From: Todd Veillette (tveillette@myeastern.com)
Date: Fri Aug 05 2005 - 00:38:47 GMT-3
How many hard drives have you replaced on 3350? Not many moving parts on a
flash rom.
-TV
----- Original Message -----
From: "Ken Diliberto" <ken@kdmd.net>
To: "Sheahan, John" <John.Sheahan@priceline.com>; <ccielab@groupstudy.com>
Sent: Thursday, August 04, 2005 11:15 PM
Subject: Re: OT- Open Source Networking Devices
> John,
>
> Having used the PIX, Raptor and AV (commercial Unix based), IPTables and
> IPChains (Linux), IPF (Solaris, OpenBSD and FreeBSD) and PF (OpenBSD and
> FreeBSD) firewalls, I'd pick OpenBSD running PF for a firewall over the
> others almost any day. OpenBSD is stable and can have almost all the
> features of the others if you can invest some effort. Want a proxy?
> Add Squid. Want IDS? Install Snort. Both at no extra charge.
>
> You can substitute Linux with IPTables for OpenBSD if you like. It's a
> stable platform and will do the same things, just in a slightly
> different way. I'm not much of a Linux fan - more of a BSD zealot. But
> I don't resent Linux or its supporters - just not my preferred platform.
>
> In a fairly vanilla environment, Linux boxes will route just as well as
> a dedicated router in the same price range. The down side to a Linux
> box is bandwidth and some of the fancy features you find in dedicated
> routers. Comparing a $1000 PC running Linux with a 3550 with EMI
> feature set, you'll find the 3550 a much faster box, but at a much
> greater price tag. Compare a Linux box with GigE interfaces plugged in
> to a switch compared to a similar router, I think you'll find the price
> to performance ratio favoring the Linux box by a long shot. Need a
> routing protocol on your Linux box? GateD and Zebra have been around
> for a long time. I know with Zebra you get RIP 1&2, OSPF and BGP. Even
> IPv6 variants. Zebra even feels like IOS.
>
> So let me ask you:
> What's wrong with a Linux box as a router?
>
> What's wrong with a Linux box as a firewall?
>
> I've gone 'round and 'round with TAC on issues with dedicated routers
> and not received a satisfactory resolution, so I don't buy the "you get
> Cisco standing behind their routers" argument unless you're a very big
> customer that pays a lot of money in support. I've pointed out problems
> with open source software and been very satisfied with the free support
> from the authors and other users. YMMV.
>
> Some useful links:
> http://lartc.org/howto/
> http://www.openbsd.org/
> http://www.benzedrine.cx/pf.html
>
> Ken
> Sheahan, John wrote:
>> Recently there have been several articles in the recent IT magazines and
>> online talking about how open source routers and firewalls are the
>> future.
>>
>> I have had several arguments with unix geeks about why we shouldn't use
>> these over Cisco devices in production scenarios.
>>
>> There is apparently a growing project called XORP that is developing
>> open source code which can currently route OSPF and BGP on a PC.
>>
>> I am trying to develop a list of good reasons to help diffuse this line
>> of thinking. I know the router code isn't prime time yet but apparently
>> the firewall code for Linux is.
>>
>> Can anyone help me come up with some good reasons why not to use the
>> open source firewall on Linux over a Pix or Checkpoint firewall?
>>
>>
>>
>> Thanks
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:18 GMT-3