Try to build a small datacenter

  • Hello,
    I decided to build a small datacenter for about 150 servers. I would like to know what hardware do you recommend. I Will buy whole subnet (256 ips). How to configure this in pfsense 2.0. I'm a noob about pfsense. This is my first time to use it. Is better to buy Cisco or pfsense.

    If you have any better advice please tell me.

    Thank you and advance.


  • The first question is "what are you doing?"  Are you really planning on putting up 150 1U servers (call that 5 racks of space), or are you going to virtualize the servers and get by with a half-rack?

    How much traffic do you expect to push?  If you don't know, can you at least tell us what kind of data you're hosting?  Is this simple web sites, video streams, boxes that just run computations, or boxes that people will be backing their home computers to?

  • @lumparija:

    Thank you for replay.
    How to route a whole C Class on pfsense.

    You can use bridge or a /29 on your wan and our /24 at lan.

    My suggestion is to Use two x64 with at least 4g ram to setup pfsense with carp and failover.

  • The hardware is fine.
    Choose gigabit interfaces and Take a look at for bridge.
    Basicaly you will create wan,lan and then join both on a bridge.

  • Also do some searching on pfSense using SSD. Take a look at some of the posts, etc. I'm not sure if that issue has been resolved but at one time there was major issues with pfSense and SSD.

    You can do a lot with a few of the above systems. Why would you want to waste the electricity and space running a bunch of 1U machines when 9U (3 of the above) can do some pretty amazing things. I cut my electric bill by 65% by consolidating down from about 20U to one of those 3U units. I have more processing power, more storage space and a lower power bill (and a lighter wallet). Just my .02

    Are you actually going to run this inside a datacenter or is this an office type situation? What kind of internet do you have coming in? Do you have any idea of the bandwidth you will be using? Will you be using VPNs? Intel Pro 1000 PT dual/quad are decent affordable NICs - Others may have different opinions though.

  • Sorry but I'm still thinking your needs description is vague.  Also, I agree with the previous poster about virtualizing your setup.  :)

    With that said, the things I think you should probably keep in mind are these:

    • pfSense is quite full-featured.  I don't know that you'll find many enterprise-level features available on commercial firewalls that aren't available here.

    • You can buy "appliances" to run pfSense, like the Netgate Hamakua.  No worries with the failure of moving components like fans or hard drives, though one of my pair needed a motherboard replacement.

    • No extra charge for failover capabilities.  Set up two, configure them properly, and if the primary fails the secondary takes over, mostly with no notice to users who were connected at the time.

    • The "weakness" of pfSense, if you want to phrase it that way, is its PC-based platform.  The Hamakua listed above tops out at ~ 250 Mbit/second according to an administrator here, which is more than enough for most of us.  An appropriate box can do well over a gigabit / second of sustained transfer judging from the posts here (possibly a full ten gigabits, but it's hard to find people running the sort of site that requires that – the biggest report I've seen is ~ 4 gb/s sustained), but the limitations at that point start to be related to the way PC hardware interfaces with network cards.  Of course, at that point you're talking about $250,000 dedicated routers as competition, so the performance is quite good for the 99.999% of the hosting/Internet world that doesn't require better performance.

    • It's worth getting the book.  It's not updated for 2.0, but the thinking behind the procedures for setting up failover and VPNs is worth reading if you're going to do it.  Besides, buying the book supports the developers.

    I'm a SonicWALL certified security whatever (don't laugh – 12 years ago it was a very solid choice for my clients).  I've used SonicWALL most of that time, and have been using pfSense on-and-off for the last 6 years or so.

    I've got a SonicWALL device that's trusted and more than enough for my needs, but when I swapped datacenters earlier this year I went with pfSense.  Failover, Snort capabilities, better reporting, the community here, and the lack of the nickel-and-dime attitude that most commercial firewall vendors have were the issues that made the difference to me.  Overall pfSense just does exactly what it's supposed to do, as you'd expect from any enterprise-level firewall product, and I've had no real surprises.

    I can't think of any reasons not to recommend it.

  • Yes you can do that but what you describe has nothing to do with a datacenter.

    Do you want your pfsense boxes to be racked? I can't stress enough how you should look into some of the super micro solutions for both mini/microcloud and they make a great 2U quad node box with dual PSU.

    I'm not sure why you need 500Meg circuit but the setup you describe is very common, basic and easy to configure. I run a similar setup at home except all copper and 100 primary with 50/15 as backup line.

    It seems like you have the hardware. I'd suggest trying an install and playing around with it.

    Do you have any cross-network bandwidth (LAN) bandwidth issues or is it all WAN I/O? If you build a test box you may find that the copper NICs are easier to mess with at first but ymmv.

  • hi,

    I try to install pfsense on server and I have a problem with bridge. My configurations are: Wan, Lan, OPT1 bridge on wan.

    But I don't have connection with internet. From pfsense I can ping to My firewall rules: any permission to OPT1 and wan.

    I don't know what to do.

    Please Help.


  • If you use different networks on lan and wan, you do not need bridge.

  • I use lan for configure pfsense.  I want to bridge wan and opt1 that I can use public ips.



  • Why not just assign your Opt1 as static and then 1:1 NAT your public IP to it?

Log in to reply