From owner-freebsd-stable@FreeBSD.ORG Fri Feb 24 00:16:01 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C3B6106564A for ; Fri, 24 Feb 2012 00:16:01 +0000 (UTC) (envelope-from gkontos.mail@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 12C998FC0A for ; Fri, 24 Feb 2012 00:16:00 +0000 (UTC) Received: by vcmm1 with SMTP id m1so1781572vcm.13 for ; Thu, 23 Feb 2012 16:16:00 -0800 (PST) Received-SPF: pass (google.com: domain of gkontos.mail@gmail.com designates 10.52.36.2 as permitted sender) client-ip=10.52.36.2; Authentication-Results: mr.google.com; spf=pass (google.com: domain of gkontos.mail@gmail.com designates 10.52.36.2 as permitted sender) smtp.mail=gkontos.mail@gmail.com; dkim=pass header.i=gkontos.mail@gmail.com Received: from mr.google.com ([10.52.36.2]) by 10.52.36.2 with SMTP id m2mr2021980vdj.102.1330042560523 (num_hops = 1); Thu, 23 Feb 2012 16:16:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=l7C6sIbCqe8bqtuqNrI5Z1dZ7G2Uxn3X7opDovqfp+s=; b=j7ZMtjb4PGghvzJp6ETe5gcN497/vgpSJDNUy2LHvNtWt/9nWrDzyqih93A0xAoYij UCYkG/P1T+Ml3BTjCAP76bccIdbDpL2TZ1kRPAKElUv2chyWf5hNGSFugdBcsPX1s3tZ +avpJzh59xhXI2CNiHdiSygEauNYZS9PlCRJ8= MIME-Version: 1.0 Received: by 10.52.36.2 with SMTP id m2mr1677810vdj.102.1330042560457; Thu, 23 Feb 2012 16:16:00 -0800 (PST) Received: by 10.220.38.67 with HTTP; Thu, 23 Feb 2012 16:16:00 -0800 (PST) In-Reply-To: <4F46847D.4010908@my.gd> References: <4F46847D.4010908@my.gd> Date: Fri, 24 Feb 2012 02:16:00 +0200 Message-ID: From: George Kontostanos To: Damien Fleuriot , "freebsd-stable@freebsd.org" Content-Type: text/plain; charset=ISO-8859-1 Cc: Subject: Re: FreeBSD9 and the sheer number of problem reports X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2012 00:16:01 -0000 > Short introduction in order: > > See, we use FreeBSD at work for our firewall boxes, running: > - PF + CARP + PFsync > - nagios-nrpe > - munin-node > - bacula client > > and either > - nginx and/or haproxy > - relayd > > These boxes serve as frontend firewalls for all our projects/products, > including a few high traffic ones. > > > For example our most traffic intense project has 4 firewalls, 2 each on > 2 different datacenters, sharing 4 CARP IPs with automagic failover. > > These firewalls total ~200mb/s , serving only minifi'ed javascript pages. > In the current state of things, I have *absolutely* no wish to run it in > production :( > > > > I'd love to hear feedback. This is really a bad example and we shouldn't jump into the .0 releases comparison. Firewalls are supposed to be super stable. The last thing you need in a firewall is trying to troubleshoot OS related issues. Most major brands use well patched long tested OS to build their firewall software. So, no you shouldn't jump to 9 before it has been thoroughly tested. That doesn't mean of course that you should let others do the testing for you. If you plan on moving your environment to 9 at some point in the future then you have to start your own testing now. Best Regards, -- George Kontostanos Aicom telecoms ltd http://www.aisecure.net