Supermicro 1U Twin 6016TT-TF
-
I am toying with the idea of implementing a pfSense cluster instead of buying another Firebox and these Supermicro 1U Twin boxes are very tempting http://www.supermicro.com/products/system/1U/6016/SYS-6016TT-TF.cfm but I couldn't find any specific support for the Intel 5500 chipset in the HCL. Has anyone tried these out with pfSense? The firewall will be in my rack at a hosting facility where rack space costs money so being able to fit a cluster in to 1U is a big plus. The 1U Twin's only have one power supply but I am willing to accept that if pfSense will be able to accomplish my goals of having a high performance firewall cluster in 1U. If this system is not a good match does anyone have a recommendation for something similar that can handle gigabit traffic?
-
Not sure about the HCL and that's not the purpose of my post. However, I would caution you that these twin servers only have one power supply, and if it fails, your whole cluster will go down too.
Make sure that if you get this system, you have an extra power supply on stand-by just in case. The part number for that power supply in that 1u twin system is PWS-1K21P-1R.
http://www.supermicro.com/support/resources/pws/
http://www.supermicro.com/products/powersupply/80PLUS/80PLUS_PWS-1K21P-1R.pdf
http://www.provantage.com/supermicro-pws-1k21p-1r~7SUPM2LW.htm $194 per. -
I would recommend using an X336 1U/X346 2U with ESXi and cluster the VM's….It has a dual PSU and is a very stable machine. If you use Vitual Center/XenCenter server for management, it gives very easy management of the 2 VM's with PFSense....And you save a little bit of power....:)
-
I would caution you that these twin servers only have one power supply, and if it fails, your whole cluster will go down too.
Yeah, that is my biggest concern with the 1U Twin.
I would recommend using an X336 1U/X346 2U with ESXi and cluster the VM's….It has a dual PSU and is a very stable machine. If you use Vitual Center/XenCenter server for management, it gives very easy management of the 2 VM's with PFSense....And you save a little bit of power....:)
That is another idea I have floating around. I have an ESX 4 cluster but would need to add more NIC's to a few of the boxes but I am a bit apprehensive to expose one of the NIC's to the outside world. Actually that brings up another question. What is the general consensus on using a single switch or stack to patch everything in to, including WAN links, and using VLAN tags to secure the interfaces. My main concern would be VLAN hopping but if you have the switch configured properly it seems that it would be mitigated.
-
If you use VLAN's with untagged traffic its not an issue…..
-
If you use VLAN's with untagged traffic its not an issue…..
Would you mind elaborating a bit? Sorry, I'm just getting into vlans and your statement prompted a couple questions for me.
1. What is a vlan without tagging? Are you suggesting that the vlan exists only inside the switch, packets get tagged at the port ingress then untagged at egress, as a method for defining which ports can talk to each other and which can't?
2. If so, then isn't arp flooding something that you still have to address?
-
http://www.networkliquidators.com/webwiz/forum/forum_posts.asp?TID=9360
I am not concerned about ARP flooding… I dont have any workstations or other things behind my L7 firewall...