routers, gateways, firewalls, dns etc...

[Bob George]

"Digital Wokan" <wokan@home.com> wrote:

> [...]
> graphical setup is nice, it doesn't appear to be nearly as flexible as
> using the Cisco's CLI or Linux's CLI.  The basic 2620 IOS comes with the
> Masq'ing ability, and minor firewall capabilities.  For the real deal
> (IPSec, VPN, IP-GRE), Cisco wants another $800-$2400 (for what amounts
> to the Linux equivalent of a recompiled kernel).

When a comparison between router OS and Linux is made, it's always going to
depend on which router, what protocols, and *what* hardware.

When comparing Linux on a PC versus dedicated router hardware, it depends on
criticality of the link. Most routers are stuck in hot, dusty closets for
years with minimal direct handling, and aren't expected to go down when a
drive fails or other bad things happen to mechanical devices. They can also
be provided redundant features for (comparably) reasonable prices.

If you're specifically comparing Cisco IOS to Linux, then the choice (to me
at least) has to do with whether or not you need any of the additional
features Cisco provides. Not to say that these things can't necessarily be
done with Linux, but Cisco has one hell of a feature set for handling odd
requirements (ie. route between these two when using TCP/IP or IPX, bridge
if DLC) that are especially important in mixed (non-TCP/IP) environments.
There's also an impressive feature set that includes compression, hot
standby capabilities, and bandwidth aggregation. Also, the features all all
"there" -- no scrambling around for a module. If you bought the right
feature set (that can be fun to figure out) then everything should just
work -- no if's.

> And don't forget the
> almost impossible to avoid $300+ RAM upgrade to fit your new IOS image
> into (from the basic package).

Our lil' 1605-R's costs only about $40 to upgrade. More than a desktop, but
they're bulletproof! Higher end memory does get expensive.

> I really wish Linux VPN and PPTP clients were easier to configure and
> also tie into IPMasq (we only have ISDN, but T-1's coming).  That $400
> Linux box would have beat the Cisco router into the ground in
> price/performance ratio (IMHO, of course).

Don't forget scalability. The same Cisco IOS is used in anything from their
smallest access routers to the Enterprise-class routers and switches. I had
the pleasure of working with (near) a 5500 with an ATM WAN interface, a
handful of T1 interfaces, and redundant fiber links to each of 14 high-end
switches. The same IOS I learned on the 1605 worked on all of those devices
(where features made sense anyhow!)

There IS at least one router manufacturing using Linux. Take a look at
http://www.nbase-xyplex.com/press/1999/0510.cfm. But then, we're hardly
talking leftover 486 desktop prices anymore.

Linux can make a GREAT router, and is probably well suited to any
organization with support on hand (skills) and that can make a good
compromise between cost and reliability trade-offs. Much as I like Linux
though, I can't bring myself to advocate it in most router environments ...
yet. I think Cisco still rules that roost.

- Bob