IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense



  • To start seriously working with pfSense we decide to buy 2 of IBM System x3550 M3 7944 server and play with Redundancy and High Availability in case 2-3 physical uplinks from ISP (each with own physical infrastructure, of course...).

    Could a You be so please in that winter Christmas days spend time and write Your thoughts & make suggestions about pfSense on that servers.

    P.S. for example, are pfSense able to work with Broadcom BCM5709 TCP/IP Offload Engine (TOE) ?
    or
    which inoperability may happened with IMM or ServeRAID and pfSense?

    Technical details about x3550 M3 7944:

    CPU:
    two Intel XeonTM multi-core 5500 or 5600 series

    MEMORY:
    Maximum: 288 GB
    – 48 GB using unbuffered DIMMs (UDIMMs)
    – 288 GB using registered DIMMs (RDIMMs)
    Type: PC3-10600R-999, 800, 1066, and 1333 MHz, ECC, DDR3 registered or unbuffered SDRAM DIMMs.

    ETH ADAPTER:
    Broadcom BCM5709 Gb Ethernet controller with TCP/IP Offload Engine (TOE) and Wake on LAN support
    Four Ethernet ports (two on system board and two additional ports when the optional IBM Dual-Port
    1 Gb Ethernet Daughter Card is installed)

    PCI EXPANSION SLOTS:
    Supports two PCI riser slots:
    • Slot 1 supports low-profile cards (PCI Express Gen2 x16 or PCI-X
    1.0a 64-bit/133 MHz ).
    Slot 2 supports half-length, full-height cards (PCI Express Gen2 x16 or PCI-X 1.0a 64-bit/133 MHz).

    HDD:
    (the model we see on sale right now)
    Up to four 2.5-inch hot-swap SAS/SATA or simple-swap SATA hard disk drive bays (on server models with an optional optical drive bay)

    OTHER:
    Of course, 2 hot-swap 460-675W power supplies for redundancy support, ServeRAID with 0, 1, 5, 6, 10, 50, 5/50, 6/60 and SED devices support, 5 x USB

    Let's to note, separate RJ45 to connect to a systems management network for IMM Remote Monitoring and Management - really cool advantage from IBM.

    Sorry for dumb question, I am newbies in pfSense. Thank You all for Your Christmas time!



  • What internet speeds? vpn speeds? filtering needs?



  • Hi!
    Right now in test labs are 3 x 100 Mbt/s uplinks. After testing and all pfSense tuning - 3 x 1Gb/s, after 6-8 month - 3 x 10 Gb/s

    Yes, we need VPN to remote cloud servers. Primary - audio / video content streaming from facility to cloud servers-broadcasters.

    What exactly You mean by “filtering”?



  • @netblues Because I know that vpn+many rules in filtering+smart bandwidth distributing = huge loading of CPU, we decide that powerful 2-CPU System with a lot of memory on a “built as rock” motherboard are better solution that ordinary hardware solution like Lanner, etc.



  • 1G is one thing, 10G is another. Hardware specified is most probably an overkill for 2-3 1gbit links. 10 g interfaces is another story, since driver compatibility with freebsd is the key factor.
    I don't know what you are planning to do but a number of 10g interfaces do sound like a lot of bandwidth for remote access..
    Do note that pfsense might encounter performance issues after 300-400Mbit of (small packet) rate under circumstances.
    Perhaps you should also have a look at the tnsr netgate offering too.



  • @netblues Sorry, this f####n Aksimet not give me ability to edit topic message, so I wrote here:

    In future we plan to shift to high bandwidth, so we just buy and install addition LAN controller with SPF, like Intel i210/ i354 or even Intel i350.



  • This post is deleted!


  • @netblues said in IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense:

    1G is one thing, 10G is another. Hardware specified is most probably an overkill for 2-3 1gbit links. 10 g interfaces is another story, since driver compatibility with freebsd is the key factor.

    Please see my reply above.
    Absolutely agree with You about “10Gb in another story”. Because of this I post in this forum, not on FreeBSD forum :)
    My searching in FreeBSD's forum according this servers not give me answer about using “as network Appliance”...

    Perhaps you should also have a look at the tnsr netgate offering too.

    I don't know what you are planning to do but a number of 10g interfaces do sound like a lot of bandwidth for remote access..

    Of course, 20-50 Mb/s for remote management & Monitoring would be enough in most cases.

    Do note that pfsense might encounter performance issues after 300-400Mbit of (small packet) rate under circumstances.

    Thank You about this suggestion.

    Perhaps you should also have a look at the tnsr netgate offering too.
    May be on next step, when we have more confidence with pfSense, we doing that. After year or so.



  • @netblues said in IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense:

    1G is one thing, 10G is another. Hardware specified is most probably an overkill for 2-3 1gbit links. 10 g interfaces is another story, since driver compatibility with freebsd is the key factor.

    The igb(4) driver supports Gigabit Ethernet adapters based on the Intel 82575 and 82576 controller chips:
    Intel Single, Dual and Quad Gigabit Ethernet Controller (82580)
    Intel i210 and i211 Gigabit Ethernet Controller
    Intel i350 and i354 Gigabit Ethernet Controller



  • 1g Interfaces are the norm and are widely supported. Moving from 100mbits to multiple 10G for Internet is a lot of bandwidth, comes at a price and certainly server hardware cost is minor, compared to bandwidth cost.
    In any case apart from overkill for 3x100Mbits, looks ok.



  • @netblues said in IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense:

    1g Interfaces are the norm and are widely supported. Moving from 100mbits to multiple 10G for Internet is a lot of bandwidth, comes at a price and certainly server hardware cost is minor, compared to bandwidth cost.

    In Kyiv (Ukraine) the price tag for 10G are shockingly less then in EU at or USA. :)

    In any case apart from overkill for 3x100Mbits, looks ok.

    Thank You. What about cpu/lan adapter in case 10G ?

    And may be some uncompability between pfSense and exactly this equipment?


  • Netgate Administrator

    @Sergei_Shablovsky said in IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense:

    are pfSense able to work with Broadcom BCM5709 TCP/IP Offload Engine (TOE) ?

    Probably not. However that's probably not useful anyway in a router/firewall where packets are mostly forwarded. That only really helps where TCP connections are terminated so in pfSense that's only really if you're running a proxy on the firewall.

    Steve



  • @stephenw10 said in IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense:

    @Sergei_Shablovsky said in IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense:

    are pfSense able to work with Broadcom BCM5709 TCP/IP Offload Engine (TOE) ?

    Probably not. However that's probably not useful anyway in a router/firewall where packets are mostly forwarded. That only really helps where TCP connections are terminated so in pfSense that's only really if you're running a proxy on the firewall.

    Steve

    Thank You Steve!

    According the Broadcom specs (https://www.dell.com/downloads/ca/Dell_TOP_Offload_Engine_White_Paper.pdf)
    TOE model can relieve much of the overhead of processing TCP/IP from the host CPU. TOE allows the operating system to offload all TCP/IP traffic to specialized hardware on the network adapter while leaving TCP/IP control decisions to the host server.

    Is this mean that Broadcom TOE support is more for FreeBSD obligations rather pfSense?


  • Netgate Administrator

    It would be much more beneficial to a server where TCP connections are to or from directly. Be that FreeBSD or any OS.

    Steve



  • This post is deleted!


  • @netblues said in IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense:

    1G is one thing, 10G is another. Hardware specified is most probably an overkill for 2-3 1gbit links. 10 g interfaces is another story, since driver compatibility with freebsd is the key factor.

    Thank You, NetBlues!

    Could You (or someone else with knowledge with) be so please to point on a hardware from the Netgate Store, nearest by characteristics to this IBM 1U size servers ?

    All specs of IBM Servers that we plan to play with are in first message in this thread.

    And about used Broadcom NIC in this Servers are at the end of thread.

    Thank You!


Log in to reply