On Tue, 11 May 2010, BARDOU Pierre wrote:
... I don't think they come from PF BTW, it should be logging/relayd/OpenVPN which makes the box lag.
Verify before you flush money. Tools like iostat, vmstat and pftop might help show where the load is. Does the load you have from OpenVPN suggest the need for hardware random number generator?
I'm very interested in separated log machine, I think I'll do that. Could you give me an estimation on how many Mbps I need on the log server ?
It depends on what you have chosen to log, the level of detail you have chosen to log at and how much that service is actually used. Try set up the logging rules and use tcpdump or pftop to track the connection to the log server to see.
Does it sound correct to you ?
It could be overkill on the hardware.
Do you have any suggestion/modification ?
Several have already mentioned that a diskless set up would work. For PF,relayd,OpenVPN you do not need much of a hard drive.
You boot from a 1GB CF and fit base in way less than 250MB of it. The rest could be used for short-term logging with copies sent to a log server.
If you are running squid or another cache, then the RAID set up might be useful. Or it might not be. If you have a lot of RAM, then you can put the cache onto a ramdisk using mfs, if the size is right.
/Lars
