ImageStream's Rebel Router
The box arrives and the glee of a child at Christmas washes over me—a new toy to play with. Only this is no ordinary toy. This is a DS3 (T3) router that costs under $4,200 US. Three years ago I would have scoffed at the possibility of such a thing. I was used to the world of Nortel and Cisco, a world in which a router this powerful cost as much as a new car and, in some cases, a small house. It was a world in which RAM and card upgrades became necessary due to the growing number of routes on the Internet, and the aforementioned companies would charge in excess of $15,000 US for an upgrade that really didn't allow your router to do anything it wasn't doing the year before. And it was aworld in which good technical support meant signing a $10,000/year contract. Boy, the world has changed since then.
Anyhow, back to the box. Opening it, I find the new and improved Rebel Router from ImageStream. For those of you who don't know, ImageStream makes Linux-based routers that are capable of wire-speed throughput yet are incredibly flexible and inexpensive. I have been using theses routers for the past two years, both in my network and in customer networks, with great success. The new Rebel Router comes in a black rackmount case about the size of a Cisco 2500 (height: 1U, depth: 10.75"). The front is adorned with the ImageStream logo and a blue LED that really makes it stand out on a network rack. The back panel includes dual 10/100 Ethernet ports, an auxiliary console port, a couple of fans for cooling and two PCI card slots. In order for me to test this router for Linux Journal, I requested a configuration that I could use to replace my current network router. Because of those needs, my configuration includes a single DS3 card and a Quad T1 card.
Upon opening the case, I was struck by the neat layout. The case is segmented into three parts. The left side of the case contains the single power supply. The central section contains what is essentially a PC-based motherboard sans PS/2 and parallel ports. The right side contains the area for the serial cards. ImageStream sells cards for this router in the following capacities: single or quad 10/100 Ethernet; single, double, quad or octal port T1; and single DS3. ImageStream does sell Dual DS3 cards, but they don't recommend them for this router. Instead they recommend a platform with multiple CPUs for a multiple DS3 configuration. On a further note, under the recommended configurations they guarantee wire speed.
Now to the real point of this review: what can the Rebel Router do? One great feature of this router is its ability to bond multiple interfaces. For instance, you can bond two T1s to get a 3Mb channel as opposed to a fractional DS3. This can come in handy if you want to avoid the high local loop charges associated with most DS3s. As the marketing literature says, you can provide connectivity for up to 16 T1/E1s or one DS3/E3, but aside from the level of throughput, the most impressive part of this router is the routing capabilities. The Rebel Router uses GateD, originally developed by Merrit. These are the same people that developed the Radius standard, as well as many other technological advances used on the Internet today. GateD supports static, RIP, OSPF and, most importantly (for ISPs and large companies), BGP-4 routing.
For those unaware, BGP-4 is the standard used to route traffic across the Internet dynamically, and it is used in almost all configurations that are truly redundant (i.e., connections to more than one upstream provider). As the Internet has exploded in growth over the past few years, so have the number of routes in the routing tables. This has caused many ISPs to have to upgrade their RAM, which can be prohibitively expensive, as I mentioned above. ImageStream uses a relatively off-the-shelf, unbuffered RAM that is inexpensive when compared to the proprietary RAM sold by other router manufacturers. Combine this with the fact that these routers are slightly modified PCs using Intel processors, that you have your choice of the 2.2.14 or 2.4 Linux kernel, and you get an incredibly powerful router without the hefty price tag of something that is totally proprietary.
Some of the other wonderful features of this router are the result of its Linux-based nature. For example, If you are like me and wouldn't use Telnet on your servers to save your soul, then guess what? You don't have to on your routers either. All ImageStream routers allow you to turn off Telnet in favor of SSH. If you don't feel like learning a new firewall language or messing around with access lists, then you can use the ipchains that come with the current 3.2 distribution. The 2.4 kernel, and therefore iptables, are also available. In addition, if you truly hate to use menus to get things done, you can always drop to the shell and do anything that you would do in a normal Linux system. Because all of the files for configuring your interfaces, routing, firewalling, etc., are in ASCII format, you can open them in vi or Pico and make your changes.
Other great features of the Rebel include the ability to see the traffic flowing through the router in real time. ImageStream routers come with a program called Stats that works just like the top command (also available from the command line), except that instead of seeing system resources you can see your interface-usage statistics. This feature helps a great deal when you're troubleshooting. Another great feature is the QOS system that uses Diffserv to allow you to limit bandwidth and shape parts of your network down to the single-IP level. This can become essential in a limited bandwidth environment if you need to give priority to certain types of traffic.
One of the new services that this router provides is IPSec using FreeS/WAN. This is something I had never played with prior to this router test, so I ended up getting on the phone with the support staff at ImageStream because I did not want to chance doing something wrong and taking my network down. I spoke with Josh, who was very knowledgeable and friendly and helped me set up a test VPN. We first set up a subnet-to-subnet VPN. This setup took about 15 minutes, as I was a newbie and wanted to understand everything about it. Once that was done we were able to set up additional VPN tunnel variations rapidly, including subnet-to-PC and PC-to-PC.
Over the span of the week that I tested the router, it performed flawlessly. Because I have used ImageStream routers before, I felt totally confident that it would perform without a hitch as the core of my network, and it didn't let me down. During that time period I added an additional T1 to the network, changed the BGP-4 AS number and added another block of addresses in the normal course of business. In addition, I tested the IPSec service and did DS3 throughput tests, all without a hitch.
Finally, the most important feature of these routers is the support. I have used ImageStream routers for almost two years now and have found that the biggest savings in the purchase of these routers is the support. ImageStream's support personnel are knowledgeable, friendly and go out of their way to ensure that you are happy with the product. The best part about dealing with ImageStream is that there are no support contracts. They provide 24/7 tech support and free software updates for the life of the product, and they warranty the hardware for a year. That being said, there is nothing on the market today that can touch the Rebel Router from a cost/savings perspective.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide