Re: [pfSense] Best practice for SSD installs
Verbatim Tough-'n'-Tiny flash drives. 2 GB and 4 GB. http://www.newegg.com/Product/Product.aspx?Item=9SIA0SF0BP6305 http://www.newegg.com/Product/Product.aspx?Item=9SIA0SF0BP6306 Most of the ones we have in production are under 1 year old, but we had a lot of SSDs fail before the 1-year mark. I didn't really pay attention to the speed, but I write an image to the 2 GB drive in about 8 minutes. (Not a scientific number!) -A On Sun, Jun 9, 2013 at 11:40 AM, Odhiambo Washington odhia...@gmail.comwrote: @Aaron, Which brand of USB sticks are these you use? I've tried working with Transcend and found the performance awful. I'll appreciate your recommendation on USB sticks. On 8 June 2013 21:17, Aaron C. de Bruyn aa...@heyaaron.com wrote: Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
Intel actually sells MLC instead of SLC ( iirc they had a series with SLC but they are to expensive, not sure if they sell those further ) They do. As you note, they are more expensive per bit than MLC. The last thing i heard of, was that they now use HET MLC instead of SLC. So all actual series uses those newer MLC-Chips http://www.tomshardware.de/ssd-710-enterprise-x25-e-MLC-HET,testberichte-240941.html sorry, i didn't found it in english. Shortly it says: SLC is out HET-MLC (only) is in. Intel SSD (actual series afaik MLC) compensate the different endurance with more memory-chips and the controller software that round-robins the writings over the entire disk except a reserved space for dying cells. Same as it ever was. Wear-leveling. Yup, whats the point now here? Not everyone knows about this technique, so i mentioned it explicitly. i guess some others, with may be less experience, are also reading our messages. And yes there are manufacturers with much cleaner production and higer quality of the memory-chips. Did I not say, Intel, Crucial/Micron, Samsung? if i remember correctly YES. did i said anything different? o_O my statement was a confirmation and slightly explanation how it comes to those quality differences. ;-) it lets you guess also how good the quality of other products from the same company is. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
On Jun 8, 2013, at 2:24 PM, Michael Schuh michael.sc...@gmail.com wrote: i wouldn't only rely on the manufacturer but on the chip type; just saying If by 'chip' you mean 'controller', I agree. If by 'chip' you mean the actual flash (memory), then… you're likely mistaken. Intel and Micron are the same thing. (Micron is a second source for Intel flash.) Other manufacturers (Samsung, etc) also make quality flash parts. I suppose there could be some seconds coming out of China, but if you buy the bottom of the price curve, you deserve what you get. Many people who complain about SSD reliability have either mis-used the technology, (e.g. write amplification rears it's ugly head) or have purchased the cheapest SSD they can find, and then complain when the the part fails. The upthread advice about Intel SSDs is sound. Now that the Sandforce controller debacle is over, Crucial (who are really a rebrand of Micron (see above)) and Samsung also make good, reliable SSDs. As a none-too-subtle hint: there are reasons why Netgate has, to date, not shipped SSD (or SSD-like) technology in our pfSense-powered appliances. It's not that we didn't know how, but rather the difference between product and technology demonstration. If you're only concerned with making one, or a dozen, for your own use, the effects of your decision are limited. When you're making 1,000s of units per year, the weight of the decisions caries real monetary consequences. Also note that phk was discussing flash parts a lot more like 'Compact Flash' or USB flash than SSDs in that document, while this thread has been about using SSDs. Apples != Oranges (Just sayin'). Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
Can you please provide us with a link to this Atom board you are using? I`m at the same point with Alix hardware, very good and reliable hardware, but we need more NICs and firepower in small factor boards. Seko - Original Message - From: Chris Bagnall pfse...@lists.minotaur.cc To: pfSense support and discussion list@lists.pfsense.org Sent: Friday, June 7, 2013 8:40:34 PM Subject: [pfSense] Best practice for SSD installs Greetings list, I've used pfSense embedded for many years on ALIX boards. However, given the difficulty of getting those boards with 4 NICs, or more than 256MB RAM, I've recently been exprimenting with an Atom-based motherboard instead. Unfortunately, but unsurprisingly, the Atom board in question doesn't have a Compact Flash slot, so my usual approach of flashing the pfSense embedded image to a card isn't an option here. The board supports CFast (which is hideously expensive in the UK) and/or a standard 2.5 SATA device. Given a standard 2.5 32GB SSD is considerably less expensive than even a 4GB CFast card, I suspect I'll be using SSDs for future installs. Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? One other thing I thought I might try is using an USB flash device. I notice from the snapshots there's an image available for these devices, but I can't seem to find much by the way of documentation online about the benefits/pitfalls of this approach. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). Any suggestions gratefully received. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
@Aaron, Which brand of USB sticks are these you use? I've tried working with Transcend and found the performance awful. I'll appreciate your recommendation on USB sticks. On 8 June 2013 21:17, Aaron C. de Bruyn aa...@heyaaron.com wrote: Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
2013/6/9 Jim Thompson j...@smallworks.com On Jun 8, 2013, at 2:24 PM, Michael Schuh michael.sc...@gmail.com wrote: i wouldn't only rely on the manufacturer but on the chip type; just saying If by 'chip' you mean 'controller', I agree. If by 'chip' you mean the actual flash (memory), then… you're likely mistaken. Intel and Micron are the same thing. (Micron is a second source for Intel flash.) i mean SLC and MLC Flash-Memory-Chips; regardless which manufacturer. in first place. p.e. Intel actually sells MLC instead of SLC ( iirc they had a series with SLC but they are to expensive, not sure if they sell those further ) Intel SSD (actual series afaik MLC) compensate the different endurance with more memory-chips and the controller software that round-robins the writings over the entire disk except a reserved space for dying cells. And yes there are manufacturers with much cleaner production and higer quality of the memory-chips. Other manufacturers (Samsung, etc) also make quality flash parts. I suppose there could be some seconds coming out of China, but if you buy the bottom of the price curve, you deserve what you get. Many people who complain about SSD reliability have either mis-used the technology, (e.g. write amplification rears it's ugly head) or have purchased the cheapest SSD they can find, and then complain when the the part fails. The upthread advice about Intel SSDs is sound. Now that the Sandforce controller debacle is over, Crucial (who are really a rebrand of Micron (see above)) and Samsung also make good, reliable SSDs. As a none-too-subtle hint: there are reasons why Netgate has, to date, not shipped SSD (or SSD-like) technology in our pfSense-powered appliances. It's not that we didn't know how, but rather the difference between product and technology demonstration. If you're only concerned with making one, or a dozen, for your own use, the effects of your decision are limited. When you're making 1,000s of units per year, the weight of the decisions caries real monetary consequences. Also note that phk was discussing flash parts a lot more like 'Compact Flash' or USB flash than SSDs in that document, while this thread has been about using SSDs. Apples != Oranges (Just sayin'). Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
On Jun 9, 2013, at 3:44 PM, Michael Schuh michael.sc...@gmail.com wrote: 2013/6/9 Jim Thompson j...@smallworks.com On Jun 8, 2013, at 2:24 PM, Michael Schuh michael.sc...@gmail.com wrote: Intel actually sells MLC instead of SLC ( iirc they had a series with SLC but they are to expensive, not sure if they sell those further ) They do. As you note, they are more expensive per bit than MLC. Intel SSD (actual series afaik MLC) compensate the different endurance with more memory-chips and the controller software that round-robins the writings over the entire disk except a reserved space for dying cells. Same as it ever was. Wear-leveling. And yes there are manufacturers with much cleaner production and higer quality of the memory-chips. Did I not say, Intel, Crucial/Micron, Samsung? Jim___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
I've also had bad luck with SSDs on a Supermicro Atom. If you have access to the hardware, SSD is not a bad option. On Sat, Jun 8, 2013 at 11:17 AM, Aaron C. de Bruyn aa...@heyaaron.comwrote: Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
If you buy Intel SSDs you should be able to have a worry free time. After running them since the first time I was able to get my hands on one. Never had a single problem with 30+ drives. Remember SSDs behave better with quality PSUs. Espen F. Johansen Sent with AquaMail for Android http://www.aqua-mail.com On 8. juni 2013 20:17:26 Aaron C. de Bruyn aa...@heyaaron.com wrote: Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
i would recommend to read page 12, if i should get asked :-) (not only but in that context) http://phk.freebsd.dk/pubs/nanobsd.pdf i wouldn't only rely on the manufacturer but on the chip type; just saying = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Rev. P.D. Michael Schuhhttp://dudeism.com/ordcertificate?ordname=Michael+Schuhorddate=05/20/2012 *Ordained Dudeist Priest http://dudeism.com/* Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = 2013/6/8 Espen F. Johansen pfse...@gmail.com If you buy Intel SSDs you should be able to have a worry free time. After running them since the first time I was able to get my hands on one. Never had a single problem with 30+ drives. Remember SSDs behave better with quality PSUs. Espen F. Johansen Sent with AquaMail for Android http://www.aqua-mail.com On 8. juni 2013 20:17:26 Aaron C. de Bruyn ** wrote: Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
On Jun 7, 2013, at 7:06 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: Thanks for the response. On 8/6/13 12:54 am, Jim Thompson wrote: Difficulty? Is this some kind of Brit understatement? Impossible is a more accurate description of the situation. :-) I've seen other AMD Geode boards with 4 NICs, but not with 256MB RAM, and we've been seeing issues with =256MB and 2.1. Load the CD-based installer on an SSD. If you use a USB DOM, you'll want to use the 'embedded' image. But the full install for an SSD? Or is it better to stick with embedded on those too? full install, yes. embedded is all about reducing writes to the CF. One other thing I thought I might try is using an USB flash device. I notice from the snapshots there's an image available for these devices, but I can't seem to find much by the way of documentation online about the benefits/pitfalls of this approach. That image is an 'installer' image. Is it possible to 'install' pfSense to a bootable USB flash device at all? Strikes me as a wonderfully elegant solution for updates: just ship a new stick to the remote site and tell someone to plug it in and reboot :-) until it falls out. The Realtek NICs might not work in 2.0 series releases.2.1RC is likely a better option. Running 2.1 anyway - v6 support very much required :-) FWIW, I've tested one of these boards this evening just using a spare 2.5 SATA spinning disk I had knocking around here, and both the Realtek and Intel NICs seem to be working in 2.1. I've not put any load through them yet, so I can't attest to performance. Given most of these systems are going to be handling very low throughput (100Mbps WAN links), is it safer to just disable all the offloading options to be on the safe side? That's what the rest of the list will advise. They'll all claim that these hardware features don't work. Nevermind that they work on other platforms. This gets spun into fokelore on the list. The OpenBSD guys were just discussing how they *made* them work at BSDcan though. http://www.bsdcan.org/2013/schedule/events/372.en.html So there is hope that FreeBSD will study same and implement fixes. Jim___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
2013/6/8 Jim Thompson j...@netgate.com On Jun 7, 2013, at 7:06 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: Thanks for the response. On 8/6/13 12:54 am, Jim Thompson wrote: Difficulty? Is this some kind of Brit understatement? Impossible is a more accurate description of the situation. :-) I've seen other AMD Geode boards with 4 NICs, but not with 256MB RAM, and we've been seeing issues with =256MB and 2.1. Load the CD-based installer on an SSD. If you use a USB DOM, you'll want to use the 'embedded' image. But the full install for an SSD? Or is it better to stick with embedded on those too? full install, yes. embedded is all about reducing writes to the CF. One other thing I thought I might try is using an USB flash device. I notice from the snapshots there's an image available for these devices, but I can't seem to find much by the way of documentation online about the benefits/pitfalls of this approach. That image is an 'installer' image. Is it possible to 'install' pfSense to a bootable USB flash device at all? Strikes me as a wonderfully elegant solution for updates: just ship a new stick to the remote site and tell someone to plug it in and reboot :-) until it falls out. Than use the embedded at the beginning on an USB-Stick: No need for shipping to upgrade. prolongs the life of the stick too and brings the ability to switch back to the old version if something will not work after an upgrade. The Realtek NICs might not work in 2.0 series releases.2.1RC is likely a better option. Running 2.1 anyway - v6 support very much required :-) FWIW, I've tested one of these boards this evening just using a spare 2.5 SATA spinning disk I had knocking around here, and both the Realtek and Intel NICs seem to be working in 2.1. I've not put any load through them yet, so I can't attest to performance. Given most of these systems are going to be handling very low throughput (100Mbps WAN links), is it safer to just disable all the offloading options to be on the safe side? That's what the rest of the list will advise. They'll all claim that these hardware features don't work. Nevermind that they work on other platforms. This gets spun into fokelore on the list. The OpenBSD guys were just discussing how they *made* them work at BSDcan though. http://www.bsdcan.org/2013/schedule/events/372.en.html So there is hope that FreeBSD will study same and implement fixes. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list