On Wed, Dec 17, 2008 at 9:37 AM, Marc Runkel <MRunkel@untangle.com> wrote: [snip]
Greetings all,
We are a software development firm that currently delivers our install ISOs via Sourceforge. We need to start serving them ourselves for marketing reasons and are therefore increasing our bandwidth and getting a 2nd ISP in our datacenter. Both ISPs will be delivering 100mbit/sec links. We don't expect to increase that for the next year or so and expect average traffic to be about 40-60mbit/sec.
We are planning to run two OpenBSD based firewalls (with CARP and pf) running OpenBGP in order to connect to the two ISPs.
I saw from previous email that Quagga was recommended as opposed to OpenBGP. Any further comments on that? Also, any comments on the choice of OpenBSD vs. Linux?
IMO, the performance and utility of OpenBSD as a routing/networking platform is unmatched by any other open source platform. OpenBGPD (recent 4-byte ASN issues notwithstanding) has been very stable for us in production (running roughly equivalent traffic levels to what you're discussing), and the best part is that you get stateful transparent failover with CARP, filtering/redirection with pf, load balancing all the way up through layer7 with relayd, and a host of other excellent tools for the network engineer's toolkit, all included, and all integrated. Then of course there's the wider issues of OpenBSD's track record on security and networking in comparison with the other OSS platforms, the smaller pool of folks to draw on who are experienced in running and tuning OpenBSD (although any reasonably competent UNIX admin should be able to adapt to it in a few days, given the generally clean layout and high degree of internal consistency). advocacy@openbsd.org is down the hall, so I'll stop there. :) As Adrian said, there are other platforms with better SMP implementations ... but my experience has been that for small and mid-size sites, CPU utilization on a reasonably modern x86-based router is the least of one's worries. -- darkuncle@{gmail.com,darkuncle.net} || 0x5537F527 http://darkuncle.net/pubkey.asc for public key