This tutorial is for those who have not yet jumped on the IPv6 bandwagon.
The goal is for participants to be able to understand how IPv6 works, how an addressing plan could be built for an enterprise network, and how this can be configured on FreeBSD and OpenBSD.
We will also configure services to work on IPv6 and discuss the implications of configuring PF rules for them.
To complete the tutorial, we will configure an IPv6-mostly network, where IPv6 is a first-class citizen and IPv4 is not. This should give participants enough confidence to configure IPv6 in their own environment.
The tutorial is supported by a remote lab where every participant will be given a series of virtual machines to configure following the topics presented in the theory sessions, and will also have to relate to others to complete the required exercises, like setting up web services and interacting with other groups to test their communication on the live internet.
This tutorial is for those who have not yet jumped on the IPv6 bandwagon.
The goal is for participants to be able to understand how IPv6 works, how an addressing plan could be built for an enterprise network, and how this can be configured on FreeBSD and OpenBSD.
We will also configure services to work on IPv6 and discuss the implications of configuring PF rules for them.
To complete the tutorial, we will configure an IPv6-mostly network, where IPv6 is a first-class citizen and IPv4 is not. This should give participants enough confidence to configure IPv6 in their own environment.
The tutorial is supported by a remote lab where every participant will be given a series of virtual machines to configure following the topics presented in the theory sessions, and will also have to relate to others to complete the required exercises, like setting up web services and interacting with other groups to test their communication on the live internet.
The awk processing language has been around for almost 50 years in the Unix space. All major BSDs include awk in the base system. It allows powerful and flexible processing of text inputs. However, users find it difficult to understand and awk-ward to use, even shying away from using it in the first place.
In this beginner-focused tutorial, we'll get to know the features of awk step by step. We'll learn the syntax and apply it on a practical example throughout the tutorial. In particular, the tutorial will cover the following:
BEGIN
and END
actionsKnowing how to utilize awk in itself is useful as it provides a lot of functionality in a compact format. It is also a good starting point into DTrace (available on FreeBSD and NetBSD) as it uses awks command syntax. With awk, users get a powerful utility in their Unix toolbox which has been there for a long time waiting to be used.
After the tutorial, participants can understand and use awk syntax to create flexible text processing tools based on the task at hand. Users coming from a C background will find their familiar libraries readily available. Participants will find it easy to dig deeper into individual awk topics on their own using the basics learned in this tutorial.
Participants may bring their own machines and try out the examples as we go through the content. Material is provided during the tutorial.
I've been teaching awk as part of my "Unix for Developers" class since 2012 at the University of Applied Sciences, Darmstadt, Germany. The material has evolved over time based on student feedback and exam results.
Configuration management and automation tools, like ansible, can make the life of a system administrator easier both by being able to scale operations as well as help in reproducible create new deployments.
An additional advantage is that the automation will, if done consistently will also document all steps done to create the systems.
In this tutorial attendees will learn how to use ansible to administrate FreeBSD machines and be able to go through a practical example in a virtual lab to gain confidence and evaluate what techniques they would want to use in practice:
Attendees will need a laptop with a Web browser to access the virtual lab environment.
The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.
Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will both teach principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and sister operating systems in a lab environment. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.
Topics covered include
The basics of and network design and taking it a bit further
Building rulesets
Keeping your configurations readable and maintainable
Seeing what your traffic is really about with your friend tcpdump(8)
Filtering, diversion, redirection, Network Address Translation
Handling services that require proxying (ftp-proxy and others)
Address tables and daemons that interact with your setup through them
The whys and hows of network segmentation, DMZs and other separation techniques
Tackling noisy attacks and other pattern recognition and learning tricks
Annoying spammers with spamd
Basics of and not-so basic traffic shaping
Monitoring your traffic
Resilience, High Availability with CARP and pfsync
Troubleshooting: Discovering and correcting errors and faults
Your network and its interactions with the Internet at large
Common mistakes in internetworking and peering
Keeping the old IPv4 world in touch with the new of IPv6
The tutorial is lab centered and fast paced. Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.
Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.
This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.
The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.
Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will both teach principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and sister operating systems in a lab environment. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.
Topics covered include
The basics of and network design and taking it a bit further
Building rulesets
Keeping your configurations readable and maintainable
Seeing what your traffic is really about with your friend tcpdump(8)
Filtering, diversion, redirection, Network Address Translation
Handling services that require proxying (ftp-proxy and others)
Address tables and daemons that interact with your setup through them
The whys and hows of network segmentation, DMZs and other separation techniques
Tackling noisy attacks and other pattern recognition and learning tricks
Annoying spammers with spamd
Basics of and not-so basic traffic shaping
Monitoring your traffic
Resilience, High Availability with CARP and pfsync
Troubleshooting: Discovering and correcting errors and faults
Your network and its interactions with the Internet at large
Common mistakes in internetworking and peering
Keeping the old IPv4 world in touch with the new of IPv6
The tutorial is lab centered and fast paced. Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.
Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.
This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.
Open Source is participatory and BSD Unix is no exception, with its own unique development workflows and events. Bug reporting, code proposing, and event participation are fundamental elements of the BSD Unix community and despite appearances, are open to anyone to participate.
This talk will take a pragmatic tour of effective engagement on these topics with real-world examples and tips for:
The secret is that all of that all of these are fundamentally indistinguishable: You are tasked with marketing your idea to others and must show your work, justify your points, demonstrate sincerity, and ultimately convince others of your initiative, regardless of its size.
Are you new to the BSD community, or just looking to meet some new people? At this BoF we'll just try to introduce everyone and talk (briefly!) about what they are interested in.
Kind of a human search engine for topics of shared interest.
Come find other people interested in the same thing as you, or new things to be interested in!
This talk goes over the development of a distributed filesystem tailored for OpenBSD. While OpenBSD excels in many areas, its native filesystem support has room for improvement. This talk goes into using the Filesystem in Userspace (FUSE) on OpenBSD to provide for a distributed and highly available filesystem.
This talk also includes an introduction to the Raft Consensus Algorithm, which plays a critical role in ensuring data consistency and reliability across distributed systems. The Elixir programming language is used, providing the necessary foundation for the implementation of the distributed FUSE filesystem on OpenBSD.
Mapping abstract symbol names in source code to concrete addresses at
runtime requires cooperation between the compiler, static linker, and
runtime loader. This talk will talk about some of the practices and
data structures used for this task including ELF relocations, Global
Offset Tables and Procedure Linkage Tables. Depending on time, it may
also cover some more advanced topics such as initialization functions
("ifuncs").
This talk tells the history of the BSD Daemon. It starts with the first renditions in the 1970s of the daemons that help UNIX systems provide services to users. These early daemons were the inspiration for the well-known daemon created by John Lasseter in the early 1980s that became synonymous with BSD as they adorned the covers of the first three editions of `The Design and Implementation of the BSD Operating System' textbooks. The talk will also highlight many of the shirt designs that featured the BSD Daemon.
Not too long ago, support for direct IO landed in OpenZFS after years of discussions and reviews. We truly live in the future where we can finally reject complicated caching and fully embrace the unbuffered conversations with our disks. Or can we really?
Those of you who know a bit about ZFS know that the ARC is actually pretty important (without one ZFS would historically stand for zzz 😴 instead of Zetta). How could it be then that skipping the ARC might improve performance?
During the presentation we will discuss what workloads and setups benefit from direct IO, what its limitations are, and what pitfalls to avoid during benchmarking. We will also look at the implementation to understand how all the promises of stability and compatibility were kept.
Direct IO is reported to deliver amazing performance boosts in some deployments. Understanding how not to hold it wrong is a great first step to potentially unlocking that speed-up on your systems too!
Abstract—This talk introduces the work to create a commercial desktop operating system based on FreeBSD. Since FreeBSD has a friendly license, it is one of the best options to create an operating system with unique features from scratch. To create such operating systems based on FreeBSD, particularly for commercial desktops, there are two major aspects need be considered: firstly, how to support the existing commercial software; secondly, how to support the latest hardware platforms. This paper presents the challenges and proposes the solutions to create a successful commercial operating system, particularly for specific domains. Such experiences can also help people who desire to create their own OS based on FreeBSD.
I'm typing this in my Xuake Wayland Compositor on OpenBSD.
I started this journey on the NetBSD 9.99.x branch and ended up having to dig into the guts of wscons, mesa, libdrm, the kernel drm subsystem, the AMDGPU driver and more. I have a couple of very small, but hard fought patches in the NetBSD kernel. It's not over yet, either. I still have a few bugs around the compositor shutdown process and a lot of integration work to be able to hope to have other people try this out.
Topics to cover in the talk include (but are not limited to):
* History of Wayland and other background info
* How your graphics stack and driver is organized and actually works
* The actual porting journey on both NetBSD and OpenBSD
* A Demo! I should be able to show it running
* Current status, future work
Testing an operating system is not easy. FreeBSD project uses Kyua testing framework and has continuously made efforts to add more test cases. They are mostly written in shell scripts or some lightweight programming languages. Writing and maintaining complex test cases is still challenging.
This talk introduces TTCN-3, Testing and Test Control Notation version 3. This is a domain-specific language designed for automated testing and is widely used in telecommunicating systems as an ETSI industry standard. While the primary target is conformance testing of communication protocols, it is also helpful to write complex test cases for operating system testing that cannot be covered by shell scripting.
Eclipse Titan is a TTCN-3 toolchain that Ericsson internally developed and Eclipse Foundation now maintains under Eclipse Public License 2.0. It translates test cases in TTCN-3 to a C++ program, and it generates a single binary without annoying library dependency to perform testing. The toolchain runs on *BSD or other Unix-like systems with GCC, and includes powerful orchestrating controller and logging capability. This project also maintains production-quality test case implementations for various protocols we can reuse.
The talk will cover how to get started with Eclipse Titan on FreeBSD, and how to write test cases of networking and multiple nodes. It includes examples such as a simple string matching of messages over STDIN/STDOUT, a simple request/response packet exchange over IP, and more complex scenarios that show both the upside and downside of using TTCN-3.
Speaker Biography: Hiroki Sato is an assistant professor at Institute of Science Tokyo. He is one of the FreeBSD core team members and has been a FreeBSD committer since 2001.
In this talk, we will present a project that aims at allowing controlled process
credentials transitions without using setuid executables but instead leveraging
FreeBSD's MAC framework.
Traditional credentials-changing programs, such as sudo(8), have
a non-negligible attack surface as they often include a lot of infrequently used
features and mechanisms that can be dangerous from a security standpoint (e.g.,
loadable modules).
As these programs have to run as 'root', compromising them can have catastrophic
consequences.
The mac_do(4) kernel module has been introduced to allow unprivileged processes
to change credentials, provided the requested changes are explicitly allowed by
rules set by an administrator.
It has recently undergone major changes.
First, thanks to a redesign of rules, it is now possible to specify full sets of
user and group IDs that must be present or absent in the final credentials for
a transition to be accepted.
Second, each jail can be configured with a different set of rules, allowing
different transitions to be allowed as needed, or to inherit from the parent
jail.
We will describe how mac_do(4)'s credentials rules work, what the role of the
mdo(1) companion program is, and what you can do with them in practice.
We will also touch on some aspects of the implementation, notably why we needed
to introduce the new setcred(2) system call, which allows to change all process
credentials in a single call, and possibly those that are related to the use of
some FreeBSD's kernel sub-systems (notably, sysctl, jails and OSD).
While the current implementation is of production quality and immediately
useful, there are lots of possible ways to extend it to cover more scenarios and
to progress towards our ideal of having all credentials-changing programs work
without the setuid bit.
We will present them in the hope to get feedbacks.
The FreeBSD project doesn't guarantee the ABI stability in major version. However, for the minor version, we also not fully guarantee. This cause maintaining a out-of-tree module (at least for Kernel module like VirtualBox) a big problem because module compiles from 14.0 may not able to use at 14.1. This also cause some problem when distributing modules with freshpkg in our base because our pkg system only support build for all major version.
A wiki page distribute the workflow of CTF diff and script:
https://wiki.freebsd.org/ShengYiHong/ABIStability?highlight=%28ABI%29
The outline of my slides will be as following:
It's possible to do some 3d printing related things on an OpenBSD machine, but there are a bunch of popular tools that aren't available in the ports tree. We will talk about some of the different classes of software and what things are popular and whether they are currently available on OpenBSD and what the blockers are from getting those into the ports tree.
With security vulnerabilities rapidly rising each year, program security is more important than ever. One solution to keeping your program from being the victim of the next big CVE is FreeBSD's Capsicum.
Originally developed at the University of Cambridge Computer Laboratory, Capsicum is a lightweight capability and sandbox framework built into the FreeBSD base system. It is designed around the principle of least privilege - where programs only have access to resources that are required for operation.
This talk will follow my blog post, which outlines the process of Capsicumization, or sandboxing your program using Capsicum. I will cover capability violation detection, restructuring existing programs for Capsicum, and filesystem/networking access inside of the capability sandbox.
Recent Capsicumization efforts in the FreeBSD base system and the future of Capsicum will also be discussed.
Confidential computing is a family of techniques to enhance security
and confidentiality for data in use. One technical approach is strong
isolation for virtual machines.
AMDs Secure Encrypted Virtualization (SEV) offers several feature sets
for isolation of guest virtual machines from an non-trusted host hypervisor
and operating system. These feature sets include memory encryption,
encryption of guest state including CPU registers and an attestation
framework.
With OpenBSD 7.6 released in October 2024 we are now able to use the
memory encryption features of AMD SEV to run OpenBSD as both
Now, thanks to memory encryption the hypervisor is not able to peek into a
guests memory and is not able to retrieve sensitive information. However,
the state of the CPU registers used by the guest is still visible to
the hypervisor.
Therefore, we implemented support of AMDs "Secure Encrypted Virtualization
with State Encryption" (SEV-ES) for OpenBSD guests and hypervisor. With
SEV-ES all CPU guest state is encrypted and hidden from the hypervisor.
In this talk we will explain the fundamentals of SEV and SEV-ES. Then we
explore the challenges imposed by SEV-ES for both guest and hypervisor.
Finally we will take a closer look into selected implementation details.
Hans-Jörg Höxer is employed at genua, a German firewall manufacturer, who
is using OpenBSD as a secure and stable base for its products.
Join our panel of ZFS experts over lunch as they field questions from the audience about ZFS, new features, best practices, and everything else related to storage.
If you deploy ZFS, or are considering doing so, you should join us.
In this talk, I'd like to present how I took EndBASIC and built a NetBSD-based embedded device that boots into this interpreter in just a few seconds.
EndBASIC is a side project of mine that implements a retro-looking BASIC environment. Up until now, this featured a web interface and a desktop interface -- but I wanted to offer a prebuilt image for the Raspberry Pi that booted almost-immediately and was resilient to reboots. You know, like the computers of the 1980s, because I believe such a simplified environment can help with learning the basics of programming.
For this project, I picked NetBSD as the core due to its great cross-building features and then implemented new backends for EndBASIC to leverage NetBSD's native features. In particular, I wrote a driver for NetBSD's wscons framebuffer to have graphics output without having to even start X11.
The result is that I can build a full disk image from my Linux development box for NetBSD, write it to an SD card, and have a Pi boot straight into EndBASIC in about 5 seconds.
What's more: the whole of EndBASIC is written in Rust, and cross-compiling it from Linux x86_64 to NetBSD aarch6 is challenging. I bridged this gap with qemu and automated the whole thing so that I can build images end-to-end without even looking. Having proper cross-build support would be desirable, and I'll cover that.
I can also cover the contributions that this project led to upstream NetBSD, which actually made me recover my account and come back to contributing.
I'm actively working on this project and, from now through June, things may change significantly and I might have new things to talk about and demonstrate. For example, I want to integrate with NetBSD's WiFi stack, or SPI to leverage a tiny LCD. But for now, that's what I can offer for this talk!
KASAN is a kernel sanitizer commonly combined with fuzzing techniques to detect memory corruption bugs, some of which could lead to security compromise. Currently, FreeBSD's KASAN can only detect a subset of temporal safety vulnerabilities due to the lack of a delayed freeing mechanism of freed items. Furthermore, the effectiveness of detecting spatial safety vulnerabilities is also limited because FreeBSD's KASAN does not add redzone padding around UMA allocations.
In this talk, I will present my current work on improving the effectiveness of KASAN by extending it with a quarantining mechanism and injecting redzones around UMA allocations. The development was done on CheriBSD, a fork of FreeBSD with CHERI support, to explore the synergy between CHERI and KASAN. I plan to upstream the relevant improvements to FreeBSD.
Managing multiple FreeBSD machines can be time-consuming, but automation makes it effortless. In this talk, I will demonstrate how I use Ansible to set up my FreeBSD lab and Salt to maintain and scale it across multiple machines—including how I configured a second FreeBSD laptop with just SSH access.
Attendees will see how automation enables:
- Seamless FreeBSD system setup using Ansible.
- Automated configuration management with Salt.
- Effortless scaling to new machines, reducing manual setup to a few commands.
By the end of the talk, attendees will understand how to leverage Ansible and Salt to build a reproducible and maintainable FreeBSD infrastructure.
Attendees should have basic FreeBSD knowledge, but no prior experience with automation tools is required.
Hardware-accelerated program tracing on FreeBSD
Hardware tracing facilities are designed to capture various metrics and
information about software execution with a minimal performance overhead,
making them a valuable tool for performance analyses and debugging. FreeBSD
recently gained a new in-kernel framework for hardware-accelerated tracing
technologies (hwt(8) [1]) with support for ARM64 and Intel CPUs.
This talk will cover the work that went into adding support for Intel's
Processor Trace technology in hwt(8). We'll start by covering several key concepts
related to hardware-accelerated tracing and use them to explore the architecture of
FreeBSD's hwt(8) framework. We'll then move on to a case study of Intel Processor Trace
technology, giving a brief overview of its features before diving into key implementation details.
The talk will also include a short demo of hwt(8)'s features on the Intel platform.
[1] https://wiki.freebsd.org/hwt
FreeBSD's audio subsystem, sound(4), is one of the fastest out there, but is rather unknown and until recently was largely unmaintained. This talk will go through the various components of sound(4) that make sound possible on FreeBSD, that is:
The talk will also mention some notable recent, ongoing and future work across the whole sound system, since my taking over of its development.
I also intend to showcase examples of:
(I may have to leave one or both of these out to keep the talk to the desired duration)
A walkthrough of a packet's journey through (FreeBSD's) pf, concentrating on the big picture and its implications.
We'll cover when packets are inspected, when rules are evaluated and how states are used. Along the way we'll cover what DTrace probes can show us, what some of pfctl's counters mean and just how many times pf can look at a single packet.
This talk is intended for firewall admins looking for a deeper understanding and aspiring pf developers. It is not a "How to use pf" talk.
In a world ruled by expect(1) and TCL, we discuss an alternative that was developed based on scripting with lua instead. porch(1) was developed with a language already available and used in FreeBSD base in mind, with the aim of TTY testing via pts(4).
The overall aim of this project is to provide a simple subset of expect(1) functionality specifically aimed at developer and sysadmin automation in another popular language with many niceties for scripted interaction.
In this talk, we'll specifically discuss:
--
The author has been a FreeBSD src committer since 2017, working on many parts of the tree and gradually introducing lua into the base system. His most recent exploits include improving base system boot environment management with bectl(8) and excursions into the tty layer.
One of the main things still missing in FreeBSD for it to be usable on modern laptops is the ability to go to sleep. In the past, this was done using ACPI S3, but newer laptops have removed this in favour of S0ix, leaving FreeBSD without support for suspend on those machines.
This talk aims to get the casual user familiar enough with the terms and concepts behind power management, such that they can understand what's going on, what's already possible, what can be done, and be able to narrow down power management issues they might encounter.
This talk will cover:
The background and history of power management on FreeBSD, from APM, to ACPI S3, and finally to s2idle/S0ix, and how to know whether or not a given laptop supports S3 or S0ix or both.
What the full suspend process looks like with modern standby, going into details like ACPI D-states & power resources, SPMC DSMs (acpi_spmc), the AMD SMU (system management unit, amdsmu), etc. and some of the challenges encountered.
Specifics about sleep on AMD, such as USB4 power management in the HCM (host connection manager) and GPIO controller interrupt servicing.
Cover debugging with residency counters, with the SMU on AMD, _LPI objects, and LPIT on Intel.
Niceties and potential future work, such as idleness determination, a powertop equivalent, a built in amd_s2idle.py equivalent (for debugging sleep issues), etc.
The misuse of AI in education for cheating purposes has created challenges in assessing students' authentic contributions in the last couple of years. Another issue we identified is that University labs rarely teach problem-solving skills for a real-world scenario that students have to deal with in their post-academic working life (i.e. fixing production issues). Traditional assignments lacked real-world relevance (and were easily solved with the help of AI), leaving students unprepared for professional challenges in their later jobs. To address this, we developed as part of a master's thesis for University of Applied Sciences, Darmstadt, Germany a new teaching framework leveraging Chaos Engineering and Gamification elements to modernize Unix education on FreeBSD. With our new system, real-world problems can be simulated by instructors and allows students to use system administrator permissions to solve them. We also developed this system to make it difficult for participants to "cheat" using AI and evaluated the system towards that end with a group of students.
This talk will introduce our new "Chaos education system" tested in the "Unix for Software Developers" course at the University. The name stems from the chaos monkey systems that intentionally "wreak havoc" on production systems to improve their resiliency and train the sysadmins managing them to find and fix them. Our approach lets instructors inject intentional faults (error scenarios) into student-managed FreeBSD jails. The students must then identify, resolve, and prevent these issues from occurring again using standard system administration tools, including root permissions. To increase student motivation to solve these scenarios quickly (and to create artificial "production system is at stake" pressure), a global highscore list is used as a gamification element: each time an issue is solved, points are awarded to that team based on the elapsed time and an instructor-defined difficulty bonus. A post-mortem group discussion with the instructor lets students talk through various ways of solving the issue, giving the group deeper insights on possible solutions each group had used. Using the system, the students gain practical skills like troubleshooting, system recovery, and proactive system management with real-world scenarios, something that traditional "one size fits all" assignments lack.
We built the whole system using BSD-licensed open source components: FreeBSD, pf, VNET, bastille jails and templates. Shells scripts act as the glue to tie them together and implement the logic for the rest of the chaos monkey system. The prototype system has been tested with two student groups of 16 students each in January 2025. One group was allowed to use ChatGPT during the scenarios to see how AI-support helps them (if at all). Insights from this testing was used to enhance the system further.
This talk will introduce the chaos education system idea, implementation, demonstrate its functionality, and discuss future work in this area. FreeBSD proved to be an excellent building platform for this system, due to its great modularity, open source, low resource overhead, and available documentation. The system can be enhanced further and used outside of an academic environment, like employee training or workshop-style challenges at events. It is easy for instructors to construct a custom scenario for participants and inject it into the training jails. The system can scale to a number of parallel users due to the lightweight nature that FreeBSD jails provide.
Audience: Educators, trainers, and system administrators interested in modernizing Unix/Linux education through hands-on, interactive methods. Managers may find the system interesting for training their own employees by constructing scenarios mimicking their own environment.
One of NetBSD's goal with network security is to upgrade NPF with lots of useful features and then be used as the primary packet filter. In this talk, As NetBSD's current primary maintainer of NPF, I will reveal the improvements I have added to NetBSD's NPF packet filter. I will also reveal Further improvements in relation to performance and the direction of the project to reaching completion.
A wide ranging conversation about all things network related and the BSDs.
Topics typically include the state of various network stacks, kvetching about the network, switches, routers, and how we are using the BSDs to solve network problems.
We've all heard stories of the dreaded cosmic ray angrily flipping bits in your RAM. But how much does it matter, really? And, more importantly, how do you tell?
This talk will cover an overview of hardware architecture around detecting and correcting memory errors, software support for handling them and other types of hardware errors, and stories of memory errors in the real world.
And, if the stars align (specifically, the cosmic-ray-generating supernovae), perhaps we'll have a live demo.
ISC has been proudly using FreeBSD in production for a long time, including to serve critical internet infrastructure with a global user base (including you!), from the DEC Alpha days up till now, mostly on bare-metal.
In this talk I'll go over some of how we (and I) got here, how we've managed far-away installs and upgrades without remote hands during a global pandemic, and how we believe that in a Linux-centric world, BSD gives us an advantage, not only in diversity, but from the community, and touch on how a single FreeBSD box has replaced an install that used to consist of separate routers and switches.
We'll cover some of our MacGyver moments, share some head-scratchers, and even cover some of the things we'd love to see in the future, both from the community as well as where we're hoping to go.
If the conference leaders think it wise, this talk could also include a light touch on how BGP and Anycast work, both in general, as well as how the global routing table is affected by the less-and-more specific routes to F that we announce to keep local traffic local, and how ISC works with its CDN partner. (These are not BSD-specific topics, but the maturity of reasonable routing daemons in ports have meant that we can now do this without needing an upstream router).
A few years ago, we decided to migrate many of our servers (and many of those of our clients) from Linux to the BSDs - FreeBSD, OpenBSD, NetBSD - depending on the specific services. In this presentation, I will discuss the reasons behind our decision, the technical and organizational challenges we faced, the tangible benefits we have experienced, and why we believe this migration is successful. I will provide specific examples and real-life case studies. In an increasingly complex world, relying on simple, stable, and secure solutions is becoming more and more important, and the BSDs can make a significant contribution in this direction.