primarily due to simplicity and quality of
> components.  we (partially) get around that by building our routers and
> firewalls on old sparcstations running openbsd (passively cooled cpu,
> scsi hdd).  they're quiet, bulletproof, can be accessed via serial,
> totally stable, and can do -anything- we ask.

</snip>



More information about the TriLUG mailing list