Meetings and Events [RSS]
In 2006, ike gave an overview on PFSense and it`s mother project m0n0wall, which were new and exciting router platforms back then. Quote from that first talk, (4 years ago): "throw your Linksys/SoHo/WiFi router in the garbage where it belongs" http://www.nycbug.org/index.php?NAV=Home;SUBM=10027 Quote for this talk: "You might wanna` put your Sonicwall/Juniper/Cisco routers up on Ebay." pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. http://pfsense.org/ pfSense has matured into a full-fledged routing platform which fits right in at the datacenter. As all the big router vendors now tout fully browser-based administration- (over IOS, I2J, etc...) so the stigma of using pfSense in the enterprise is gone. Our speaker has been using pfSense in datacenter deployments for over 4 years, and will be describing how pfSense was used to save and secure several "organically dysfunctional" corporate networks, and maintain business continuity. Throughout the talk, these points will be emphasized: - Deploys: "Performing an Oil Change at 80mph" (quoting Michael Lucas) - Corporate Office/Colo Life with pfSense - Quickly/Safely Training Junior/Senior Network Sysadmins on pfSense - Taking the Magic/Macho out of HA networking - Networking can be Reliable/Understood/Fun Half of this talk is a quick pfSense bootstrap: - What *is* pfSense? (A Terrific Routing Platform!) - Hardware (Embedded and Regular x86 Systems) - The reality of recycling servers, (Go Green! and other buzzwords) - Install, basic setup- focused on typical multi-zone networks The other half of the talk will go through the incredibly advanced tools and features that make pfSense an excellent platform for High-Availability and Security at the datacenter: - CARP, Physical Redundancy, (and living with HSRP/VRRP/GLBP from your ISP) - Fully Redundant Load Balancing, 2 common roles: - (inbound) Load Balancing to scale Web Servers - (outbound) Load Balancing for multi-wan redundant networking - "Deep Packet Inspection" and other infosec buzzwords, done the PF/BSD way - Missing your IOS shell? pfSense gives you a UNIX Shell- infinite possibilities! - pfSense/embedded shell specifics, (read-only filesysem on CF?) - NanoBSD/implementation notes... - Using pf from the shell - interacting with system firewall/traffic-shaping/etc.. - dancing a tango with the GUI - Syslog, SNMP, and all fixin`s - Config Management for Network Scaling/Sanity
- [Event Audio] (Generously recorded and processed by Nikolai Fetissov)
As Sr. Infrastructure Engineer at the emerging startup Proclivity Systems, Isaac (.ike) Levy is ob sessed with high-availability systems and transparent failover, mostly because he likes to sleep a t night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before there was ever a cloud in the sky, as well as having a long history hacking int ernet-facing applications on UNIX systems.
.ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time me mber of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of topics at various venues, particularly on the issue of FreeBSD's jail(8).