On 12/15/11 6:15 AM, Kostas Zorbadelos wrote: > Greetings to all, > > we are running a project to anycast our DNS resolver infrastructure. The > case is a big commercial country-wide IP network. The company uses Linux > extensively in the infrastructure but no BSDs. > > I keep an eye on OpenBSD developments (mostly high level) and use the > system personally, but I have no personal experience in larger setups and > production services. I find the project a good match for OpenBSD, > because of the system's strong networking features and routing > support. I will definitely include OpenBSD in our tests and hopefully > make a case for it, to introduce it in our infrastructure. > > The main contenders as you realise are Linux-based setups with either > Quagga or BIRD. As for DNS software we will stick with BIND for now and > perhaps consider UNBOUND in the future (when the future involves > DNSSEC). From what I have seen so far in various sources, people mention > Quagga's scalability problems and maybe old architecture while good > words are said about BIRD. We are after a solid OSPF implementation both > v2 and v3 (IPv6). I have seen OpenBSD's routing software architecture > and I like it a lot and I also have a high regard for the system's > quality. > > Of course personal taste is not enough as you understand to support a > case of introduction of a new platform in a production, commercial > environment with A LOT of contraints mostly non-technical. The questions > therefore are: > > - has anyone done anything similar using OpenBSD that would like to > share? >
I can't speak for anycast DNS deployments, but I use OSPF heavily in large production environments and have had a great experiences with it. > - how would you compare with facts and not flamewars OpenOSPFd against > Quagga or BIRD implementations? > I haven't used BIRD, but Quagga worked well when I used it. On that note, the OpenBSD network stack seems a lot better tuned for production routing services than an out of the box Linux install from any vendor. You also get to run on a code base that was carefully designed and audited rather than hacked together by a bunch of third parties with varying skills and interests when running OpenBSD. > - what is your opinion about using a latest version of BIND from ISC > instead of the BIND distribution coming with OpenBSD? > The BIND distribution included in the base install is fine. > - is there any option of commercial support? > There are lots of great third party support providers. http://www.openbsd.org/support.html > - would you consider Java support on OpenBSD "production quality"? Seems > irrelevant but we might utilize some Java tools for > measurement/statistics > I've never used it, but I wouldn't even bother because there are no native Java builds available for OpenBSD, and thus it's going to be untested and completely unsupported. From the sounds of it, you need to rethink your monitoring strategy and consider using SNMP and a central statistics server running the software of your choice. > Thanks for the very good and hard work on the system. > I would be interested to hear any thoughts even off-list. > > Regards, > > Kostas > -- James Shupe
