Open-source is everywhere -- operating systems, application software, development tools. So why not routers, too?
It's a question that Sam Noble, senior network system administrator for New Mexico Supreme Court's Judicial Information Division, pondered while looking for a way to connect courthouses statewide to a new centralized case management system. Noble sought a DSL router that would be affordable and customizable, but found that the ISP-supplied modem lacked remote monitoring of local link status. This was vital, in his opinion, so the division could monitor the status of the DSL connection at each of several layers lower than just the 'Can I pass traffic?' test that one is limited to using the ISP's modems, Noble explains.
Another alternative, adding ADSL cards to the legacy Cisco Systems' 2600 Series frame-relay routers used at some courthouses, provided the necessary visibility, but the elderly devices lacked enough power to support firewall performance. A third alternative, Juniper Networks' NetScreen SSG20 firewall/router with an ADSL option, "lacked many of the features we wanted, like full-featured command lines and unlimited tunnel interfaces," Noble says.
Frustrated, Noble decided to investigate yet another option: open-source routers. Aware of the open-source movement's impact on technologies ranging from server platforms to VoIP telephony, he decided that an open-source router ultimately could turn out to be a smart, flexible and cost-effective choice. Curious, he downloaded software from open-source router vendor Vyatta onto a laptop and ran some preliminary tests.
"I was especially interested in whether the administrative interfaces were complete and feature-full," Noble says.
Impressed by the initial results, Noble created a prototype site in Santa Fe to study performance, the Vyatta routers' ability to work with existing technologies and cost-effectiveness. "We needed somewhere to bring up a DSL connection for testing and to work out the best configuration without impacting our production network," he says.
Noble quickly decided the open-source router provided the exact capabilities he wanted. "Vyatta offered us functionality that would have been unavailable or very costly to add to Cisco or NetScreen equipment," he says. These functions include support for Border Gateway Protocol (BGP) -- the core Internet protocol that allows decentralized routing -- VPN concentrator for additional security, URL filtering -- again, for security -- and packet capture.
All told, Noble says, "It was a great fit."
In April 2008, Noble began deploying Vyatta 514 router appliances to an average of two sites each month. When the project is completed within the next year or so, 40 to 50 sites around New Mexico will be connected to the Santa Fe-based centralized case management system.
Noble is part of a small but growing number of IT managers eschewing proprietary routers in favor of open-source alternatives. (For a list of alternatives, see sidebar.)Seeking cost savings, better features and enhanced customization capabilities, these IT managers are on the front edge of a wave that's bringing open-source technologies and practices into network routing.
Open-source routers come in three basic forms: software that transforms a standard PC or server into a combination router and firewall, firmware that can be inserted into an existing router and appliances that come with open-source routing software pre-installed.
Mark Fabbi, a Gartner Inc. analyst, sees significant potential for open-source routers, particularly for enterprises in fields such as retail and food services that need to connect thousands of sites without breaking the budget on proprietary gear. "You think of a McDonald's or a Burger King [where] there are tens of thousands of franchisee-type locations, but you still want them connected," he says.
In other industries, the technology is well-suited for server-based routing applications, Fabbi says, including virtualization.
He notes that virtualized router applications are limited only by developers' imaginations. "Sometimes it's something as simple as a distributed print server, other times it's a video distribution caching -- it could [also] be for DNS and DHCP services in a branch office," he says. "There are a whole bunch of things that you can do."
Matthias Machowinski, an analyst at Infonetics Research, says open-source routers can handle enterprise-level workloads. "If you have reasonable requirements -- a regular-sized office or a normal amount of traffic -- then performance wise, they should be able to handle the traffic load," he says. The only exceptions he sees are for enterprises that run an extraordinary amount of traffic, such as video content distributors.
Open-source routers also hold their own on the feature front, Machowinski says. "They started out not being as feature-rich as some of the mainstream commercial [products], but open-source router vendors have narrowed that gap," he says. "They [now] pretty much offer everything that you would expect to have on a routing platform."
Open-source router choices
Open-source router market leader, Belmont, Calif.-based Vyatta, sells systems that scale from the branch office to the enterprise. "Vyatta is certainly the headline name behind open-source networking," says Mark Fabbi, a Gartner Inc. analyst.
Yet, despite a steadily rising profile and a growing number of adherents, open-source routers aren't likely to topple the market status quo anytime soon. That's because the open-source field remains microscopic when compared to proprietary vendors, particularly router giant Cisco, which holds around 80% of the overall market. But even Cisco has recently begun making overtures in the open-source world.
Managers embrace open-source routing for different reasons. New Mexico's Noble says pain-free customization is the technology's biggest benefit. "The flexibility of having a free software stack built into our routers will let us make a small change -- a tweak -- or an addition, and be able to continue with minimal impact on long-range plans."
Barry Hassler, president of Hassler Communication Systems Technology, Inc., an ISP and network designer in Beavercreek, Ohio, is relying on Iproute, a Linux-based routing technology, to give his customers enterprise-level Internet access at an affordable price. "I'm using standard PC hardware, running Linux, with the routing functionality built in," he says. "What we're doing with these boxes is routing among multiple interfaces, which is fairly standard routing, but beyond that we're also able to do bandwidth management."
Hassler says his customers can order up whatever amount of bandwidth they need. He's able to give a particular client, for instance, a 5Mbps by 5Mbps connection, where another client may only want a common DSL type of speed of 1.5Mbps by 5.12Kbps, he explains. Hassler says saving money was another reason why he turned to open-source routers. A comparable Cisco router would cost more than twice as much as the Linux-based router he chose, Hassler says. "That helps keep costs low," he says.
Adam Tucker, a network engineer at CMIT Solutions of Central Rhode Island, an IT consulting firm in Portsmouth, R.I., has moved both of his firm's in-house Linksys wireless routers to open-source DD-WRT firmware. "We wanted a robust wireless system that would allow us to manage quality of service for prioritizing voice over IP [and] things like that, as well as to add some of the more advanced filtering and stuff the [old] firmware simply didn't support," he says.
Tucker says the routers, combined with an ancient Linux PC the firm recommissioned as a firewall by using open-source IPcop software, have worked flawlessly for well over a year. "The only thing I could say negative about it . . . is, historically, a lot of these open-source applications don't have the best user interfaces," he says. "They can be confusing ... so you really have to know what you're doing."
Challenges and pitfalls
While the non-proprietary approach can help enterprises cut costs, utilize new features and tailor routing technology to their precise needs, adopters should be aware of potential pitfalls in areas including support and compatibility.
Compatibility -- the ability to play well with other routers and associated devices -- is a major concern. "You have to be careful during deployment, in terms of size, and support, and scalability and this type of thing, compared to what we know we can expect from the incumbent vendors in the market," Gartner's Fabbi says.
Noble says he has felt the impact of open-source's compatibility shortcomings. "There's the EIGRP routing protocol, which is a Cisco proprietary routing protocol, and that's in heavy use in our legacy network," he says. "It's been painful not being able to speak that routing protocol to our other routers." This has required Noble's staff to export what they need from EIGRP into a Border Gateway Protocol session. This has to be done on a device that 'speaks' both protocols, which "limits the choices to Cisco and Cisco," Noble said in a follow-up e-mail.
Further, choosing a non-commercial technology offering with only a limited enterprise-level track record is another worry -- familiar to anyone who's worked with other types of open-source products. "That makes a hard sell for going into a business model with it," says Trey Johnson, an IT staff member at the University of Florida in Gainesville.
The school is using Vyatta router software in a virtualized environment on HP servers to provide a virtual desktop infrastructure capable of handling 40 to 50 remote users. "The Vyatta [software] actually has a company backing it; you can buy support for it, which makes it more viable," Johnson explains.
Community support, an open-source hallmark, is a resource that can cut two ways in an enterprise setting. "There's plenty of community support, and that's one of the wonderful things" about this open-source technology, Tucker says. On the other hand, community support isn't usually instantly responsive, like most commercial support desks are supposed to be, and there's very little handholding -- unless one is lucky enough to connect with a particularly friendly, passionate and knowledgeable community member.
Even when enterprise-class support is available as an add-on from an open-source vendor, potential buyers are often wary of purchasing a key component from a small vendor, sometimes offering a relatively obscure technology. "Some companies also are reluctant to buy from startups, so they're looking for a vendor with a long history," Infonetics' Machowinski says. "A company like Vyatta hasn't been around long, and that can be a drawback."
For his part, HCST's Hassler says he's reluctant to use open-source technology in customer deployments. "If it's going to be something I'll be putting on a customer's premises, that the customer or someone else may end up having to support, then it's generally a commercial product as opposed to using the open-source solution."
Still, for a growing number of IT and data network managers, the benefits provided by open-source routers can far outweigh the negative aspects. Fabbi, however, urges potential adopters to proceed cautiously. "Under certain circumstances, you can certainly take advantage of the technology, but you have to do it with a degree of caution," he says. "It's not ready to take over the world yet, but it certainly is providing an interesting base of discussion."
Other significant sources of open-source routers include:
* XORP Billing itself as "the industry's only extensible open-source routing platform," XORP implements IPv4 and IPv6 routing protocols along with a unified platform to configure them. XORP claims to be the only open-source router platform to offer an integrated multicast capability.
* Iproute Available via the Linux Foundation, Iproute is a collection of utilities for TCP/IP networking and traffic control in Linux.
* pfSense This is a free, open-source distribution of the FreeBSD operating system customized for use as a firewall and router. Supporters note that pfSense includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.
* DD-WRT Third party-developed firmware, DD-WRT is for use on many 802.11a/b/g/h/n wireless routers based on a Broadcom or Atheros chip reference design.
* ZebOS Network Platform Sunnyvale, Calif.-based IP Infusion Inc. offers the ZebOS Network Platform. The for-fee product originated from the open-source community. The firm primarily supports OEM customers that integrate the platform into their own products.
This story, "Enterprises cut costs with open source routers" was originally published by Computerworld.