pfSense on Netgate hardware and power outages
-
My experience has been that pfSense running on Netgate hardware does not like power outages, and 8 out of 10 times, will not recover from one. I know I can use a UPS, but that's just an added cost. Is there a reason consumer grade routers don't seem to have this problem recovering from power loss while pfSense can't handle it?
-
@bhjitsense It uses the ufs filesystem by default which is known to be iffy with sudden power loss. If this is a regular occurrence where you are and you don't want to get a UPS then perhaps you could get a fresh install image from Netgate, reinstall and select ZFS as the filesystem instead of UFS.
-
@kom Good to know! Are there drawbacks to using the ZFS file system?
-
@bhjitsense said in pfSense on Netgate hardware and power outages:
I know I can use a UPS, but that's just an added cost
That comes with many benefits as well.. You don't have your PC on a ups already that you could leverage?
Nothing with a actual disk that writes data be it hdd, ssd or even eMMC likes sudden power outages because could be in the middle of writing data to the disk when power is lost..
Its quite possible with UPS and your network devices you could maintain internet during an outage.. My networking gear, modem, pfsense, switches and AP are all on ups.. When I do loose power - as long as its say only 20-30 minutes I can maintain internet access without power.. Its rare where I am at to have an outage that lasts anywhere near that long.. When they do happen they seem to be short blips of only a few minutes.
While zfs is better equipped to handle power loss - my understanding is from more frequent syncs of data to the disk than what say UFS does.. It is no guarantee that you could still not have issues after an abrupt loss of power.
The best solution is to get a UPS.. And setup your equipment that is susceptible to data corruption on abrupt loss of power to properly shutdown before the battery on the UPS would run out. You can set this up with pfsense use of nut package available for pfsense.
It doesn't have to be a real expensive ups.. All comes down to your power requirements of what you would connect to it, how much run time on battery you would want to be able to have under whatever load your equipment would be using.. Devices like modem, switch, ap and pfsense on low power device (not some old pc sucking 150W idle) Do not require much at all and should be able to have somewhat extended battery run time. If I shut down my PC during an outage which is on the same ups as my networking gear - I could prob get well over an hour of run time.. if not longer..
-
@johnpoz This is a setup I'm designing for a friend's small real estate agent office. My related issue to it crashing is here. They are on a tight budget and am planning on installing it this weekend. I don't want to go to them and ask for an additional $80 because of an oversight I made if I can avoid it. I may just eat the cost anyhow.
-
And the office doesn't have ups for their PCs? That could be more risky then the router not having.. No offense but if just some small office on a tight budget - simple soho wifi router or what comes with the ISP prob good enough, and would be cheaper than any setup of pfsense. Even if your time is free..
Unless you are setting up an office with network segments, real AP for wifi, etc. What would justify cost of pfsense, yet not ups for pc and networking gear in the office?
-
@johnpoz They all use laptops. They need 3 separate networks (main, training, guest) which wouldn't work with a consumer-grade router. They bought a new Linksys router thinking that would solve their issue ($400) so that was my budget. I told them to return the Linksys router. I quoted them the price for the 1100, and a Unifi switch and AP.
-
@bhjitsense Put a UPS on the router, switch, AP & modem (depending on office layout, one UPS might be able to power them all) and the staff could conceivably keep working through a local power outage.
-
Here is my 2 cents. The cost of ups would pay for itself on just 1 power blip where you would have to go to site and rebuild.. That is money well spent if you ask me.
And exactly @KOM just stated as well. A say $100 ups should be able to run that network for 30 minutes at min.. I would assume the AP your getting is poe based, so all should be easy to power from one ups.
edit: While zfs would be filesystem of choice to "help" in preventing issues from power loss - its not going to be a guaranteed way to prevent. They only way to be reasonably sure you don't have issues due to abrupt power loss is to remove the likely hood of that happening. Which would be a ups with proper shutdown of equipment that is likely to have issues if power is just removed. Switches and AP normally do not have such problem - but box running pfsense for sure could have problem, zfs or not.
edit2: BTW since you mention unifi, assume both switch and AP.. what are you going to do for the controller? AFAIK you would need controller software running on something to setup the vlans you mention. Even if only running for setup (which guess you could run on one of their laptops).. Would prob be best to run it all the time to be able to give you insight into issues that could be diagnosed with info gleaned from the stats and information the controller can provide when running 24/7.. That too should be on ups if your going to run it on site.. Power need of their little clouldkey box or pi is very minor as well.
edit3: Some friendly advice on the side - learned long time ago do not offer help to friends or family unless your willing to take on the extra burden of being their IT support.. Help them do something once, and now whatever goes wrong is what you did ;) Or they feel your there to help them from that moment forward no matter what it is.. This can and quite often does turn into a strain on your time, and if not being compensated for your time can put a strain on the relationship.. Shoot supporting such setups - where they scream budget issues that keep you from doing it correctly or on a shoestring that is bound to fail at some point is quite often not worth the helping a friend thing.. Just some hindsight of things I would for sure have done different when some friends and family have asked for help in the past, and what it can lead too.. I only discuss IT stuff with fellow IT friends now, where there is no chance of becoming their permanent IT support ;) I just can not take on any more "friends/family" IT problems ;) hehehe
And of course helping here and other forums - its on my time, and people here can not call me on a sunday saying hey xyz isn't working - what do you think ;) heheh
-
@bhjitsense said in pfSense on Netgate hardware and power outages:
drawbacks to using the ZFS file system
There is a thread from yesterday discussing higher i/o activity on ZFS.
Can't say we've had an 8/10 rate of file system damage across our clients, at least that is noticeable. But in general across probably 1000 PCs over the years it is possible for anything with a file system to have corruption on power loss. It may be unlikely but it is possible. Windows at least will try to detect that and run chkdsk...not sure if FreeBSD does? At least a tiny UPS is cheaper than a spare router, and apcupsd or nut can have it shut down properly.
-
Depending on what packages you have running you may be able to use ram disks.
I've yet to see a filesystem problem on any device that has ram disks enabled.
You can't really use it with Snort, Suricata or pfBlocker though unless you're very careful with tuning.Steve
