Using a hard-disk in a Watchguard Firebox X750e for cache/log storage

Steve Evans

Having updated to 2.2 the support for my hard-drive now appears rather worse.

The atacontrol utility which did exactly what I needed has been superseded by camcontrol. This reports that the disk is in polled mode.

$ camcontrol negotiate /dev/ada1 -v 
Current parameters:
(pass1:ata0:0:1:0): ATA mode: PIO4
(pass1:ata0:0:1:0): ATAPI packet length: 0
(pass1:ata0:0:1:0): PIO transaction length: 8192
(pass1:ata0:0:1:0): tagged queueing: disabled
ata0: SIM/HBA version: 1
ata0: supports SDTR message
ata0: scan bus sequentially
ata0: HBA engine count: 0
ata0: maximum target: 1
ata0: maximum LUN: 0
ata0: highest path ID in subsystem: 0
ata0: initiator ID: 0
ata0: SIM vendor: FreeBSD
ata0: HBA vendor: ATA
ata0: HBA vendor ID: 0x8086
ata0: HBA device ID: 0x266f
ata0: HBA subvendor ID: 0x8086
ata0: HBA subdevice ID: 0x266f
ata0: bus ID: 0
ata0: base transfer speed: 3.300MB/sec
ata0: maximum transfer size: 131072 bytes

I should be able to set the disk to UDMA33 mode however, this is what I get.

$ camcontrol negotiate /dev/ada1 -v -U -M UDMA33 -a
User parameters:
(pass1:ata0:0:1:0): ATA mode: UDMA2
(pass1:ata0:0:1:0): ATAPI packet length: 0
(pass1:ata0:0:1:0): PIO transaction length: 131072
(pass1:ata0:0:1:0): tagged queueing: enabled
ata0: SIM/HBA version: 1
ata0: supports SDTR message
ata0: scan bus sequentially
ata0: HBA engine count: 0
ata0: maximum target: 1
ata0: maximum LUN: 0
ata0: highest path ID in subsystem: 0
ata0: initiator ID: 0
ata0: SIM vendor: FreeBSD
ata0: HBA vendor: ATA
ata0: HBA vendor ID: 0x8086
ata0: HBA device ID: 0x266f
ata0: HBA subvendor ID: 0x8086
ata0: HBA subdevice ID: 0x266f
ata0: bus ID: 0
ata0: base transfer speed: 3.300MB/sec
ata0: maximum transfer size: 131072 bytes
Unit is not ready
(pass1:ata0:0:1:0): TEST UNIT READY. CDB: 00 00 00 00 00 00 
(pass1:ata0:0:1:0): CAM status: CCB request was invalid
Test Unit Ready failed

I've tried all manner of variations. Any ideas to get camcontrol to do what a simple

atacontrol mode ad1 UDMA6

would do before?

Thanks,

Steve

stephenw10

Haven't you alread set ata0 to PIO4 only though?
The HD and CF are on the same IDE channel right?

Steve Evans

Hi Stephen,

This is what I'm trying to get my head round at the moment, reading the FreeBSD documentation to better understand the nomenclature.

If I boot without specifying

hint.ata.0.mode=PIO4

I see the following on the console

ada0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: <sandisk sdcfh-004g="" hdx="" 6.02=""> CFA-0 device
ada0: Serial Number ABZ042211193008
ada0: 66.700MB/s transfers (UDMA4, PIO 512bytes)
ada0: 3815MB (7813120 512 byte sectors: 16H 63S/T 7751C)
ada0: Previously was known as ad0
ada1 at ata0 bus 0 scbus0 target 1 lun 0
ada1: <st9402115a 3.01=""> ATA-6 device
ada1: Serial Number 5PV09ZED
ada1: 100.000MB/s transfers (UDMA5, PIO 8192bytes)
ada1: 38154MB (78140160 512 byte sectors: 16H 63S/T 16383C)
ada1: Previously was known as ad1</st9402115a></sandisk>

Rather than

ada0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: <sandisk sdcfh-004g="" hdx="" 6.02=""> CFA-0 device
ada0: Serial Number ABZ042211193008
ada0: 16.700MB/s transfers (PIO4, PIO 512bytes)
ada0: 3815MB (7813120 512 byte sectors: 16H 63S/T 7751C)
ada0: Previously was known as ad0
ada1 at ata0 bus 0 scbus0 target 1 lun 0
ada1: <st9402115a 3.01=""> ATA-6 device
ada1: Serial Number 5PV09ZED
ada1: 16.700MB/s transfers (PIO4, PIO 8192bytes)
ada1: 38154MB (78140160 512 byte sectors: 16H 63S/T 16383C)
ada1: Previously was known as ad1</st9402115a></sandisk>

As you point out, this setting affects them both. I've been trying to understand what granularity of control the driver gives me. From the ata man page there's the following which suggests per device control, but I don't currently understand what "specified device" means exactly.

@https://www.freebsd.org/cgi/man.cgi?query=ata(4)&sektion=:

hint.ata.X.devX.mode
    limits the initial ATA mode for the specified device on the specified channel.

hint.ata.X.mode
    limits the initial ATA mode for every device on the specified channel.

I'm not sure how the master/slave IDE arrangement maps onto the above. Any pointers much appreciated!

Thanks,

Steve

stephenw10

Pretty sure the CF slot is always master if a CF card is in it so I would think it's dev0.

On my test box here which I haven't set loader.conf.local on it will boot if I use:

Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [/boot/kernel/kernel] in 4 seconds...

Type '?' for a list of commands, 'help' for more detailed help.
OK set hint.ata.0.dev0.mode=PIO4
OK boot
Booting...

So I'd say you're good with that.

Steve

Steve Evans

Thank you sir, you're a scholar and a gentleman!  :)

Your suggestion works a treat. I clearly had a bit of a mental block on what "devX" could be. I'd tried "0", but it hadn't occurred to me to used "dev0".  :-[ I'm clearly not familiar enough with FreeBSD naming conventions.

[code]ada0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: <sandisk sdcfh-004g="" hdx="" 6.02="">CFA-0 device
ada0: Serial Number ABZ042211193008
ada0: 16.700MB/s transfers (PIO4, PIO 512bytes)
ada0: 3815MB (7813120 512 byte sectors: 16H 63S/T 7751C)
ada0: Previously was known as ad0
ada1 at ata0 bus 0 scbus0 target 1 lun 0
ada1: <st9402115a 3.01="">ATA-6 device
ada1: Serial Number 5PV09ZED
ada1: 100.000MB/s transfers (UDMA5, PIO 8192bytes)
ada1: 38154MB (78140160 512 byte sectors: 16H 63S/T 16383C)
ada1: Previously was known as ad1

I'm now getting the performance I need for my disk used for logs and caching.

diskinfo -tv /dev/ad1
/dev/ad1
        512             # sectorsize
        40007761920     # mediasize in bytes (37G)
        78140160        # mediasize in sectors
        0               # stripesize
        0               # stripeoffset
        77520           # Cylinders according to firmware.
        16              # Heads according to firmware.
        63              # Sectors according to firmware.
        5PV09ZED        # Disk ident.

Seek times:
        Full stroke:      250 iter in   7.926598 sec =   31.706 msec
        Half stroke:      250 iter in   6.203416 sec =   24.814 msec
        Quarter stroke:   500 iter in   9.877891 sec =   19.756 msec
        Short forward:    400 iter in   3.476113 sec =    8.690 msec
        Short backward:   400 iter in   2.381591 sec =    5.954 msec
        Seq outer:       2048 iter in   0.197696 sec =    0.097 msec
        Seq inner:       2048 iter in   0.179296 sec =    0.088 msec
Transfer rates:
        outside:       102400 kbytes in   3.135350 sec =    32660 kbytes/sec
        middle:        102400 kbytes in   3.745807 sec =    27337 kbytes/sec
        inside:        102400 kbytes in   5.382397 sec =    19025 kbytes/sec

Steve</st9402115a></sandisk>

stephenw10

Nice! I'm going to have to try that sometime.  :)

Steve

stephenw10

In testing the HD issue I ran that benchmark. Thought my result might ammuse you:

[2.2-RELEASE][root@pfSense.localdomain]/root: diskinfo -tv /dev/ada0
/dev/ada0
        512             # sectorsize
        20003880960     # mediasize in bytes (19G)
        39070080        # mediasize in sectors
        0               # stripesize
        0               # stripeoffset
        38760           # Cylinders according to firmware.
        16              # Heads according to firmware.
        63              # Sectors according to firmware.
        32K60131T       # Disk ident.

Seek times:
        Full stroke:      250 iter in  11.840086 sec =   47.360 msec
        Half stroke:      250 iter in   8.878876 sec =   35.516 msec
        Quarter stroke:   500 iter in  15.334866 sec =   30.670 msec
        Short forward:    400 iter in   8.639504 sec =   21.599 msec
        Short backward:   400 iter in   7.131472 sec =   17.829 msec
        Seq outer:       2048 iter in   0.282496 sec =    0.138 msec
        Seq inner:       2048 iter in   1.086055 sec =    0.530 msec
Transfer rates:
        outside:       102400 kbytes in  23.521335 sec =     4353 kbytes/sec
        middle:        102400 kbytes in  20.436978 sec =     5011 kbytes/sec
        inside:        102400 kbytes in  48.862760 sec =     2096 kbytes/sec

Something not right.  ::) Yet:

[2.2-RELEASE][root@pfSense.localdomain]/root: dmesg | grep ada
ada0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: <toshiba mk2018gap="" m1.42="" a="">ATA-5 device
ada0: Serial Number 32K60131T
ada0: 100.000MB/s transfers (UDMA5, PIO 8192bytes)
ada0: 19077MB (39070080 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad0
Trying to mount root from ufs:/dev/ada0s1a [rw]...</toshiba> 

Just a knackered old drive? Works fine though, as long as you're not in a hurry!

Steve

Steve Evans

Ouch. Not much use as a cache though as it's no faster than fiber broadband!

Steve

MacUsers

@stephenw10:

[2.2-RELEASE][root@pfSense.localdomain]/root: dmesg | grep ada
ada0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: <toshiba mk2018gap="" m1.42="" a="">ATA-5 device
ada0: Serial Number 32K60131T
ada0: 100.000MB/s transfers (UDMA5, PIO 8192bytes)
ada0: 19077MB (39070080 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad0
Trying to mount root from ufs:/dev/ada0s1a [rw]...</toshiba> 

I was just looking in some old posts - Does it mean you have TRIM enabled on your TOSHIBA MK2018GAP drive?

stephenw10

No. I'm pretty sure that device is way too old to support TRIM
TRIM only applies to SSDs anyway.

Steve

MacUsers

That's what I knew as well but this line in your dmesg:

ada0: 100.000MB/s transfers (UDMA5, PIO 8192bytes)

made me think otherwise.

stephenw10

What part of that implies TRIM?
That's the maximum speed on the interface, which is far, far faster than the drive can manage in this case.  ;)

Steve

MacUsers

Nothing in particular, to be honest. I see Ultra ATA/33 on my x750e as opposed to ATA/100 on yours:

[2.2.2-RELEASE][root@wg550.home]/root: dmesg|grep ada1
ada1 at ata0 bus 0 scbus0 target 1 lun 0
ada1: <toshiba mk4026gax="" pa102d=""> ATA-6 device
ada1: Serial Number 65IF3453T
ada1: 33.300MB/s transfers (UDMA2, PIO 8192bytes)
ada1: 38154MB (78140160 512 byte sectors: 16H 63S/T 16383C)
ada1: Previously was known as ad1</toshiba>

It says ATA-6 device, so I was hoping to see UDMA5 in the next line but UDMA2 is the ATA-4, IIRC. I'm out of sys-admin business for while now, so may be talking rubbish as well.  ;)

MacUsers

On a separate note, a really silly question (maybe): Is it worth putting a SSD in in WatchGuard/pfSense? Apart from speedy-boot, what added benefit over an PATA drive?

Guest

@MacUsers:

On a separate note, a really silly question (maybe): Is it worth putting a SSD in in WatchGuard/pfSense? Apart from speedy-boot, what added benefit over an PATA drive?

There are many IDE SSDs out to install inside and I really would go more with a SSD
rather then a IDE HDD because of less power, faster and not so hot.

stephenw10

They are massively faster so if you're using it as a squid cache it will help a lot. Someone recently posted some numbers from one in the main Xe thread.

https://forum.pfsense.org/index.php?topic=20095.msg501388#msg501388

Steve

NozeDive

Steve,

I know this is a really old post, but I'm hoping you were subscribed to it, and that this post reaches you.

I was hoping that you could go in to some more detail on the /etc/rc.embedded section of your post.

I followed your steps, modifying the device names to match my own set-up (i.e. using /dev/ada1s1a instead of /dev/ad1s1a) except I missed this in a few places. The end result was a system that would not boot correctly, and a file system that could not be re-mounted as read/write, so I ended up having to nuke the CF card and starting over.

That was totally my fault, but I'd like to try it again, which is why I'm hoping that you could go into a little more detail about what each section of the script in /etc/rc.embedded does.

In any case, I may end up using a spare 8GB USB flash drive rather than this 250GB SATA spinning rust drive i'm trying to use since that seems like overkill, but I'd really like to get this set-up to work too for academic reasons.

Again, I know this is an old topic, so if this does reach you, thanks for revisiting this post.

»Tony

(BTW I'm using a WatchGuard Firebox XTM 515)

Steve Evans

@NozeDive:

Steve,

I know this is a really old post, but I'm hoping you were subscribed to it, and that this post reaches you.

I was hoping that you could go in to some more detail on the /etc/rc.embedded section of your post.

I followed your steps, modifying the device names to match my own set-up (i.e. using /dev/ada1s1a instead of /dev/ad1s1a) except I missed this in a few places. The end result was a system that would not boot correctly, and a file system that could not be re-mounted as read/write, so I ended up having to nuke the CF card and starting over.

That was totally my fault, but I'd like to try it again, which is why I'm hoping that you could go into a little more detail about what each section of the script in /etc/rc.embedded does.

In any case, I may end up using a spare 8GB USB flash drive rather than this 250GB SATA spinning rust drive i'm trying to use since that seems like overkill, but I'd really like to get this set-up to work too for academic reasons.

Again, I know this is an old topic, so if this does reach you, thanks for revisiting this post.

»Tony

(BTW I'm using a WatchGuard Firebox XTM 515)

Hi Tony,

The code section of interest is below:

# If a hard disk is installed then mount that on /var
# otherwise use a ramdisk
harddisk="/dev/ad1s1a"
if [ -c $harddisk ]
then

This checks that /dev/ad1s1a exists as a character device.

        echo -n "Using /var physical disk..."
        mount -o noatime $harddisk /var

This mounts the partition (in this case partition 'a') on /var.

        # Ensure /var/run is removed on boot before daemons are started
        # It should arguably be a tmpfs, but this works fine
        rm -r /var/run

Remove the /var/run directory as nanobsd expects this to not persist across reboots, and whilst that would be true for a RAM disk, the rotating rust remembers.

        # sshd won't start if /var/empty exists on boot
        rm -r /var/empty

Similarly remove /var/empty.

else

The following is the original code which creates a RAM disk for /var..

        echo -n "Using /var memory disk..."
        mdmfs -S -M -s ${varsize} md /var

        # Create some needed directories
        /bin/mkdir -p /var/db

        # Ensure vi's recover directory is present
        /bin/mkdir -p /var/tmp/vi.recover/
fi

Steve

NozeDive

:)

Steve!

Thank you very much for taking the time to reply! I'm not sure how I missed your reply (I must have my email settings wrong) but I didn't  see it until just now, and I wanted to make sure I thanked you for replying!

I did end up going with the 8GB thumb drive, FYI, but I used basically this same method to get it to work, and it's working well.

Thanks again!

–Tony

Love.IT.Again

I just installed a 120GB IDE HDD (Samsung) in my X1250e.  It is currently running fine without the SD card.  My problem now is how to fit the HDD inside?  I can't find any tiny rails to use.  Any suggestions and tips will be much appreciated.  I am also planning to upgrade the memory which is currently 256MB.  What's the maximum memory capacity can I install?  Thanks a lot.