Switching to ZFS

guardian

Since my pfSense installation is so critical I am very conservative with any changes/updating. Given the advantages of ZFS Boot environments for rolling back unsuccessful updates (etc.), I am again considering upgrading to ZFS. Now that ZFS has been around for about 2 years, I'm hoping that I can get some good feedback from the community. I am again considering switching from UFS to ZFS.

Given the following hardware configuration is upgrading to ZFS likely to work well,or am I better off to stick with UFS? The firewall is a home installation connected to a 500Mbps cable connection I get about 480Mbps after tuning to minimize buffer bloat, and score A+ for all categories on DSL Reports.

Here is my hardware configuration and resource info during the DSL reports speed test.

Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: No

MBUF Usage
5% (12150/244966)
Temperature
50.0°C
Load average
0.71, 0.38, 0.27
CPU usage
24%
Memory usage
23% of 3958 MiB
SWAP usage
0% of 8191 MiB
Disk usage:
/
6% of 101GiB - ufs
/var/run
5% of 3.4MiB - ufs in RAM

Installed Packages
arping
Backup
Cron
darkstat
iftop
iperf
mailreport
nmap
Notes
nut
openvpn-client-export
pfBlockerNG
RRD_Summary
softflowd
Status_Traffic_Totals
stunnel
sudo
syslog-ng

This is a follow up to my earlier post.
https://forum.netgate.com/topic/126487/guidance-regarding-switching-to-zfs-update-on-user-experience-good-bad

signalz

In my experience, ZFS is a little faster to update and upgrade, and RAM usage is a little higher. In your case, I don't think you will see performance problems as all those plugins are not produce much system load. However, I don't think there is much benefit to using ZFS at this time. There isn't anything in the UI to report on or configure it.

chpalmer

@guardian said in Switching to ZFS:

Since my pfSense installation is so critical

If this is so then anybody worth their weight in salt would recommend that you have a standby unit pre-configured and ready to be deployed at the very least. Or a hot standby in place such as you get with a "Carp" setup.

Something to think about. :)

But back on subject.. I trust ZFS a little more myself. We have had to go onsite after a power failure to rebuild a router file system a couple of times using UFS but not since switching everyone over to ZFS.

Could be coincidental but its enough for me.

guardian

@chpalmer

@chpalmer said in Switching to ZFS:

@guardian said in Switching to ZFS:

Since my pfSense installation is so critical

If this is so then anybody worth their weight in salt would recommend that you have a standby unit pre-configured and ready to be deployed at the very least. Or a hot standby in place such as you get with a "Carp" setup.

Something to think about. :)

Agreed... it's a home setup, and economics rules here.... it would be very painful!

But back on subject.. I trust ZFS a little more myself. We have had to go onsite after a power failure to rebuild a router file system a couple of times using UFS but not since switching everyone over to ZFS.

Could be coincidental but its enough for me.

Good feedback, thanks... I have been using ZFS for several years... on FreeNAS, and lately on my linux box (I thought it had to be better than MDADM Raind), and so far have been very happy.... However both of those machines have a ton of memory and are much faster than a J1900.

guardian

@signalz said in Switching to ZFS:

In my experience, ZFS is a little faster to update and upgrade, and RAM usage is a little higher. In your case, I don't think you will see performance problems as all those plugins are not produce much system load. However, I don't think there is much benefit to using ZFS at this time. There isn't anything in the UI to report on or configure it.

Thanks for that... I use ZFS on FreeNAS, so I have no problem logging in via SSH to check on something. My main reason for being interested in ZFS is to be able to roll back if an upgrade goes bad.

I'm eventually hoping to graduate to Snort or Suricata, but haven't had the time to scale the massive learning curve to configure it. I had Snort running but it really wasn't doing much except filling log files at the time.

Anyone using Snort/Suricata with ZFS on a "smallish machine like a J1900?