Open source on the wire
- — 29 May, 2008 09:56
Once upon a time, using open-source servers and applications for business was frowned upon in many circles. Today, you'd be hard pressed to find any sizeable infrastructure that doesn't leverage open-source code in some form or another, be it a few MySQL databases, Apache on the Web servers, or a pile of Perl, PHP, Ruby, or Python applications holding things together.
But there's one place in the modern enterprise infrastructure where open-source solutions have yet to make a sizeable dent, and that's in the very network that connects all of these pieces.
Of course servers and network appliances such as routers and firewalls are fundamentally different animals. Servers are large, disk-laden, high-powered computers with Ethernet interfaces, running full-blown operating systems and applications ranging from light Web servers to heavy duty databases. Routers and firewalls are slim little appliances that have no disk, run highly optimized and controlled operating systems, and in the case of routers, don't require much administration beyond the initial configuration. In short, servers are from Mars, routers are from Venus.
But if we take a closer look at the functions of routing and firewalling, guess what? We find that not only do modern operating systems offer these features, they perform them as well or better than their dedicated cousins -- and when using open-source software, for far cheaper.
The general rule of thumb when shopping for routers is to determine the requirements, then call Cisco or Juniper and get a quote -- end of story. But companies like Vyatta and several open-source projects are challenging that notion, offering full-fledged, open-source routing platforms that are built on Linux or FreeBSD and run on standard x86 hardware. The server becomes the router.
Not so new
Vyatta's approach isn't all that novel, really. Linux has had fast, kernel-level packet forwarding, routing, firewalling, and NAT capabilities for a long time. But these capabilities are controlled through several different user-space applications, such as iptables, resulting in far-flung configuration files and relatively complex syntax -- a far cry from Cisco's single-file configuration and relative ease of configuration. This is where solutions like Vyatta Community Edition 4 (VC4) come into play.
VC4 is essentially a stripped-down Debian Linux distribution coupled with a custom shell that puts an "IOS" into Linux. Logging in to a Vyatta router can closely resemble the console of a Cisco or Juniper router, with basic commands such as "show ip route" performing exactly the function you would expect. This shell is called the Fusion CLI, and offers control over specific routing functions as well as control over the Linux server itself. In this way, VC4 brings together open-source packages such as iptables and OpenS/WAN IPSEC to bring all these moving parts together into a centralized configuration much like a Cisco or Juniper router.
"We package it up into a single file that can then be backed up with rsync, scp, or anything," says Vyatta Vice President Dave Roberts. "But you can also control the Linux system too if you want. You can even run a MySQL database on your router. Nothing's off limits."
The only features that might be off limits would be vendor-specific protocols, such as Cisco's HSRP (Hot Standby Routing Protocol) and EIGRP (Enhanced Interior Gateway Routing Protocol). However, Vyatta and other open-source routers do support OSPF (Open Shortest Path First), RIP (Routing Information Protocol), and BGP (Border Gateway Protocol), as well as VRRP (Virtual Routing Redundancy Protocol). Interleaving these routers with industry-standard commercial routers is generally a non-issue, as long as the protocols in use are open, such as OSPF and BGP. In fact, with large BGP requirements, the cost savings can be quite significant given that it takes a sizeable (and expensive) Cisco or Juniper router to handle large BGP routing tables.