I am building a server to act as a BGP border router for my 100mbps uplink in ISP.
I needs these feature:
1) Dual stack BGP peering/routing (at least 100Mbps, maybe more). 2) Potential full internet BGP feed. 3) Some basic ACL functionality.
The hardware is L3426/8G ram. NIC will be on-board dual port Broadcom 5716.
I've worked with Linux extensively before and it seems to be able to handle 100mbps, but I heard FreeBSD is faster on networking stuff. Which one should I use? And do we have some performance benchmark numbers out there?
Cheers.
We've done exactly this for critical infrastructure for many years. We take three full upstream BGP feeds through Quagga's
bgpd
and it uses a whopping 658MB of RAM to run the whole system. For this purpose Debian is much more solid than other OSs in our experience (and it also needs less security updates with its minimum install footprint, causing much fewer reboots than the two other OSs we've tried). We use Ksplice so we only boot for critical package updates. Don't worry at all about compatibility with other vendors at your ISP ... RIPE the RIR use Quagga !Surprisingly the hardware isn't that important, it's all about the NICs. Fast CPUs basically just mean the prefixes load quicker if you refresh the sessions (assuming you've got a GB of RAM and they load into memory) so an entry-level Quad Core is massively over-specced. We spent a long time trying different NICs and in our experience the best are the Intel cards which use the
igb
driver (for about £100/NIC we use the: 82576, ET Dual Port Server Adapter) with thee1000
coming second. There are a few considerations like how your ingress and egress NICs talk to the mainboard but for sub 250Mbps you probably won't notice if you use these NICs. We've repelled a sophisticated UDP DDoS attack using this architecture (it used the tiniest UDP packets which routers struggle to handle). Bear in mind being able to process the highest number of packets is what you're most concerned with and not necessarily the throughput, measured in Mbps. For very little money we've specified a Gigabit multihomed router that can handle standard Internet size packets, ie normal operation, up to 850Mbps !I started with Cisco (
bgpd
's config is near-enough identical so if you've got experience with Cisco kit it's a really quick transition) but because Linux is so malleable (eg being able to add a few low-resource scripts to your routers to help with reporting and admin) IMHO makes it incredibly powerful (and underrated) for this type of set up. You can't go far wrong reading some of the Nanog Mailing list archives if you're still in any doubt or need further help.This should get you started pretty quickly on Debian: Easy Quagga Tutorial
They're both capable platforms. Run something solid like Debian or Centos, on good server grade hardware. Make sure you specify servers with Intel Server NICs, they're much better than Broadcomm for stability.
As far as BSD vs Linux, it's easy.. Choose whichever you are most competent with.
I've seen old Celerons handling 80-90Mb/s of normal traffic on a Debian/Quagga setup with 3 full feeds without even breaking a sweat. However, the qualifier there is "normal" traffic, mainly HTTP/SMTP and DNS. The same machines have fallen flat on their face during DDOS situations where the Packets Per Second went to ridiculous numbers of mainly UDP packets.
It's normally not the bandwidth you normally need to be worried about, but the PPS you will be handling.
Unfortunately, I can't help you on the Linux VS BSD for routing performance part of the question, but it shouldn't make any difference on current commodity hardware for a few 100Mb connections.
Quagga (Zebra) works both on Linux and BSD. Linux' networking performance isn't worse than BSD's. So, you're left to consider additional criteria to choose the platform.
Data point:
I'm running a pair of Dell R200 servers on Fedora, one of which has seen 500 Mbps peak with NAT, iptables, LVS, quagga, bgpd over a 1GigE link. At 100Mbps, any modern hardware ought to do fine. For handling full tables, you should be able to consult corresponding RAM requirements from Cisco or Juniper and go from there. 1 GB of RAM should be enough even with no filtering. My routers run with 2 GB's configured but I'm only taking default routes.