Re: [m0n0wall] Idle Curiosity - m0n0/Similar Used for "Big" Installations

From:	Guy Boisvert <boisvert dot guy at videotron dot ca>
To:	Chris Taylor <chris at x dash bb dot org>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Idle Curiosity - m0n0/Similar Used for "Big" Installations
Date:	Wed, 01 Nov 2006 18:59:19 -0500
Chris Taylor wrote:
> Hi all,
>
> I'm wondering if someone can satisfy my curiosity here...
>
> 1. If you were an ISP and you wanted a router to aggregate several 
> hundred user's DSL connections together, would it be possible to use 
> m0n0wall/BSD - with appropriately fast hardware and good GBit NICs - 
> to act as a traffic shaper?
>
> 2. Does anyone actually do this? Not m0n0wall necessarily, but using 
> BSD for this kind of thing.
>
> 3. What other routing platforms would be up to the task? The main 
> feature I'm interested in here is the delay facility built into m0n0 
> (and I presume available in BSD in general). Do Cisco etc offer any 
> products that can add arbitrary delays like this?
>
> Thanks very much :)
>
> Chris Taylor
>

Hi Chris,

    Cisco is definitely the way to go for this kind of duty (well, 
Juniper could do it too).  You'll find a lot of features not available  
/ not yet stable on mOnO.  It's not to lessen all mOnO does, it's just 
that mOnO aim at being a firewall on PC style hardware (or SBC).  The 
goal is not the same.  Sure that Cisco will cost a lot more though!  Not 
to mention the support plan available from Cisco.  If you're into 
business critical services, Cisco is about the only way to go (i don't 
know about Juniper service but it should be similar).

    I worked for a big utility company here in Quebec and we couldn't 
have lived without Cisco really.  On certain routers, we had a 2 hours 
service plan with full support directly from the developper of IOS.  I 
remember calling tech support for an ATM / LANE / Decnet problems we had 
back in 1998 (at the time LANE wasn't even a stable standard) and we had 
the developper taking the plane to see what was happening here by 
himself, recoding right away and giving us the freshly built IOS to fix 
the problem.  We were one of the few businesses using Decnet along with 
IP, IPX et ISO.  Sure that all this has a price.

    Personally, i use mOnO for firewalling (well, i use other firewall 
too: Secure Computing, PIX, Watchguard), but for routing it's Cisco all 
the way.  For example, we used HSRP from Cisco for years but in Linux, 
CARP is just starting to be an alternative.  Not to mention the maturity 
of Cisco IOS for routing, QoS, MPLS, etc.  I have Cisco router here in 
my lab that still work great albeit they are in service since 1996.

    It all depend on what you want to do exactly.  We're talking about 
several hundreds of DSL connection, it can be huge traffic and you have 
to check what kind of support you want and what service level you want 
to achieve.  Finally, check your budget and do a business case.  That's 
network engineering!  If you want to start doing that kind of 
investigation, you could read "CCDA" books from Sybex or Cisco.  It 
would give you a head start at doing this.

    Finally, i'd like to say that we can do a lot with open source 
software but it's a matter of what you want to achieve, what is your 
level of knowledge and if you can do software development.  I love 
mOnOwall (hats off to the developper and the community) but i use it 
where it fits.

    Hope this helped.  I know it's not a precise response but 
engineering is about getting all the informations before giving a 
precise response!

Guy Boisvert, ing.
IngTegration inc.