Speaker
Mr
G Llewellyn
(Myself)
Description
Managing a network that did stateless filtering at the edge leaving stateful, granular firewalling to the hosts _(100% Linux)_ was all well and good till the business went for SOC2 compliance...
Firewalls had to be dropped onto the edge where there was ~60Gbits of transit capability but it had to be done without any disruption to the various IP streams coming into, out of and between the data centers.
Being a "startup" this was a unique opportunity to leverage OpenBSD _(pf, OpenOSPFd and OpenBGPd)_ to move fast but _not_ break things _(and save a tonne of money at the same time!)_
Summary
Sometimes your CTO walks into the NOC, looks at the Cacti graphs and says "I'm glad to see we're making good use of all those 10Gb transit links but I need you to drop firewalls in there, oh, and try not to spend any money either".
On days like that you need OpenBSD.
Primary author
Mr
G Llewellyn
(Myself)
