Re: Failover how much complexity will it add?
Thanks, I've taken your advice and decided to reconsider my requirement for a full routing table. I believe I'm being greedy and a partial table will be sufficient. With regards to Linux/BSD, its not the CLI of quagga that will be an issue, rather the sysadmin and lack of supporting infrastructure for Linux boxes within the organisation. So things like package management, syslog servers, monitoring, understanding of security issues etc. I don't want to leave them with a linux/bsd solution that they won't be able to maintain/manage effectively when I am gone. Thanks for your comments. Look forward to hearing which solutions come back into the mix having dropped the full routing table requirement. Regards, Adel On Mon 11:45 AM , Joe Greco <jgreco@ns.sol.net> wrote:
Basically the organisation that I'm working for will not have the skills in house to support a linux or bsd box. They will have trouble with supporting the BGP configuration, however I don't think they will be happy with me if I leave them with a linux box when they don't have linux/unix resource internally. At least with a Cisco or Juniper they are familiar with IOS and it won't be too foreign to them.
On Sun 11:47 PM , Dale Rumph wrote:
What does your budget look like? A pair of Cisco 7246vxr's with G1's sitting on the edge of the network would be very effective and still allow expansion. Or you could go up to the 7609. However this gear may be slightly overkill. You might be ok with a 3660 enterprise and a ton of ram. I have done single sessions on them but not with the level of HA your looking for.
Just my 2c
You will laugh, but the budget at the moment looks like £13k. Impossible? Do only linux and openbsd solutions remain in the mix for this pittance?
No, you have the buy-it-off-eBay solutions as well. "Beware the fakes."
If they're familiar with IOS, then they can be familiar with Quagga about as easily as they could be familiar with a switch or other network gizmo that had a Ciscoesque CLI but wasn't actually Cisco.
You've painted yourself into a corner. I have a word for you:
Reconsider.
I don't care what you reconsider, but reconsider something. You can reconsider taking BGP with a full table. You can reconsider Quagga. Or you can reconsider your budget. This is the end result of the "pick any two" problem.
Most end user organizations have no need of full routes in BGP. To try to take them dooms TCAM-based equipment at some future point, though if you have a lot of money to throw at it, you can make that point be years in the future. It is essentially planned obsolescence. If you discard the requirement for full routes, you open up a bunch of reasonably-priced possibilities.
Finding someone knowledgeable in BSD or Linux isn't that rough. Unlike a Cisco 76xx router, the hardest part of a Quagga-based solution is finding the right mix of hardware and software at the beginning. PC hardware has a lot going for AND against it. There is no reason you can't make a good router out of a PC. If you buy the Cisco software-based routers, you're essentially buying a prepackaged version, except that it'll be specced to avoid any real competition with their low-end TCAM-based offerings. A contemporary PC can easily route gigabits. Vyatta makes what I hear is a fantastic canned solution of some sort, for a reasonable cost, and they will sell just software or software/hardware. If you really can't put it together yourself, there's someone to do it for you.
Reconsidering your budget is probably the most painful thing to do, but also opens up the "just buy big Cisco" option. I think my point here would have to be that what you're looking for would have needed big Cisco... ten years ago. Now, dealing with a few hundred megs of traffic, that's not that big a deal, the thing that's killing you is the BGP table size.
Your best option may be to see if you can settle for partial routes plus a default.
... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net [1] "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Links: ------ [1] http://webmail.123-reg.co.uk/parse.php?redirect=http://www.sol.net
Thanks,
I've taken your advice and decided to reconsider my requirement for a full routing table. I believe I'm being greedy and a partial table will be sufficient. With regards to Linux/BSD, its not the CLI of quagga that will be an issue, rather the sysadmin and lack of supporting infrastructure for Linux boxes within the organisation. So things like package management,
You don't need to run Apache on your router.
syslog servers,
If you didn't have syslog servers for the Cisco, you don't need one for the Quagga.
monitoring,
If you didn't monitor the Cisco, you don't need to monitor the Quagga.
understanding of security issues etc.
What security issues? The thing is, people get all tied up over this idea that it is some major ongoing burden to support a Linux based device. I have a shocker for you. The CPE your residential broadband relies on may well run Linux, and you didn't even know it. The wifi router you use may run Linux. There are thousands of embedded uses for Linux. I highly doubt that the average TiVo user has a degree in Linux. Many different things you use in day-to-day life run Linux, BSD, VxWorks, or whatever ... mostly without any need of someone to handhold them on security issues. Of course, security issues do come up. But they do with Cisco as well. A proper Linux router doesn't have ports open, aside from bgp and ssh, and those can be firewalled appropriately. This makes it very difficult to have any meaningful "security problems" relating to the platform... You can expect the occasional issue. Just like anything else. But trying to compare it to security issues on a general Linux platform is only meaningful if you're trying to argue against the solution. (I'm a BSD guy myself, but I don't see any reason for undue Linux paranoia)
I don't want to leave them with a linux/bsd solution that they won't be able to maintain/manage effectively when I am gone.
If they're unable to maintain something as straightforward as BSD or Linux when you're gone, this raises alarm bells as to whether or not BGP is really suited for them. BGP is *much* more arcane, relatively speaking. You can go to your local bookstore and pick up a ton of Linux or BSD sysadm books, but you'll be lucky to find a book on BGP.
Thanks for your comments. Look forward to hearing which solutions come back into the mix having dropped the full routing table requirement.
There's a whole plethora of BGP-capable gear that becomes possible once you make that call. Cisco and Juniper both make good gear. A variety of other mfrs do as well. Something as old as an Ascend GRF 400 (fast ethernet, line speed, 150K routes, ~1998?) is perfectly capable of dealing with the load, though I mention this primarily to make the point that there is a lot of equipment within the last decade that can support this. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
participants (2)
-
adel@baklawasecrets.com -
Joe Greco