Meetings and Events

PFSense II, Rocking The Datacenter, Isaac (.ike) Levy
2010-03-03 @ 18:45 local (23:45 UTC) - Suspenders Bar and Restaurant

In 2006, ike gave an overview on pfSense and it's mother project m0n0wall, which were new and exciting router platforms back then.

Quote from that first talk: "throw your Linksys/SoHo/WiFi router in the garbage where it belongs"

Quote for this talk: "You might wanna' put your Sonicwall/Juniper/Cisco routers up on Ebay."

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. It has matured into a full-fledged routing platform which fits right in at the datacenter. As all the big router vendors now tout fully browser-based administration- (over IOS, I2J, etc...) so the stigma of using pfSense in the enterprise is gone.

Our speaker has been using pfSense in datacenter deployments for over 4 years, and will be describing how pfSense was used to save and secure several "organically dysfunctional" corporate networks, and maintain business continuity.

Throughout the talk, these points will be emphasized:

• Deploys: "Performing an Oil Change at 80mph" (quoting Michael Lucas)
• Corporate Office/Colo Life with pfSense
• Quickly/Safely Training Junior/Senior Network Sysadmins on pfSense
• Taking the Magic/Macho out of HA networking
• Networking can be Reliable/Understood/Fun

Half of this talk is a quick pfSense bootstrap:

• What is pfSense? (A Terrific Routing Platform!)
• Hardware (Embedded and Regular x86 Systems)
  • The reality of recycling servers, (Go Green! and other buzzwords)
• Install, basic setup- focused on typical multi-zone networks

The other half of the talk will go through the incredibly advanced tools and features that make pfSense an excellent platform for High-Availability and Security at the datacenter:

• CARP, Physical Redundancy, (and living with HSRP/VRRP/GLBP from your ISP)
• Fully Redundant Load Balancing, 2 common roles:
  • (inbound) Load Balancing to scale Web Servers
  • (outbound) Load Balancing for multi-wan redundant networking
• "Deep Packet Inspection" and other infosec buzzwords, done the PF/BSD way

Missing your IOS shell? pfSense gives you a UNIX Shell- infinite possibilities!

• pfSense/embedded shell specifics, (read-only filesysem on CF?)
  • NanoBSD/implementation notes...
• Using pf from the shell
  • interacting with system firewall/traffic-shaping/etc..
  • dancing a tango with the GUI
• Syslog, SNMP, and all fixin's
• Config Management for Network Scaling/Sanity

As Sr. Infrastructure Engineer at the emerging startup Proclivity Systems, Isaac (.ike) Levy is ob sessed with high-availability systems and transparent failover, mostly because he likes to sleep a t night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before there was ever a cloud in the sky, as well as having a long history hacking int ernet-facing applications on UNIX systems.

.ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time me mber of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of topics at various venues, particularly on the issue of FreeBSD's jail(8).

• Event Audio (recorded and processed by Nikolai Fetissov)