Recommend hardware with gig ports?
-
@Bok:
However, as has been discussed many times on this forum, a popular way to go seems to be to just set up vlans, run them all through a single LAN interface, and pair the setup with an 802.1q-friendly switch.
To be honest, I'm a little reluctant to do it that way. While the security aspect is debateable, I keep thinking about what will happen when someone else inherits this setup. Will the VLANs make them like, "huh"? Pretty much any technician (I hope) gets port=interface, but I'm not so sure about port=3-to-12 interfaces.
I don't think you're giving network folks enough credit. VLAN's are very common. Any consultant worth their salt knows how they work. A regular PC tech? Maybe not.
A compromise might be to use one of the onboard NICs for your WAN connection and only do VLANs on the LAN side and connect that to the switch.
That would be the right way to do it. You just need a 802.1Q aware switch
-
ktims: Thanks for getting back to me and for sharing the details.
I'm familiar with these DOMs; we actually currently use them on our linux DVRs for our surveillance, but as you can imagine, the video data is recorded/written to a separate IDE disk.
As for limiting the vlans to the physical lan interface, absolutely. I can't say I'll ever have enough balls to run my WAN through the same physical interface as my LAN - but who knows; necessity is the mother of invention. ;)
WRT. 802.1Q & VLANs - while they're not really commonly understood among low-rent IT 'consultants' that might do work for a small business, anyone that's likely to understand a setup with 4 subnets and various rules in pfSense should have at least a peripheral understanding.
Well you nailed that one.
Using VLANs also gains you a lot more flexibility over the network in general if you can justify replacing all your presumably unmanaged existing switches.
No worries there, as it's a new install; since I was already on the fence about the VLANs, I went ahead and bought some ProCurves. Besides, in this day and age, I can't see buying a switch that isn't at least "smart". And beautiful. ;D
I don't think you're giving network folks enough credit. VLAN's are very common. Any consultant worth their salt knows how they work.
Valnar, you're right. I think I tend to let my perception get a little skewed by some of the people I've gone in behind. I'm not even what I would consider "good", but I've still seen some "professional" work that made me cringe. :'(
Anyway, thanks guys! I'll let you know how it turns out.
-
Bok Bok,
The HDD is http://www.newegg.com/Product/Product.aspx?Item=N82E16822136075, a WD.When I say short for the SATA cable I mean 3 inches. Thats all you need since the SATA ports are right next to where you will house the HDD.
I am running the latest 1.2.3 snapshop. Working just fine.
My DVD Drive is actually USB external and is only connected when needed for installs.
No problem, if you are interested in pictures check my blog post on the hardware: http://www.tomschaefer.org/web/wordpress/?p=255 There is a link at the bottom for the Gallery or click http://www.tomschaefer.org/web/Slideshow/SuperMicro_Router_28Jan2009/
-
http://www.lannerinc.com/Network_Application_Platforms/x86_Network_Appliance/1U_Network_Appliances/FW-7560
I'm not sure what the price would be, but this is the 1U version of the system that I installed ~4 months ago. The FW-7520 is the fanless "desktop" version that I installed in my in-wall wiring cabinet. The chipset includes the 1gig Intel NICs. I've managed to push 300Mbps (802.11N on one port to wired gigabit on another port) with no problems. Building a system will probably be cheaper, but there is something to be said for a finished product.
-
kc8apf, Any idea of how much power that takes? I'm looking for a step up from an ALIX board, so something that like would be good, but I have my eye on an Atom based appliance too.
-
Power
1U ATX SPS /150W
AC 100~240V @ 50~60HzBased on that, I would say around 40-50w normal use….
-
kc8apf, Any idea of how much power that takes? I'm looking for a step up from an ALIX board, so something that like would be good, but I have my eye on an Atom based appliance too.
The 7520 runs about 20W at full load. I don't know about the 7560, but the Lanner rep has been very willing to provide any details via email.
-
When I say short for the SATA cable I mean 3 inches. Thats all you need since the SATA ports are right next to where you will house the HDD.
I am running the latest 1.2.3 snapshop. Working just fine.
My DVD Drive is actually USB external and is only connected when needed for installs.
No problem, if you are interested in pictures check my blog post on the hardware: http://www.tomschaefer.org/web/wordpress/?p=255 There is a link at the bottom for the Gallery or click http://www.tomschaefer.org/web/Slideshow/SuperMicro_Router_28Jan2009/
You just need to mount the HDD the other way around (so that the connection ports face the rear of the chassis). The typical SATA cable supplied with motherboards (30cm to 50cm) aren't that long as with server boards (1m) so those will work just fine.
If the cable is still too long, just fold it lightly and zip tie in the middle (don't let the ends kink). -
OK, gang.
I'm burning in my setup as we speak. I basically went with tommyboy180's exact setup except I used the supermicro 1u cooler, which is like as heavy as the whole rest of the setup. Also, using the celeron 430 for the lower wattage (plus anything more is probably overkill for the target environment).
I love the form factor of this supermicro 1u. It's so little and just drops right in with your switches. Fan noise isn't too bad if you tone down the rpms in BIOS.
I'm glad you guys convinced me to ditch the extra interfaces and just VLAN everything (well, LAN-wise, anyway). It's made everything so much easier in my test environment, and it'll make provisioning new networks a breeze in production.
Anyway, haven't installed pfsense on the new 1u setup - still burning in - but I'll let you all know how it goes.
Ktims, tommyboy180, others, thanks for all the guidance.
-
Glad to hear you like it, sounds like your going to be a SuperMicro fan from now on.
Let us know if you have any problems.
-
I've been a SuperMicro fan ever since my first dual socket (slot) PIII SuperMicro board. ;)
Thanks again!
-
How long does spareparts take to arrive from Supermicro???
I live in Europe and need day to day in a production environment…..
Are they able to do that??
-
When I was in Japan it took about a week and a half to get a riser card from them, but I didn't pay for over night.
-
I haven't yet deployed this configuration, but I've done a lot of research and come up with the build below. It should be able to pass 1Gbps without too much trouble, is fairly low cost and fairly low power, and built from quality parts. You can save a few bucks and get a bit more flexibility building it in a non-rackmount (or more RU) case, but I need a 1U unit:
SUPERMICRO CSE-502-200B Black 1U Rackmount Server Case
SUPERMICRO MBD-PDSBM-LN2+-O - 2 onboard Intel PCIe NICs
Intel Core 2 Duo E5300 2.6GHz - could probably get away with a Celeron 400 or E1xxx/E2xxx series, but the Core should have no trouble at 1Gbps
Kingston 1GB 240-Pin DDR2 SDRAM ECC
Dynatron P199 - Stock fan won't fit in a 1UIf you need more than 2 NICs, add either a single or dual Intel PCIe server adapter with a Supermicro CSE-RR1U-E8 riser (not available at NewEgg, but fairly inexpensive elsewhere - or just use a larger case).
I am planning on running the build from an industrial CF card in a SATA->CF adapter, but you could add a proper disk if you wanted.
With 3xGigE this setup will cost you ~$500, less if you don't need a rackmount solution.
I just deployed a Supermicro PDSBM-LN2+-0 with an E2200 and 2GB inside a SUPERMICRO CSE-512L-260B case. The system Is humming along. Out of the box the system can be loud but the case fan, and the cpu fan both have 4 pin connectors, so you can throttle down the speed in the bios.
-
Still liking it?
I still have yet to have an issue with my supermicro pfsense rtr.
-
Still humming along. It doesn't have a huge load on it. A T1 for the internet, two ipsec vpn's and 5 openvpn clients. 19 internal users. Perhaps overkill I don't know.
In the next month or so, I hope to get the Supermicro Atom mobo (I forget the model, but it has dual intel nics) and use it as a test
