Routers: Cisco vs. Linux?

Keith Morse kgmorse
Mon May 17 11:56:40 PDT 2004 

On Mon, 8 Dec 2003, Michael Hipp wrote:

> I'm planning a major upgrade of my SOHO network in the near future. Many 
> of the network designs I've been looking at put a Cisco router ahead of 
> the Linux firewall on the T-1s.
> 
> What advantage does this offer?
> 
> Even a smallish (26xx) Cisco router with 2 WAN ports is a pricey affair 
> compared to a Linux box. Stated another way, I could have several 
> hot/cold spares for my Linux firewall box for the price of a spare for 
> the Cisco. And my impression is that Cisco routers aren't inherently any 
> more secure than a "hardened" Linux box.

[ascii art snippage]

> Any other comments on this design?

The only problem I see with this design is the single point of failure.  
But I recognize that this stems from political, logistical, and financial 
pressures.
 
> What PCI port card would anyone recommend for direct connection of the 
> Linux box to the T-1s?

I've heard Sangoma bandied about also on the ISP-LINUX [1] and 
ISP-WIRELESS [2] mail lists but have no experience with them.  Another 
thing to check are the archives for this list as Bill Campbell related 
his experiences with this very topic.


> 
> What specs should I plan for the firewall box given that it needs to 
> handle up to 3 Mbps of WAN traffic plus a fair amount of LAN traffic?

Depends on the complexity of route tables, thinking BGP here, net-filter 
rule-sets, and the number of hosts behind the nat'ing interfaces.  I run a 
slightly less complex firewall, 7 Ethernet interfaces with 3 of those 
seeing the most use.  It's a celeron 500 with 128 Mb ram and rarely see .1 
in system load.  Services about 200-250 hosts and all are nat'ed and it 
support ~ 6 ipsec vpns.



[1]	Good list to be on even if you are not an ISP.  Used to high 
	volume, but this year has slowed considerably.

[2]	Very high volume list. Something like 32K posts a year.  Lots of 
	technical info both wireless and non-wireless.  Unless you need 
	to post, I'd suggest using the archives.   www.isp-planet.com

More information about the Linux-users mailing list