Re: I have $300
On Mon, Nov 28, 2005 at 01:17:05PM -0800, Sean Comeau wrote: try these: http://www.commell-sys.com/News/COMMELL_20040610_EMB564.htm Buy two of them. They cost about $300 a piece. The 256MB of ram and 4 NICs they have onboard is sufficient. The 512MB CF disks are $80 each. $800 for a fully fault tolerent firewall setup is about as cheap as you're going to Oops sorry, these are actually more like $800 each. I got mine second hand and didn't realize the real price. Anyway, they are STILL cool and even 2 grand for a fully fault tolerant firewall with such a tiny footprint and no moving parts is very reasonable.
Re: I have $300
$537.50 here http://www.bwi.com/prod/348333. Picked one up a week ago under a different brand name Jmatec vs Commell-sys. --On Wednesday, November 30, 2005 07:24:50 -0800 Sean Comeau [EMAIL PROTECTED] wrote: Oops sorry, these are actually more like $800 each.
Re: I have $300
Am Dienstag, 29. November 2005 15:16 schrieben Sie: Hi Marco, The moral of the story is that you don't need much disk for a firewall. Besides you said no moving parts, RAID by definition adds more moving parts of the kind that fail most often. Well, you could always do software RAID of CF-based disks ;-) I'm outta here, Stephan
Re: I have $300
I totally appreciate everybodies comments and I have in fact decided to pass over the embedded solution. We just picked up a Sun Netra T105 (440Mhz, 512MB)on ebay. It was about $135 shipped and have two onboard NIC's. I have always like Sun hardware and it works well with OpenBSD, it is some of the best in quality. Fits in one rack unit and will be cheap to grab another to do a failover when the time comes. I can even dd the drive to make a disk for the new unit when I implement it. I understand that running two cheap ones is better than running one solid state machine. Plus the horsepower leaves little to work with in some of these tiny contraptions(soekris comes to mind). Not to say that they do not have their place, but I feel that this is the best answer. -Bob
Re: I have $300
On Wed, Nov 30, 2005 at 10:11:26AM -0600, [EMAIL PROTECTED] wrote: i wanted to build a couple small machines on the cheap a few months ago, so i went to http://www.mini-box.com/s.nl/sc.8/category.99/.f and got a couple VIA EPIA 5000 boards, bought the cases i used elsewhere, and plugged a 2-port NIC into the pci slot on board. the cases came with a riser card, making for a real easy setup. i find working with CF cards to be irritating, so i installed IDE drives in these machines. nice. CF is kinda slow and unsuitable for doing packet captures on fast links, however most firewalls I have deployed don't need that functionality anyway. If they ever do I can always use a USB drive. Speaking of CF, recently I bought a few CF drives. All of them were in the same packages. Most work, but one does not. The working ones are HITACHI, FLASH, 5.0 and the troubled one is SAMSUNG, Rev A.0. All of them work fine in Windows or Linux. Still trying to figure out what the problem is
Re: I have $300
Awesome - good deal. I have a Netra X1 running openbsd and it's rock solid. Good luck, -Ian On 11/30/05, Bob Ababurko [EMAIL PROTECTED] wrote: I totally appreciate everybodies comments and I have in fact decided to pass over the embedded solution. We just picked up a Sun Netra T105 (440Mhz, 512MB)on ebay. It was about $135 shipped and have two onboard NIC's. I have always like Sun hardware and it works well with OpenBSD, it is some of the best in quality. Fits in one rack unit and will be cheap to grab another to do a failover when the time comes. I can even dd the drive to make a disk for the new unit when I implement it. I understand that running two cheap ones is better than running one solid state machine. Plus the horsepower leaves little to work with in some of these tiny contraptions(soekris comes to mind). Not to say that they do not have their place, but I feel that this is the best answer. -Bob
Re: I have $300
On Mon, Nov 28, 2005 at 02:29:21PM -0500, Bob Ababurko wrote: ... I wanted a system that did not have moving parts. This was to hopefully extend the life of the machine and increase uptime by eliminating the hard drives and power supplies with moving parts. I am not paying for power so I can say that I am not concerned about consumption at this point. This is only due to the fact that $ is finite at the present time and cannot weigh heavily on the list of importance. The alternative is to use a dual P3 that we have but I am still interested in optimum availibility. Do I implement RAID 1 with two drives.OR does this create more problems that it is worth by introducing more parts to fail(two drives. Do I implement a Flash card reader and install OpenBSD/pf on a compact flash drive? I am not sure where I should be drawing the line...I mean do I pay attention to drive redundency or power redundencyor even actual firewall redundency? What is the most bang for the buck in terms of availibility short of a hot standby firewall configuration? There are a couple of other options, depending on your space, and what kind of server you are running. RAID is cool, and not all that difficult. One thing to keep in mind is that a failing drive is likely to take the whole IDE bus it's connected to with it - usually it just confuses it, but there are tales of dying drives frying the connected controller and any other drives connected to the controller. However, if you keep that in mind, I've personally had little or no trouble with RAID, and it has saved my backside at least once (very, very old disk I was testing in a rather old machine - I put it in for a little extra capacity, but, luckily, was smart enough not to trust it). Also, depending on what you want to do with the machine, hot standby is likely to be a good plan. ;-) OpenBSD can do failover firewalls very well. If you have a server with data that does not change too often, rsync is likely able to keep up and you can cobble a couple of simple scripts together to do failover. If, on the other hand, we are talking something as highly variable as a mailserver, well... keeping the data synchronized will be rather difficult. Joachim
Re: I have $300
Actually, when I am in a position to use carp and pfsync I often do not bother with embedded, unless I have power concerns. If you want embedded buy the comell box suggested earlier, but if you really have no budget, dont bother with raid or other such nonsense. go find two cheap garage-a-tronics or used i386 boxes with two NICs, rig up carp and pfsync between them, and be done with it. I love raid, and use it where I have *DATA* that matters. if it's just systems and gateways, etc, multiple cheap systems set up with carp between them work better and cheaper than one system with dual power supplies, raid controller, etc. etc. etc. -Bob The biggest reason I was choosing to go embedded is that I wanted a system that did not have moving parts. This was to hopefully extend the life of the machine and increase uptime by eliminating the hard drives and power supplies with moving parts. I am not paying for power so I can say that I am not concerned about consumption at this point. This is only due to the fact that $ is finite at the present time and cannot weigh heavily on the list of importance. The alternative is to use a dual P3 that we have but I am still interested in optimum availibility. Do I implement RAID 1 with two drives.OR does this create more problems that it is worth by introducing more parts to fail(two drives. Do I implement a Flash card reader and install OpenBSD/pf on a compact flash drive? I am not sure where I should be drawing the line...I mean do I pay attention to drive redundency or power redundencyor even actual firewall redundency? What is the most bang for the buck in terms of availibility short of a hot standby firewall configuration? -- | | | The ASCII Fork Campaign \|/ against gratuitous use of threads. |
Re: I have $300
I have an anecdote when it comes to disk in a firewall. My good old trusty sparc64 firewall's disk had died. At first I didn't notice it because the packets kept flowing but after a while I noticed some strange behavior so I decided to login to it and see what was wrong. Hmmm no login, *sigh* alright I'll go drag a monitor into my computer closet (not serial attached due to serial cable shortage at the time). Ha, hundreds of failed reads and writes. I replaced the sparc64 with my previous firewall box that had been collecting dust since it retired (pentium pro 200) and packets flowed again. Fixed up the sparc64 with a brand-spanking-old 4G IDE disk, installed whatever was current and copied /etc back from backup. The whole operation didn't take more than 30 mins and I had even less downtime. All that I lost were logs and a very old disk (hangs on my wall now). The moral of the story is that you don't need much disk for a firewall. Besides you said no moving parts, RAID by definition adds more moving parts of the kind that fail most often. FWIW :-) On Nov 29, 2005, at 7:44 AM, Bob Beck wrote: Actually, when I am in a position to use carp and pfsync I often do not bother with embedded, unless I have power concerns. If you want embedded buy the comell box suggested earlier, but if you really have no budget, dont bother with raid or other such nonsense. go find two cheap garage-a-tronics or used i386 boxes with two NICs, rig up carp and pfsync between them, and be done with it. I love raid, and use it where I have *DATA* that matters. if it's just systems and gateways, etc, multiple cheap systems set up with carp between them work better and cheaper than one system with dual power supplies, raid controller, etc. etc. etc. -Bob The biggest reason I was choosing to go embedded is that I wanted a system that did not have moving parts. This was to hopefully extend the life of the machine and increase uptime by eliminating the hard drives and power supplies with moving parts. I am not paying for power so I can say that I am not concerned about consumption at this point. This is only due to the fact that $ is finite at the present time and cannot weigh heavily on the list of importance. The alternative is to use a dual P3 that we have but I am still interested in optimum availibility. Do I implement RAID 1 with two drives.OR does this create more problems that it is worth by introducing more parts to fail(two drives. Do I implement a Flash card reader and install OpenBSD/pf on a compact flash drive? I am not sure where I should be drawing the line...I mean do I pay attention to drive redundency or power redundencyor even actual firewall redundency? What is the most bang for the buck in terms of availibility short of a hot standby firewall configuration? -- | | | The ASCII Fork Campaign \|/ against gratuitous use of threads. |
Re: I have $300
On Mon, Nov 28, 2005 at 02:29:21PM -0500, Bob Ababurko wrote: The alternative is to use a dual P3 that we have but I am still interested in optimum availibility. Do I implement RAID 1 with two drives.OR does this create more problems that it is worth by introducing more parts to fail(two drives. Do I implement a Flash card reader and install OpenBSD/pf on a compact flash drive? I am not sure where I should be drawing the line...I mean do I pay attention to drive redundency or power redundencyor even actual firewall redundency? What is the most bang for the buck in terms of availibility short of a hot standby firewall configuration? try these: http://www.commell-sys.com/News/COMMELL_20040610_EMB564.htm Buy two of them. They cost about $300 a piece. The 256MB of ram and 4 NICs they have onboard is sufficient. The 512MB CF disks are $80 each. $800 for a fully fault tolerent firewall setup is about as cheap as you're going to get unless you're willing to go rob somewhere or you want to use old hand- me-down machines. If you have two independant power sources in your datacenter you could plug one firewall into each so you're safe from the odd power maintainence outage.