How did i do? ALIX2D3-2D13 kit install



  • i purchased this kit and did a pfsense install on it, today.  overall, it was a simple process, but i would like some feedback on others that know more about pfsense or have done a similar install.

    i purchased the ALIX2D3-2D13 kit and i had my own cf to usb card reader, usb to serial adapter, and used a laptop running windows 7 to get pfsense onto the CF card.

    • pfSense-2.0.2-RELEASE-4g-i386-nanobsd-20121207-1630

    • Win32 Disk Imager

    • i also read some posts on here and some pfsense docs

    1. did i select the proper image?  is the 1g, 2g, 3g, 4g matched up to the size of the cf card?  since i normally grab the live CD and install to a hard drive in the computer, i am not too familiar with 1g, 2g, 3g, etc…options.  i went with 4g because i had a 4gb cf card.

    2. i know it isn't recommended, but could i have downloaded the live CD and installed that onto the cf card?

    3. i was able to set everything up, serial into the pfsense box for the initial configuration and then use the webgui to finalize the install, however, the interface does seem a bit slow compared to a more powerful computer (which is to be expected) but very tolerable.

    thanks.



  • 1. YES and YES.
    2. NO. (If I recall correctly, the Live CD assumes the computer has a video adapter.)



  • @wallabybob:

    1. YES and YES.
    2. NO. (If I recall correctly, the Live CD assumes the computer has a video adapter.)

    thanks.

    for number 2, i mainly ask because i read that some people 'wanted to do a full install' so i assumed they grabbed the live cd version.

    i did read that you need the serial version and not the vga version if your alix board doesnt have vga out, so you might be right, which means i have no clue what some of the others were talking about.  not all posts i read were from this site, but everything i followed was from this site or the docs on this site.

    even though this alix kit will probably work fine in this location, i feel that i am already limited.  meaning, if i wanted to implement a package later on that might help/improve the network (from the admin side) i might not be able to go forward with it.  time will tell, i guess.



  • The nanoBSD version of pfSense deliberately limits the opportunities for writing t the system disk in order to get better life from devices with a limited number of write cycles (e.g. cheap flash memory intended for phones, cameras, MP3 players etc). The "full version" gives "full write freedom" to the system drive. Many packages can be installed on both version BUT some capabilities of some packages (e.g. web cacheing of squid) are incompatible with the nanoBSD version.



  • @wallabybob:

    The nanoBSD version of pfSense deliberately limits the opportunities for writing t the system disk in order to get better life from devices with a limited number of write cycles (e.g. cheap flash memory intended for phones, cameras, MP3 players etc). The "full version" gives "full write freedom" to the system drive. Many packages can be installed on both version BUT some capabilities of some packages (e.g. web cacheing of squid) are incompatible with the nanoBSD version.

    what happens when it can no longer read write? just stop working?

    what image would i have needed to get full write freedom?



  • what happens when it can no longer read write? just stop working?

    When the boot from the CF card is finished, the partitions (FreeBSD system and the config partition) are mounted read-only. /var/ and /tmp are memory disks that get setup during boot and hold all the files that need to be messed with regularly at run-time. The CF card partitions only get mounted read-write when you change things (make config changes, install packages…), so there is very little writing to the CF card. It should not break!
    You can do all the usual real-time stuff with nanoBsd - filter, route, VPN, add packages like Squid+SquidGuard or DansGuardian to get proxy+content filtering...
    The limitation is when you want to preserve information across boots, or for posterity - e.g. you can't cache with Squid, have to send syslog off-system to a syslog server, firewall logs... would have to be copied somewhere else if you want to keep them.

    what image would i have needed to get full write freedom?

    I suppose it might be possible to install another image onto a CF card (as if it was an ordinary hard disk), but you won't want to do that. The CF cards really do "wear out" after some (reasonably large) amount of writing.



  • @phil.davis:

    what happens when it can no longer read write? just stop working?

    When the boot from the CF card is finished, the partitions (FreeBSD system and the config partition) are mounted read-only. /var/ and /tmp are memory disks that get setup during boot and hold all the files that need to be messed with regularly at run-time. The CF card partitions only get mounted read-write when you change things (make config changes, install packages…), so there is very little writing to the CF card. It should not break!
    You can do all the usual real-time stuff with nanoBsd - filter, route, VPN, add packages like Squid+SquidGuard or DansGuardian to get proxy+content filtering...
    The limitation is when you want to preserve information across boots, or for posterity - e.g. you can't cache with Squid, have to send syslog off-system to a syslog server, firewall logs... would have to be copied somewhere else if you want to keep them.

    what image would i have needed to get full write freedom?

    I suppose it might be possible to install another image onto a CF card (as if it was an ordinary hard disk), but you won't want to do that. The CF cards really do "wear out" after some (reasonably large) amount of writing.

    ok thanks.  as long as i did the 'normal/proper' setup/install that is all i really needed to know.

    i suppose it might be worth it to spend a little bit more money and install it on a small PC and have the full install on there, but that depends on the budget and needs of the network.



  • A 4GB card may last a while, depending on what you're doing.  An aggressive Squid cache may wear it out in a few months, but an otherwise vanilla install may last a while, depending on the wear leveling capabilities of the CF card.  Those wear leveling capabilities, though, rarely are disclosed well, so who knows.

    (Video issues aside, for your case) You could probably get away with installing a standard install to a fairly large CF card, like 32GB or larger, and have it last quite a while, especially if you set the partitions smaller than the full size of the disk, to maximize whatever wear leveling it can do.  At that point, though, you may have grown out of that hardware anyway and start requiring something with more RAM, at which point you'd likely get SATA ports so you can put in a modern SSD.



  • @matguy:

    A 4GB card may last a while, depending on what you're doing.  An aggressive Squid cache may wear it out in a few months, but an otherwise vanilla install may last a while, depending on the wear leveling capabilities of the CF card.  Those wear leveling capabilities, though, rarely are disclosed well, so who knows.

    (Video issues aside, for your case) You could probably get away with installing a standard install to a fairly large CF card, like 32GB or larger, and have it last quite a while, especially if you set the partitions smaller than the full size of the disk, to maximize whatever wear leveling it can do.  At that point, though, you may have grown out of that hardware anyway and start requiring something with more RAM, at which point you'd likely get SATA ports so you can put in a modern SSD.

    i dont plan on adding anything to it, so hopefully it lasts for a while.

    what happens when the card goes?  does the internet stop working and pfsense web gui is no longer accessible?

    it has a 4gb card that came with the alix kit.

    thanks.



  • @tomdlgns:

    i dont plan on adding anything to it, so hopefully it lasts for a while.

    what happens when the card goes?  does the internet stop working and pfsense web gui is no longer accessible?

    it has a 4gb card that came with the alix kit.

    thanks.

    I'm curious about this as well.  I'm not all that familiar with the ALIX boards so please forgive my newbiness.  Is there a way to configure an external hard drive rather than using an integral CF card?  Seems kind of counterproductive to use a CF card if it's got such a finite lifespan.



  • @captain_video:

    @tomdlgns:

    i dont plan on adding anything to it, so hopefully it lasts for a while.

    what happens when the card goes?  does the internet stop working and pfsense web gui is no longer accessible?

    it has a 4gb card that came with the alix kit.

    thanks.

    I'm curious about this as well.  I'm not all that familiar with the ALIX boards so please forgive my newbiness.  Is there a way to configure an external hard drive rather than using an integral CF card?  Seems kind of counterproductive to use a CF card if it's got such a finite lifespan.

    there are two usb ports on the unit, i am wondering if you could use a usb drive, but you would have to be able to get into the bios of the ALIX board and tell it to boot from usb?  not sure what the bios options are.



  • @captain_video:

    Seems kind of counterproductive to use a CF card if it's got such a finite lifespan.

    Lifespan of CF cards is highly dependent on what you do to them. Consumer grade MLC CF cards are typically rated for many fewer write cycles than "industrial" SLC CF cards. You should get a life of years out of a consumer grade CF card with nanoBSD pfSense and "normal" use.

    If I recall correctly, some Alix boards have a connector for a notebook IDE drive. But notebook IDE drives won't necessarily last a long time either. Some years ago a company I worked for ran into trouble with notebook IDE drives in firewalls failing after only a few months. The drives were not rated for 24x7 operation but for "typical" notebook operation (a few hours a day).

    USB flash drives also have a limited number of write cycles, just like the CF cards discussed.

    But lets get a bit more specific in this discussion. What sort of things do you want to do on the Alix that has fuelled this concern about number of write cycles?



  • @wallabybob:

    But lets get a bit more specific in this discussion. What sort of things do you want to do on the Alix that has fuelled this concern about number of write cycles?

    It's not so much what I want to do with it but rather the discussions in the previous posts that arroused my curiosity.  If a CF card will last a long time under normal use then I'm not that concerned.  I'm totally new to the world of pfSense so it's unlikely that I'd be doing anything that would require heavy read/write cycles to the CF card if I just set it up with the default settings and leave it alone, which is basically what I'm doing now.  I built a pfSense router about a month ago and it's been working great.  However, the notion of a box with a smaller footprint with the same capability has caught my interest, so I'm just feeling out the various possibilities.  I've still got a lot of catching up to do with regards to networking functions and pfSense.  I don't even know what most of the options in the web gui are for or what they can do for me.



  • @tomdlgns:

    3. i was able to set everything up, serial into the pfsense box for the initial configuration and then use the webgui to finalize the install, however, the interface does seem a bit slow compared to a more powerful computer (which is to be expected) but very tolerable.

    thanks.

    The interface is slow IF you don't have access to working dns servers. That's has been the case with all of my pfSense installations. I don't know why this is the issue, but I'm seen this sympthom many time. Interface works just fine after you have working DNS/Gateway etc setups done.



  • @Clouseau:

    @tomdlgns:

    3. i was able to set everything up, serial into the pfsense box for the initial configuration and then use the webgui to finalize the install, however, the interface does seem a bit slow compared to a more powerful computer (which is to be expected) but very tolerable.

    thanks.

    The interface is slow IF you don't have access to working dns servers. That's has been the case with all of my pfSense installations. I don't know why this is the issue, but I'm seen this sympthom many time. Interface works just fine after you have working DNS/Gateway etc setups done.

    the internet and DNS was working, i think it is normal for it to be a few seconds slower.  ok, maybe a few seconds isnt normal.1…....2.......3.....it isnt that slow.  just seems slower compared to my pfsense box at home which has more memory/faster chip.

    i was actually tweaking the system with the alix board over the WAN yesterday and i didnt even notice any delay, maybe i have adjusted or it was just momentary that one day.  overall, i am happy with the alix install.



  • I also have an ALIX2D13 board and am very pleased with the ease of setup and performance. I have to say a very big thanks to all the pfSense developers and supporters on these forums as this makes most things very easy.

    I have also been researching (or trying to) the possibility of having a read/write option. It seems that there are a lot of anecdotal posts but very little detailed and supported information about CF cards, especially the latest types.

    This link http://www.thinkwiki.org/wiki/CompactFlash_boot_drive explains how CF cards are used in some laptops as alternatives to slower HDD - and the problem of short lifetimes apparently is not a concern.  I have also read several other articles that seem to back this up - although the card manufacturers rarely publish comparable data. Yes, there are industrial cards that have longer life than consumer cards - but how long under "regular" use.

    It is certainly true that early SSD drives had a very limited life but newer ones will now invariably outlast the usefulness of the remainder of the hardware used.  Again there is a lot of miss-information around advising steps such as stopping indexing etc to extend the life of an SSD - but I believe these are no longer valid. Whether CF cards follow the same progression as SSD's is unclear - at least to me. It seems the controllers (and the OS/BIOS) used in laptops (PATA and SATA) somehow further "protect" the CF cards used - again I am not sure whether this is different in the ALIX boards.

    Understanding that the life may be less than a regular HDD I would expect (hope?) that a CF card could therefore be used safely for storage - naturally keeping swap and any very intensive write activities in memory. At the very least ensuring key records were stored periodically to survive between power-cycles.  Although in the nano this is already done for the config (and optionally for the RRD and DHCP leases) it would be good to have additional options - especially if using (say) a 32GB card. (I have also run pfSense on an old PC with a 6.4GB hard drive - which was hardly used….)

    As you can tell from my tone I am NOT an expert in this area - just an interested novice.  My ALIX does everything I want of it but I like to experiment. There are many packages that I would like to try that might benefit from write capabilities.

    Now over to the experts:

    1. Has anyone ever actually tried a read/write option on a CF card - if so with what success?
    2. If so - how to overcome the requirement for VGA/Keyboard? (make nano writeable or modify full version?
    3. Is it possible to use USB flash drive on ALIX for read/write storage - or even run a full version from it? (Could simply replace the drive regularly if worried about life?)

    I have read various threads, most of them very old, so I am hoping it is time to think again?

    TIA



    1. Has anyone ever actually tried a read/write option on a CF card - if so with what success?
    2. If so - how to overcome the requirement for VGA/Keyboard? (make nano writeable or modify full version?

    On 2.1-BETA1 there is an option to set the CF card permanently RW - so you can try out destroying the CF card. No need to install a full version.
    With a previous version of bandwidthd that wrote to the CF card on nanobsd, I had 2 systems that had it installed. At that time there were some issues with the systems coming up with the CF card in RW at the end of the boot. The sites concerned didn't realise they were writing to their CF card. bandwidthd updates logs and graphs every 200 secs by default. I ended up replacing 2 CF cards - it was probably after 6 to 12 months running like that? They were ordinary 2GB SanDisk cards.
    Your post talks a lot about SSD - I think modern SSDs are way different to the little 2GB and 4GB CF cards. And I have no idea how much better the "industrial strength" CF cards are, they are certainly more expensive.


  • Netgate Administrator

    @phil.davis:

    On 2.1-BETA1 there is an option to set the CF card permanently RW - so you can try out destroying the CF card.

    It's not the same thing. Even if you use that to permanently mount the card RW, NanoBSD has been designed to have minimal writes to the card. Mounting it as RO was only ever intended to prevent excessive writes from some badly configured package or manually added program.

    Conversely you can now choose to have /tmp and /var as a RAM drive in the full install in 2.1. So you could do a full install and then minimise writes to the card anyway.

    Anecdotally I believe Wallabybob has a full install running on an IDE flash module that has been up for years with no problems (please correct me if I'm wrong about that). There have been people who have killed their CF cards though. This is not just a myth.  ;)

    There are too many variables and unknowns here to make any useful judgement: flash type, flash controller (firmware), manufacturing quality, actual write rate etc. You may have a CF card that has SLC flash and a good memory controller that does ware levelling correctly but how can you ever know. It is better to assume your card is low end and minimise writes. IMHO.

    Steve



  • @stephenw10:

    Anecdotally I believe Wallabybob has a full install running on an IDE flash module that has been up for years with no problems (please correct me if I'm wrong about that).

    Correct. My main (full install) pfSense box has been running 4 years now on a Transcend 1GB IDE flash module which plugs into the IDE socket on the motherboard. There are similar modules that plug into notebook IDE connectors such as seen on some Alix boards.

    @hackin8:

    There are many packages that I would like to try that might benefit from write capabilities.

    Some packages might produce a lot of paging/swapping on the ALIX (due to its "limited" memory) and that could get the write cycle count up very quickly. My pfSense also has "only" 256MB RAM, I have only two packages installed (pfflowd and siproxd) and as far as I can tell, my system doesn't swap. Depending on your taste in packages, a PC might be a better platform for experimentation.

    Again, depending on your taste in packages, a full install on an Alix might be better than the nanoBSD variant since I presume RAM used for memory disks in the nanoBSD variant would be available for programs and hence would help to reduce need to swap.



  • Thanks for the comments - much appreciated.

    Taking this further I would like to experiment with the Alix - would something like http://www.ebay.co.uk/itm/Hitachi-1-8-20GB-HTC426020G7AT00-for-IBM-X40-X41-X41T-/270721045653 be suitable to connect to the 44 pin IDE?  Or a 2.5" if there is space?

    Would installation be as simple as installing the full version on the HDD?  I presume install first on HDD using a PC, then set output to first serial port, swap to Alix, boot up and configure?  As it would be using a HDD would 2.0.1 be ok or would 2.1 be preferred?

    If anyone can point me to any threads / discussions on this topic I would be very grateful.



  • Anyone? :)


  • Netgate Administrator

    Never tried it but I don't see why not. Your description is what I'd try. There must be many, many threads here and elsewhere describing it.
    For example: http://forum.pfsense.org/index.php/topic,29578.0.html

    Steve



  • As always - thanks Steve. Not sure why but I have a problem finding stuff using the search function - pity there isn't a sort-by-date.

    OK - now I start my next project - just waiting for the right 2.5" HDD on Ebay :)


Log in to reply