Revised New Build
-
Perhaps I should clarify my intent. I would like to run PfSense directly off of the SATA DOM or USB Flash Memory for the time being, at least until the price of hard drives comes down again. Per my previous post, I am running off of a 15/1 Mbit DSL lines, so the Atom processor is more than adequate for my needs. The Supermicro Chassis is the most elegant framework for the Supermicro motherboard–although I seriously considered and rejected the Mini-Box platform. It appears that the Supermicro motherboard does support boot from USB, but I would like to know the limitations of running PfSense from USB before finalizing my purchase. ::)
-
If you booting from flash memory of any sort you will probably be running an embedded install. In that situation the speed of the flash will only effect the boot time slightly, once booted in runs almost entirely from RAM anyway. The only advantage of using a DOM is that it will make for a slightly easier install as it's connected in place of a HD so there is no need to edit the fstab to tell it where to boot from.
It looks like that board has an internal USB socket that you could use with a short USB stick.
The Atom will be easily capable of saturating your 15/1 line, even with encrypted traffic if you need that.
Steve
-
I've ran both thumbdrives and CF-SATA adapters in pfSense for sometime now.
They generally work great with embedded (NanoBSD) variants of pfSense but loading times from a clean boot can be slower than a HDD (depends on the thumbdrive/ CF card used).For the thumbdrive setup previously, I unscrewed a USB extension bracket and used the plug internally. It hid away nicely in the HDD bay. Much better than sticking it in the back of the setup where there's the risk of the thumbdrive getting knocked off by accident.
For Embedded (NanoBSD), the system runs off RAM but there is periodic saving of config and logs (and RRD graphing data) to the embedded device. This can be configured (interval between saving) or disabled.
I'm currently using a CF-SATA adapter with a Transcend 133X CF card. I haven't enabled DMA mode (disabled by default on NanoBSD) but it loads plenty fast.
The main advantage of an using a thumbdrive/ CF card lies in the fact that it is solid state and more resilient to physical shock. Furthermore, it is less prone to corruption in the event of a power failure (as long as the power outage doesn't happen while the logs/ RRD data is being written to the drive).
Power consumption is also significantly lower (a thumbdrive uses less than 1W even after power conversion losses in PSU) and is generally less sensitive to and produces less heat.
The last part is especially important for systems with limited cooling. I used to run a WD Raptor 10K RPM drive in my old pfSense rig and the drive was toasting the rest of the setup.The main disadvantage is that you have limited space (maximum size for Nano is 8GB or 4GB per slice) for disk I/O heavy packages like Squid. You can still run Squid with only RAM caching but that may not be enough for your needs.
Also, depending on your setup, the USB booting may need some changes to the stock config. The default timeout of 10 seconds may not be sufficient for the USB drivers to load nicely on the setup. In that case, some intervention is needed for the first boot until the changed timing is commited to the bootloader file.
-
O.K. great, thanks to the two of you for posting informative responses to my questions. I found a SATA DOM that will fit in the server chassis, but it costs in the neighborhood of $140-$230! I think I will go with a USB thumb drive: a top-rated 4 GB unit at New Egg runs about $11–if it ever fails, replacing it would be cheap. Regarding the latter, do you think that 4 GB is sufficient or should I go with 8 GB? Also, which version of the embedded firmware should I use? Please keep in mind I would like to use the IPMI (ver. 2) feature of the motherboard, so I assume I should use one of the VGA versions? And which size? If you can elaborate on how to change the default boot timeout, I would additionally appreciate that information. I will shut down the log reporting features.
-
4GB will be fine.
There are some interesting notes on running pfSense on that board here:
http://www.servethehome.com/supermicro-x7spehfd525-8gb-ddr3-ipmi-pfsense-freenas-unraid-linux-power-consumption/Here is info on the boot delay:
http://doc.pfsense.org/index.php/Boot_Troubleshooting#Booting_from_USBI've never used IPMI so can't help you there. ;)
Steve
-
AFAIK the IPMI is living its on life and not OS dependent. I use it often on my Dell SC1435.
-
There are some interesting notes on running pfSense on that board here:
http://www.servethehome.com/supermicro-x7spehfd525-8gb-ddr3-ipmi-pfsense-freenas-unraid-linux-power-consumption/Thanks for link. :)
-
Thanks again, guys, the information you have supplied is exactly what I needed and the article on the PfSense application of the motherboard I was considering was interesting and informative. I went ahead and ordered all my components from New Egg yesterday. Hopefully, they will arrive in time that I may assemble them this weekend. I ordered a 4 GB USB thumb drive along with an internal 6-inch header to USB-A cable. I should be able to strap the thumb drive somwhere inside the chassis with a plastic wire tie. I can always replace it with something more elegant at a later date. Once I get the rig up and running, I will consider purchasing a riser card and a Viking PCI ADSL-2 modem card (if I can find a vendor that sells them in the USA). I will assume that the correct version of the PfSense embedded firmware that I will need to download (I'd like to run the 64-bit version) is "pfSense-2.0.1-RELEASE-4g-amd64-nanobsd_vga.img" ???
-
Unless you have bought a particularly long USB drive you should just be able to plug it into the internal USB socket on the board.
That is the correct image if you need VGA. That board has a serial port though so you could use the standard Nano image with a null modem cable. Either way you will probably be faced with a mount root error the first time you boot. Don't panic! That's normal, you simply have to tell pfSense where your USB drive is connected and then edit the fstab so it knows next time.
Steve
-
Thanks stephenw10, I goofed in assuming the on-board headers did not include a USB-A port. I just purchased a mini-USB device at Staples and loaded the firmware on it as the USB drive I purchased through New Egg is indeed too tall to plug into the onboard USB-A port. I received all my other hardware in the mail today and will assemble it tomorrow. Wish me well.
-
Up-n-Running! And it's already a heck of a lot faster than my old Trendnet router! Now I have to make sure all logging is turned off.
:D
-
Logging is all to ram only so no worries there. If you used the NanoBSD image it's all taken care of anyway. No need to worry about flash memory life.
Steve
-
O.K., thanks Steve. I may buy a SATA DOM eventually–USB works but it takes a long time to boot!
-
How long? How often do you plan on re-booting!?
My machine is usually up until there's either a new release or I do something to kill it. ::)Steve
-
Once it is fully configured I plan to leave it on continuously without rebooting. It takes ca. two minutes for PfSense to boot up after the motherboard posts.
-
That's similar to my Firebox booting from CF. Not unusually slow.
Steve
-
By the way, it turned out I did not have to do any compensation for the boot to USB option. I have rebooted my build several times and have not run into such a problem. I just purchased an ADSL2+ PCI card (it is made in Australia and I had to buy it from a vendor in Europe). It will take a couple of weeks to arrive, but I plan to use it to bypass my external DSL modem.
-
The Vikiking card from Traverse? (They also seem to have re-branded as rocksolid electronics)
I ran their earlier Pulsar ADSL card under IPCop for years, totally reliable.Steve
-
"The Vikiking card from Traverse?"
Yes, I guess I'll have to adjust the settings to get it to work with my Verizon DSL service.
-
When using Snort in the embedded version of PfSense that I am using, will the updates download to RAM or will they write on my solid state memory? I don't want to install anything that will do periodic memory writes. ???