Should I upgrade or fresh install?



  • I currently am running pfSense 2.0-RC2(i386) version in a VMware environment.  I would like to upgrade to the latest version of 2.0.1 release amd64.  Here are my choices:

    1.  I can just run the update process on my existing 2.0-RC2 and have it upgrade me to the latest on the i386 version.  If doing this upgrade is known to cause any problems that I should be aware of, please let me know.

    2.  I can do a fresh install of the latest version of 2.0.1-RELEASE-amd64 onto a new VMware VM.  I then can take a backup of all the settings on my existing FW and restore them to the new FW.  I have then setup my VMware network connections, and I am thinking that this process should work.  Has anyone gone through this and has experienced success of failures.  I would like to know what I can expect.

    My thought is that the amd64 version is going to perform better then the i386 version.  Are my assumptions correct?  Thoughts??

    Thank you for your help on this.

    Rick



  • hello …

    1. I would upgrade to 2.0.1 release i386.
    2. You can certainly backup, perform a new install of 64bit and then restore. This is the accepted way to upgrade to 64bit, afaik. Just make sure that you remove any extra packages before you upgrade, then re-install them one you have converted.

    You can upgrade to 64 bit if you like, but if you don't have more than 4GB, 64bit won't make much difference. It should perform just as well either way. From some of my earlier tests, 64bit was a bit slower.

    Either way, good luck.



  • For upgrading from i386 to amd64, you're best off doing a fresh install and restoring the config, switching architectures isn't officially supported. It does generally work fine though aside from not being able to reboot at the end of the upgrade because you can't run the 64 bit binaries on the 32 bit kernel, and your RRD graphs will be broken and have to be manually removed. Also make sure to uninstall open-vm-tools first if you're using it, and reinstall after the upgrade.

    There is no performance diff between 32 and 64 bit. Unless you need > 4 GB RAM, no need for 64 bit.



  • amd64 version has many sysctl and memory options better defined then i386.

    If you need any heavy package like squid,varnish,squidguard,postfix,mailscanner it's better to start with amd64.

    Few examples:

    • php memory limit in amd64 is 256Mb and on i386 is only 128.

    • Varnish is designed for 64bits



  • php mem limit doesn't usually affect performance aside from loading the web interface a little quicker … like .000001 millisecs faster.

    If you are going to run squid, squidguard, snort, varnish, and havp, then you will need 64bit also to handle the memory requirements.

    Just to put 64bit just to run routing and firewalling is a bit of an overkill and it basically unnecessary, aside from the coolness factor.

    I would use it, but it just doesn't seem to be as stable as 32bit.



  • @podilarius:

    I would use it, but it just doesn't seem to be as stable as 32bit.

    This has proven true with certain hardware and drivers. At the OS level, certain hardware just doesn't work as reliably on 64 bit. Though all our hosting servers run FreeBSD 64 bit with no issues and have for years (this forum is running on a jail on one), and there are a lot of people running 64 bit firewalls with no issue.



  • @cmb:

    This has proven true with certain hardware and drivers. At the OS level, certain hardware just doesn't work as reliably on 64 bit.

    Then I have had bad luck in hitting 2 or 3 of the certain hardware combos. Since I don't need more than 2GB of memory for what I am doing, it just made sense to stay stable with 32bit. This will probably change and when it does, I will research the most stable 64bit platform.

    I have had 64bit linux running on the same hardware without any problems. I know that is comparing apple to oranges, but the reality is that the BSD is usually behind on the drivers. This usually will make it unstable on newer hardware. IMO. This also makes is more secure as well. If you pick the right HW, I am sure you can make it just as stable. With time FreeBSD will stabalize on 64bit. Then we just have to worry about 128bit. :)

    Just saying …



  • @podilarius:

    Then I have had bad luck in hitting 2 or 3 of the certain hardware combos. Since I don't need more than 2GB of memory for what I am doing, it just made sense to stay stable with 32bit. This will probably change and when it does, I will research the most stable 64bit platform.

    I think it comes down to 64 bit isn't nearly as widely used and hence tested at this point as 32, even on 64 bit hardware. Even with Linux, Ubuntu for instance still lists 32 bit as the "recommended" version (I'm not sure why, but I suspect the same reason we're talking about here). Not much different from our experiences here, where bugs specific to our code base rather than the OS on 64 bit (only ones that come to mind are 2-3 bugs within PHP itself) took some time for people to encounter and report, where that would have happened far sooner for 32. That's a bit different for us though, where probably a vast majority of the hardware people use on their firewalls is either old, or low powered, and isn't 64 bit.

    As 64 bit FreeBSD becomes the most widely used version, which it will with time, that'll improve greatly.



  • For sure … I hope to get back to 64bit when 2.1 comes around. I am hoping that FreeBSD 9 improves on 64bit stability. ( I think it will as part of that time progression thing).


Locked