OpenBGPd - Multi-home ISP : DDoS Protection
Dear OpenBSD-Misc, First of all, awesome work on the OpenBGPd and BFD code. I'm working on a WAN setup for an enterprise and we are migrating from static route WAN to a full fledge BGP transit in a multi home environment for the specific purpose of providing the best possible path/route to our service catalogue. The service catalogue within the enterprise is orchestrated by a private vmware cloud with added software defined networking (micro-segmentation) capabilities within the private cloud via NSX. My concern is about DDoS protection from the ingress traffic, in my logic it makes no sense to contract a service such as Imperva or Cloudflare as DDoS protection on the network level, as proper PF (firewall) rules in place should protect us at line rate. My doubts are: - Are the rules provided for anti-ddos sufficient? Is there a good soul to share some rulesets? - Am I out of my mind for choosing OpenBGPd/OpenBSD for my transit WAN? I love the fact that we're sandboxed and hyperthreaded and am particularly content with the resolution of convergence time problems ( http://undeadly.org/cgi?action=article&sid=20151106171337&mode=expanded) - Is there a way to contract a support in case sh*t hits the fan with OpenBGPd? - What are the best tools to supervise and test bed the performance of an OpenBGPd instance? (most the definately the dumbest question) Again, love the fact I can get some sleep with OpenBSD/OpenBGPd, please do get back to me for commercial support to calm the nerves. Sincerely, Uday MOORJANI
OpenBSD BFD Implementation
Dear Misc Hope all is fine. I'm trying to find an implementation of BFD for OpenBSD and I read Peter's that is was still under development. My questions are: - Has anyone tried OpenBFDd on OpenBSD? - Same question but with BIRD's implementation of BFD? Read on a forum that BIRD on OpenBSD doesn't support BFD, but I'm having doubts as the website of BIRD says otherwise. Thanks guys, Uday
gKrypt GPU Accelerated Encryption for OpenBSD
Hi Guys, Do you think this would be a good project to port? I have a personal project based on OpenBSD (not limited to), it's a network function for the SDDC space; since scalability is CPU intensive I believe the ability to offload encryption hooks native to OS used by services (VPN, SSL/TLS, SSL-VPN, SSL Offloading etc..) in the SDDC could be a good addition to OpenBSD, a great niche as well. :) Glad to hear your thoughts. Sincerely, Uday M
Re: gKrypt GPU Accelerated Encryption for OpenBSD
PS. This seems to be a proprietary project, on the other thoughts are towards a new open source BSD license integration of commodity GPU to native encryption in OpenBSD. If this has already been done, by all means please advise as to where I can get more information. On Fri, Mar 3, 2017 at 11:51 AM, Uday MOORJANI wrote: > Hi Guys, > > Do you think this would be a good project to port? I have a personal > project based on OpenBSD (not limited to), it's a network function for the > SDDC space; since scalability is CPU intensive I believe the ability to > offload encryption hooks native to OS used by services (VPN, SSL/TLS, > SSL-VPN, SSL Offloading etc..) in the SDDC could be a good addition to > OpenBSD, a great niche as well. :) > > Glad to hear your thoughts. > > Sincerely, > > Uday M
OpenBSD 6.0 - Silicom PE2G4SFPI35L Intel i340AM4 based
Dear Community, Hope all is well. I'm on my last stretch to put in production our OpenBSD/OpenBGPd implementation. I have chosen a SuperMicro box as my platform, some of our transit providers at the data center come in through 1000-Base-LX fiber cross connects hence the search for an SFP and LX capable network card. My question is, does the em driver work with Intel-based network cards of other vendors such as the Silicom PE2G4SFPI35L or the PE2G4SFPI80L, both respectively are based on Intel i340AM4 and 82580EB controllers. Or is there another card with 4-Ports 1000-Base-LX capable hardware I missed? Sincerely, Uday MOORJANI PS Loving the OS.
Re: OpenBSD 6.0 - Silicom PE2G4SFPI35L Intel i340AM4 based
Stuart, Thank you for your quick response. We are in requirement of a 4-Port 1000Base-LX capable network card, whether it's 10GbE or 1GbE it doesn't matter. I took a look a the vendor, and I have to say it feels awesome learn something new every day. I did not know this vendor and the mere fact that they openly support OpenBSD is reassuring. I'll have my distributor take a look at it. Thanks a lot. /Uday On Fri, Mar 10, 2017 at 1:47 AM, Stuart Henderson wrote: > On 2017-03-09, Uday MOORJANI wrote: >> Dear Community, >> >> Hope all is well. I'm on my last stretch to put in production our >> OpenBSD/OpenBGPd implementation. I have chosen a SuperMicro box as my >> platform, some of our transit providers at the data center come in >> through 1000-Base-LX fiber cross connects hence the search for an SFP >> and LX capable network card. >> >> My question is, does the em driver work with Intel-based network cards >> of other vendors such as the Silicom PE2G4SFPI35L or the PE2G4SFPI80L, >> both respectively are based on Intel i340AM4 and 82580EB controllers. > > I haven't tried those Silicom cards but I have a couple of 6-port > HotLava 1000base-T em(4) cards which are working nicely. > > I don't see I340AM4 on the list in the em(4) manual. I can't say whether > this is just an omission from the manual, or whether it's unsupported. > 82580EB is listed there. > >> Or is there another card with 4-Ports 1000-Base-LX capable hardware I >> missed? >> >> Sincerely, >> >> Uday MOORJANI >> >> PS >> Loving the OS. >> >> > > When I had a circuit delivered on single-mode fibre I couldn't find > a suitable 1Gb SFP card for any sensible money so I used a 10Gb card > instead (in my case some 82599-based Intel SFP+ which uses the ix(4) > driver), which also work with 1Gb SFPs. > > $ ifconfig ix1 | grep -e ^ix -e media > ix1: flags=8843 mtu 1500 > media: Ethernet autoselect (1000baseLX full-duplex,rxpause,txpause) > > $ dmesg | grep ^ix1 | tail -1 > ix1 at pci1 dev 0 function 1 "Intel 82599" rev 0x01: msi, address > 00:1b:21:c0:25:bd
