From owner-freebsd-questions@FreeBSD.ORG Thu Aug 14 10:15:11 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8066C37B401 for ; Thu, 14 Aug 2003 10:15:11 -0700 (PDT) Received: from mail.mi.celestial.com (dagney.celestial.com [192.136.111.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id D258F43F75 for ; Thu, 14 Aug 2003 10:15:10 -0700 (PDT) (envelope-from bill@celestial.com) Received: by mail.mi.celestial.com (Postfix, from userid 203) id A216111F4CB; Thu, 14 Aug 2003 10:15:10 -0700 (PDT) Date: Thu, 14 Aug 2003 10:15:10 -0700 From: Bill Campbell To: freebsd-questions@freebsd.org Message-ID: <20030814171510.GA514@alexis.mi.celestial.com> Mail-Followup-To: freebsd-questions@freebsd.org References: <1060871994.5979.12.camel@alexandria> <3F3BA7D8.9060006@explosive.mail.net> <20030814111320.M20163@alpha.yumyumyum.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030814111320.M20163@alpha.yumyumyum.org> User-Agent: Mutt/1.4.1i Subject: Re: FreeBSD as router - performance vs hardware routers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd@celestial.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2003 17:15:11 -0000 On Thu, Aug 14, 2003, Kenneth Culver wrote: >> As a Note, the top end routers out there, Junipers, run JunOS, which is >> a FreeBSD variant. A Juniper M160 can route OC192's at wire speed >> (That's 10Gb/s folks). > >However, the way those are set up, FreeBSD doesn't do the actual routing, >as far as I can remember they upload a routing table to the line cards and >transfer any changes to the routing table to the line cards, so the >routing itself is done by high-speed hardware, and FreeBSD is mainly >managing all the custom hardware. We did a similar thing when I worked for >Ericsson with FreeBSD. ``Real Routing'' is usually not necessary on broadband connections since they use a single static route for everything outside the LAN. In fact, having things like RIP running around on an internal LAN can thoroughly confuse some things like the routed program on SCO OpenServer. The average broadband connection simply doesn't have the bandwidth to tax most PC architecture machines. Our first routers were MorningStar 501s, which were '386 based running some BSD clone from flash, and they handled a T1 adequately. Our current ``router'' is a PII 266 running Linux with a Sangoma WAN card connected to our T1. The load average is pretty constant at 0.00 with 99.2% idle time even though there are about 400 ipchains rules in play. If you're planning on using IPSec VPN tunnelling, then CPU power becomes important because it requires a fair amount of horsepower to handle then encryption. That said, we generally use the LinkSys BEFVP41 VPN boxes at customer DSL and Cable sites because they're simple, cheap, and easy to configure for the average user. Bill -- INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``It wasn't raining when Noah built the ark.''