Network oriented services with FreeBSD

Bob Martin bob at buckhorn.net
Sat Mar 26 06:53:21 PST 2005 

We do all of our routing and firewalls with FreeBSD, instead of 
dedicated equipment like Cisco. In short, a Xeon based PC (we're using 
mostly ~2ghz, single processor boxen) that can be bought for less than a 
$1000 will do almost anything a $15,000 dollar name brand router will 
do. And it will do a few things the named brand units wont, like traffic 
analysis. Instead of having the dedicated equipment and a server, we 
just have a server.

Most of our servers are in data centers, so a simple NIC handles the 
Internet pipe. We do have a couple of boxen with T1 cards, and one with 
a T3 card. The prices of the cards are higher than you would pay for 
dedicated hardware blades, but the TCO is still much lower.

We don't do QoS. But I've talked to several folks that have had good 
luck with 5.3 and ALTQ. You can do some pretty amazing things with 
netgraph and dummy net, QoS should be pretty simple.

FreeBSD isn't, to my knowledge, easily clustered. I know we don't have 
anything like LVS. But you can use FreeBSD to balance requests to a 
server farm.

Like anything, you have to define the job, then the results, and see 
what works.

Bob Martin

laurent LF wrote:

> Well, of course my question is too vague.
> Typically, I would be interested to know if people use
> FreeBSD boxen as routers, firewalls, for bandwidth
> management / QoS, service load-balancing (like LVS for
> example) or that kind of stuff in an ISP environment.
> In which cases people prefer FreeBSD to a dedicated
> hardware, why and on which scale. (why you prefer a
> FreeBSD box to a 3660 or 7200 for example and for
> which usage)
> 
> I know lots of things can be done but I would like to
> hear real life examples.
> 
> Thanks,
> 
> Laurent
>   
> --- Bob Martin <bob at buckhorn.net> wrote:
> 
>>The devil is in the details here...
>>How good/scalable as compared to what?
>>
>>It does l2tp, but there is a much, much better
>>protocol.. SSH. It will 
>>also terminate isakmp.
>>
>>Network load balancing? You mean balancing pipe? Or
>>services?
>>
>>We replaced our 3660's and 7200's with FreeBSD boxen
>>2 years ago. We've 
>>never missed them.
>>
>>But, like all things, FreeBSD can't be everything to
>>everyone. YMMV
>>
>>Bob Martin
> 
> 
> 
> 
> 	
> 
> 	
> 		
> __________________________________________________________________
> Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
> Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

More information about the freebsd-isp mailing list