Re: Long life on SSD in a firewall environment

[Kenneth Gober]

On Tue, Jun 21, 2016 at 10:47 AM, Gregory Edigarov  wrote:
> well, but why not just settup syslogd to fan logs out to some other server?

the reason I don't do that is because the sites where I have such firewalls
deployed don't have any other servers.  I don't want to ship logs over VPN
links because those links are not particularly fast.

at my 'main' site the firewall is a bigger box with a bigger disk and
I don't use
MFS for /var/log there.  if I were doing so I would certainly consider having
syslogd forward logs elsewhere because in general it's a good practice.

-ken

Re: Long life on SSD in a firewall environment

[Eric Furman]

On Tue, Jun 21, 2016, at 10:47 AM, Gregory Edigarov wrote:
> On 21.06.16 16:55, Kenneth Gober wrote:
> > On Sun, Jun 19, 2016 at 5:56 AM, Sjöholm Per-Olov  wrote:
> >> Does anyone know if there exist any list of recommendations about how to
> > make
> >> an SSD disk to live as long as possible when using it for firewall
purpose
> > on
> >> OpenBSD?
> > I don't know of a list, aside from what you find in this thread and
similar
> > threads on this list from the past.
> >
> > My own first recommendation is not to worry about it.
> >
> > My second recommendation is: if you must worry about it, change as little
> > as possible.  you don't want to make updates difficult due to excessive
> > customization.
> >
> > I am running OpenBSD 5.9 on an Internet-facing router, on Soekris
hardware
> > with
> > 4GB mSATA SSD storage.  My only concern about SSD durability relates to
> > /var/log and the potential for Internet traffic to cause constant writes
> > there.
> > So I have made minimal changes to guard against that:

> >
> well, but why not just settup syslogd to fan logs out to some other
> server?
>

+1 this plan. IMHO logs should always be kept locally and separately
on a centralized log server. You are much more likely to retain complete
logs if the first one is compromised. Why keep logs locally if you are
logging them remotely? Because if the box is compromised the attacker
will see local logs and be less inclined to look for more logs
elsewhere.
(true, he would have to be a lazy attacker, but still...)

But what we really need to do is STOP THIS STUPID MEME THAT
SSD'S ARE UNRELIABLE.
All disks should be looked at as unreliable and you make plans from
there.

Re: Long life on SSD in a firewall environment

[lists]

Tue, 21 Jun 2016 11:28:43 -0400 "trondd" 
> On Tue, June 21, 2016 11:24 am, trondd wrote:
> > On Sun, June 19, 2016 5:56 am, Sjöholm Per-Olov wrote:
> >> Hi
> >>
> >> Does anyone know if there exist any list of recommendations about how to
> >> make
> >> an SSD disk to live as long as possible when using it for firewall
> >> purpose
> >> on
> >> OpenBSD?
> >
> > Since a firewall doesn't need much disk space and it's easier and more
> > cost effective to buy slightly larger SSDs than try to find a tiny one,
> >
> Sorry, fat fingered the wrong buttons...
>
> To continue...
>
> I only partitioned about 2/3 of the drive in order to leave a large chunk
> of guaranteed free space to let the load leveling do it's job.
>
> No maintenace hassle of read-only partitions or ram disks.
>
> Tim.

Yes, hassle free and will probably last longer than the main board
electrolyte caps.  Even if the SSD is the consumer class device, it
will last that way, if it's not filled up to the limit.  No worries.
The inexpensive USB flash drives can last for years, let alone SSDs.
Time to reconf such systems is more than the time to earn the costs.
Given you're not thinking many many machines, and one time set up :)

Re: Long life on SSD in a firewall environment

[trondd]

On Tue, June 21, 2016 11:24 am, trondd wrote:
> On Sun, June 19, 2016 5:56 am, Sjöholm Per-Olov wrote:
>> Hi
>>
>> Does anyone know if there exist any list of recommendations about how to
>> make
>> an SSD disk to live as long as possible when using it for firewall
>> purpose
>> on
>> OpenBSD?
>
> Since a firewall doesn't need much disk space and it's easier and more
> cost effective to buy slightly larger SSDs than try to find a tiny one,
>
Sorry, fat fingered the wrong buttons...

To continue...

I only partitioned about 2/3 of the drive in order to leave a large chunk
of guaranteed free space to let the load leveling do it's job.

No maintenace hassle of read-only partitions or ram disks.

Tim.

Re: Long life on SSD in a firewall environment

[lists]

Tue, 21 Jun 2016 17:47:22 +0300 Gregory Edigarov 

> well, but why not just settup syslogd to fan logs out to some other server?

Best pick for logging (local+remote), maybe not applicable to larger
caches (proxies), or other software you may want to add to the gate.
Yet, this moves the question of longevity to that other system.  If,
that uses SSD.  Plus it may be the only 24/7 system in the location.

Re: Long life on SSD in a firewall environment

[trondd]

On Sun, June 19, 2016 5:56 am, Sjöholm Per-Olov wrote:
> Hi
>
> Does anyone know if there exist any list of recommendations about how to
> make
> an SSD disk to live as long as possible when using it for firewall purpose
> on
> OpenBSD?

Since a firewall doesn't need much disk space and it's easier and more
cost effective to buy slightly larger SSDs than try to find a tiny one,

Re: Long life on SSD in a firewall environment

[Gregory Edigarov]

On 21.06.16 16:55, Kenneth Gober wrote:

On Sun, Jun 19, 2016 at 5:56 AM, Sjöholm Per-Olov  wrote:

Does anyone know if there exist any list of recommendations about how to

make

an SSD disk to live as long as possible when using it for firewall purpose

on

OpenBSD?

I don't know of a list, aside from what you find in this thread and similar
threads on this list from the past.

My own first recommendation is not to worry about it.

My second recommendation is: if you must worry about it, change as little
as possible.  you don't want to make updates difficult due to excessive
customization.

I am running OpenBSD 5.9 on an Internet-facing router, on Soekris hardware
with
4GB mSATA SSD storage.  My only concern about SSD durability relates to
/var/log and the potential for Internet traffic to cause constant writes
there.
So I have made minimal changes to guard against that:

DO NOT MAKE THESE CHANGES ON YOUR OWN SYSTEM UNLESS
YOU UNDERSTAND WHAT THEY DO.

1. when installing OpenBSD, put /var/log on its own 128MB partition.

2. after your first boot, convert /var/log to use MFS:
 mkdir -p /mfs/log
 cd /etc
 mv fstab fstab~
 sed -e's|/var/log|/mfs/log|' fstab
 cat >>fstab
 swap /var/log mfs rw,nodev,nosuid,-s=128M,-P=/mfs/log 0 0
 ^D

3. reboot so that the above /etc/fstab changes take effect.

4. configure rsync to periodically checkpoint /var/log to /mfs/log:
 pkg_add rsync
 crontab -e
 (add the following lines)
 #
 # checkpoint log files
 10*/4***/usr/local/bin/rsync -ayH
--delete-after /var/log/ /mfs/log

5. also save /var/log to /mfs/log on shutdown:
 cat >>/etc/rc.shutdown
 /usr/local/bin/rsync -ayH --delete-after /var/log/ /mfs/log
 ^D

I sync /var/log to /mfs/log only every 4 hours because I have reliable power.
If you have unreliable power (or unreliable hardware) or your firewall
crashes
or reboots for unknown reasons you may want to sync more often.  Actually
in that case you probably shouldn't use an MFS /var/log at all.

When I first did this it was more than 2 years ago.  Today SSD storage has
improved enough that this shouldn't be needed (see my first recommendation
above not to worry about it).

-ken


well, but why not just settup syslogd to fan logs out to some other server?

Re: Long life on SSD in a firewall environment

[lists]

Tue, 21 Jun 2016 09:55:47 -0400 Kenneth Gober 
> On Sun, Jun 19, 2016 at 5:56 AM, Sjöholm Per-Olov  wrote:
> > Does anyone know if there exist any list of recommendations about how to
> make
> > an SSD disk to live as long as possible when using it for firewall purpose
> on
> > OpenBSD?
>
> I don't know of a list, aside from what you find in this thread and similar
> threads on this list from the past.
>
> My own first recommendation is not to worry about it.
>
> My second recommendation is: if you must worry about it, change as little
> as possible.  you don't want to make updates difficult due to excessive
> customization.
>
> I am running OpenBSD 5.9 on an Internet-facing router, on Soekris hardware
> with
> 4GB mSATA SSD storage.  My only concern about SSD durability relates to
> /var/log and the potential for Internet traffic to cause constant writes
> there.
> So I have made minimal changes to guard against that:
>
> DO NOT MAKE THESE CHANGES ON YOUR OWN SYSTEM UNLESS
> YOU UNDERSTAND WHAT THEY DO.
>
> 1. when installing OpenBSD, put /var/log on its own 128MB partition.
>
> 2. after your first boot, convert /var/log to use MFS:
> mkdir -p /mfs/log
> cd /etc
> mv fstab fstab~
> sed -e's|/var/log|/mfs/log|' fstab
> cat >>fstab
> swap /var/log mfs rw,nodev,nosuid,-s=128M,-P=/mfs/log 0 0
> ^D
>
> 3. reboot so that the above /etc/fstab changes take effect.
>
> 4. configure rsync to periodically checkpoint /var/log to /mfs/log:
> pkg_add rsync
> crontab -e
> (add the following lines)
> #
> # checkpoint log files
> 10*/4***/usr/local/bin/rsync -ayH
> --delete-after /var/log/ /mfs/log
>
> 5. also save /var/log to /mfs/log on shutdown:
> cat >>/etc/rc.shutdown
> /usr/local/bin/rsync -ayH --delete-after /var/log/ /mfs/log
> ^D
>
> I sync /var/log to /mfs/log only every 4 hours because I have reliable
power.
> If you have unreliable power (or unreliable hardware) or your firewall
> crashes
> or reboots for unknown reasons you may want to sync more often.  Actually
> in that case you probably shouldn't use an MFS /var/log at all.
>
> When I first did this it was more than 2 years ago.  Today SSD storage has
> improved enough that this shouldn't be needed (see my first recommendation
> above not to worry about it).
>
> -ken

I like this approach, however in my independent thinking, writing to a
memory file system happens.. too fast (and is trouble working around).

You would wonder how this may be a bad thing, i.e. this is the idea to be
fast right?  And I'll propose a simple example.  Suppose there is a bug or
unexpected behaviour in some software spilling fast writes to a log file.
This does not pass through system log, just plain writes to a file in log
directory you put in memory file system.  It these were real writes to a
disk based file system, no matter cached, buffered etc or not.. it would
be much slower than writes to memory.  They would eventually dump caches
and buffers to real storage medium which is slower and gives you signals
(light, sound depending on your enclosure) and moreover..   enough time.

It is not very difficult to figure you would sometimes want some logs for
your review, and even depend on log availability on the system..  Yet you
found yourself in that situation late, they are blocked because some file
grew very rapidly to fill up the memory file system and the other logs are
not there.  This is just one very minor potential downside to memory based
file systems, but worth adding as a disclaimer.  So, have it in mind,  and
weigh it against the effort to custom tweak the system on each upgrade.

To match the frequency of the upgrades you go through.  On my systems that
run 24/7 this is weekly, on the systems I use direct it is daily.  I can't
imagine working around custom stuff daily, it is out on design stage.  I'm
still backing up the statement that current SSD, like the one queried are
not a concern for longevity based on writes in normal usage including log
writes, the device controller takes care of this very well.  No concern at
all.  Including on temperature design, they fit in the convection of the
entire system.  Just have at least 1 fan blow out heat off the system, or
put it in a rack with fans or a cool location.

What is more important, fast writes to logs, log availability, or your
time setting up and working around custom designs?  Just another view.

Re: Long life on SSD in a firewall environment

[Kenneth Gober]

On Sun, Jun 19, 2016 at 5:56 AM, Sjöholm Per-Olov  wrote:
> Does anyone know if there exist any list of recommendations about how to
make
> an SSD disk to live as long as possible when using it for firewall purpose
on
> OpenBSD?

I don't know of a list, aside from what you find in this thread and similar
threads on this list from the past.

My own first recommendation is not to worry about it.

My second recommendation is: if you must worry about it, change as little
as possible.  you don't want to make updates difficult due to excessive
customization.

I am running OpenBSD 5.9 on an Internet-facing router, on Soekris hardware
with
4GB mSATA SSD storage.  My only concern about SSD durability relates to
/var/log and the potential for Internet traffic to cause constant writes
there.
So I have made minimal changes to guard against that:

DO NOT MAKE THESE CHANGES ON YOUR OWN SYSTEM UNLESS
YOU UNDERSTAND WHAT THEY DO.

1. when installing OpenBSD, put /var/log on its own 128MB partition.

2. after your first boot, convert /var/log to use MFS:
mkdir -p /mfs/log
cd /etc
mv fstab fstab~
sed -e's|/var/log|/mfs/log|' fstab
cat >>fstab
swap /var/log mfs rw,nodev,nosuid,-s=128M,-P=/mfs/log 0 0
^D

3. reboot so that the above /etc/fstab changes take effect.

4. configure rsync to periodically checkpoint /var/log to /mfs/log:
pkg_add rsync
crontab -e
(add the following lines)
#
# checkpoint log files
10*/4***/usr/local/bin/rsync -ayH
--delete-after /var/log/ /mfs/log

5. also save /var/log to /mfs/log on shutdown:
cat >>/etc/rc.shutdown
/usr/local/bin/rsync -ayH --delete-after /var/log/ /mfs/log
^D

I sync /var/log to /mfs/log only every 4 hours because I have reliable power.
If you have unreliable power (or unreliable hardware) or your firewall
crashes
or reboots for unknown reasons you may want to sync more often.  Actually
in that case you probably shouldn't use an MFS /var/log at all.

When I first did this it was more than 2 years ago.  Today SSD storage has
improved enough that this shouldn't be needed (see my first recommendation
above not to worry about it).

-ken

Re: Long life on SSD in a firewall environment

[Edgar Pettijohn]

Sent from my iPhone

> On Jun 19, 2016, at 11:19 PM, li...@wrant.com wrote:
>
> Sun, 19 Jun 2016 23:05:34 -0500 Edgar Pettijohn
> 
>> Sent from my iPhone
>>
>>> On Jun 19, 2016, at 11:01 PM, li...@wrant.com wrote:
>>>
>>> Sun, 19 Jun 2016 21:35:04 -0500 Edgar Pettijohn 
 Sent from my iPhone
 ...
 Ok. Thanks for the seller advice.
>>>
>>> Who said it's seller advice?  I said your idea is not a good idea at all.
>> My idea was sharing information. If that's a bad idea then why are you on
the list?
>
> Edgar, you're misleading people and obviously this why "You" are here.
>

You found me out. Guess I'll have to move to the next list.

Re: Long life on SSD in a firewall environment

[lists]

Sun, 19 Jun 2016 23:05:34 -0500 Edgar Pettijohn

> Sent from my iPhone
> 
> > On Jun 19, 2016, at 11:01 PM, li...@wrant.com wrote:
> > 
> > Sun, 19 Jun 2016 21:35:04 -0500 Edgar Pettijohn   
> >> Sent from my iPhone
> >> ...
> >> Ok. Thanks for the seller advice.  
> > 
> > Who said it's seller advice?  I said your idea is not a good idea at all.
> >   
> My idea was sharing information. If that's a bad idea then why are you on the 
> list?

Edgar, you're misleading people and obviously this why "You" are here.

Re: Long life on SSD in a firewall environment

[Edgar Pettijohn]

Sent from my iPhone

> On Jun 19, 2016, at 11:01 PM, li...@wrant.com wrote:
>
> Sun, 19 Jun 2016 21:35:04 -0500 Edgar Pettijohn 
>> Sent from my iPhone
>> ...
>> Ok. Thanks for the seller advice.
>
> Who said it's seller advice?  I said your idea is not a good idea at all.
>
My idea was sharing information. If that's a bad idea then why are you on the
list?

Re: Long life on SSD in a firewall environment

[lists]

Sun, 19 Jun 2016 21:35:04 -0500 Edgar Pettijohn 
> Sent from my iPhone
> ...
> Ok. Thanks for the seller advice.

Who said it's seller advice?  I said your idea is not a good idea at all.

Re: Long life on SSD in a firewall environment

[Edgar Pettijohn]

Sent from my iPhone

On Jun 19, 2016, at 2:58 PM, li...@wrant.com wrote:

>>> Sun, 19 Jun 2016 13:27:09 -0500 Edgar Pettijohn 
 I am not unable to upgrade. I choose not to at this time.
>
>>> On Jun 19, 2016, at 1:59 PM, li...@wrant.com wrote:
>>> "I am not unable to run with the chain on my ankles.  I choose not to."
>
> Sun, 19 Jun 2016 14:10:52 -0500 Edgar Pettijohn 
>> What chain? Sounds dangerous.
>
> Also dangerous is to run a border network (public facing) system for
> years without updating to current software: probably some bad habits.
>
Who said its public facing?

> As it is your system, it's OK to do as you please.  But don't recommend
> this to other users, as you will get no credit for such recommendations.
>

Didn't ask for credit. He wanted ideas. I provided with warnings.

> On Jun 19, 2016, at 1:59 PM, li...@wrant.com wrote:
>>> You're recommending a flawed tutorial that does offer the sane choices.
>
> Sun, 19 Jun 2016 14:10:52 -0500 Edgar Pettijohn 
>> I didn't recommend following it. Just as an example of ideas.
>
> It's way outdated.  Please don't mention current improvements and
> mitigation measures as any thing preventing you from the upgrades.
>
I warned it wasn't great.

I believe I said the time involved was the reason. Please don't reinterpret my
words on the list.

> It is only you who prevents you from upgrading or staying current.
>

That is obvious.

> There is no problem you following any tutorial on the Internet.
> There is a problem when you mention mitigation measures as bad.
>
Never did.

> It is very good, if you do not want this, you can skip OpenBSD.

Ok. Thanks for the seller advice.

Re: Long life on SSD in a firewall environment

[lists]

Sun, 19 Jun 2016 08:09:24 -0700 Chris Cappuccio 
> I'd just use a regular install on a a modern SSD. flashrd and other
> techniques are great for _cheap_ and potentially buggy or otherwise
> less reliable flash, such as USB sticks or SD cards.

A gateway and a local server here both ran 5 yrs off a cheap 16 GB USB
thumb drive, which I dismantled and stuck in the motherboards USB slot
inside the box.  This never saw a read-only file system,  and had none
issues the whole period with ~zero downtime.  The USB sticks are still
in use, and work to this day regular store and retrieve cycles.  I now
use spinning HDDs in the boxes, after I managed to rework them to have
more reliable air flow.  So the fanless SSD appliances put the SSDs in
risk because of no fan, and not because of write operations, that's it.
Plus HDDs are cheaper, and endure better higher temperatures than SSDs.

Re: Long life on SSD in a firewall environment

[lists]

Sun, 19 Jun 2016 15:13:35 -0500 Chris Bennett

> > To ensure long life, it is more important to keep electronics cool.
> 
> An excellent way to keep your firewall box "cool" is to put some nice
> OpenBSD stickers on the outside. Be sure to wear an OpenBSD tee-shirt
> while applying them.

Yes, stickers make good visual appeal, but they don't reduce temperature.
Usage of low noise reliable DC fans will do you more good than the these:

> And since we are talking about firewalls and "hot spots", you may want
> to keep your firewall inside of a room with a true firewall.
> 
> So I think that deals with this whole problem of "hot spots" and
> keeping "cool".

Solved by sufficient air flow of standard room temperature (25 deg Celsius
or cooler, above condensation point) around the heat exchange radiator(s).

This takes away dissipated heat for any device with heat output more than
free convection naturally takes away.  Several degrees above normal temp
reduces the longevity of the devices exponentially (in years per degree).

> Go buy a CD set and some tee-shirts and all your problems are solved!

Then don't seek some flawed tutorial online, but start with the README.
Install as instructed, simple and easy, and don't worry about your SSD.

> I feel so cool having put this fire out!

And no more hyperventilating for you, Chris, you've had it for today ;)

Re: Long life on SSD in a firewall environment

[Chris Bennett]

On Sun, Jun 19, 2016 at 09:02:45PM +0300, li...@wrant.com wrote:
>  The only hot spot  
> 
> To ensure long life, it is more important to keep electronics cool.
> 

An excellent way to keep your firewall box "cool" is to put some nice
OpenBSD stickers on the outside. Be sure to wear an OpenBSD tee-shirt
while applying them.

And since we are talking about firewalls and "hot spots", you may want
to keep your firewall inside of a room with a true firewall.
Multiple sheets of drywall stacked on top of each other keep fires from
coming in for longer periods. Hospitals tend to have four hour firewalls
everywhere to keep fires from propagating rapidly.

So I think that deals with this whole problem of "hot spots" and
keeping "cool".

Go buy a CD set and some tee-shirts and all your problems are solved!

I feel so cool having put this fire out!

:-)

Chris

Re: Long life on SSD in a firewall environment

[lists]

Sun, 19 Jun 2016 13:27:09 -0500 Edgar Pettijohn

> I am not unable to upgrade. I choose not to at this time.

It is your choice, other users of the operating system want to be able.

> > Synopsis: there is no need to treat SSD any special way user level.
> > To ensure long life, it is more important to keep electronics cool.

Re: Long life on SSD in a firewall environment

[Paolo Aglialoro]

U told about a firewall, that one is no way a write intensive task, so in
this use case it would go well any SSD.

If u really think about a write intensive use case, I would go for Samsung
850EVO devices: the 500gb model of the previous 840pro has been tested to
write more than 1.9pb before dying and the current 850pro around 7pb (just
google for these tests). The 850 series sport the new vertical nand cells
which are said to be tougher than previous ones. This said, I expect the
850evo 500gb to write more than 2pb in its life cycle, which is way more
than the average PC will write in its whole life.

If this is not enough for u, dell features a lineup of "write intensive"
(yes, included in the name) SSDs, which sport around double the cells of
their official commercial size in order to guarantee a substitution rate of
more (right now don't remember how many times) than a complete rewrite
every day for 5 years... of course not so cheap like the Samsung evo models.

Have phun!

Re: Long life on SSD in a firewall environment

[Edgar Pettijohn]

On 16-06-19 21:02:45, li...@wrant.com wrote:
> Sun, 19 Jun 2016 12:32:38 -0500 Edgar Pettijohn
> 
> > Sent from my iPhone
> > 
> > > On Jun 19, 2016, at 11:34 AM, li...@wrant.com wrote:
> > >
> > > "I am afraid to upgrade".. is a total deal breaker, just buy a good SSD.  
> > 
> > What deal?
> 
> Of maintaining the system via regular updates.  This is an important
> procedure, and if some install choice interferes, the install choice,
> you guessed right: it's wrong because it interferes with maintenance.
>

What maintenance? Who decides whats "wrong"? 
 
> > At the time of install those weren't issues. If I upgrade they become 
> > issues.
> 
> Exactly: Unable to upgrade, means you have to re-install.  Pick some
> different choice next time, one which does not prevent upgrades.  Or
> stay forever stuck in that moment of time, which is called business.

I am not unable to upgrade. I choose not to at this time.

> 
> > Very minor issues, but it will take user intervention (time) that I don't 
> > want
> > to spend.
> > 
> > > Install as if installing on a HDD, it does not make a difference, except
> > > that you pay more.  When you fill the SSD it will perform just as a HDD.  
> > 
> > I agree. However, if you want to experiment for fun or whatever the motive. 
> > Go
> > for it. I had no real reason to do what I did other than for the hell of it.
> 
> Of course, the take away fact is: in terms of the operating system,
> SSD are just as good as any HDD is.  Only different storage medium,
> the controller takes care of this.  If you pick the better quality
> SSDs (which have more head room for cell fatigue remapping), you'll
> get a decent modern controller as well.  The SSD are newer devices,
> but they are maturing rapidly.  The only hot spot is price and this
> is not going to be a match for HDDs any time soon.  But you can get
> somewhat faster reads on average, if this is your rate for success.
> 
> Synopsis: there is no need to treat SSD any special way user level.
> To ensure long life, it is more important to keep electronics cool.
> 

-- 
Edgar Pettijohn

Re: Long life on SSD in a firewall environment

[lists]

Sun, 19 Jun 2016 12:32:38 -0500 Edgar Pettijohn

> Sent from my iPhone
> 
> > On Jun 19, 2016, at 11:34 AM, li...@wrant.com wrote:
> >
> > "I am afraid to upgrade".. is a total deal breaker, just buy a good SSD.  
> 
> What deal?

Of maintaining the system via regular updates.  This is an important
procedure, and if some install choice interferes, the install choice,
you guessed right: it's wrong because it interferes with maintenance.

> At the time of install those weren't issues. If I upgrade they become issues.

Exactly: Unable to upgrade, means you have to re-install.  Pick some
different choice next time, one which does not prevent upgrades.  Or
stay forever stuck in that moment of time, which is called business.

> Very minor issues, but it will take user intervention (time) that I don't want
> to spend.
> 
> > Install as if installing on a HDD, it does not make a difference, except
> > that you pay more.  When you fill the SSD it will perform just as a HDD.  
> 
> I agree. However, if you want to experiment for fun or whatever the motive. Go
> for it. I had no real reason to do what I did other than for the hell of it.

Of course, the take away fact is: in terms of the operating system,
SSD are just as good as any HDD is.  Only different storage medium,
the controller takes care of this.  If you pick the better quality
SSDs (which have more head room for cell fatigue remapping), you'll
get a decent modern controller as well.  The SSD are newer devices,
but they are maturing rapidly.  The only hot spot is price and this
is not going to be a match for HDDs any time soon.  But you can get
somewhat faster reads on average, if this is your rate for success.

Synopsis: there is no need to treat SSD any special way user level.
To ensure long life, it is more important to keep electronics cool.

Re: Long life on SSD in a firewall environment

[Edgar Pettijohn]

Sent from my iPhone

> On Jun 19, 2016, at 11:34 AM, li...@wrant.com wrote:
>
> "I am afraid to upgrade".. is a total deal breaker, just buy a good SSD.

What deal?
At the time of install those weren't issues. If I upgrade they become issues.
Very minor issues, but it will take user intervention (time) that I don't want
to spend.

> Install as if installing on a HDD, it does not make a difference, except
> that you pay more.  When you fill the SSD it will perform just as a HDD.

I agree. However, if you want to experiment for fun or whatever the motive. Go
for it. I had no real reason to do what I did other than for the hell of it.

Re: Long life on SSD in a firewall environment

[lists]

"I am afraid to upgrade".. is a total deal breaker, just buy a good SSD.
Install as if installing on a HDD, it does not make a difference, except
that you pay more.  When you fill the SSD it will perform just as a HDD.

Re: Long life on SSD in a firewall environment

[Edgar Pettijohn]

On 16-06-19 11:56:57, Sj??holm Per-Olov wrote:
> Hi
> 
> Does anyone know if there exist any list of recommendations about how to make
> an SSD disk to live as long as possible when using it for firewall purpose on
> OpenBSD?  It seems that OpenBSD lack some features related to SSDs like TRIM.
> SSDs are getting more popular, but I cannot find much info in the OpenBSD FAQ
> or on misc. Also, it is not that easy to get a good understanding of how long
> an average good SSD will really live with average disk writes from the specs.
> And there a more than one way to give specs about this where DWPD is one and
> MTBF is another.
> 
> Therefor I at least want to do the easy steps to make it long lived...
> 
> Softdep is probably a good thing. What else? And I think of rewriting the
> logging handling with dates in /var/log to avoid a move of all logs every day.
> Or is that waste of time? Any special handling/settings for swap and /tmp?
> 
> 
> 
> Input very much appreciated
> 
> 
> 
> Tnx in advance
> 
> /Peo
> Current FW system: OpenBSD 5.9 stable, Mainboard: NF9HG-2930, Nics: i211AT,
> CPU: N2930, Disk: Intel 525 30GB mSATA
> 
I started with this quide. However, keep in mind some of it needs to 
be changed to fit what you need, etc.  Plus some of it just plain 
didn't work.

http://blog.spoofed.org/2007/12/openbsd-on-soekris-cheaters-guide.html

So far I haven't had any problems with my final setup thats been running
for over a year now. I am afraid to upgrade due to the library reordering 
and W^X stuff, but I'm sure it wouldn't be too difficult to work around.
-- 
Edgar Pettijohn

Re: Long life on SSD in a firewall environment

[Chris Cappuccio]

Sj??holm Per-Olov [p...@incedo.org] wrote:
> Hi
> 
> Does anyone know if there exist any list of recommendations about how to make
> an SSD disk to live as long as possible when using it for firewall purpose on
> OpenBSD?  It seems that OpenBSD lack some features related to SSDs like TRIM.
> SSDs are getting more popular, but I cannot find much info in the OpenBSD FAQ
> or on misc. Also, it is not that easy to get a good understanding of how long
> an average good SSD will really live with average disk writes from the specs.
> And there a more than one way to give specs about this where DWPD is one and
> MTBF is another.
> 

A good SSD will live forever in a low-usage environment. The biggest problem
with flash devices in my experience seem like some kind of controller or
component failure, not a write durability issue. Hopefully, a well engineered
device with good components can avoid this type of failure. That's what
we're all hoping because this is what everyone buys now...

> Softdep is probably a good thing. What else? And I think of rewriting the
> logging handling with dates in /var/log to avoid a move of all logs every day.
> Or is that waste of time? Any special handling/settings for swap and /tmp?
> 

Softdep is a trade-off. If the box is an appliance and does not frequently get
files created and deleted, it provides no advantage. Swap is probably never
going to be used.

Re: Long life on SSD in a firewall environment

[Chris Cappuccio]

Paul Suh [pl...@goodeast.com] wrote:
> 
> Sj??holm,
> 
> Take a look at:
> 
> https://github.com/yellowman/flashrd
> https://github.com/markhellewell/resflash
> 
> Hope this helps.
> 

I'd just use a regular install on a a modern SSD. flashrd and other
techniques are great for _cheap_ and potentially buggy or otherwise
less reliable flash, such as USB sticks or SD cards. Most modern
SSDs do not fall in this category and are designed for long reliability,
especially in a typical appliance role where they don't get a lot of
action. I've been very happy with the inexpensive PC Engines 16GB msata
SSD on the APU. It's a DRAM-free design, intended for longevity in these
applications, not the highest write speed. Same with the SanDisk Z400s
on larger boards. If you are really paranoid, put a few extra bucks into
the Samsung SM863. I use the 1.92TB version under softraid 1 for a busy
mail server. It's a workhorse.

Re: Long life on SSD in a firewall environment

[Paul Suh]

> On Jun 19, 2016, at 5:56 AM, Sjöholm Per-Olov  wrote:
>
> Hi
>
> Does anyone know if there exist any list of recommendations about how to
make
> an SSD disk to live as long as possible when using it for firewall purpose
on
> OpenBSD?  It seems that OpenBSD lack some features related to SSDs like
TRIM.
> SSDs are getting more popular, but I cannot find much info in the OpenBSD
FAQ
> or on misc. Also, it is not that easy to get a good understanding of how
long
> an average good SSD will really live with average disk writes from the
specs.
> And there a more than one way to give specs about this where DWPD is one
and
> MTBF is another.
>
> Therefor I at least want to do the easy steps to make it long lived...
>
> Softdep is probably a good thing. What else? And I think of rewriting the
> logging handling with dates in /var/log to avoid a move of all logs every
day.
> Or is that waste of time? Any special handling/settings for swap and /tmp?

Sjöholm,

Take a look at:

https://github.com/yellowman/flashrd
https://github.com/markhellewell/resflash

Hope this helps.


--Paul

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Long life on SSD in a firewall environment

[Stefan Sperling]

On Sun, Jun 19, 2016 at 11:56:57AM +0200, Sjöholm Per-Olov wrote:
> Hi
> 
> Does anyone know if there exist any list of recommendations about how to make
> an SSD disk to live as long as possible when using it for firewall purpose on
> OpenBSD?  It seems that OpenBSD lack some features related to SSDs like TRIM.
> SSDs are getting more popular, but I cannot find much info in the OpenBSD FAQ
> or on misc. Also, it is not that easy to get a good understanding of how long
> an average good SSD will really live with average disk writes from the specs.
> And there a more than one way to give specs about this where DWPD is one and
> MTBF is another.
> 
> Therefor I at least want to do the easy steps to make it long lived...
> 
> Softdep is probably a good thing. What else? And I think of rewriting the
> logging handling with dates in /var/log to avoid a move of all logs every day.
> Or is that waste of time? Any special handling/settings for swap and /tmp?
> 
> 
> 
> Input very much appreciated
> 
> 
> 
> Tnx in advance
> 
> /Peo
> Current FW system: OpenBSD 5.9 stable, Mainboard: NF9HG-2930, Nics: i211AT,
> CPU: N2930, Disk: Intel 525 30GB mSATA

I would just not worry about it. Don't waste time optimizing your setup
to treat these disks like special snowflakes.

I've been using SSDs in several OpenBSD machines for years without problems.
Some of my hard disks died much sonner.

Plan ahead for the day when your disk fails.
Nobody can tell how long your particular disk will last.

Re: Long life on SSD in a firewall environment

[Marcus MERIGHI]

p...@incedo.org (Sj??holm Per-Olov), 2016.06.19 (Sun) 11:56 (CEST):
> Does anyone know if there exist any list of recommendations about how
> to make an SSD disk to live as long as possible when using it for
> firewall purpose on OpenBSD?  

http://marc.info/?l=openbsd-misc=144738462109908

Bye, Marcus

> It seems that OpenBSD lack some features related to SSDs like TRIM.
> SSDs are getting more popular, but I cannot find much info in the OpenBSD FAQ
> or on misc. Also, it is not that easy to get a good understanding of how long
> an average good SSD will really live with average disk writes from the specs.
> And there a more than one way to give specs about this where DWPD is one and
> MTBF is another.
> 
> Therefor I at least want to do the easy steps to make it long lived...
> 
> Softdep is probably a good thing. What else? And I think of rewriting the
> logging handling with dates in /var/log to avoid a move of all logs every day.
> Or is that waste of time? Any special handling/settings for swap and /tmp?
> 
> Input very much appreciated
> 
> Tnx in advance
> 
> /Peo
> Current FW system: OpenBSD 5.9 stable, Mainboard: NF9HG-2930, Nics: i211AT,
> CPU: N2930, Disk: Intel 525 30GB mSATA
> 
> 
> !DSPAM:57666c71139262012919378!