Rangachari Anand
May 11 2004
I have been reading Doc Searle's new IT garage group blog with considerable interest. When I saw this article by Ken Camp, I felt motivated to reply - especially since I work for a small network equipment vendor (definitely not Cisco!) that specializes in wireless LAN equipment.
Most of the articles that I have seen so far are about DIY IT using open source components at the middleware and application layers. But would it be possible to extend the DIY concept down the networking stack? After all, a large body of open source code is available that would allow one to implement routers, firewalls, VPNs, WLANs and network management. While this is an interesting thought exercise, for reasons that I will describe, I am afraid that this will have to remain a thought exercise for now.
An organization is likely to consider DIY networking is unlikely to be very small or very large:
It goes without saying that if you are going to deploy, say, a self-assembled firewall, you ought to really know what you are doing. Apart from configuring it properly, you need to be very alert to security vulnerabilities and apply patches diligently. When all is said and done, its not clear how much money has been saved.
In my opinion, the main reason for adopting DIY networking is for special functions not satisfied by any commercial product. In such cases, open source tools are a good starting point for building your solution. Compared to Apache and MySQL, however, these tools are in far less common usage. An IT manager who proposes the use of MySQL can point to the large installed base as justification. Most Linux networking projects do not have such large user communities. This certainly makes it harder to build a case for the use of these technologies.
The case of my own company is instructive. We have several Computer Science PhDs who know a lot about Linux and security in general. When the company was founded, everyone was in favor of using Linux tools for all IT functions. Ultimately however, management decided that it was more productive to have developers work on our product instead of fixing the firewall or helping a sales person figure out why he could not set up a VPN tunnel. Ultimately, we just gave in and bought a Cisco Pix firewall and VPN gateway instead of rolling our own.
May 11 2004
I have been reading Doc Searle's new IT garage group blog with considerable interest. When I saw this article by Ken Camp, I felt motivated to reply - especially since I work for a small network equipment vendor (definitely not Cisco!) that specializes in wireless LAN equipment.
Most of the articles that I have seen so far are about DIY IT using open source components at the middleware and application layers. But would it be possible to extend the DIY concept down the networking stack? After all, a large body of open source code is available that would allow one to implement routers, firewalls, VPNs, WLANs and network management. While this is an interesting thought exercise, for reasons that I will describe, I am afraid that this will have to remain a thought exercise for now.
An organization is likely to consider DIY networking is unlikely to be very small or very large:
- At the very low end, equipment from companies such as LinkSys , D-Link, NetGear etc SOHO equipment is already about as cheap as it can get. Of course, if one is determined, you could buy a nice little Soekris box and load it with open source software such as the PicoBSD based theWall. This is however strictly for experts - definitely not something the average small company could do. In addition, there would be no cost savings. The commercial products (some of which are based on Linux themselves) are likely to be cheaper than assembling them yourself. For example, a bare Soekris 4511 bought individually is $192. This is already more expensive than comparable boxes from Linksys etc.
- At the high end, of course its no contest. Generic PC based equipment simply does not compete against purpose-built equipment from Cisco, Nortel etc. Nevertheless, when it comes to network management, one could could go pretty far with open source tools such as OpenNMS
It goes without saying that if you are going to deploy, say, a self-assembled firewall, you ought to really know what you are doing. Apart from configuring it properly, you need to be very alert to security vulnerabilities and apply patches diligently. When all is said and done, its not clear how much money has been saved.
In my opinion, the main reason for adopting DIY networking is for special functions not satisfied by any commercial product. In such cases, open source tools are a good starting point for building your solution. Compared to Apache and MySQL, however, these tools are in far less common usage. An IT manager who proposes the use of MySQL can point to the large installed base as justification. Most Linux networking projects do not have such large user communities. This certainly makes it harder to build a case for the use of these technologies.
The case of my own company is instructive. We have several Computer Science PhDs who know a lot about Linux and security in general. When the company was founded, everyone was in favor of using Linux tools for all IT functions. Ultimately however, management decided that it was more productive to have developers work on our product instead of fixing the firewall or helping a sales person figure out why he could not set up a VPN tunnel. Ultimately, we just gave in and bought a Cisco Pix firewall and VPN gateway instead of rolling our own.