I was drawing from situations where we implemented hardware from a less well known vendor that has a completely different configuration style than what most people are used to. We end up having more outages caused by human error to the point where the equipment gets a bad reputation.
Unfortunately I have never been able to convince management to use OpenBSD for anything outside the lab except for a VPN server for internal/vendor use so I can't provide any real examples involving OpenBSD. But I think with all the virtualization these days and the virtual network appliances for vmware and such devices like Raspberry Pi the software router is going to become a more popular choice in a lot of situations. Like me personally I have an ESXi server I lease, I'm not going buy/lease a hardware router/firewall to sit in front of a single machine with a handful of VMs on it, I use an OpenBSD VM as a router to the other VMs and it works wonderfully. My provider had a hard time understanding why I wanted another /29 routed to one of my IP addresses the sales guy kept saying "it won't work that way you need a router and all you have is one server" but eventually they made it happen. On Fri, Feb 15, 2013 at 6:48 PM, Theo de Raadt <dera...@cvs.openbsd.org> wrote: >> I would like to offer a suggestion though from my experience, >> simplifying the configuration of a device greatly increases its >> security, operationally. So if users (network IT staff) are presented >> with something vaguely familiar to what they would encounter in the >> other equipment like cisco or juniper they would be far less likely to >> make a mistake that would result in an outage or security problem. So >> as superficial as this might seem to you in practice I think it would >> have a large impact > > This is a grand dilusion. > > Show me how you do the power and control that pf gives on a Cisco or > Juniper. > > Your metaphor is like shoes vs 737. > > You have to prove that first; otherwise, your entire paragraph is based > on false premises.
