[prev in list] [next in list] [prev in thread] [next in thread] 

List:       quagga-users
Subject:    [quagga-users 12173] Re: State of the Quagga?
From:       Bryan Schenker <bschenker () restechservices ! net>
Date:       2011-03-21 17:06:35
Message-ID: 4D87859B.7020802 () restechservices ! net
[Download RAW message or body]

We have two border routers pushing up to 700mbits each on a dual core, 
2GB RAM setup. Some are using MD5, but we've found that one router 
didn't much care for the MD5 implementation--never tracked down the 
cause, but there was one peer at an exchange that negotiated MD5 just 
fine, but if ever there was a flap, it required the other party to reset 
their BGP connection to us. This was almost 2 years ago, though, so 
there may have been bug fixes since then. It also could have been 
something on the other side as well, but we just removed md5 for that 
one peer. All the other MD5 sessions we have established at the peering 
exchange have worked without problem for the same 2 years.

MD5 support is in modern kernels and does not need patching. Distros may 
or may not have that feature enabled in their stock kernels, but you can 
check using make menuconfig on kernel source and go to Networking 
Support-->Networking Options-->TCP: MD5 Signature Option support. If you 
are using stock kernel, check the config in the /boot partition for the 
version of kernel you are running and look for CONFIG_TCP_MD5SIG=y .



Bryan





On 02/28/2011 10:36 AM, J.T. Moore wrote:
> Quadcore with 4GB of RAM is probably more than enough for what you are
> doing.
>
> We run 3 quagga routers on RHEL
> Hardware is Dualcore Pentium 4 with 1.5 GB Ram
> We receive full BGP feeds from two ISPs and use OSPF for internal routes.
> We are using considerably less bandwidth (5-10mbps), but CPU usage is very
> low (almost 0 except during BGP session initialization).
>
> We still have plenty of cpu and ram for running other services on these
> boxes (iptables/netfilter with state tracking and nat for internal clients,
> squid proxy, etc).
>
> I haven't tried Broadcom NICs under Linux, but the Intel NICs we use work
> like a champ.
>
> We use vrrpd for heartbeat and failover on our internal interfaces on a pair
> of the routers. This works well except in cases where netfilter stateful
> filtering is used since the backup router won't have a record of the state
> for "established" connections. There has been some work done to allow
> netfilter state information replication, but I haven't kept up with it. The
> netfilter website and mailing list will have more info.
>
> Check the quagga mailing list archives for more info on MD5. My recollection
> is that this requires a Linux kernel patch and that although some are
> around, they are a bit old and may not work with newer Linux kernels. I
> think FreeBSD may have better support for this option if you require it.
>
> J.T.
>
>
> -----Original Message-----
> From: Tommy Eriksen [mailto:tommy@the-coffeeshop.dk]
> Sent: Sunday, February 27, 2011 4:40 PM
> To: quagga-users@lists.quagga.net
> Subject: [quagga-users 12113] State of the Quagga?
>
> Hi guys,
>
> I've been out of the whole OSS router business for a while. I used Zebra
> back before Quagga, and Quagga for a while after the fork. Then we went with
> Cisco boxes for a while, and now I'm looking to get back into this game a
> bit. I have a couple of general-ish questions, but I thought you guys would
> probably have the best answers on hand.
>
> I have a couple of HP/Intel Quadcore boxes with 4GB of RAM, onboard Broadcom
> NICs and Intel quad-port PCI-E NICs that I'm looking to use. My first
> thought was to put Debian Squeeze on there, but is there any new development
> on this (more router-focused distros or whatever) that I haven't heard of
> maybe?
>
> How about setting up MD5 auth with a BGP peer? (one of our transits require
> this)
>
> First of all, I'm looking to set up a couple of border routers which will
> primarily push packets. We're not that heavy loaded (3-400mbits of usual
> web-focused hosting traffic), so this shouldn't be too much of an issue.
> They're going to be speaking OSPF and iBGP with a couple of Cisco routers
> and some Fortigate firewalls internally.
> ...And down the road, I'd like to set up another couple of boxes (with
> heartbeat or whatever the latest and greatest software package is called
> today) to replace some of the cisco/fortigate stuff and handle the
> customer-facing interfaces.
>
> Anyway .. Is there anything I should be focusing on with regards to linux
> distro/tuning of same in regards to quagga and pushing packets?
>
> Thanks a lot :)
> Tommy
>
>
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> http://lists.quagga.net/mailman/listinfo/quagga-users

-- 
Bryan Schenker
Director
ResTech Services
www.restechservices.net
608-663-3868



_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-users
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic