Looking for hardware advice

Derelict

Pfsense n00b here so pardon if this doesn't work: can't the vm host use trunking protocol to pfsense and hanle external members that way?

Yes, but where do you plug other devices in?  With a switch you can do this:

pfSense OPT10 on re0_vlan10
pfSense OPT11 on re0_vlan11
pfSense OPT12 on re0_vlan12

ESX interface VMNET10 on VLAN 10
ESX interface VMNET11 on VLAN 11
ESX interface VMNET12 on VLAN 12

Nowhere to plug in a laptop to get on, say, VLAN 12

If pfSense and the ESXes are plugged into switchports with tagged VLANs 10, 11, and 12, you can make a switchport untagged on VLAN 12 and jump on the VMNET12/OPT12 network with any device, for example.

kroberts

@vsxi-13,

I'm really interested in your setup.  pfSense forum might not be where we should discuss it, since what you do with your VMs might be a bit off topic.

@Derelict,

In my case I have 7 nics on the router, aside from IPMI.  I would have the virtual switch and run a trunk back to the pfSense box, and then have a vlan-specific switch off on another nic.

Most of my server hardware is going to be trunking-aware.

kroberts

Vsxi-13, I sent you a pm asking about your experiences with atom-based virtualization.

I hope you don't mind.

vsxi-13

@kroberts:

Vsxi-13, I sent you a pm asking about your experiences with atom-based virtualization.

I hope you don't mind.

No problem.  I had responded on there.  What are you using to run pfSense?  Just looking for some more opinions for hardware given my scenario/useage.

kroberts

I didn't get your response to the pm.

My intent is to build a painfully bare kvm host from gentoo linux, with everything unnecessary removed. If I can get PCI pass through working on this board I will donate most or all nics to the router vm(s). If that happens the host won't even have drivers for the nics.

Derelict

I don't understand why you would hack something together when both ESXi and XenServer are free.

mir

ESXi is not free and the gratis version of ESXi is only for very restricted personal non-commercial use.

Derelict

@mir:

ESXi is not free and the gratis version of ESXi is only for very restricted personal non-commercial use.

I think you are wrong.  Show me.  The evaluation license for the vSphere suite is limited to non-production for 60-days but I see no such limitation on ESXi (apparently now called vSphere Hypervisor).  They have even removed limitations on physical CPUs, cores, and RAM.  8 vCPU per VM limit applies and no features like live migration.

http://www.vmware.com/products/vsphere-hypervisor/gettingstarted.html

kroberts

ESXi is not free, and my use is both commercial and personal.  Xen is less active than KVM.

ESXi AFAICT has no QuickAssist support, which is the main reason for my purchase of this board.  Linux and KVM support QuickAssist right now.  Xen also supports QuickAssist but has less development so IMO is less viable.

Less than a week ago, Gentoo pushed a kernel into the stable branch which supports QuickAssist.  Meaning that the upstream sources support it and the kernel is now mainstream on Gentoo.  I know this because I've been using Gentoo for awhile and searched the source from the previous version and subsequently on the latest when it came through.

I've built KVM hosts before, using Gentoo and others.  I don't really see how this is a hack?  Gentoo lets you build everything from scratch, lets you omit features you don't want not only from the kernel but from all software on the system, or from specific packages as you choose.  If code (meaning driver, system app, support for some protocol) does not exist, then vulnerabilities of that code can't really be exploited right?

I might choose VMware as an option if performance as a KVM guest is not good, there are some Linux drivers which are not as high performance as their VMware equivalents.  But before that happens VMware needs to support QuickAssist because again that's the sole reason for me buying this system in the first place.

kroberts

@Derelict:

@mir:

ESXi is not free and the gratis version of ESXi is only for very restricted personal non-commercial use.

I think you are wrong.  Show me.  The evaluation license for the vSphere suite is limited to non-production for 60-days but I see no such limitation on ESXi (apparently now called vSphere Hypervisor).  They have even removed limitations on physical CPUs, cores, and RAM.  8 vCPU per VM limit applies and no features like live migration.

http://www.vmware.com/products/vsphere-hypervisor/gettingstarted.html

If VMware is free, how do I modify the source with the Intel patches to support QuickAssist?

Derelict

Whatever.

mir

@Derelict:

I think you are wrong.  Show me.  The evaluation license for the vSphere suite is limited to non-production for 60-days but I see no such limitation on ESXi (apparently now called vSphere Hypervisor).  They have even removed limitations on physical CPUs, cores, and RAM.  8 vCPU per VM limit applies and no features like live migration.

When I talk about free I mean free as in free of speech and not as free as in free beer.

Returning to ESXi free license:

No vMotion, no backup, no HA, only single host, and no centralized management. With this offer you might as well choose vmware player or virtualbox.

kroberts

I'm not trying to be an @$$ but if there's no QuickAssist support then there's really no reason for me to bother installing.

I'm inclined toward KVM anyway based on past experience.

I also didn't mean to hijack vsxi-13's thread.

vsxi-13

So to get this thread back on track, does anyone else have any recommendations for my case?

Thanks!

kroberts

Really sorry my part of this took off in a different direction.

My input to you would be to either get a netgate fw-7551 or a dual core atom board with QuickAssist, but you obviously have more experience with this than I do so I'm sure it's no help at all.