Paul A Vixie writes:
[...] naturally you need to edit the hell out of /etc/rc to make it build a big ramdisk, populate it from the Flash's binary tarball, and chroot to it before starting gated. the chroot'd /etc/gated.conf should be a symlink to a small config file system on a second ATA Flash. "/", even though a RAM disk, is mounted read-only. system upgrades are done by powering off the unit, replacing "drive 0" with an updated 20MB Flash card, and powering it back up.
caveats: 20MB isn't very large for a BSD system, even with shlibs -- you
It's not at all clear that you need to chroot at all. And it's true that 20MB isn't much, but how much (outside of /) do you really need? Give yourself a few MB of buffer cache and the speed of flash won't matter much anyway. You can be damn sure you're not going to be swapping, and that's as it should be, given what this device is doing. (If it's not a router it's probably a nameserver, and neither wants to swap.) Now, since it's a real unix, it would be nice if you could use all your favorite utilities while doing administration. But that's not hard- temporary NFS mounts aren't all that nasty, and if you don't want to jam up your backbone with NFS, copy stuff via ftp into a tempfs.
have to be highly selective about what you take; also, for /var/log it is probably a good idea to include a rotating magnetic media, unless you're going to use syslog's "remote log server" mode, which since it's UDP is not reliable enough for some forms of auditing that i've needed to design for.
Hm. Interesting. I wonder how hard it would be to make syslog use TCP? Not very, I think. The only remaining fly in the ointment would be short-term situations where you can't move bytes of the net fast enough. Switching log devices to an MFS/tempfs file temporarily might solve that too. /a