[AusNOG] RouterBoard

Jake Anderson yahoo at vapourforge.com
Mon Mar 10 15:20:54 EST 2014


pfsense is designed around a web interface its not grafted on afterwards 
so it works quite well in practise.
There is still a cli to do basic things with, assign interfaces etc and 
you can get a shell and do anything you can do in BSD but you aren't 
going to be setting it up there.

The issue with pfsense at this moment in terms of packet passing 
performance to my understanding is PF is single CPU only, pfsense 2.2 
which is currently being developed is based on freebsd 10 which does 
support SMP for PF. I'm having difficulty finding any pfsense specific 
stats for max throughput but this guy 
https://forum.pfsense.org/index.php?topic=26244.0 winds up with 2gbit on 
a sensible machine with not much in the way of load for a single stream.

It's not going to compare with a big cisco but then the price doesn't 
compare either ;->


On 10/03/14 14:59, Alex Samad - Yieldbroker wrote:
>
> PFSense ... no cli then no.
>
> I think as a last resort I might look at building my own again.
>
> Alex
>
> *From:*Nathan Brookfield [mailto:Nathan.Brookfield at simtronic.com.au]
> *Sent:* Monday, 10 March 2014 2:57 PM
> *To:* Alex Samad - Yieldbroker; Matt Perkins; ausnog at lists.ausnog.net
> *Subject:* RE: [AusNOG] RouterBoard
>
> Zebra/Quagga has been around for a very long time and is a very stable 
> set of daemon's and the backend to Vyatta so any possible issue you 
> would have I am sure finding an answer online would be extremely 
> easy.  I think I have had one bug with it in the last 10 years and 
> that was when 4 byte ASN's came mainstream and that is long fixed.
>
> PFSense is more a Firewall than a router, it does not have a CLI 
> either from my experience.  I love it as an edge firewall ,t is 
> extremely efficient and reliable but short of a Gateway I would not 
> use it for routing at the DC.
>
> *From:*Alex Samad - Yieldbroker [mailto:Alex.Samad at yieldbroker.com]
> *Sent:* Monday, 10 March 2014 2:54 PM
> *To:* Nathan Brookfield; Matt Perkins; ausnog at lists.ausnog.net 
> <mailto:ausnog at lists.ausnog.net>
> *Subject:* RE: [AusNOG] RouterBoard
>
> Tempting, time ?
>
> Had a look at zebra and a very very quick look at bird.
>
> The other issue is support.
>
> A few people have suggested pfsense, it looks interesting, I think I 
> looked at this a while back, but can't remember why I didn't proceed 
> further.
>
> Alex
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Nathan Brookfield
> *Sent:* Monday, 10 March 2014 2:48 PM
> *To:* Matt Perkins; ausnog at lists.ausnog.net 
> <mailto:ausnog at lists.ausnog.net>
> *Subject:* Re: [AusNOG] RouterBoard
>
> If you're finding you can do everything in Linux why not just throw 
> Zebra or Bird into the mix and solve your issues that way?
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Matt Perkins
> *Sent:* Monday, 10 March 2014 2:43 PM
> *To:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
> *Subject:* Re: [AusNOG] RouterBoard
>
> My opinion and we have been using CCR's since the first one arrived in 
> Australia is they are reasonable kit.   Overall I find the performance 
> and price excellent. But there have been just to many unexplained 
> problems for my liking. Not that we dont still use them on the edge we 
> do. Im about to roll one out to quite a far destination over the next 
> week. But the site has a backup and it is non essential.  They are not 
> ready for the core and they are not ready for a network that needs 4 
> 9's   Perhaps we are at 99.9 now. Then again if I had to run on a 
> tight budget and I had the opportunity to trade off reliability. It 
> would be the number one on my list.
>
> Speed
> Reliability
> Price
>
> Pick any 3 CCR's fit in to the Speed and Price corner of the triangle.
>
>
> Matt
>
>
>
> On 10/03/14 2:04 PM, Alex Samad - Yieldbroker wrote:
>
>     Hi
>
>     Yeah I have read a bit about the single core issues on the CCR,
>     the last time I looked because of this I saw 3 cpu's floating
>     around 30-60% non-maxed
>
>     I started this by looking at VM routers, but I couldn't get pas
>     the 1Gb/s nic. There is Brocades vyatta, but its just way to
>     expensive compared to routeros
>
>     My constraints are more along the lines of, I have core switching
>     already, I wanted to add some core routing.
>
>     I am happy with the CCR on $$ on CLI
>
>     I am not so happy about the current performance, be that limited
>     to my testing via iperf...  I am nearly ready to live with that,
>     on the presumption I can get 8+Gbs with multi stream tcp.
>
>     My current risk is support, especially as I have had a hard time
>     working through this CCR performance issue. I don't want to roll
>     out 2 of these at each DC and then run into a bug, where the only
>     solution is to throw it away.  I can duplicate about all the
>     functionality of routeros on linux apart from BGP and OSPF. And I
>     am guessing if I looked really hard and spent some time I could
>     get that working as well.
>
>     So taking into account their low $$ I can also live with minimal
>     support if I have another hardware solution to match up with it on
>     a similar $$ level.  If they can talk iBGP, OSPF and VRRP, then I
>     am just about set. J
>
>     So I thought I would dig into the knowledge pool that is AUSNOG
>     and find out what other devices like RouterOS are being used..
>
>     Alex
>
>     *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf
>     Of *Tom Berryman
>     *Sent:* Monday, 10 March 2014 1:45 PM
>     *To:* David Bomba; Damian Guppy
>     *Cc:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>     *Subject:* Re: [AusNOG] RouterBoard
>
>     David is correct, the Tilera CPU with RouterOS does struggle with
>     single threaded processes -- worse than just BGP operating on a
>     single core, all routing (OSPF, RIP and static) processing will
>     happen on the same core. ROS7 is likely to change this (rumours).
>
>     But still, the CCR range has forced a lot of people to change how
>     they think about routing (at a relatively small scale) -- and has
>     certainly bought the cost down. "Routed" packets per dollar, I
>     don't think anything in the new hardware market can compete.
>
>     Vyatta has other challenges like x86 PCI architecture that will
>     limit your total throughput -- however things like processing BGP
>     are drastically improved compared to ROS. Ubiquity has ported the
>     Vyatta/VyOS to MIPS processors, possibly worth a look but I don't
>     think it has any SFP+.
>
>     Given Alex's application -- storage -- a layer 3 solution is not
>     likely to be the best.
>
>     Alex, have you considered something like the Brocade VDX Ethernet
>     fabric (VDX could enable 40g native interfaces)? Or at least other
>     layer 2 solutions? I noticed that you have tried routing on
>     switches (Dell) perhaps something with some more power with this
>     design would yield better results for you?
>
>     Tom
>
>     **
>
>     *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf
>     Of *David Bomba
>     *Sent:* Monday, 10 March 2014 12:32 PM
>     *To:* Damian Guppy
>     *Cc:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>     *Subject:* Re: [AusNOG] RouterBoard
>
>     I believe he has the CCR1036-8G-2S+ which has 2x10GB SFP+ ports.
>
>     I think the issue he is hitting is the single threaded nature of
>     routerOS for a lot of its functionality.
>
>     BGP, for instance spins on a single core. Until ROS becomes
>     multi-core aware/capable a lot of its functionality will be capped
>     at the per core performance.
>
>     On 10 March 2014 12:26, Damian Guppy <the.damo at gmail.com
>     <mailto:the.damo at gmail.com>> wrote:
>
>         CCR1036 has no 10G ports, only 1G, so im not sure why you
>         would expect to get a single TCP stream past 1G (even with
>         LACP since that is not how LACP works)
>
>         --Damian
>
>         On Mon, Mar 10, 2014 at 6:58 AM, Alex Samad - Yieldbroker
>         <Alex.Samad at yieldbroker.com
>         <mailto:Alex.Samad at yieldbroker.com>> wrote:
>
>             Hi
>
>
>             So I have tested routerOS ... in VM and also bought the
>             ccr1036.
>
>             I'm not 100% happy with the ccr1036.  Basically can't push
>             1 tcp stream past 1Gb/s I can get 8-9Gb/s with multiple
>             streams. I can get UDP up to 9.8Gb/s
>
>             I like routerOS interface (have to admit I like the vyatta
>             better from what I saw).
>
>             But now I need to find something similar to these devices
>             around the same price and around the same performance, I
>             would like to push it all to a VM but Brocade want my 1st
>             and 2nd child ...
>
>             So routerOS support is nowhere close to Cisco and rightly
>             so for the price, so I have some hesitancy in rolling
>             these things out, especially if they are going into the core.
>
>             So are there any suggestions from the list ?
>
>             Alex
>
>             _______________________________________________
>             AusNOG mailing list
>             AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>             http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>         _______________________________________________
>         AusNOG mailing list
>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>         http://lists.ausnog.net/mailman/listinfo/ausnog
>
>     _______________________________________________
>
>     AusNOG mailing list
>
>     AusNOG at lists.ausnog.net  <mailto:AusNOG at lists.ausnog.net>
>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>
> -- 
> /* Matt Perkins
>          Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
>          Office 1300 133 299matt at spectrum.com.au  <mailto:matt at spectrum.com.au>  
>          Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
>          SIP1300137379 at sip.spectrum.com.au  <mailto:1300137379 at sip.spectrum.com.au>  
>          PGP/GNUPG Public Key can be found athttp://pgp.mit.edu  
> */
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140310/669bfa91/attachment-0001.html>


More information about the AusNOG mailing list