North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Michael.Dillon
  • Date: Fri Aug 01 05:54:07 2003

>However, I would like to see Java or Other Language to run on the 
routers,
>(I know you can install and play Quake on one vendorīs boxes) but I mean
>to do things really belonging to the router but so far I have yet to see 
a vendor
>to take programmable boxen (outside their own development) seriously.

>Maybe itīs just too hard.

It's not hard at all technically. The hard part is that manufacturers do 
not want to have to provide support for such flexible boxes when they have 
such a hard time just dealing with the complexity of existing general 
purpose routers. Current routers are trying to be all things to all 
people. They have far too many knobs and their routing software runs on 
far too many hardware platforms. If they let you run scripts on the box 
itself, there would be a combinatorial explosion in complexity which would 
make it a lot harder for the manufacturer's router gurus to help you.

But you can still build this yourself for some environments using 
something like Click, the modular software router.
http://www.pdos.lcs.mit.edu/click/
You may not be able to get the type of interfaces that you need because of 
the need for driver support. Click simplifies the task by using Linux 
device drivers but Click is not Linux and does not use the Linux kernel. 
However you can integrate Click into a Linux system as a kernel module 
rather like building a real-time Linux system
There are various manufacturers that make PCI WAN interface cards that can 
be used in such boxes.
http://www.pt.com/products/prodgroup_access.html
http://www.brooktrout.com/products/netaccess_pri_pci/
http://www.iphase.com/products/specificProduct.cfm/2/8/190

The real question is whether or not this type of build-your-own router is 
feasible financially because of the small quantities involved compared to 
a box manufacturer. And where in your network could you confidently deploy 
such boxes when you know that you will have to support them yourself. 
Personally, I think the most interesting spot to try these boxen would be 
at the provider edge and the customer edge because it's not hard to think 
up value-added services that could be provided by such boxes and generate 
additional revenue.

--Michael Dillon