Full Install, Squid, Snort, VPN. SSD vs HDD



  • About to buy the bits to build a mini-itx pfSense box.

    I know pfSense can use an SSD, but is it recommended if I intend to do a full install and utilise squid, snort, vpn? Will the logging kill it in no time? Is there a significant performance boost between SSD and HDD? Currently have HDD added to basket but wondering if I should get a small SSD to save power and heat.



  • How many clients will be on this network?



  • A reasonably sized SSD is going to provide a lot of writes per day and still live for years.

    Samsung, on their global site claim 10GB writes per day which will make the 120GB version last for 28 years. This roughly translates to 100 TBW.



  • @kejianshi:

    How many clients will be on this network?

    Busy home network with about a dozen or so clients ranging from home lab with crashplan and media services, streaming media including sonos, desktops and laptops, tablets and phones etc. Not sure who this compares to a 'commercial' environment.



  • If you run squid fast SSD will make things snappier.  However, if you have a ton of ram, you can also cach alot in ram and even with a HDD should get good results.



  • Hello ak,

    Currently have HDD added to basket but wondering if I should get a
    small SSD to save power and heat.

    I think a small SSD is not a solution in a 24/7 box!
    The SSDs are coming with their own controller chip on the SSD itselfs
    and they are trying to store data even not on the same sectors (blocks)
    by using the wear leveling algorithm, to gaining the entire life time of the
    SSD and they are taking even a part of the entire SSD as cache for the data.

    So if now the SSD is a great model, likes 256 GB, 512 GB or 1TB the wear
    leveling algorithm is able to spread the data on many more free and unused
    sectors as on a smaller one and on top it is able to take more space for caching
    proposals lkies, 64 GB = 4 GB, 128 GB = 8 GB, 256 GB = 16 GB, 512 GB = 32 GB and 1TB = 64 GB
    So you can see the entire lifetime and speed will be gaining on a greater modell from the same series!!



  • I would caution against using any SSD's in this type of setup as SSD's have very fault tolerance. A typical SSD generally cannot tolerate the loss of a sector. If this happens, the entire SSD becomes faulted whereas the standard HD can tolerate as many as 6 bad sectors before the disc becomes unusable. Ultimately what you decide to do is up to you but personally I think that you are wasting effort by putting and SSD in there. If speed is what your after something that boots up in 20 seconds or less and just sits there, then I'd consider a WD black drive which has a 2 core processor; at the most.



  • @kejianshi:

    If you run squid fast SSD will make things snappier.  However, if you have a ton of ram, you can also cach alot in ram and even with a HDD should get good results.

    Sorry to bump this old thread, but i'd like to know what you mean with 'a ton of ram'. I'm building my own box, and i still don't know what kind and how much storage to put into it. I've so far had recommendations ranging from none (well, only a usb thumb drive) to big SSD….
    I think i have a similar home network situation as this OP. Thanks!



  • Sorry to bump this old thread, but i'd like to know what you mean with 'a ton of ram'.

    pfSense as a firewall only ~2 GB
    pfSense & Snort ~4 GB
    pfSense & Snort & Squid ~4 GB - 8 GB

    Squid is able to work in three main modes:
    always:
    The mode always is used to keep all the most recently fetched objects that can fit in the available space. This is the default mode used by Squid.

    disk:
    When the disk mode is set, only the objects which are already cached on a hard disk and have received a HIT (meaning they were requested subsequently after being cached), will be stored in the memory cache.

    network:
    Only the objects which have been fetched from the network (including neighbors) are kept in the memory cache, if the network mode is set.

    The default memory size for cache is around 256 MB and this size can be changed to a higher amount
    and if you now have inserted "a ton of ram" you will be able to high up this memory significantly to speed
    up Squid much more.

    I'm building my own box, and i still don't know what kind and how much storage to put into it.

    As shown above you could go with a HHD for sure, but if you are using Squid as a caching proxy that uses
    the disk it would be much better to go with a SSD, mSATA, SATA-DOM SSD or M.2 SSD for speeding up this
    caching a little bit.

    I've so far had recommendations ranging from none (well, only a usb thumb drive) to big SSD….

    It all depends on which mode Squid is running, likes explained above (always, disk, network)

    You might also be able to fine tune Squid a bit more than only this shown above tips likes the
    objects and documents that should be cached and also the size of them can be set up, to push
    the caching a little bit and shorten the latencies down.

    Back to the statement "a ton of ram" if you have more RAM inside you might be able to tune also more
    things with it. A shorter example with 16 GB of RAM in the pfSense box:

    • You could high up the mbuf size to tune the NICs (if needed or wished)
    • You could also high up the cache_mem size of your squid

    Also getting your hands on fast memory as you can, will be speeding up much things
    in pfSense as an example the packet filter, the IP forwarding parts, and even NAT
    (part of pf, but run at a different phase) all hit the memory system.

    A modern or actual dual or quad core CPU with 2,0GHz - 3,0GHz and DDR3-1600/1866/2133 RAM
    would be in my eyes the best you could do. But this is also pending and related to the installed
    packets running services, used options or enabled features or functions in/on oyur pfSense box.

    If you chose a board that gives you the option to insert a mSATA or M.2 SSD I would go by this one
    over other boards, for low power using and heat preventing but being also fast. A SATA-DOM could
    be a alternative.



  • Thanks for your comprehensive answer BlueKobold. Much appreciated!


Log in to reply