New Netgate Appliance for IPS/IDS
-
@keyser said in New Netgate Appliance for IPS/IDS:
look at how much writing is being done on the 3100’s that had a 50% wear
extended device statistics device r/s w/s kr/s kw/s ms/r ms/w ms/o ms/t qlen %b flash/sp 0 0 0.0 0.0 7 0 0 7 0 0 mmcsd0 2 1 50.6 13.0 1 3 0 1 0 0 mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0 mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0That one does have bandwidthd running on it. The 50% is presumably rounded somehow but not sure which direction.
@blaytrail said in New Netgate Appliance for IPS/IDS:
the new version of pfsense is exactly the same as what is placed on the Netgate appliances
No, Netgate appliances have pfSense Plus. 2.6 is the open source/CE version. You can however upgrade to Plus if desired. Currently they are very similar.
-
@steveits said in New Netgate Appliance for IPS/IDS:
extended device statistics
device r/s w/s kr/s kw/s ms/r ms/w ms/o ms/t qlen %b
flash/sp 0 0 0.0 0.0 7 0 0 7 0 0
mmcsd0 2 1 50.6 13.0 1 3 0 1 0 0
mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0
mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0That one does have bandwidthd running on it. The 50% is presumably rounded somehow but not sure which direction.Thank you Steve - That's really interesting information. This is obviously math with some fairly heavy handed assumptions, but here it goes (Based on your provided information):
Let's say the 13 KB writes/s average since last reboot is also the average across the devices lifetime. You put it into service in Oct. 2017 which is around 1600 days ago.
So 13KB/s * 60sec * 60min * 24hours * 1600days= about 1.8TB written.
Those 1.8TB caused 50% wear, which in effect means about a 4TB write endurance on the eMMC. Half of what I originally predicted and estimated my own devices lifetime from.
I know the that your devices very small sustained writes is the worst because of how SSDs works inside, so likely it has caused a much higher write amplification than a sustained 500KB/s would.But still - it's very obvious that eMMC's are dangerous when packages does a lot of logging/writing or temporary storage. Luckily I became aware of an issue in pfBlockerNG that caused it to do sustained writes of about 350KB/s - which in effect would have killed my SG-2100 in about 6 months with the math above, or about a year with my guesstimated 11TB write endurance.
Needless to say I have upgraded my SG-2100 and 6100 with a SSD now to avoid prematurely killing them :-)
-
The 1100 is where you should really avoid heavy drive writes because it can only boot from eMMC.
On everything else you can install an SSD and recover should you have a drive failure.
The actual number of drive failures we see is far lower than you might expect from calculations like that though. Actual writes to the flash are significantly lower than the write data to the drive it would seem.
Steve
-
@stephenw10 said in New Netgate Appliance for IPS/IDS:
The 1100 is where you should really avoid heavy drive writes because it can only boot from eMMC.
On everything else you can install an SSD and recover should you have a drive failure.
The actual number of drive failures we see is far lower than you might expect from calculations like that though. Actual writes to the flash are significantly lower than the write data to the drive it would seem.
Steve
That's good to know - I was wondering if one could expect the box to continue to work if the eMMC was dead. That does make it less catastrophic (unless you are a SG-1100 owner)
-
@keyser said in New Netgate Appliance for IPS/IDS:
assumptions
I double checked and it turns out that router booted a couple hours ago, so it may not be great to extrapolate. Sorry about not noticing that.
The other 3100 (40%) is 3 days 7 hours uptime and:
device r/s w/s kr/s kw/s ms/r ms/w ms/o ms/t qlen %b flash/sp 0 0 0.0 0.0 7 0 0 7 0 0 mmcsd0 0 0 0.5 29.1 2 7 0 7 0 0 mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0 mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0 md0 0 0 0.0 0.0 0 0 0 0 0 0Probably would be better to wait a few weeks and do the math. :)
-
@steveits said in New Netgate Appliance for IPS/IDS:
@keyser said in New Netgate Appliance for IPS/IDS:
assumptions
I double checked and it turns out that router booted a couple hours ago, so it may not be great to extrapolate. Sorry about not noticing that.
The other 3100 (40%) is 3 days 7 hours uptime and:
device r/s w/s kr/s kw/s ms/r ms/w ms/o ms/t qlen %b flash/sp 0 0 0.0 0.0 7 0 0 7 0 0 mmcsd0 0 0 0.5 29.1 2 7 0 7 0 0 mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0 mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0 md0 0 0 0.0 0.0 0 0 0 0 0 0Probably would be better to wait a few weeks and do the math. :)
Yes, a long uptime would be much better. Those numbers posted with this box is more in line with the 11 - 12Tb Write endurance I guesstimated for the 8GB eMMC.
-
Thanks, everyone, for all the information. It appears things would be much easier to use a VM or PC to run pfsense. Is there an advantage of using an appliance besides support?
-
@blaytrail The appliances would usually use way less power than a hardware PC. For a VM it probably won't add much to power usage on the server, but VMs are more complex to set up and isolate the different interfaces.
@keyser I'm going to take our conversation to that eMMC thread.
-
Everything seems to be fine here with 22.01 in a SG-3100, pfblockerng running.
extended device statistics device r/s w/s kr/s kw/s ms/r ms/w ms/o ms/t qlen %b flash/sp 0 0 0.0 0.0 8 0 0 8 0 0 mmcsd0 0 2 1.9 46.1 1 5 0 4 0 0 mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0 mmcsd0bo 0 0 0.0 0.0 0 0 0 0 0 0 -
@mcury And what does the mmc program tell you for the life? Might be best to reply in that other thread as I feel we're digressing a bit off this one...? I don't want to hijack the original question.
-
@steveits said in New Netgate Appliance for IPS/IDS:
@mcury And what does the mmc program tell you for the life?
You mean mmc-utils package - pkg install mmc-utils ?
I'll check then update the other topicMight be best to reply in that other thread as I feel we're digressing a bit off this one...? I don't want to hijack the original question.
You are right... Won't polute this anymore :)
