Hi, I own an ISP and I see no problem using OpenBSD, or Cisco as routers and I have no problem with the configuration of PF. I kind of find it much simpler then Cisco. Definitely better man page for sure! (:>
Just know, you don't need every single features of PF to have a great router. PF does offer you more then IOS, or JunOS. The only place where it fall short is for the hardware for you can get on Cisco or Juniper for high end traffic and all. But as is, it's fare ahead of where it was a few years ago and you can run lots of stuff on that I tell you! Never the less the traffic you can pass through OpenBSD keep increasing at each release and for any small business, it provide way more then what's needed. Even Equinix have been using OpenBSD as router reflector for years now and if you are an ISP, you know Equinix is way up there! So, I don't think you are really understanding what you are asking I think. On 2/15/13 11:05 PM, Fil DiNoto wrote: > I was drawing from situations where we implemented hardware from a > less well known vendor that has a completely different configuration > style than what most people are used to. We end up having more outages > caused by human error to the point where the equipment gets a bad > reputation. So, don;'t you have anyone that needed to learn the difference between JunOS and IOS. There is plenty there too. Your tech just need to learn it as they did. If you have errors with PF, then you will have the same tech doing errors with IOS and JunOS because they are not paying any attention to what they are doing! It's just a third OS to learn to use, nothing more or less, but I tell you, neither IOS and JunOS have all the information handy and exact as PF however! (:> I don't see that as a valid argument really. Either you are a network engineer and learn what you work with or you don't. Plus just a side note there is more then just Cico and Juiniper for routers as well. You want to have Brocade use IOS syntax too? Or Nortel Network, well they are bankrupt, so I guess yea you will not learn that one! (:> But there is more too. Lucent have their own OS too. So, in all, it's just one more to learn, that's all. > Unfortunately I have never been able to convince management to use > OpenBSD for anything outside the lab except for a VPN server for > internal/vendor use so I can't provide any real examples involving > OpenBSD. Management are focus on Money most of the time. So, if they send all the money you want to get the gear you need, then you should be happy. When they run out, may be they will give PF and OpenBSD a try. Just know that most if not all management are not innovative in nature, they all want outside support so they can blame someone else and wash their hands of problem, but be jumping up and done to promote their choice when all is good so they look good. There is way more politics then good old logics and innovations there you know right? > But I think with all the virtualization these days and the virtual > network appliances for vmware and such devices like Raspberry Pi the > software router is going to become a more popular choice in a lot of > situations. Like me personally I have an ESXi server I lease, I'm not > going buy/lease a hardware router/firewall to sit in front of a single > machine with a handful of VMs on it, I use an OpenBSD VM as a router > to the other VMs and it works wonderfully. My provider had a hard time > understanding why I wanted another /29 routed to one of my IP > addresses the sales guy kept saying "it won't work that way you need a > router and all you have is one server" but eventually they made it > happen. This I must say that's why I decided to answer your message as I can't imagine of understand why you would like to run a router inside VMWare!?!?!??! And don't say that it is to make it more secure please. You make everything more complex and you were talking about making things simpler!?!?! A real paradox there don't you think? Forget that VMWare will not run on OpenBSD as the host and you know you will loose a lots of efficiency too? There is a very long list why you shouldn't run a router in VMWare. Just think about it a little and you will see why it make no sense really. Looks like everyone wants to run everything in VMWare these days and thinks it's good for everything... May be you would gain by playing with PF more and setup routers for fun with it. Just give it a chance and then after a few weeks you will wonder why Cisco and JunOS don't do their syntax like PF really. (:> Just my $0.02 worth for using both and I see no need to have PF be like IOS. I would be way more in favor to see a company out there somewhere do custom hardware for PF and OpenBSD to compete with Cisco routers for example. Some network cards are pretty good as is, but yes it could be even better and faster. I think if such a company would see the light of day, sooner then you think Cisco would come and buy them flat out to avoid that competition. I would be welling to bet that they would do all they can to make sure such a thing never see the light of day! But wouldn't this be nice if it would!!!! Best, Daniel [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
