***: up_the_irons2 is now known as up_the_irons
up_the_irons is now known as Guest5143
pyvpx: their appid is great
the VM is decently performant, but not vSRX level (which has great performance and decent but increasing app identification abilities)
the patching is never ending with PAN software.
I personally never got used to the way it deals with subnets, network objects, interfaces, etc. but, things like BGP and OSPF end up working, with all the fixings, once you figure out what knobs to turn. the documentation is Useful(tm) in that regard
I mean, I'd only not use an OpenBSD firewall if I needed the app ident stuff. otherwise it's just another packet filter with some routing daemons
mercutio: apparently the edgerouter lite works with openbsd
i wonder what there is between that and a small PC
pyvpx: yeah, the ERL is an octeon MIPS processor, and openbsd is somewhat actively developed on it. the downside is much of the ERL features are hardware accelerated, and that of course is a complete binary blob
you'd get better performace/watt out of a recent atom C27xx or similar
mercutio: i didn't even realise that there was hw accel :)
you might be right there then.
the cool thing about stuff like erl is that they're physically tiny
but yeah normal intel cpus and form factors are getting smaller.
Guest5143: pyvpx: what is their App-ID? (i see it in the product briefs, but no explanation on what it is!)
***: Guest5143 is now known as up_the_irons
ChanServ sets mode: +o up_the_irons
up_the_irons: mercutio: yeah the actual hardware version of their firewalls are hw accelerated
OK I rtfm'd... App-ID looks interesting...
pyvpx: name is on the tin ;) fine grained application traffic identification
google hangouts traffic versus google mail traffic. if you're into that sort of thing.
vSRX has some similar features. not as finely grained last I looked at it a year+ ago
plus it's an additional licensing fee for vSRX
pan does it by default, but I think you need a subscription to some service to get regular (daily? weekly? i dont recall) updates.
fIorz: i.e., the thing that QUIC will break for good? ;-)
pyvpx: well, most of the useful app id is based on subnets and cert information
***: dj_goku_ has joined #arpnetworks
dj_goku_ has quit IRC (Changing host)
dj_goku_ has joined #arpnetworks
dj_goku has quit IRC (Read error: Connection reset by peer)
jcv has quit IRC (Quit: leaving)
jcv has joined #arpnetworks
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
erratic has joined #arpnetworks
mercutio: seems apu2 is better openbsd small hardware solution
intel ethernet with amd cpu and 6watt power
***: toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: Leaving)
ziyourenxiang has joined #arpnetworks
toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Client Quit)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Client Quit)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
Hien has quit IRC (Ping timeout: 255 seconds)
Hien has joined #arpnetworks