SSD (Solid State Drive) and pfSense (Important)
-
When I switched from a HDD (3.5", 5400rpm) to an SSD I saved 7W at the wall, fwiw. Obviously that's not a static number but should be a good game if reference.
I didn't expect that much. Good to know.
@TS_b:Overall SSD > HDD for pfSense in 99% of applications.
Agreed. But when you factor in cost, I'd say the USB route might be more viable for home use especially with mirrored drives which can be cheaply replaced if and when one fails.
The cost of a decent small SSD isn't very high, <$100 easily, <$50 for a good deal or an off brand. I'd be at least as confident in those as a <$50 hard disk–I've had far more HDD failures than SSD failures, even in the span of time since SSDs became a thing. (Which is part of why I keep WTF'ing over this thread, which seems to exist in some alternate reality where spinning rust is reliable.) Yeah, HDD is cheaper for a given volume of storage, but why on earth are you putting a lot of storage on a firewall? A 16G SSD is more than enough space, so what does it matter if a junky 1TB spinner costs less than 1TB of enterprise SSD?
-
When I switched from a HDD (3.5", 5400rpm) to an SSD I saved 7W at the wall, fwiw. Obviously that's not a static number but should be a good game if reference.
I didn't expect that much. Good to know.
@TS_b:Overall SSD > HDD for pfSense in 99% of applications.
Agreed. But when you factor in cost, I'd say the USB route might be more viable for home use especially with mirrored drives which can be cheaply replaced if and when one fails.
The cost of a decent small SSD isn't very high, <$100 easily, <$50 for a good deal or an off brand. I'd be at least as confident in those as a <$50 hard disk–I've had far more HDD failures than SSD failures, even in the span of time since SSDs became a thing. (Which is part of why I keep WTF'ing over this thread, which seems to exist in some alternate reality where spinning rust is reliable.) Yeah, HDD is cheaper for a given volume of storage, but why on earth are you putting a lot of storage on a firewall? A 16G SSD is more than enough space, so what does it matter if a junky 1TB spinner costs less than 1TB of enterprise SSD?
True, which is why I am advocating a USB drive - 16GB or 32GB – even in mirrored would be cheaper than any HDD or SSD. A pair of Sandisk Cruzer 16GB (low profile) cost about $16 - $17. Other usbs could be even cheaper
Agreed that SSD > USB > HDD as far as pfSense is concerned, since you don't have much to store. But USB option is a lot cheaper than SSD with the same benefit of "no spinning rust" and added advantage of lower cost. This is for home use --- NOT enterprise. Enterprise solutions wouldn't bat an eyelid over a few hundred bucks for SSDs, I know.
USB 2 -- https://www.amazon.com/SanDisk-Cruzer-Low-Profile-Drive-SDCZ33-016G-B35/dp/B005FYNSZA/ -- $8.69 each
USB 3 -- https://www.amazon.com/SanDisk-Ultra-Flash-Drive-SDCZ43-016G-GAM46/dp/B01GK9921C/ -- $ 8.49 each
-
pfSense on ZFS in some sort of redundant raid configuration is a great option for using flash drives as your install media.
Just be sure to have enough RAM to utilize a RAM disk so you don't burn through your writes with logging.
Doing this you will have an install disk array that should last for years of use for <$20.
If you don't already have enough RAM to use a RAM disk it doesn't make sense to buy more RAM to be able to use flash drives as install media.
In that case get a small off-brand SSD, you can get them in the $25 range. They should be fine for pfSense uses. -
Mirrored usb thumb drives? Good grief, just get a small ssd and call it a day, unless your time is literally worth nothing. That mess will almost certainly require manual intervention at the worst possible time
-
Mirrored usb thumb drives? Good grief, just get a small ssd and call it a day, unless your time is literally worth nothing. That mess will almost certainly require manual intervention at the worst possible time
And a SSD wouldn't ? ::)
If the USB is just sticking out the box, its very easy to simply degrade your zpool by de-activating the bad drive, remove and replace the usb in literally 2 seconds and then add the new one back in the mirror. Re-silvering would be done in a jiffy since the USB would only be 16GB
-
Mirrored usb thumb drives? Good grief, just get a small ssd and call it a day, unless your time is literally worth nothing. That mess will almost certainly require manual intervention at the worst possible time
And a SSD wouldn't ? ::)
If the USB is just sticking out the box, its very easy to simply degrade your zpool by de-activating the bad drive, remove and replace the usb in literally 2 seconds and then add the new one back in the mirror. Re-silvering would be done in a jiffy since the USB would only be 16GB
Yeah, if you're at all familiar with ZFS, as Inxsible noted resilvering a pool isn't exactly a time intensive process, it's a few commands and swap the thumb drives without opening up any cases at all. Also, you can use any old thumb drive to resilver your drive so long as it's at least as large as the original drive. It's likely you'll have a >8GB thumb drive laying around the house, not as likely you'll have a spare SSD. Also, if you have a single SSD go bad, you have to totally reinstall and hope your config.xml is up to date.
If you have a flash drive go bad, you just resilver (take you 1 or 2 minutes, don't have to wait for the process to finish) and go about your life, service is never interrupted.People have run FreeBSD based software on ZFS installed to mirrored flash drives successfully for many years on end without issue. It's not exactly new territory, it's tried and true.
When you use a RAM disk there are very few writes to the disk with an application like pfSense.Not to mention you can have a hot spare with boot code pre-installed standing by in a third USB slot. This would allow you to resilver your pool remotely using a fresh USB drive with a couple of commands.
ZFS installs really are powerful if you know what it's capable of.At the end of the day, yes an SSD is better. But they cost more money. While you can get small off-brand drives in the $25 range (still double the price of 2x flash drives) the cheap off-brand stuff isn't exactly renowned for being reliable. For name brand you're probably looking at prices starting in the $50 range, now you're paying ~330% the cost of a pair of sandisks.
Putting $35 more into their pfSense box won't matter for many, those people should get an SSD. Getting a low end SSD and paying ~$10 more won't bother others - those people should get an SSD. For the remainder, ZFS on flash drives is still a solid option. -
If I would be need to install or buy a new hard drive or storage I would even more lokking on a SSD or mSATA or perhaps
a M.2 SSD that will matching well to the rest of the entire hardware, also and even IDE drives are available as a SSD
version and will be more fast then the spinning ones in my eyes. I don´t know what the future brings us to, but at the
moment it will be the best bet for myself.- fast
- cheap
- power saving
- wide variety of version and models
-
@johnkeates:
It's not about speed but the lack of mechanical components. Everything that moves decays relatively fast. Less moving parts means less things to go wrong.
Only if that were true !!
The number of SSD drive failures is what started this thread which is now 8 pages long. Also SSD's have limited number of writes (although, I believe that number is now quite high and that the drive would probably last for years before hitting that number).
I truly believe in using the right tool for the job. SSDs are great, but that doesn't mean it's great in every scenario. Again, it's a moving target too since future technology might improve upon things.
Well the number of SSD drive failures, were again from pretty bad SSDs that didn't fail due to endurance, but rather due to bad design. It even happened again with a newer version of SSD Nows, they are just bad SSDs.
Your right, they have limited rights, the drive I just got on Ebay, has 10tbs worth of writes before its dead. Now think about that, 10tbs. It would take an awful long time to use up 10tb in logs lol.
That's the same thing I said.
Oh sorry I must have misread that sorry.
That's just not true. You just have to buy the right board in that case. For pfSense – if your board already has 2 Intel NICs, you don't need an add-on card... which would leave enough space even for a 3.5" drive. Even if you put in an add-on NIC or any other card, you can put in a 2.5" drive in many 1U cases (as you mentioned). As for power consumption, I would be looking at the CPU TDP and other things before I would look at how much power the drive is going to take. Remember now, that for this application (pfSense -- where you aren't using a storage heavy package) your drive is not going to be constantly spinning as to affect the power consumption that drastically.
First off, cant really say thats not true? Well I mean rereading what I wrote, I guess you could, when I said "In my Case" I meant for me, not for the case itself.
"You just have to buy the right board in that case. For pfSense – if your board already has 2 Intel NICs, you don't need an add-on card... " Funny you mention that, because its not actually true in my case, I have needs that require more than 2 Nics, my board actually has 2 Nics, and I still use all 4 ports of a i350 as well.
In my case, my build is not for home use, well it kinda is, but my situation is odd, my house is on site of my business, so they are 1 and the same network. In that network, I host hotel wifi, on a separate lan, on a separate physical switch altogether (they need POE, my network is on a 10gb switch, cant have both, I should say I cant afford both in one :P.) I also have the Surveillance system on that switch, via Vlans.
Then I have, my NAS and 2 Web Servers on separate nic ports as well, as each of those 5 things (my nas, the web servers, the guest lan, and my lan) all have there own Public IP Addresses, I guess I could vlan some of the stuff, but even then I would need 3 ports at minimum, and couldn't find a mini itx board that fit my needs with that (well 3 usable my board has 3, but 1 is ipmi only).
As to the drive fitting, ya its pretty tight, and its a server board, so the cpu is right at front, and thge front fans help that cooling, its just not laid out well to route the cables and such for a harddrive, on top of the fact that its a tight fit for the 2.5 inch drive as well. The case I am using is 9 inches deep, and the plate has a strict location for a 2.5 inch drive, its tight against the card.
The power, I dont care so much about, the heat I do the added heat. As that added heat plus the heat I already have, is not worth adding. Also, the drive will be spinning constantly lol, I have web servers, people are constantly trying to break into those, and Suricata will be writing some serious logs for that. In a home situation, I agree not so bad, but again this a business network, that I am trying to setup better, vs the multi setups of iptables i been using and a not very secure guest lan. So PFsense will be doing what I had 6 instances of iptables doing before lol. So unless I move all logging to a log server, which i may, yes the drive is going to be going insane.
No, you don't have to "stuff" a 2.5" drive, it would fit quite comfortably. Agreed that in case you want to change the drive later, you might have to remove the card and a load of cables just to access the drive OR you need to choose a better case.
You chose a server board with a M.2 slot (probably for a reason) but what's the TDP of your processor?
I don't know what your requirements are but in order to save power – consider
-
a J3355 – its a SoC, fanless (so no worries about noise) with a TDP of 10W
-
a N3700 – another SoC, fanless -- this I have seen on a server board with quad intel nics, so no need for a NIC card --- with a TDP of 6W
You would save a lot more power consumption on the CPU than on the mechanical vs SSD storage. Again, like I mentioned in my earlier post as well, it does depend on what you plan to do with the machine. So don't go taking that as gospel, is all I am saying.
Ahh see it does have to be pretty stuffed, and "Choosing a better case" isnt an option, as the case I choose, I choose for a reason lol. Using a m.2 to work in the means of the case is the preferred layout for me.
The TDP of my processor is 72ws.
Again not worried about power, worried about extra uneeded heat, the CPU is already hard to cool lol.As to the SOCs, ya for a home use, with a few packages they are great, for my 1gbit wan, and Suricata protecting web servers that are constantly under attack, as well as a nas and 2 lans, ya lol, they would choke my net to 5mbs per sec. To be perfectly honest, I am curious to see what happens, I dont have suricata live yet, when I do, I dont even think the Xeon I have might not even be enough from what I been reading on here, I may have to go to an E5 Xeon.
Again I get what your saying, and to most that are home users ect, everything you said would apply, however I am not in that user category.
-
-
Ok. You didn't mention your network was for business use initially. Also, in my previous post, I clearly mentioned that unless you use packages which are heavy on disk usage, you don't need SSDs. Seems like in your case ( ;) ) you would benefit from a faster SSD compared to a HDD. In fact my post also agreed to the fact that SSD > USB > HDD in terms of performance. So I am not denying the usefulness of SSDs. And also because SSDs would be better for a business application compared to USB as costs can be claimed as business expenses and business networks need better stability than a cheap USB would provide etc. etc.
Comes back to my original point of using the right tool for the job.
-
Ok. You didn't mention your network was for business use initially. Also, in my previous post, I clearly mentioned that unless you use packages which are heavy on disk usage, you don't need SSDs. Seems like in your case ( ;) ) you would benefit from a faster SSD compared to a HDD. In fact my post also agreed to the fact that SSD > USB > HDD in terms of performance. So I am not denying the usefulness of SSDs. And also because SSDs would be better for a business application compared to USB as costs can be claimed as business expenses and business networks need better stability than a cheap USB would provide etc. etc.
Comes back to my original point of using the right tool for the job.
I 100% agree :) actually funny you say that I have been considering a SLC ssd as they are very expensive, but hey its a write off lol. However 300 dollars for 30gbs I may just go with a good branded MLC, I found the swissbits they have power loss protection, way high endurance for mlc, a large ddr3 cache, and serious reliability claims, they are almost 3x the price of a transcend or sandisk model the same size though ($50 to $125 for 64gb models). The word Enterprise throws up lots of dollar signs :P.
But at the same time whats an extra 70 for the ssd when my build is already over 1k.
-
You might consider using the enterprise software option already available to your for free (zfs) with consumer grade hardware in order to decrease costs while increasing reliability.
For example buy three low-end but name brand SSD's for ~$180. Put two of those in a mirror, write the boot code to the third and set it as a hot spare, set autoreplace=on and turn on zfsd with shellcmd. If one disk fails you can just SSH in issue the commands to remove the bad disk from the pool and resilver tot he good disk that already has the boot code written.
So after sustaining a single drive failure you would have your pool on one fresh disk and another disk that has been in a known working condition for probably years.That's two disk failure tolerance on name brand SSD's for about half the price of a single SLC SSD. I would bet my money on the three drives over one for a high availability system.
If the single expensive SLC SSD fails (due to manufacturing fluke, get's wet, mobo fries it, whatever) that's it, your high availability system is down cold until you can physically access it. Also, it's expensive to replace your SLC drive.
If a drive fails on your three cheap SSD setup then you just get a degraded pool message, that's it. So you resilver the pool and the next time you get around to it you replace the bad SSD for $60 and go on with life. Even if it takes a year or two to get around to replacing the bad drive it almost certainly won't matter because you've still got the tolerance to lose another drive in your array without the system going down.
Obviously you can further improve the reliability of this system by increasing number of drives or quality of drives, but really three cheap name brand SSD's is almost certainly going to outlast the life of the box.
I've used several cheap SSD's for years on end, swapping them from system to system. Reinstalling multiple OS's and programs on them. Sometimes in frequent on/off applications sometimes in 24/7/365 applications. I've literally never had one fail or even hiccup on me.
I found the swissbits they have power loss protection
If it's a high availability system - which from your description it certainly is, then get your power loss protection from a true-sine wave UPS not from capacitors in your SSD. With ZFS especially you don't need to worry all that much about corrupting data from unexpected or improper shutdown anyways, and that's all those capacitors in the swiss bits are going to do for you.
If you have a good UPS though, it doesn't matter because the entire system will stay online until the battery gets to a pre-determined point set by you and then it will execute a proper shutdown.
-
You might consider using the enterprise software option already available to your for free (zfs) with consumer grade hardware in order to decrease costs while increasing reliability.
For example buy three low-end but name brand SSD's for ~$180. Put two of those in a mirror, write the boot code to the third and set it as a hot spare, set autoreplace=on and turn on zfsd with shellcmd. If one disk fails you can just SSH in issue the commands to remove the bad disk from the pool and resilver tot he good disk that already has the boot code written.
So after sustaining a single drive failure you would have your pool on one fresh disk and another disk that has been in a known working condition for probably years.That's two disk failure tolerance on name brand SSD's for about half the price of a single SLC SSD. I would bet my money on the three drives over one for a high availability system.
If the single expensive SLC SSD fails (due to manufacturing fluke, get's wet, mobo fries it, whatever) that's it, your high availability system is down cold until you can physically access it. Also, it's expensive to replace your SLC drive.
If a drive fails on your three cheap SSD setup then you just get a degraded pool message, that's it. So you resilver the pool and the next time you get around to it you replace the bad SSD for $60 and go on with life. Even if it takes a year or two to get around to replacing the bad drive it almost certainly won't matter because you've still got the tolerance to lose another drive in your array without the system going down.
Obviously you can further improve the reliability of this system by increasing number of drives or quality of drives, but really three cheap name brand SSD's is almost certainly going to outlast the life of the box.
I've used several cheap SSD's for years on end, swapping them from system to system. Reinstalling multiple OS's and programs on them. Sometimes in frequent on/off applications sometimes in 24/7/365 applications. I've literally never had one fail or even hiccup on me.
I found the swissbits they have power loss protection
If it's a high availability system - which from your description it certainly is, then get your power loss protection from a true-sine wave UPS not from capacitors in your SSD. With ZFS especially you don't need to worry all that much about corrupting data from unexpected or improper shutdown anyways, and that's all those capacitors in the swiss bits are going to do for you.
If you have a good UPS though, it doesn't matter because the entire system will stay online until the battery gets to a pre-determined point set by you and then it will execute a proper shutdown.
I do have a good ups, however there is still power loss issues that can and do occur with drives.
I do like the raid idea, but I can't fit 1 2.5inch SSD barely mustless 2 lol.
I was thinking about something sort of similar though, not raid, but the drive dying did cross my mind. So now I had 2 new thoughts.
I am trying to decide between 2 drives, I am having a similar discussion on another forum and Optane keeps being throw out, because why not :p. A 32gb octane SSD would be plenty big for just pfsense/logs, has decent endurance, (180tbw) and it's new lol. It doesn't need PLP protection, because it writes directly as well which is a plus. With ZFS that should be pretty stellar. 80 dollars.
However Intel has a new DC 3520 series out, the 150gb m.2 has 412tbw endurance! And the best PLP on the market, i could keep alot more logs and add some caching. 100 bucks.
There is also the old mach16, which is sata interface, SLC, half size 2.5 drive. It would require me to put sata power on my modded psu, but that's not too bad. 40 dollars each, I could likely setup a raid array with these. 80 for a raid 1. The drives are slower, but that will only affect boot time, and besides raid 1 will increase read speed, to about 3520 levels.
Honestly, you are right though. The best safest option would be dual mach16 slc ssds in ZFS mirror. Defiantly can't fit 3 lol, but I think 2 would be good for HGST Enterprise SLC drives.
All of those are strong contenders for me.
-
however there is still power loss issues that can and do occur with drives.
I'v never heard of this? Could you tell me more about it?
AFAIK, if the power is coming from the wall, and the power supply is working then there will be no issues? Where would a power loss occur between the PSU and the SSD?
-
however there is still power loss issues that can and do occur with drives.
I'v never heard of this? Could you tell me more about it?
AFAIK, if the power is coming from the wall, and the power supply is working then there will be no issues? Where would a power loss occur between the PSU and the SSD?
No no lol, there is still a ton of things to go wrong, the OS could crash, causing loss of power to the SSD, the power Supply malfunction causing the SSD to lose power, the machine could shut down due to being unplugged by mistake, a UPS only helps of the power goes out, there are still many many other things that can go wrong.