On Tue, Apr 17, 2012 at 10:39:56AM +0200, Sebastian Reitenbach wrote: > On Tuesday, April 17, 2012 09:35 CEST, Henning Brauer <lists-open...@bsws.de> > wrote: > > > * Marcin <mig...@gmail.com> [2012-04-17 08:59]: > > > I am looking for a hardware recommendation for a new OpenBSD based > > > firewalls. So far I have been using IBM x336s, but they are slowly > > > approaching end of life. > > > > > > What I am after: > > > * 1U i386/amd64 server, > > > * 2 sockets, > > > > what for? unless you run extremely heavy userland proxies, you don't > > get much (any) benefit, especially given that the one-socket machines > > are all 4core now. > > > > > * RAID 1 SAS/SATA controller (2 hard drives are enough) > > > > what for? that increases complexity and thus chance to fail with no > > benefit. you have no precious data on those disks and have two > > machines. > > > > I'm very happy with Supermicro X9SC* based systems, with Xeon E3-1220 > > and an Intel SSD. Check with your local supplier for exact model > > options. Superior performance, 35W idle, no trouble whatsoever, fair > > pricing. > > Sorry for hijacking the thread, but I was going to ask a very similar > question later today. I've seen, some of those boards have IPMI > interface, which would be one of my requirements. > > The processor with its 4 cores should probably be fine handling a few > ftp-proxy and relayd.
Get CPUs with as much GHz and as much cache as possible. Since most work will be done by one core the GHz matter and more cache helps a fair bit. > I'd like to put in two 10GB ethernet adapters, CX or fibre is still to > be decided. Looking at the amd64.html page, I found the ixgb, ix, xge > and tht supported. Looking at the manual pages, I'd probably go for the > xge based cards, since they support checksum offload and VLAN tag > insertion and stripping, to move some load from the CPU on to the > network cards. xge(4) is old and AFAIK PCI-X only. You want to go with ix(4) on current systems. There you also get more options of connectors (SFP+, 10G-T, ...) and dual port cards. > I'd like to know if my assumption to the cards are right, and whether > this box would be able to handle that kind of bandwidth the cards > provide. It actually only needs to handle about 3GB/s, but don't want to > start trunking GigaBit interfaces. Or if I'm wrong with my assumptions, > if someone has good experience with other 10GbE adapters. I know quite a few systems using ix(4) adapters, they are solid and a lot of tuning is going into them. -- :wq Claudio
