Re: OT - Small DNS appliances for remote offices.
If your time is worth anything, you can't beat the Mac Mini, especially for a branch office mission-critical application like DNS. I just picked up a Mini from BestBuy for $480. I plugged it in, applied the latest updates, purchased the MacOSX Server component from the Apples Store ($19), and then via the Server control panel enabled DNS with forwarding. Total time from unboxing to working DNS: 20 minutes. The Server component smartly ships with all services disabled, in contrast to a lot of Linux distros, so it's pretty secure out of the box. You can harden it a bit more with the built-in PF firewall. The machine is also IPv6 ready out of the box, so my new DNS server automatically services both IPv4 and IPv6 clients. You get Apple's warranty and full support. Any Apple store can do testing and repair. And with a dual-core 1.4GHz I5 and 4GB memory, it's going to handle loads of DNS requests. Of course, if your time is worth little, spend a lot of time tweaking slow, unsupported, incomplete solutions. -mel On Feb 19, 2015, at 11:32 AM, Denys Fedoryshchenko de...@visp.net.lb wrote: On 2015-02-19 18:26, valdis.kletni...@vt.edu wrote: On Thu, 19 Feb 2015 14:52:42 +, David Reader said: I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. I have a Pi that's found a purpose in life as a remote smokeping sensor and related network monitoring, a task it does quite nicely. Note that they just released the Pi 2, which goes from the original single-core ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at the same price point. That may change the calculus. I admit not having gotten one in hand to play with yet. Weird thing - it still has Ethernet over ugly USB 2.0 That kills any interest to run it for any serious networking applications. --- Best regards, Denys
Re: OT - Small DNS appliances for remote offices.
On 2015-02-19 18:26, valdis.kletni...@vt.edu wrote: On Thu, 19 Feb 2015 14:52:42 +, David Reader said: I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. I have a Pi that's found a purpose in life as a remote smokeping sensor and related network monitoring, a task it does quite nicely. Note that they just released the Pi 2, which goes from the original single-core ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at the same price point. That may change the calculus. I admit not having gotten one in hand to play with yet. Weird thing - it still has Ethernet over ugly USB 2.0 That kills any interest to run it for any serious networking applications. --- Best regards, Denys
Re: OT - Small DNS appliances for remote offices.
older apple tv will work as well :) Colin On 19 Feb 2015, at 19:47, Mel Beckman m...@beckman.org wrote: If your time is worth anything, you can't beat the Mac Mini, especially for a branch office mission-critical application like DNS. I just picked up a Mini from BestBuy for $480. I plugged it in, applied the latest updates, purchased the MacOSX Server component from the Apples Store ($19), and then via the Server control panel enabled DNS with forwarding. Total time from unboxing to working DNS: 20 minutes. The Server component smartly ships with all services disabled, in contrast to a lot of Linux distros, so it's pretty secure out of the box. You can harden it a bit more with the built-in PF firewall. The machine is also IPv6 ready out of the box, so my new DNS server automatically services both IPv4 and IPv6 clients. You get Apple's warranty and full support. Any Apple store can do testing and repair. And with a dual-core 1.4GHz I5 and 4GB memory, it's going to handle loads of DNS requests. Of course, if your time is worth little, spend a lot of time tweaking slow, unsupported, incomplete solutions. -mel On Feb 19, 2015, at 11:32 AM, Denys Fedoryshchenko de...@visp.net.lb wrote: On 2015-02-19 18:26, valdis.kletni...@vt.edu wrote: On Thu, 19 Feb 2015 14:52:42 +, David Reader said: I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. I have a Pi that's found a purpose in life as a remote smokeping sensor and related network monitoring, a task it does quite nicely. Note that they just released the Pi 2, which goes from the original single-core ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at the same price point. That may change the calculus. I admit not having gotten one in hand to play with yet. Weird thing - it still has Ethernet over ugly USB 2.0 That kills any interest to run it for any serious networking applications. --- Best regards, Denys
Re: OT - Small DNS appliances for remote offices.
If you have a lot of locations, as I believe Ray is looking for, all of this is a manual process you need to do for each instance. That is slow and inefficient. If you're doing more than a few, you probably want something you can PXE boot for provisioning and manage with your preferred DevOps tools. It also sounds like he wants to run anycast for this service, so probably needs a BGP speaker and other site-specific configuration that I assume is not covered by the cookie-cutter OSX tools. Of course you could still do it this way with a Mac Mini running some other OS, but why would you want to when there are plenty of other mini-PC options that are more appropriate? Also: With Apple dropping their Pro products and leaving customers in the lurch, and no longer having any actual server hardware, I would have very little confidence in their server software product's quality or likely longevity. And of course they're mum on their plans, so it's impossible to plan around if they decide to exit the market. Keenan On 02/19/2015 11:47 AM, Mel Beckman wrote: If your time is worth anything, you can't beat the Mac Mini, especially for a branch office mission-critical application like DNS. I just picked up a Mini from BestBuy for $480. I plugged it in, applied the latest updates, purchased the MacOSX Server component from the Apples Store ($19), and then via the Server control panel enabled DNS with forwarding. Total time from unboxing to working DNS: 20 minutes. The Server component smartly ships with all services disabled, in contrast to a lot of Linux distros, so it's pretty secure out of the box. You can harden it a bit more with the built-in PF firewall. The machine is also IPv6 ready out of the box, so my new DNS server automatically services both IPv4 and IPv6 clients. You get Apple's warranty and full support. Any Apple store can do testing and repair. And with a dual-core 1.4GHz I5 and 4GB memory, it's going to handle loads of DNS requests. Of course, if your time is worth little, spend a lot of time tweaking slow, unsupported, incomplete solutions. -mel On Feb 19, 2015, at 11:32 AM, Denys Fedoryshchenko de...@visp.net.lb wrote: On 2015-02-19 18:26, valdis.kletni...@vt.edu wrote: On Thu, 19 Feb 2015 14:52:42 +, David Reader said: I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. I have a Pi that's found a purpose in life as a remote smokeping sensor and related network monitoring, a task it does quite nicely. Note that they just released the Pi 2, which goes from the original single-core ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at the same price point. That may change the calculus. I admit not having gotten one in hand to play with yet. Weird thing - it still has Ethernet over ugly USB 2.0 That kills any interest to run it for any serious networking applications. --- Best regards, Denys
Re: OT - Small DNS appliances for remote offices.
Keenan, Red. Herrings. You can provision macs over the network. That's one of the functions of Mac OSX Server OS. It's trivial to then promote them to servers themselves. All remotely. Also, the Mac is running a full BIND9 implementation, not some cutdown version. Yes the GUI is minimal, but there's no need to use the GUI, and you don't even have a GUI on other platforms for the most part. BGP speaker? Come on, you're gilding the lily. Yes, Apple is silent about its plans. But the Mac Mini and Server OS have been well supported for over a decade. I don't know why you're bringing server hardware into this, the whole point of the discussion is to avoid using server hardware. And how much open source road map has failed to materialize? Lots! The future-proofing argument cuts both ways, my friend. You may have little confidence in Apple, but the rest of the world seems to have great confidence. Just look at Apple's stock performance and market cap. As a famous scientist one said: The absence of data is not data. :-) -mel beckman On Feb 19, 2015, at 12:43 PM, Keenan Tims kt...@stargate.camailto:kt...@stargate.ca wrote: If you have a lot of locations, as I believe Ray is looking for, all of this is a manual process you need to do for each instance. That is slow and inefficient. If you're doing more than a few, you probably want something you can PXE boot for provisioning and manage with your preferred DevOps tools. It also sounds like he wants to run anycast for this service, so probably needs a BGP speaker and other site-specific configuration that I assume is not covered by the cookie-cutter OSX tools. Of course you could still do it this way with a Mac Mini running some other OS, but why would you want to when there are plenty of other mini-PC options that are more appropriate? Also: With Apple dropping their Pro products and leaving customers in the lurch, and no longer having any actual server hardware, I would have very little confidence in their server software product's quality org likely longevity. And of course they're mum on their plans, so it's impossible to plan around if they decide to exit the market. Keenan On 02/19/2015 11:47 AM, Mel Beckman wrote: If your time is worth anything, you can't beat the Mac Mini, especially for a branch office mission-critical application like DNS. I just picked up a Mini from BestBuy for $480. I plugged it in, applied the latest updates, purchased the MacOSX Server component from the Apples Store ($19), and then via the Server control panel enabled DNS with forwarding. Total time from unboxing to working DNS: 20 minutes. The Server component smartly ships with all services disabled, in contrast to a lot of Linux distros, so it's pretty secure out of the box. You can harden it a bit more with the built-in PF firewall. The machine is also IPv6 ready out of the box, so my new DNS server automatically services both IPv4 and IPv6 clients. You get Apple's warranty and full support. Any Apple store can do testing and repair. And with a dual-core 1.4GHz I5 and 4GB memory, it's going to handle loads of DNS requests. Of course, if your time is worth little, spend a lot of time tweaking slow, unsupported, incomplete solutions. -mel On Feb 19, 2015, at 11:32 AM, Denys Fedoryshchenko de...@visp.net.lbmailto:de...@visp.net.lb wrote: On 2015-02-19 18:26, valdis.kletni...@vt.edumailto:valdis.kletni...@vt.edu wrote: On Thu, 19 Feb 2015 14:52:42 +, David Reader said: I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. I have a Pi that's found a purpose in life as a remote smokeping sensor and related network monitoring, a task it does quite nicely. Note that they just released the Pi 2, which goes from the original single-core ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at the same price point. That may change the calculus. I admit not having gotten one in hand to play with yet. Weird thing - it still has Ethernet over ugly USB 2.0 That kills any interest to run it for any serious networking applications. --- Best regards, Denys
Re: OT - Small DNS appliances for remote offices.
here here, apple kits rocks for low end server work, sun kit rocks for high end server work. Colin On 19 Feb 2015, at 20:55, Mel Beckman m...@beckman.org wrote: Keenan, Red. Herrings. You can provision macs over the network. That's one of the functions of Mac OSX Server OS. It's trivial to then promote them to servers themselves. All remotely. Also, the Mac is running a full BIND9 implementation, not some cutdown version. Yes the GUI is minimal, but there's no need to use the GUI, and you don't even have a GUI on other platforms for the most part. BGP speaker? Come on, you're gilding the lily. Yes, Apple is silent about its plans. But the Mac Mini and Server OS have been well supported for over a decade. I don't know why you're bringing server hardware into this, the whole point of the discussion is to avoid using server hardware. And how much open source road map has failed to materialize? Lots! The future-proofing argument cuts both ways, my friend. You may have little confidence in Apple, but the rest of the world seems to have great confidence. Just look at Apple's stock performance and market cap. As a famous scientist one said: The absence of data is not data. :-) -mel beckman On Feb 19, 2015, at 12:43 PM, Keenan Tims kt...@stargate.camailto:kt...@stargate.ca wrote: If you have a lot of locations, as I believe Ray is looking for, all of this is a manual process you need to do for each instance. That is slow and inefficient. If you're doing more than a few, you probably want something you can PXE boot for provisioning and manage with your preferred DevOps tools. It also sounds like he wants to run anycast for this service, so probably needs a BGP speaker and other site-specific configuration that I assume is not covered by the cookie-cutter OSX tools. Of course you could still do it this way with a Mac Mini running some other OS, but why would you want to when there are plenty of other mini-PC options that are more appropriate? Also: With Apple dropping their Pro products and leaving customers in the lurch, and no longer having any actual server hardware, I would have very little confidence in their server software product's quality org likely longevity. And of course they're mum on their plans, so it's impossible to plan around if they decide to exit the market. Keenan On 02/19/2015 11:47 AM, Mel Beckman wrote: If your time is worth anything, you can't beat the Mac Mini, especially for a branch office mission-critical application like DNS. I just picked up a Mini from BestBuy for $480. I plugged it in, applied the latest updates, purchased the MacOSX Server component from the Apples Store ($19), and then via the Server control panel enabled DNS with forwarding. Total time from unboxing to working DNS: 20 minutes. The Server component smartly ships with all services disabled, in contrast to a lot of Linux distros, so it's pretty secure out of the box. You can harden it a bit more with the built-in PF firewall. The machine is also IPv6 ready out of the box, so my new DNS server automatically services both IPv4 and IPv6 clients. You get Apple's warranty and full support. Any Apple store can do testing and repair. And with a dual-core 1.4GHz I5 and 4GB memory, it's going to handle loads of DNS requests. Of course, if your time is worth little, spend a lot of time tweaking slow, unsupported, incomplete solutions. -mel On Feb 19, 2015, at 11:32 AM, Denys Fedoryshchenko de...@visp.net.lbmailto:de...@visp.net.lb wrote: On 2015-02-19 18:26, valdis.kletni...@vt.edumailto:valdis.kletni...@vt.edu wrote: On Thu, 19 Feb 2015 14:52:42 +, David Reader said: I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. I have a Pi that's found a purpose in life as a remote smokeping sensor and related network monitoring, a task it does quite nicely. Note that they just released the Pi 2, which goes from the original single-core ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at the same price point. That may change the calculus. I admit not having gotten one in hand to play with yet. Weird thing - it still has Ethernet over ugly USB 2.0 That kills any interest to run it for any serious networking applications. --- Best regards, Denys
Re: OT - Small DNS appliances for remote offices.
Bryan Seitz se...@bsd-unix.net writes: odroid-c1 + eMMC module + RTC battery + case + power adapter. Should run you about $75 *AND* wouldn't be bad for running NTP as well. I haven't looked into the details of the clock, so wouldn't be bad is probably true, notably good, well, that would be a task for someone with experience doing clock benchmarking and who can describe MAVAR without looking it up. The gig-e port on the C1 has been observed to push 405Mbps TX and 940Mbps+ RX via iperf. The 405 Mbps for TX. I've seen around 30 Mbyte/sec on single stream TCP RX. Got 99.5 Mbyte/sec from a Mac Mini in the same subnet so that's not a limit of the host on the other end of the benchmark. I call shenanigans on the 940 Mbps iperf number though. The HSIC bus is only 480 Mbit/sec. Two pints of beer in a one pint glass would be some trick. -r
Re: OT - Small DNS appliances for remote offices.
Denys Fedoryshchenko de...@visp.net.lb writes: Beaglebone has gigabit mac, but due some errata it is not used in gigabit mode, it is 100M (which is maybe enough for small office). But it is hardware mac. The Beaglebone Black rev C BOM calls out the ethernet phy chip as LAN8710A-EZC-TR which is 10/100 so there's your constraint. The MAC is built into the SoC and according to the datasheet the AM3358B is 10/100/1000. Another hardware MAC on inexpensive board it is Odroid-C1. Difficulty: hardware MAC tells you nothing about how it's connected, either on the board or internally in the SoC. Ethernet on Multibus and Ethernet on PCIe (neither likely on an embedded ARM ;-) are both hardware MAC yet the bus-constrained bandwidths will differ by several orders of magnitude. -r
Re: OT - Small DNS appliances for remote offices.
Beaglebone has gigabit mac, but due some errata it is not used in gigabit mode, it is 100M (which is maybe enough for small office). But it is hardware mac. Another hardware MAC on inexpensive board it is Odroid-C1. But stability of all this boards in heavy networking use is under question, i didn't tested them yet intensively for same purpose. On 2015-02-19 02:27, Geoff Mulligan wrote: The BeagleBone Black uses flash memory to hold the system image which allows it to boot quickly. I'm running Ubuntu Trusty 14.04 and it seems stable. Geoff *-- Presidential Innovation Fellow | The White House* On 02/18/2015 05:20 PM, Bacon Zombie wrote: You also have to watch out for issues with the Pi corrupting SD cards. On 19 Feb 2015 01:04, Geoff Mulligan nano...@mulligan.org wrote: I have used the BeagleBone to run a few simple servers. I don't know if the ethernet port on the Bone is on the USB bus. It is slightly more expensive than a PI, but they have worked well for me. Geoff On 02/18/2015 04:44 PM, Peter Loron wrote: For any site where you would use a Pi as the DNS cache, it won't be an issue. DNS isn't that heavy at those query rates. Yeah, it would be awesome if they'd been able to get a SoC that included ethernet. -Pete On 2015-02-18 15:08, Robert Webb wrote: What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds. div Original message /divdivFrom: Maxwell Cole mcole.mailingli...@gmail.com /divdivDate:02/18/2015 4:30 PM (GMT-05:00) /divdivTo: nanog@nanog.org 'NANOG list' nanog@nanog.org /divdivSubject: Re: OT - Small DNS appliances for remote offices. /divdiv /div --- Best regards, Denys
Re: OT - Small DNS appliances for remote offices.
On 2015-02-19 15:13, Rob Seastrom wrote: Denys Fedoryshchenko de...@visp.net.lb writes: Beaglebone has gigabit mac, but due some errata it is not used in gigabit mode, it is 100M (which is maybe enough for small office). But it is hardware mac. The Beaglebone Black rev C BOM calls out the ethernet phy chip as LAN8710A-EZC-TR which is 10/100 so there's your constraint. The MAC is built into the SoC and according to the datasheet the AM3358B is 10/100/1000. Another hardware MAC on inexpensive board it is Odroid-C1. Difficulty: hardware MAC tells you nothing about how it's connected, either on the board or internally in the SoC. Ethernet on Multibus and Ethernet on PCIe (neither likely on an embedded ARM ;-) are both hardware MAC yet the bus-constrained bandwidths will differ by several orders of magnitude. -r Well, i guess for DNS it wont matter much(400Mbit or full capacity). But stability of driverand archievable pps rate on it, due poor code - can be a question. And mostly this products are Network enabled, but networking are very lightly used, not as it is used on appliances, 24/7 traffic, sometimes malicious. About Beaglebone, probably reason is this errata: While the AM335x GP EVM has a Gb Ethernet PHY, AR8031A, on the base board, the PCB was designed to use internal clock delay mode of the RGMII interface and the AM335x does not support the internal clock delay mode. Therefore, if operating the Ethernet in Gb mode, there may be problems with the performance/function due to this. The AR8031A PHY supports internal delay mode. This can be enabled by software to guarantee Gb operation. However, this cannot be done to enable internal delay mode for Ethernet booting of course. Or maybe they just put 100Mbit PHY to make BOM cost less. As far as i know, Raspberry PI ethernet over USB might be fine for DNS too, but before it had issues with large data transfers (ethernet driver hangs). No idea about now. --- Best regards, Denys
Re: OT - Small DNS appliances for remote offices.
On Thu, Feb 19, 2015 at 06:18:43AM -0500, Rob Seastrom wrote: Bryan Seitz se...@bsd-unix.net writes: odroid-c1 + eMMC module + RTC battery + case + power adapter. Should run you about $75 *AND* wouldn't be bad for running NTP as well. I haven't looked into the details of the clock, so wouldn't be bad is probably true, notably good, well, that would be a task for someone with experience doing clock benchmarking and who can describe MAVAR without looking it up. The gig-e port on the C1 has been observed to push 405Mbps TX and 940Mbps+ RX via iperf. The 405 Mbps for TX. I've seen around 30 Mbyte/sec on single stream TCP RX. Got 99.5 Mbyte/sec from a Mac Mini in the same subnet so that's not a limit of the host on the other end of the benchmark. I call shenanigans on the 940 Mbps iperf number though. The HSIC bus is only 480 Mbit/sec. Two pints of beer in a one pint glass would be some trick. http://dn.odroid.com/homebackup/201411241452444193.jpg I don't think it lives on the 480Mbit/sec limited bus here. [ 3] local 192.168.1.4 port 53391 connected with 192.168.1.21 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 488 MBytes 409 Mbits/sec [ 4] local 192.168.1.4 port 5001 connected with 192.168.1.21 port 34581 [ ID] Interval Transfer Bandwidth [ 4] 0.0-10.0 sec 1.09 GBytes 939 Mbits/sec -- Bryan G. Seitz
Re: OT - Small DNS appliances for remote offices.
On Wed, Feb 18, 2015 at 7:24 PM, Domenick Petrella domenick.petre...@gmail.com wrote: The BeagleBone's ethernet is directly connected to the SoC, so you would get a higher throughput ceiling than the rpi. sounds super important... question though, what's the expected average/normal/budgeted rate for the remote office connection to the intertubes? + or 1 10mbps ?
RE: OT - Small DNS appliances for remote offices.
If you're already installing a Cisco router, maybe look at an SRE-V module? You could install a VM/OS on the router. Cheers,Josh
Re: OT - Small DNS appliances for remote offices.
On Thu, 19 Feb 2015 14:52:42 +, David Reader said: I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. I have a Pi that's found a purpose in life as a remote smokeping sensor and related network monitoring, a task it does quite nicely. Note that they just released the Pi 2, which goes from the original single-core ARM V6 to a quad-core ARM V7, and increases memory from 256M to1G. All at the same price point. That may change the calculus. I admit not having gotten one in hand to play with yet. pgpYKCg49tsqp.pgp Description: PGP signature
Re: OT - Small DNS appliances for remote offices.
On Thu, 19 Feb 2015 15:26:36 +0200 Denys Fedoryshchenko de...@visp.net.lb wrote: As far as i know, Raspberry PI ethernet over USB might be fine for DNS too, but before it had issues with large data transfers (ethernet driver hangs). No idea about now. On Thu, 19 Feb 2015 15:26:36 +0200 Denys Fedoryshchenko de...@visp.net.lb wrote: As far as i know, Raspberry PI ethernet over USB might be fine for DNS too, but before it had issues with large data transfers (ethernet driver hangs). No idea about now. AIUI the problem with the RPi isn't so much that the Ethernet NIC sits on a USB interface, it's that the RPi USB interface is very basic and requires a great deal of host interaction to work. It presents a very high interrupt load, and that can lead to problems. Remember that the RPi, fantastic as it is, was developed as a low cost educational aid. It can be used with great success in other fields, but you should consider its limitations. I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. d.
Re: OT - Small DNS appliances for remote offices.
People, processor of this hardware will be killed before the 100M ethernet be the problem. -- Eduardo Schoedler 2015-02-19 12:52 GMT-02:00 David Reader david.rea...@zeninternet.co.uk: On Thu, 19 Feb 2015 15:26:36 +0200 Denys Fedoryshchenko de...@visp.net.lb wrote: As far as i know, Raspberry PI ethernet over USB might be fine for DNS too, but before it had issues with large data transfers (ethernet driver hangs). No idea about now. On Thu, 19 Feb 2015 15:26:36 +0200 Denys Fedoryshchenko de...@visp.net.lb wrote: As far as i know, Raspberry PI ethernet over USB might be fine for DNS too, but before it had issues with large data transfers (ethernet driver hangs). No idea about now. AIUI the problem with the RPi isn't so much that the Ethernet NIC sits on a USB interface, it's that the RPi USB interface is very basic and requires a great deal of host interaction to work. It presents a very high interrupt load, and that can lead to problems. Remember that the RPi, fantastic as it is, was developed as a low cost educational aid. It can be used with great success in other fields, but you should consider its limitations. I'm using several to connect sensors, actuators, and such to a private network, which it's great for - but I'd think at least twice before deploying one as a public-serving host in user-experience-critical role in a remote location. d. -- Eduardo Schoedler
Re: OT - Small DNS appliances for remote offices.
The BeagleBone's ethernet is directly connected to the SoC, so you would get a higher throughput ceiling than the rpi. On Wed, Feb 18, 2015, 19:03 Geoff Mulligan nano...@mulligan.org wrote: I have used the BeagleBone to run a few simple servers. I don't know if the ethernet port on the Bone is on the USB bus. It is slightly more expensive than a PI, but they have worked well for me. Geoff On 02/18/2015 04:44 PM, Peter Loron wrote: For any site where you would use a Pi as the DNS cache, it won't be an issue. DNS isn't that heavy at those query rates. Yeah, it would be awesome if they'd been able to get a SoC that included ethernet. -Pete On 2015-02-18 15:08, Robert Webb wrote: What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds. div Original message /divdivFrom: Maxwell Cole mcole.mailingli...@gmail.com /divdivDate:02/18/2015 4:30 PM (GMT-05:00) /divdivTo: nanog@nanog.org 'NANOG list' nanog@nanog.org /divdivSubject: Re: OT - Small DNS appliances for remote offices. /divdiv /div
Re: OT - Small DNS appliances for remote offices.
We recently installed one of these basically as digital signage, but I think it should work fine for your needs too. We've had no issues with it at all. (we installed ubuntu) It's the ECS Liva mini-pc http://www.ecs.com.tw/ECSWebSite/Product/Product_LIVA.aspx?DetailID=1560LanID=0 On Wed, Feb 18, 2015 at 10:55 AM, David Reader david.rea...@zeninternet.co.uk wrote: On Wed, 18 Feb 2015 06:28:16 -0800 Ray Van Dolson rvandol...@esri.com wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations We're BIND-based and leaning to stick that way, but open to other options if they present themselves. I've found that unbound is lighter on the machine, but it does depends what you require feature-wise and/or operationally, of course. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. If you're looking at Soekris, you might also find the PCEngines products interesting. The APU series appears similar at a glance - and they do offer a case (not rackmount, sadly - although 3rd parties might) to suit. http://www.pcengines.ch/apu.htm At the lower end, the ALIX boards are available in a standard 100mm x 160mm eurocard format which makes them very easy to rack up.. https://www.dropbox.com/s/81p75pyz1ngsvm6/DSCN0916.JPG?dl=0 Whichever way you do it, a small low-power box running entirely from flash or ssd is likely to be a good fit and forget (security updates aside!) solution. If you want to run from a cheap flash card, and are a linux shop, http://linux.voyage.hk/ is a debian-derived system targetting the PCEngines boards which runs with a read-only filesystem. d.
Re: OT - Small DNS appliances for remote offices.
Have you looked at Mikrotik? www.mikrotik.com It may be lacking for DNS options you want, but worth a look. Justin Justin Wilson j...@mtin.net http://www.mtin.net Managed Services – xISP Solutions – Data Centers http://www.thebrotherswisp.com Podcast about xISP topics http://www.midwest-ix.com Peering – Transit – Internet Exchange On Feb 18, 2015, at 12:32 PM, Michael Bubb michael.b...@gmail.com wrote: What is your desired cost per unit? Reminds me of needing small pfsense based boxes a few years back. Used this company's hardware: http://www.logicsupply.com/computers/solutions/firewall-networking/ I bet you could get something fairly rugged and low maintenance for $400 or so. On Wed, Feb 18, 2015 at 9:28 AM, Ray Van Dolson rvandol...@esri.com wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309 -- Michael Bubb +1.646.783.8769 | KD2DTY Resume - http://mbubb.devio.us/res/resume.html *noli timere*
Re: OT - Small DNS appliances for remote offices.
On Wed, 18 Feb 2015 06:28:16 -0800 Ray Van Dolson rvandol...@esri.com wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations We're BIND-based and leaning to stick that way, but open to other options if they present themselves. I've found that unbound is lighter on the machine, but it does depends what you require feature-wise and/or operationally, of course. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. If you're looking at Soekris, you might also find the PCEngines products interesting. The APU series appears similar at a glance - and they do offer a case (not rackmount, sadly - although 3rd parties might) to suit. http://www.pcengines.ch/apu.htm At the lower end, the ALIX boards are available in a standard 100mm x 160mm eurocard format which makes them very easy to rack up.. https://www.dropbox.com/s/81p75pyz1ngsvm6/DSCN0916.JPG?dl=0 Whichever way you do it, a small low-power box running entirely from flash or ssd is likely to be a good fit and forget (security updates aside!) solution. If you want to run from a cheap flash card, and are a linux shop, http://linux.voyage.hk/ is a debian-derived system targetting the PCEngines boards which runs with a read-only filesystem. d.
Re: OT - Small DNS appliances for remote offices.
What is your desired cost per unit? Reminds me of needing small pfsense based boxes a few years back. Used this company's hardware: http://www.logicsupply.com/computers/solutions/firewall-networking/ I bet you could get something fairly rugged and low maintenance for $400 or so. On Wed, Feb 18, 2015 at 9:28 AM, Ray Van Dolson rvandol...@esri.com wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309 -- Michael Bubb +1.646.783.8769 | KD2DTY Resume - http://mbubb.devio.us/res/resume.html *noli timere*
Re: OT - Small DNS appliances for remote offices.
Hey Ray, Most tiny routers with 64MB ram are able to run a cache dns service while not all of them have the same level such as BIND but rather dnsmasq. I think that it's not always a bad choice and it depends on what other infrastructure needs you have in these remote locations. Someone mentioned mikrotik and they use some kind of caching daemon which might even be dnsmasq under the hood. I would first make sure what is the reliability that you need which means if you have a FW and Cisco then you will might want something more then a basic TP-LINK router.(which maybe the right choice...) Assuming this infrastructure is big enough you will prefer a basic mikrotik for the cost and support. All The Bests, Eliezer On 18/02/2015 16:28, Ray Van Dolson wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive.
Re: OT - Small DNS appliances for remote offices.
Justin Wilson - MTIN li...@mtin.net writes: Have you looked at Mikrotik? www.mikrotik.com It may be lacking for DNS options you want, but worth a look. I'd definitely recommend mikrotik for a cheap and cheerful router. DNS server (the original subject of this message)? Not so much. -r
Re: OT - Small DNS appliances for remote offices.
+1 for the pi, The new model has a quad core and 1GB of ram which should be more than enough for a DNS. On 2/18/15 10:03 AM, Peter Kristolaitis wrote: Not industrial grade, but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper. Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site). On 02/18/2015 09:28 AM, Ray Van Dolson wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Re: OT - Small DNS appliances for remote offices.
I used one of these for a NAT/DNS box running FreeBSD for connection to our WiFi system. One nice thing is the 4 real serial ports. http://www.amazon.com/Qotom-I37C4-Bluetooth-Computer-Industrial-Computer/dp/B00MQKJYY0 -- Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474 On Wed, Feb 18, 2015 at 11:43 AM, Rob Seastrom r...@seastrom.com wrote: Justin Wilson - MTIN li...@mtin.net writes: Have you looked at Mikrotik? www.mikrotik.com It may be lacking for DNS options you want, but worth a look. I'd definitely recommend mikrotik for a cheap and cheerful router. DNS server (the original subject of this message)? Not so much. -r
Re: OT - Small DNS appliances for remote offices.
And the new CPU is ARM7 so hardfloat is supported. Should make a nifty DNS box. -Pete On 2015-02-18 07:21, Maxwell Cole wrote: +1 for the pi, The new model has a quad core and 1GB of ram which should be more than enough for a DNS. On 2/18/15 10:03 AM, Peter Kristolaitis wrote: Not industrial grade, but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper. Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site). On 02/18/2015 09:28 AM, Ray Van Dolson wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Re: OT - Small DNS appliances for remote offices.
That option is expensive in power fees... Den 18/02/2015 23.12 skrev Rich Kulawiec r...@gsp.org: Find someone unloading 50 old, physically small desktop PCs. Buy the lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2 live with the leftovers as on-site spares. If one breaks, wipe the disk and send the box to recycling. (Just checked: someone on a certain auction site is selling a lot of 64 HP Compaq 8000 (3.16GHz, 2GB) systems, current price $1K.) ---rsk
Re: OT - Small DNS appliances for remote offices.
Find someone unloading 50 old, physically small desktop PCs. Buy the lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2 live with the leftovers as on-site spares. If one breaks, wipe the disk and send the box to recycling. (Just checked: someone on a certain auction site is selling a lot of 64 HP Compaq 8000 (3.16GHz, 2GB) systems, current price $1K.) ---rsk
Re: OT - Small DNS appliances for remote offices.
Sounds coo with the pi idea. Not sure of the cache level you need but we have great success with fortigates performing firewall and local DNS host even for a small remote site that is part of an MS AD via a VPN tunnel. It can be setup and managed just like a DNS server. No extra devices to learn or manage! Nick Ellermann ~Sent from my iPhone~ On Feb 18, 2015, at 4:08 PM, Maxwell Cole mcole.mailingli...@gmail.com wrote: +1 for the pi, The new model has a quad core and 1GB of ram which should be more than enough for a DNS. On 2/18/15 10:03 AM, Peter Kristolaitis wrote: Not industrial grade, but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper. Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site). On 02/18/2015 09:28 AM, Ray Van Dolson wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
OT - Small DNS appliances for remote offices.
Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Re: OT - Small DNS appliances for remote offices.
I really like the Intel NUC. Standard x86 hardware, multiple choices of CPUs, runs debian/ubuntu/fedora etc with zero modifications. /Anders MVH / Regards Anders Löwinger Founder, Senior Consultant Abundo AB Murkelgränd 6 94471 Piteåhttp://abundo.se office: +46 911 400021 mobile: +46 72 206 0322 2015-02-18 16:45 GMT+01:00 Chris Adams c...@cmadams.net: Once upon a time, Rob Seastrom r...@seastrom.com said: The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3. The Pi is not really the right tool for any production job IMHO. Even if you are restricting yourself to cheap single-board ARM systems, there are better choices like BeagleBone, Cubieboard, etc. If you need a little more power (and want x86 to make things easier), go for a Minnowboard or the like. All of these are hobbiest solutions though. If you want cheap and compact DNS for a not-too-high request rate, just get a cheap wifi router that'll run a flavor of Open Source firmware (I prefer OpenWRT). Disable the wifi and run dnsmasq or bind (peruse the OpenWRT supported device page to check RAM capacity). Beyond that, or if you want a rack-mount solution, get an Atom CPU based barebones, like a SuperMicro, use an SSD, and it'll be relatively quiet (and at least the SuperMicros have IPMI built in for remote management). -- Chris Adams c...@cmadams.net
Re: OT - Small DNS appliances for remote offices.
We use Mac Minis; $500 each anywhere plus $25 (!) for all the server components, dead silent, and ready to go with Bind installed out of the box. You can also enable dhcpd and all manner of other stock BSD services. There are helper GUI tools for the non-CLI admin built into the Server toolkit. Way fast, extremely secure, and IPv6 ready. http://arstechnica.com/apple/2014/11/a-power-users-guide-to-os-x-server-yosemite-edition/11/ Yes, this hardware costs a bit more than the mini box Pcs,mbut you make up for that in reduced setup labor. -mel beckman On Feb 18, 2015, at 7:22 AM, Rob Seastrom r...@seastrom.com wrote: Peter Kristolaitis alte...@alter3d.ca writes: Not industrial grade, but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3. Particularly if you have DNSSEC validation enabled, the Pi is underwhelming in performance (81 qps in the validation case, 164 without). The U3 is circa 325 qps with or without DNSSEC validation on, which suggests that something else other than crypto-computes is the long pole in the tent. I haven't gotten motivated to try this against the ODROID-C1 that I acquired later in December, nor have I sourced a Raspberry Pi 2. For anyone who's feeling motivated to do this (please send along results!), the methodology I used is at http://technotes.seastrom.com/node/53 -r PS: don't miss the opportunity to run real honest-to-god isc-dhcpd on same machine rather than whatever your router provides you; you'll be glad you did.
Re: OT - Small DNS appliances for remote offices.
On Wed, Feb 18, 2015 at 06:28:16AM -0800, Ray Van Dolson wrote: Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure I suspect that this could be done using an ERLite but have not actually tried it.
Re: OT - Small DNS appliances for remote offices.
Once upon a time, Rob Seastrom r...@seastrom.com said: The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3. The Pi is not really the right tool for any production job IMHO. Even if you are restricting yourself to cheap single-board ARM systems, there are better choices like BeagleBone, Cubieboard, etc. If you need a little more power (and want x86 to make things easier), go for a Minnowboard or the like. All of these are hobbiest solutions though. If you want cheap and compact DNS for a not-too-high request rate, just get a cheap wifi router that'll run a flavor of Open Source firmware (I prefer OpenWRT). Disable the wifi and run dnsmasq or bind (peruse the OpenWRT supported device page to check RAM capacity). Beyond that, or if you want a rack-mount solution, get an Atom CPU based barebones, like a SuperMicro, use an SSD, and it'll be relatively quiet (and at least the SuperMicros have IPMI built in for remote management). -- Chris Adams c...@cmadams.net
Re: OT - Small DNS appliances for remote offices.
Well, if they ever manage to get them into production, I'm hoping to talk my boss into buying some of these. http://www.fit-pc.com/web/products/fitlet/ We'd just need to figure out a rackmount bracket of some sort. Hide them in the case of our previous gen hardware maybe??? Screw them to a cheap rackmount shelf??? Failing that, I've pointed out that we could afford to put a Raspberry Pi in every one of our sites for less than we paid for the last batch of dns servers.
Re: OT - Small DNS appliances for remote offices.
Not industrial grade, but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. Same idea as the Soekris -- just ship out replacements instead of trying to repair -- but even cheaper. Between having 2 (or more) at each site, plus cross-site redundancy via anycast, it would be pretty robust (and cheap enough that you could have cold-spares at each site). On 02/18/2015 09:28 AM, Ray Van Dolson wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Re: OT - Small DNS appliances for remote offices.
use a vm dns appliance on the same machine as your vm router instance Colin On 18 Feb 2015, at 14:28, Ray Van Dolson rvandol...@esri.com wrote: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309
Re: OT - Small DNS appliances for remote offices.
Peter Kristolaitis alte...@alter3d.ca writes: Not industrial grade, but Raspberry Pis are pretty great for this kind of low-horsepower application. Throw 2 at each site for redundancy and you have a low-powered, physically small, cheap, dead silent, easily replaceable system for ~$150 per site. The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3. Particularly if you have DNSSEC validation enabled, the Pi is underwhelming in performance (81 qps in the validation case, 164 without). The U3 is circa 325 qps with or without DNSSEC validation on, which suggests that something else other than crypto-computes is the long pole in the tent. I haven't gotten motivated to try this against the ODROID-C1 that I acquired later in December, nor have I sourced a Raspberry Pi 2. For anyone who's feeling motivated to do this (please send along results!), the methodology I used is at http://technotes.seastrom.com/node/53 -r PS: don't miss the opportunity to run real honest-to-god isc-dhcpd on same machine rather than whatever your router provides you; you'll be glad you did.
RE: OT - Small DNS appliances for remote offices.
What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds. div Original message /divdivFrom: Maxwell Cole mcole.mailingli...@gmail.com /divdivDate:02/18/2015 4:30 PM (GMT-05:00) /divdivTo: nanog@nanog.org 'NANOG list' nanog@nanog.org /divdivSubject: Re: OT - Small DNS appliances for remote offices. /divdiv /div
Re: OT - Small DNS appliances for remote offices.
The BeagleBone Black uses flash memory to hold the system image which allows it to boot quickly. I'm running Ubuntu Trusty 14.04 and it seems stable. Geoff *-- Presidential Innovation Fellow | The White House* On 02/18/2015 05:20 PM, Bacon Zombie wrote: You also have to watch out for issues with the Pi corrupting SD cards. On 19 Feb 2015 01:04, Geoff Mulligan nano...@mulligan.org wrote: I have used the BeagleBone to run a few simple servers. I don't know if the ethernet port on the Bone is on the USB bus. It is slightly more expensive than a PI, but they have worked well for me. Geoff On 02/18/2015 04:44 PM, Peter Loron wrote: For any site where you would use a Pi as the DNS cache, it won't be an issue. DNS isn't that heavy at those query rates. Yeah, it would be awesome if they'd been able to get a SoC that included ethernet. -Pete On 2015-02-18 15:08, Robert Webb wrote: What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds. div Original message /divdivFrom: Maxwell Cole mcole.mailingli...@gmail.com /divdivDate:02/18/2015 4:30 PM (GMT-05:00) /divdivTo: nanog@nanog.org 'NANOG list' nanog@nanog.org /divdivSubject: Re: OT - Small DNS appliances for remote offices. /divdiv /div
Re: OT - Small DNS appliances for remote offices.
Robert Webb rw...@ropeguru.com writes: What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds. Pretty much all of the ARM boards have their ethernet ports on HSIC channels (480mbit/sec, no-transceiver-phy USB for on-board use - maximum length is 10cm). The Pi-B shares the single HSIC channel with the USB hub for the keyboard and mice. It seems from looking at block diagrams and lsusb output that the ODROID U3 has an SoC with multiple HSIC channels and dedicate one to to the ethernet (though the bus vs port distinction is suspect). pi@raspi-b ~ $ lsusb -t /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=dwc_otg/1p, 480M |__ Port 1: Dev 2, If 0, Class=hub, Driver=hub/3p, 480M |__ Port 1: Dev 3, If 0, Class=vend., Driver=smsc95xx, 480M pi@raspi-b ~ $ root@odroid:~# lsusb -t /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=exynos-ohci/3p, 12M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=s5p-ehci/3p, 480M |__ Port 2: Dev 2, If 0, Class=Vendor Specific Class, Driver=smsc95xx, 480M |__ Port 3: Dev 3, If 0, Class=Hub, Driver=hub/3p, 480M root@odroid:~# But 480 is greater than 100, and none of the Pis have ethernet faster than 10/100. The long pole in the tent is definitely not the USB, and single stream tcp throughput is fine. pi@raspi-b ~ $ curl -o /dev/null http://172.30.250.101/bigfile % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 989M 100 989M0 0 11.1M 0 0:01:28 0:01:28 --:--:-- 11.1M pi@raspi-b ~ $ -r
Re: OT - Small DNS appliances for remote offices.
Consider change your resolver to Unbound. Much better. -- Eduardo Schoedler Em quarta-feira, 18 de fevereiro de 2015, Ray Van Dolson rvandol...@esri.com escreveu: Hopefully not too far off topic for this list. Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure (FW and Cisco equipment) and limited options for installing a noisier, more power hugnry servers or appliances from a vendor. Stuff like Infoblox is too expensive. We're BIND-based and leaning to stick that way, but open to other options if they present themselves. Am considering the Soekris net6501-50. I can dump a Linux image on there with our DNS config, indudstrial grade design, and OK performance. If the thing fails, clients will hopefully not notice due to anycast which will just hit another DNS server somewhere else on the network albeit with additional latency. We ship out a replacement device rather than mucking with trying to repair. There's also stuff like this[1] which probably gives me more horsepower on my CPU, but maybe not as reliable. Maybe I'm overengineering this. What do others do at smaller remote sites? Also considering putting resolvers only at hub locations in our MPLS network based on some latency-based radius. Ray [1] http://www.newegg.com/Mini-Booksize-Barebone-PCs/SubCategory/ID-309 -- Eduardo Schoedler
Re: OT - Small DNS appliances for remote offices.
On Wed, Feb 18, 2015 at 10:22 AM, Rob Seastrom r...@seastrom.com wrote: The Pi is low-powered in more ways than one. Last fall I ran some (admittedly fairly simple minded) DNS benchmarks against a Raspberry Pi Model B and an ODROID U3. Particularly if you have DNSSEC validation enabled, the Pi is underwhelming in performance (81 qps in the validation case, 164 without). The U3 is circa 325 qps with or without DNSSEC validation on, which suggests that something else other than crypto-computes is the long pole in the tent. Hi Rob, Interesting. The odroid has a 1700 mhz processor, the pi a 700 mhz processor. Except for the validation anomaly your results are self-consistent. Caveats: This is just returning NXDOMAIN against a TLD for which (after the first run) there is already cached information that the TLD is bogus, so this test doesn't involve traffic actually leaving the box. Given your testing methodology, the difference between validating and non-validating makes no sense to me. Once the records are cached bind should only be passing a flag around? Weird. On Wed, Feb 18, 2015 at 6:44 PM, Peter Loron pet...@standingwave.org wrote: For any site where you would use a Pi as the DNS cache, it won't be an issue. DNS isn't that heavy at those query rates. Yes and no. DNS is a lynchpin service. All connections stall until the DNS provides an IP address. So you kinda want low latency in your DNS lookups. If a fast server three hops away can respond faster than a slow server on the same LAN, the server three hops away is a better choice. A point in favor of the Raspberry Pi -- there's a heckuva lot of accessories already built for it. Including various cases and even a few different rackmount cases. And a wealth of how do you do it? and why did it do this? information available with just a few google search terms. The communities supporting the other hardware options are not nearly so large. Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/
Re: OT - Small DNS appliances for remote offices.
You also have to watch out for issues with the Pi corrupting SD cards. On 19 Feb 2015 01:04, Geoff Mulligan nano...@mulligan.org wrote: I have used the BeagleBone to run a few simple servers. I don't know if the ethernet port on the Bone is on the USB bus. It is slightly more expensive than a PI, but they have worked well for me. Geoff On 02/18/2015 04:44 PM, Peter Loron wrote: For any site where you would use a Pi as the DNS cache, it won't be an issue. DNS isn't that heavy at those query rates. Yeah, it would be awesome if they'd been able to get a SoC that included ethernet. -Pete On 2015-02-18 15:08, Robert Webb wrote: What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds. div Original message /divdivFrom: Maxwell Cole mcole.mailingli...@gmail.com /divdivDate:02/18/2015 4:30 PM (GMT-05:00) /divdivTo: nanog@nanog.org 'NANOG list' nanog@nanog.org /divdivSubject: Re: OT - Small DNS appliances for remote offices. /divdiv /div
RE: OT - Small DNS appliances for remote offices.
For any site where you would use a Pi as the DNS cache, it won't be an issue. DNS isn't that heavy at those query rates. Yeah, it would be awesome if they'd been able to get a SoC that included ethernet. -Pete On 2015-02-18 15:08, Robert Webb wrote: What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds. div Original message /divdivFrom: Maxwell Cole mcole.mailingli...@gmail.com /divdivDate:02/18/2015 4:30 PM (GMT-05:00) /divdivTo: nanog@nanog.org 'NANOG list' nanog@nanog.org /divdivSubject: Re: OT - Small DNS appliances for remote offices. /divdiv /div
Re: OT - Small DNS appliances for remote offices.
Not to mention reliability issues with old machines...fans failing, leaky capacitors, etc, etc. -Pete On 2015-02-18 14:32, Baldur Norddahl wrote: That option is expensive in power fees... Den 18/02/2015 23.12 skrev Rich Kulawiec r...@gsp.org: Find someone unloading 50 old, physically small desktop PCs. Buy the lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2 live with the leftovers as on-site spares. If one breaks, wipe the disk and send the box to recycling. (Just checked: someone on a certain auction site is selling a lot of 64 HP Compaq 8000 (3.16GHz, 2GB) systems, current price $1K.) ---rsk
Re: OT - Small DNS appliances for remote offices.
On Wed, Feb 18, 2015 at 08:23:37PM -0500, Rob Seastrom wrote: Robert Webb rw...@ropeguru.com writes: What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds.?? Pretty much all of the ARM boards have their ethernet ports on HSIC channels (480mbit/sec, no-transceiver-phy USB for on-board use - maximum length is 10cm). Agreed the long pole at a small site for DNS won't be the USB bus. Might I recommend the following: odroid-c1 + eMMC module + RTC battery + case + power adapter. Should run you about $75 *AND* wouldn't be bad for running NTP as well. The gig-e port on the C1 has been observed to push 405Mbps TX and 940Mbps+ RX via iperf. -- Bryan G. Seitz
Re: OT - Small DNS appliances for remote offices.
I have used the BeagleBone to run a few simple servers. I don't know if the ethernet port on the Bone is on the USB bus. It is slightly more expensive than a PI, but they have worked well for me. Geoff On 02/18/2015 04:44 PM, Peter Loron wrote: For any site where you would use a Pi as the DNS cache, it won't be an issue. DNS isn't that heavy at those query rates. Yeah, it would be awesome if they'd been able to get a SoC that included ethernet. -Pete On 2015-02-18 15:08, Robert Webb wrote: What I do not like about the Pi is the network port is on the USB bus and thus limited to USB speeds. div Original message /divdivFrom: Maxwell Cole mcole.mailingli...@gmail.com /divdivDate:02/18/2015 4:30 PM (GMT-05:00) /divdivTo: nanog@nanog.org 'NANOG list' nanog@nanog.org /divdivSubject: Re: OT - Small DNS appliances for remote offices. /divdiv /div
