In the previous post I gave you the briefest insight into the JUNOS software architecture by telling you that its kernel is based on FreeBSD. Juniper developers start turning a FreeBSD kernel into a JUNOS kernel by reviewing the FreeBSD code line-by-line, removing all unwanted components and drivers. Some of the code is rewritten to match internal Juniper style guidelines, and the code is commented as needed. Juniper-specific “hooks” are then added.
This process (which is occasionally repeated when Juniper decides to incorporate FreeBSD updates into JUNOS) results in a kernel that, although based on FreeBSD, is no longer FreeBSD. It’s a JUNOS kernel now and is treated with the same management and change control processes as any other internal code.
The kernel is then the foundation and common component on which the rest of JUNOS is built. And that brings us to the next important characteristic of JUNOS: It’s a modular operating system.
Why Modularity Matters
The various functional components of JUNOS are separated into modules, called daemons. For example, there is the Routing Protocol Daemon (RPD) that runs all the routing protocols, a Device Control Daemon (DCD) that controls all the interfaces, a Chassis Daemon to control the chassis hardware, a Management Demon, and so on.
Each of the modules runs in its own protected memory space, and no module can use memory belonging to another module – thus protecting against various memory overruns and similar errors. The kernel supervises everything, managing intercommunications among the modules and with the physical system.
One of the benefits of such a modular architecture is that if a software bug or some sort of network event causes a functional failure, the failure is usually isolated to the module supporting that function, rather than causing a systemwide crash. So for example a bug, a severe misconfiguration, or a malicious protocol attack against OSPF might cause the RPD to fail, but the rest of the system stays up so that you can still gain access to the box to correct the problem.
Similarly, a bug fix can be issued for a single module. Rather than taking the system offline and replacing the entire OS, a problem module can be individually replaced and brought back online without the need to perform a full system restart.
Major new functional components can also be added to the operating system by adding a new module, which sharply reduces the amount of regression testing that must be performed during new feature development.
Modularity also matters in that when you have a codeset with boundaries and defined interface points for communication outside of the module, it is far easier for a reasonably small team of engineers to manage the code and understand it intimately. When changes are to be made, the complete effect of those changes can be clearly understood; when a bug arises, it can be quickly located and remedied.
All of these qualities mean that modular operating systems tend to be much more reliable and stable.
IOS and Modularity
Cisco’s IOS is not modular, due to the different circumstances of the networking world that existed when IOS was created. It’s reasonable to assume that Cisco will, at some point, release a modular operating system for broad use across most of its routers – whether that system is called IOS or something different.
You can already see the early moves in that direction with IOS-XR. This operating system is completely modular, and carries many features similar to JUNOS. The problem with IOS-XR, however, is that it is limited to the CRS and GSR routers; it can’t be run on smaller platforms.
Then there is ION, a sort of modularized IOS but again limited to just some platforms.
I asked Russ White at Cisco if there are plans to modularize IOS. “The question isn’t ‘Are there any other plans to modularize IOS?’” he replied, “but rather, ‘Which of the 5,968 existing plans will the IOS folks actually choose?’”
I like that answer; it says there are definite plans afoot, it’s just a matter of choosing the right one. That could be quite a challenge, given the diversity of platforms that currently run IOS and the diversity of IOS releases. The move to a “modular IOS” is likely to be evolutionary rather than a sudden jump from monolithic to modular.
The JUNOS Release Train
All of that diversity in IOS is something Cisco Systems and Cisco users have struggled with for a long time. JUNOS, on the other hand, has a linear release train: For any given release there is a single image that runs on all routing platforms (except the E series and Netscreen, post-JUNOS acquisitions that have been difficult to adapt to JUNOS). There are also no separate feature packages; if you want IPv6 or MPLS or IP multicast, it’s all in the one image.
Juniper is also adamant about not adding new features to existing releases; new features always come in the next release in line.
This principle of one image for all platforms, all features in one image, and no new feature development in production releases means that internal code management and regression testing of new features is greatly simplified. It also means simplified, safer upgrades for Juniper customers.
In the next post, we’ll begin looking at the organization of the JUNOS configuration file.
Jeff Doyle is president of Jeff Doyle and Associates, an IP network consultancy. Jeff is the author of Routing TCP/IP, Volumes I (read an excerpt) and II and of OSPF and IS-IS: Choosing an IGP for Large-Scale Networks. He is a frequent speaker on IPv6, MPLS, and large-scale routing.
|
|
Cisco has no plan
Russ White's answer should be taken as sarcastical, instead of the implication that Cisco really has many plans. I interpreted his answer as Cisco really has no plan and is internally at war on what to do about this structurally competitive disadvantage.
I really enjoy this series.
Why does not IOS's inferior architecture translate to Cisco's losing marketing share? It appears that they are doing just fine business-wise. Is the OS architecture customer ambivalent?
Re: Cisco has no plan
Certainly Russ's comment was meant to be tongue-in-cheek, but I think it does indicate that Cisco recognizes the need to modernize IOS but also recognizes the need to sort through a bunch of different approaches. Do they come out with an entirely new OS? Do they somehow adapt IOS-XR to smaller platforms? Do they evolve IOS in increments?
Personally I think it will be the latter, gradually compartmentalizing functions and introducing a kernel. That's a big job, considering the number of platforms IOS must support.
There's also the challenge of insuring that they don't introduce something too suddenly that is to different from legacy IOS; that could run the risk of upsetting the zillions of current IOS users.
Keep in mind that IOS was created -- what, 25 years ago? As I said in an earlier post, circumstances in the networking world were quite different then, and part of the challenge Cisco faces now is an artifact of their enormous success in the intervening years. The installed base of IOS platforms is huge, and it will take a huge effort to make significant changes to that base.
--Jeff
Re: Cisco has no plan
Hi Jeff,
After reading through the content. I really doubt whether Cisco would ever go through the IOS modularization process.
One technology which they some how tried to master from competitor (VSS in Cisco and SMLT in Nortel) has not seen any takers as of now. Fundamentaly we all know how both of them work on the switch side. I believe that Cisco might take the virtualization way to approach this issue. I am personally a huge fan of IOS and I believe that they have been the backbone of networking through many years.
I happen to know some interesting updates from Nortel folks about their virtualization road map. They talked a lot but let us see as their product hits the market. We will come to know.
Regards,
Satyajit
Cisco already moving on this
Actually I believe Cisco is already modularizing IOS, just slowly in little niblets. We deploy a lot of 6500s and were wondering what the difference is between them and 7600s (a fairly common question according to the 6500 and 7600 people), so we managed to get a subject-matter expert out from Cisco to talk to us about that. The 6500 and 7600 even share the same IOS up until a point. Here's where I start working off of shoddy memory.
The last shared code is 12.2.18-SXFblahblahconfusingblah. After that the code tree is either 6500 or 7600, but not both, and it's slightly modular, with plans to become more so. Headline-worthy? Not really. But indicative that IOS coders and their managers aren't sitting in basements sifting through goto statements.
There's a term for this phenomina in the political/economic world, but that term escapes me at this point (meh). Essentially countries that were late to the mondernization/industrialization party got to leapfrog over early countries like the US and Western Europe, skipping crappy technologies entirely and starting several generations deep. No legacy infrastructure, or in this case, no legacy garbage code floating around to do weird things like enable people to run ATM on their desktops.
Cisco is so big though, these wheels of justice will indeed turn slowly.
Off-Topic
Hello Jeff,
This is completely off topic however didn't know how else to post. Can you pls explain possibly go over the reasons to use TCP or UDP as transport for a routing protocol. As in TCP was chosen as transport protocol for BGP however OSPF it was run directly over IP. Is there transport for OSPF? What is fundamental concept of using a transport for a routing protocol. Looking forward to reply. Thx
Re: Off-Topic
Hi,
The choice is a combination of how the protocol designers want the protocol to behave, when the protocol was designed (more recent protocol designs benefit from more modern and extensive industry experience) and the philosophy of the designers (how much reliability do they want in the protocol, and how should that reliability be accomplished).
OSPF, for example, runs natively at the IP layer (protocol number 89), with no upper layer transport -- all of its reliability features are built into the protocol itself. The same is true of EIGRP (protocol number 88).
BGP, on the other hand, uses TCP and leverages the inherent TCP reliability features; BGP itself, then, is much simpler than OSPF because of its lack of "built-in" reliability mechanisms like sequencing, acknowledgements, and retransmissions.
Then there's RIP, an ancient protocol, which uses UDP for transport and has very little reliability either built-in or in the transport layer.
--Jeff
iBGP
Hi Jeff,
Thank you for all your posts. I had a query regarding why would you want to use iBGP and what are the requirements and best practices with regards to iBGP. would you possibly go over the reasons that one would run iBGP and when not to run iBGP or when is it not required to run iBGP? Thanks
Re: iBGP
Hi,
Can you describe the context in which you're asking the question? Do you mean circumstances for running iBGP in general in any network, or under particular service environments such as MPLS-based VPNs, VPLS, etc.?
--Jeff
iBGP
Hi Jeff,
Thanks for replying. I was referring to iBGP in general non MPLS-based networks. When would you absolutely need to run iBGP or are there any design guidelines for running iBGP. I am not referring to multi-router multihomed ISP connection but for example an enterprise core network that runs BGP internally between sites for eg. What would be the absolute requirement to run iBGP in that case. Thanks
Re: iBGP
Hi,
IBGP is usually only needed for a transit AS. It can be used for a multihomed stub AS when there are enough differences between the routes being learned from the multiple EBGP peers that you need more granularity of information than just a default route. In the enterprise case you cite, you might need IBGP if you are setting up multiple ASs (presumably using private AS numbers in that case) and you need for packets from an AS to transit multiple routers in another AS. But unless you have a very large enterprise network, you probably have no need of something like that.
--Jeff