[112248] in North American Network Operators' Group
Re: real hardware router VS linux router
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Sat Feb 21 14:42:25 2009
Date: Sun, 22 Feb 2009 04:42:15 +0900
From: Adrian Chadd <adrian@creative.net.au>
To: Leen Besselink <leen@consolejunkie.net>
In-Reply-To: <49A0559E.4050103@consolejunkie.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Sat, Feb 21, 2009, Leen Besselink wrote:
> If you had to choose, it's probably smarted to go with OpenBSD, it has a
> lot better integration of packet filter, bgpd-daemon, ospf, vrrp-like, etc.
If you'd like a hope in hell of handling higher packet rates, where
"higher packet rates" is "more than an NPE-200", then evaluate all of the
open source operating systems before making that choice. Evaluate means
"build test rig and test", not "read blog articles about how cool OpenBSD + PF
is and how it worked for one person who bothered to write a glowing review."
Too often do I come across people who have setup OpenBSD + PF, put it into
production, then wonder why things perform craptastically after a couple
hundred megabits. Convert to FreeBSD + PF, or Linux + iptables; this mostly
goes away.
(Same with Linux and freeBSD with big firewall rulesets, because they followed
blog posts and didn't bother reading the documentation..)
2c,
Adrian
