pfSense 2.1: IPv6 and more

Video thumbnail (Frame 0) Video thumbnail (Frame 1525) Video thumbnail (Frame 6925) Video thumbnail (Frame 9565) Video thumbnail (Frame 12459) Video thumbnail (Frame 16870) Video thumbnail (Frame 19550) Video thumbnail (Frame 21034) Video thumbnail (Frame 22577) Video thumbnail (Frame 24009) Video thumbnail (Frame 25800) Video thumbnail (Frame 29629) Video thumbnail (Frame 31712) Video thumbnail (Frame 33145) Video thumbnail (Frame 35152) Video thumbnail (Frame 41107) Video thumbnail (Frame 52807) Video thumbnail (Frame 64507) Video thumbnail (Frame 66447) Video thumbnail (Frame 74493) Video thumbnail (Frame 82274) Video thumbnail (Frame 85287)
Video in TIB AV-Portal: pfSense 2.1: IPv6 and more

Formal Metadata

pfSense 2.1: IPv6 and more
Title of Series
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
pfSense is a BSD licensed customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. This session is being presented by the founders of the pfSense project, Chris Buechler and Scott Ullrich. At the time of BSDCan 2012, pfSense 2.1 will be newly released. This release adds IPv6 support to nearly every portion of the system, as well as some other smaller changes. This session will cover all of the changes in the 2.1 release, primarily focusing on adding IPv6 support to your existing deployments. With IPv4 address space dwindling and World IPv6 Launch coming up in June, now is the time to bring up IPv6 on your networks. While IPv6 brings new benefits, it also poses new security and connectivity considerations, which will be covered. Attendees will come away with all the latest on the project, as well as knowledge to securely bring their networks onto the 21st century Internet with IPv6.
Information Software developer Forcing (mathematics) Multitier architecture Formal grammar Cuboid Insertion loss Videoconferencing Open set
Installation art State of matter Multiplication sign Mereology Stack (abstract data type) Perspective (visual) Usability Virtual reality Lattice (group) Different (Kate Ryan album) Speicheradresse Exception handling Physical system Scripting language Firewall (computing) Software developer Closed set Bit Complete metric space Open set Connected space Type theory Digital rights management Fluid statics Auditory masking Internet service provider Website Configuration space Self-organization Summierbarkeit Cycle (graph theory) Figurate number Quicksort Speicheradresse Point (geometry) Functional (mathematics) Computer file Firewall (computing) Real number Flash memory Data recovery Spiral Theory Product (business) Revision control Frequency Configuration space Digital rights management Computing platform Address space Compact space Installation art Projective plane Usability Computer network Line (geometry) Equivalence relation Wind tunnel Software Logic
Point (geometry) Gateway (telecommunications) Statistics Functional (mathematics) Observational study Computer file Multiplication sign Firewall (computing) 1 (number) Similarity (geometry) Bit rate Open set Mereology Rule of inference Mathematics Web service Type theory Internetworking Bridging (networking) Natural number Different (Kate Ryan album) Extension (kinesiology) Form (programming) Physical system Rule of inference Firewall (computing) Forcing (mathematics) Weight Interface (computing) Type theory Word Internetworking Fluid statics Video game Figurate number Information security Family Window Speicheradresse Router (computing) Wide area network
Point (geometry) Context awareness Dynamical system Multiplication sign Firewall (computing) Demo (music) Online help Client (computing) Aerodynamics Configuration space Form (programming) Rule of inference Touchscreen Inheritance (object-oriented programming) Cohen's kappa Firewall (computing) Server (computing) Mathematical analysis Core dump Price index Process (computing) Internet service provider Direct numerical simulation Interface (computing) Row (database)
Multiplication sign Interface (computing)
Key (cryptography) Computer configuration State of matter Sheaf (mathematics) Maxima and minima Bit Flow separation IP address
Trail Wechselseitige Information Sign (mathematics) Positional notation Personal digital assistant Interface (computing) Interior (topology) Maxima and minima Convex hull Physical system
Sign (mathematics) Software Personal digital assistant Firewall (computing) Menu (computing) Rule of inference Physical system
Axiom of choice Point (geometry) Area Gateway (telecommunications) Execution unit Multiplication Interface (computing) Weight Source code Translation (relic) Mereology Field (computer science) Connected space Hand fan Software Internetworking Communications protocol Resource allocation Address space
Web page Rule of inference Theory of relativity Firewall (computing) State of matter Server (computing) Interface (computing) Multiplication sign Demo (music) Moment (mathematics) Maxima and minima Digital rights management Software Computer configuration Interface (computing) Configuration space Router (computing) Bounded variation Family Window Physical system
Rule of inference Cache (computing) Execution unit Firewall (computing) Server (computing) Demo (music) Interface (computing) Motion capture Circle Table (information) Physical system
Point (geometry) Purchasing Functional (mathematics) Group action Vapor barrier Divisor Open source Software developer Variety (linguistics) Multiplication sign Sheaf (mathematics) Set (mathematics) Translation (relic) Instance (computer science) Information privacy Mereology Product (business) Formal language Number Revision control Frequency Web service Mathematics Term (mathematics) Internetworking Core dump Internationalization and localization Library (computing) Multiplication Physical system Social class Installation art Authentication Software developer Binary code Planning Instance (computer science) Uniform resource locator Word Process (computing) Optics Cycle (graph theory) Arithmetic progression Library (computing)
Digital media Multiplication sign Source code Insertion loss Primitive (album) Client (computing) Parameter (computer programming) Mereology Disk read-and-write head Information privacy Public key certificate Software bug Direct numerical simulation Different (Kate Ryan album) Bus (computing) Negative number Cuboid Social class Stability theory Physical system Email Electric generator PC Card Data storage device Instance (computer science) Internet service provider Configuration space Summierbarkeit Resultant Slide rule Mobile app Functional (mathematics) Socket-Schnittstelle Game controller Server (computing) GUI widget Firewall (computing) Rule of inference Number Product (business) 2 (number) Revision control Goodness of fit Term (mathematics) Internetworking Remote Access Service Traffic reporting Proxy server Computing platform Default (computer science) Dependent and independent variables Interface (computing) Line (geometry) File Transfer Protocol Word Software Personal digital assistant Gravitation Video game Resolvent formalism Freezing Window
Slide rule Execution unit Greatest element Graph (mathematics) Touchscreen Block (periodic table) Color management Bit rate Binary file Statistics 19 (number) Internetworking Uniqueness quantification Hill differential equation Office suite output Block (periodic table) Electric current Tunis
Dialect Server (computing) Computer file Firewall (computing) View (database) Multiplication sign Simultaneous localization and mapping Execution unit MIDI Number Power (physics) Mathematics Semiconductor memory Computer hardware Reduction of order Cuboid Utility software Summierbarkeit Computing platform Partition (number theory) Physical system Newton's law of universal gravitation Metropolitan area network Execution unit Theory of relativity Expert system Electronic mailing list Basis <Mathematik> Bit Limit (category theory) Inclusion map Radius Process (computing) Uniform resource name Hill differential equation Pattern language Right angle Quicksort Figurate number Reading (process)
Functional (mathematics) Server (computing) Context awareness Overhead (computing) Open source Interior (topology) Multiplication sign 1 (number) Maxima and minima Online help Water vapor Augmented reality Client (computing) Mereology Product (business) Number Different (Kate Ryan album) Computer hardware Cuboid Software testing Summierbarkeit Condensation Form (programming) Identity management Newton's law of universal gravitation Window Execution unit Distribution (mathematics) Witt algebra Cellular automaton Mass Bit Line (geometry) Binary file Benchmark Subject indexing Word Bloch wave Normed vector space Website Convex hull Window
Point (geometry) Execution unit Server (computing) Electric generator Logic Computer hardware MIDI Bus (computing) Process capability index Twitter Vacuum
Execution unit Computer file State of matter 1 (number) Maxima and minima Water vapor Average Wave packet Connected space Number Peer-to-peer Normed vector space Cuboid Software testing Musical ensemble Pressure Multi-core processor Associative property
the that and right and it started among crispy formal founders be of science but we also have a lower tier 1 of our primary developers and we have set loss in a box appear joining us from the Netherlands via Skype and he did so 1 of our IDG 6 works of info any questions remain cannot that I hit answer entirely sure honor that we get set to help as well a force of brief background
project and a lattice has bloody you're ready here since users may know about there's always some people who are aware of what we do is we the project in 2004 and our purpose is to ease deployment and management of BST firewalls to basically give people the equivalent of a cycle Cisco ASA center of without having to manually configure all the various parts as much more than just slapping whether face on top things there's a lot of blue underneath that if you work a figure in sings mainly have do custom scripting instead to integrate when 1 thing happens make sure something else happens and things like that so that excessive logic and the theory that the that ties everything together and make things easier to to deploy we have about over the 20 thousand no might installations are guns update for IP before that is once a month and then we get the unique IP him on how such that the so that we we have some had an idea of how many systems at the how it stacks up to others it's pretty significant makes it 1 most of these spirals worldly temperature can hard to find that whether that's more than double what the star has in some other what people may think of as have bigger-name were significant or 2 We're bubble to different platforms the line CD and then and then stick and in the which you can run from what you have floppier USB flash drive to save the configuration of multiple run the full install by launching the installer from the light year than than stick the the take his basic sensed CDE except you right at a USB flash drive so the system to recover USB that's easier to deal with them when Seeger and there's the the nail is the version which is for 2 sums from Compaq flash It's just a customized version of the new build scripts that keeps things mounted in only the most the that the killing in about 5 and we also but told plants which makes these important to virtualize being where most bird the platform support the obvious the history and the IT developments that started in December 2010 and I had the 1st set a configuration done in in in February 2011 in the talk they after that and we've had some installs in production with real websites behind them and since April of last year we down the P. P S 6 4 6 Adi let the other tunneling in any way and types of recently and we're pretty much feature complete organ have 2 don't release the the things are required to the mask best majority of us are are there in function we had the every website we host of our primary dataset which is pretty much all with the exception of Mears is a dual-stack for at least 6 months and some of them from close to here
but a basic overview like the 6 dollar had time to get into it if you and I don't have a whole lot of background I hope we would like 6 tutorial here earlier this week and the just some of basics from the perspective of what's relevant files this 2 different kinds of connected native told most people this point but at least in North America for sure using totalled rather than native where you're tunneling your B 6 over the 4 out of some kind of Thom Broca are sometimes but serve right by speed were native is you actually have the 6 delivered without having all that within that might be before which is pretty at this point at least in North America is becoming more of the parts of the world I remember a different talk providers of the users long looks to the most people will use her collected from from what we've seen biologically 6 priests that affords only differently a 2 layer 3 if you're doing http a writer the 6 still http inside the the trappings system rather than API have NDP in that layer 3 have affected the success of the 4 and 128 bit address spaces not exactly 128 bit address space the the leftmost 64 bits sort of the the networks that are available and then the the right size for but for the host addresses and early always use the slash 64 subnets things like state was period that we can work for this been hiking the
6 May coming for a long time that you have a family an article from PC World in 2003 that this they said that IT 6 will replace the craggy beef off nearly all Internet traffic in 2008 and is now 2 thousand 12 or so less than 1 per cent but the it really is starting to come now because we've heard don't pretty much all we can extend the life of the form DOS M NaCl and what not it's worked very very closely entirely at alive he's and that's the point where it's story happen and some stats from AMSI X and begin a change in Amsterdam the they take about 1 half terabits per 2nd of the 4 to have gigabits per 2nd the sick there at a much less someone once that's that's 1 of the higher realize that the 6 months the other person that's from far higher than the 1 most of them actually see Billy is coming this is from our primary hosting the word for a April 2012 the the traffic that we pushed 60 comma decimal 2 gigabyte the 6 and 1 comma decimal 1 terabytes of the force so we're actually almost 6 per cent of our traffic was like could be 6 that's gone up from about 1 per cent 6 months ago so we see it grow pretty significantly the abuse base is far from the bridge end User our in Explorer percentage usages like 20 per cent or something in a way like 60 % people run Windows visitor side so we don't exactly have had the general public visiting but that we've seen great growth in in the 6 we pursue the study serrations with
ITT 6 while you were largely the same because you're really running the same stuff this with different purple that all your risks with GPA CVSS NTP whatever particles we use it's all the same stuff is just a different transport that they're going 1 major difference is with firewall rules is the Net is hopefully a thing of the past and in a bitter lots there is at least the with you goal ITV for firewalled heathrow allow all rule on land you really is allowing you to your about outside interface your file you that 96 year opening entirely so yeah make sure not to add the excessively permissive of rules because you can open up a whole lot more than doing we came with before and that emotion using a lot of I and so the other than at the tax and is this same nature as the ones and I had to before but just a different because of the function at enacted 6 the art related tax would be for now in related the the 6 types we support on static just with the 4 this but in your opinion gateway of the CPV 6 which is to some extent like DHCP before but not exactly because it adds prefix deletion which is where whenever you get a leasing away and you also get the prefix or mold fixes that use on internal at work and then you're firewall river edge device takes those prefixes the delegated in the can be and decided to you of internal affairs then with the PDPO we do support their status of figuration as a wind type your Probyn Agostini Ice-T's at use that that way that's for appliance type deployments that the people use of they put out of a system that is for a certain special purpose then they can get the address the of figures of 6 4 is the gift always somewhat what used for like Hurricane in electric Thom Broca and similar services 64 is another type that some Spiegel point also prefix deletion in the C 6 the that covers most of the way they're out there and PPTP type lands are not very common over all the of the some parts of the world we have the 6 support the is
a few things there were going to release you know 1 without having 96 port the kappa Borel's a big 1 and that's really then a difficult 1 to to do hits I'm aware of any captopril contagion as I could use export there may be some out there with the the main challenge being he will authenticate the 4 the 6 at the same time and that requires a lot of work to figure out what the for ideas will be 6 I is something keep both of those but was you end up with somebody going to the form with PCI health indicators and parents but what the process you had yet the captive portal in the euro the 6-iron so same thing all over again and so the larger I will tell providers and somewhere that we work with have not really care about the 6 to this point we don't see it in the foreseeable future so that's what we're pushing off for the time being and then again this week bonus for their because pretty much know provider actually has support for us that applied a records and dynamic analysis they will probably come with time but it think things there will probably change from where you're not just registering a firewall and then getting it from the outside but because clients will have public and he's on them they may run their own dynamic in its register themselves out tentative PPTP world to what was I think it but buyers and pretty significant work to to get those guys in the personals after a future release will if you're interested help or they here let to get them to go through the walk
through some of the screens in that I figure things for the same the
text the yeah well the times 5
is the interfaces Reventador as a
separate section use what type of
ICOTS-6 duration that you're putting on that in this the to on and stable the 6 there and the bits in it that simple
by the here we can enter your static IP asking them it way if you have 1 of its of it to me it with the key
6 in the same option in the it
also has the prefix delegations slack for states of the usual too tarty toasted the in in 6 4 so and interfaces if it's so you do this like land if you
had DHCP 6 or anything else the prefix notation but then you land use it to
track interface and you pick the interface of
has dynamic at the six-nation on this little 11 the system there's not here that you choose which prefix ID the actually what is on this it's likely sign and just comical on 1 as the IP of attending to that prefixes and that you choose the idea here you
do static in in that case I when we it the tunnel you want to it interfaces such and it's a beautiful
here and then you put in there before I P and then you have your your B 6 I please so here with 2 and it was Texas set up the the tunnel then they're out you either slash 64 less 48 from as well and is continuing static of UN 64 the 48 that the sign in again it's a running at most networks and 1 the approaches that some users are taking is just of the 6 into an entirely separate firewall so have before going a 1 way the 6 out the other who will was caught here what she had made of the sticks that's the we've been doing a lot of our networks more because we did systems more than you'd ever break assistance and I was developing actively and follow rules
of choice protocol it the 6
in the fields of did accordingly see appropriate mask and that we have never
prefix translation which is do like 1 1 that more or less in IT before and
if your using dual a addressing an internal network which is the the 6 equipped private IP is of part 1980 then you can do translation to your Internet and also at least at this point the best too small to free up big enough to have a Euro in AES in your own direct allocation pretty much have to the prefix translation if you don't wanna do that on at least 1 year of connection so it is coming from like space on that I speak people really really wanna get rid of the net with the 6 in those who are not big fans of underwear prefix translation but really it's the only multi homing solution for personal work so with a 101 translation so the by 64 internally has to be a source for yeah not really and the basic prevents you from setting up anything differ from the while into the area minus 1 of the but if all we do not know that I can 6 we set up net but fall for before owning interface as a gateway traffic leaving that interfaces and then interfaces that the fallout let me 6 there is no little but fall there is a way to
keep the 6 that's also were at the moment at least we
have the router advertised option to be configured I think we may end up moving that the interfaces page because it's not no relation DHCP the 6 Iverson like some place to put logical decent places at a time it's probably more sensible interfaces page so you could you disable it then there's no brother advertising some that the network the router only then it's all we're our advertisements the managers is rather advertisements plus state was of variation and managed his IT assignment room the TPB 6 but it does do a rotten at Paterson's city at the CPP and states of the region the newly window at least you and at system always of not the exceptionally and we have here
key table similar to the optimal which
it the NPP cache of the system in the
packet capture the ability to take on the circle
1 the them the bulk of the the
6 areas but and the other strains they were where an IP can be configured it's updated to to do before what other features
and to not 1 we switch package system out to users of Pb yet the year push-button installer that is up created by PC-BSD that their fills the entirely self-contained so they have all the library is and dependencies and everything else are entirely contained within that so you don't have to worry about any kind of in libraries of 1 package once 1 version of this and a different requires some different were it they each have their own and they can't stop to other there factors are largely developed by people other than core development team and the or necessarily the bile tested especially for interoperability with other optical packet is that in itself this in the beginning serious barrier would Package'' installed were 1 has conflicts with 1 and that of or you uninstall wanted it pulls away dependencies of another 1 and TBI is the word designed really to get rid of all of what we change our our package system over the years that it should a lot of locations that that they might have with with to package that on the previously and we upgraded to privacy a
battery base for you initially were trying 9 not over that wanna get out pretty quickly and there were a number of things that we use a variety of issues and I know and so we've starkly that 3 and that's been but he had so far a scuffle landed immediate resolvable recall the to release we had multi-instance kappaB so in previous versions you could bit multiple interfaces in in that period but you know I have 1 instance of a captive portal unscented settings and now you can define how many instances you what's going to have just a click-through I agree to the Terms of another 1 that's authentication there's a little more users vouchers even flexibility awakened that and we also ballot incipient internationalization which was started in to that that was finish for the most part where we have a a couple a translation the work progress Portuguese is West Deligne hinder French's better than half of all the Amiga pretty progress on languages were actually end up having in the in the release Livingston who couple initially but I think at the time of the groups though plans that going forward but did there that 1 of further versions from there with a shorter release cycles but the what we did between 1 and 2 3 in and that this is that a huge number of changes that that that when that the things smaller and try release roughly every 6 months if we can and you can depends on what these released a look like and what functionality that we're adding when we can get finished the Kultury have to know 1 done by now the lovely D 6 stuff require a lot more work than we expected the was much more than just configuring those things all of those things don't actually it's properly support the 6 we had change what of things in the underlying binaries a lot more effort there than what we had anticipated do not to release and roughly early 2013 and be based on previously 9 exactly which version can depends on the release his 1 and that to depends on what they have to go out at that point the book several will work only in the last few months aside from the 6 in the things that are about as of unaccounted-for OK so were we have several re-branded versions that of some good sized hotel and writers use we get thousands of rooms at a Reddy by this captive portal and the new functionality or working on we must be embedded within any product out there in the world service class support where fine Internet packet is available for purchase the cost what SpeedEdit the duration the processing is built in a lot of various features that have been extended and added in we all have merged into the open source said for up to that too there is a lot of great changes we better snapshots and stuff as a pure science or if check it out in section
10 questions it liberated production from a year the same that is we would be a question for them to the best of the 2 that sessions are like most of our data releases and that they're very very solid media and a lot of people that be snapshots in production there is always some risk in gravity some arbitrary snapshot but no if it in court some commit that should've been made over the top half of something more something like that so before you actually upgraded assistance or I was just 1 of the through an upgrade involves a comes back up into the functions that are all of great 2 systems that are not this it went that his sense there the post of or mailing was 1st to get a confirmation but if you know if it's very clear we have issues of people's support bus in the bug tracker in that it's a hand the if you have something that's clearly widget bug report the goodness of in that the rest you are the yeah yeah questions for Europe considering adding more things long lines like a wizard or something like that so the functionality several steps so that we did an open Debian wizard and into the for us to go through and set up like a remote access server and it it generates even generate CA certificate server-specific specified all configuration parameters and then I want you to be enemies too few clicks it's like finest set up and does this check box at the end you allow the firewall the rules to allow traffic to the server and allow a traffic from within the it is also worth that so what is a personal history last year what the and the question is what the fall firewall rules you suggest a 96 the term so what you do and enjoy most people would take the same methodology as they do the for her bad allow everything out and block everything it I would put more restrictive leaders filtering once you're not just allowing anything out to the Internet but on some networks that's and people don't care the there was a lot of you the final at a very efficient at all but it gets in that case you your inverse traffic from the internet will be filtered only and you use traffic will be on your land or whatever internal interface to clients so it's the same as the 400 are basically wherever the I P where the traffic is coming in is worth and in the case of tunneling it's it's coming in on the on its data because those are the things that don't work he said that just a few things that I listed on that slide the owner kept a that workers who blocked like 6 n technorealism there's nothing else it would housing issues that I think of any other maybe some other packages like BAM with the not sure if it's reports on for like the 6 boats it did it marked but for the most part is not a lot of things that are the equivalent of like I have no obvious I meant the good providers Alspaugh quantities so we for it and support but we had a different in how it's implemented probably because the these are directly signing clients rather updating your firewalls IP which you may want to do if you wanna get there remains a viable but well I think we use ideas for to get to something internal host in that case you prevent that I think in this class only time so that the it's it's all the question is the Bureau stock in as you about how when every I 6 only that he fell on issues underlying apps and is the situation is bad now of as what it was a year ago in some instances yes and in others not so much a Lego BPM so that's right 46 6 the stable this with and work with them and try to give up to speed and there's been a number of others underlying pieces like that that are missing supporter had issues things like that but a lot of which we get resolved in some of which give me negative result Italy I think things have improved some there's a surrogate losses people of were like this they last and stuff like belongs to with like V 6 only through this builds and things like that of but want more attention on the things are improving but I don't know Bourgain it is improving medicines in these days there are still at thank you a quick related configured DNS
resolver prefer the 6 or before or mice received at the DNS resolver itself and that's a that's a been on your source whatever its initiating the the next requests so in in privacy if you yeah there is the cis control for the over the name of an loss of my head the yeah you can tell it to work or a 6 this it offers the 6 but all so if you want to know what OS is generally do all the lights in this this was 10 in Windows and a when Axelsson the in a room in a quantity at time of further quiet they response at the but as there are other issues with the the 6 as before it's the it's the same old Mr. and it should have died 20 years ago and it just keeps flipping on SAS's stop using FTP this also x RTP proxy does not do anything with the 6 4 so if anything that you're at due FTP and the 6 that requires approximate is just not going to work but passive possible that require a proxy and primitives and a false possibly more Windows Mail the client defaults to passive which which works and those of because so many issues what would where the box initiates its own lorries or we don't we don't use produced is to send Grandma advertisers we use of is a cold or AT T V D year something like that it is to use a lamp that that actually sends a request and we turned off with and previously because that let's see things of producing and let us do like sonorities on on Karp he's things like that so that that's how we've got around some issues inherent in in privacy with or is much of the covers the entirety of the wondering whether the there is that the mastering it is is still to go on there's nothing nothing to regret or as is different from freeze we have divert sockets we have 4 things back from newer versions of current it doesn't exactly match up to any other he have anywhere so it's it's hard to say exactly what version of it yeah it's it's is before this infection on the other out the that life on anything the as the the BJP server is well was that does not have basic supporters the underlying does not so that's yes it all yeah that's it yeah has changed for the for it is the 6 will have to implement that in its what we get for for this release this yes yeah and we will eventually get it in is of yes that yeah I of the you the his head the back is this the speaker the here is then seem all that useful initially but few people liked it and wanted it and beg for it we put in there is up by actually go out and they they make their own song something different they upload something to a third-place some difference so if you go into a store this the word this is the sum of the Eitel but that's an issue that thereby of for those platforms because the clock was just really weird there's some crazy PI boating the bias of some of that it would stretch it out so this will be it would be for like 8 seconds on each believe yeah interested in and
show the Adi there it is actually spelled out I
showed it is so select the traffic graph it splits up that the for and the 6 doesn't have much of anything on it I think the this
slide that had that has a real reduce this
problem the nitrogen officers when they wouldn't fit on
the screen center of at the bottom here selected for
and passed out block out block and the B 6 worlds well all so you should of all yeah there or coders can't really tell on this graph that really pushing any traffic but that it can
but these more distinct is about
the whole show the screws to small right they the and in yeah we've spend a bit sensitive tested Cisco but I know that some of our own resellers have been have been doing so well if you just take the stated numbers are they put out there and believe them than there at the and whether or not those have any basis in reality is questionable but the pretty much the highest in server hardware and you can get now while stand up the DDOS attacks that as as big as what we all but the very highest in ASA will which is about 150 thousand dollar box so a further but 2000 our server to to compare to basically everything except what you have in the 6 figures 1 commercial firewalls as is pretty self this yeah yeah so amazing changes to into that 1 reduce memory usage of those platforms by of morning number of whether these processes and things like that so it's choose a bit less RAM on the small hardware no it's the it's the same as the the bags under the same sort of people they have been since to the yeah and they all they function same for were things they're embedded suitable they similar patterns of storing large amounts of data require a a read write mounted partition or not there but that's only a small number of them with the best injury we will make a file under far will do that do anything with that the story are this and there is a setting to so this is this is not but there's a setting to write to the CF periodically so you can set that you know twice a day to write out the CIA at any time you reboot the system it it right so that as well for a review so you you do have a if you lose power your on lose some already data on how much it depends on the power how frequently units at that right at the the for like next being yeah I see this view of the so the as a joke these NetFlow for in his expert that flowed along a collector and then you do a new new billing and accounting for the people that some people use a server and the radius accounting of from when others do Thom list actually is captive portal for their cost they news already occasionally the kept through the from what I've heard within way impede the can thousands of simultaneous sessions hours it is a limited release of 256 is mostly utility failure so that ensures acting is up to support more than that the the limits that we have in there because of some people we decided we still do have both in is officially naming relations with the if you have some some of them yeah that's right it is for now
it's not I don't if it's twice as much this it's not the It's not significantly greater overhead about the well what's a million 10 that I know of offhand which generally means there's 30 times that many aware of it's not 1 of our most widely used features but it is reasonably widely that's another 1 where where in PD in some the other pieces need some help so that's what we had was it worth skip the basic support to go and and was and research in the future the was a client the people view is supported is just server or a part that requires a lot of of work the function it does but there is a number of the complications on other pieces that are required to make it all work there the of the the at all I really you know at the Cisco Harvard is not as historians say is a PC in a very expensive box that has a Cisco and water yet in exons on in the they are the the absolute top aligned 150 thousand dollar box as more acceleration is a the some of and the the there 1 no so I voted for that and you know the cells will say yeah you know you need this you know Cisco boxer whatever vendors pain in the most to push their particular product and We're in the pain out here talking to be very very hard to convince them it's true of any kind of open source of this guy is 1 run their you know Windows Server and don't wanna use previously or whatever this is no different far world inner world of that of the there has to be the what we have so yet and the hey come as their site and some specific numbers that they if you way essays and they've run the exact same test through the essay and through peer sense of this particular piece of hardware and the real line up and show you what you're doing other Cisco so bad with suing anybody thinks about opening up performance benchmarks is what some other companies are so you just can't do it all but I know that he comes in doing that for years and they've never spotlight no at any trouble so I no others have done the condenser more things so I think that much of an issue the in other words this is an index and it depends on the just the packet size in the system in general or of the identity a typical distribution which is more skewed toward larger packet sizes and I've seen some madam blah forms in which it acquires the a little bit faster ones and have until next in anything but real that of but
it was FIL and it is kind of things you the it's not too hard to find that the push Where's the different you need new hardware at least some going very low and like Alex's or something like that and even Re for generational server at this point will what that if possibly of must be at that point is logical PCI bus pitch ex it's a trend push gigabit-speed through PCI bus that's probably not gonna happen yeah so yeah we have known as well writer know and so on yeah that's you know
I know the you the a simple emergent packets per 2nd the new 64 bytes because then that makes the what the the that yeah that within the the the in yeah about if you even at very high indeed us a text you're blocking the traffic peer pressure is very well but I think it's but any file for that matter and so are not quite as good but what kills you will follows a number of new state assertions per 2nd with getting hit with the simple others like that it's train open up all stage just melts them to the and the other one's own all the and just doing some testing recently for our customers and doing the biggest simple they can get up locking up pretty much everything I could get obviously started dropping stuff it's existing session state active it was the only OS of music the only OS wary under a massive simpler the existed connections were functional but you can open a new connection so your more less water unless you really Association the box but the it and yet agisted this starts dropping Traficant's the likely amplitudes full unless it's apartment active connection which is actually pretty but is far more involved than that we don't have we'll have an hour and a half this year old of is it and find out what the 1st assignment as yeah ouster PowerEdge 2050 dual-socket quad-core cooler 16 gigs and when they some of the the the the and yet they are a someone loaded outcome so of