ASUS RS700-E6/RS4

asterix

Just got myself a used ASUS RS700-E6/RS4 with the following config.

2 - Xeon Quad Core 2.93 GHz
24GB DDR3 SDRAM
4 - 1TB hard drives (SAS)
Dual port Intel gigabit NICs, will be adding a PCIe dual gigabit as well
ASUS PIKE64 LSI RAID card
Rails

Got this for about $455. What do you think of the price for this config?

I am planning to get ESXi 5.1 loaded on this get about 4 VMs on it including a NAS VM as I have 4TB of space that I could use. I could downgrade my current ESX 5.1 server from an i5 to an i3 and use it as a dedicated pfSense box.

OR

I could load a VM pfSense on this as well along with my other VMs.

I wanted to have a dedicated pfSense box (don't get me wrong.. I love pfSense on VM) and have a failover in case my primary goes down but I am not sure if I could do CARP with a hardware based and VM instance.

Any suggestions ?

tirsojrp

@asterix:

Got this for about $455. What do you think of the price for this config?

I WANT ONE!!!

asterix

No feedback.. sigh  :(  Lol

jimp

Sounds good to me. You can mix "real" and virtual pfSense for CARP, you just need to make sure to have the proper settings in place on the portgroups for the pfSense VM so it can do promisc/mac changes/forged transmits and such.

asterix

Looks like I need 3 Public IPs for CARP.

Question.. since my internt is as good as my cable modem which is as good as my reliable but not being used Netgear WNDR3700 router, could I just add the Netgear router after the modem to hand out the required IPs that pfSense could use?

jimp

You could, though you'd just be adding another potential single point of failure, and you'd also be subjected to whatever limits the Netgear device may have.

It would work, but it wouldn't be as ideal as having the IPs on pfsense directly. That isn't always possible though, so using a little NAT router (and doing 1:1/"DMZ" to the CARP VIP on that interface) can help in some scenarios. Double NAT is best to be avoided though, where possible.

asterix

Yeah multiple IPs would be ideal but my ISP provides just one dynamic IP. It's technically a static IP as long as my NIC doesnt change.

EDIT:
Do you have any links to folks who have achieved this very config of CARP with a router in between the modem and pfsense?

jimp

In that case, yeah, you'll need some kind of NAT device there. Not pretty, but it would still work. If you could get a cable modem + nat device in a single unit it would at least remove one single point of failure, but those devices aren't necessarily any better from a networking standpoint.

asterix

Yup.. precisely. no matter how stable my CARP is.. if the ISP modem fails I lose my real gateway.