At 01:10 AM 4/20/2003, Richard A Steenbergen wrote:
As much as I hate to say this, stock FreeBSD makes a terrible high performance router. The route-cache is horribly out of date with modern techniques, and there just aren't that many wackjobs out there trying to shove a hungred megs through a unix box to fully debug it (with the exception of a certain notoriously cheap people who will probably respond to this email talking about their success with FORE ATM OC3 cards :P).
Ok, I'll bite. We're routinely shoving 500mbps through our FreeBSD system running zebra, and we've never hit the 50% cpu mark. 3 GigE BGP peers passing me a full table and one GigE LAN interface, a few VLANs, lengthy IPFW rules, and tons of "count" rules so I can MRTG each IP passing through it. In some off network synthetic testing, I easily maxed out our GigE LAN interface before the router dropped a packet. All this on a $1800 Dell server with a $150 Intel PCI-X card slapped in there. This system's been up for 6 months now. Zero crashes, zero hung interfaces, zero problems. I'm not saying a FreeBSD+Zebra system is going to do everything that your high end router will, but I haven't run into anything that I couldn't find some way of doing with the tools that I had. IPFW, Dummynet, tcpdump and other tools that come "stock" have saved me quite a bit of effort over some other much more costly solutions that couldn't do some things that we depend on now. I know quite a few would consider this a bit of ghetto networking, but I've even worked out a pretty reliable hot-standby system for all our web servers by running zebra/bgpd on each of them and having them announce /32's for the IP's that the web server is listening on to a route reflector. Have another box setup as a standby system announcing the same /32 to our router with higher metric, and the failover is instant. No extra hardware, no fancy load balancers, and the web servers don't even have to know anything happened. Zebra/FreeBSD aren't the best things out there, but when you have essentially no budget, there are a lot of us out there who've figured out how to make our networks operate pretty well. I really don't mean this as a flame, Richard... Just that I think a lot of people out there have discounted this without trying it or researching what others have gotten to work. Not all of us have the luxury of working somewhere where not being "cheap" is an option. :) -- Kevin