Lanner Devices/Real World FeedBack Needed
-
Just looking to see if anyone has used these Lanner servers for PF 1.2.3 (or 2.0)
If so, any gotchas?
How are you using the device? (network size and packages)
Dealing with Lanner for support/Sales?
Other feedback?
any info would be helpfulas far as memory and cpu, that will vary per client, but we will mostly use a 40GB Intel SSD
Models we are looking at….
FW-7522B
http://www.lannerinc.com/Network_Security/FW-7522FW-7560C
FW-7560C: 1U network appliance, Intel 915GME chipset, 1FE + 4 GbE ports (RJ45 x5)
http://www.lannerinc.com/network_application_platforms/x86_network_appliance/FW-7560FW-7580
http://www.lannerinc.com/FW-7580thanks in advance!
-
I have a 7520 and a 7522. They have been great pfSense devices. There is a bug related to the NIC driver in 1.2.3 that can cause problems. I ran into when I used VLANs and bridging, but I never narrowed it down to what triggers it.
I've been using 2.0 on them for a few months now. You'll want to enable powerd, but first you need to load the cpufreq kernel module and change kern.timecounter to i8259 instead of TSC. If you don't do that, the box will run hot since it will stay at 1Ghz constantly. There is also a quirk with the bootloader. The embedded image set the bootloader to use a serial console. That isn't necessary with these boxes (the BIOS does console redirection to the serial port for you) and causes the boot to hang. After writing the embedded image to a disk, you need to mount it on another FreeBSD system and rewrite the bootloader (fdisk -B /dev/<disk>).
In terms of performance, it can handle ~130Mbps between 2 wired networks with fairly basic firewall rules. I am using all of the gigabit ports (some with VLANs) to tie together under 15 machines. It can certainly handle more, but you will run out of CPU if you try to do much more than 130Mbps.</disk>
-
Oh, one other note. The 7522 is resold by Netgate. Lanner typically operates as an OEM. They will gladly sell you a single unit, but they aren't particularly good about providing BIOS updates, etc. They intend for you to buy the hardware from them, build your firmware and software, and sell the resulting product. Netgate buy from Lanner, loads pfSense, and sells to end users.
-
If you want something with more power than your first two Lanner options (like an Atom), go for something by Hacom. They include options with Intel NIC's as well.
-
Been using the Lanner 7530 device with 6 intel gig-e nics (although desktop chipsets) and it has been great…
-
You'll want to enable powerd, but first you need to load the cpufreq kernel module and change kern.timecounter to i8259 instead of TSC. If you don't do that, the box will run hot since it will stay at 1Ghz constantly.
I am interested in how you found this out? My Atom Lanner box is running quite warm and when I load powerd, it does throttling and not actually scaling of the frequency so it still uses the same power…
In my dmesg, I see I have i8254 timer. Do you think you can provide more information on what to change?
-
I am interested in how you found this out?
+1
Is this is something that is universally a good idea, we should get the devs to make it a permanent change.
-
You'll want to enable powerd, but first you need to load the cpufreq kernel module and change kern.timecounter to i8259 instead of TSC. If you don't do that, the box will run hot since it will stay at 1Ghz constantly.
I am interested in how you found this out? My Atom Lanner box is running quite warm and when I load powerd, it does throttling and not actually scaling of the frequency so it still uses the same power…
In my dmesg, I see I have i8254 timer. Do you think you can provide more information on what to change?
I started investigating with 1.2.3. My FW7520 was getting quite warm to the touch and I suspected throttling was enabled. I saw powerd wasn't running, so I manually ran it once to see what was going on. It reported that there were no cpu throttling devices available. Some searching on google revealed that I needed to load the cpufreq.ko module for that device to appear. Of course, manually running kldload only helps for the current boot. You need to modify /boot/loader.conf and add 'cpufreq_load="YES"' to the end to make it load on boot.
Running powerd manually again, it spewed messages about not being able to change the cpu frequency since the timecounter was set to TSC. My last job involved writing performance analysis tools, so I knew the issues related to using the TSC as a timecounter. For those curious, the TSC in Intel chips has been inconsistent about whether it follows maximum CPU frequency or current frequency. If it tracks the current frequency, it can't reliably be used as a timecounter since the amount of time per tick will be constantly changing. Thus, powerd refuses to change the CPU frequency when the TSC is being used as the timecounter. On the 7520, the only other option is i8254 which is less precise (the timer runs at a slower rate), but it is consistent regardless of CPU frequency. The timecounter settings are handled via sysctl. kern.timecounter.choice shows all the available choices and their "quality" (really preference values). kern.timecounter.hardware is the current used device. To switch to using i8254, run 'sysctl kern.timecounter.hardware=i8254' in the shell.
After all that, powerd would run manually. With 2.0, powerd can be turned on via the GUI, but it won't run without cpufreq being loaded. You also need to change the timecounter for it to actually change the CPU frequency.
As to whether the devs should make this change as part of the released images, it depends. Loading cpufreq is harmless on platforms that don't require it, so that should always be enabled. Changing the timecounter has some other implications and isn't necessary on all platforms. AMD systems don't suffer from the TSC problems that Intel systems do, so using TSC is fine and it has better resolution than i8254. Instead, the timecounter options should probably be in the sysctl's listed in the advanced config and it could be mentioned in the description of powerd, however.
-
I added a ticket to see if this can be accommodated:
http://redmine.pfsense.org/issues/704
I would say that we only need to load cpufreq.ko when powerd is enabled. It's not a good practice to load it when it isn't needed. It may not hurt anything, but it does take up additional resources.
-
I have a pair of these.
http://www.lannerinc.com/Network_Application_Platforms/x86_Network_Appliance/1U_Network_Appliances/FW-7872
I'm short on space so the half-rack size lets me get two boxes for CARP in 1U.
-
Thanks for the feedback!
So it looks like all around the devices are good for PF?
jasonlitka,
What size networks are you using these for?
Any packages?also can you share how much you paid for the device?
thanks!! -
I have a pair of these.
http://www.lannerinc.com/Network_Application_Platforms/x86_Network_Appliance/1U_Network_Appliances/FW-7872
I'm short on space so the half-rack size lets me get two boxes for CARP in 1U.
Those look nice, what kind of price tag is on those?
-
I committed a fix on 2.0 where if you're running nanobsd and enable powerd, cpufreq.ko will be loaded. It's built into the full install kernels, but it is not present in the embedded kernel(s).
-
jasonlitka,
What size networks are you using these for?
Any packages?My systems have Core 2 Duo T7400 processors, 4GB of RAM, and 8GB Transcend SLC Compact Flash cards running the full install of pfSense.
The only constant-run packages I have installed are snort & vnstat.
The boxes are configured with EM0 as LAN, EM1 as WAN1, EM2 as WAN2, and EM3 as SYNC. There's two vLANs on the LAN interface as well, one for a filtering box I've got (SmoothWall Guardian), and one for wireless clients that I segregate from the rest of my network.
WAN1 is a full DS3, WAN2 is a 3.0/768 DSL line that is used for backup connectivity. I've got a total of about 120 people on the LAN side spread across 6 Class C networks (routed by a L3 Dell 6248, not by pfSense).
The system is sold in two versions, one with a rackmount kit for a bit under $800 and a second without it for ~$575. If you are buying a pair you only need one with the rackmount kit. The CPUs were about $225 each, the RAM $80, and the CF card about $70.
The setup isn't cheap but I've had 100% uptime with these, something I can't say about any other network hardware I've installed (pfSense or otherwise).
-
It's probably worth mentioning that the pfSense boxes actually need to handle far more than 45Mbit/s to max out my DS3 as all web traffic from clients is directed back out from pfSense to my filter on that vLAN, before heading back to pfSense and out the pipe.
I also forgot to mention that I use IPSec for connections to a remote warehouse and to my home.
-
So enabling powerd, ensuring cpufreq is loaded and setting timerhardware to i8254 still does not allow the Lanner 7530 ATOM device to scale down the frequency. I am monitoring AC power draw and it is constant at 19W.
It was a good try but no cigar.
-
Look at the output of this from a shell prompt (don't use the webgui as it draws some CPU to render and will probably raise the CPU frequency to check)
sysctl dev.cpu.0.freq
sysctl dev.cpu.0.freq_levels
On my via router, I see:
dev.cpu.0.freq: 248 dev.cpu.0.freq_levels: 995/-1 870/-1 746/-1 621/-1 497/-1 373/-1 248/-1 124/-1
So I can tell it's running at a lower CPU speed, but whether or not that translates to less power draw from the PSU, I don't know.
-
Yeah, i see it operating at lower levels but power draw is constant so that seems to defeat the purpose right? It is doing artificial throttling in the CPU in that case.
-
Or the CPU is not what is drawing those 19W, but the other system components.