BSDCan2017 - 0413.2

BSDCan 2017
The Technical BSD Conference

Speakers
Massimiliano Stucchi
Peter Hansteen
Schedule
Day Tutorials #2 - 8 June - 2017-06-08
Room DMS 1120
Start time 09:00
Duration 03:00
Info
ID 805
Event type Workshop
Track Tutorial
Feedback

PF and networking tutorial with OpenBSD

This is a new and revised version of the classic PF tutorial, with added content covering more topics related to networking, and with additional exercises to put the knowledge in practice.

This session is aimed at both experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and have a broader understanding of networking concepts and protocols.

The tutorial is divided in two main parts. The first part covers the basics of PF, while the second part refocuses on the local network and its interactions with the global internet.

The goal of the tutorial is to give participants a very broad understanding of networking in an enterprise network using OpenBSD and PF as the basis for all the communication needs.

This is a new and revised version of the classic PF tutorial, with added content covering more topics related to networking, and with additional exercises to put the knowledge in practice.

This session is aimed at both experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and have a broader understanding of networking concepts and protocols.

A basic knowledge of Unix and TCP/IP network configuration is expected and required. The session content will be largely determined by your questions (if possible sent to tutorial@bsdly.net in advance).

The tutorial is divided in two main parts. The first part covers the basics of PF, such as:

  • Configuration on OpenBSD, FreeBSD and NetBSD (and possibly Solaris)
  • PF ruleset basics and rule interactions: block, pass, match
  • Writing maintainable rulesets
  • Address families: IPv4 NAT vs IPv6
  • Redirection, divert and services with odd dependencies (ftp-proxy, spamd)
  • Adaptive rulesets (state tracking tricks)
  • Traffic shaping with priorities and 'newqueue', OpenBSD 5.5 style
  • Legacy ALTQ traffic shaping
  • Per user filtering with authpf
  • High availability with CARP, relayd
  • Wireless vs wired networks
  • Filtering bridges
  • Logging and monitoring - pflog, pflow and others
  • Testing, debugging, and optimizing your configuration
  • Updates on recent developments and what to expect in upcoming releases

While the second part refocuses on the local network and its interactions with the global internet, covering topics such as:

  • Basic OpenOSPFd configuration, operation and interaction with PF;
  • Basic OpenBGPd configuration, operation and interaction with PF;
  • Introducing VXLAN in your network;
  • Choosing your ISP, a quick guide;
  • Use cases for OSPF, BGP or ECMP;
  • BCP38, the routing manifesto and Internet peering;

The goal of the tutorial is to give participants a very broad understanding of networking in an enterprise network using OpenBSD and PF as the basis for all the communication needs.