From owner-freebsd-isp Thu Aug 1 08:00:26 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA18860 for isp-outgoing; Thu, 1 Aug 1996 08:00:26 -0700 (PDT) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA18854 for ; Thu, 1 Aug 1996 08:00:23 -0700 (PDT) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id JAA25681; Thu, 1 Aug 1996 09:58:37 -0500 From: Joe Greco Message-Id: <199608011458.JAA25681@brasil.moneng.mei.com> Subject: Re: number of servers To: gism@isot.isot.com (Global Internet Shopping Mall) Date: Thu, 1 Aug 1996 09:58:37 -0500 (CDT) Cc: isp@freebsd.org In-Reply-To: <199608010928.EAA22967@isot.isot.com> from "Global Internet Shopping Mall" at Aug 1, 96 04:28:09 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > >For example, my virtual Web and FTP server fulfills those two functions and > >nothing else. My services machines (currently Anacreon and Smyrno) provide > >DNS, mail spooling, and NTP time services. Although Anacreon provides > >primary DNS, these machines are otherwise very similar and act as redundant > >backups to each other. My routers route (and firewall) and provide no other > >services. > > I'm using internal card by Riscom n2csu which has T1 csu/dsu/router built > on, and Cyclades 16 port serials. They are both in a single BSDi box which > does everything. I would like to separate the server functions using > FreeBSD. I was looking into separating 16 serial ports into its own PC, > csu/dsu/router into its own PC which handles DNS/Mail, and Web into its own PC. > > Is this a good start? If separating, all PCs will still have to have > FreeBSD installed execept that the un-needed functions disabled? My philosophy generally suggests that you should seperate "server" functions from "network" functions... If I had two boxes to do your setup (not preferable!), I would probably put the Riscom and Cyclades in the same box, and put DNS/Mail/Web on the second box. If I had three boxes, I would probably split the Riscom and Cyclades. Ideally I'd want four boxes, and split the DNS/Mail from the Web stuff too. This is the "safest" configuration. This way, if you have a bunch of PPP customers, and some fool decides to advertise that your Web server has a bunch of dirty pix (and your Web server DIES), you're still marginally OK. Same thing goes for a mailstorm. It would be really bad to have your T1 router handling DNS/Mail. Try to consider the damage that somebody can inflict on your network. Then take every step you can reasonably take to minimize it. (note: other folks might argue to split the DNS/Mail from the Web stuff if you have three boxes, rather than splitting the Riscom and Cyclades. My reason for doing the Riscom and Cyclades is simple: it is more expensive to build two well-provisioned "server" class systems, and cheaper to build router-class boxes. Neither choice is "wrong" - consider your needs and your available cash.) A well designed architecture will do everything it can to be multiply redundant, and to avoid any major single point of failure. In the case where you do have a single point of failure, it should be as trivial as possible. If you saw the network diagram I posted, even though my "core" router is a single point of failure, if it failed, I could be up and running in an hour or two even if I had to start from scratch with a new box and a FreeBSD boot floppy. There is NO complexity at ALL, and the machine is trivial. Even if you don't have a single point of failure, do what you can to improve reliability... When somebody tried to take out a customer with a mailbomb half a year ago, by subscribing an expired account to every mailing list on the List of Mailing Lists, they did a fair job of killing the performance on Anacreon and Smyrno... but even though they were beating the hell out of my primary and secondary DNS/mail servers, things continued to work fine (just a little more slowly). Each UNIX box around here is set up as a caching DNS server with a forwarders directive pointing at dns1/dns2. That means that even if dns1/dns2 are not available, each UNIX box is still able to do name lookups. This is much better than your average situation where everybody points their resolv.conf at two nameservers... although it costs a little in terms of RAM on the local machine. There are dozens of reliability engineering tricks that can be done to enhance the reliability and stability of a networked UNIX system. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968