One last note on Vyatta and Linux routing.... For low port count applications, most router OSs will be fine. But, as one approaches the 300mbps+ per port, and multiple ports, X86 systems run into processor issues regarding PPS and small packets. There were two ways to solve it. 1) Use NAPI. 2) Spread the networking load accross multiple processors. Basically if you have a 4 port Gig-E card, you use a quad processor and dedicate one processor to each of the ports. Or, if 12 ports, dedcicate 3 ports per core, Etc. For next generation routers Quad Proceesor technology is very relevent.
One thing that turned me away from Vyatta was that they started charging per processor licensing (yrly). Support for a QUAD processor got very expensive. I didn't see any reason to handicap my systems, to comply to a licensing issue, when QUAD processors themself were very cheap. I'm not sure on this, but I dont think teh community edition allowed mutli-processor, but maybe Glenn could clear that up. Many routers will work fine with a single or dual processor doing a gig or so of throughput with NAPI. So a single Core Vyatta system can push a lot of traffic. But, if you use a router system that can use multiple cores, you can better isolate the impact to your network segments under DDOS situations, since each nic has its own processor. It wasn;t a concern of peak throughout, it was a factor of how well the router could survive a harsh DDOS attack. Its one of the reasons that we build our own distro on straight Linux. I do not know if the other Linux Router solutions are imbracing the muti-core per NIC feature yet or not. But its a critical step for multi-Gig routing. When there is a 300-750mbps Apex on each NIC at a cell site, it becomes relevent for growth. The thing is... Its not like you can manually assign processors to NICs. Its like an automatic thing. So you need to know that each NIC has a processor, because you never really know where you are going to sell capacity on the network and where the DOS small packets will come from. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband ----- Original Message ----- From: "Josh Luthman" <[email protected]> To: "WISPA General List" <[email protected]> Sent: Saturday, April 03, 2010 12:25 PM Subject: Re: [WISPA] Vyatta? *Versions 3.10-20 (ish not sure exactly where) had a hell of a battle with x86 and multiple CPUs/cores. *I had some 1xx and 5xx boards that would lock up over time. *Nstreme2 (dual nstreme) locked up for me when I used it. *Wasn't it 3.20 that caused x86 to lock up if there was a simple queue? That was a fun one... The more you use (dare I say) any product the more flaws you find. Don't expect anything to be perfect, but rather find what fits best. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 “Success is not final, failure is not fatal: it is the courage to continue that counts.” --- Winston Churchill On Sat, Apr 3, 2010 at 12:20 PM, Robert West <[email protected]>wrote: > The only time I ever had a Mikrotik lock up was due to something stupid > that > I did, not the router. Rock solid when not configured by me. > > Bob- > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of [email protected] > Sent: Saturday, April 03, 2010 11:43 AM > To: WISPA General List > Subject: Re: [WISPA] Vyatta? > > I would have to agree. Have had routers doing lot of work that had uptime > over a year (one that almost hit 500 days but lightning got the better of > one ethernet port). The ones I seen problems it tend to be bad PC hardware > or lack of memory. One router I saw would experience issues where vlans > would die and ip's assigned to the vlan interfaces would go invalid. > Turned > out the unit had to little ram for what was going on on it (vlans, dns > proxy, queues, lot of firewall rules, layer 7 firewall rules, dhcp servers > and vpn server) installed more ram and unit ran flawless since (had 256MB > to > start with, 512MB improved but would occasionally still have issues and > need > reboot, 1GB and no issues after running for months). > > /Eje > Sent via BlackBerry from T-Mobile > > -----Original Message----- > From: Travis Johnson <[email protected]> > Date: Sat, 03 Apr 2010 00:12:38 > To: WISPA General List<[email protected]> > Subject: Re: [WISPA] Vyatta? > > Hi, > > I would like to be the first to say that the article about Skybeam seems > a little over dramatic. The quote that their Mikrotik routers had to be > rebooted every few days would indicate to me that they had hardware > problems, not software (Mikrotik) problems. > > I have Mikrotik routers on my network that have been up over a full year > without a single reboot or issue. The only reason it's only a year is > due to software upgrades. With over 200 Mikrotik routers on my network > (several moving over 100Mbps of traffic and 10,000pps daily and one > moving over 400Mbps and 100,000pps), I can tell you Mikrotik is one of > the most solid, reliable packages available. > > Yes, you are locked into their interface and CLI. Yes, it does have some > bugs and issues at times, but overall the best routing package I have > seen. > > Travis > Microserv > > Glenn Kelley wrote: > > Josh > > > > Largest difference I have seen is in regards to load (and cost) > > Freeware community editions ... well cost is pretty low - especially > > if you have vmware already running, xen running - or a good pc or > > server around. > > that being said > > > > Mikrotik from experience can choke on DDOS attacks above 100K pps on a > > dual xeon - with vYatta you don't see much of a load. > > > > A good study on this is with SkyBeam: > http://www.vyatta.com/downloads/casestudies/Vyatta_Skybeamcase.pdf > > > > might be worth asking them directly > > > > > > I'm not far from you if you want an in person overview :-) - thinking > > of hamfest > > > > I'm out in Court House - about an hour and 1/2 > > > > > > > > > > > > > > > > On Apr 3, 2010, at 1:10 AM, Josh Luthman wrote: > > > > > >> So who has used Vyatta and Mikrotik? Differences? > >> > >> On 4/3/10, Glenn Kelley <[email protected]> wrote: > >> > >>> vyatta overview: http://www.vyatta.com/products/index.php > >>> > >>> PFSense overview: http://www.pfsense.org > >>> > >>> > >>> On Apr 3, 2010, at 12:52 AM, Glenn Kelley wrote: > >>> > >>> > >>>> I love Vyatta. I love PFSense... I love a bunch of other > >>>> applications that can do this as well... BUT it might be worth > >>>> asking > >>>> what the job that you want the router to perform. > >>>> > >>>> While some may bash vYatta - > >>>> > >>>> Keep in mind - when the reload happened - they specifically did that > >>>> for their own Support Contracts ... folks that paid them - but yes > >>>> - a > >>>> major release required a reload. > >>>> I can tell horror stories about having to do this w/ Cisco Vax > >>>> 7200's 2650's and such as well. IOS updates do not always go as > >>>> well as they advertise... > >>>> > >>>> Why I do like vYatta is the simple fact they provide both the CLI > >>>> and > >>>> GUI - (command line interface and graphical user interface)... > >>>> > >>>> Here are a few reasons why folks in this board should consider > >>>> vYatta > >>>> community edition: (free) > >>>> > >>>> 1. Load Balancing > >>>> 2. BGP (Full ) > >>>> 3. vLAN - do vlans out to the radios > >>>> 4. PPPOE - if you wanted to use it > >>>> 5. Parental Controls > >>>> 6. Speed Control / Traffic Shaping - You can do this right on > >>>> your > >>>> router. > >>>> 7. SQUID - cache things vs hitting the web all the time for the > >>>> same > >>>> content (like windows updates, youtubes, etc ) > >>>> > >>>> > >>>> I resell vYatta paid version for those interested - but for most the > >>>> community center is just fine. The paid edition will give you all > >>>> of > >>>> the aforementioned with the ability to obtain paid support - and > >>>> this > >>>> is based upon the following: > >>>> > >>>> 1. what type of contract you have purchased > >>>> 2. severity of the request - (ie everything down vs just a feature > >>>> request) > >>>> > >>>> > >>>> > >>>> > >>>> that being said - WHAT ARE YOU TRYING TO DO ? > >>>> > >>>> If you have a simple setup - and just need full BGP - you might also > >>>> want to check out another Open Source Project called PFSense. > >>>> > >>>> PFSense is full FreeBSD - runs on most any x86 hardware. > >>>> I can help any of you with this as well. The PFSense book is a > >>>> great > >>>> place to start - and is written for someone who has never done > >>>> routing... > >>>> > >>>> one last thing about pfsense... Its a full bsd license - you can > >>>> even > >>>> rebrand it. > >>>> > >>>> I have a bunch of PF systems out in the field as CPE for firewalling > >>>> and such - all running under our logo and skin when a client logs > >>>> in. > >>>> a simple 1U rack mount makes that an awesome option - so does a > >>>> simple flash drive on a card in a box ... > >>>> > >>>> Ask questions if I can help either on or off list > >>>> > >>>> :-) > >>>> > >>>> Glenn > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > > ---------------------------------------------------------------------------- > ---- > >>>> WISPA Wants You! Join today! > >>>> http://signup.wispa.org/ > >>>> > > ---------------------------------------------------------------------------- > ---- > >>>> > >>>> WISPA Wireless List: [email protected] > >>>> > >>>> Subscribe/Unsubscribe: > >>>> http://lists.wispa.org/mailman/listinfo/wireless > >>>> > >>>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>>> > >>> > >>> > > ---------------------------------------------------------------------------- > ---- > >>> WISPA Wants You! Join today! > >>> http://signup.wispa.org/ > >>> > > ---------------------------------------------------------------------------- > ---- > >>> > >>> WISPA Wireless List: [email protected] > >>> > >>> Subscribe/Unsubscribe: > >>> http://lists.wispa.org/mailman/listinfo/wireless > >>> > >>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>> > >>> > >> -- > >> Josh Luthman > >> Office: 937-552-2340 > >> Direct: 937-552-2343 > >> 1100 Wayne St > >> Suite 1337 > >> Troy, OH 45373 > >> > >> "Success is not final, failure is not fatal: it is the courage to > >> continue that counts." > >> --- Winston Churchill > >> > >> > >> > > ---------------------------------------------------------------------------- > ---- > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > > ---------------------------------------------------------------------------- > ---- > >> > >> WISPA Wireless List: [email protected] > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > > > > > > > > > > ---------------------------------------------------------------------------- > ---- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > ---------------------------------------------------------------------------- > ---- > > > > WISPA Wireless List: [email protected] > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > ---------------------------------------------------------------------------- > ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > ---------------------------------------------------------------------------- > ---- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > ---------------------------------------------------------------------------- > ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > ---------------------------------------------------------------------------- > ---- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
