NYC*BUG Meetings and Events
Feeds: [RSS]
2010-03-03 @ 18:45 -
Location: Suspenders Bar
PFSense II, Rocking The Datacenter, Isaac ".ike" Levy
[nycbug-2010-03-03.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)
As Sr. Infrastructure Engineer at the emerging startup Proclivity Systems, Isaac ".ike" Levy is ob sessed with high-availability systems and transparent failover, mostly because he likes to sleep a t night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before there was ever a cloud in the sky, as well as having a long history hacking int ernet-facing applications on UNIX systems.
.ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time me mber of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of topics at various venues, particularly on the issue of FreeBSD`s jail (8).
PFSense II, Rocking The Datacenter, Isaac ".ike" Levy
[nycbug-2010-03-03.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)
In 2006, ike gave an overview on PFSense and it`s mother project
m0n0wall, which were new and exciting router platforms back then.
Quote from that first talk, (4 years ago):
"throw your Linksys/SoHo/WiFi router in the garbage where it belongs"
http://www.nycbug.org/index.php?NAV=Home;SUBM=10027
Quote for this talk:
"You might wanna` put your Sonicwall/Juniper/Cisco routers up on Ebay."
pfSense is a free, open source customized distribution of FreeBSD
tailored for use as a firewall and router. http://pfsense.org/
pfSense has matured into a full-fledged routing platform which fits
right in at the datacenter. As all the big router vendors now tout
fully browser-based administration- (over IOS, I2J, etc...) so the
stigma of using pfSense in the enterprise is gone.
Our speaker has been using pfSense in datacenter deployments for over 4
years, and will be describing how pfSense was used to save and secure
several "organically dysfunctional" corporate networks, and maintain
business continuity.
Throughout the talk, these points will be emphasized:
- Deploys: "Performing an Oil Change at 80mph" (quoting Michael Lucas)
- Corporate Office/Colo Life with pfSense
- Quickly/Safely Training Junior/Senior Network Sysadmins on pfSense
- Taking the Magic/Macho out of HA networking
- Networking can be Reliable/Understood/Fun
Half of this talk is a quick pfSense bootstrap:
- What *is* pfSense? (A Terrific Routing Platform!)
- Hardware (Embedded and Regular x86 Systems)
- The reality of recycling servers, (Go Green! and other buzzwords)
- Install, basic setup- focused on typical multi-zone networks
The other half of the talk will go through the incredibly advanced tools
and features that make pfSense an excellent platform for
High-Availability and Security at the datacenter:
- CARP, Physical Redundancy, (and living with HSRP/VRRP/GLBP
from your ISP)
- Fully Redundant Load Balancing, 2 common roles:
- (inbound) Load Balancing to scale Web Servers
- (outbound) Load Balancing for multi-wan redundant networking
- "Deep Packet Inspection" and other infosec buzzwords, done the
PF/BSD way
- Missing your IOS shell? pfSense gives you a UNIX Shell- infinite
possibilities!
- pfSense/embedded shell specifics, (read-only filesysem on CF?)
- NanoBSD/implementation notes...
- Using pf from the shell
- interacting with system firewall/traffic-shaping/etc..
- dancing a tango with the GUI
- Syslog, SNMP, and all fixin`s
- Config Management for Network Scaling/Sanity
About the speaker:As Sr. Infrastructure Engineer at the emerging startup Proclivity Systems, Isaac ".ike" Levy is ob sessed with high-availability systems and transparent failover, mostly because he likes to sleep a t night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before there was ever a cloud in the sky, as well as having a long history hacking int ernet-facing applications on UNIX systems.
.ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time me mber of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of topics at various venues, particularly on the issue of FreeBSD`s jail (8).