20 April 2017
Manchester Central Convention Complex
Europe/London timezone
Home > Timetable > Contribution details


Manchester Central Convention Complex - Charter 1, 2 & 3
Main Session

Dropping in 80Gbits (sort of) of Firewalls with OpenBSD


Managing a network that did stateless filtering at the edge leaving stateful, granular firewalling to the hosts (100% Linux) was all well and good till the business went for SOC2 compliance...

Firewalls had to be dropped onto the edge where there was ~60Gbits of transit capability but it had to be done without any disruption to the various IP streams coming into, out of and between the data centers.

Being a "startup" this was a unique opportunity to leverage OpenBSD (pf, OpenOSPFd and OpenBGPd) to move fast but not break things (and save a tonne of money at the same time!)


Sometimes your CTO walks into the NOC, looks at the Cacti graphs and says "I'm glad to see we're making good use of all those 10Gb transit links but I need you to drop firewalls in there, oh, and try not to spend any money either".

On days like that you need OpenBSD.