[119182] in North American Network Operators' Group
Re: Failover how much complexity will it add?
daemon@ATHENA.MIT.EDU (adel@baklawasecrets.com)
Mon Nov 9 11:36:05 2009
To: <nanog@nanog.org>
Date: Mon, 09 Nov 2009 16:36:08 +0000
From: adel@baklawasecrets.com
Reply-To: adel@baklawasecrets.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Joe,
I agree with most of what you say below regarding linux sysadmin, BSD etc. =
I'm quite happy and actually would prefer building a linux solution on our=
own hardware. However, politically I think this is going to be difficult.=
I just feel that they will be more comfortable with embedded network boxe=
s as a pose to a linux solution. I guess what I'm saying is this is partia=
lly a political thing.
Adel
On Mon 3:20 PM , Joe Greco <jgreco@ns.sol.net> wrote:
> >=20
> > Thanks,
> >=20
> > I've taken your advice and decided to reconsider my requirement for a
> full=20
> > routing table. I believe I'm being greedy and a partial table will be=
=20
> > sufficient. With regards to Linux/BSD, its not the CLI of quagga that
> will=20
> > be an issue, rather the sysadmin and lack of supporting infrastructure
> for=20
> > Linux boxes within the organisation. So things like package management,
>=20
>=20
> You don't need to run Apache on your router.
>=20
> > syslog servers,=20
>=20
> If you didn't have syslog servers for the Cisco, you don't need one for=
=20
> the Quagga.
>=20
> > monitoring,
>=20
> If you didn't monitor the Cisco, you don't need to monitor the Quagga.
>=20
> > understanding of security issues etc.
>=20
> What security issues?
>=20
> The thing is, people get all tied up over this idea that it is some major
> ongoing burden to support a Linux based device.
>=20
> I have a shocker for you. The CPE your residential broadband relies on
> may
> well run Linux, and you didn't even know it. The wifi router you use may
> run
> Linux. There are thousands of embedded uses for Linux. I highly doubt
> that
> the average TiVo user has a degree in Linux. Many different things you
> use
> in day-to-day life run Linux, BSD, VxWorks, or whatever ... mostly
> without any
> need of someone to handhold them on security issues.
>=20
> Of course, security issues do come up. But they do with Cisco as well.=20
>=20
> A proper Linux router doesn't have ports open, aside from bgp and ssh,
> and
> those can be firewalled appropriately. This makes it very difficult to
> have
> any meaningful "security problems" relating to the platform...
>=20
> You can expect the occasional issue. Just like anything else. But trying
> to
> compare it to security issues on a general Linux platform is only
> meaningful
> if you're trying to argue against the solution.
>=20
> (I'm a BSD guy myself, but I don't see any reason for undue Linux
> paranoia)
>=20
> > I don't want to leave them with a linux/bsd solution that they won't be
>=20
> > able to maintain/manage effectively when I am gone.
>=20
> If they're unable to maintain something as straightforward as BSD or
> Linux=20
> when you're gone, this raises alarm bells as to whether or not BGP is=20
> really suited for them. BGP is *much* more arcane, relatively speaking.
> You can go to your local bookstore and pick up a ton of Linux or BSD
> sysadm
> books, but you'll be lucky to find a book on BGP.
>=20
> > Thanks for your comments. Look forward to hearing which solutions come=
=20
> > back into the mix having dropped the full routing table requirement.
>=20
> There's a whole plethora of BGP-capable gear that becomes possible once=
=20
> you make that call. Cisco and Juniper both make good gear. A variety
> of other mfrs do as well. Something as old as an Ascend GRF 400 (fast
> ethernet, line speed, 150K routes, ~1998?) is perfectly capable of
> dealing
> with the load, though I mention this primarily to make the point that
> there
> is a lot of equipment within the last decade that can support this.
>=20
> ... JG
> --=20
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> [1]
> "We call it the 'one bite at the apple' rule. Give me one chance [and]
> then I
> won't contact you again." - Direct Marketing Ass'n position on e-mail
> spam(CNN)
> With 24 million small businesses in the US alone, that's way too many
> apples.
>=20
>=20
>=20
> Links:
> ------
> [1] http://webmail.123-reg.co.uk/parse.php?redirect=3Dhttp://www.sol.net
>=20
>=20
