anders.com: words: software routing with linux
a book proposal
[ home ]
[ anders ]
[ resume ]
[ choppers ]
[ projects ]
  [ netatalk ]
  [ route66 ]
  [ javascript ]
  [ webgallery ]
  [ mockMarket ]
  [ merits ]
  [ dailyBulletin ]
  [ panacea ]
[ words ]
[ pictures ]
[ movies ]
[ contact ]

Book Proposal: Software Routing with Linux

Anders Brownworth
February 20, 1998

 

 

What will this book be good for?

Topic:

A guide for administrators to implement a segmented network with linux machines as routers without the costs typically involved with hardware solutions. Primarily covering TCP/IP routing but also a chapter on IPX and AppleTalk routing issues. Emphasizing the security issues and security / performance reward that a segmented ethernet presents as well as the tradeoffs suffered with a software solution.

Audience:

Primarily schools and small to mid sized companies. Networks that already have heavy traffic with segmentation needs but without the budget for a hardware solution such as a school. The case where a hardware ISDN router would typically be used.

Purpose:

To give the linux oriented systems administrator advice and examples on designing and implementing a segmented network without the costs typically involved with hardware solutions. I intend to use a large-scale setup I did for The Stony Brook School as a basis for examples throughout the book. I plan to cover network design, practical implementation and concerns for future growth, pointing out what can be done with a software solution while warning the reader about the performance and reliability tradeoffs.

 

What is the market for the book?

While trying to decide how to deal with increasing network traffic, security issues and the lack of a budget for hardware solutions, I designed and implemented a campus-wide network using linux as routers for The Stony Brook School. While the installation was not without it's headaches, there now exists a network facilitating separate ethernets for students and faculty in each of the academic buildings and inter-building connectivity via underground cables. Obviously the "backplane" capacity of a linux machine, no matter how fast, pales in comparison to hardware routers, but within the budget of several thousand dollars, the school enjoys greater than 600k sustained rates campus-wide. A subnet of IPs are gatewayed through the Linux router supplying Internet connectivity via an ISDN circuit to selected hosts.

I feel that there are an overwhelming abundance of similar needs in education and small to mid sized businesses to warrant a book of this nature. Documentation on linux routing is basically non-existent. Your book on TCP/IP routing with Cisco routers is definitive for hardware routing, where as I intend to cover network design concepts and software segmentation / routing within tighter budgetary constraints. I'm proposing "poor man's routing" as linux is "poor man's Unix".

 

Who am I?

I am a systems administrator for Evantide Graphical in Stony Brook, New York who has, as mentioned before, donated the time and energy necessary to implement a campus-wide network for The Stony Brook School within a very confined budget. In the midst of the project, it became apparent to me that there are a large number of other institutions with similar needs who's only holdback is that fact that their resident linux guru lacks the advice and examples that a book like this could supply.

I have a small background in technical documentation as over the past few years I have written and maintained the Linux netatalk-HOWTO for the community. (netatalk is an AppleTalk fileserver for Unix) My HOWTO has been translated into Japanese and is a part of the Linux Documentation Project.

Other projects I have been involved in include the connectivity for my company's WAN, several network / programming related duties for Dow Jones in New York and the ongoing administration of all of our company's web servers. I have also worked on several database projects for Dow Jones and Evantide.

 

Outline

Introduction:

Software routers are slower and less reliable than their hardware counterparts, but they offer connectivity at a far lower price point. Bridging a workgroup onto an existing LAN can be done by re-purposing an old Pentium and stocking it with a second ethernet card and some free software. Bringing Internet connectivity to an ethernet can be done without the purchase of a common "ISDN router" with the use of Linux and an ISDN circuit, or even just a modem. These solutions, however, are not without their drawbacks.

What really matters in a router is how many packets can be routed in a given time slice, and this is largely an issue of the router’s backplane capacity. Obviously in a large, high bandwidth environment you are going to use a hardware router such as a Cisco because it has the capacity to take the load. However if a situation demands routers and money to purchase a hardware solution is not available, linux machines with several ethernet cards configured as a software router are becoming a very viable option. In many cases, especially schools, pure intranetwork speed is not as much a priority as the priority of connectivity in the first place. Sometimes a software routing solution can be implemented before the funds are available for a full hardware implementation granting connectivity where otherwise it would not exist. Admittedly the software solution is slower, but the ability to re-purpose a used Pentium and drop in several ethernet cards against the several thousand dollar cost of a Cisco makes it a viable option for the network with a tight budget.

Routing, weather hardware or software, generally facilitates communication between multiple ethernets while keeping foreign packets from flooding the connected networks. In some cases, routers are used to connect distant networks together over a serial connection such as a T1 while in other cases ethernets are bridged together with a router. Linux as a software router lends itself to the latter situation remarkably well with a few added abilities above hardware solutions. With a single point of entry to a network, a firewall can be implemented on the router (or downstream) to protect the entire ethernet from exterior intruders. A certain measure of security is also achieved when, for example, you route TCP/IP for a network and don’t route IPX, so the IPX traffic is "firewalled" by the TCP/IP router. Another capability of a software router is the use of software such as ssh to deploy an encrypted WAN.

With this book, I will give insight into the design and implementation of a software routed network using examples gleaned from clanging my own head against the wall so that you don’t have to! You will see how to bring Internet connectivity to an ethernet, plan and deploy segmentation within congested networks and route through multiple routers or a BGP routed backbone all via software routers. While the concepts are similar in hardware routing, there are many issues specific to a software-based setup that will be mentioned.

Outline

Chapter 1: Network Analysis and Design

single router for Internet connectivity or segmentation

multiple routers for connecting networks and segmentation

Chapter 2: Hardware vs. Software

hardware is fast, reliable and expensive

software is slower, less reliable but cheaper

Chapter 3: Internet connectivity with linux

Discuss issues involved in bringing TCP/IP connectivity to an ethernet through ISDN or a modem. (PPP) Getting a subnet sent to you from your ISP vs. using one IP and running proxies or a firewall on the router machine. Give examples of configuration files and statistics from a real world scenario.

Chapter 3: Segmentation

Splitting up ethernets to keep traffic local with multiple ethernet cards. Routing only specific networks and protocols for security reasons.

Chapter 4: Multi hop routing

Backbone implementation. Give examples from the Stony Brook School’s backbone project.

Chapter 5: Topologies

10Mb/100Mb/Gigabit ethernet

ATM for backbones

Pluses: bandwidth management

Minuses: difficult to set up

FDDI for backbones

Pluses: Speed / simplicity

Minuses: expensive

Chapter 6: Firewalls and Security

Overview of Firewalls and proxies for security. Issues involved in deploying these services.

Chapter 7: Routing Different Protocols

TCP/IP

IPX

AppleTalk

Chapter 8: RIP

Chapter 9: BGP

Chapter 10: Network Optimization

Chapter 11: Wrap-up / Summary