Re: best hardware plattform for openbsd
Hi Claudio, On Fri, 13.10.2006 at 16:00:55 +0200, Claudio Jeker [EMAIL PROTECTED] wrote: Btw. 500kpps traffic as seen on the net is more than 3Gbps. I calculated this number as roughly the upper limit for a 100 MBit/s link. I wanted to make sure that the box doesn't melt down in case someone tries a DDoS against it. In such a case, I'd rather have only decreasing performance than falling off the net eg. because routes don't get out anymore. Best, --Toni++
Re: best hardware plattform for openbsd
On 10/13/06, Toni Mueller [EMAIL PROTECTED] wrote: Thanks for pointing me to bioctl - I was unaware about that - but I don't offhand see how I could eg. collect SMART status on the drives hanging off such a card. IIRC, you cannot collect the SMART status on individual drives. Personally, I don't really mind as I'm not a big fan of SMART. Having seen drives that showed no issues in SMART, right up to the point of dying, is bound to change one's perspective. Since the machines may very well be not in reach, I don't fancy beeping or blinking drive enclosures. I need log entries instead. The logical disk status on ami(4) devices can also be polled through sensorsd(8). Perhaps I should also have mentioned that bit. If you want individual drive statistics, I suppose you would want to parse bioctl(8) output. I also recommend you take a quick look at sensorsd.conf(5). The above works for me, but of course your requirements may be different. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: best hardware plattform for openbsd
On Saturday 14 October 2006 08:28, Rogier Krieger wrote: On 10/13/06, Toni Mueller [EMAIL PROTECTED] wrote: Thanks for pointing me to bioctl - I was unaware about that - but I don't offhand see how I could eg. collect SMART status on the drives hanging off such a card. IIRC, you cannot collect the SMART status on individual drives. Personally, I don't really mind as I'm not a big fan of SMART. Having seen drives that showed no issues in SMART, right up to the point of dying, is bound to change one's perspective. [snip] SMART isn't pefect. I've had a disk go which SMART reported as being fine the day before, so that happens. But I've also seen SMART accurately fortell of problems a couple of time now. While it isn't perfect, it is useful. --STeve Andre'
best hardware plattform for openbsd
Hello, I am trying to find systems that can be used _well_ with OpenBSD. The applications are middle class BGP routers with hopefully more than 500kpps sustained, and web and database servers. With RAID, I'm currently undecided whether I should stick with RAIDframe and be able to use smartmontools on the individual disks, or if I should go for hardware RAID instead and fly blind (or which ways do I have to monitor the health status of disks and RAID in that case w/o disrupting normal operation?). The server stuff is intended to run 24x7 and continuously push several MBit/s using complicated PHP and MySQL dances for each request... If you have suggestions about suitable machines from suitable (clean) vendors, I'm very interested to hear. Unfortunately, the user requires big-name stuff. I'm also very much interested in your opinion about this gear: http://www.movidis.com/index.asp TIA! Best, --Toni++
Re: best hardware plattform for openbsd
On 10/13/06, Toni Mueller [EMAIL PROTECTED] wrote: [...] whether I should stick with RAIDframe [...] or if I should go for hardware RAID instead [...] Personally, I find using hardware RAID a lot easier. You can stick with GENERIC kernels and have fewer problems on installing/upgrading. For me, that's worth the extra cash spent on hardware. [...] and fly blind (or which ways do I have to monitor the health status of disks and RAID [...] w/o disrupting normal operation?). Using bioctl(8), I find that you're far from blind. Stick with the LSI ami(4) or mfi(4) gear or Areca arc(4) cards if you want to use bioctl. IIRC, arc(4) made it to the 4.0 release, but I have yet to try out one of those cards. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: best hardware plattform for openbsd
On Fri, Oct 13, 2006 at 01:07:25PM +0200, Toni Mueller wrote: Hello, I am trying to find systems that can be used _well_ with OpenBSD. The applications are middle class BGP routers with hopefully more than 500kpps sustained, and web and database servers. With RAID, I'm currently undecided whether I should stick with RAIDframe and be able to use smartmontools on the individual disks, or if I should go for hardware RAID instead and fly blind (or which ways do I have to monitor the health status of disks and RAID in that case w/o disrupting normal operation?). The server stuff is intended to run 24x7 and continuously push several MBit/s using complicated PHP and MySQL dances for each request... 500kpps sustained is a crazy amount of packets (especially think about possible peaks). Currently you can fine tune a OpenBSD box to do over 450kpps but there is not much headroom left for peaks. It is better to split the load on two routers that do 250kpps each. Additionally get a fast single CPU i386 (I would use a AMD Opteron in i386 mode) and good network cards. This currently gives you the best bang for the bucks. Btw. 500kpps traffic as seen on the net is more than 3Gbps. -- :wq Claudio
Re: best hardware plattform for openbsd
Hi Claudio, first, I'd like to thank you for your comment. On Fri, 13.10.2006 at 16:00:55 +0200, Claudio Jeker [EMAIL PROTECTED] wrote: 500kpps sustained is a crazy amount of packets (especially think about possible peaks). Currently you can fine tune a OpenBSD box to do over 450kpps but there is not much headroom left for peaks. Well, before specifying that packet rate, I skimmed the performance figures of 7206VXRs which can be made to go up to 2Mpps (using NPE-G2), and this gear is afair rated for a few 100MBit/s. So... when attempting to size such stuff, I wanted to make sure that the box holds up in case of DDoS and (eg.) not crash due to overload. It is better to split the load on two routers that do 250kpps each. Erm, how do I do that on a single line?!? Additionally get a fast single CPU i386 (I would use a AMD Opteron in i386 mode) and good network cards. This currently gives you the best bang for the bucks. Is there anything wrong with using an Opteron chip in amd64 mode? Wrt. network cards, I think I'm looking at bge or sk cards unless you want to suggest something else. Btw. 500kpps traffic as seen on the net is more than 3Gbps. Maybe, but it depends on your traffic characteristic... If it's only web surfing, FTP or email, then I tend to agree. Ok, I relax to 200kpps, but it needs to do a little pf, carp, and a few BGP sessions (full table). Best, --Toni++
Re: best hardware plattform for openbsd
Hello Rogier, On Fri, 13.10.2006 at 13:38:32 +0200, Rogier Krieger [EMAIL PROTECTED] wrote: On 10/13/06, Toni Mueller [EMAIL PROTECTED] wrote: [...] whether I should stick with RAIDframe [...] or if I should go for hardware RAID instead [...] Personally, I find using hardware RAID a lot easier. You can stick with GENERIC kernels and have fewer problems on installing/upgrading. For me, that's worth the extra cash spent on hardware. I already have a stack of GDT controllers lying around, or actually in use. It's not so much a question about money although the feeling that I'm not getting my money's worth in hardware RAID doesn't make me want to spend more on it. Eg. with my GDT cards, I can only reboot into the controller bios to find out what the state of the RAID or the drives is, the latter also only in a limited way, far from the level of detail eg. smartmontools give, and no way near being as non-disruptive as they are. [...] and fly blind (or which ways do I have to monitor the health status of disks and RAID [...] w/o disrupting normal operation?). Using bioctl(8), I find that you're far from blind. Thanks for pointing me to bioctl - I was unaware about that - but I don't offhand see how I could eg. collect SMART status on the drives hanging off such a card. Since the machines may very well be not in reach, I don't fancy beeping or blinking drive enclosures. I need log entries instead. The man page of bioctl doesn't show me any related functionality, only how I could be commanding a card to do something some time later, but w/o any relation to the operating system. I consider that still being blind. In case of using hardware RAID, I'd also like to have something that can diagnose the card, especially, if said card has a fan... Best, --Toni++
Re: best hardware plattform for openbsd
Claudio Jeker wrote: 500kpps sustained is a crazy amount of packets (especially think about possible peaks). Currently you can fine tune a OpenBSD box to do over 450kpps but there is not much headroom left for peaks. [snip] On what hardware is that possible? Can you point to any guides or other forms of documentation? Regards, Martin
Re: best hardware plattform for openbsd
Claudio Jeker wrote: 500kpps sustained is a crazy amount of packets (especially think about possible peaks). Currently you can fine tune a OpenBSD box to do over 450kpps but there is not much headroom left for peaks. It is better to split the load on two routers that do 250kpps each. Additionally get a fast single CPU i386 (I would use a AMD Opteron in i386 mode) and good network cards. This currently gives you the best bang for the bucks. Btw. 500kpps traffic as seen on the net is more than 3Gbps. May be for regular web and ftp, but when VoIP is in use, the packets / sec are a lots higher. Regular VoIP send packets each 10/msec in UDP and the size are really not that big for each, but it sure bring the load higher. That's one of my issue and it's not that easy to deal with specially when QoS obviously need to be put on top and all packets needs to be classify at the edge as well. So, yes 500kpps for what is known as traffic a few years ago was insane, but now, not that much anymore because of the traffic pattern change if I can use that. If you have any inside or truck about it, I would welcome them! (: I am having big issue phasing out the Cisco 7906VXR's gear for OpenBSD router instead. Not to many network cards provide good sustain traffic for small packets and when you add pf in the picture, it's getting pretty hard. Best, Daniel
Re: best hardware plattform for openbsd
On Fri, Oct 13, 2006 at 05:16:05PM +0200, Toni Mueller wrote: Hi Claudio, first, I'd like to thank you for your comment. On Fri, 13.10.2006 at 16:00:55 +0200, Claudio Jeker [EMAIL PROTECTED] wrote: 500kpps sustained is a crazy amount of packets (especially think about possible peaks). Currently you can fine tune a OpenBSD box to do over 450kpps but there is not much headroom left for peaks. Well, before specifying that packet rate, I skimmed the performance figures of 7206VXRs which can be made to go up to 2Mpps (using NPE-G2), and this gear is afair rated for a few 100MBit/s. So... when attempting to size such stuff, I wanted to make sure that the box holds up in case of DDoS and (eg.) not crash due to overload. Cisco can do 2Mpps on the G2 only in some cases (e.g. you only use the gigabit interfaces and no acls) but honestly the NPE-G2 is currently out of reach for any of BSDs. It is better to split the load on two routers that do 250kpps each. Erm, how do I do that on a single line?!? You can't. Additionally get a fast single CPU i386 (I would use a AMD Opteron in i386 mode) and good network cards. This currently gives you the best bang for the bucks. Is there anything wrong with using an Opteron chip in amd64 mode? Yes. There is a amd64 specific bug hidden somewhere deep down in lowcore that caused my box to saturate at 80kpps instead of 480kpps. I tested it about one year ago but I don't think the situation changed dramatically. Wrt. network cards, I think I'm looking at bge or sk cards unless you want to suggest something else. I tested em(4) and bge(4) both did fine. I was not able to test sk(4) or msk(4) (I don't own such cards). Btw. 500kpps traffic as seen on the net is more than 3Gbps. Maybe, but it depends on your traffic characteristic... If it's only web surfing, FTP or email, then I tend to agree. Ok, I relax to 200kpps, but it needs to do a little pf, carp, and a few BGP sessions (full table). You need to test it your self. That's why you have a testlab to gauge your systems. Especially the impact of pf(4) depends on the ruleset, carp and bgpd should not matter. -- :wq Claudio
