I'm amazed at the fact that people are actually comparing FreeBSD with
pf to Juniper routers. I've a bit of experience with M20s and M40s, and
I can assure you they're VERY different than a little x86 PC routing
packets, and are significantly faster due to hardware routing.
For example, you should be aware of a pf(4) bug that was only recently
fixed. Our FreeBSD systems only use ACLs + state track, and have low
network I/O (600kbit/sec) -- yet this sort of thing impacts production
packets on a webserver:
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/125261
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/pf/net/pf.c
Max committed the fix to CURRENT, and it should be MFC'd on the 11th. I
hope it gets backported to RELENG_6 as well, since it's pretty major
(IMHO).
Yes. That's my main personal reason to work with OpenBSD instead of
FreeBSD when I need PF dedicated device.
My point isn't to insult or poke fun at pf or FreeBSD. I'm simply
stating "if you really think an x86 box with pf is better than a
Juniper, you're sadly mistaken". I'm not telling you to go out and buy
a Juniper either, especially if it's out of your price range -- but you
really need to be more aware of the differences before toting the "my
FreeBSD box can do the job better!" attitude. I'm glad FreeBSD with pf
works for you, though.
Good reasoning Jeremy.
I don't say that x86 pf-based box is better than Juniper. I only comment
that, in my case, I do all I need with two standard boxes instead of
expensive Juniper device. Anyway it's clear if one day the best solution
is Juniper device, I will purchase it. But at present moment, isn't
(300Mpbs/500Mpbs)
On the other hand, I find it amusing that Juniper's routers use ATA
disks. A single disk failure results in the system becoming unusable
administratively (requiring a reboot), while the routing engine still
works fine (e.g. packets are still routed properly, ACLs applied,
etc.). Config data is kept on CF, so that isn't lost. You just can't
SSH into it, and all you'll see on serial console is repetitive ATA and
SMART errors. I've seen this happen on three separate routers on three
separate occasions at my workplace.
Interesting.
My OpenBSD+PF FWs runs at present with ATA disks also, but I'm designing
a CF-based new implementation.
;)
--
Thanks,
Jordi Espasa Clofent
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
