OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of juanperiz »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - juanperiz

Pages: [1]
1
Development and Code Review / Re: Advice - Several OPNSense as Containers
« on: May 20, 2016, 04:16:04 am »
Franco...

Maybe we can let "JAILs OPNSense" far more than "Multi-Tenant API" in a 'virtual' RoadMap I dream; I didn't dig a lot about OPN BackEnd (Python, am I right?) dealing with pf(4), but I noticed "CATEGORY" field at the FrontEnd which I supposed it's backed by some type of DB where later BackEnd impacts over pf.

I think adding another field called "TENANT" which also can be backed on this DB (don't know if there's any DB!) and  then those "TENANT" rules could be conjugated into a single ruleset that would be feed to pf(4).

This "Multi-Tenant API" I refer should only by some sort of code that has to be feeded with every ruleset and determine/conjugate when it make up its mind each type of ACID operations over the entire RuleSet pf(4) handles...

Finally, could you be so kind considering if this post should be moved to Development Forum? I'm offering my code programming abilities in order to get this "Multi-Tenant API" done...

Best Regards,
Juan!

2
Development and Code Review / Re: Advice - Several OPNSense as Containers
« on: May 18, 2016, 09:08:29 pm »
I thank you fast and kind reply!

Franco, we can strecht out this chat anytime you want...

I'm gearing towards "Cointaner-ized OPNSense" because of CPU benefits of this technology, instead of I/O benefits coming form "Virtual-ized OPNSense".

I'd not label it 'multi-tenant' as the same way Paid FW's do; but I do think this kind of deployment should involve a "MASTER/handler & driver" OPNSense (over bare metal) which deals with real ETHER & FIBER ports, memory management and particularly IOCtl system calls to pf(4); each sort of "jailed OPNSense appliance" would talk to this MASTER FW an negotiate ACID rule management over pf(4) (NAT, rules, etc., etc.)...

What do you think about that?

Best Regards,
Juan...

3
Development and Code Review / Advice - Several OPNSense as Containers
« on: May 17, 2016, 10:28:59 pm »
Hi5 to all my new and shiny OPNSensers' friends...



I'd like to build a *server* box (32GB RAM / i7 CPU / 4x 1GBps NICs) that runs several OPNSense deployments at the same time NOT as a *VM* each one of them, but as *CONTAINER*.

As far as I'm concerned, due to being based on top of FreeBSD, I can choose from this alternatives;

* BSD (Native) Jails

* Docker for FreeBSD

* JetPack

* BSD VPS

Which I haven't tested as a PoC, sp I need some advice regarding this issue...

* You guys thinks it's "doable"?
* You guys thinks some alternative is better than other? Just why?

Thanks in advance,
Best regards,

Juan Periz

P.S.: each "tiny" and isolated OPNSense deployment is meant to be managed by different IT-admin-know-it-all boys at my University...


Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2