What commercial routers have you worked with? What are the strengths and weaknesses of each one? Well, it seems that most everyone has worked with a Cisco [router] at some time or another. For the most part, no one has anything too negative to say about them. Cisco has done a good job of formalizing their production offering and standardizing what constitutes the day-to-day operations for network administrators. So Cisco offers consistency...
and supportability, but it comes at a cost. Actually, those costs are not just monetary. More importantly, there's the cost of loss of flexibility. You're constrained by the structure imposed upon you by the engineers at Cisco and their marketing department. I have had some truly terrible experiences with another commercial router from a vendor that has since been acquired. (Once burned, I haven't worked with the new vendor's version.) I'm sure that most network administrators can relate to having a critical system fail at the most inopportune time and then being given the runaround by a support center that you feel like you're single-handedly funding via your expensive support contract. With this vendor, I had to deal with that and generally shoddy management tools that provided very limited visibility into the router. What was the primary benefit of the Sangoma-based routing solution? It's hard to overstate how useful it is to have full access to the Layer 2 protocol on the wire when you're bringing up a new WAN link, or how convenient it is to be able to bring up a DNS server on an access router at a satellite office. The only weakness with a solution like the Sangoma offering is that you're responsible for hardware and software selection, which perhaps not everyone is ready (or willing) to do, particularly if you need hardware for a punishing physical environment. You also won't necessarily be able to have a single point of contact for support for a solution like this. For some corporate cultures, this is certainly [a] weakness. However, you can have holistic support and still remain in the Linux 'space' by going with a provider such as ImageStream. I haven't used their equipment in a production environment [yet] but have followed their product offering and get the strong impression that they are doing things right. What is there within the kernel itself? Within the kernel, there are several significant facilities, or building blocks beyond the routing table itself, that are critical and, like the kernel, rock solid:
- Netfilter (a.k.a. iptables) provides packet-filtering, network address translation (NAT), port forwarding, and general packet-mangling tools that can do most anything you can think of to an IP packet.
- Iproute2 offers both basic and advanced network configuration, including policy-based routing, tunneling and quality of service (QoS) packet classification.
- To run a dynamic routing protocol like OSPF or BGP4, the open-source routing daemon Zebra is what you want. This software handles the routing protocol and a configuration interface, communicating routing updates as required with the Linux kernel. It is used by many (I dare say most) who require those protocols on an open platform, including commercial Linux solution providers (like ImageStream).
- With the quite valid and perhaps overdue emphasis being placed on security nowadays, I favor FreeS/WAN, the open implementation of IPsec and related key-management tools. It's a core component of any standards-based VPN you'll run on your Linux router. (And you should be avoiding proprietary standards whenever possible anyway.)
For more information:
Linux networking tips: Practical Guide to Red Hat Linux, Chapter 9What are the most commonly used, and proven, Linux routing building blocks?
The first, and by far most significant, is simply the Linux kernel. Whether you've configured a couple of static routes, are doing dynamic routing with a routing daemon running in userspace or using kernel facilities like policy-based routing, it ultimately decides what to do with the packets. Even the most basic Linux image -- such as a simple floppy-based distribution with only the kernel -- a few command-line configuration utilities can perform sophisticated routing, network address translation, and QoS [Quality of Service] packet queuing.