[SDBUG] OpenBSD on Dell issues ?

Michael J McCafferty mike at m5computersecurity.com
Fri Aug 3 15:31:05 PDT 2007 

Can,
	Based on the feedback you gave at/after the meeting last night and
Ben's feedback, I went ahead and bought the Dells.

PowerEdge 1950
Xeon 5130 (Woodcrest dual core @2GHz 4M cache 1333MHz FSB)
2 x 1GB 667MHz RAM
2 x integrated Broadcom NetXtreme GigE
2 x Dual port Intel PRO 1000PT PCIe
2 x 80G SATA drives w/ integrated RAID

	So, each unit will have 6 GigE interfaces, way more RAM than needed.
These will run CARP and pfsync.
	Originally I was thinking that I would get another pair for the other
network in the same location, but if these things are as fast as I think
they will be, I bought more interfaces than I needed so that maybe I'll
use these as the firewalls for the other network too. This will mean
that I will expect these to handle 400Mbps (combined in + out) with
mixed packet sizes to/from 500+ servers, and hope these can handle
600Mbps to 800Mbps peaks. I wonder if it will be too much to ask for
these things to stay alive during a 1 Gigabit DoS attack of 1byte UDP
packets ? :o)
	If I need to get faster cores, there are 3.0GHz Woodcrest CPUs
available for these servers.

I'll have the hardware next week. I'll update the group as I learn
anything worth reporting.

Cheers,
Mike


On Thu, 2007-08-02 at 18:28 -0700, Can Erkin Acar wrote:
> On 8/2/07, Michael J McCafferty <mike at m5computersecurity.com> wrote:
> > All,
> > 	I am am on the verge of pulling the trigger on a hardware buy for some
> > new firewalls to run OpenBSD 4.1, PF, CARP, pfsync. As we have discussed
> > at the SDBUG meetings in the past, I have issues with interrupts on the
> > CPU when the packets per second get high.
> > 	I am replacing the current hardware within 2 weeks. The current system
> > was installed when it was expected to handle 10 to 20 Mbps peak and
> > about 2 to 5Mbps average. I now need a setup that can handle 20 to
> > 50Mbps average now, with peaks to 200Mbps and future growth to several
> > hundred Mbps peak at which time I assume that unless there is some major
> > advance in servers/PCs/x86_64 architecture, I will have to go to ASIC
> > based devices (ie: Netscreens, etc) and not be able to use my beloved
> > PF. But I digress... what I really need to know is:
> 
> I have not used one, but here are some comments,
> First of all, for network performance, you should try -current,
> (it is in 4.2-beta now) there are many network performance
> improvements done after 4.1.
> 
> > 	Is anyone currently running OpenBSD on Dell 1950s with the SAS 5/i
> > SATA/SAS controller ? Any problems ? The Dell dude I spoke to said there
> > may be issues with FreeBSD and the disk controller.. but that he only
> > heard that some place and has no details on that. Or shall I use the
> > PERC 5/i controller instead ?
> 
> There are threads on misc@ that suggest that it should work fine.
> 
> see for instance the following thread:
> http://marc.info/?l=openbsd-misc&m=117551048515741&w=2
> 
> PERC 5/i uses the mfi(4) driver and SAS 5/iR uses the mpi(4) driver
> with the mfi driver you can get raid status information through the bio(4)
> framework.
> 
> > 	Is anyone using Intel PCIe Gig NICs ? I have been using the dual-port
> > Intel GigE NICs for PCI/PCI-X, but not PCIe. Any known issues ?
> > 	The system comes with Dual Embedded Broadcom NetXtreme II 5708 Gigabit
> > interfaces. Will these be usable under OpenBSD 4.1 ?
> 
> These are bnx(4) they are usable as far as I know.
> 
> Can
> 
> > 	A beer for useful input ! Say, isn't there a meeting tonight ?
> >
> > Thank you !
> > Mike
> >
> >
> > --
> > ************************************************************
> > Michael J. McCafferty
> > Principal, Security Engineer
> > M5 Hosting
> > http://www.m5hosting.com
> >
> > You can have your own custom Dedicated Server up and running today !
> > RedHat Enterprise, CentOS, Fedora, Debian, OpenBSD, FreeBSD, and more
> > ************************************************************
> >
> > _______________________________________________
> > SDBUG mailing list
> > SDBUG at sdbug.org
> > http://lists.sdbug.org/mailman/listinfo/sdbug
> >
> _______________________________________________
> SDBUG mailing list
> SDBUG at sdbug.org
> http://lists.sdbug.org/mailman/listinfo/sdbug
-- 
************************************************************
Michael J. McCafferty
Principal, Security Engineer
M5 Hosting
http://www.m5hosting.com

You can have your own custom Dedicated Server up and running today !
RedHat Enterprise, CentOS, Fedora, Debian, OpenBSD, FreeBSD, and more
************************************************************

More information about the SDBUG mailing list