Run off 64gb USB 3.0 flash drive?



  • Hello,

    I am brand new to the world of pfsense, and am super excited to setup my firewall.
    I just ordered all the parts to a server that I am building that will run Hyper-V with Server 2012, CentOS, and PFsense.
    I ordered a 250gb SSD for my VMs and thought that it would help speed up my pfsense VM.

    It has come to my attention, though, that this may cause my SSD to have a very short life.
    Would it be possible to run my VM off of a 64gb USB 3.0 flash drive? Would this be any better or worse than running it off of a HDD?
    I spent a lot on my SSD and want it to last a long time.

    My server is going to be running a Xeon 1275v3 with 16gb RAM. Overkill for only pfsense, but I am going to be running other VMs as well.



  • SSD will be fine! You can even enable trim with some light fiddling! You would need to rewrite the whole entirety of the SSD way way way too many times before you saw any problems. Pfsense is just going to be writing some logs. For example my original Intel X25-m 80GB drive has had 11.21 TB written to it and it is still at 90%+ health :)



  • You can always run read only from flash by using a nanoBSD image.


  • Netgate Administrator

    Anything you may have read about running pfSense from a VM (much of which was exaggerated IMHO) applies only to running bare metal. It's possible to set up your drives for direct access through the VM host but it sounds like you want to run multiple VMs so that won't be possible. You may be able to do it with a separate USB drive though. Your hyperviser has to be able to pass direct access to the USB drive to the VM. You probably want to run Nano on that so you wouldn't need anything larger then 2GB. 
    Really you should be looking at the best SSD setup for Hyper-V because that will be actually controlling the disk access.

    Steve



  • In vmware esxi , you can add extra "datastores" on diferent devices.

    I guess hyper-v can do that too , simply add the usb drive to hyper-v as a extra device and use it to hold the virtual image for pfsense.


  • Netgate Administrator

    You don't want to do that because it still presents a virtual drive to pfSense and leaves the hypervisor to not kill the drive with writes.
    You want to use something like Raw Device Mapping. I don't know if you can do that with a USB drive though.  :-\

    Steve



  • @stephenw10:

    You don't want to do that because it still presents a virtual drive to pfSense and leaves the hypervisor to not kill the drive with writes.
    You want to use something like Raw Device Mapping. I don't know if you can do that with a USB drive though.  :-\

    Steve

    The worry is the hypervisor going to destroy the SSD? Why?


  • Netgate Administrator

    It's not that it will but rather it may, I haven't researched it. Have you read the SSD thread here in which there are many claims that pfSense somehow destroys SSDs faster than anything else? Personally I think most of it is massively exaggerated. There were some early small SSD (8GB) that seemed ideal for pfSense that people used and they died. It turned out they had bad firmware that could self destruct at any moment but the reputation was built, people became paranoid. It is true though that flash of all types have limited write cycles and that you can tune the OS to limit those writes. If you're running pfSense from a flash drive (USB or CF) then I would suggest you need to running the Nano variant to avoid excessive disk writes.
    If you put a hypervisor in between pfSense and the flash drive you have no way of knowing how the drive is being handled.
    Of course the opposite could also be true. The hypervisor could be better at handling flash drives, it might present a standard HD to the VM while infact handling most stuff in RAM and only writing to the drive when necessary.

    The point is pfSense has a special version for flash drives. The Hypervisor - I have no idea.

    Steve



  • About the write/read actions on the cf/usb memory you can see that in the hypervisor , i can confirm for citrix xen server and esxi , you have graphs that will show your activity on the device.


Log in to reply