Dear OpenBSD-Misc, First of all, awesome work on the OpenBGPd and BFD code. I'm working on a WAN setup for an enterprise and we are migrating from static route WAN to a full fledge BGP transit in a multi home environment for the specific purpose of providing the best possible path/route to our service catalogue. The service catalogue within the enterprise is orchestrated by a private vmware cloud with added software defined networking (micro-segmentation) capabilities within the private cloud via NSX.
My concern is about DDoS protection from the ingress traffic, in my logic it makes no sense to contract a service such as Imperva or Cloudflare as DDoS protection on the network level, as proper PF (firewall) rules in place should protect us at line rate. My doubts are: - Are the rules provided for anti-ddos sufficient? Is there a good soul to share some rulesets? - Am I out of my mind for choosing OpenBGPd/OpenBSD for my transit WAN? I love the fact that we're sandboxed and hyperthreaded and am particularly content with the resolution of convergence time problems ( http://undeadly.org/cgi?action=article&sid=20151106171337&mode=expanded) - Is there a way to contract a support in case sh*t hits the fan with OpenBGPd? - What are the best tools to supervise and test bed the performance of an OpenBGPd instance? (most the definately the dumbest question) Again, love the fact I can get some sleep with OpenBSD/OpenBGPd, please do get back to me for commercial support to calm the nerves. Sincerely, Uday MOORJANI
