Well in this case JunOS, IOS, and Brocade would be what people know and are accustomed to, because these are common brands. But I was speaking of my experiences in working at an ISP and using vendors that most people haven't heard of. Alcatel, Atrica to name a couple, multi-service customer premise stuff or vpn. It's easy to hire people who know juniper/cisco/brocade. It takes the new guys a few months to get used to the telco specific stuff.
But this is all off-topic, I'm not slaming pf in any way i love it. I was just saying it can't hurt to try to emulate what people know if at all possible. And the fact is that junos/ios have the market share so thats what people know. As a user I'd love to see some attempt to make it happen but I'll be using pf regardless On Fri, Feb 15, 2013 at 9:05 PM, Daniel Ouellet <dan...@presscom.net> wrote: > Hi, > > I own an ISP and I see no problem using OpenBSD, or Cisco as routers and > I have no problem with the configuration of PF. I kind of find it much > simpler then Cisco. Definitely better man page for sure! (:> > > Just know, you don't need every single features of PF to have a great > router. PF does offer you more then IOS, or JunOS. The only place where > it fall short is for the hardware for you can get on Cisco or Juniper > for high end traffic and all. But as is, it's fare ahead of where it was > a few years ago and you can run lots of stuff on that I tell you! Never > the less the traffic you can pass through OpenBSD keep increasing at > each release and for any small business, it provide way more then what's > needed. > > Even Equinix have been using OpenBSD as router reflector for years now > and if you are an ISP, you know Equinix is way up there! > > So, I don't think you are really understanding what you are asking I think. > > > On 2/15/13 11:05 PM, Fil DiNoto wrote: >> I was drawing from situations where we implemented hardware from a >> less well known vendor that has a completely different configuration >> style than what most people are used to. We end up having more outages >> caused by human error to the point where the equipment gets a bad >> reputation. > > So, don;'t you have anyone that needed to learn the difference between > JunOS and IOS. There is plenty there too. Your tech just need to learn > it as they did. If you have errors with PF, then you will have the same > tech doing errors with IOS and JunOS because they are not paying any > attention to what they are doing! It's just a third OS to learn to use, > nothing more or less, but I tell you, neither IOS and JunOS have all the > information handy and exact as PF however! (:> > > I don't see that as a valid argument really. Either you are a network > engineer and learn what you work with or you don't. Plus just a side > note there is more then just Cico and Juiniper for routers as well. You > want to have Brocade use IOS syntax too? Or Nortel Network, well they > are bankrupt, so I guess yea you will not learn that one! (:> But there > is more too. Lucent have their own OS too. So, in all, it's just one > more to learn, that's all. > >> Unfortunately I have never been able to convince management to use >> OpenBSD for anything outside the lab except for a VPN server for >> internal/vendor use so I can't provide any real examples involving >> OpenBSD. > > Management are focus on Money most of the time. So, if they send all the > money you want to get the gear you need, then you should be happy. When > they run out, may be they will give PF and OpenBSD a try. Just know that > most if not all management are not innovative in nature, they all want > outside support so they can blame someone else and wash their hands of > problem, but be jumping up and done to promote their choice when all is > good so they look good. There is way more politics then good old logics > and innovations there you know right? > >> But I think with all the virtualization these days and the virtual >> network appliances for vmware and such devices like Raspberry Pi the >> software router is going to become a more popular choice in a lot of >> situations. Like me personally I have an ESXi server I lease, I'm not >> going buy/lease a hardware router/firewall to sit in front of a single >> machine with a handful of VMs on it, I use an OpenBSD VM as a router >> to the other VMs and it works wonderfully. My provider had a hard time >> understanding why I wanted another /29 routed to one of my IP >> addresses the sales guy kept saying "it won't work that way you need a >> router and all you have is one server" but eventually they made it >> happen. > > This I must say that's why I decided to answer your message as I can't > imagine of understand why you would like to run a router inside > VMWare!?!?!??! > > And don't say that it is to make it more secure please. > > You make everything more complex and you were talking about making > things simpler!?!?! A real paradox there don't you think? > > Forget that VMWare will not run on OpenBSD as the host and you know you > will loose a lots of efficiency too? > > There is a very long list why you shouldn't run a router in VMWare. Just > think about it a little and you will see why it make no sense really. > > Looks like everyone wants to run everything in VMWare these days and > thinks it's good for everything... > > May be you would gain by playing with PF more and setup routers for fun > with it. > > Just give it a chance and then after a few weeks you will wonder why > Cisco and JunOS don't do their syntax like PF really. (:> > > Just my $0.02 worth for using both and I see no need to have PF be like IOS. > > I would be way more in favor to see a company out there somewhere do > custom hardware for PF and OpenBSD to compete with Cisco routers for > example. > > Some network cards are pretty good as is, but yes it could be even > better and faster. > > I think if such a company would see the light of day, sooner then you > think Cisco would come and buy them flat out to avoid that competition. > I would be welling to bet that they would do all they can to make sure > such a thing never see the light of day! > > But wouldn't this be nice if it would!!!! > > Best, > > Daniel > > [demime 1.01d removed an attachment of type application/pgp-signature which > had a name of signature.asc]