PfSense on Dell R710
-
It should run like a scalded ape on an R710. Unless you are caching, hard drive speed is pretty much irrelevant. Even if you are caching it is pretty much irrelevant.
I have never had any issues with the broadcom drivers. They seem fine. In fact, a few years ago, pfSense sold some used Dells. Can't remember the model but pretty sure they had bce NICs. Have personal experience running on some old IBM 1Us with zero issues. bce NICs there too.
Nothing wrong with a drive mirror for an install such as this. Though on that hardware you would be a candidate to try leaving the controller in JBOD and running a ZFS mirror if you put 8GB+ into it.
Install it and try it. Don't cost nothin'.
-
Never heard of pfSense requiring constant maintenance, this is matured stuff, and friendlier to work with than I had expected, compared to CLI-only Cisco stuff I used to work with. Go4rit.
-
It should run like a scalded ape on an R710. Unless you are caching, hard drive speed is pretty much irrelevant. Even if you are caching it is pretty much irrelevant.
Excellent! Good to know as the drives I have laying around - while SAS - aren't exactly fast. They were mainly used for file server/media storage duties. Big? yes. Fast? Not so much.
I have never had any issues with the broadcom drivers. They seem fine. In fact, a few years ago, pfSense sold some used Dells. Can't remember the model but pretty sure they had bce NICs. Have personal experience running on some old IBM 1Us with zero issues. bce NICs there too.
Nothing wrong with a drive mirror for an install such as this. Though on that hardware you would be a candidate to try leaving the controller in JBOD and running a ZFS mirror if you put 8GB+ into it.
Install it and try it. Don't cost nothin'.
Good news on the Broadcom hardware.
I am not that familiar with BSD/Linux/Alternative OS so I have quite a bit of a learning curve ahead of me. So please excuse my newbie questions.
I am assuming ZFS refers to the file system / volume manager that runs on these OS? Also assuming it is capable of software raid? Is using ZFS software raid superior to hardware raid? The Dell PERC H700 is a pretty good piece of hardware and fast. 512MB on board cache, etc. Using this controller, if the primary HD fails it will automatically switch to the mirror. Then a replacement drive can be hot-swapped and the controller will automatically mirror the remaining good drive to the replacement.
Edit: Another thought just occurred to me. One of the extra machines I have has a single E5504 processor in it with 6gb of RAM. Very basic server. While these processors do not support AES-NI, do I really need it? The only VPN stuff I will be doing is occasional remote user stuff when I am out and about with my laptop. Otherwise it will basically be used at a UTM device. From what I read though, it looks like AES-NI will be required for future versions of pfSense. Do I understand that correctly?
-
AES-NI is required in future versions indeed. pfSense requires no maintenance except the occasional pain-free security update (just subscribe to the security alerts and you'll get a message when one comes out - not often).
-
Most of the Dell raid controllers will not present the disks unless they are in an array, making them fairly useless for zfs.
You shouldn't have any trouble just creating a mirror with the bios utility and installing on that.
As for AES-NI, I'd guess the processors in a 710 would be modern enough to have it. If not, it's not a showstopper. -
@johnkeates:
AES-NI is required in future versions indeed. pfSense requires no maintenance except the occasional pain-free security update (just subscribe to the security alerts and you'll get a message when one comes out - not often).
Good deal. That's exactly what I need.
Most of the Dell raid controllers will not present the disks unless they are in an array, making them fairly useless for zfs.
You shouldn't have any trouble just creating a mirror with the bios utility and installing on that.
As for AES-NI, I'd guess the processors in a 710 would be modern enough to have it. If not, it's not a showstopper.The drives attached to a PERC controller don't need to be assigned to an array in order to be available to the OS. But yes it's simple enough to set up a mirrored array. It has a little speed penalty but since HDD speed is not important for pfSense that doesn't matter. I was actually thinking of using one of the older PERC 6i controllers I have. They can only do up to SATA-II but as stated previously in this thread the should be plenty fast enough.
Speaking of ZFS. When installing pfSense would that by my preferred file system over UFS? I don't know enough about it to make an informed decision on what to use. From what I have read ZFS seems to be more robust and easier to recover from errors? Not sure if I have that right.
The Dell R710 servers have 2 generations. Generation 1 were available in lower spec with E55xx series Xeon processors. These do not support AES-NI. But, the gen 1 machines are capable of supporting all of the X56xx series processors that have TDP of 95w. None of the 6 core 130w TDP X56xx processors were supported unless you have a Gen 2 R710.
Again, thanks for the info! Please keep it coming, I appreciate it.
-
I have an R710, with X5670's in it, which support AES-NI. But I wanted a separate machine for pfSense so I can play with my server and not affect the internet/network. So I opted for a R210 II, it has an Xeon E3-1230 V2, and 8GB RAM. It's a lot smaller and quieter than the R710 (which is very noisy to have in the house), plus the power consumption is much lower. It has dual gigabit NICs, no RAID controller as such so drives are direct to the OS (I'm using Windows Server 2016, running pfSense under Hyper-V). I've only had it about a week but it's an awesome little machine and pretty cheap. I have a 128GB SSD and 1TB HDD in there. pfSense and Cache are on the SSD, I just use the 1TB drive as an additional backup for some stuff.
-
I have an R710, with X5670's in it, which support AES-NI. But I wanted a separate machine for pfSense so I can play with my server and not affect the internet/network. So I opted for a R210 II, it has an Xeon E3-1230 V2, and 8GB RAM. It's a lot smaller and quieter than the R710 (which is very noisy to have in the house), plus the power consumption is much lower. It has dual gigabit NICs, no RAID controller as such so drives are direct to the OS (I'm using Windows Server 2016, running pfSense under Hyper-V). I've only had it about a week but it's an awesome little machine and pretty cheap. I have a 128GB SSD and 1TB HDD in there. pfSense and Cache are on the SSD, I just use the 1TB drive as an additional backup for some stuff.
That sounds like a nice little box….
The idea to use the R710 is simply because I have extras that are currently going unused. My server rack is behind me and to my ears, it's relatively quiet. Besides, it helps drown out the noise of the household. :D
If you think the R710 is loud you should hear the 1950s and 2950s I used to have in the rack. Now THAT was loud! :D
I've decided to use the machine with the X5667s in it.
So basically the hardware specs will look like this:
X5667 x 2
24GB RAM (I can always cut this in half if I need the ram somewhere else since even 12GB is way overkill)
PERC 6i
Seagate 300GB 15K SAS-II drives x 2 (These are overkill too, but it turns out they are the smallest drives I have laying around. Thought I had some slower/smaller drives but I don't)
And all the built in hardware that is included with a R710. BCE embedded NICs x 4, etc.The only thing I am waiting on to build this machine is hard drive caddies. I am out of them so had to order some from eBay.
Since this machine will be so utterly overpowered for this application, I'm sure pfSense will run effortlessly even at gigabit WAN speeds.
The only thing I am a little unsure about at this point is whether to use ZFS or UFS and I am not sure how to set up a remote VPN for when I am out and about with my laptop and need to access my home network. OpenVPN?
-
The R210 II is definitely a cracking little box, I am very pleased with it!
The R710 isn't too bad I guess, it was a little noisy while I had it inside the house as it was in an enclosed space.
I've heard those old machines are very noisy and power hungry! I was swayed away from them when looking for my first server.
Sounds like a goon plan though, it should run very well. I've seen people running gigabit connections on very low power hardware with no issues.
-
The drives attached to a PERC controller don't need to be assigned to an array in order to be available to the OS. But yes it's simple enough to set up a mirrored array. It has a little speed penalty but since HDD speed is not important for pfSense that doesn't matter. I was actually thinking of using one of the older PERC 6i controllers I have. They can only do up to SATA-II but as stated previously in this thread the should be plenty fast enough.
It will still work alright just setup two RAID0 vdevs and be sure to set them to write through and no read ahead. Its not ideal but your not running a file server with 20+ drives constantly being abused. I'm not sure if pfSense includes the mfip driver at boot but that will still provide some smart data.
Speaking of ZFS. When installing pfSense would that by my preferred file system over UFS? I don't know enough about it to make an informed decision on what to use. From what I have read ZFS seems to be more robust and easier to recover from errors? Not sure if I have that right.
ZFS all the way. There are so many reasons to use ZFS over the old UFS setup.