The Linux Router
August 1st, 2002 by Kaleem Anwar, Muhammad Amir, Ahmad Saeed and Muhammad Imran in
Routers are amongst the most crucial components of the Internet, as each bit of information on the Internet passes through many routers. Most of the routers used on the Internet are made by Cisco. Although these have good performance, they come at a high price.
In situations where we need to economize, the Linux router is an attractive alternative. When used as a simple gateway for a LAN, it can be almost free. All that is needed is an old 486DX machine with more than one network interface. A monitor is not always necessary. If used for a sophisticated application you will need a Pentium PI 200MHz MMX, which is costs more but is still three or four times cheaper than a commercial router with comparable functionality.
If one has a small lab with several LANs and wishes to set up a reliable, as well as secure, connection to the Internet, the cost of a commercial router may not be justifiable. The most economical solution in this case is to use a low-cost processor running the LRP (Linux Router Project, www.linuxrouter.org) distribution, which is a networking-centric, micro-distribution of Linux.
LRP is so small that it can safely boot from a single 1.44MB floppy disk. It makes the building and maintenance of firewall, routers, switches, hubs, and so on, cheap and straightforward.
In this article we show how to set up a Linux router for two to four LANs and test its performance under different conditions. All of the work described here was done on Intel PIIIs running at 733MHz. For comparison we also used Pentium Is and IIs. Here we present the results of our investigation into the performance of the Linux router and compare it with a commercial router.
The most common function of the Linux router is a connection between two networks. Typically, this would be a LAN and the Internet. For our experiments, given the unavailability of a connection to the Internet fast enough to stress the router sufficiently, we used a server to simulate the Internet.
For performance measurements, we set up a simple router configuration as follows:
Download a copy of the idiot image (lrp 2.9.8). See the Sidebar “Which Disk Image to Use” for details.
Extract the image to a floppy disk (1.44MB/1.68MB super-formatted) and make it bootable. The best way to do so is to use WinImage (www.winimage.com).
Get the kernel module for the Ethernet card you are using. We used RealTek Ethernet cards with the RTL8139 chipset, so the module we used was rtl8139.o. Add this to your kernel. Your Linux router is now ready for its configuration. See the Sidebar “Adding Kernel Modules for Ethernet Cards” for details.
Boot from your LRP disk and open the network.conf file (located in /etc/network.conf). Now modify it so that it looks like Listing 1 [available at ftp.ssc.com/pub/lj/listings/issue100/5826.tgz]. Appropriate comments are there for modifications.
Save the changes and back them up. Reboot.
The configuration of the Linux router is now complete. Now we'll describe its performance in different configurations. Because we are not using dynamic routing, we will define static routes in the following experiments according to the configuration of the experiment. Note: after you are done configuring the Linux router, write-protect the floppy disk you are using.
The test setup in our computer lab uses a 100Base-T Ethernet. The NICs and switching hubs are 100Base-T. All platforms are running Linux 2.2 kernels, and the Linux router is the default gateway for all of them. Performance is measured on different LRP boxes, such as PI 133MHz, PI 200MHz and PIII 733MHz.
The first configuration uses one client and one server. We connected the server at the first NIC on the LRP box (eth0) and the client at the second NIC (eth1) through cross-UTP 100Mb cables. Then we set the ipchains rules on the Linux router for forwarding the traffic between client and server by issuing the following command:
ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.0.0/24 -b
We measured the bandwidth of the Linux router when there was traffic flow between the server and the client. See Table 1 for the measurements for the different LRP boxes.
Figure 1. Setup Number One for Measurement of Bandwidth of LRP Box
Table 1. Bandwidth Measurement Results
In this case, the measurements for the Pentium I are misleading, as the bottleneck is the 90Mbps practical limit of 100Base-T Ethernet and not the capacity of the router.
Configuration two was done with one server and multiple clients. We connected a server on the first NIC of the LRP box (eth0) and three LANs through different hubs to the other three NICs respectively. The setup is depicted in Figure 2. The ipchains rules for this setup would look like:
ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d 192.168.1.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d 192.168.2.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.0.0/24 -d 192.168.3.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.2.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.3.0/24 -b ipchains -I forward -j ACCEPT -s 192.168.2.0/24 -d 192.168.3.0/24 -b
You can write a script to run these rules eliminating the need to enter them at the command prompt every time you boot your LRP box. It should be placed in the root directory so that the user is able to run all the rules by just entering ./filename. We measured the bandwidth of the router when there was traffic between the server and more than one client (clients may be from the same or different LANs).
Figure 2. Setup Number Two for Measurement of Bandwidth of LRP Box
The graph in Figure 3 shows the performance of LRP while routing the traffic between the server and the clients. From this graph we conclude that a PI 133MHz-based Linux router is sustaining a bandwidth of about 51Mbps, and a PI 200MHz-based Linux router is sustaining a bandwidth of about 82Mbps. The measured bandwidth between two platforms that are on the same network segment (say both are at internal LAN1) was found to be equal to 90Mbps. In this case, the router is not involved in the communication. This is direct communication between two computers on 100Base-T Ethernet, start topology, so Ethernet has a practical limit of 90Mbps. The bandwidth of the PIII-based Linux router cannot be calculated due to the limitation of the physical medium of transmission.
Figure 3. Bandwidth Measurement of Linux Router
For the third configuration we set up multiple servers and multiple clients (cross-pinging). In this test setup we used two servers connected on eth0 and eth2 of the LRP box.
Figure 4. Setup for Cross-Pinging
A slight reduction (1-2% only) in the bandwidth of the Linux router was observed when there was cross-pinging of packets between server 1 and client 1 and server 2 and client 2, simultaneously.
The Linux router is very stable in its operation. We have run it for long periods, and it showed a very stable performance over the entire length of time. The graphs in Figures 5 and 6 show that the bandwidth of the Linux router is fairly constant with a great increase in the amount of data.
Figure 5. Effect of Increase in Data on Bandwidth of Linux Router
Figure 6. Variation in Bandwidth of LRP with Increasing Time
The write-protected medium for booting off the Linux router gives it increased security from crackers. Once booted, it runs exclusively off RAM. You may safely take your floppy out of the floppy drive and put it in a secure place until it's needed again. Also, a single floppy can be used to boot many identical Linux routers with a runtime change in configuration.
The Linux router is easy to handle and configure. It does not require any special care for its use other than that required for a normal PC. If there is a problem, configuring it only takes a few minutes. Moreover, it is basically software on a floppy disk; if your LRP box gets damaged because of power fluctuations (a common problem in the third world), you can instantly convert another available PC into your router by adding NICs from the corrupted LRP (if they are not corrupted) and boot it off the floppy disk. No configuration will be required for this router at all, except the runtime configuration. You can imagine what a great advantage this is—think of what would happen if your Cisco router were to be corrupted.
The following is a comparison of the Linux router with the Cisco 2620 router available in our laboratory.
The cost of building a good Linux router (based on a Pentium I, 200MHz MMX) with 1FDD, 32MB of RAM is less than $100 US. (It may be nearly free if you use the minimum required hardware, i.e., a 486DX with 16MB RAM.) A monitor is not necessarily required. You can use a borrowed monitor temporarily at configuration time or configure via a remote serial connection (if you include support for that through the serial.lrp package). On the other hand, the cost of the Cisco 2620 with a 50MHz Motorola Processor, 16MB Flash RAM and 40MB DRAM is more than $3,500 US.
Although power consumption here is not of great concern, in most applications it is notable that the Linux router (running on PI 200MHz, MMX) consumes less than 30W of power, while Cisco 2600 series routers consume 75W.
You can add as many NICs in the Linux router as you wish (limited by the number of slots on the main board). In Cisco 2600 there is only one Fast Ethernet card available.
The modularity of the Linux router is matchless. Its packaging system allows easy removal and addition of features. You can add/remove packages, even at runtime, using the lrpkg command. You need to shut down the Linux router to add a module only if it requires some additional hardware. However, the kernel module for the hardware can be installed at runtime using insmod. The design of the Cisco router is not as modular.
For the Linux router there are a large variety of hardware and software products available in the open market as it has the complete structure of the ordinary Linux operating system. You can use the product of any manufacturer that has support for the Linux router. Cisco routers, on the other hand, are limited in this respect. Usually only Cisco products are used with Cisco routers.
Having Linux as the operating system on your router gives you the extra advantage that you can build your own packages according to your needs using shell scripting. You also can get a lot of help from the available literature for Linux. Cisco routers have their own specific operating system called Internet Operating System. The Cisco 2620 uses IOS release 12.1. Although it is developed on a regular basis, you can use only those features that are available in the specific IOS release used on your specific router.
Like Cisco routers, the Linux router also supports the multiprotocol feature. It has support for RIP, BGP, OSPF and many more that are added through packages.
Services such as Ethernet router, firewall, DNS and ISDN may be initialized on a Linux router. However, initializing services like DNS (which is highly CPU-bound) will degrade its performance. It is better to use a separate machine as a DNS server. The Cisco router has multiservice integration of voice, data and video. As with Cisco routers, IP masquerading, port translation, load balancing, transparent proxy and interface alias may all be implemented on a Linux router.
Cisco routers support IPX, Token Ring, VLAN, VPN, Apple Talk and DDR for advance routing. The Linux router also can support these features through proper packages. Although to do so, some expertise in Linux and some additional hardware are required, which will increase the cost of Linux router, but it still will be much less than that of a Cisco router.
Depending upon the model and series of the Cisco router, it has a limited number of WAN slots. In the 2620 there are two WIC (WAN Interface Cards) slots, one network module and one advance integrated mode slot. The two-port serial WAN card has a asynchronous speed of 115.2Kbps, and synchronous speed equals 2.048Mbps. Port 1 supports only synchronous mode. The Linux router also has support for WAN interface cards. Sangoma WICs (www.sangoma.com), which have a synchronous data rate of 8Mbps, are quite popular among LRP users. With these cards you can combine many LRP boxes. However, the disadvantage is that the cost of the LRP box increases—this card costs about $400 US.
The bandwidth of a 133MHz Pentium I-based Linux router is about 51Mbps and that of a 200MHz Pentium I-based Linux router is 82.5Mbps. The performance of the Linux router on a 733MHz PIII is so high (90Mbps) that it saturates the 100MHz Ethernet. We also studied the effect of RAM on routing. In this case it turned out that there is no effect on routing performance with an increase in RAM. However, by increasing RAM you can set up larger RAM drives that you may need if your routing table gets quite large.
We have explored the performance of Linux router, its stability, cost, highly modular design, low power consumption, and so on. More work on the Linux router is underway to improve its routing performance. For a small office or laboratory, where the pursuit of cost-savings is a major consideration, the Linux router is the ideal solution. A typical configuration for a small business would be as shown in Figure 7.
Figure 7. Typical Configuration for a Small Business
This work was performed in the Computer Communications Laboratory and the Digital Computers Laboratory at the Department of Electrical Engineering, University of Engineering & Technology, Lahore, Pakistan, under the supervision of Professor Shahid H. Bokhari.
Kaleem Anwar (kaleem_002@yahoo.com) is graduating in Electrical Engineering with a specialization in Computer Engineering from the Department of Electrical Engineering, University of Engineering and Technology Lahore, Pakistan. His fields of interest include Linux, Java, control systems, computer networks, algorithm design and digital signal processing.
Muhammad Amir (amirsher03@hotmail.com) is graduating in Electrical Engineering with a specialization in Computer Engineering from the Department of Electrical Engineering, University of Engineering and Technology Lahore, Pakistan. His fields of interest include Linux, Java, control systems, computer networks, algorithm design and digital signal processing.
Ahmad Saeed (electri17@yahoo.com) is graduating in Electrical Engineering with a specialization in Computer Engineering from the Department of Electrical Engineering, University of Engineering and Technology Lahore, Pakistan. His fields of interest include Linux, Java, control systems, computer networks, algorithm design and digital signal processing.
Muhammad Imran (imran_uet@hotmail.com) is graduating in Electrical Engineering with a specialization in Computer Engineering from the Department of Electrical Engineering, University of Engineering and Technology Lahore, Pakistan. His fields of interest include Linux, Java, control systems, computer networks, algorithm design and digital signal processing.
Special Magazine Offer -- 2 Free Trial Issues!
Receive 2 free trial issues of Linux Journal as well as instant online access to current and past issues. There's NO RISK and NO OBLIGATION to buy. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Sorry, offer available in the US only. International orders, click here.
Delicious
Digg
Reddit
Newsvine
TechnoratiSubscribe now!
The Latest
Featured Videos
Email is one of the least private and least secure forms of communication, although few people realize this. MixMaster is one way to allow secure, anonymous communication even over the very public medium of email. This tutorial will get you started with MixMaster quickly and easily.
In case you were wondering about the fun side of Linux World Expo, we thought we'd give you a peek at our shenanigans. We at Linux Journal love what we do so much, that we can't help but have a ball wherever we go.
Recently Popular
From the Magazine
September 2008, #173
Feeling a bit like a Thermian? Never give up, never surrender! Someday, you could go from underdog to top dog. Just take a look at a few of the underdogs we highlight in this issue: Mutt, djbdns, Nginix, Gentoo, Xara and the program voted mostly likely to fail just a few years back—Firefox. If Firefox is not radical enough for you, check out Chef Marcel's column for some more alternatives. Having trouble mapping your program data to your relational database? If so, Rueven Lerner shows you some tricks in his At The Forge column.
Need to run GUI applications on your server in the next state? In his Paranoid Penguin column, Mick Bauer shows you how to do it securely. Kyle Rankin keeps hacking and slashing and shows you a few split screen secrets you may not be familiar with. Finally, we all know what happens next February, but only Doc knows what happens afterward.
linux
On October 2nd, 2007 free enigma mp3s (not verified) says:
I help? further get Where can Thanks.
linux
On October 2nd, 2007 enigma mp3 songs (not verified) says:
vger? What's . Bye.
Using Linux Machine as a router
On September 29th, 2007 Vikas khatana (not verified) says:
I am planning to use linux machine as a router and want to terminate leased line connection on it.
Can anybody suggest me that how to terminate a leased line on a PC.
I have a leased line with a modem with V.35 cable.
I want to connect this modem with linux machine through V.35 cable.
The bandwidth test with
On April 1st, 2007 Blanc57 (France) (not verified) says:
The bandwidth test with different configuration is very interessant. It helped me a lot in trying to find the right configuration builfing a Linux Router. Thanks a lot for the work...
Linux Router
On January 7th, 2007 Sadiq Hussain (not verified) says:
I have been working on cisco routers and technology for last over 10 years and worked in Cisco Systems and recently developed interest in Linux and Linux routers. This article gave me lot of information that I needed to understand working of linux rotuers and I agree that some low cost alternative is needed to help ease and lower routing gear costs.
Try linux router from
On January 29th, 2007 Anonymous (not verified) says:
Try linux router from www.vyatta.com.It seems very interestedly.
Linux Routers
On January 8th, 2007 Keith Daniels says:
Check out IPCop. A lot of things have changed since this article was written. It will show you what people are currently working on and give you an idea about how extensions (a al Firefox) can be used in a router system.
I set IPCop up to control the kids using p2p and locking me out of the internet by using all the bandwidth. I was impressed with what you could do with the software and how well the extensions worked.
Quite stable also.
Linux Dual Routing+Fail Over+Control QoS
On May 9th, 2006 Lukas (not verified) says:
Hi, Im Lukas from Argentine. I use Linux servers for years, and this the best choice for manage network traffic and give services like Internet Connection to LAN, http web server, dns support, hosting, ssh remote conection, etc.
Now, i work in a Linux With Dual Routing or Most interfaces to the internet, but still having problems with the routes and packets.Any information is welcome.
This router offer many connections + ISP1 + ISP2 + ISP2, and fail over functions and control bandwith.
I'm networker Cisco butLinux is the best choice for an economize purpouse.
Thanks. Greetings.
Lukas (Mendoza - Argentina)
Can you tell me about OSPF support?
On December 13th, 2005 Anonymous (not verified) says:
I personally find the project impressive! The router as they test it can be up to the limits of the 90Mbps at the 100Mbps fast ethernet, and we naturally thing that the Linux box can also perform well with Gigabit Ethernet cards increasing the bandwidth of routing between LANs at a very high degree! The 8Mbps Wan slot(s) we can add is also just fantastic. But the big question is: What about with dynamic routing especially with OSPF (or RIPv2 / BGP)? The Linux router would be a just TREMENDUS solution when using those CPU intensive dynamic routing protocols. Commercial routers with just 50MHz processors and a little amount of RAM really suffer when using OSPF with large routing tables. I think that if the guys went that step forward then people would start construct the Linux router immediately! PPP / HDLC / Frame Relay etc. should have enough support on WAN interface too, and if they were add services such as DHCP then...the mirracle could really happen! :-) Well, I promise myself that I will construct the Linux router as soon as possible, in order to route connected networks first, but tell me please if you know about the OSPF module!!!
I used on practic Linux as
On February 23rd, 2006 Pavel (not verified) says:
I used on practic Linux as router solution and it is perfect. I worked in Internet company where I used cisco routers and linux as routers. I had PII 800MHZ with 256M RAM. And perfomance of this router was perfect. it has 4 ethernets, many firewalls rulles and sniffer based on libpcap and postgreSQL server which collect IP traffic statistics. I have never feal that througput is lower then WAN router can support. In case of DoS somitemes cisco 2610 is dead, but Linux was alive and wrote logs. Ofcause it was hard to connect to it throught ssh ,but it was alive and responds.
Also I used BGP, OSPF on this router (used gated, zebra) with a big table (up to 200 routers in OSPF on P4 2GHz 512 RAM)
I had 4 WAN channels to router cisco 3640 and it was directly connected to the Linux router which was as bacbone router between WAN and my ISP network. It works as router, as traffic accouter and advanced firewall (kernel 2.4.20 with using utility of iptables and iproute2 package). What about policy routing? It works on Linux without problems!!! And sometimes it is more flexible then cisco.
I am cisco certified but anyway I love linux. I didnt run PRI/ISDN and HDLC WAN on linux, but it is possible. Therea meny project on Linux.
Asterisk.org - Linux with PCI Digium card - good replacement for cisco access server.
I tested Linux on real networks in Russia.
Now I am currently live in USA and many people here not understand strengths of Linux. microsoft and cisco for them is best way in IT, this is actually market influence.
How about the performance of NAT with P2P runnging ?
On October 19th, 2005 dtl mark (not verified) says:
Recently , i buy a linksys router , it performance is too....bad !
i have no $$$ to buy a cisco , so i thinking to make a Linux router with a old P-III 700 /w 256M RAM , i don't know the performance of this , P2P like BT , e2k , over 10,000 port open concurrent , can the p-iii reach the 100Mbps performance ?
i got a free 100BAST-T link form my ISP , yes! this is free !!! in fact 6 month test , i need to make report of performace to the isp serive every month , when i direct connect my pc to the isp link i got 70~86Mbps , but though the linksys router , it's drop to 50~60Mbps , it's not bad , sice , there have 40mbps+ , about 10 time faster than my 6M ADSL form other ISP , but when i rung p2p app , yes like bt , it's drop lower , lower ,and lower , than halt-up !!! , this $50 us router , just can't handle the high trsffic , this chep linksys router , i tested ,when i limited the concurrent port can be opened to 50 , the linksys will not halt.
but this will wasst the badnwith of the link ,
i just want to know , if the 700Mhz P-3 will work , i will but a old one to use at a router , if not , i will buy a ture router can habdel it ! , the price is $200 , well , 40 vs 200 , 5 time !
256 MB of RAM = more than 16,000 simultaneous connections
On June 15th, 2006 Anonymous (not verified) says:
With 256 MB of RAM you should be able to sustain a bit over 16,000 simultaneous connections by default, with tuning more, look at
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt
http://forumz.tomshardware.com/network/Linksys-WRT54G-V5-Lousy-Router-ftopict21473.html
And for an easy to use linux firewall try smoothwall
HTH HAND etc...
how to design linux router
On March 3rd, 2005 saurabh (not verified) says:
can anybody sent me documentation on "how to design linux router".
Re: The Linux Router
On June 2nd, 2004 Anonymous says:
Also, lets give Mr. Dave Cinege some credit here. You could've at least mentioned his name in your article. Visit http://www.linuxrouter.org/ and read about his experiences and lack of acknowledgement throughout this projects history. I know I'm ranting here but DAMN IT CORPORATE AMERICA......GIVE BACK!
Re: The Linux Router
On June 20th, 2004 Anonymous says:
Why? Why would anyone give credence to the insane embittered rantings of a physchotic. He had a great idea that he started, but then refused any offers of assistence to make the project more usable. His sole answer to questions in the support forums were read the code and call people stupid.
Then he declared a day of morning when Terry Nichols was executed. You remember him dont you Dave?
http://en.wikipedia.org/wiki/Terry_Nichols
The mass murderer you viewed as a hero.
Are you still signing your name Dave 'kill a cop' Cinege?
Nichols was never executed. Y
On December 3rd, 2004 Anonymous (not verified) says:
Nichols was never executed. You may have thought of McVeigh, but you went so far as search for the wrong guy on Wikipedia...or is this Dave so insane he called a day of mourning for someone still alive?
Re: The Linux Router
On May 10th, 2004 Anonymous says:
Additionally, it would have been ideal if the cisco 2600 that was being referenced could have been tested in the mix of machines. e.g., 133, 200, 733 - to give a true "feel" for the overall performance of Linux Routers. I am silently cheering for Linux-but need direct indisputable evidence of performance as well as price and functionality. BTW: I think the layout of your work was fantastic - lets add the cisco device into the mix and retest!
Re: The Linux Router
On May 10th, 2004 Anonymous says:
Has anyone done comparative tests with more than one flow of traffic?
What about traffic with the average packet size much smaller than 1500 bytes at the same level of bandwidth? It's usually the number of packets per second that will kill a router, not the throughput.
What about the number of different traffic flows, can it still cope with 50,000 traffic flows at the same throughput?
Linux is the cheap answer, but you have to remember, it's not always going to be the best, and it's not always going to perform adequately.