Hi, We're looking at using Mikrotik's RouterOS for some some sort of software routing solution as part of our network in combination with supervised layer3 switching doing most likely some sort of limited BGP. Does anyone else here run it? Is it any good? Is it better than e.g. vyatta? If RouterOS and Vyatta both suck, is there any decent software routing solution? Our network is small (4 /24s) and we only need to push roughly 1-2gbit at the moment. Experiences with both would be appreciated. Thanks! William
William Pitcock wrote:
Hi,
We're looking at using Mikrotik's RouterOS for some some sort of software routing solution as part of our network in combination with supervised layer3 switching doing most likely some sort of limited BGP.
Does anyone else here run it? Is it any good? Is it better than e.g. vyatta?
vyatta has some issues, but it's ok for a router optimizied linux distro...
If RouterOS and Vyatta both suck, is there any decent software routing solution? Our network is small (4 /24s) and we only need to push roughly 1-2gbit at the moment.
Experiences with both would be appreciated. Thanks!
haven't used routeros in a while but at the time it was inoffensive, it's not derived from a general purpose system so it's not something you bolt additional bits on if you need them. I actually use freebsd as a router on soekris, but I do need a general purpose os on the system as well.
William
On 18/08/2008, at 12:16 PM, Joel Jaeggli wrote:
haven't used routeros in a while but at the time it was inoffensive, it's not derived from a general purpose system so it's not something you bolt additional bits on if you need them.
RouterOS is Linux based. You're correct though, you can't bolt extra stuff on to it, though I'm pretty sure they do their own 'packages', so maybe 3rd parties can bolt stuff on that way? I dunno.
I actually use freebsd as a router on soekris, but I do need a general purpose os on the system as well.
I do this as well, works fantastically. I've got some build scripts that build NET4x01 images. Kernel and root filesystem in a single file, boot off a FAT32 formatted compact flash card with GRUB installed on it. Config in a single file (a filesystem image that gets mounted at boot time). IPv6 support. Packages go in a separate filesystem image per package, and get mounted at boot time, and added in to PATH etc. Package upgrades are a single file. Packages include Quagga, for example. XORP works as well, but it's super slow on 133Mhz Soekris hardware. Takes about 20MB on a CF card. Upgrade is much like any other embedded device - upload a single file, tweak your boot loader, reboot. Everything is nice and read only, so you don't have to worry about people fiddling with stuff they shouldn't and having it break on upgrade. Every bit of config is in the config image. Not really wanting to give it away publicly as I don't want to have to deal with supporting it, but if anyone wants it as a basis for your own thing drop me an email (nward@braintrust.co.nz please). ps. before someone accuses me of trying to sell stuff, I mean free as in beer. Cheers, -- Nathan Ward
On Sun, Aug 17, 2008 at 9:45 PM, Nathan Ward <nanog@daork.net> wrote:
On 18/08/2008, at 12:16 PM, Joel Jaeggli wrote:
haven't used routeros in a while but at the time it was inoffensive, it's not derived from a general purpose system so it's not something you bolt additional bits on if you need them.
RouterOS is Linux based. You're correct though, you can't bolt extra stuff on to it, though I'm pretty sure they do their own 'packages', so maybe 3rd parties can bolt stuff on that way? I dunno.
I actually use freebsd as a router on soekris, but I do need a general purpose os on the system as well.
I do this as well, works fantastically.
I've got some build scripts that build NET4x01 images. Kernel and root filesystem in a single file, boot off a FAT32 formatted compact flash card with GRUB installed on it. Config in a single file (a filesystem image that gets mounted at boot time). IPv6 support. [snip]
sounds a lot like Chris Cappuccio's flashdist[0], although that's OpenBSD-specific. (worth noting that I'm partial to OpenBSD here, for both the security track record and tools like pf(4), carp(4), OpenBGPD, etc.) [0]http://www.nmedia.net/flashdist/ -- darkuncle@{gmail.com,darkuncle.net} || 0x5537F527 http://darkuncle.net/pubkey.asc for public key
On 18/08/2008, at 5:20 PM, Scott Francis wrote:
sounds a lot like Chris Cappuccio's flashdist[0], although that's OpenBSD-specific.
(worth noting that I'm partial to OpenBSD here, for both the security track record and tools like pf(4), carp(4), OpenBGPD, etc.)
Yep, but no 6to4, which I needed. Also OpenBGPd/OpenOSPFd are a bit weird because OpenBGPd can't use the IGP metric in the path selection algorithm, as the kernel doesn't support metrics on routes. Quagga can do this obviously, as it is a single thing (well, all the kernel interface goes through zebrad). I also had some weird problem with how it would resolve recursive next hops, but I was using 6to4 addresses as next-hops, so I think that was part of the problem. Again, worked perfectly on Quagga. Oh yeah, it was trying to be too smart and resolve the recursive next-hop before installing the route in to the kernel, instead of installing the route and letting the kernel resolve it as it was forwarding packets. That broke because of how 6to4 and the routing table works in FreeBSD. Anyway, long story short, quagga did the job. Fine if you're doing vanilla BGP on a border router or something though, but doesn't work for me in a complex network. One cool thing about OpenBGPd is bgpctl irrfilter, which pulls in RPSL and does the business with it, and stuffs it in to your live BGP daemon. -- Nathan Ward
Joel Jaeggli <joelja@bogus.com> writes:
I actually use freebsd as a router on soekris, but I do need a general purpose os on the system as well.
Speaking of Soekris (and the PCEngines ALIX by extension, of which I have several): Does anyone know of a comparable small SBC that doesn't have crummy NICs? Not a big fan of those VT6105M chips. Extra points for the ability to do baby jumbo frames. Also, from time to time I have to reflash these to repurpose them (NanoBSD vs. pfSense vs. AskoziaPBX). It's a complete pain to disassemble their enclosures so I can get at the CF cards. I've often thought that if someone had whipped up a memory-resident image of something (anything, linux/bsd/whatever) that I could pxeboot, then I could just dd the new image in over the net. Haven't gotten around to doing that yet. Has anyone else? -r
On 19/08/2008, at 11:32 PM, Robert E. Seastrom wrote:
Also, from time to time I have to reflash these to repurpose them (NanoBSD vs. pfSense vs. AskoziaPBX). It's a complete pain to disassemble their enclosures so I can get at the CF cards. I've often thought that if someone had whipped up a memory-resident image of something (anything, linux/bsd/whatever) that I could pxeboot, then I could just dd the new image in over the net. Haven't gotten around to doing that yet. Has anyone else?
My thing is memory resident, the kernel and root fs are all in one file. That's not exactly hard to do. Not quite what you're looking for though, as config (including passwd etc.) isn't. Wouldn't be difficult to change though. Having said that, I strongly recommend getting your stuff to the point where it's a FAT formatted CF card, with a couple of files - 1 kernel, 1 filesystem image. Filesystem images are good. That way, you can mount your CF card somewhere, and 'reflash' from a live system. Just like, for example, a Cisco router. Upgrades are easy, just copy a new root FS+kernel on there. -- Nathan Ward
Nathan Ward <nanog@daork.net> writes:
On 19/08/2008, at 11:32 PM, Robert E. Seastrom wrote:
Also, from time to time I have to reflash these to repurpose them (NanoBSD vs. pfSense vs. AskoziaPBX). It's a complete pain to disassemble their enclosures so I can get at the CF cards. I've often thought that if someone had whipped up a memory-resident image of something (anything, linux/bsd/whatever) that I could pxeboot, then I could just dd the new image in over the net. Haven't gotten around to doing that yet. Has anyone else?
My thing is memory resident, the kernel and root fs are all in one file. That's not exactly hard to do. Not quite what you're looking for though, as config (including passwd etc.) isn't. Wouldn't be difficult to change though.
Having said that, I strongly recommend getting your stuff to the point where it's a FAT formatted CF card, with a couple of files - 1 kernel, 1 filesystem image. Filesystem images are good. That way, you can mount your CF card somewhere, and 'reflash' from a live system. Just like, for example, a Cisco router. Upgrades are easy, just copy a new root FS+kernel on there.
I already have filesystem images (both from other people and of my own manufacture). I'm not sure I'm down with the fat32 cf card concept though I can see where it could be useful. What I want to do is have a minimal functionality netbootable image that is sufficient to set up network interfaces and then do: ftp> get pfsense.img "| dd of=/dev/ad0" and completely blow away what's on the flash and replace it with something new (even via serial console over a networked console server from my desk, without getting up and going to my lab where I have a small herd of these puppies as packet pushers), but particularly without having to break out a screwdriver and a nut driver and pull four sheet metal screws, four machine screws, and two rs232 retaining screw standoffs. There is pxe in the bios on the ALIX... perhaps you know of something that's already pxebootable that will do this? ---rob
Am 19.08.2008 um 16:28 schrieb Robert E. Seastrom:
What I want to do is have a minimal functionality netbootable image that is sufficient to set up network interfaces and then do:
ftp> get pfsense.img "| dd of=/dev/ad0"
and completely blow away what's on the flash and replace it with something new[...]
There is pxe in the bios on the ALIX... perhaps you know of something that's already pxebootable that will do this?
FreeBSD (or alike) will happily boot from PXE, either with NFS root or with an in-kernel RAM disk image. Booting a kernel directly (instead of via loader(8)) is not officially supported anymore, but the last time I tried (around 6.2) it was still working. Stefan -- Stefan Bethke <stb@lassitu.de> Fon +49 170 346 0140
rs@seastrom.com ("Robert E. Seastrom") writes:
Joel Jaeggli <joelja@bogus.com> writes:
I actually use freebsd as a router on soekris, but I do need a general purpose os on the system as well.
Speaking of Soekris (and the PCEngines ALIX by extension, of which I have several):
Does anyone know of a comparable small SBC that doesn't have crummy NICs? Not a big fan of those VT6105M chips. Extra points for the ability to do baby jumbo frames.
http://www.plathome.com/products/microserver/obs/ -- Paul Vixie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
William Pitcock wrote:
Hi,
We're looking at using Mikrotik's RouterOS for some some sort of software routing solution as part of our network in combination with supervised layer3 switching doing most likely some sort of limited BGP.
Does anyone else here run it? Is it any good? Is it better than e.g. vyatta?
Hmmm...... the last time someone brought this subject up (hmmm mid July this year or so I think) it resulted in a 200 message thread. At least it felt like that. :) Anyway the thread was pretty informative. Check the archives for details. Check out quagga, xorp, click (a ucla project). Vyataa has evidently changed from Xorp to Quagga for the control plane if I read the messages and changelogs/release notes correctly. Feel free to post back with what you find or if you need additional resources. I'm sure others will post as well and give ya an earful :) -- Charles Wyble (818) 280 - 7059 http://charlesnw.blogspot.com CTO Known Element Enterprises / SoCal WiFI project
participants (8)
-
Charles Wyble -
Joel Jaeggli -
Nathan Ward -
Paul Vixie -
Robert E. Seastrom -
Scott Francis -
Stefan Bethke -
William Pitcock