On Sat, Feb 21, 2009, Leen Besselink wrote:
If you had to choose, it's probably smarted to go with OpenBSD, it has a lot better integration of packet filter, bgpd-daemon, ospf, vrrp-like, etc.
If you'd like a hope in hell of handling higher packet rates, where "higher packet rates" is "more than an NPE-200", then evaluate all of the open source operating systems before making that choice. Evaluate means "build test rig and test", not "read blog articles about how cool OpenBSD + PF is and how it worked for one person who bothered to write a glowing review." Too often do I come across people who have setup OpenBSD + PF, put it into production, then wonder why things perform craptastically after a couple hundred megabits. Convert to FreeBSD + PF, or Linux + iptables; this mostly goes away. (Same with Linux and freeBSD with big firewall rulesets, because they followed blog posts and didn't bother reading the documentation..) 2c, Adrian