Pfsense installation on a softraid-1?



  • Is there a way, to perform a pfsense installation on a softraid-1?

    You surely want your firewall machine to be secure and safe, and I'm used to use a softraid-1 whenever possible, so that when one harddrive dies, your machine is still up and running.

    I know how do do such an installation for Gentoo Linux, but I am a total newbie concerning FreeBSD.



  • Not supported.



  • There has been a discussion at the mailinglist concerning that feature and all developers as well as some users agreed that softraid won't be implemented. However someone posted a solution how to install it. Keep in mind that there won't be support for a "homebrew" version of pfsense running on softraid but if you are keen enough to try search the mailinglist archives (locations can be found at http://pfsense.com/index.php?id=21 ).



  • Just tried to search the mailinglist archives, but the searchterms "raid" and "softraid" did not bring up any useable results.

    I'm struggling with the idea of having a full install on a softraid-1, or keeping it simple with running from cdrom + floppy without any harddisk (this would also terminate the need for apcupsd support). The problem is, it is a pretty good idea to have a transparent squid, but if not run on the firewall (= gateway) machine, you need to route the web-traffic through another machine (running squid) as well, which unnecessarily complicated the network topology (I am not a network expert, I'm just trying to improve our SOHO LAN).





  • Just as personal rule of thumb, don't use software mirroring unless you absolutely have to. If you need raid then stick in a pci raid controller, we are using a fastrax 100 without any problems with pfsense.

    It's kinda like thinking I can use vmware to host an application server. Can it do it? Yes. Can it do it well? No, performance is horrible.

    Basically if your worried about raid spend the money and get a controller for it OR use two systems in a carp setup as they would be completely fail-over ready.



  • I can tell you from experience that software raid works on built in SIS SATA raid controllers in mirror mode. You just install to AR0 instead of the other devices and it works just fine. Just don't accidentally install boot blocks to the JBOD drives otherwise you'll slaughter your mirror.


  • LAYER 8 Moderator

    raid controller, we are using a fastrax 100

    Just a little sidenote: The Fasttrack 100 (or any other of that series) is not a real hardware raid controller like e.g. 3ware, ICP or Intel. I would recommend (if we talk about hardware raid), to use something real like a small 3ware controller. The Fasttrak is a "software-on-chip" cheap solution, that in a few cases cause more trouble than you want to have () :)



  • You can get 3ware 8k series 2 channel ide hardware raid controllers for ~150-170 US now if you want a cheap hardware raid. Otherwise get an Areca (for PCI-Express) or 3ware 9550 II for PCI-X hardware raid. You can run the 3ware controllers on a 32-bit pci slot but it's a waste of performance to do so in most cases unless you're just mirroring 2 drives.



  • I using a Mini-ITX board that has hardware RAID 0,1 and uses 3 GbLAN + 1 LAN and leaving me a free PCI slot.  Will check for you if pfSense works well on it using RAID.

    Martin



  • Another side note is that of course vinum is a nightmare to administer.  I have tried to be happy with it on a few occassions, and given the changeover from vinum to gvinum has had some serious growing pains, I must concur that hardware raid is the way to go.  Just use a controller that FreeBSD supports, set up the raid, then install onto the array.

    If I might bring up a tangent, anyone know of a good array that has controls and status from within FreeBSD?  IE, I can check the status of the array, make changes, etc, without having to take the system down and go into the controller's bios?



  • @Grey:

    raid controller, we are using a fastrax 100

    Just a little sidenote: The Fasttrack 100 (or any other of that series) is not a real hardware raid controller like e.g. 3ware, ICP or Intel. I would recommend (if we talk about hardware raid), to use something real like a small 3ware controller. The Fasttrak is a "software-on-chip" cheap solution, that in a few cases cause more trouble than you want to have () :)

    We were using a fasttrack in the lab enviroment, in production we don't have the $$$ for 3ware but use dell perc cards as they tend to work decently.



  • Login to freenode /  ##pfsense and try that new image, it has raid 1 support



  • Pretty cool, I have pfSense running on a softraid-1 now.  :)

    Is there any possibility to let pfSense inform me my email, if one of the two discs should fail?

    My guess would be a cron-script checking the status of gmirror, and using smtp to send an email in case of a failure. Unfortunately I am not a programmer, and I have no clue, if this can be managed easily.

    Anybody a clue?



  • I would guess its possible but I have not looked into it.  Let me know if you figure it out and we can include it.



  • @Grey:

    The Fasttrak is a "software-on-chip" cheap solution, that in a few cases cause more trouble than you want to have () :)

    Of course it's a cheap solution, but it does exactly what you want: it lets you OS see a 'hardware' RAID volume so you don't have to mess with software RAID.
    You can't expect great performance offcouse(because it has no onboard CPU/memory), but RAID 1 isn't CPU intensive and PfSense isn't I/O intensive.
    I'm using these cards in a lot of Linux/BSD servers for a storage/backup volume, and never had problems.

    Ontopic:
    Supported software-RAID would be great.
    Running an important Firewall/router on a single IDE disk always gives me the creeps. :)



  • @ZGamer:

    Just as personal rule of thumb, don't use software mirroring unless you absolutely have to. If you need raid then stick in a pci raid controller, we are using a fastrax 100 without any problems with pfsense.

    It's kinda like thinking I can use vmware to host an application server. Can it do it? Yes. Can it do it well? No, performance is horrible.

    Basically if your worried about raid spend the money and get a controller for it OR use two systems in a carp setup as they would be completely fail-over ready.

    I thought the same way you did, until I actually researched both hardware and software raid:

    http://www.google.com/search?hl=en&q=linux+software+vs+hardware+raid

    I went through several pages, and the general consensus is that software raid is a much better solution than most people realize.



  • @hoba:

    There has been a discussion at the mailinglist concerning that feature and all developers as well as some users agreed that softraid won't be implemented. However someone posted a solution how to install it. Keep in mind that there won't be support for a "homebrew" version of pfsense running on softraid but if you are keen enough to try search the mailinglist archives (locations can be found at http://pfsense.com/index.php?id=21 ).

    Hello,

    I made a PfSense PC with RAID 1. In fact, before there was installed a FreeBSD 6.2 and there is 2x4gb hard drive IDE Seagate and I created a RAID 1 soft with Gmirror when I installed FreeBSD.
    When I installed Pfsense with the ISO (while the installer ask you to choose your partition ad0 of destination), it detected automaticaly the RAID I created with FreeBSD (/dev/mirror/gm0).
    So if you don't have a solution yet, you can make it work by creating a soft RAID with FreeBSD before installing PfSense. It takes a lit more time but after it works very great.

    See you

    Mike



  • Hi all

    I installed pfsense on gmirror devices (/dev/gm0) and I noticed that every time that I do a reboot the mirror do a rebuild (at boot time).
    After some minutes the mirror is again complete and the pfsense is fully working.

    Any idea ?

    thanks

    Giacomo


Log in to reply