Hardware recomendations for datacenter setup
I’m building a pair of pfSense boxes to replace my old Cisco 1700s in the datacenter. Currently I only have a 10mbit connection but I’ll need to upgrade to 100mbit in the next 6-8 months and don’t want to have to build new routers again then. I don’t do any VPN or NAT, so they just need to do simple routing (not milti-homed) and firewalling for the servers, as well as constant bandwidth monitoring by IP with the BandwidthD package.
I was looking at the Supermicro X7SPA-H (don’t need the KVM-Over-IP functionality of the –HF, saves $20), but I am concerned that the D510 processor might be under-powered once I do the 100mbit upgrade.
Power isn’t a big issue, so would it be better to go with a different CPU type? Maybe a mobile Core 2 Duo or AMD? I think I remember reading that the routing/firewalling part of pfSense doesn’t really benefit from multi-core or HT.
Also, has anyone heard of Giada? I saw their MI-D525 board that has dual LAN on an Atom D525, but seems surprisingly cheap at $110. Has anyone had any experience with them?
That does seem surprisingly cheap but it doesn't look like they've left anything off to get the price down. PCI and mini-pcie slots.
Short answer is, you should have no problem routing/firewalling 100Mb with an D525 Atom. People are getting upwards of 90Mb on the Alix board which is far less powerful.
Love your avatar! :D
Thanks for the info on the 90mbps with ALIX, that definitely makes me feel fine about going with the Atom for the 100mb upgrade. And if I ever need to upgrade to 1gbps, I can afford to build a couple Xeon/Opteron servers for routing. ;-)
The main differences I saw between the boards are that the Giada uses the NM10 embedded chipset instead of Supermicro's 945 chipset, and the Realtek RTL8111D LAN controllers on the Giada instead of the Intel 82574 on the Supermicro. The D525 and D510 are both list at $63/ea in 1K quantities, so that shouldn't affect the price of the board. But that still doesn't seem like it should drop $80 off the price…
I am building two of these so if one fails the other will take over, but I'm still a little uncomfortable testing a company I've never heard of in a datacenter environment, especially as a router.
The Supermicro uses a ICH9R (6 SATA ports with raid capability) whereas the Giada uses the NM10.
The NM10 is a refreshed ICH7 that has AHCI and is bundled with the Pineview processor whereas the ICH9R has to be purchased separately for the Supermicro board. Furthermore, the ICH9R has 6 PCIe lanes compared to 4 lanes on the NM10. Hence, the x4 slot after deducting 2 for the dual-LAN. Intel GBe controller do command a price premium as well compared to the likes of the 8111.
That's where the price premium comes from aside from the branding, R&D & warranty from Supermicro.
That does explain the PCI slot on the Giada: after 1 lane for each LAN and 1 lane for the MiniCard, there'd only be enough for a x1 slot. Although that would have been enough for a 3rd full speed single-port Gigabit controller, but for my purposes I only need the two.
So the price premium doesn't seem so bad considering the hardware inputs for the Giada are significantly cheaper. I'm thinking I might give it a shot. Does the RTL8111D LAN chipset work well with PFSense? All I've tried it on so far is Intel.
I couldn't find RTL8111 on the HCL, anyone know if it is supported?
Edit: I just noticed that one of my Atom test rigs has a RTL8111D chip on it, and the driver says it supports 8168 or 8111 in B, C, CP, D, DP, or E varieties.
Also noticed the Giada MI-D525 has two MiniCard slots, one full-size on the bottom of the board and one half-mini on the top. Would make a pretty decent WiFi AP/Router platform. If only BSD supported N cards (at N speeds anyway, I've got an Intel 6300 running as "WAN" in the aforementioned Atom test rig)
The 8111C and before will be supported on 1.2.3 final. I've personally used this. There is no reason why the 8111D won't be supported either (it's just a 8111C with more power saving features we don't use). The 8111E on the other hand, is a total refresh and might have some issues.
You should be able to use the 8111D without problems. However, you might want to disable hardware TCP/ Receive offloading. It's been known to cause problems in Windows and I would imagine it's worse in *nix.
I've done this in the past with a dual P3 box (only one was used by pfSense at the time) and it would route 10 Mbit with low CPU utilization (5% from memory. )
This time around I went with a netgate appliance. This one, actually: http://store.netgate.com/Netgate-Hamakua-1U-P229C84.aspx
Solid state, rack mount, the Celeron processor has enough oomph to do everything I need to do, and 4 gigabit ports plus the 100 Mbit WAN port give enough flexibility to separate out all my networks without resorting to VLANs. All I can say so far is that it doesn't appear to get hot – I'm still in the process of getting my new colo space up and running and can't give more thoughts than that.
I have no idea how the price compares to building your own, though; with a failover pair the increased reliability one would expect from solid state is less of a benefit as well.