FreeBSD as router - performance vs hardware routers

Bill Campbell freebsd at
Thu Aug 14 10:15:11 PDT 2003

On Thu, Aug 14, 2003, Kenneth Culver wrote:
>> As a Note, the top end routers out there, Junipers, run JunOS, which is
>> a FreeBSD variant. A Juniper M160 can route OC192's at wire speed
>> (That's 10Gb/s folks).
>However, the way those are set up, FreeBSD doesn't do the actual routing,
>as far as I can remember they upload a routing table to the line cards and
>transfer any changes to the routing table to the line cards, so the
>routing itself is done by high-speed hardware, and FreeBSD is mainly
>managing all the custom hardware. We did a similar thing when I worked for
>Ericsson with FreeBSD.

``Real Routing'' is usually not necessary on broadband connections since
they use a single static route for everything outside the LAN.  In fact,
having things like RIP running around on an internal LAN can thoroughly
confuse some things like the routed program on SCO OpenServer.

The average broadband connection simply doesn't have the bandwidth to tax
most PC architecture machines.  Our first routers were MorningStar 501s,
which were '386 based running some BSD clone from flash, and they handled a
T1 adequately.  Our current ``router'' is a PII 266 running Linux with a
Sangoma WAN card connected to our T1.  The load average is pretty constant
at 0.00 with 99.2% idle time even though there are about 400 ipchains rules
in play.

If you're planning on using IPSec VPN tunnelling, then CPU power becomes
important because it requires a fair amount of horsepower to handle then

That said, we generally use the LinkSys BEFVP41 VPN boxes at customer DSL
and Cable sites because they're simple, cheap, and easy to configure for
the average user.

