The Linux Router

The performance of the Linux router makes it an attractive alternative when concerned with economizing.

Routers are amongst the most crucial components of the Internet, as each bit of information on the Internet passes through many routers. Most of the routers used on the Internet are made by Cisco. Although these have good performance, they come at a high price.

In situations where we need to economize, the Linux router is an attractive alternative. When used as a simple gateway for a LAN, it can be almost free. All that is needed is an old 486DX machine with more than one network interface. A monitor is not always necessary. If used for a sophisticated application you will need a Pentium PI 200MHz MMX, which is costs more but is still three or four times cheaper than a commercial router with comparable functionality.

If one has a small lab with several LANs and wishes to set up a reliable, as well as secure, connection to the Internet, the cost of a commercial router may not be justifiable. The most economical solution in this case is to use a low-cost processor running the LRP (Linux Router Project, www.linuxrouter.org) distribution, which is a networking-centric, micro-distribution of Linux.

LRP is so small that it can safely boot from a single 1.44MB floppy disk. It makes the building and maintenance of firewall, routers, switches, hubs, and so on, cheap and straightforward.

In this article we show how to set up a Linux router for two to four LANs and test its performance under different conditions. All of the work described here was done on Intel PIIIs running at 733MHz. For comparison we also used Pentium Is and IIs. Here we present the results of our investigation into the performance of the Linux router and compare it with a commercial router.

Setting Up a Linux Router

The most common function of the Linux router is a connection between two networks. Typically, this would be a LAN and the Internet. For our experiments, given the unavailability of a connection to the Internet fast enough to stress the router sufficiently, we used a server to simulate the Internet.

For performance measurements, we set up a simple router configuration as follows:

  • Download a copy of the idiot image (lrp 2.9.8). See the Sidebar “Which Disk Image to Use” for details.

  • Extract the image to a floppy disk (1.44MB/1.68MB super-formatted) and make it bootable. The best way to do so is to use WinImage (www.winimage.com).

  • Get the kernel module for the Ethernet card you are using. We used RealTek Ethernet cards with the RTL8139 chipset, so the module we used was rtl8139.o. Add this to your kernel. Your Linux router is now ready for its configuration. See the Sidebar “Adding Kernel Modules for Ethernet Cards” for details.

  • Boot from your LRP disk and open the network.conf file (located in /etc/network.conf). Now modify it so that it looks like Listing 1 [available at ftp.linuxjournal.com/pub/lj/listings/issue100/5826.tgz]. Appropriate comments are there for modifications.

  • Save the changes and back them up. Reboot.

The configuration of the Linux router is now complete. Now we'll describe its performance in different configurations. Because we are not using dynamic routing, we will define static routes in the following experiments according to the configuration of the experiment. Note: after you are done configuring the Linux router, write-protect the floppy disk you are using.

Performance of Linux Router

The test setup in our computer lab uses a 100Base-T Ethernet. The NICs and switching hubs are 100Base-T. All platforms are running Linux 2.2 kernels, and the Linux router is the default gateway for all of them. Performance is measured on different LRP boxes, such as PI 133MHz, PI 200MHz and PIII 733MHz.

Bandwidth Measurement

The first configuration uses one client and one server. We connected the server at the first NIC on the LRP box (eth0) and the client at the second NIC (eth1) through cross-UTP 100Mb cables. Then we set the ipchains rules on the Linux router for forwarding the traffic between client and server by issuing the following command:

ipchains -I forward -j ACCEPT -s 192.168.1.0/24
-d  192.168.0.0/24 -b

We measured the bandwidth of the Linux router when there was traffic flow between the server and the client. See Table 1 for the measurements for the different LRP boxes.

Figure 1. Setup Number One for Measurement of Bandwidth of LRP Box

Table 1. Bandwidth Measurement Results

In this case, the measurements for the Pentium I are misleading, as the bottleneck is the 90Mbps practical limit of 100Base-T Ethernet and not the capacity of the router.

Configuration two was done with one server and multiple clients. We connected a server on the first NIC of the LRP box (eth0) and three LANs through different hubs to the other three NICs respectively. The setup is depicted in Figure 2. The ipchains rules for this setup would look like:

ipchains -I forward -j ACCEPT -s 192.168.0.0/24
-d  192.168.1.0/24 -b
ipchains -I forward -j ACCEPT -s 192.168.0.0/24
-d  192.168.2.0/24 -b
ipchains -I forward -j ACCEPT -s 192.168.0.0/24
-d  192.168.3.0/24 -b
ipchains -I forward -j ACCEPT -s 192.168.1.0/24
-d  192.168.2.0/24 -b
ipchains -I forward -j ACCEPT -s 192.168.1.0/24
-d  192.168.3.0/24 -b
ipchains -I forward -j ACCEPT -s 192.168.2.0/24
-d  192.168.3.0/24 -b

You can write a script to run these rules eliminating the need to enter them at the command prompt every time you boot your LRP box. It should be placed in the root directory so that the user is able to run all the rules by just entering ./filename. We measured the bandwidth of the router when there was traffic between the server and more than one client (clients may be from the same or different LANs).

Figure 2. Setup Number Two for Measurement of Bandwidth of LRP Box

The graph in Figure 3 shows the performance of LRP while routing the traffic between the server and the clients. From this graph we conclude that a PI 133MHz-based Linux router is sustaining a bandwidth of about 51Mbps, and a PI 200MHz-based Linux router is sustaining a bandwidth of about 82Mbps. The measured bandwidth between two platforms that are on the same network segment (say both are at internal LAN1) was found to be equal to 90Mbps. In this case, the router is not involved in the communication. This is direct communication between two computers on 100Base-T Ethernet, start topology, so Ethernet has a practical limit of 90Mbps. The bandwidth of the PIII-based Linux router cannot be calculated due to the limitation of the physical medium of transmission.

Figure 3. Bandwidth Measurement of Linux Router

For the third configuration we set up multiple servers and multiple clients (cross-pinging). In this test setup we used two servers connected on eth0 and eth2 of the LRP box.

Figure 4. Setup for Cross-Pinging

A slight reduction (1-2% only) in the bandwidth of the Linux router was observed when there was cross-pinging of packets between server 1 and client 1 and server 2 and client 2, simultaneously.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

About Linux Router

golecha.dinesh's picture

Hi...
I am doing my BE project in Linux router But I dont get the exact idea about it and various questions arises like
is this practicaly implemented?
this project having very small apllication area can you modify it?
is it more secure?
so can you goide me for solving my problems and if you have any innovation then please convey me on my mail or here..........
(golecha.dinesh@gmail.com)........
waiting...........
good day............

Using Linux Machine as a router

Vikas khatana's picture

I am planning to use linux machine as a router and want to terminate leased line connection on it.
Can anybody suggest me that how to terminate a leased line on a PC.
I have a leased line with a modem with V.35 cable.
I want to connect this modem with linux machine through V.35 cable.

The bandwidth test with

Blanc57 (France)'s picture

The bandwidth test with different configuration is very interessant. It helped me a lot in trying to find the right configuration builfing a Linux Router. Thanks a lot for the work...

Linux Router

Sadiq Hussain's picture

I have been working on cisco routers and technology for last over 10 years and worked in Cisco Systems and recently developed interest in Linux and Linux routers. This article gave me lot of information that I needed to understand working of linux rotuers and I agree that some low cost alternative is needed to help ease and lower routing gear costs.

Try linux router from

Anonymous's picture

Try linux router from www.vyatta.com.It seems very interestedly.

Linux Routers

Keith Daniels's picture

Check out IPCop. A lot of things have changed since this article was written. It will show you what people are currently working on and give you an idea about how extensions (a al Firefox) can be used in a router system.

I set IPCop up to control the kids using p2p and locking me out of the internet by using all the bandwidth. I was impressed with what you could do with the software and how well the extensions worked.

Quite stable also.

All the new OSs and windowing systems are oriented towards content consumption instead of content production.

--Steve Daniels 2013

Linux Dual Routing+Fail Over+Control QoS

Lukas's picture

Hi, Im Lukas from Argentine. I use Linux servers for years, and this the best choice for manage network traffic and give services like Internet Connection to LAN, http web server, dns support, hosting, ssh remote conection, etc.

Now, i work in a Linux With Dual Routing or Most interfaces to the internet, but still having problems with the routes and packets.Any information is welcome.

This router offer many connections + ISP1 + ISP2 + ISP2, and fail over functions and control bandwith.

I'm networker Cisco butLinux is the best choice for an economize purpouse.

Thanks. Greetings.

Lukas (Mendoza - Argentina)

Can you tell me about OSPF support?

Anonymous's picture

I personally find the project impressive! The router as they test it can be up to the limits of the 90Mbps at the 100Mbps fast ethernet, and we naturally thing that the Linux box can also perform well with Gigabit Ethernet cards increasing the bandwidth of routing between LANs at a very high degree! The 8Mbps Wan slot(s) we can add is also just fantastic. But the big question is: What about with dynamic routing especially with OSPF (or RIPv2 / BGP)? The Linux router would be a just TREMENDUS solution when using those CPU intensive dynamic routing protocols. Commercial routers with just 50MHz processors and a little amount of RAM really suffer when using OSPF with large routing tables. I think that if the guys went that step forward then people would start construct the Linux router immediately! PPP / HDLC / Frame Relay etc. should have enough support on WAN interface too, and if they were add services such as DHCP then...the mirracle could really happen! :-) Well, I promise myself that I will construct the Linux router as soon as possible, in order to route connected networks first, but tell me please if you know about the OSPF module!!!

I used on practic Linux as

Pavel's picture

I used on practic Linux as router solution and it is perfect. I worked in Internet company where I used cisco routers and linux as routers. I had PII 800MHZ with 256M RAM. And perfomance of this router was perfect. it has 4 ethernets, many firewalls rulles and sniffer based on libpcap and postgreSQL server which collect IP traffic statistics. I have never feal that througput is lower then WAN router can support. In case of DoS somitemes cisco 2610 is dead, but Linux was alive and wrote logs. Ofcause it was hard to connect to it throught ssh ,but it was alive and responds.
Also I used BGP, OSPF on this router (used gated, zebra) with a big table (up to 200 routers in OSPF on P4 2GHz 512 RAM)
I had 4 WAN channels to router cisco 3640 and it was directly connected to the Linux router which was as bacbone router between WAN and my ISP network. It works as router, as traffic accouter and advanced firewall (kernel 2.4.20 with using utility of iptables and iproute2 package). What about policy routing? It works on Linux without problems!!! And sometimes it is more flexible then cisco.
I am cisco certified but anyway I love linux. I didnt run PRI/ISDN and HDLC WAN on linux, but it is possible. Therea meny project on Linux.
Asterisk.org - Linux with PCI Digium card - good replacement for cisco access server.
I tested Linux on real networks in Russia.
Now I am currently live in USA and many people here not understand strengths of Linux. microsoft and cisco for them is best way in IT, this is actually market influence.

How about the performance of NAT with P2P runnging ?

dtl mark's picture

Recently , i buy a linksys router , it performance is too....bad !
i have no $$$ to buy a cisco , so i thinking to make a Linux router with a old P-III 700 /w 256M RAM , i don't know the performance of this , P2P like BT , e2k , over 10,000 port open concurrent , can the p-iii reach the 100Mbps performance ?
i got a free 100BAST-T link form my ISP , yes! this is free !!! in fact 6 month test , i need to make report of performace to the isp serive every month , when i direct connect my pc to the isp link i got 70~86Mbps , but though the linksys router , it's drop to 50~60Mbps , it's not bad , sice , there have 40mbps+ , about 10 time faster than my 6M ADSL form other ISP , but when i rung p2p app , yes like bt , it's drop lower , lower ,and lower , than halt-up !!! , this $50 us router , just can't handle the high trsffic , this chep linksys router , i tested ,when i limited the concurrent port can be opened to 50 , the linksys will not halt.
but this will wasst the badnwith of the link ,
i just want to know , if the 700Mhz P-3 will work , i will but a old one to use at a router , if not , i will buy a ture router can habdel it ! , the price is $200 , well , 40 vs 200 , 5 time !

256 MB of RAM = more than 16,000 simultaneous connections

Anonymous's picture

With 256 MB of RAM you should be able to sustain a bit over 16,000 simultaneous connections by default, with tuning more, look at

http://www.wallfire.org/misc/netfilter_conntrack_perf.txt

http://forumz.tomshardware.com/network/Linksys-WRT54G-V5-Lousy-Router-ftopict21473.html

And for an easy to use linux firewall try smoothwall

HTH HAND etc...

how to design linux router

saurabh's picture

can anybody sent me documentation on "how to design linux router".

Re: The Linux Router

Anonymous's picture

Also, lets give Mr. Dave Cinege some credit here. You could've at least mentioned his name in your article. Visit http://www.linuxrouter.org/ and read about his experiences and lack of acknowledgement throughout this projects history. I know I'm ranting here but DAMN IT CORPORATE AMERICA......GIVE BACK!

Re: The Linux Router

Anonymous's picture

Why? Why would anyone give credence to the insane embittered rantings of a physchotic. He had a great idea that he started, but then refused any offers of assistence to make the project more usable. His sole answer to questions in the support forums were read the code and call people stupid.

Then he declared a day of morning when Terry Nichols was executed. You remember him dont you Dave?
http://en.wikipedia.org/wiki/Terry_Nichols
The mass murderer you viewed as a hero.

Are you still signing your name Dave 'kill a cop' Cinege?

Nichols was never executed. Y

Anonymous's picture

Nichols was never executed. You may have thought of McVeigh, but you went so far as search for the wrong guy on Wikipedia...or is this Dave so insane he called a day of mourning for someone still alive?

Re: The Linux Router

Anonymous's picture

Additionally, it would have been ideal if the cisco 2600 that was being referenced could have been tested in the mix of machines. e.g., 133, 200, 733 - to give a true "feel" for the overall performance of Linux Routers. I am silently cheering for Linux-but need direct indisputable evidence of performance as well as price and functionality. BTW: I think the layout of your work was fantastic - lets add the cisco device into the mix and retest!

Re: The Linux Router

Anonymous's picture

Has anyone done comparative tests with more than one flow of traffic?
What about traffic with the average packet size much smaller than 1500 bytes at the same level of bandwidth? It's usually the number of packets per second that will kill a router, not the throughput.
What about the number of different traffic flows, can it still cope with 50,000 traffic flows at the same throughput?

Linux is the cheap answer, but you have to remember, it's not always going to be the best, and it's not always going to perform adequately.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix