Boris Lytochkin
I graduated from the Moscow State University, Physics department back in 2008 and joined Yandex as a network engineer the same year. Nowdays my non-formal job title at Yandex is a Network foreman (OKay, an engineer and a team lead) responsible for enterprise network in our offices, remote access and management network of our DCs. I manage a small team of network engineers to bring corporate networks to new locations on day-to-day basis, maintain solutions we've chosen to build, face new challenges and find a way to defeat them.
LinkedIn: https://www.linkedin.com/in/boris-lytochkin-ab797769/
Session
We use FreeBSD as a base OS for our routers, firewalls and VPN gateways in our enterprise network. Ipfw is used to filter traffic between our employees' devices and servers located in our DCs as well as on the Internet. Having more than 65 thousand unique usernames, different filtering policies for wired/wireless/vpn environments, we pack 500 millions of elementary rules (e.g. allow tcp from user@entry_media to myserver 443
) into a single router running FreeBSD and ipfw. One single box handles up to 10Gbit/s of traffic.
In my talk I give you a bird's eye view of our approach and share some hints to unleash the full potential of ipfw.