Custom build or thin client? (low throughput home use)
-
Great post by haleakalas… thought I'd throw in a few other points.
The best value low power consumption processor that I've found is the Celeron 1037u. I purchased a small aluminum cased fanless dual Realtek NIC box from China for less than $200 with 2GB memory - and it works like a champ. With an SSD it draws about 13 watts. You can get similar "firewall oriented" boxes from China with multiple ports. Another great value is the OEM production (Minix) atom d2550 box that is on Newegg. It has dual broadcom NIC's and it will cost you about the same as a 1037u from China. The dowside is that it has a fan (although it can be disconnected), is a little larger, and draws 2-3 watts more... but the upside is that you can buy it from Newegg and it has Broadcom NICS vs. Realtek.
Either of the above options works great with pfSens and will easily handle my 25/4 cable connection running Squid (configured not to cache anything - required for DG) and Dansguardian.
An SSD doesn't save you more than a Watt or two over a standard 2.5" drive... However, a 3.5" drive draws 4-6 Watts - I'd stay away from them. In my mind, the biggest advantage of an SSD is that you can have a rock solid machine with no moving parts to break.
The TP-Link WR841N works great as an access point. If you get the correct version, you can even run OpenWRT (or Gargoyle) on it.
-
… An SSD doesn't save you more than a Watt or two over a standard 2.5" drive... However, a 3.5" drive draws 4-6 Watts - I'd stay away from them. In my mind, the biggest advantage of an SSD is that you can have a rock solid machine with no moving parts to break.
...I would rather say that it's the speed benefit and it might make a huge difference if you're dealing with a lot of storage and your primary hardware is a bit weak. The best illustration is when you try to run a samba server off a Raspberry Pi or BeagleBone Black (Obviously non mission critical and rather modest/fun configurations - but it's amazing what you can do with BBB and an SSD drive). You will definitely thank your SSD and SSD/USB adapter.
That said, with our luck in our lab almost all our 3 year old SSDs have been blowing up to our face and for the last few weeks our technician didn't do anything but replace SSD drives. I wonder how they do in places like Linodes and DigitalOcean where they use massive arrays of SSD.
Halea
-
I'd bet the bank that a samsung SLC SSD won't blow up in your face, but its not faster than a normal HDD.
Just more reliable and lower power.I'm sure there are others also, but I've not tested others personally.
15w is a hard target to hit unless you use one of the platforms (newer or old) that are for sell usually by pfsense associated vendors.
I'd say just buy one with over 500MB ram or more used from someone who is upgrading.
-
Not sure if you are talking about a particular SSD drive that I might not know much about. But generally speaking, actually specifically Samsung speaking, they use a rather old technology where they store 1 bit per cell. That's really basic technology.
I don't know that it makes it more durable.Actually we have a high failure rate with our Samsungs too. We have a mix of Intel, Samsung, SanDisk, Crucial, Kingston, Fuji, PNY and a few others that I care to remember. Our exposure to SSD in our lab is in the thousands of units over 5-6 years, not just a few. We have performance and failure stats and analysis meticulously compiled. They all fail eventually and "eventually" is not an eternity, it's just a few years based on your actual average access rate. I know everybody is doing some creative math to come up with MTBF values comparable to hard disk drives but the fact is SSDs have a magnitude or two shorter life span as hard disks.
Halea
-
yeah - 1 bit per cell is better, not worse….
I am pretty sure what you have a high failure rate with is slightly older MLC SSDs.
Those were probably 2 bits per cell and these days its even 3 bits per cell.
Strangely the samsung TLC SSDs seem to have quite a low failure rate if properly configured with TRIM.
I have had a bunch of the old samsung SLC drives running for a long time now without any failures.
But I do agree that if you don't know whats up with TRIM or pick the wrong brand, crashes will come much much faster than with a HDD.
-
@haleakalas:
Actually we have a high failure rate with our Samsungs too. We have a mix of Intel, Samsung, SanDisk, Crucial, Kingston, Fuji, PNY and a few others that I care to remember. Our exposure to SSD in our lab is in the thousands of units over 5-6 years, not just a few. We have performance and failure stats and analysis meticulously compiled. They all fail eventually and "eventually" is not an eternity, it's just a few years based on your actual average access rate. I know everybody is doing some creative math to come up with MTBF values comparable to hard disk drives but the fact is SSDs have a magnitude or two shorter life span as hard disks.
You obviously have much more data that I do… my experience at home has been that cheap SSD's die quickly - especially if you are using something disk intensive like Squid and don't use TRIM. I've had good luck with Intel and Samsung drives though. As for performance, I've never noticed a difference using an SSD vs. hard drive (for a router machine) other than the time to bootup.
-
I've never noticed a difference using an SSD vs. hard drive (for a router machine) other than the time to bootup.
Including Squid performance?
I agree the default pfSense install in unlikely to benefit much in performance terms unless you are swapping in which case you're doing it wrong anyway. ;) I think this is proved by the Nano installs I have where the CF card performance is very, very bad but the overall system performance is not a problem.
I see Samsung have a firmware bug fix out today.
Steve
-
Those particular SSDs have a super high rating on newegg.
My experience is that people prefer to post about problems more than to praise, so when I see approval ratings in the high 90% for a drive more than a year old, I believe that over all, it must be a solid piece of hardware. HDDs and SSDs in particular, usually get lower than average ratings compared to other hardware because not too bright people break them and complain. So a high rating indicates a certain degree of idiot-proof-ness.
-
Including Squid performance?
Yes… However, I've only used it in my home environment so the volume and number of hits would be really low. In fact, I think squid cacheing was actually slowing things down rather than helping. I've subsequently disabled the squid cache (have to have squid because I use dansguardian) and overall browsing "feels" faster.
-
@haleakalas:
- Unless you're running home based servers you should have any and all WAN initiated traffic blocked, in which case you don't need snort.
So all the extra processing power on your pfSense router to accommodate snort is a waste in home use environment.
Snort will not protect you better ;D
I hope you will forgive me as I am the eternal self-declared n00b when it comes to pfSense, but Snort and firewalls are two completely different techniques, so I learned.
The firewall is stateful and will block anything not state, yet Snort, and Suricata, look inside the packages (the firewall lets through) for mailicious content.
-
You are quite correct in saying that Hollander however I don't think that's what haleakalas meant. I read his comments more along the lines of it's just not worth bothering with for a home network. Certainly a lot (most?) of the malicious traffic Snort looks for is that coming from a compromised server or of tools attempting to compromise a server. If you're not running any servers at home much of that is just never going to happen.
I do not run Snort at home. The last time I did the false positives outweighed any advantage it gave me. I realise that's quite subjective though, many people here would tell you you're not properly protected unless you're running IDS/IPS. At the other end of the scale are people who say that firewalls are a just a fudge anyway and that everything should be publicly addressable (IPv6) and inherently secure. Certainly there have been security exploits discovered in software/hardware to which the manufacturer has responded 'this isn't a problem because it should be behind a firewall' which is unacceptable in my view. The ubiquitous presence of firewalls promotes this attitude to some degree.Steve
