Date: Fri, 24 Feb 2012 02:16:00 +0200 From: George Kontostanos <gkontos.mail@gmail.com> To: Damien Fleuriot <ml@my.gd>, "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: FreeBSD9 and the sheer number of problem reports Message-ID: <CA%2BdUSyqMCYxG2B8uzEitbzKQ5UYkc90ARqTTy%2Bnw6sCEywxK-Q@mail.gmail.com> In-Reply-To: <4F46847D.4010908@my.gd> References: <4F46847D.4010908@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
> Short introduction in order: > > See, we use FreeBSD at work for our firewall boxes, running: > - PF + CARP + PFsync > - nagios-nrpe > - munin-node > - bacula client > > and either > - nginx and/or haproxy > - relayd > > These boxes serve as frontend firewalls for all our projects/products, > including a few high traffic ones. > > > For example our most traffic intense project has 4 firewalls, 2 each on > 2 different datacenters, sharing 4 CARP IPs with automagic failover. > > These firewalls total ~200mb/s , serving only minifi'ed javascript pages. > In the current state of things, I have *absolutely* no wish to run it in > production :( > > > > I'd love to hear feedback. This is really a bad example and we shouldn't jump into the .0 releases comparison. Firewalls are supposed to be super stable. The last thing you need in a firewall is trying to troubleshoot OS related issues. Most major brands use well patched long tested OS to build their firewall software. So, no you shouldn't jump to 9 before it has been thoroughly tested. That doesn't mean of course that you should let others do the testing for you. If you plan on moving your environment to 9 at some point in the future then you have to start your own testing now. Best Regards, -- George Kontostanos Aicom telecoms ltd http://www.aisecure.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BdUSyqMCYxG2B8uzEitbzKQ5UYkc90ARqTTy%2Bnw6sCEywxK-Q>