2013/2/16 Fil DiNoto <fdin...@gmail.com>: > Well in this case JunOS, IOS, and Brocade would be what people know > and are accustomed to, because these are common brands. But I was > speaking of my experiences in working at an ISP and using vendors that > most people haven't heard of. Alcatel, Atrica to name a couple, > multi-service customer premise stuff or vpn. It's easy to hire people > who know juniper/cisco/brocade. It takes the new guys a few months to > get used to the telco specific stuff. > > But this is all off-topic, I'm not slaming pf in any way i love it. I > was just saying it can't hurt to try to emulate what people know if at > all possible. And the fact is that junos/ios have the market share so > thats what people know. > > As a user I'd love to see some attempt to make it happen but I'll be > using pf regardless
Well, noone stops anyone here from writing such shell and create OpenBSD port for this stuff. We already have Firewall Builder port outta there, for example... oh, wait, the developers went off the project recently. Will this happen to PFSH or whatever it will be called, too?.. > On Fri, Feb 15, 2013 at 9:05 PM, Daniel Ouellet <dan...@presscom.net> wrote: >> Hi, >> >> I own an ISP and I see no problem using OpenBSD, or Cisco as routers and >> I have no problem with the configuration of PF. I kind of find it much >> simpler then Cisco. Definitely better man page for sure! (:> >> >> Just know, you don't need every single features of PF to have a great >> router. PF does offer you more then IOS, or JunOS. The only place where >> it fall short is for the hardware for you can get on Cisco or Juniper >> for high end traffic and all. But as is, it's fare ahead of where it was >> a few years ago and you can run lots of stuff on that I tell you! Never >> the less the traffic you can pass through OpenBSD keep increasing at >> each release and for any small business, it provide way more then what's >> needed. >> >> Even Equinix have been using OpenBSD as router reflector for years now >> and if you are an ISP, you know Equinix is way up there! >> >> So, I don't think you are really understanding what you are asking I think. >> >> >> On 2/15/13 11:05 PM, Fil DiNoto wrote: >>> I was drawing from situations where we implemented hardware from a >>> less well known vendor that has a completely different configuration >>> style than what most people are used to. We end up having more outages >>> caused by human error to the point where the equipment gets a bad >>> reputation. >> >> So, don;'t you have anyone that needed to learn the difference between >> JunOS and IOS. There is plenty there too. Your tech just need to learn >> it as they did. If you have errors with PF, then you will have the same >> tech doing errors with IOS and JunOS because they are not paying any >> attention to what they are doing! It's just a third OS to learn to use, >> nothing more or less, but I tell you, neither IOS and JunOS have all the >> information handy and exact as PF however! (:> >> >> I don't see that as a valid argument really. Either you are a network >> engineer and learn what you work with or you don't. Plus just a side >> note there is more then just Cico and Juiniper for routers as well. You >> want to have Brocade use IOS syntax too? Or Nortel Network, well they >> are bankrupt, so I guess yea you will not learn that one! (:> But there >> is more too. Lucent have their own OS too. So, in all, it's just one >> more to learn, that's all. >> >>> Unfortunately I have never been able to convince management to use >>> OpenBSD for anything outside the lab except for a VPN server for >>> internal/vendor use so I can't provide any real examples involving >>> OpenBSD. >> >> Management are focus on Money most of the time. So, if they send all the >> money you want to get the gear you need, then you should be happy. When >> they run out, may be they will give PF and OpenBSD a try. Just know that >> most if not all management are not innovative in nature, they all want >> outside support so they can blame someone else and wash their hands of >> problem, but be jumping up and done to promote their choice when all is >> good so they look good. There is way more politics then good old logics >> and innovations there you know right? >> >>> But I think with all the virtualization these days and the virtual >>> network appliances for vmware and such devices like Raspberry Pi the >>> software router is going to become a more popular choice in a lot of >>> situations. Like me personally I have an ESXi server I lease, I'm not >>> going buy/lease a hardware router/firewall to sit in front of a single >>> machine with a handful of VMs on it, I use an OpenBSD VM as a router >>> to the other VMs and it works wonderfully. My provider had a hard time >>> understanding why I wanted another /29 routed to one of my IP >>> addresses the sales guy kept saying "it won't work that way you need a >>> router and all you have is one server" but eventually they made it >>> happen. >> >> This I must say that's why I decided to answer your message as I can't >> imagine of understand why you would like to run a router inside >> VMWare!?!?!??! >> >> And don't say that it is to make it more secure please. >> >> You make everything more complex and you were talking about making >> things simpler!?!?! A real paradox there don't you think? >> >> Forget that VMWare will not run on OpenBSD as the host and you know you >> will loose a lots of efficiency too? >> >> There is a very long list why you shouldn't run a router in VMWare. Just >> think about it a little and you will see why it make no sense really. >> >> Looks like everyone wants to run everything in VMWare these days and >> thinks it's good for everything... >> >> May be you would gain by playing with PF more and setup routers for fun >> with it. >> >> Just give it a chance and then after a few weeks you will wonder why >> Cisco and JunOS don't do their syntax like PF really. (:> >> >> Just my $0.02 worth for using both and I see no need to have PF be like IOS. >> >> I would be way more in favor to see a company out there somewhere do >> custom hardware for PF and OpenBSD to compete with Cisco routers for >> example. >> >> Some network cards are pretty good as is, but yes it could be even >> better and faster. >> >> I think if such a company would see the light of day, sooner then you >> think Cisco would come and buy them flat out to avoid that competition. >> I would be welling to bet that they would do all they can to make sure >> such a thing never see the light of day! >> >> But wouldn't this be nice if it would!!!! -- WBR, Vadim Zhukov
