This year is the 10 year aniversary of Demon using NetBSD/GateD to talk BGP4 to Sprint, Pipex, JANET and GBNet on Sparc IPX and i486/DX2/66 boxes, 20,000 routes at the time as I recall. [10,000 new routes a year ?] PC's as routers is a good way to save a few pounds [dollars!] only if you don't expect ever to need more than about 100M - 200M of traffic through the box and this number is highly variable depending on the packet size and number of packets. When PCs are pushing alot of traffic Gaming type applications suffer really badly. But for a small organisation who just wants a cheap way of talking BGP4 to an upstream its a great solution. The issues that you hit tend to be maintaining the boxes well. If you have a Unix team already supporting Linux or BSD then this shouldn't be a large amount of extra work - you also need a decent test rig to test new versions of things, but that is true of any platform. You still get hit with the usual PC issues, disk drive failures occur and wierdness around disks and filesystems happen. If your PC router crashes reboots and decides to delete the inodes for your serial ports that connect your box to the Internet during fsck its a major annoyance and it usually happens 2 bottles of beer into a Friday night. Yes there are issues with flash cards but these are much more manageable. If you don't have a good unix team don't even think about doing this.
o) It has no features - not a problem for a lot of purposes
I don't think thats true. What features do you need?
o) On a standard PCI but your limit is about 350Mb, you can increase that to a couple of Gb using 64-bit fancy thingies
If you stick to ethernet but I've found that you run into other issues when you use gige [dodgy motherboards and hardware slow ram etc]. One motherboard manufacturer that I've found that is very good is ASUS but they haven't done too much 64bit wise.
o) This may be fixed but I found it slow to update the kernel routing table which isnt designed to take 120000 routes being added at once
Not my experience but I'd say that this is true with other platforms.
Icky, could perhaps cause issues if theres a major reconvergence due to an adjacent backbone router failing etc, might be okay tho
Alot of people don't need the full routeing table. If you are smart you should ask your providers to announce their own internal routes and a default route. Use those routes so that traffic to Provider A goes via Provider A and the rest really doesn't matter in most cases.
o) As its entirely process based it will hurt badly in a DoS attack
That certainly isn't true and will depend on the OS and the way you have set it up. It is possible to compile PPP [etc] into the kernel and run them in kernel space, I found this to be a requirement on E1 serial drivers and I would expect the same to be true of higher bandwidth drivers.
This is a show stopper. I need the box to stay up in an attack and be responsive to me whilst I attempt to find the source.
I'm not an expert in PC hardware, so I do struggle to work out the architecture that I need and I'm sure its possible to build boxes that are optimised for this purpose however I'm still not convinced that the box can keep up with the demands of day to day packet switching - I'd like to hear otherwise tho.. has anyone deployed a PC with Zebra that could switch a few Gbs, didnt suffer from latency or jitter or fail under a DoS?
I doubt it, but the fact is the other major routeing vendors haven't solved this either! Regards, Neil.