[kwlug-disc] Open Source Router
Cedric Puddy
cedric at ccj.host
Tue Feb 8 15:52:30 EST 2022
This kicked off a few thoughts for me...
I’ve done extensive OpenWRT hacking — made a full custom Retail Hotspot Solution based on OpenWRT on WRT4GL hardware. Ultimately I had to kill it because the wifi chipset had a lockup issue — it would claim all was well, it’s just that… nope no packets had come through recently… And it would sit there forever, lying through it’s damn teeth about all being well *forever*, or until you rebooted it to get packets flowing again. I ended up switching all the clients to Aruba gear, and my life got so. much. better. (Not OpenWRT’s fault, I don’t think, but certainly nobody gave the slightest care about root causing that bug.)
I don’t know much about the current state of OpenWRT, but I think of it much more like a place to hack at Linux networking fundementals, and embedded programming, but what’s exposed in the default builds that I’ve ever seen were very standard consumer grade stuff, and I found that myself quickly thrown to the embedded environment wolves — which is great if you want to make an embedded thing (I did!), but a huge distraction if your goal is to learn about networking and normal router stuff.
The main thing is that the devices OpenWRT runs on, then (as best I can tell now) have very limited R/W storage, and all you can do is key=value pairs into it; eveyrthing I couldn’t get into a key=value pair, I had to make modifications to the firmware image, reflash, reload, and go from there. I note that their docs remain very heavy on “loading the firmware”, and extremely light on actual networking.
If you’re interested in networking, and you want something that behaves like a router, and pretty much has all the options ready to go, I’d strongly suggest checking out Mikrotik — their status in terms of various FLOSS perspectives can certainly be debated, but I’m a practical guy — and from a practical perspective, it’s platform punches well above it’s weight — affordable, capable hardware, super cheap virtual licensing if you want to run it virtually, and an environment that anyone living on switches and routers can respect and be productive on.
From a transferability of skills perspective, if you can do it in Mikrotik, you can probably convert to Cisco IOS or Juniper or HP or whatever pretty easily.
I like that Mikrotik is respectful of people hacking at and innovating on the stuff they ship. They do cool things, like for $40 bucks, they ship a Wifi-USBSerial gateway that you can just plug into any Mikrotik router and tada - remote Out-of-Band Serial Console, or you can embed custom scripts right in a configuration, and yet, if you stay conservative, you have a nice router platform that just works.
Sure, Mikrotik BGP may be junk (I have no personal experience!)… but either way, approximately 99.999% of router use cases use zero percent BGP.
Most personal networking has zero percent routing protocols of any kind (RIP, OSPF, etc). Most SMB networking has very little routing protocols of any kind, never mind BGP, so… I wouldn’t worry overly about that, personally. (Quick straw poll: how many of y’all have an ASN or help administer a network with one or more ASNs? I know for sure of about 3 or 4 on this list, such as Mark, but it’s not exactly common.)
I’d worry a lot more about static routes, VLANs, VPN issues, ACLs, traffic inspection, logging and log analysis, RMON & SFLOW (more monitoring and graphing), QoS stuff (queue lengths, latency, jitter, traffic policies). You can get into high availability (like VRRP - virtual router redundancy protocol). You can get into “next gen” firewalling, like application detection, RBLs, content filtering. RBLs combined with ACLs can be cool, for example, because if you subscribe to such a list, if a MalWare Command and Control server gets found and added to an RBL you use, it can be insta-blocked on your router.
Anyway, so many cool things in networking to play with, and so little time! Perhaps that list wet your whistle a bit! :)
All the Best,
-Cedric
│ CCj/ClearLine - Hosting and TCP/IP Network Services since 1997
├──────────────────────────────
│ Cedric Puddy, IS Director, cedric at ccj.host, 519-489-0478x102
> On Feb 8, 2022, at 12:55 PM, Mark Steffen <mark at steffen.ca> wrote:
>
> Other options would be to use OPNsense (a fork of pfsense) along with a QOTOM or Protectli-type box from Amazon or another retailer. Those Protectli boxes are specifically meant to run open source software (pfsense or whatever as an example). Pfsense has gone through some changes and as a result I now prefer OPNsense for some things, it has a lot of flexibility and if you want to run BGP, for example, it includes Free Range Routing. In the past I have used Mikrotik, which I like, but are not really open source- but the BGP implementation is very poor.
>
> Mark
>
> On 2022-02-08 12:47, CrankyOldBugger wrote:
>>
>> I found this article interesting.. a new Open Source router:
>>
>> https://opensource.com/article/22/1/turris-omnia-open-source-router?utm_medium=Email&utm_campaign=weekly&sc_cid=7013a000002qCuZAAU <https://opensource.com/article/22/1/turris-omnia-open-source-router?utm_medium=Email&utm_campaign=weekly&sc_cid=7013a000002qCuZAAU>
>>
>> Next time I blow up a router I might consider this one.
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20220208/0f2f7c45/attachment.htm>
More information about the kwlug-disc
mailing list