real hardware router VS linux router

Adrian Chadd adrian at creative.net.au
Sat Feb 21 13:42:15 CST 2009


On Sat, Feb 21, 2009, Leen Besselink wrote:

> If you had to choose, it's probably smarted to go with OpenBSD, it has a
> lot better integration of packet filter, bgpd-daemon, ospf, vrrp-like, etc.

If you'd like a hope in hell of handling higher packet rates, where
"higher packet rates" is "more than an NPE-200", then evaluate all of the
open source operating systems before making that choice. Evaluate means
"build test rig and test", not "read blog articles about how cool OpenBSD + PF
is and how it worked for one person who bothered to write a glowing review."

Too often do I come across people who have setup OpenBSD + PF, put it into
production, then wonder why things perform craptastically after a couple
hundred megabits. Convert to FreeBSD + PF, or Linux + iptables; this mostly
goes away.

(Same with Linux and freeBSD with big firewall rulesets, because they followed
blog posts and didn't bother reading the documentation..)

2c,



Adrian





More information about the NANOG mailing list