From owner-freebsd-questions@FreeBSD.ORG  Fri May 27 12:58:01 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 51124106566C
	for <questions@freebsd.org>; Fri, 27 May 2011 12:58:01 +0000 (UTC)
	(envelope-from jkikpole@cairodurham.org)
Received: from na3sys009aog102.obsmtp.com (na3sys009aog102.obsmtp.com
	[74.125.149.69])
	by mx1.freebsd.org (Postfix) with ESMTP id E306F8FC12
	for <questions@freebsd.org>; Fri, 27 May 2011 12:58:00 +0000 (UTC)
Received: from mail-gw0-f52.google.com ([74.125.83.52]) (using TLSv1) by
	na3sys009aob102.postini.com ([74.125.148.12]) with SMTP
	ID DSNKTd+f2LXI6Knx5EsQmqXqxfdwJoSEZJ1k@postini.com;
	Fri, 27 May 2011 05:58:00 PDT
Received: by mail-gw0-f52.google.com with SMTP id 15so969365gwj.39
	for <questions@freebsd.org>; Fri, 27 May 2011 05:57:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.236.80.2 with SMTP id j2mr2732807yhe.70.1306499322352; Fri, 27
	May 2011 05:28:42 -0700 (PDT)
Received: by 10.236.63.169 with HTTP; Fri, 27 May 2011 05:28:42 -0700 (PDT)
In-Reply-To: <alpine.BSF.2.00.1105261943531.9461@tripel.monochrome.org>
References: <alpine.BSF.2.00.1105261943531.9461@tripel.monochrome.org>
Date: Fri, 27 May 2011 08:28:42 -0400
Message-ID: <BANLkTin7upxLBWyb+eH_KqNN-1d7fD2JKA@mail.gmail.com>
From: Jaime Kikpole <jkikpole@cairodurham.org>
To: Chris Hill <chris@monochrome.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: FreeBSD Questions List <questions@freebsd.org>
Subject: Re: RAM needed for DHCP + router?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2011 12:58:01 -0000

On Thu, May 26, 2011 at 7:46 PM, Chris Hill <chris@monochrome.org> wrote:
> I'm looking to build a NAT / DHCP box for a lab network for my company. My
> question is, how do I estimate the amount of RAM the machine will need?

FWIW, I can tell you some experiences that I've had.

Example #1:
At one time, I had as many as 600-800 desktops and laptops receiving
DHCP leases and DNS resolution from a single FreeBSD (5.x?) server.
It was an old Dell desktop that a college had discarded/donated.  I
think it was something like 800MHz and 1GB of RAM.  From what I
remember seeing in "top", "uptime", et. al. it was like the server was
bored.  It was barely doing anything.

Example #2:
I'm currently running a school district with about 800 computers, some
iPads and Nooks, a few dozen network printers, streaming video off of
at least 3 DVRs, and whatever people bring in (unauthorized... we'll
be fixing that shortly).  So let's call it around 1000 - 1300 nodes.
The entire thing is running through a FreeBSD system with two 100Mbps
cards.  I use IPFW to "hijack" certain TCP ports and redirect them
into DansGuardian.  This makes a transparent proxy.  DG and Squid and
BIND and ClamAV and snmpd, the Xymon client all run on this box.  It
acts as a secondary DNS resolver, secondary DNS server for internal
addresses, web proxy, web content analysis and filtering, and more.
Its 8GB of RAM and a 2.0GHz dual core CPU.  Its doing the job just
fine.  No complaints.

Every employee uses web-based services every day.  We even use a fair
amount of streaming video.  Again, this works well.  I've even heard
of people managing to use NetFlix on occasion.  It will saturate our
Internet bandwidth before this server goes down.  I have the graphs to
prove it.

Since you are talking about the box doing NAT, you may find yourself
wanting a web proxy service and/or internal DNS resolver at some
point.  The NAT and DHCP services are, in my experience, not going to
be a big deal.  Configuring BIND to offer internal DNS resolution
would add very little to your load.  I would be really surprised if
any desktop PC that you found for $500-$1000 wasn't up to the task.

That said, here is the important part:

This is going to be a single-point-of-failure for your institution.
If it goes down for any reason, your entire business is off-line.
That includes everything from bad hardware to a routine software
upgrade (FreeBSD or a port).  Do yourself a HUGE favor and build a
redundancy system of some kind.  For example, I'm currently trying to
replace the DansGuardian/Squid/DNS server I listed above with a pair
of servers using CARP <http://www.freebsd.org/doc/handbook/carp.html>.
 That way, I can upgrade the OS whenever I want and the district's 800
authorized computers (and 50-200 unauthorized computers, phones,
tablets, etc.) keep working.

Seriously.  Make it redundant.  Its the most important lesson a
systems administrator must learn.  Well, that and scripting.  OK, and
documentation.  :)

Hope that helps,
Jaime

-- 
Network Administrator
Cairo-Durham Central School District
http://cns.cairodurham.org