April 20, 2017
Manchester Central Convention Complex
Europe/London timezone

Dropping in 80Gbits (sort of) of Firewalls with OpenBSD

Apr 20, 2017, 10:00 AM
25m
Charter 1, 2 & 3 (Manchester Central Convention Complex)

Charter 1, 2 & 3

Manchester Central Convention Complex

Petersfield Manchester M2 3GX
Main Session

Speaker

Mr G Llewellyn (Myself)

Description

Managing a network that did stateless filtering at the edge leaving stateful, granular firewalling to the hosts _(100% Linux)_ was all well and good till the business went for SOC2 compliance... Firewalls had to be dropped onto the edge where there was ~60Gbits of transit capability but it had to be done without any disruption to the various IP streams coming into, out of and between the data centers. Being a "startup" this was a unique opportunity to leverage OpenBSD _(pf, OpenOSPFd and OpenBGPd)_ to move fast but _not_ break things _(and save a tonne of money at the same time!)_

Summary

Sometimes your CTO walks into the NOC, looks at the Cacti graphs and says "I'm glad to see we're making good use of all those 10Gb transit links but I need you to drop firewalls in there, oh, and try not to spend any money either".

On days like that you need OpenBSD.

Primary author

Mr G Llewellyn (Myself)

Presentation materials