open source data communications networking

Welcome to the Dawn of OpenWelcome to the Dawn of Open--Source Networking.Source Networking.™™

Open Source Data Communications Networking

Dave RobertsVice President, Strategy

dave@vyatta.com

InteropNew York CityOctober 2007

2

Is Business Ready for Open-Source?

“Open source software solutions will directly compete with closed-source products in all markets.”− By 2008, 95% of Global 2000

organizations will have formal open source acquisition and management strategies

− Today, 81% have deployed or are considering deploying open source applications

− 72% plan to expand its use

Why? − 65% say open source has sparked

innovation inside their companies

− 67% … for lowered costs

− 81% … for better quality software

Sources: Gartner (2005), CIO Insight (2006), IDC (2006)

Slide Credit: Matt Assay - VP of Business Development, Alfresco

“Open source produces better software.”

3

Open Source Has Thoroughly Penetrated the Application Infrastructure

Operating SystemOperating System

DatabaseDatabase

Application ServerApplication Server

Application DevelopmentApplication Development

ApplicationsApplications

4

1969: ARPANET Internet Message Processor

Leonard Kleinrock and the first IMP, UCLA

5

1983: 4.2BSD gets TCP/IP

TCP/IP +

6

Late 1980s: Modern Routers

A Cisco ASM/2-32EM router deployed at CERN in 1987.

7

Late 1980s: Modern Routers

A Cisco ASM/2-32EM router deployed at CERN in 1987.

8

Examples of Open-Source Networking

TelephonyVPNFirewallRouting

Open Source Projects

IDS/IPS/ANTI-X

Zebra / QuaggaXORP

OpenVPNOpenSwanStrongSwan

AsteriskFreeSWITCHSIPxchange

SNORTTripWireClamAV

SpamAssassin

IPCopm0n0wallIPtables

9

2004: An Interesting Idea Brews

10

How Far Can Commodity Hardware Go?

11

The Experiment

Quagga

12

Problem: It’s String and Duct Tape

13

Wanted: A Vendor to Blame Vendor Support

MyriadOpen Source

Projects

SMBSMB

EnterpriseEnterprise

ServiceProviderServiceProvider

Vendor?

14

The Evolution of Open Source Networking

KernelKernel

RoutingProtocols

KernelKernel

KernelKernel

IP & RoutingProtocols

3rd-PartyExtensibility

IP AddressManagement

Debugging&

Packet Sniffing

AdministrationFeatures

Firewall

WAN Protocols&

Encapsulations Management&

Monitoring

Enterprise Grade SystemEnterprise Grade SystemComponentComponentDaemonsDaemons

routedgated Quagga

VPN

15

ProprietaryHardware

StandardHardware

x86 Ecosystem Economics

T3 Card $8,500 $3,000

2-Port T1 Card $2,000 $1,000

T1 Card $1,300 $700

GigE Card $3,500 $65

10/100 Card $1,400 $20

Memory (GB) $5,000 $100

Chassis $4,000 $1,000

Har

dwar

e C

ompo

nent

68%

50%

46%

98%

99%

98%

75%

ResultingCost

Reduction

16

Superior Price Performance

0%

25%

50%

75%

100%

64 128 256 512 1024 1280 1518

VyattaCisco

Line Rate (%)Gigabit Ethernet

Frame Size

HW: 2821SW: Cisco IOS

Twice The Performance

$0

$1,000

$2,000

$3,000

$4,000

Retail Price

HW: Dell PE860SW: Vyatta

Half The Price

17

Target: Mid-range Router / Firewall / VPN

Linksys

1800

2800

3800

7200

CRS-1

Performance

Pric

e

SOHO

Enterprise Branch SME

Carrier CPE

Enterprise edgeWAN core

Carrier core

Today’sFootprint

18

Open-Source Deployment Scenarios

InternetApplication servers

CommoditySwitch

VPN tunnel

Corporate HQ

CommoditySwitch

SME

Enterprise Branch

Colo / Hosting / Data Center

19

Asterisk Server

IP Phone IP Telephone Provider

SIP.VOIPCOMPANY.COMAnalog Phone

Telecommuting Employee’s IP Phone

POTS

Internet

Employee’s Router/Firewall

Open-Source in an Enterprise VoIP Network

Enterprise Router/Firewall

20

Open-Source for BGP peering

More Routes = More CPU & Memory

− 4 GB Memory Capacity today

• Extreme BlackDiamond supports only 256 MB max

• Juniper M7i and M10i support only 768 MB max

• Cisco 7200 with NPE-G1/G2 supports only 1 GB max

− Vyatta = x86 CPU Choice

• Juniper M7i and M10i run with a 400 MHz Intel Celeron!

• Cisco 7200 NPE-G1 is 700 MHz MIPS.

Up to 2 million total routes− 10 peers x 200,000 routes

Affordable Upgrade Path− Off-the-shelf memory & components

Your network

Just forwarding

Peering networks

Each router keeps N copies of the full table, one per peer, including each IBGP peer.

IBGP EBGP

21

Branch Office Virtualization

Application 1 Application 2RouterFirewall

VPN

Branch Office

Corporate HQ

VPN Tunnel

Reduce box proliferation, including networking

22Remote branch office, VMware ServerRemote branch office, VMware Server

HQ Server, VMware ESXHQ Server, VMware ESX

WAN

VPN Tunnel

10.8.12.0/24

10.8.13.0/24

10.8.14.0/24

eth1

eth0

.1

.2

eth2

eth0

HQ Users

Remote Users

eth1

.110.8.11.0/24

10.8.0.0/24

10.8.21.0/24

10.8.22.0/24.1

.10

.10

.1

.1.1

.1

.10

.10

.10

10.8.21.0/24

10.8.11.0/24 10.8.15.0/24

VMnet5

VMnet2

VMnet1

VMnet3

VMnet4

VMnet0

10.8.0.0/24

10.8.0.0/24

VMnet0

VMnet1

VMnet2

10.8.15.0/24

DMZ with public web server

Open-Source in a Virtualized Enterprise Network

23

Flexible deployment− Choice of Hardware

− Virtualization

− Blades

Value Added Services− Security – Routing+FW+IDS+Anti

− Management –Groundwork, Hyperic, Alterpoint

Upgrade Path− Box Consolidation

− Open Source / Linux-Based

− x86 Components

Open-Source Networks For Data Center & Hosting

Gateway WAN Edge

Distribution

T1/E1Connection

T1/E1 Connection

T3 Connection

VRRP

BGP

BGP

BGP

Aggregation Layer

Blade Servers

Shared Hosting

Mail Server

Database Server

Virtualization

24

How Far Can We Go?

Linksys

1800

2800

3800

7200

CRS-1

Performance

Pric

e

SOHO

Enterprise Branch SME

Carrier CPE

Enterprise edgeWAN core

Carrier core

Tomorrow’sFootprint

Use ASICs

Port to low-cost

hardware

25

Future Standard Hardware Directions:Achieving 10 Gbps and Beyond

PCI Express− More I/O bandwidth

AMD Hypertransport 3.0− More memory and chip-to-chip

bandwidth

Intel I/O Acceleration Tech. (I/OAT)− Partition network processing across

cores

− Fast memory-to-memory DMA

Intel “Tera-scale computing”− 10’s or 100’s of cores per die

− Specialized cores for security or networking

ATCA− Modular, hot-swap chassis technology

− High-speed switched backplanes

26

And then it hits you…

27

…this stuff really is that good

28

It’s all about freedom

29

Join the open-source networking movement!

Dave Robertsdave@vyatta.com

“Dictators ride to and fro upon tigers which they dare not

dismount. And the tigers are getting hungry.”

– Sir Winston Churchill

Welcome to the Dawn of OpenWelcome to the Dawn of Open--Source Networking.Source Networking.™™