On 21/09/11 16:38, Jim Pingle wrote:
On 9/21/2011 10:06 AM, David Brown wrote:
OK, I'll have a look at that. If I get a redundant setup with CARP
working then there is not the same need for raid - the whole router can
be switched out. But it is still nice to have, and makes recovery and
rebuilding much easier.
True on both counts, though if your backup hardware is
comparable/identical it's even more true. If your backup hardware is not
as powerful and you would be putting it under a load it maybe can't
handle for long periods, then raid would still be important, but not
critical.
I think the backup hardware will be fine with the load, though
potentially a little slower. One of the reasons I am looking at this is
that the Linux system died a few weeks ago when the SAS controller card
failed (ironically, when I bought the system, the only reason I got a
SAS drive was because the salesman convinced me it was more reliable...
now I always insist on ordinary SATA drives using software raid).
Until I got it back up again, we were running with a small wireless
router (Linksys WRT54GL) with a modified Linux distribution (OpenWRT).
It was slow, especially for OpenVPN traffic, but it worked. But that is
why I am so keen on a redundant solution this time!
The hardware doesn't have to be the same, but the number of assigned
NICs and the order in which they were assigned must be the same.
OK. My current hardware has 2 motherboard GBit NICs and a 4x100Mb card
- when I buy a new system, it will probably be a little newer and be all
GBit NICs (and faster processor, etc.). This would then be the primary
system. It is absolutely fine that a switchover to the secondary system
means a loss in speed of the links, as long as the links all work!
Yeah that should be fine. There are some people who fail over from large
systems to a little ALIX so they can squeak by until the main unit gets
repaired. Saves on power, but depending on the kind of load involved it
may not be possible/ideal.
I am (as yet) very unfamiliar with FreeBSD. But as far as I can see,
the names of the interfaces is dependent on the drivers, unlike Linux
(which typically calls them eth0, eth1, etc., regardless of the
drivers). In Linux, you can use the "udev" rules to set specific names
for the devices based on the MAC address of the port - that keeps them
consistent even if you swap cards around to different ports. Can I do
something similar with pfSense so that the NIC names are consistent even
though the two routers have different hardware?
There isn't a way to tie it down by MAC address, but the idea has been
tossed around before.
When you assign a card in pfSense it goes with a specific name (em0,
em1, vr0, vr1, etc) but if the cards are swapped around and the ordering
of the drivers changed, the association may not be as expected. If the
type of card changes, it would make you reassign the NICs to accommodate
the change.
I don't expect to swap around cards once they are installed (baring
failure, of course). But one the one system the WAN interface could be
em0, and on the other it could be vr0. It doesn't matter if I have to
figure out the names and set up the NICs when I first install them, but
obviously it's important that when the rules and other configuration are
synced between the machines, they apply to same logical interfaces.
Incidentally, can I assume that FreeBSD will support the NICs on the
motherboard and add-in cards, without having to be too specific about
the types? I am not trying to use anything too esoteric, such as 10 GB
cards or tcp offload engines - just a small Dell or IBM rack server with
a four-port Ethernet card.
Best not to assume anything, the FreeBSD hardware list is out there and
easy to compare against. pfSense 2.0 is based on FreeBSD 8.1-RELEASE,
though the em/igb driver is a bit newer than the one shipped with that
so if you have Intel cards it may be supported even if not on the list.
Only real way to know is to try.
If you are using multi-port NICs, especially if you decide to use amd64,
you'll probably want to employ some of the tweaks listed here:
http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards
Since my current router hardware is Dell, and the motherboard interfaces
are Broadcom, I'll keep that in mind!
These issues seem to imply that the amd64 version has more potential
problems than the 386 version. Would you recommend that I use the 386
version? Unless the new hardware I get has more than 4G memory, I don't
suppose there is much advantage in using the 64-bit version.
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
