Hi,
This is Ananth, founder of Camphor Networks. I am working on a vertically (not horizontally) scalable OPNsense image in aws, and looking for feedback. Would someone be interested to give it a try ? Following are its key features which can help in reducing the operating cost of the firewall significantly, at the same providing necessary high availability and flexibility! This can be used as a scalable cloud NAT, Firewall, etc. which costs a lot less than cloud provider's!
BTW, I apologize if this is the wrong group to send this message to. This is my first message in this forum.
Here is what the camphor-OPNsense image can essentially do.
o Using aws cloud formation, users can instantiate the firewall easily using almost a single click!
o The instance is started via aws auto-scaling group (with a count of just 1), so automatic simple HA will be readily available in case of instance outage
o Using cloud-watch, cpu, memory and network-IO are constantly monitored. If an appropriate alarm is triggered, the running instance is replaced with a larger one there by adding more capacity to the firewall. (in make before break fashion). This is what I mean by vertical scaling. (aka up/down scaling)
o If resources (cpu/memory/network-io are idle for a while, instance is replaced with a smaller instance, thereby reducing the operational/compute cost dynamically)
o Main routing-tables and others tagged with camphor are automatically updated with the currently active instance's network interface at all times. This enables auto-scaling of the firewall to seamlessly work, without affecting end user instances and without any manual intervention at all
o Configuration is periodically synced to s3 bucket and restored upon restart (when a new instance replaces currently active one for auto-scaling purposes)
o Obviates the need for gateway-load-balancer
Basically, using Camphor-OPNsense AMI, you can seamlessly run the OPNsense NAT/Firewall with HA along with seamless vertical auto-scaling.
Does this sound interesting ? If so, please do reach out to me at ananth@camphornetworks.com
I thank you in advance for your valuable feedback.
Regards,
Ananth