On Tuesday, April 17, 2012 21:04 CEST, Claudio Jeker <cje...@diehard.n-r-g.com> wrote: > On Tue, Apr 17, 2012 at 10:39:56AM +0200, Sebastian Reitenbach wrote: > > On Tuesday, April 17, 2012 09:35 CEST, Henning Brauer > > <lists-open...@bsws.de> wrote: > > > > > * Marcin <mig...@gmail.com> [2012-04-17 08:59]: > > > > I am looking for a hardware recommendation for a new OpenBSD based > > > > firewalls. So far I have been using IBM x336s, but they are slowly > > > > approaching end of life. > > > > > > > > What I am after: > > > > * 1U i386/amd64 server, > > > > * 2 sockets, > > > > > > what for? unless you run extremely heavy userland proxies, you don't > > > get much (any) benefit, especially given that the one-socket machines > > > are all 4core now. > > > > > > > * RAID 1 SAS/SATA controller (2 hard drives are enough) > > > > > > what for? that increases complexity and thus chance to fail with no > > > benefit. you have no precious data on those disks and have two > > > machines. > > > > > > I'm very happy with Supermicro X9SC* based systems, with Xeon E3-1220 > > > and an Intel SSD. Check with your local supplier for exact model > > > options. Superior performance, 35W idle, no trouble whatsoever, fair > > > pricing. > > > > Sorry for hijacking the thread, but I was going to ask a very similar > > question later today. I've seen, some of those boards have IPMI > > interface, which would be one of my requirements. > > > > The processor with its 4 cores should probably be fine handling a few > > ftp-proxy and relayd. > > Get CPUs with as much GHz and as much cache as possible. Since most work > will be done by one core the GHz matter and more cache helps a fair bit.
noted. > > > I'd like to put in two 10GB ethernet adapters, CX or fibre is still to > > be decided. Looking at the amd64.html page, I found the ixgb, ix, xge > > and tht supported. Looking at the manual pages, I'd probably go for the > > xge based cards, since they support checksum offload and VLAN tag > > insertion and stripping, to move some load from the CPU on to the > > network cards. > > xge(4) is old and AFAIK PCI-X only. You want to go with ix(4) on current > systems. There you also get more options of connectors (SFP+, 10G-T, ...) > and dual port cards. > > > I'd like to know if my assumption to the cards are right, and whether > > this box would be able to handle that kind of bandwidth the cards > > provide. It actually only needs to handle about 3GB/s, but don't want to > > start trunking GigaBit interfaces. Or if I'm wrong with my assumptions, > > if someone has good experience with other 10GbE adapters. > > I know quite a few systems using ix(4) adapters, they are solid and a lot > of tuning is going into them. also noted the nic recommendations. thanks, Sebastian > > -- > :wq Claudio
